last executing test programs:

41.519418741s ago: executing program 2 (id=104):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001fc0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r5}, 0x10)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x520, 0x340, 0x25, 0x148, 0x0, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x80ffffff, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x580)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
r8 = syz_open_dev$sg(&(0x7f0000000180), 0x7ed18771, 0x80800)
syz_clone3(&(0x7f00000004c0)={0x8050400, &(0x7f0000000200), &(0x7f0000000300)=<r9=>0x0, &(0x7f0000000340), {0x15}, &(0x7f0000000380)=""/62, 0x3e, &(0x7f0000000b00)=""/253, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x5, {r3}}, 0x58)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000c00)={'\x00', 0xfffd, 0x9, 0xefc, 0xd, 0x4, r9})
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCFLSH(r10, 0x540b, 0x2)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB], 0x58}}, 0x0)

41.440378922s ago: executing program 2 (id=106):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r0, r0, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0x715, 0xffffffff00000001}, 0x3323, 0x4, 0x3, 0x0, 0xc, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r1, 0x0, 0x0, 0xffffffbf, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044)
r3 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast1, @in6=@remote, 0x0, 0x57, 0x0, 0x0, 0xa}, {0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in6=@private1, 0x0, 0x6c}, 0x2, @in=@local, 0x3507, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x2)
readv(r4, &(0x7f00000008c0)=[{&(0x7f00000002c0)=""/156, 0x9c}], 0x1)

40.510081155s ago: executing program 2 (id=112):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xfffff)

40.462843936s ago: executing program 2 (id=114):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000500000000000000", @ANYRES32=0x1, @ANYBLOB="0000baefaa1c7021f0704acf533ada3500000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r0}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYRES64=r1, @ANYRESHEX=r0, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000580), 0x5, 0x4f3, &(0x7f00000005c0)="$eJzs3d1rW+cZAPBHku3YibN8bIwkgyWQQfZBLH8wYm+DsattF4GxwG42yDxb8TLLkbHkLDa5cLa7XOxibLRQetH7/gW9aa4aAqXXLb3tVUloUxfakoKKjiTHH5KjtraU+Px+cKJzzqvoeV/Zz+uj97xHJ4DUOlf7JxMxHBHvRMSx+ubWJ5yrP6w/vj1TWzJRrV75KJM8r7bdfGrz/x2JiLWIGIyIP/424m+ZnXHLK6vz08ViYamxna8sLObLK6sXry9MzxXmCjfGJi9NTU2OToxP7Vlb7/7nH3cvv/H7gdc/+/fD+/99681atYYbZZvbsZfqTe+PE5v29UXEr/YjWA/kGu0Z6nVF+EZqP7/vRsT5JP+PRS75aXbmyb7WDNhv1Wq1+mX1ULvitSpwYGWTY+BMdiQi6uvZ7MhI/Rj+e3E4WyyVKz+7Vlq+MVs/Vj4e/dlr14uF0cZnhePRn6ltjyXrT7fHt21PRCTHwP/LDSXbIzOl4mx3uzpgmyPb8v/TXD3/gZTo/CM/cNDIf0gv+Q/pJf8hveQ/pJf8h/SS/5Be8h/SS/5DerXK/6M9qAfQfbv9/R/oYj2ArvrD5cu1pdq8/n325sryfOnmxdlCeX5kYXlmZKa0tDgyVyrNJdfsLDzr9Yql0uLYz2P5Vr5SKFfy5ZXVqwul5RuVq8l1/VcL/V1pFdCJE2fvvZeJiLVfDCVLbPqTL1fhYKtWM9Hra5CB3sj1ugMCesapP0ivr/EZv+2XhAEvthZf0bth8Ejbol/H4r5UB+iC7G6FTx50ryJA11047fwfpJXxf0gv4/+QXo7xgd3G/6NxL7+WjP/DC2vX8X/gQBtuc/+vo5vu3TUaEd+JiHdz/Yea9/oCDoLsh5nG8f+FYz8a3l46kPk8OUUwEBH/fOXKS7emK5Wlsdr+jzf2V15u7B/vRf2B9raO8DXztJnHAEB6rT++PdNcuhn30W/qkxB2xu9rjE0OJkcwh9czW+YqZPZo7sLanYg41Sp+pnG/8/qZj8PruR3xTzYeM/WXSOrbl9w3vTvxT2+K/8NN8c9863cF0uFerf8ZbZV/2SSnYyP/tvY/w3s0d6LZ/zXnXG+O3+z/cm36v7Mdxvj7q/9qdXo3mez96E7EmZb9bzPeYBJre/xa3S50GP/hX/70/XZl1dfqr9MqflNtLV9ZWMyXV1YvXm/WYvLS1NTk6MT4VD4Zo843R6p3+uWpt++3i19rf0Ob9r+/o/1DjTr9pMP2f/GDB38+t0v8H59v/ft3Mnnc9v5Xqxt1+GmH8T8Z/+Cv7cpq8WfbvP/ZVvGjWRox0WH88v9/59phAHiOlFdW56eLxcKSFStWnu+Vvuhi0Gf1HGvd6aCAffM06XtdEwAAAAAAAAAAAKBT7Wb/3tvD6cS9biMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEHwVQAAAP//QUvQlg==")
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000001080)={0x4, [0x0, 0x0, 0x0, <r3=>0x0]}, &(0x7f00000010c0)=0x14)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000001100)={r3, @in6={{0xa, 0x4e21, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xfff}}}, 0x84)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x20, &(0x7f0000000100)={&(0x7f0000000200)=""/78, 0x4e, <r4=>0x0, &(0x7f0000000500)=""/251, 0xfb}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000300), 0x20, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000440)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@abort}], [{@uid_lt={'uid<', r5}}, {@smackfsroot={'smackfsroot', 0x3d, '\x00'}}, {@measure}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}]}, 0x1, 0x610, &(0x7f0000000a40)="$eJzs3c9rFGcfAPDvTH6avO+bKC+8rz3UQCkKrYmJWqQUau5F7I9/IDVRxGgkSaFRwQjtsfTSQ6GnHmr/i1borfTQaw+9F0FK8VCL1C2zOxs3m93Nz/3h7ucDa+aZmczznTXfPM88eWY2gJ41kf2TRhyNiJtJxFjFtv7IN06U9nv8x51L2SuJQuH935O4czdZrzxWkn8dzb/577FIfk4jjvRtrXdl7da1ucXFheW8PLV6/ebUytqtk1evz11ZuLJwY+aNmXNnz5w9N31qX+c3UGPdN189Taa//fVCEufjWR5bdl7V+w3tq+bsPZuIQsmTyvXZ+3pun8fuFH+OlX9OnkuqV9CxLud5m+XJ/2Is+ir+N8fi03fbGhzQVIUkym0U0HOSOvn/42yj3wzDTYsHaJVyP6B8bV/rOnirtMm9EqAVHs2WBqRKuT8QEeX87y+NDcZwcWxg5HGyaZwniYj9jcyVZHX89MOFT7JX1BmHA5pj/V55lLu6/U+KuTkew8XSyON0c/6vFwpp3hPI1r+3x/onqsryH1pn/V5E/D9v/wdjx/mf5rlbzv8P91i//AcAAAAAAICD82A2Il6vNf8v3Zj/M1hj/s9oRJw/gPq3//tf+jBfSKp2HTyA6qGnPZqNeKvm/N+NOb7jfXnp38X5ALeTy1cXF05FxH8i4kQMDGXl6arjVs4QPvnZkS/r1V85/y97ZfWX5wLmR3rYX3Uj7vzc6tx+zxuIeHQv4qXi/N9j+ZrN83+y9j+p0f5n+X1zh3UcefX+xXrbts9/oFkKX0ccr9n+P+9uJ42fzzFV7A9MlXsFW718+/Pv6tVfnf9NOEWgjqz9H2mc/0NJ5fN6VnZ3/Owi/fRaf6He9r32/weTD/qiYhDg47nV1eXpiMHkna3rZ3YXM3SrPB+ORZ4vWf6feKXx+N9G/78iDw9FxPoO6hveZrv+P7RPlv/zjdv/8c3t/+4XZu6Pf1+v/os7av/PFNv0E/ka439QaevzOHaaoG0JFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABecGlE/CuSdHJjOU0nJyNGI+K/MZIuLq2svnZ56aMb89m2iPEYSMuf9DtWKiflz/8fryjPVJVPR8ThiPii71CxPHlpaXG+3ScPAAAAAAAAAAAAAAAAAAAAHWK0eM9/Yaj6/v/Mb33tjg5ouv78q3yH3tO/5+8sDB1oIEDL7T3/gRdYds2/i/wfaGYsQBvUz/8nTwtFLQ0HaCH9f+hde8x/fy6ALqD9h161wzG94WbHAbSD9h8AAAAAALrK4WMPfkkiYv3NQ8VXZjDfZrI/dLe03QEAbWMOL/Su/qV2RwC0i2t8INlY+qvmzf71Z/8nzQkIAAAAAAAAAAAAANji+FH3/0Ovanz/v7n90M0a3P9fK/k9LgC6SP2P/tD2Q7dzjQ9s19q7/x8AAAAAAAAAAAAAOsDwrWtzi4sLyytrL97C250Rxu4W1uc6IoxdLBTuRjTe51lzah+IiE55E5ZXsmhaVVf5ERxtPOU2/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2/BMAAP//cdEbCg==")
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r7}, 0x10)
getgid()
pidfd_send_signal(0xffffffffffffffff, 0x2, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000003, 0x200000006c832, 0xffffffffffffffff, 0x0)
lchown(0x0, r5, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0)

40.109229991s ago: executing program 2 (id=118):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x2, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000020000000000000000180900002a65da5862b518ae3e2464db4d79e332c0fa2860d13b52d4270b15969ff09398a065c8c89d2133d70a43ff1194c8b3b4", @ANYRES8=r1, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
sendmmsg(r1, &(0x7f0000003880)=[{{&(0x7f0000000a00)=@pptp={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r3], 0x418}}], 0x1, 0x404c084)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
brk(0x400000ffc020)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x48090)
r6 = io_uring_setup(0x7cac, &(0x7f00000000c0)={0x0, 0x1fe8, 0x800, 0x2, 0x396})
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000f00)={'dummy0\x00', 0x0})
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x88, 0x90, [0x200000000c41, 0x0, 0x0, 0x7fff, 0x200000000ca3], 0x0, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00"/74]}, 0xc2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x2e0, 0x150, 0x25, 0x148, 0x0, 0x60, 0x248, 0x2a8, 0x2a8, 0x248, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x108, 0x150, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x20, 0x1, 0x7}, {0x1}}}, @common=@unspec=@connlimit={{0x40}, {[0xffffff00, 0xff, 0x0, 0xffffffff], 0x5, 0x3, {0x542}}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0x8001}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x340)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

39.766652106s ago: executing program 2 (id=123):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r0, r0, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0x715, 0xffffffff00000001}, 0x3323, 0x4, 0x3, 0x0, 0xc, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r1, 0x0, 0x0, 0xffffffbf, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044)

39.729818967s ago: executing program 32 (id=123):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r0, r0, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0x715, 0xffffffff00000001}, 0x3323, 0x4, 0x3, 0x0, 0xc, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r1, 0x0, 0x0, 0xffffffbf, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044)

3.193528234s ago: executing program 1 (id=538):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r0, r0, 0x2)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0x715, 0xffffffff00000001}, 0x3323, 0x4, 0x3, 0x0, 0xc, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r2, 0x0, 0x0, 0xffffffbf, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044)
r4 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast1, @in6=@remote, 0x0, 0x57, 0x0, 0x0, 0xa}, {0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in6=@private1, 0x0, 0x6c}, 0x2, @in=@local, 0x3507, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x2)
readv(r5, &(0x7f00000008c0)=[{&(0x7f00000002c0)=""/156, 0x9c}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r1}}, 'mnt\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x1000000, &(0x7f0000000040)={[{@usrjquota}, {}]}, 0x0, 0x248, &(0x7f0000000940)="$eJzs3T9oFFkcB/DfzO5eLsly5O6ag4O7g+M47gIh1x3YxEYhICGICCpERGyURIgJdomVjYXWKqlsgtgZrdMEG0Ww8k+K2AgaLAwWWqzsTiLRbDBxN7uS+Xxg2JnZee/3hp3v221mNoDc6omIgYgoRERvRJQiIll/wB/Z0rO6OdO5MBJRqRx8ndSOy7Yza+26I2I6Iv6PiPk0idPFiMm5o0tvH+//+9JE6a8bc0c6W3qSq5aXFg+sXB+6eHvwv8kHj14OJTEQ5U/Oq/mSOvuKScRPO1HsG5EU2z0CtmL4/K0n1dz/HBF/1vJfijSyD+/y+Hfzpfj32mZtr7x6+Gsrxwo0X6VSqn4HTleA3EkjohxJ2hcR2Xqa9vVlv+GfFrrSM2Pj53pPjU2Mnmz3TAU0Szlicd/djjvdn+X/RSHLP7B7VfN/aHj2WXV9pdDu0QCtVM1/7/Gpf0L+IXfkH/JL/iG/5B/yS/4hv+Qf8kv+Ydf4frsN5B/yS/4hv+Qf8mt9/gGAfKl0tPsOZKBd2j3/AAAAAAAAAAAAAAAAAAAAG810LoysLa2qee9qxPLeiCjWq1+o/R/x2qNNu94k1cM+SrJmDTn2e4MdNOjmDt59vZVHuv3wfOfqb8X935rZW3nbLaZGI6YvRER/sbjx+ktWr7+v9+MX3i+daLBAg/Ycbm/997Otq1Wqs2+wkmQr/fXmnzR+qb3Wn3/Km/S5HWffNdgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALfMhAAD//+M2bGo=")
creat(&(0x7f00000001c0)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
socket$inet(0x2, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
preadv2(r7, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

2.701793811s ago: executing program 4 (id=543):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYRESDEC], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000400))
r5 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$int_in(r6, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r6, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r7}], 0x2c, 0xffffffffffbffff8)
dup2(r6, r7)
fcntl$setown(r6, 0x8, r5)
tkill(r5, 0x13)
fdatasync(r2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

2.0675262s ago: executing program 0 (id=547):
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/asound/timers\x00', 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000010c0)=ANY=[@ANYBLOB="18010000f5ffffff00000000167700100000850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r0}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000001100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRESHEX=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085000000010000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r6, 0x0, 0x2}, 0x18)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000730000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

2.050001921s ago: executing program 1 (id=548):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet(0x2, 0x5, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x7, 0x0, 0x0, 0x0, 0x40008, 0x590, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x4c58, 0x1, 0x0, 0x0, 0x8, 0x4ac, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0)

1.989913552s ago: executing program 3 (id=550):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000300)={0x1c, 0x6a, 0xfcdfa0f79c183163, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0xc3, 0x0, 0x0, @str='GPL\x00'}]}]}, 0x1c}], 0x1, 0x0, 0x0, 0x48000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0xc, &(0x7f0000000740)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="140286d8000000000000000100000001", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x18, 0x20040000}}], 0x1, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x20, &(0x7f0000000680)={&(0x7f0000000580)=""/128, 0x80, <r5=>0x0, &(0x7f0000000600)=""/100, 0x64}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x14, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000020000000000", @ANYRES16, @ANYBLOB="0000000000000000b7020000000000008500000086000000ff5f030006000000d95af0ffffffff", @ANYRES32=r4, @ANYRES32=r2], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x5, 0x6, 0x4, 0x3}, 0x10, r5, 0xffffffffffffffff, 0x1, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, r4], &(0x7f0000000140)=[{0x3, 0x5, 0x9, 0x2}], 0x10, 0x8, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xf, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000040ae550f000000000800000000181100", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b7000000"], &(0x7f0000000080)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0xb, 0x1ffffffffffffcef, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r7}, 0x10)

1.926758722s ago: executing program 1 (id=551):
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)={@map, 0xffffffffffffffff, 0xe, 0x2024, 0x0, @void, @void, @value}, 0x20)
syz_open_dev$loop(&(0x7f0000000240), 0x9, 0x141000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x34000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x2, 0x2}, 0x0, 0xc8, 0xfffffffe, 0x0, 0x80, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='neigh_create\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x10)
perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe80"], 0xfdef)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0xffffffffffffffae}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xfdef)

1.891167833s ago: executing program 1 (id=552):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r0}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x10010, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a37", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r7, @ANYRES32=r7], 0x44}}, 0x0)

1.817217094s ago: executing program 4 (id=554):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x21}, 0x5}, r1, 0xb}}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000040))
r4 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x1, 0x1af}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x28}, 0x0, 0x4800, 0x1})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@delalloc}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@grpquota}, {@barrier}, {@nomblk_io_submit}]}, 0x1, 0x57c, &(0x7f0000000540)="$eJzs3d9rW1UcAPDvTdP91nUwhvoghT1YmUvX1h8TBOeLIDIc6PsM7V0ZTZfRpGOtg20P7sUXGYKIA/EP8N3H4T/gXzHQwZBR9MGXyk1vatYkbddlS7d8PnCbc+69ybnfnHtOzs1JmgAG1mj2pxDxakR8m0QcbtlWjHzj6Np+Kw+vTWdLEqurn/+VRJKva+6f5LcH88wrEfHb1xEnCu3l1paW58qVSrqQ58fr85fHa0vLJy/Ol2fT2fTS5NTU6XemJt9/792exfrmuX9++OzuJ6e/Ob7y/S/3j9xO4kwcyre1xvEEbrRmRmM0f06G48yGHSd6UNhukvT7ANiRobydD0fWBxyOobzVAy++6xGxCgyoRPuHAdUcBzSv7Xt0HfzcePDR2gVQe/zFtfdGYl/j2ujASvLIlVF2vTvSg/KzMn79887tbIkt3oe43oPyAJpu3IyIU8Vie/+X5P3fzp1qvHm8uY1lDNrrD/TT3Wz881an8U9hffwTHcY/Bzu03Z3Yuv0X7vegmK6y8d8HHce/613XyFCee6kx5htOLlyspKci4uWIGIvhvVl+s/mc0yv3Vrttax3/ZUtWfnMsmB/H/eLeR+8zU66XnyTmVg9uRrzWcfybrNd/0qH+s+fj3DbLOJbeeb3btq3jf7pWf454o2P9/z+jlWw+PzneOB/Gm2dFu79vHfu9W/ljH/c3/qz+D+TxJ8WO8Y8krfO1tccv46d9/6bdtu30/N+TfNFI78nXXS3X6wsTEXuSR2ciG+sn2/PN/bP4x45v3v91Ov/3R8SX24z/1tFbXXft9/mfxT+z+fm/of4fP3Hv069+7Fb+9ur/7UZqLF/T3v8NtT3udg/wSZ8/AAAAAAAA2E0KEXEokkJpPV0olEprn+84GgcKlWqtfuJCdfHSTDS+KzsSw4XmTPfhls9DTOSfh23mJzfkpyLiSER8N7S/kS9NVysz/Q4eAAAAAAAAAAAAAAAAAAAAdomDG77/nymV1m7/aP+32sCLpu0nv/0GOAyMLZt7L37pCdiVvNzD4NL+YXDl7X9/v48DePa8/sPg0v5hcGn/MLi0fxhc2j8AAAAAAAAAAAAAAAAAAAAAAAAAAAD01LmzZ7NldeXhteksP3NlaXGueuXkTFqbK80vTpemqwuXS7PV6mwlLU1X57d6vEq1enliMhavjtfTWn28trR8fr66eKl+/uJ8eTY9nw4/k6gAAAAAAAAAAAAAAAAAAADg+VJbWp4rVyrpgkTXxIexKw7jaQa4Zkd3L+6WKCS6JvbtoHL73DEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIv/AgAA//9T5zHB")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='system.posix_acl_access\x00', 0x0, 0x0, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x47f8, 0x0, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {&(0x7f0000000340), r1}}, 0x18)

1.801454224s ago: executing program 0 (id=555):
perf_event_open(0x0, 0x0, 0x8, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)

1.686418216s ago: executing program 1 (id=556):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r0, r0, 0x2)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x8, 0xdd18b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0x715, 0xffffffff00000001}, 0x3323, 0x4, 0x3, 0x0, 0xc, 0x800001, 0xfff7, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r2, 0x0, 0x0, 0xffffffbf, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044)
r4 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast1, @in6=@remote, 0x0, 0x57, 0x0, 0x0, 0xa}, {0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in6=@private1, 0x0, 0x6c}, 0x2, @in=@local, 0x3507, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x2)
readv(r5, &(0x7f00000008c0)=[{&(0x7f00000002c0)=""/156, 0x9c}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r1}}, 'mnt\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x1000000, &(0x7f0000000040)={[{@usrjquota}, {}]}, 0x0, 0x248, &(0x7f0000000940)="$eJzs3T9oFFkcB/DfzO5eLsly5O6ag4O7g+M47gIh1x3YxEYhICGICCpERGyURIgJdomVjYXWKqlsgtgZrdMEG0Ww8k+K2AgaLAwWWqzsTiLRbDBxN7uS+Xxg2JnZee/3hp3v221mNoDc6omIgYgoRERvRJQiIll/wB/Z0rO6OdO5MBJRqRx8ndSOy7Yza+26I2I6Iv6PiPk0idPFiMm5o0tvH+//+9JE6a8bc0c6W3qSq5aXFg+sXB+6eHvwv8kHj14OJTEQ5U/Oq/mSOvuKScRPO1HsG5EU2z0CtmL4/K0n1dz/HBF/1vJfijSyD+/y+Hfzpfj32mZtr7x6+Gsrxwo0X6VSqn4HTleA3EkjohxJ2hcR2Xqa9vVlv+GfFrrSM2Pj53pPjU2Mnmz3TAU0Szlicd/djjvdn+X/RSHLP7B7VfN/aHj2WXV9pdDu0QCtVM1/7/Gpf0L+IXfkH/JL/iG/5B/yS/4hv+Qf8kv+Ydf4frsN5B/yS/4hv+Qf8mt9/gGAfKl0tPsOZKBd2j3/AAAAAAAAAAAAAAAAAAAAG810LoysLa2qee9qxPLeiCjWq1+o/R/x2qNNu94k1cM+SrJmDTn2e4MdNOjmDt59vZVHuv3wfOfqb8X935rZW3nbLaZGI6YvRER/sbjx+ktWr7+v9+MX3i+daLBAg/Ycbm/997Otq1Wqs2+wkmQr/fXmnzR+qb3Wn3/Km/S5HWffNdgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALfMhAAD//+M2bGo=")
creat(&(0x7f00000001c0)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
socket$inet(0x2, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
preadv2(r7, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

1.435303189s ago: executing program 4 (id=557):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r3, 0x0, 0x0)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r4, 0x5120b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r4}, @IFLA_GRE_OKEY={0x8, 0x5, 0x3}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x8000004)

1.270393272s ago: executing program 4 (id=558):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x30, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "37dde0e69ce85a235cd8e4354a027d36207201aa126f18c91d463c611338834dd432f2ae9eef3d15e516ed0f967abec07e03be9f4ca105d0ce765b9f3de7c1f0", 0x1a}, 0x48, r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000002060104000000000000000000000000050004000000090005000100060000000d000300686173683a6d6163000000000500050000000000140007800800124020050000050015000c000000090002"], 0x5c}}, 0x4000)

1.081474324s ago: executing program 3 (id=560):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000280), 0xfd, r0}, 0x38)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="540000000008010100000000000000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x0)

1.028701565s ago: executing program 3 (id=561):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x7, 0x0, 0x0, 0x0, 0x40008, 0x590, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x4c58, 0x1, 0x0, 0x0, 0x8, 0x4ac, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0)

961.107216ms ago: executing program 3 (id=562):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000500000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$usbmon(&(0x7f0000000140), 0x3, 0x28820)
ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50)
r4 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1, 0x0, 0x0, 0xff0f0000}, 0x20004000)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r2, 0x0, r7, 0x0, 0x8000f28, 0x0)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000a44000/0x4000)=nil, 0x4000, 0x0, 0xbc32038f2d035af6, 0xffffffffffffffff, 0x2882c000)
bpf$MAP_CREATE(0x0, 0x0, 0x50)

814.752808ms ago: executing program 1 (id=563):
mknod$loop(0x0, 0x100000000000600d, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000004080000001000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x404, &(0x7f0000000200)={[{@data_err_ignore}, {@mb_optimize_scan}]}, 0x1, 0x5e6, &(0x7f0000001200)="$eJzs3c1vFVUbAPBnbj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sRr5nam9LZzW3r7MZX5/ZJLZ+bc4TzT26fn3NNz5gZQWYPpP7WI/RExnUT0J/OLZZ2RFQ4uPO/Bnx+dTR9J1Ouv/Z5Ekh3Ln59kX/uyk3si4scfktjXsbLemblrF8enpiavZvvDs5emh2fmrh2+cGn8/OT5ycujL4yeOH7s+ImRI21d1/WCY6dvvvt+/ydjb37z1V/JyLe/jCVxMl7Onrj0OjbLYAw2vifJyqK+E5tdWUk6sp+TpS9x0lliQKxL/vp1RcQT0R8d8fDF64+PXyk1OGBL1ZOIOlBRifyHisr7Afl7++Xvg2ul9EqA7XD/1MIAwMr871wYG4yextjA7gdJLB3WSSKivZG5Znsi4u6dsZvn7ozdjC0ahwOKzd+IiCeL8j9p5P9A9MRAI/9rTfmf9gvOZF/T46+2Wf/yoWL5D9tnIf97Vs3/aJH/by3J/7fbrH/w4eY7vU3539vuJQEAAAAAAEBl3T4VEc8X/f2/tjj/Jwrm//RFxMlNqH9w2f7Kv//X7m1CNUCB+6ciXiqc/1vLZ/8OdGRb/2nMB+hKzl2YmjwSEf+NiEPRtSvdH1mljsOf7vuyVdlgNv8vf6T1383mAmZx3Ovc1XzOxPjs+EavG4i4fyPiqcL5v8li+58UtP/p74PpR6xj37O3zrQqWzv/ga1S/zriYGH7//CuFcnq9+cYbvQHhvNewUpPf/jZd63qbzf/3WICNi5t/3evnv8DydL79cysv46jc531VmXt9v+7k9cbt5zpzo59MD47e3Ukojs53ZEebTo+uv6Y4XGU50OeL2n+H3pm9fG/ov5/b0TML/u/kz+a1xTn/v9336+t4tH/h/Kk+T+xrvZ//Rujtwa+b1X/o7X/xxpt/aHsiPE/WPBFnqbdzccL0rGzqGi74wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx0EtIvZEUhta3K7VhoYi+iLif7G7NnVlZva5c1feuzyRljU+/7+Wf9Jv/8J+kn/+/8CS/dFl+0cjYm9EfN7R29gfOntlaqLsiwcAAAAAAAAAAAAAAAAAAIAdoq/F+v/Ubx1lRwdsuc6yAwBKU5D/P5URB7D9tP9QXfIfqkv+Q3XJf6gu+Q/VJf+huuQ/VNc68z/JHgAAAAAAwM6098Dtn5OImH+xt/FIdWdlXaVGBmy1WtkBAKVxix+oLlP/oLrW+x7/5BbFAZRnrfm8PS1P2shM4OmzGzgZAAAAAAAAAAAAACrn4H7r/6GqrP+H6rL+H6orX/9/oOQ4gO3nPT4Qa6zkL1z/v+ZZAAAAAAAAAAAAAMBmmpm7dnF8amryqo03dkYY27lRr9evpz8FOyWef/lGPhV+p8SzbCNf6/doZ5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//030lBw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
write$binfmt_aout(r1, &(0x7f0000000600)=ANY=[@ANYBLOB="000006b191000000910000a485dd0040000000aa020000080000000000000000"], 0x20)
sendfile(r1, r0, 0x0, 0x7ffff000)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18)
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cd2fdb, 0x103)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r3, &(0x7f00000001c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0xff, @ipv4={'\x00', '\xff\xff', @remote}, 0x701}}, 0x24)
r4 = socket$rxrpc(0x21, 0x2, 0x2)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r4, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bind$rxrpc(r5, &(0x7f00000004c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24)

655.08633ms ago: executing program 5 (id=564):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000140)={[{@nouser_xattr}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@grpquota}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x458, &(0x7f00000014c0)="$eJzs3MtvG8UfAPDv2kn6yq/xryqPpgUCBRHxSJq0lB64gEDiABISHMoxJGkV6jaoCRKtIggIlSOqxB1xROIv4AQXBJyQuMIdVapQLi2Pg9HGu4nt2mkdnDjUn4+07czuODNf7449O5NNAD1rJP0niRiMiF8iYqiarS8wUv3v5srS9B8rS9NJVCqv/56slruxsjSdF81fty/P9EUUPk7icJN6Fy5dPjdVLs9ezPLji+ffGV+4dPnpufNTZ2fPzl6YPHXqxPGJZ09OPtORONO4bgy/P3/k0MtvXn11+vTVt374Ksnjb4ijQ0Y2OvhYpdLh6rrrfzXppK+LDaEtxWo3jf7V/j8UxVg/eUPx0kddbRywpSqVSuXe1oeXK8BdLIlutwDojvyLPr3/zbdtGnrsCNefr94ApXHfzLbqkb4oZGX6G+5vO2kkIk4v//l5usXWzEMAANT5Jh3/PJWN/+oWfgpROy+0P1tDKUXE/yPiQEScjIiDEXFPxGrZ+yLi/jbrb1wkuXX8U7jW5o9sSzr+ey5b26of/+WjvygVI/7Kh8ul6E/OzJVnj2XvyWj070rzExvU8e2LP3/a6ljt+C/d0vrzsWDWjmt9u+pfMzO1OPVvYq51/cOI4b5m8SdrKwHpZXEoIoY3WcfcE18eaXXs9vHXG6jNdGCdqfJFxOPV878cDfHnko3XJ8d3R3n22Hh+Vdzqx5+uvNaq/nbj77T0/O9tev2vxV9KatdrF9qv48qvn7S8p9ns9T+QvFG3772pxcWLExEDySvVRtfun2woN7lePo1/9Gjz/n8g1t+JwxGRXsQPRMSDEfFQ1vaHI+KRiDi6Qfzfv/Do2/V7kjbi31pp/DNtnf/1xEA07mmeKJ777uu6SkvRRvzp+T+xmhrN9tzJ59+dtGtzVzMAAAD89xQiYjCSwthaulAYG6v+Dv/B2Fsozy8sPnlm/t0LM9VnBErRX8hnuqrzwdX50Instv7vwYg0P5nl8+PHs3njz4p7VvNj0/PlmW4HDz1uX4v+n/qt2O3WAVvO81rQu/R/6F36P/Qu/R96V5P+v6cb7QC211CL7/8PutAWYPs19H/LftBDNnv/v7/D7QC2n/k/6F36P/SkhT1x+4fkd2pi985oRm8morBtdRUb/9BEPkPV9TfhLk50+YMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgQ/4JAAD//0x95oE=")
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)

589.143741ms ago: executing program 4 (id=565):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(&(0x7f0000000240)='./file1\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000180)='./file1\x00', 0x804800, &(0x7f0000000000)=ANY=[@ANYRES8=0x0, @ANYBLOB="6092034e5823f645654f6e8edfc3b8e1a948efb0d4b9a9d4c30f5dacb3c1a7ea2587d59165777f070017c2921e793ec5a1384e143b57bb832f14bb43afdef6cb4ed4960b6c732be46a927cdd8c57f93ee6c15401df91ebcbe4f9989843313ea9f243d4dc3d276b966b898100a620b69b543033b9b7bcd9069b9248fbdff46c4a49f094a61938776ce1a1d0f0c84cb7a84bf0b1e2ce5f38f95e11d5b1977ead80625337f66dc391089ab8573d008a4bd03f6f9f01406db632558ed25be4beecd844ac00e52f95c5dc96a1e4a25c80d56aebf6cb33914d6bc72a40bf2fc94efed2f941cf3e"], 0xf9, 0x1213, &(0x7f0000000600)="$eJzs3E9rXFUYB+A3Y2rS1PxRa7Vd6AtuxMWlycKVIEFSkAwotRFaQbg1Ex0yzpTcITAiVldu/Ryu3Ql+g2z8DO6y6bIL8UrvNG1SU4vQZMQ+z2Luyz3nxzkHhoEz3HP33/3xq+2tqtgqh9GamorWrYi8m5HRigOvr4+v12+sr7bba1czr6xeW34nMxfe+PXTb2Yi4twnPy/8MhN7S5/t31n5fe/C3sX9P6992a2yW2V/MMwybw4Gw/JmbyE3u9V2kflRr1NWnez2q87OofZObr0dEaMs+5vzc7d2OlWVZX+U251RDgc53Bll+UXZ7WdRFDk/FzzWmSd32fjpbl3XEXV9Jp6Puq7rszEX5+KFmI+F+C4iXoyX4uU4H6/EhXg1XouLTa/TmD4AAAAAAAAAAAAAAAAAAAA8O/7p/P9iLDn/DwAAAAAAAAAAAAAAAAAAAKfg4+s31lfb7bWrmbMRvR92N3Y3xtdx+9K9j1504nIsxh/RnP4fG9dXPmivXc7GUnzfu30/f3t347kmv3qQX25eJ3A/P920HeSXx/k8mp+JuXv5reg2+ZVYjPPHj79ybH423nrzUL6Ixfjt8xhELzabsR/mv13OfP/D9iP5S00/AAAA+D8o8oFj9+9F8bj2cf7B/vrJ/w88sr+ejkvTk107EdXo6+2y1evsNEXvoJj9252TK+IUx3q6RcSduilmjja1TmjQVkx8yYeKqf/GNBRPpzgbR+9M+peJ0/DwazDpmQAAAAAAAAAAAPBvnPBzhdNxzJNl701mqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzFDhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCoAAP//qH3FUA==")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000001400), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x800000, 0xe)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
unlink(&(0x7f0000000200)='./file2\x00')
preadv(r3, &(0x7f00000015c0)=[{0x0}], 0x1, 0x0, 0x0)

588.195691ms ago: executing program 0 (id=566):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r0}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x10010, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a37", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r7, @ANYRES32=r7], 0x44}}, 0x0)

508.954492ms ago: executing program 5 (id=567):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="580000001400ad", 0x7}], 0x1)
write$binfmt_elf64(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="080641663151c9e0ad01"], 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x4)
write$binfmt_misc(r1, &(0x7f0000000100), 0xfef0)
splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x8)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r7 = io_uring_setup(0xaff, &(0x7f0000000380)={0x0, 0xeb9e, 0x400, 0xffffffff, 0x10000003})
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000780)=[{&(0x7f0000000700)=""/61, 0x3d}], 0x1)
r8 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x7aef, 0x0, 0xfffffffd, 0x2cb})
io_uring_register$IORING_REGISTER_FILES(r8, 0x1e, &(0x7f0000000000)=[r7], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000280)=ANY=[@ANYRESOCT=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x4f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r9 = dup(r4)
r10 = open(0x0, 0x40542, 0x0)
sendfile(r9, r10, 0x0, 0x8000fffffffe)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r11, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)

391.558034ms ago: executing program 0 (id=568):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r4, 0x5120b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r4}, @IFLA_GRE_OKEY={0x8, 0x5, 0x3}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x8000004)

338.758255ms ago: executing program 5 (id=569):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
unshare(0x2c000600)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$selinux_context(r1, &(0x7f0000000340)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)

249.692706ms ago: executing program 5 (id=570):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8)
sendfile(r3, r2, 0x0, 0x17)

171.210138ms ago: executing program 0 (id=571):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
unshare(0x2c000600)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd29, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x1}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x4}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0xffffffff, 0x0, 0xfffffffe}, {}, {0x5}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x0, 0x0, 0x200}, {}, {}, {0x5}, {0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x295}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1, 0xfffffff7}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x33f, 0x8}, {}, {0x5}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000, 0x7fffffff}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {}, {0x0, 0x1}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xe, 0xb, &(0x7f0000001340)=ANY=[@ANYBLOB="18000000000000000000000000ffffffffffffff7f03702500000000002020207b1af8ff00000000000d9b010000f8ffffffa702000000000000b703000000006c59850000002d00000095c3a3d18b97fbe1352684a1511a43e70b8cbdb7690b86eb1a5307a70afaa94e0c91d781ceb2949edb7890ff93458b3ac1c04a3893cdc4fd120d1057683d6c371936998296975d44cf89c3ee735e39981b33527802827cbc6e388a76e38950ca584d42667e75e931ecbbbff3e8122fb7a73574176de9c4e3b9a57d6ee6b9d6f40dde82d9012fc9c569"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x18)
r8 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$selinux_context(r8, &(0x7f0000000340)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r9}, 0x10)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xa4000021)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x18, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
tee(r1, r10, 0x1ff, 0x1)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

154.588517ms ago: executing program 3 (id=572):
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)={@map, 0xffffffffffffffff, 0xe, 0x2024, 0x0, @void, @void, @value}, 0x20)
syz_open_dev$loop(&(0x7f0000000240), 0x9, 0x141000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x34000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x2, 0x2}, 0x0, 0xc8, 0xfffffffe, 0x0, 0x80, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='neigh_create\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x10)
perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe80"], 0xfdef)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0xffffffffffffffae}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xfdef)

154.176678ms ago: executing program 5 (id=573):
unshare(0x24040000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x72, 0x10301)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x93, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x590, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x5, 0x8, 0x0, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r4}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, 0x0, 0x108)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
r6 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0x2100, 0x0, &(0x7f00000002c0), 0x0, 0x2000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
readv(r6, 0x0, 0x0)
unshare(0x2c020400)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r8, 0x4b67, 0x0)
statx(r6, &(0x7f0000000400)='./file0\x00', 0x0, 0x200, &(0x7f0000000840))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="340000001000010406400020000000000000ffff4907a9be21634533ef1e3dc88448b642a7a7fcddd16628dfec440ec465ea1a57bf29ed0bcf8ff05eb27c66afe3ad88bc98b7e5c144855390cb02e41aebfd15e2d9dad85872d217fb7a6e39847f0a7d859730ba8f9bef090c292b939d0e", @ANYRES32=0x0, @ANYBLOB="08d90400000000001400128009000100766c616e0000000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000004c0)='veno\x00', 0x5)
sendmsg(0xffffffffffffffff, 0x0, 0x44004)
socketpair(0x3, 0x6, 0xfffffffc, &(0x7f00000006c0))

77.709389ms ago: executing program 3 (id=574):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r0}, 0x18)
prctl$PR_SET_NAME(0xf, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c3c00000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='sys_enter\x00', r4, 0x0, 0x4}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000008c0)={[{@data_ordered}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@user_xattr}, {@errors_remount}, {@minixdf}], [{@subj_type={'subj_type', 0x3d, '['}}, {@uid_gt}, {@measure}, {@subj_user={'subj_user', 0x3d, '.]'}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x0)
getdents(r5, 0xfffffffffffffffd, 0x58)
kexec_load(0x2, 0x0, 0x0, 0x0)
connect$netlink(r2, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x8000)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2, 0x3, 0x3})
pipe(&(0x7f00000002c0)={<r7=>0xffffffffffffffff})
vmsplice(r7, &(0x7f0000000080)=[{&(0x7f00000004c0)='|', 0x1}], 0x1, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'erspan0\x00', &(0x7f00000000c0)={'ip_vti0\x00', <r9=>0x0, 0x7, 0x7800, 0x5, 0x33c, {{0x1f, 0x4, 0x1, 0x27, 0x7c, 0x65, 0x0, 0x7, 0x4, 0x0, @remote, @rand_addr=0x64010100, {[@lsrr={0x83, 0x7, 0xee, [@multicast2]}, @lsrr={0x83, 0x1f, 0x71, [@private=0xa010101, @remote, @private=0xa010100, @multicast1, @remote, @rand_addr=0x64010100, @broadcast]}, @lsrr={0x83, 0x23, 0xe9, [@remote, @multicast2, @rand_addr=0x64010101, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @multicast1, @rand_addr=0x64010101]}, @lsrr={0x83, 0x7, 0x4, [@empty]}, @ssrr={0x89, 0x7, 0xf8, [@remote]}, @noop, @timestamp={0x44, 0xc, 0xd6, 0x0, 0x2, [0x4, 0x0]}, @end, @noop]}}}}})
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x7, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095", @ANYRES64=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

47.847299ms ago: executing program 0 (id=575):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x48442, 0x40)
pwritev2(r2, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14142d50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f734f69ce475f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) (fail_nth: 10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x48)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d80000001b0001000000000000000000fc000000000000000000000000000000fe880000000000000000000000000001", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000500000000000000000000000000000000000000ffffffff0000000000619dc19f2d0c437100000000000000000000000000000000000000000000000000000000000008000020000c"], 0xd8}, 0x1, 0x0, 0x0, 0x4044001}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r7)
sendmsg$AUDIT_GET_FEATURE(r7, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x859d81bd081e4897}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x10, 0x3fb, 0x8, 0x70bd2b, 0x25dfdbfd, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x2000000, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x31, 0x0, &(0x7f00000001c0)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36eb77dd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x50)
r10 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
r11 = fsmount(r10, 0x0, 0x82)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r12 = openat$cgroup_procs(r11, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r12, &(0x7f0000000140), 0x12)

46.769539ms ago: executing program 4 (id=576):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000007b00000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x93)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000004c0)='kmem_cache_free\x00', r0}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000036e1c615000800"/23], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYRES32=r3, @ANYBLOB="05"], 0x10)
r4 = syz_io_uring_setup(0xfb, &(0x7f00000003c0)={0x0, 0x4, 0x10100}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000440)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r8, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103})
sendto(r7, &(0x7f0000001680)="9b2f", 0x2, 0x1c015, 0x0, 0x0)
io_uring_enter(r4, 0x46f6, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r3}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
sendmsg$inet(r1, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
futex(&(0x7f0000000080)=0x1, 0x3, 0x1, &(0x7f00000000c0), &(0x7f0000000100), 0x1)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000001, 0x31, 0xffffffffffffffff, 0x0)
io_setup(0x2, &(0x7f0000002400))

0s ago: executing program 5 (id=577):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
unshare(0x2c000600)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$selinux_context(r1, &(0x7f0000000340)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)

kernel console output (not intermixed with test programs):

call=5 compat=0 ip=0x7fd90009e929 code=0x7ffc0000
[   44.914892][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   44.940809][ T3305] EXT4-fs error (device loop2): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39
[   44.960527][ T3305] EXT4-fs error (device loop2): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39
[   44.995693][ T4210] __nla_validate_parse: 1 callbacks suppressed
[   44.995711][ T4210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.117'.
[   45.023939][ T4212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.119'.
[   45.070655][ T4212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.119'.
[   45.099630][ T4214] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[   45.134620][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.181259][ T4219] loop0: detected capacity change from 0 to 512
[   45.189574][ T4219] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   45.202077][ T4219] EXT4-fs (loop0): 1 truncate cleaned up
[   45.208949][ T4219] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.263596][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.358361][ T4224] loop3: detected capacity change from 0 to 2048
[   45.404405][ T4224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.413445][ T4224] EXT4-fs (loop3): shut down requested (0)
[   45.501330][ T4235] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[   45.566052][ T4227] lo speed is unknown, defaulting to 1000
[   45.586444][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.599672][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.687304][ T4249] serio: Serial port ttyS3
[   45.743778][ T4227] chnl_net:caif_netlink_parms(): no params data found
[   45.760023][ T3639] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   45.813825][ T3639] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   45.827582][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.837089][ T4227] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.848870][ T4227] bridge_slave_0: entered allmulticast mode
[   45.860015][ T4227] bridge_slave_0: entered promiscuous mode
[   45.869984][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.878424][ T4227] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.888438][ T4227] bridge_slave_1: entered allmulticast mode
[   45.896334][ T4227] bridge_slave_1: entered promiscuous mode
[   45.912918][ T4285] loop4: detected capacity change from 0 to 128
[   45.932462][ T4285] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   45.949092][ T3639] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   45.950471][ T4285] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   45.985299][ T4227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.000188][ T3639] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.016019][ T4227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.042584][ T4227] team0: Port device team_slave_0 added
[   46.051296][ T4227] team0: Port device team_slave_1 added
[   46.075682][ T4227] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.082871][ T4227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.111063][ T4227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.127437][ T4227] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.135671][ T4227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.163667][ T4227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.212569][ T3639] dummy0: left allmulticast mode
[   46.219736][ T3639] bridge0: port 3(dummy0) entered disabled state
[   46.231047][ T3639] bridge_slave_1: left allmulticast mode
[   46.237199][ T3639] bridge_slave_1: left promiscuous mode
[   46.243310][ T3639] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.252809][ T3639] bridge_slave_0: left allmulticast mode
[   46.258602][ T3639] bridge_slave_0: left promiscuous mode
[   46.264907][ T3639] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.359661][ T3639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   46.372120][ T3639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   46.382872][ T3639] bond0 (unregistering): Released all slaves
[   46.415191][ T4227] hsr_slave_0: entered promiscuous mode
[   46.422659][ T4227] hsr_slave_1: entered promiscuous mode
[   46.431169][ T4227] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   46.439780][ T4227] Cannot create hsr debugfs directory
[   46.465581][ T4272] serio: Serial port ttyS3
[   46.616683][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   46.640357][ T3639] hsr_slave_0: left promiscuous mode
[   46.651568][ T3639] hsr_slave_1: left promiscuous mode
[   46.662900][ T4378] serio: Serial port ttyS3
[   46.678111][ T3639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   46.685980][ T3639] batman_adv: batadv0: Removing interface: batadv_slave_0
[   46.722354][ T3639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   46.731360][ T3639] batman_adv: batadv0: Removing interface: batadv_slave_1
[   46.738819][ T4378] loop3: detected capacity change from 0 to 128
[   46.754099][ T4378] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   46.777539][ T3639] veth1_macvtap: left promiscuous mode
[   46.783233][ T3639] veth0_macvtap: left promiscuous mode
[   46.790088][ T4389] netlink: 4 bytes leftover after parsing attributes in process `syz.4.130'.
[   46.790331][ T4378] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   46.810854][ T3639] veth1_vlan: left promiscuous mode
[   46.816712][ T3639] veth0_vlan: left promiscuous mode
[   46.929893][ T3639] team0 (unregistering): Port device team_slave_1 removed
[   46.942920][ T3639] team0 (unregistering): Port device team_slave_0 removed
[   47.142855][ T4428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.133'.
[   47.154947][ T4227] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   47.175266][ T4227] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   47.190622][ T4434] loop4: detected capacity change from 0 to 1024
[   47.209150][ T4227] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   47.223883][ T4227] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   47.235586][ T4434] EXT4-fs: Ignoring removed nobh option
[   47.242648][ T4434] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.287985][ T4434] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.387633][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.392310][ T4227] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.416057][ T4478] vhci_hcd: invalid port number 15
[   47.422409][ T4478] vhci_hcd: invalid port number 15
[   47.454049][ T4227] 8021q: adding VLAN 0 to HW filter on device team0
[   47.544062][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   47.563278][  T782] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.571522][  T782] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.604717][ T3453] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.605053][ T4500] loop0: detected capacity change from 0 to 1024
[   47.612917][ T3453] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.659622][ T4508] serio: Serial port ttyS3
[   47.674551][ T4500] EXT4-fs: Ignoring removed nobh option
[   47.680588][ T4500] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.688445][ T4227] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   47.749844][ T4500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.878052][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.923133][ T4227] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.024858][ T4554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.143'.
[   48.227216][ T4581] loop0: detected capacity change from 0 to 512
[   48.243692][ T4581] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   48.280756][ T4581] EXT4-fs (loop0): 1 truncate cleaned up
[   48.299518][ T4591] netlink: 256 bytes leftover after parsing attributes in process `syz.1.146'.
[   48.309559][ T4581] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.461790][ T4227] veth0_vlan: entered promiscuous mode
[   48.542034][ T4630] loop4: detected capacity change from 0 to 512
[   48.547067][ T4227] veth1_vlan: entered promiscuous mode
[   48.559897][ T4631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.146'.
[   48.569429][ T4631] netlink: 2 bytes leftover after parsing attributes in process `syz.1.146'.
[   48.569802][ T4227] veth0_macvtap: entered promiscuous mode
[   48.624227][ T4227] veth1_macvtap: entered promiscuous mode
[   48.662386][ T4607] loop1: detected capacity change from 0 to 1024
[   48.676530][ T4607] =======================================================
[   48.676530][ T4607] WARNING: The mand mount option has been deprecated and
[   48.676530][ T4607]          and is ignored by this kernel. Remove the mand
[   48.676530][ T4607]          option from the mount to silence this warning.
[   48.676530][ T4607] =======================================================
[   48.698772][ T4227] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.739597][ T4630] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.764054][ T4607] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.786429][ T4607] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.798770][ T4227] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.802071][ T4630] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   48.821077][ T4607] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 3: comm syz.1.146: lblock 3 mapped to illegal pblock 3 (length 1)
[   48.841747][ T4227] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.852840][ T4227] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.862256][ T4227] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.872125][ T4227] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.883281][ T4607] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[   48.897902][ T4607] EXT4-fs (loop1): This should not happen!! Data will be lost
[   48.897902][ T4607] 
[   48.916243][ T4581] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[   48.931912][ T4631] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 4: comm syz.1.146: lblock 4 mapped to illegal pblock 4 (length 12)
[   48.950526][ T4631] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 12 with error 117
[   48.964082][ T4631] EXT4-fs (loop1): This should not happen!! Data will be lost
[   48.964082][ T4631] 
[   49.006735][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.030212][ T4656] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.147: iget: bad i_size value: 2533274857506816
[   49.127748][ T4652] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents
[   49.137588][ T4662] loop0: detected capacity change from 0 to 1024
[   49.158661][ T4662] EXT4-fs: Ignoring removed nobh option
[   49.164983][ T4662] EXT4-fs: Ignoring removed nomblk_io_submit option
[   49.195363][ T4665] syzkaller0: entered promiscuous mode
[   49.201509][ T4665] syzkaller0: entered allmulticast mode
[   49.211965][ T4652] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error
[   49.244341][ T4662] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.299884][ T4662] FAULT_INJECTION: forcing a failure.
[   49.299884][ T4662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.301074][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.315746][ T4662] CPU: 0 UID: 0 PID: 4662 Comm: syz.0.148 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   49.315781][ T4662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.315798][ T4662] Call Trace:
[   49.315807][ T4662]  <TASK>
[   49.315872][ T4662]  __dump_stack+0x1d/0x30
[   49.315903][ T4662]  dump_stack_lvl+0xe8/0x140
[   49.315931][ T4662]  dump_stack+0x15/0x1b
[   49.315954][ T4662]  should_fail_ex+0x265/0x280
[   49.316080][ T4662]  should_fail+0xb/0x20
[   49.316153][ T4662]  should_fail_usercopy+0x1a/0x20
[   49.316182][ T4662]  strncpy_from_user+0x25/0x230
[   49.316222][ T4662]  ? kmem_cache_alloc_noprof+0x186/0x310
[   49.316293][ T4662]  ? getname_flags+0x80/0x3b0
[   49.316338][ T4662]  getname_flags+0xae/0x3b0
[   49.316373][ T4662]  user_path_at+0x28/0x130
[   49.316415][ T4662]  __se_sys_mount_setattr+0x136/0x240
[   49.316477][ T4662]  __x64_sys_mount_setattr+0x67/0x80
[   49.316512][ T4662]  x64_sys_call+0xda0/0x2fb0
[   49.316542][ T4662]  do_syscall_64+0xd2/0x200
[   49.316574][ T4662]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.316650][ T4662]  ? clear_bhb_loop+0x40/0x90
[   49.316680][ T4662]  ? clear_bhb_loop+0x40/0x90
[   49.316713][ T4662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.316777][ T4662] RIP: 0033:0x7f39e949e929
[   49.316799][ T4662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.316833][ T4662] RSP: 002b:00007f39e7b07038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[   49.316860][ T4662] RAX: ffffffffffffffda RBX: 00007f39e96c5fa0 RCX: 00007f39e949e929
[   49.316878][ T4662] RDX: 0000000000009000 RSI: 0000200000000180 RDI: ffffffffffffff9c
[   49.316896][ T4662] RBP: 00007f39e7b07090 R08: 0000000000000020 R09: 0000000000000000
[   49.316913][ T4662] R10: 0000200000001dc0 R11: 0000000000000246 R12: 0000000000000001
[   49.316929][ T4662] R13: 0000000000000000 R14: 00007f39e96c5fa0 R15: 00007ffcad5d8788
[   49.316956][ T4662]  </TASK>
[   49.413874][ T4652] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents
[   49.553908][ T4673] lo speed is unknown, defaulting to 1000
[   49.556479][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.570391][ T4673] lo speed is unknown, defaulting to 1000
[   49.582050][ T4652] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error
[   49.601912][   T29] kauditd_printk_skb: 73 callbacks suppressed
[   49.601930][   T29] audit: type=1400 audit(2000000004.350:626): avc:  denied  { create } for  pid=4676 comm="syz.1.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[   49.630590][ T4652] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117)
[   49.636512][ T4673] lo speed is unknown, defaulting to 1000
[   49.656435][ T4681] netlink: 16 bytes leftover after parsing attributes in process `syz.3.151'.
[   49.695742][ T4673] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   49.704921][ T4652] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[   49.748992][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.767975][ T4673] lo speed is unknown, defaulting to 1000
[   49.795048][ T4673] lo speed is unknown, defaulting to 1000
[   49.834329][ T4673] lo speed is unknown, defaulting to 1000
[   49.857633][ T4673] lo speed is unknown, defaulting to 1000
[   49.874201][ T4673] lo speed is unknown, defaulting to 1000
[   50.003647][ T4703] FAULT_INJECTION: forcing a failure.
[   50.003647][ T4703] name failslab, interval 1, probability 0, space 0, times 0
[   50.018791][ T4703] CPU: 1 UID: 0 PID: 4703 Comm: syz.1.155 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   50.018817][ T4703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   50.018830][ T4703] Call Trace:
[   50.018896][ T4703]  <TASK>
[   50.018903][ T4703]  __dump_stack+0x1d/0x30
[   50.018929][ T4703]  dump_stack_lvl+0xe8/0x140
[   50.018981][ T4703]  dump_stack+0x15/0x1b
[   50.019002][ T4703]  should_fail_ex+0x265/0x280
[   50.019067][ T4703]  ? ip_set_create+0x1ec/0x960
[   50.019093][ T4703]  should_failslab+0x8c/0xb0
[   50.019123][ T4703]  __kmalloc_cache_noprof+0x4c/0x320
[   50.019179][ T4703]  ip_set_create+0x1ec/0x960
[   50.019222][ T4703]  ? __nla_parse+0x40/0x60
[   50.019328][ T4703]  nfnetlink_rcv_msg+0x4c3/0x590
[   50.019386][ T4703]  ? selinux_capable+0x1f9/0x270
[   50.019430][ T4703]  netlink_rcv_skb+0x120/0x220
[   50.019489][ T4703]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   50.019526][ T4703]  nfnetlink_rcv+0x16b/0x1690
[   50.019626][ T4703]  ? __kfree_skb+0x109/0x150
[   50.019644][ T4703]  ? nlmon_xmit+0x4f/0x60
[   50.019754][ T4703]  ? consume_skb+0x49/0x150
[   50.019870][ T4703]  ? nlmon_xmit+0x4f/0x60
[   50.019896][ T4703]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   50.019925][ T4703]  ? __dev_queue_xmit+0x11c0/0x1fb0
[   50.019948][ T4703]  ? __dev_queue_xmit+0x182/0x1fb0
[   50.019972][ T4703]  ? __account_obj_stock+0x211/0x350
[   50.020152][ T4703]  ? ref_tracker_free+0x37d/0x3e0
[   50.020207][ T4703]  ? __netlink_deliver_tap+0x4dc/0x500
[   50.020238][ T4703]  netlink_unicast+0x5a1/0x670
[   50.020322][ T4703]  netlink_sendmsg+0x58b/0x6b0
[   50.020354][ T4703]  ? __pfx_netlink_sendmsg+0x10/0x10
[   50.020383][ T4703]  __sock_sendmsg+0x142/0x180
[   50.020479][ T4703]  ____sys_sendmsg+0x31e/0x4e0
[   50.020510][ T4703]  ___sys_sendmsg+0x17b/0x1d0
[   50.020558][ T4703]  __x64_sys_sendmsg+0xd4/0x160
[   50.020592][ T4703]  x64_sys_call+0x2999/0x2fb0
[   50.020653][ T4703]  do_syscall_64+0xd2/0x200
[   50.020743][ T4703]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.020775][ T4703]  ? clear_bhb_loop+0x40/0x90
[   50.020801][ T4703]  ? clear_bhb_loop+0x40/0x90
[   50.020890][ T4703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.020918][ T4703] RIP: 0033:0x7f31348ce929
[   50.020938][ T4703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.020969][ T4703] RSP: 002b:00007f3132f16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.021039][ T4703] RAX: ffffffffffffffda RBX: 00007f3134af6080 RCX: 00007f31348ce929
[   50.021056][ T4703] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[   50.021073][ T4703] RBP: 00007f3132f16090 R08: 0000000000000000 R09: 0000000000000000
[   50.021096][ T4703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.021239][ T4703] R13: 0000000000000000 R14: 00007f3134af6080 R15: 00007ffd412bb558
[   50.021263][ T4703]  </TASK>
[   50.100502][ T4714] serio: Serial port ttyS3
[   50.958755][ T4779] loop0: detected capacity change from 0 to 512
[   50.959303][ T4779] ext4: Unknown parameter 'subj_type'
[   51.004533][ T4811] loop1: detected capacity change from 0 to 512
[   51.010353][ T4811] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   51.084699][ T4811] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.086573][ T4811] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.109677][ T4819] loop3: detected capacity change from 0 to 1024
[   51.129561][ T4819] EXT4-fs: Ignoring removed nomblk_io_submit option
[   51.148327][ T4819] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.189306][   T29] audit: type=1326 audit(2000000005.940:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.191741][   T29] audit: type=1326 audit(2000000005.940:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.244493][   T29] audit: type=1326 audit(2000000005.990:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.269671][   T29] audit: type=1326 audit(2000000005.990:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.319742][   T29] audit: type=1326 audit(2000000006.050:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.319780][   T29] audit: type=1326 audit(2000000006.050:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.319814][   T29] audit: type=1326 audit(2000000006.050:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.319991][   T29] audit: type=1326 audit(2000000006.050:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.320018][   T29] audit: type=1326 audit(2000000006.050:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4808 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   51.320465][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.321582][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.414921][ T4832] __nla_validate_parse: 2 callbacks suppressed
[   51.414963][ T4832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.164'.
[   51.436101][ T4834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'.
[   51.552386][ T4834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'.
[   51.580226][ T4837] siw: device registration error -23
[   51.597257][ T4837] netlink: 16 bytes leftover after parsing attributes in process `syz.5.166'.
[   51.606488][ T4837] netlink: 16 bytes leftover after parsing attributes in process `syz.5.166'.
[   51.616203][ T4837] netlink: 12 bytes leftover after parsing attributes in process `syz.5.166'.
[   51.734437][ T4845] loop0: detected capacity change from 0 to 1024
[   51.755276][ T4842] syzkaller0: entered promiscuous mode
[   51.760922][ T4842] syzkaller0: entered allmulticast mode
[   51.761163][ T4845] EXT4-fs: Ignoring removed nomblk_io_submit option
[   51.823999][ T4845] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.102319][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.252113][ T4857] loop1: detected capacity change from 0 to 256
[   52.266198][ T4857] tipc: Started in network mode
[   52.266226][ T4857] tipc: Node identity 4, cluster identity 4711
[   52.266240][ T4857] tipc: Node number set to 4
[   52.483635][ T4859] loop0: detected capacity change from 0 to 512
[   52.489880][ T4859] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   52.548960][ T4859] EXT4-fs (loop0): 1 truncate cleaned up
[   52.549383][ T4859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.591874][ T4864] loop1: detected capacity change from 0 to 512
[   52.610129][ T4864] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.650095][ T4864] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.650282][ T4864] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.692231][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.757056][ T4871] loop1: detected capacity change from 0 to 512
[   52.797552][ T4871] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.176: corrupted in-inode xattr: invalid ea_ino
[   52.809330][ T4871] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.176: couldn't read orphan inode 15 (err -117)
[   52.881410][ T4871] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.921851][ T4874] netlink: 16 bytes leftover after parsing attributes in process `syz.4.177'.
[   52.924378][ T4876] loop5: detected capacity change from 0 to 512
[   52.931538][ T4874] netlink: 16 bytes leftover after parsing attributes in process `syz.4.177'.
[   52.948143][ T4874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.177'.
[   52.988471][ T4876] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.178: corrupted in-inode xattr: invalid ea_ino
[   53.007026][ T4876] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.178: couldn't read orphan inode 15 (err -117)
[   53.026986][ T4876] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.060908][ T4879] loop3: detected capacity change from 0 to 512
[   53.071640][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.092892][ T4879] ext4: Unknown parameter 'subj_type'
[   53.110051][ T4881] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[   53.153560][ T4884] loop1: detected capacity change from 0 to 512
[   53.162108][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.184021][ T4884] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   53.209519][ T4884] EXT4-fs (loop1): 1 truncate cleaned up
[   53.216361][ T4884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.292353][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.307103][ T4890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.182'.
[   53.472499][ T4884] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[   53.504437][ T4897] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   53.510559][ T4899] loop0: detected capacity change from 0 to 256
[   53.548695][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.564235][ T4899] FAT-fs (loop0): Directory bread(block 64) failed
[   53.576009][ T4899] FAT-fs (loop0): Directory bread(block 65) failed
[   53.585777][ T4899] FAT-fs (loop0): Directory bread(block 66) failed
[   53.595991][ T4899] FAT-fs (loop0): Directory bread(block 67) failed
[   53.607873][ T4899] FAT-fs (loop0): Directory bread(block 68) failed
[   53.616871][ T4899] FAT-fs (loop0): Directory bread(block 69) failed
[   53.624767][ T4899] FAT-fs (loop0): Directory bread(block 70) failed
[   53.633638][ T4899] FAT-fs (loop0): Directory bread(block 71) failed
[   53.651554][ T4907] netlink: 'syz.1.188': attribute type 1 has an invalid length.
[   53.662037][ T4899] FAT-fs (loop0): Directory bread(block 72) failed
[   53.669915][ T4899] FAT-fs (loop0): Directory bread(block 73) failed
[   53.680762][ T4907] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.689042][ T4907] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.697673][ T4907] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.706037][ T4907] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.860721][ T4913] netlink: 'syz.1.190': attribute type 10 has an invalid length.
[   53.891063][ T4913] dummy0: entered promiscuous mode
[   53.910836][ T4913] bridge0: port 3(dummy0) entered blocking state
[   53.917874][ T4913] bridge0: port 3(dummy0) entered disabled state
[   53.929479][ T4915] loop3: detected capacity change from 0 to 512
[   53.945869][ T4913] dummy0: entered allmulticast mode
[   53.958812][ T4913] bridge0: port 3(dummy0) entered blocking state
[   53.966337][ T4913] bridge0: port 3(dummy0) entered forwarding state
[   53.981026][ T4915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.006402][ T4915] ext4 filesystem being mounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   54.140404][ T4931] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.192: iget: bad i_size value: 2533274857506816
[   54.147222][ T4932] serio: Serial port ttyS3
[   54.232113][ T4919] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents
[   54.269818][ T4932] loop1: detected capacity change from 0 to 128
[   54.272054][ T4919] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error
[   54.290607][ T4919] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents
[   54.307103][ T4945] syzkaller0: entered promiscuous mode
[   54.313129][ T4945] syzkaller0: entered allmulticast mode
[   54.324269][ T4932] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   54.341966][ T4919] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error
[   54.355715][ T4932] ext4 filesystem being mounted at /36/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   54.367362][ T4926] loop0: detected capacity change from 0 to 512
[   54.374389][ T4919] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117)
[   54.388490][ T4926] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   54.400072][ T4919] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[   54.418110][ T4926] EXT4-fs (loop0): 1 truncate cleaned up
[   54.425538][ T4926] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.459357][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.522347][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.555106][ T4966] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   54.644404][ T4977] loop0: detected capacity change from 0 to 512
[   54.648217][ T4977] ext4: Unknown parameter 'subj_type'
[   55.071101][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   55.214948][ T5040] siw: device registration error -23
[   55.240586][ T5053] serio: Serial port ttyS3
[   55.295510][ T5053] loop5: detected capacity change from 0 to 128
[   55.306481][ T5053] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   55.340982][ T5053] ext4 filesystem being mounted at /13/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   55.356928][ T5064] netlink: 'syz.1.204': attribute type 39 has an invalid length.
[   55.415913][ T5072] loop3: detected capacity change from 0 to 512
[   55.438489][ T5072] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.453055][ T5072] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   55.468073][ T5072] FAULT_INJECTION: forcing a failure.
[   55.468073][ T5072] name failslab, interval 1, probability 0, space 0, times 0
[   55.481694][ T5072] CPU: 0 UID: 0 PID: 5072 Comm: syz.3.205 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   55.481794][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.481807][ T5072] Call Trace:
[   55.481814][ T5072]  <TASK>
[   55.481823][ T5072]  __dump_stack+0x1d/0x30
[   55.481917][ T5072]  dump_stack_lvl+0xe8/0x140
[   55.481942][ T5072]  dump_stack+0x15/0x1b
[   55.481965][ T5072]  should_fail_ex+0x265/0x280
[   55.482001][ T5072]  should_failslab+0x8c/0xb0
[   55.482106][ T5072]  __kmalloc_noprof+0xa5/0x3e0
[   55.482134][ T5072]  ? find_tree_dqentry+0x3e/0x8c0
[   55.482284][ T5072]  find_tree_dqentry+0x3e/0x8c0
[   55.482315][ T5072]  ? __brelse+0x32/0x60
[   55.482352][ T5072]  ? from_kuid+0x139/0x320
[   55.482379][ T5072]  ? ext4_quota_read+0x22b/0x260
[   55.482473][ T5072]  find_tree_dqentry+0x4c9/0x8c0
[   55.482584][ T5072]  qtree_read_dquot+0x35c/0x4a0
[   55.482657][ T5072]  ? xa_load+0xb1/0xe0
[   55.482691][ T5072]  v2_read_dquot+0x98/0xd0
[   55.482725][ T5072]  dquot_acquire+0xce/0x2b0
[   55.482754][ T5072]  ext4_acquire_dquot+0x15f/0x200
[   55.482798][ T5072]  dqget+0x532/0x8d0
[   55.482845][ T5072]  __dquot_initialize+0x27f/0x7c0
[   55.482871][ T5072]  ? __d_rehash+0x139/0x1f0
[   55.482911][ T5072]  dquot_initialize+0x1a/0x30
[   55.482931][ T5072]  ext4_create+0x49/0x2f0
[   55.483055][ T5072]  ? path_openat+0x10c8/0x2170
[   55.483108][ T5072]  ? __pfx_ext4_create+0x10/0x10
[   55.483214][ T5072]  path_openat+0x1102/0x2170
[   55.483272][ T5072]  do_filp_open+0x109/0x230
[   55.483329][ T5072]  do_sys_openat2+0xa6/0x110
[   55.483414][ T5072]  __x64_sys_creat+0x65/0x90
[   55.483453][ T5072]  x64_sys_call+0x114d/0x2fb0
[   55.483481][ T5072]  do_syscall_64+0xd2/0x200
[   55.483509][ T5072]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.483543][ T5072]  ? clear_bhb_loop+0x40/0x90
[   55.483632][ T5072]  ? clear_bhb_loop+0x40/0x90
[   55.483735][ T5072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.483766][ T5072] RIP: 0033:0x7f89690fe929
[   55.483918][ T5072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.484035][ T5072] RSP: 002b:00007f8967767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   55.484060][ T5072] RAX: ffffffffffffffda RBX: 00007f8969325fa0 RCX: 00007f89690fe929
[   55.484076][ T5072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[   55.484092][ T5072] RBP: 00007f8967767090 R08: 0000000000000000 R09: 0000000000000000
[   55.484108][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.484124][ T5072] R13: 0000000000000000 R14: 00007f8969325fa0 R15: 00007ffd750fe4f8
[   55.484151][ T5072]  </TASK>
[   55.484163][ T5072] __quota_error: 145 callbacks suppressed
[   55.484177][ T5072] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[   55.785546][ T5072] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.205: Failed to acquire dquot type 0
[   55.811806][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.165823][ T5137] FAULT_INJECTION: forcing a failure.
[   56.165823][ T5137] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   56.180863][ T5137] CPU: 0 UID: 0 PID: 5137 Comm: syz.3.209 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   56.180891][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   56.180965][ T5137] Call Trace:
[   56.181048][ T5137]  <TASK>
[   56.181057][ T5137]  __dump_stack+0x1d/0x30
[   56.181079][ T5137]  dump_stack_lvl+0xe8/0x140
[   56.181098][ T5137]  dump_stack+0x15/0x1b
[   56.181138][ T5137]  should_fail_ex+0x265/0x280
[   56.181177][ T5137]  should_fail+0xb/0x20
[   56.181219][ T5137]  should_fail_usercopy+0x1a/0x20
[   56.181252][ T5137]  _copy_to_user+0x20/0xa0
[   56.181285][ T5137]  simple_read_from_buffer+0xb5/0x130
[   56.181332][ T5137]  proc_fail_nth_read+0x100/0x140
[   56.181432][ T5137]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   56.181453][ T5137]  vfs_read+0x19d/0x6f0
[   56.181470][ T5137]  ? __rcu_read_unlock+0x4f/0x70
[   56.181492][ T5137]  ? __fget_files+0x184/0x1c0
[   56.181560][ T5137]  ksys_read+0xda/0x1a0
[   56.181586][ T5137]  __x64_sys_read+0x40/0x50
[   56.181606][ T5137]  x64_sys_call+0x2d77/0x2fb0
[   56.181629][ T5137]  do_syscall_64+0xd2/0x200
[   56.181655][ T5137]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   56.181717][ T5137]  ? clear_bhb_loop+0x40/0x90
[   56.181747][ T5137]  ? clear_bhb_loop+0x40/0x90
[   56.181792][ T5137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.181821][ T5137] RIP: 0033:0x7f89690fd33c
[   56.181841][ T5137] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   56.181924][ T5137] RSP: 002b:00007f8967767030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   56.181949][ T5137] RAX: ffffffffffffffda RBX: 00007f8969325fa0 RCX: 00007f89690fd33c
[   56.181966][ T5137] RDX: 000000000000000f RSI: 00007f89677670a0 RDI: 0000000000000006
[   56.181982][ T5137] RBP: 00007f8967767090 R08: 0000000000000000 R09: 0000000000000000
[   56.181998][ T5137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.182013][ T5137] R13: 0000000000000000 R14: 00007f8969325fa0 R15: 00007ffd750fe4f8
[   56.182112][ T5137]  </TASK>
[   56.575974][ T5158] loop4: detected capacity change from 0 to 1024
[   56.583459][ T5156] __nla_validate_parse: 11 callbacks suppressed
[   56.583476][ T5156] netlink: 16 bytes leftover after parsing attributes in process `syz.3.214'.
[   56.600002][ T5156] netlink: 16 bytes leftover after parsing attributes in process `syz.3.214'.
[   56.605099][ T5154] syzkaller0: entered promiscuous mode
[   56.616624][ T5154] syzkaller0: entered allmulticast mode
[   56.623857][ T5158] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.644351][ T5160] netlink: 12 bytes leftover after parsing attributes in process `syz.3.214'.
[   56.778273][ T5083] syz.0.206 (5083) used greatest stack depth: 7096 bytes left
[   56.831306][ T5166] loop1: detected capacity change from 0 to 512
[   56.842736][ T5171] loop0: detected capacity change from 0 to 512
[   56.844760][ T5170] netlink: 'syz.3.220': attribute type 39 has an invalid length.
[   56.867296][ T5166] ext4: Unknown parameter 'nouser_xattr'
[   56.871229][ T5174] loop5: detected capacity change from 0 to 256
[   56.881539][ T5173] loop4: detected capacity change from 0 to 164
[   56.892402][ T5171] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.219: corrupted in-inode xattr: invalid ea_ino
[   56.893028][   T29] audit: type=1400 audit(2000000011.640:779): avc:  denied  { create } for  pid=5164 comm="syz.1.217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   56.918021][ T5173] process 'syz.4.218' launched '/dev/fd/5' with NULL argv: empty string added
[   56.937315][   T29] audit: type=1400 audit(2000000011.660:780): avc:  denied  { mount } for  pid=5172 comm="syz.4.218" name="/" dev="loop4" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   56.961004][   T29] audit: type=1400 audit(2000000011.670:781): avc:  denied  { execute } for  pid=5172 comm="syz.4.218" dev="tmpfs" ino=42 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   56.969417][ T5171] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.219: couldn't read orphan inode 15 (err -117)
[   56.982151][   T29] audit: type=1400 audit(2000000011.680:782): avc:  denied  { write } for  pid=5164 comm="syz.1.217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   57.004407][ T5173] syz.4.218: attempt to access beyond end of device
[   57.004407][ T5173] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   57.014071][   T29] audit: type=1400 audit(2000000011.750:783): avc:  denied  { execute_no_trans } for  pid=5172 comm="syz.4.218" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=42 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   57.071291][ T5179] FAULT_INJECTION: forcing a failure.
[   57.071291][ T5179] name failslab, interval 1, probability 0, space 0, times 0
[   57.084797][ T5179] CPU: 1 UID: 0 PID: 5179 Comm: syz.1.221 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   57.084837][ T5179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.084855][ T5179] Call Trace:
[   57.084864][ T5179]  <TASK>
[   57.084875][ T5179]  __dump_stack+0x1d/0x30
[   57.084993][ T5179]  dump_stack_lvl+0xe8/0x140
[   57.085017][ T5179]  dump_stack+0x15/0x1b
[   57.085033][ T5179]  should_fail_ex+0x265/0x280
[   57.085076][ T5179]  ? audit_log_d_path+0x8d/0x150
[   57.085121][ T5179]  should_failslab+0x8c/0xb0
[   57.085206][ T5179]  __kmalloc_cache_noprof+0x4c/0x320
[   57.085243][ T5179]  audit_log_d_path+0x8d/0x150
[   57.085301][ T5179]  audit_log_d_path_exe+0x42/0x70
[   57.085386][ T5179]  audit_log_task+0x1e9/0x250
[   57.085431][ T5179]  audit_seccomp+0x61/0x100
[   57.085459][ T5179]  ? __seccomp_filter+0x68c/0x10d0
[   57.085513][ T5179]  __seccomp_filter+0x69d/0x10d0
[   57.085562][ T5179]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   57.085600][ T5179]  ? vfs_write+0x75e/0x8e0
[   57.085666][ T5179]  ? __rcu_read_unlock+0x4f/0x70
[   57.085693][ T5179]  ? __fget_files+0x184/0x1c0
[   57.085770][ T5179]  __secure_computing+0x82/0x150
[   57.085801][ T5179]  syscall_trace_enter+0xcf/0x1e0
[   57.085833][ T5179]  do_syscall_64+0xac/0x200
[   57.085918][ T5179]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   57.085953][ T5179]  ? clear_bhb_loop+0x40/0x90
[   57.085978][ T5179]  ? clear_bhb_loop+0x40/0x90
[   57.086084][ T5179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.086106][ T5179] RIP: 0033:0x7f31348ce929
[   57.086122][ T5179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.086141][ T5179] RSP: 002b:00007f3132f37038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a
[   57.086170][ T5179] RAX: ffffffffffffffda RBX: 00007f3134af5fa0 RCX: 00007f31348ce929
[   57.086186][ T5179] RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000200000ff9000
[   57.086202][ T5179] RBP: 00007f3132f37090 R08: 0000000000000000 R09: 0000000000000000
[   57.086216][ T5179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.086228][ T5179] R13: 0000000000000000 R14: 00007f3134af5fa0 R15: 00007ffd412bb558
[   57.086252][ T5179]  </TASK>
[   57.096341][   T29] audit: type=1326 audit(2000000011.820:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.1.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   57.116609][ T5173] syz.4.218: attempt to access beyond end of device
[   57.116609][ T5173] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[   57.119426][   T29] audit: type=1326 audit(2000000011.820:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.1.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f31348cd290 code=0x7ffc0000
[   57.378058][ T5174] FAT-fs (loop5): Directory bread(block 64) failed
[   57.391873][   T29] audit: type=1326 audit(2000000011.820:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.1.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f31348cd3df code=0x7ffc0000
[   57.441663][ T5174] FAT-fs (loop5): Directory bread(block 65) failed
[   57.462353][ T5184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.222'.
[   57.482778][ T5174] FAT-fs (loop5): Directory bread(block 66) failed
[   57.513395][ T5174] FAT-fs (loop5): Directory bread(block 67) failed
[   57.537889][   T29] audit: type=1326 audit(2000000011.820:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.1.221" exe="<no_memory>" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   57.551670][ T5174] FAT-fs (loop5): Directory bread(block 68) failed
[   57.591542][ T5194] lo speed is unknown, defaulting to 1000
[   57.610668][ T5174] FAT-fs (loop5): Directory bread(block 69) failed
[   57.629088][ T5174] FAT-fs (loop5): Directory bread(block 70) failed
[   57.669141][ T5174] FAT-fs (loop5): Directory bread(block 71) failed
[   57.676323][ T5174] FAT-fs (loop5): Directory bread(block 72) failed
[   57.693659][ T5194] lo speed is unknown, defaulting to 1000
[   57.699962][ T5174] FAT-fs (loop5): Directory bread(block 73) failed
[   57.718534][ T5200] loop1: detected capacity change from 0 to 512
[   57.732593][ T5200] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   57.788530][ T5200] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.814159][ T5199] lo speed is unknown, defaulting to 1000
[   57.851382][ T5199] lo speed is unknown, defaulting to 1000
[   57.858532][ T5206] netlink: 16 bytes leftover after parsing attributes in process `syz.3.227'.
[   57.867709][ T5206] netlink: 16 bytes leftover after parsing attributes in process `syz.3.227'.
[   57.907272][ T5206] netlink: 12 bytes leftover after parsing attributes in process `syz.3.227'.
[   57.974554][ T5214] netlink: 'syz.1.228': attribute type 10 has an invalid length.
[   57.982740][ T5214] netlink: 40 bytes leftover after parsing attributes in process `syz.1.228'.
[   57.993548][ T5212] xt_CT: You must specify a L4 protocol and not use inversions on it
[   58.002454][ T5212] netlink: 'syz.3.229': attribute type 1 has an invalid length.
[   58.079502][ T5219] loop1: detected capacity change from 0 to 512
[   58.089171][ T5219] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   58.101799][ T5219] EXT4-fs (loop1): 1 truncate cleaned up
[   58.128340][ T5216] netlink: 4 bytes leftover after parsing attributes in process `syz.3.230'.
[   58.137501][ T5216] netlink: 'syz.3.230': attribute type 12 has an invalid length.
[   58.163077][ T5220] loop5: detected capacity change from 0 to 1024
[   58.208064][ T5220] EXT4-fs: Ignoring removed nomblk_io_submit option
[   58.304472][ T5227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.235'.
[   58.342539][ T5234] FAULT_INJECTION: forcing a failure.
[   58.342539][ T5234] name failslab, interval 1, probability 0, space 0, times 0
[   58.356647][ T5234] CPU: 1 UID: 0 PID: 5234 Comm: syz.0.236 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   58.356680][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   58.356695][ T5234] Call Trace:
[   58.356704][ T5234]  <TASK>
[   58.356712][ T5234]  __dump_stack+0x1d/0x30
[   58.356737][ T5234]  dump_stack_lvl+0xe8/0x140
[   58.356758][ T5234]  dump_stack+0x15/0x1b
[   58.356842][ T5234]  should_fail_ex+0x265/0x280
[   58.356879][ T5234]  should_failslab+0x8c/0xb0
[   58.356929][ T5234]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   58.356969][ T5234]  ? selinux_kernfs_init_security+0xe3/0x350
[   58.357000][ T5234]  ? kstrdup_const+0x3e/0x50
[   58.357033][ T5234]  kstrdup+0x3e/0xd0
[   58.357168][ T5234]  kstrdup_const+0x3e/0x50
[   58.357195][ T5234]  __kernfs_new_node+0x3f/0x350
[   58.357218][ T5234]  ? rb_insert_color+0x299/0x2b0
[   58.357268][ T5234]  ? __rcu_read_unlock+0x4f/0x70
[   58.357303][ T5234]  ? up_write+0x18/0x60
[   58.357327][ T5234]  ? kernfs_link_sibling+0x26e/0x290
[   58.357353][ T5234]  ? strlen+0x19/0x40
[   58.357394][ T5234]  kernfs_new_node+0xd0/0x140
[   58.357422][ T5234]  __kernfs_create_file+0x4b/0x180
[   58.357455][ T5234]  cgroup_addrm_files+0x519/0x670
[   58.357519][ T5234]  css_populate_dir+0xfe/0x230
[   58.357633][ T5234]  cgroup_mkdir+0xbba/0xc90
[   58.357659][ T5234]  ? __pfx_cgroup_mkdir+0x10/0x10
[   58.357684][ T5234]  kernfs_iop_mkdir+0x11e/0x1c0
[   58.357715][ T5234]  vfs_mkdir+0x210/0x340
[   58.357776][ T5234]  do_mkdirat+0x132/0x3f0
[   58.357828][ T5234]  __x64_sys_mkdirat+0x4c/0x60
[   58.357913][ T5234]  x64_sys_call+0x2be0/0x2fb0
[   58.357944][ T5234]  do_syscall_64+0xd2/0x200
[   58.357970][ T5234]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.358007][ T5234]  ? clear_bhb_loop+0x40/0x90
[   58.358039][ T5234]  ? clear_bhb_loop+0x40/0x90
[   58.358088][ T5234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.358112][ T5234] RIP: 0033:0x7f39e949e929
[   58.358132][ T5234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.358157][ T5234] RSP: 002b:00007f39e7ae6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   58.358182][ T5234] RAX: ffffffffffffffda RBX: 00007f39e96c6080 RCX: 00007f39e949e929
[   58.358247][ T5234] RDX: 00000000000001ff RSI: 0000200000000000 RDI: ffffffffffffff9c
[   58.358260][ T5234] RBP: 00007f39e7ae6090 R08: 0000000000000000 R09: 0000000000000000
[   58.358272][ T5234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   58.358287][ T5234] R13: 0000000000000000 R14: 00007f39e96c6080 R15: 00007ffcad5d8788
[   58.358310][ T5234]  </TASK>
[   58.358327][ T5234] cgroup: cgroup_addrm_files: failed to add cgroup.clone_children, err=-12
[   58.551761][ T5244] loop3: detected capacity change from 0 to 512
[   58.681417][ T5244] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   58.694767][ T5219] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[   58.712947][ T5244] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.770445][ T5251] mmap: syz.4.240 (5251) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   58.784459][ T5248] loop5: detected capacity change from 0 to 512
[   58.808379][ T5248] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   58.822071][ T5248] EXT4-fs (loop5): 1 truncate cleaned up
[   58.832575][ T5253] loop1: detected capacity change from 0 to 512
[   58.881428][ T5253] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.897559][ T5255] loop4: detected capacity change from 0 to 1024
[   58.917458][ T5253] netlink: '+}[@': attribute type 12 has an invalid length.
[   58.925774][ T5255] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   58.961707][ T5255] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   58.989973][ T5248] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000.
[   59.000807][ T5255] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e02c, mo2=0000]
[   59.031930][ T5255] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.240: lblock 2 mapped to illegal pblock 2 (length 1)
[   59.048918][ T5255] EXT4-fs (loop4): Remounting filesystem read-only
[   59.059596][ T5255] EXT4-fs (loop4): 1 orphan inode deleted
[   59.079000][ T5262] loop3: detected capacity change from 0 to 256
[   59.130295][ T5262] FAT-fs (loop3): Directory bread(block 64) failed
[   59.154356][ T5255] loop4: detected capacity change from 0 to 512
[   59.164922][ T5262] FAT-fs (loop3): Directory bread(block 65) failed
[   59.181946][ T5262] FAT-fs (loop3): Directory bread(block 66) failed
[   59.189358][ T5262] FAT-fs (loop3): Directory bread(block 67) failed
[   59.202538][ T5262] FAT-fs (loop3): Directory bread(block 68) failed
[   59.209589][ T5262] FAT-fs (loop3): Directory bread(block 69) failed
[   59.224099][ T5262] FAT-fs (loop3): Directory bread(block 70) failed
[   59.232818][ T5262] FAT-fs (loop3): Directory bread(block 71) failed
[   59.257489][ T5255] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.240: Failed to acquire dquot type 1
[   59.274180][ T5281] loop0: detected capacity change from 0 to 512
[   59.286757][ T5284] serio: Serial port ttyS3
[   59.292235][ T5262] FAT-fs (loop3): Directory bread(block 72) failed
[   59.299528][ T5262] FAT-fs (loop3): Directory bread(block 73) failed
[   59.299986][ T5281] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.248: corrupted in-inode xattr: invalid ea_ino
[   59.317027][ T5255] EXT4-fs (loop4): 1 truncate cleaned up
[   59.325960][ T5255] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.345304][ T5284] loop1: detected capacity change from 0 to 128
[   59.368655][ T5281] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.248: couldn't read orphan inode 15 (err -117)
[   59.388035][ T5284] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   59.421156][ T5296] loop5: detected capacity change from 0 to 1024
[   59.474254][ T5296] EXT4-fs: Ignoring removed nomblk_io_submit option
[   59.771188][ T5333] lo speed is unknown, defaulting to 1000
[   59.810875][ T5333] lo speed is unknown, defaulting to 1000
[   59.852435][ T5344] netlink: 'syz.4.251': attribute type 10 has an invalid length.
[   59.898734][ T5344] dummy0: entered promiscuous mode
[   59.914617][ T5344] bridge0: port 3(dummy0) entered blocking state
[   59.920323][ T5350] loop5: detected capacity change from 0 to 512
[   59.921756][ T5344] bridge0: port 3(dummy0) entered disabled state
[   59.935140][ T5344] dummy0: entered allmulticast mode
[   59.942082][ T5344] bridge0: port 3(dummy0) entered blocking state
[   59.949105][ T5344] bridge0: port 3(dummy0) entered forwarding state
[   59.958467][ T5350] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   59.990157][ T5350] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.007413][ T5355] loop3: detected capacity change from 0 to 512
[   60.101400][ T5355] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   60.168383][ T5355] EXT4-fs (loop3): 1 truncate cleaned up
[   60.589523][ T5427] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[   60.603372][   T29] kauditd_printk_skb: 235 callbacks suppressed
[   60.603391][   T29] audit: type=1400 audit(2000000015.350:1019): avc:  denied  { ioctl } for  pid=5423 comm="syz.4.261" path="socket:[6962]" dev="sockfs" ino=6962 ioctlcmd=0x54a5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   60.655162][ T5430] netlink: 'syz.4.261': attribute type 21 has an invalid length.
[   60.676337][   T29] audit: type=1400 audit(2000000015.430:1020): avc:  denied  { setopt } for  pid=5385 comm="syz.1.254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   60.762817][ T5436] loop3: detected capacity change from 0 to 1024
[   60.765846][   T29] audit: type=1400 audit(2000000015.510:1021): avc:  denied  { bind } for  pid=5407 comm="syz.5.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[   60.768615][ T5436] EXT4-fs: Ignoring removed nomblk_io_submit option
[   61.043770][ T5450] serio: Serial port ttyS3
[   61.149206][ T5456] loop3: detected capacity change from 0 to 128
[   61.173312][ T5456] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   61.292099][ T5470] loop1: detected capacity change from 0 to 128
[   61.349072][ T5470] ext4 filesystem being mounted at /53/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   61.484953][ T5493] FAULT_INJECTION: forcing a failure.
[   61.484953][ T5493] name failslab, interval 1, probability 0, space 0, times 0
[   61.498597][ T5493] CPU: 1 UID: 0 PID: 5493 Comm: syz.0.270 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   61.498633][ T5493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   61.498649][ T5493] Call Trace:
[   61.498659][ T5493]  <TASK>
[   61.498669][ T5493]  __dump_stack+0x1d/0x30
[   61.498695][ T5493]  dump_stack_lvl+0xe8/0x140
[   61.498716][ T5493]  dump_stack+0x15/0x1b
[   61.498808][ T5493]  should_fail_ex+0x265/0x280
[   61.498851][ T5493]  should_failslab+0x8c/0xb0
[   61.498879][ T5493]  __kvmalloc_node_noprof+0x123/0x4e0
[   61.498935][ T5493]  ? nf_hook_entries_grow+0x1bc/0x450
[   61.499052][ T5493]  nf_hook_entries_grow+0x1bc/0x450
[   61.499101][ T5493]  __nf_register_net_hook+0x18e/0x480
[   61.499172][ T5493]  nf_register_net_hook+0x88/0x130
[   61.499197][ T5493]  nf_register_net_hooks+0x44/0x150
[   61.499224][ T5493]  ip_vs_register_hooks+0x9b/0xe0
[   61.499332][ T5493]  ip_vs_add_service+0x244/0xa70
[   61.499430][ T5493]  ? should_fail_ex+0xdb/0x280
[   61.499479][ T5493]  do_ip_vs_set_ctl+0x6ec/0x8c0
[   61.499574][ T5493]  ? do_ip_setsockopt+0x1af3/0x2240
[   61.499616][ T5493]  nf_setsockopt+0x199/0x1b0
[   61.499648][ T5493]  ip_setsockopt+0x102/0x110
[   61.499685][ T5493]  sctp_setsockopt+0x113/0xe30
[   61.499789][ T5493]  sock_common_setsockopt+0x69/0x80
[   61.499828][ T5493]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   61.499883][ T5493]  __sys_setsockopt+0x184/0x200
[   61.499908][ T5493]  __x64_sys_setsockopt+0x64/0x80
[   61.500004][ T5493]  x64_sys_call+0x2bd5/0x2fb0
[   61.500030][ T5493]  do_syscall_64+0xd2/0x200
[   61.500051][ T5493]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   61.500157][ T5493]  ? clear_bhb_loop+0x40/0x90
[   61.500186][ T5493]  ? clear_bhb_loop+0x40/0x90
[   61.500215][ T5493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.500245][ T5493] RIP: 0033:0x7f39e949e929
[   61.500274][ T5493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.500343][ T5493] RSP: 002b:00007f39e7b07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   61.500369][ T5493] RAX: ffffffffffffffda RBX: 00007f39e96c5fa0 RCX: 00007f39e949e929
[   61.500385][ T5493] RDX: 0000000000000482 RSI: 0000000000000000 RDI: 0000000000000003
[   61.500401][ T5493] RBP: 00007f39e7b07090 R08: 000000000000002c R09: 0000000000000000
[   61.500418][ T5493] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[   61.500474][ T5493] R13: 0000000000000000 R14: 00007f39e96c5fa0 R15: 00007ffcad5d8788
[   61.500496][ T5493]  </TASK>
[   61.784626][ T5498] __nla_validate_parse: 7 callbacks suppressed
[   61.784648][ T5498] netlink: 4 bytes leftover after parsing attributes in process `syz.4.269'.
[   61.977994][ T5535] loop0: detected capacity change from 0 to 256
[   61.999817][ T5491] netlink: 4 bytes leftover after parsing attributes in process `syz.5.271'.
[   62.023389][ T5539] netlink: 'syz.4.273': attribute type 1 has an invalid length.
[   62.084821][ T5542] loop3: detected capacity change from 0 to 1024
[   62.090620][ T5535] FAT-fs (loop0): Directory bread(block 64) failed
[   62.116600][ T5535] FAT-fs (loop0): Directory bread(block 65) failed
[   62.129216][ T5542] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.147723][   T29] audit: type=1326 audit(2000000016.890:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.171865][   T29] audit: type=1326 audit(2000000016.900:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.184427][ T5553] loop5: detected capacity change from 0 to 1024
[   62.196190][   T29] audit: type=1326 audit(2000000016.900:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.196284][   T29] audit: type=1326 audit(2000000016.900:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.196317][   T29] audit: type=1326 audit(2000000016.900:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.205615][ T5535] FAT-fs (loop0): Directory bread(block 66) failed
[   62.283797][ T5551] syz!: rxe_newlink: already configured on team_slave_0
[   62.286053][ T5535] FAT-fs (loop0): Directory bread(block 67) failed
[   62.298789][ T5535] FAT-fs (loop0): Directory bread(block 68) failed
[   62.305684][   T29] audit: type=1326 audit(2000000016.900:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.306727][ T5553] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   62.330953][   T29] audit: type=1326 audit(2000000016.900:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5548 comm="syz.5.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cfe9e929 code=0x7ffc0000
[   62.365289][ T5535] FAT-fs (loop0): Directory bread(block 69) failed
[   62.372451][ T5535] FAT-fs (loop0): Directory bread(block 70) failed
[   62.396660][ T5553] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   62.410578][ T5535] FAT-fs (loop0): Directory bread(block 71) failed
[   62.446520][ T5535] FAT-fs (loop0): Directory bread(block 72) failed
[   62.453230][ T5535] FAT-fs (loop0): Directory bread(block 73) failed
[   62.460605][ T5553] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e02c, mo2=0000]
[   62.471896][ T5553] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 2: comm syz.5.276: lblock 2 mapped to illegal pblock 2 (length 1)
[   62.472298][ T5565] serio: Serial port ttyS3
[   62.500463][ T5553] EXT4-fs (loop5): Remounting filesystem read-only
[   62.531296][ T5553] EXT4-fs (loop5): 1 orphan inode deleted
[   62.568132][ T5576] FAULT_INJECTION: forcing a failure.
[   62.568132][ T5576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   62.582865][ T5576] CPU: 1 UID: 0 PID: 5576 Comm: syz.3.281 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   62.582901][ T5576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   62.582917][ T5576] Call Trace:
[   62.582926][ T5576]  <TASK>
[   62.582936][ T5576]  __dump_stack+0x1d/0x30
[   62.582997][ T5576]  dump_stack_lvl+0xe8/0x140
[   62.583023][ T5576]  dump_stack+0x15/0x1b
[   62.583045][ T5576]  should_fail_ex+0x265/0x280
[   62.583170][ T5576]  should_fail+0xb/0x20
[   62.583213][ T5576]  should_fail_usercopy+0x1a/0x20
[   62.583302][ T5576]  strncpy_from_user+0x25/0x230
[   62.583341][ T5576]  ? kmem_cache_alloc_noprof+0x28f/0x310
[   62.583377][ T5576]  ? getname_flags+0x80/0x3b0
[   62.583412][ T5576]  getname_flags+0xae/0x3b0
[   62.583446][ T5576]  do_sys_openat2+0x60/0x110
[   62.583572][ T5576]  __x64_sys_openat+0xf2/0x120
[   62.583603][ T5576]  x64_sys_call+0x1af/0x2fb0
[   62.583683][ T5576]  do_syscall_64+0xd2/0x200
[   62.583712][ T5576]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   62.583784][ T5576]  ? clear_bhb_loop+0x40/0x90
[   62.583816][ T5576]  ? clear_bhb_loop+0x40/0x90
[   62.583846][ T5576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.583875][ T5576] RIP: 0033:0x7f89690fd290
[   62.583977][ T5576] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[   62.584002][ T5576] RSP: 002b:00007f8967766f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[   62.584027][ T5576] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f89690fd290
[   62.584044][ T5576] RDX: 0000000000000002 RSI: 00007f8967766fa0 RDI: 00000000ffffff9c
[   62.584060][ T5576] RBP: 00007f8967766fa0 R08: 0000000000000000 R09: 0000000000000000
[   62.584130][ T5576] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   62.584176][ T5576] R13: 0000000000000000 R14: 00007f8969325fa0 R15: 00007ffd750fe4f8
[   62.584202][ T5576]  </TASK>
[   62.821041][ T5565] loop1: detected capacity change from 0 to 128
[   62.861114][ T5565] ext4 filesystem being mounted at /55/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   62.929786][ T5578] 8021q: adding VLAN 0 to HW filter on device bond1
[   62.946856][ T5593] xt_hashlimit: max too large, truncated to 1048576
[   62.972864][ T5593] Cannot find set identified by id 0 to match
[   63.001733][ T5599] loop5: detected capacity change from 0 to 512
[   63.040111][ T5598] netlink: 4 bytes leftover after parsing attributes in process `syz.4.284'.
[   63.051102][ T5593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.283'.
[   63.091251][ T5599] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.276: Failed to acquire dquot type 1
[   63.105697][ T5611] netlink: 'syz.0.285': attribute type 39 has an invalid length.
[   63.111706][ T5599] EXT4-fs (loop5): 1 truncate cleaned up
[   63.136613][ T5599] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.263644][ T5658] netlink: 4 bytes leftover after parsing attributes in process `syz.4.287'.
[   63.401682][ T5668] loop3: detected capacity change from 0 to 512
[   63.432817][ T5668] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   63.488430][ T5668] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.568577][ T5689] netlink: 'syz.4.293': attribute type 13 has an invalid length.
[   63.582181][ T5694] ip6gre1: entered allmulticast mode
[   63.731563][ T5706] Cannot find add_set index 0 as target
[   63.736175][ T5707] loop5: detected capacity change from 0 to 1764
[   63.772130][ T5710] xt_hashlimit: max too large, truncated to 1048576
[   63.800584][ T5710] Cannot find set identified by id 0 to match
[   63.811303][ T5722] iso9660: Corrupted directory entry in block 2 of inode 1920
[   63.815218][ T5689] bridge0: port 3(dummy0) entered disabled state
[   63.827700][ T5689] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.836133][ T5689] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.909148][ T5729] loop3: detected capacity change from 0 to 2048
[   63.985083][ T5689] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.017867][ T5689] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.026980][ T5743] loop5: detected capacity change from 0 to 128
[   64.047944][ T5743] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   64.068974][ T5689] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.078481][ T5689] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.088222][ T5689] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.098309][ T5689] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.116587][ T1037] lo speed is unknown, defaulting to 1000
[   64.123380][ T1037] syz0: Port: 1 Link DOWN
[   64.139928][ T5723] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[   64.185531][ T5756] loop0: detected capacity change from 0 to 512
[   64.193765][ T5756] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   64.319137][ T5756] EXT4-fs (loop0): 1 truncate cleaned up
[   64.492600][ T5787] lo speed is unknown, defaulting to 1000
[   64.555137][ T5756] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[   64.683674][ T5787] lo speed is unknown, defaulting to 1000
[   64.932555][ T5851] ip6gre1: entered allmulticast mode
[   65.059151][ T5867] SELinux:  Context system_u:object_r:net_conf_t:s0 is not valid (left unmapped).
[   65.129431][ T5866] netlink: 4 bytes leftover after parsing attributes in process `syz.5.309'.
[   65.184627][ T5876] sch_tbf: burst 3092 is lower than device lo mtu (65550) !
[   65.254522][ T5881] loop5: detected capacity change from 0 to 512
[   65.281373][ T5881] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   65.313964][ T5887] xt_hashlimit: max too large, truncated to 1048576
[   65.322360][ T5887] Cannot find set identified by id 0 to match
[   65.331597][ T5881] EXT4-fs (loop5): 1 truncate cleaned up
[   65.483330][ T5894] netlink: 'syz.4.315': attribute type 13 has an invalid length.
[   65.526952][ T5903] syzkaller0: entered promiscuous mode
[   65.532762][ T5903] syzkaller0: entered allmulticast mode
[   65.575919][ T5910] netlink: 4 bytes leftover after parsing attributes in process `syz.4.318'.
[   65.606604][   T29] kauditd_printk_skb: 271 callbacks suppressed
[   65.606623][   T29] audit: type=1400 audit(2000000020.350:1296): avc:  denied  { create } for  pid=5909 comm="syz.4.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   65.622359][ T5914] netlink: 4 bytes leftover after parsing attributes in process `syz.5.319'.
[   65.670766][   T29] audit: type=1400 audit(2000000020.410:1297): avc:  denied  { write } for  pid=5911 comm="syz.1.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   65.765987][   T29] audit: type=1400 audit(2000000020.510:1298): avc:  denied  { create } for  pid=5911 comm="syz.1.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   66.167152][   T29] audit: type=1400 audit(2000000020.920:1299): avc:  denied  { create } for  pid=5923 comm="syz.0.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   66.169685][   T29] audit: type=1400 audit(2000000020.920:1300): avc:  denied  { write } for  pid=5923 comm="syz.0.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   66.224506][ T5931] serio: Serial port ttyS3
[   66.225542][ T5928] loop3: detected capacity change from 0 to 256
[   66.233951][ T5928] FAT-fs (loop3): Directory bread(block 64) failed
[   66.233984][ T5928] FAT-fs (loop3): Directory bread(block 65) failed
[   66.234015][ T5928] FAT-fs (loop3): Directory bread(block 66) failed
[   66.234045][ T5928] FAT-fs (loop3): Directory bread(block 67) failed
[   66.234067][ T5928] FAT-fs (loop3): Directory bread(block 68) failed
[   66.234085][ T5928] FAT-fs (loop3): Directory bread(block 69) failed
[   66.234106][ T5928] FAT-fs (loop3): Directory bread(block 70) failed
[   66.234150][ T5928] FAT-fs (loop3): Directory bread(block 71) failed
[   66.234181][ T5928] FAT-fs (loop3): Directory bread(block 72) failed
[   66.234203][ T5928] FAT-fs (loop3): Directory bread(block 73) failed
[   66.238435][   T29] audit: type=1400 audit(2000000020.990:1301): avc:  denied  { mount } for  pid=5919 comm="syz.3.321" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   66.284612][ T5931] loop0: detected capacity change from 0 to 128
[   66.331301][ T5931] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   66.333118][   T29] audit: type=1400 audit(2000000021.080:1302): avc:  denied  { create } for  pid=5923 comm="syz.0.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   66.333473][   T29] audit: type=1400 audit(2000000021.080:1303): avc:  denied  { ioctl } for  pid=5923 comm="syz.0.323" path="socket:[8348]" dev="sockfs" ino=8348 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   66.581190][ T5947] loop4: detected capacity change from 0 to 512
[   66.582177][ T5947] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   66.592098][ T5947] EXT4-fs (loop4): 1 truncate cleaned up
[   66.607427][   T29] audit: type=1400 audit(2000000021.360:1304): avc:  denied  { unmount } for  pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   66.674154][ T5953] loop3: detected capacity change from 0 to 512
[   66.685423][ T5953] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   66.691727][ T5953] EXT4-fs (loop3): 1 truncate cleaned up
[   66.882435][   T29] audit: type=1326 audit(2000000021.630:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5952 comm="syz.3.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89690fe929 code=0x7ffc0000
[   66.910071][ T5962] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[   66.973825][ T5969] serio: Serial port ttyS3
[   67.038173][ T5959] loop5: detected capacity change from 0 to 128
[   67.118310][ T5959] ext4 filesystem being mounted at /36/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   67.182424][ T5972] netlink: 'syz.3.328': attribute type 13 has an invalid length.
[   67.211062][ T6005] netlink: 16 bytes leftover after parsing attributes in process `syz.4.329'.
[   67.221251][ T6005] netlink: 16 bytes leftover after parsing attributes in process `syz.4.329'.
[   67.336981][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.345127][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.426078][ T5972] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   67.446746][ T5972] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.462739][ T6011] FAULT_INJECTION: forcing a failure.
[   67.462739][ T6011] name failslab, interval 1, probability 0, space 0, times 0
[   67.476374][ T6011] CPU: 0 UID: 0 PID: 6011 Comm: syz.0.330 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   67.476404][ T6011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   67.476416][ T6011] Call Trace:
[   67.476423][ T6011]  <TASK>
[   67.476431][ T6011]  __dump_stack+0x1d/0x30
[   67.476452][ T6011]  dump_stack_lvl+0xe8/0x140
[   67.476473][ T6011]  dump_stack+0x15/0x1b
[   67.476495][ T6011]  should_fail_ex+0x265/0x280
[   67.476537][ T6011]  should_failslab+0x8c/0xb0
[   67.476567][ T6011]  kmem_cache_alloc_noprof+0x50/0x310
[   67.476615][ T6011]  ? mpol_set_shared_policy+0x3d7/0x860
[   67.476661][ T6011]  mpol_set_shared_policy+0x3d7/0x860
[   67.476704][ T6011]  shmem_set_policy+0x3d/0x50
[   67.476747][ T6011]  mbind_range+0x23a/0x440
[   67.476775][ T6011]  ? mas_find+0x4ea/0x610
[   67.476802][ T6011]  __se_sys_mbind+0x648/0xac0
[   67.476837][ T6011]  __x64_sys_mbind+0x78/0x90
[   67.476864][ T6011]  x64_sys_call+0x14af/0x2fb0
[   67.476887][ T6011]  do_syscall_64+0xd2/0x200
[   67.476924][ T6011]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   67.476950][ T6011]  ? clear_bhb_loop+0x40/0x90
[   67.476971][ T6011]  ? clear_bhb_loop+0x40/0x90
[   67.476999][ T6011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.477025][ T6011] RIP: 0033:0x7f39e949e929
[   67.477044][ T6011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.477067][ T6011] RSP: 002b:00007f39e7b07038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[   67.477090][ T6011] RAX: ffffffffffffffda RBX: 00007f39e96c5fa0 RCX: 00007f39e949e929
[   67.477104][ T6011] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000001000
[   67.477116][ T6011] RBP: 00007f39e7b07090 R08: 000000000000000a R09: 0000000000000002
[   67.477127][ T6011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.477138][ T6011] R13: 0000000000000000 R14: 00007f39e96c5fa0 R15: 00007ffcad5d8788
[   67.477157][ T6011]  </TASK>
[   67.713592][ T5972] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.717515][ T6038] loop4: detected capacity change from 0 to 128
[   67.723313][ T5972] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.741194][ T5972] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.751547][ T5972] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.783195][ T6038] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   67.816486][ T6044] netlink: 'syz.0.335': attribute type 39 has an invalid length.
[   67.842265][   T10] lo speed is unknown, defaulting to 1000
[   67.846740][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.334'.
[   67.849236][   T10] syz2: Port: 1 Link DOWN
[   67.956599][ T6058] netlink: 'syz.3.337': attribute type 10 has an invalid length.
[   67.965477][ T6058] netlink: 40 bytes leftover after parsing attributes in process `syz.3.337'.
[   67.996530][ T6058] dummy0: entered promiscuous mode
[   68.002831][ T6058] bridge0: port 3(dummy0) entered blocking state
[   68.009715][ T6058] bridge0: port 3(dummy0) entered disabled state
[   68.026686][ T6058] dummy0: entered allmulticast mode
[   68.146849][ T6098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.338'.
[   68.158071][ T6030] serio: Serial port ttyS3
[   68.461284][ T6130] ip6gre1: entered allmulticast mode
[   68.480034][ T6129] loop5: detected capacity change from 0 to 512
[   68.499103][ T6134] xt_hashlimit: max too large, truncated to 1048576
[   68.517894][ T6129] ext4: Unknown parameter 'nouser_xattr'
[   68.640429][ T6154] ip6gre2: entered allmulticast mode
[   68.770387][ T6162] serio: Serial port ttyS3
[   68.830012][ T6162] loop5: detected capacity change from 0 to 128
[   68.867622][ T6171] ip6gre3: entered allmulticast mode
[   68.879268][ T6162] ext4 filesystem being mounted at /38/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   68.997094][ T6183] netlink: 16 bytes leftover after parsing attributes in process `syz.4.350'.
[   69.039695][ T6187] loop4: detected capacity change from 0 to 512
[   69.051083][ T6187] ext4: Unknown parameter 'subj_type'
[   69.091068][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.351'.
[   69.105350][ T6134] Cannot find set identified by id 0 to match
[   69.180315][ T6200] loop0: detected capacity change from 0 to 512
[   69.206337][ T6200] ext4: Unknown parameter 'nouser_xattr'
[   69.233078][ T6207] ip6gre1: entered allmulticast mode
[   69.260109][ T6210] netlink: 100 bytes leftover after parsing attributes in process `syz.3.356'.
[   69.313989][ T6218] FAULT_INJECTION: forcing a failure.
[   69.313989][ T6218] name failslab, interval 1, probability 0, space 0, times 0
[   69.328158][ T6218] CPU: 1 UID: 0 PID: 6218 Comm: syz.0.358 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   69.328204][ T6218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   69.328218][ T6218] Call Trace:
[   69.328224][ T6218]  <TASK>
[   69.328231][ T6218]  __dump_stack+0x1d/0x30
[   69.328253][ T6218]  dump_stack_lvl+0xe8/0x140
[   69.328278][ T6218]  dump_stack+0x15/0x1b
[   69.328343][ T6218]  should_fail_ex+0x265/0x280
[   69.328382][ T6218]  should_failslab+0x8c/0xb0
[   69.328406][ T6218]  kmem_cache_alloc_noprof+0x50/0x310
[   69.328436][ T6218]  ? getname_flags+0x80/0x3b0
[   69.328544][ T6218]  getname_flags+0x80/0x3b0
[   69.328695][ T6218]  user_path_at+0x28/0x130
[   69.328859][ T6218]  __se_sys_mount+0x25b/0x2e0
[   69.328944][ T6218]  ? fput+0x8f/0xc0
[   69.329053][ T6218]  __x64_sys_mount+0x67/0x80
[   69.329091][ T6218]  x64_sys_call+0xd36/0x2fb0
[   69.329117][ T6218]  do_syscall_64+0xd2/0x200
[   69.329138][ T6218]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   69.329173][ T6218]  ? clear_bhb_loop+0x40/0x90
[   69.329197][ T6218]  ? clear_bhb_loop+0x40/0x90
[   69.329226][ T6218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.329275][ T6218] RIP: 0033:0x7f39e949e929
[   69.329290][ T6218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.329309][ T6218] RSP: 002b:00007f39e7b07038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   69.329402][ T6218] RAX: ffffffffffffffda RBX: 00007f39e96c5fa0 RCX: 00007f39e949e929
[   69.329417][ T6218] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[   69.329447][ T6218] RBP: 00007f39e7b07090 R08: 0000200000000340 R09: 0000000000000000
[   69.329461][ T6218] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[   69.329477][ T6218] R13: 0000000000000000 R14: 00007f39e96c5fa0 R15: 00007ffcad5d8788
[   69.329499][ T6218]  </TASK>
[   69.333169][ T6217] vti0: entered promiscuous mode
[   69.550738][ T6217] vti0: entered allmulticast mode
[   69.561065][ T6222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.359'.
[   69.638751][ T6222] hsr_slave_0: left promiscuous mode
[   69.679408][ T6222] hsr_slave_1: left promiscuous mode
[   69.679692][ T4227] EXT4-fs unmount: 64 callbacks suppressed
[   69.679715][ T4227] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   69.822440][ T6253] loop5: detected capacity change from 0 to 512
[   69.832461][ T6253] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   69.851668][ T6253] EXT4-fs (loop5): 1 truncate cleaned up
[   69.862579][ T6253] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.913841][ T6263] veth1_to_bond: entered allmulticast mode
[   69.915007][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.1.363'.
[   69.933491][ T6268] xt_hashlimit: max too large, truncated to 1048576
[   69.953435][ T6268] Cannot find set identified by id 0 to match
[   70.016502][ T6276] ip6gre2: entered allmulticast mode
[   70.133539][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.208917][ T6283] lo speed is unknown, defaulting to 1000
[   70.248317][ T6283] lo speed is unknown, defaulting to 1000
[   70.460929][ T6288] serio: Serial port ttyS3
[   70.507730][ T6291] netlink: 'syz.4.372': attribute type 13 has an invalid length.
[   70.526219][ T6288] loop1: detected capacity change from 0 to 128
[   70.557314][ T6288] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.578306][ T6288] ext4 filesystem being mounted at /76/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   70.632584][   T29] kauditd_printk_skb: 95 callbacks suppressed
[   70.632602][   T29] audit: type=1400 audit(2000000025.380:1401): avc:  denied  { read } for  pid=6299 comm="syz.4.373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   70.679028][   T29] audit: type=1400 audit(2000000025.430:1402): avc:  denied  { create } for  pid=6306 comm="syz.5.375" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=unix_dgram_socket permissive=1
[   70.704008][   T29] audit: type=1400 audit(2000000025.450:1403): avc:  denied  { read } for  pid=6306 comm="syz.5.375" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=unix_dgram_socket permissive=1
[   70.734023][   T29] audit: type=1326 audit(2000000025.480:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   70.793109][ T6259] veth1_to_bond: left allmulticast mode
[   70.799185][   T29] audit: type=1326 audit(2000000025.540:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   70.823727][   T29] audit: type=1326 audit(2000000025.540:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   70.848297][   T29] audit: type=1326 audit(2000000025.540:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   70.872528][   T29] audit: type=1326 audit(2000000025.540:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   70.897621][   T29] audit: type=1326 audit(2000000025.540:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   70.921950][   T29] audit: type=1326 audit(2000000025.540:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6259 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39e949e929 code=0x7ffc0000
[   71.060816][ T6332] xt_hashlimit: max too large, truncated to 1048576
[   71.069006][ T6332] Cannot find set identified by id 0 to match
[   71.209403][ T6353] netlink: 'syz.0.383': attribute type 13 has an invalid length.
[   71.316218][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   71.402170][ T6382] loop5: detected capacity change from 0 to 2048
[   71.413703][ T6384] loop1: detected capacity change from 0 to 512
[   71.416013][ T6353] bridge0: port 3(dummy0) entered disabled state
[   71.422131][ T6384] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   71.427646][ T6353] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.441201][ T6384] EXT4-fs (loop1): 1 truncate cleaned up
[   71.445627][ T6353] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.452121][ T6384] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.532173][ T6382] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.610310][ T6389] loop4: detected capacity change from 0 to 512
[   71.640928][ T6353] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.667234][ T6389] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   71.674044][ T6353] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   71.739088][ T6389] EXT4-fs (loop4): 1 truncate cleaned up
[   71.753648][ T6353] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.756164][ T6389] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.763870][ T6353] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.786395][ T6353] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.795470][ T6353] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.931403][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.964111][ T6398] loop0: detected capacity change from 0 to 1024
[   72.005791][ T6398] EXT4-fs: Ignoring removed nomblk_io_submit option
[   72.104697][ T6402] lo speed is unknown, defaulting to 1000
[   72.159171][ T6398] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.180427][ T6407] loop3: detected capacity change from 0 to 512
[   72.233578][ T6402] lo speed is unknown, defaulting to 1000
[   72.253812][ T6408] lo speed is unknown, defaulting to 1000
[   72.297143][ T6408] lo speed is unknown, defaulting to 1000
[   72.382324][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.407199][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.431664][ T6407] EXT4-fs (loop3): 1 orphan inode deleted
[   72.441515][ T6096] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:22: Failed to release dquot type 1
[   72.466353][ T6407] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.517866][ T6407] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.589744][ T6417] xt_hashlimit: max too large, truncated to 1048576
[   72.605411][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.623006][ T6417] Cannot find set identified by id 0 to match
[   72.635963][ T6415] __nla_validate_parse: 7 callbacks suppressed
[   72.635983][ T6415] netlink: 16 bytes leftover after parsing attributes in process `syz.5.391'.
[   72.654185][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.699977][ T6423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.393'.
[   72.709652][ T6423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.393'.
[   72.736057][ T6423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.393'.
[   72.810008][ T6438] serio: Serial port ttyS3
[   72.823166][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'.
[   72.832581][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'.
[   72.907393][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'.
[   72.922502][ T6440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.395'.
[   72.932088][ T6438] loop1: detected capacity change from 0 to 128
[   72.966691][ T6438] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.037372][ T6438] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   73.050557][ T6443] loop4: detected capacity change from 0 to 512
[   73.135961][ T6443] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   73.154111][ T6463] loop5: detected capacity change from 0 to 512
[   73.169342][ T6467] loop0: detected capacity change from 0 to 512
[   73.178800][ T6443] EXT4-fs (loop4): 1 truncate cleaned up
[   73.185774][ T6463] ext4: Unknown parameter 'nouser_xattr'
[   73.217642][ T6443] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.234085][ T6467] FAULT_INJECTION: forcing a failure.
[   73.234085][ T6467] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.247949][ T6467] CPU: 0 UID: 0 PID: 6467 Comm: syz.0.401 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   73.248010][ T6467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.248026][ T6467] Call Trace:
[   73.248033][ T6467]  <TASK>
[   73.248042][ T6467]  __dump_stack+0x1d/0x30
[   73.248067][ T6467]  dump_stack_lvl+0xe8/0x140
[   73.248151][ T6467]  dump_stack+0x15/0x1b
[   73.248170][ T6467]  should_fail_ex+0x265/0x280
[   73.248211][ T6467]  should_fail+0xb/0x20
[   73.248291][ T6467]  should_fail_usercopy+0x1a/0x20
[   73.248313][ T6467]  _copy_to_iter+0x24b/0xe30
[   73.248335][ T6467]  ? traverse+0x36f/0x3a0
[   73.248395][ T6467]  seq_read_iter+0x1d0/0x940
[   73.248430][ T6467]  ? _parse_integer_limit+0x170/0x190
[   73.248469][ T6467]  seq_read+0x1f7/0x240
[   73.248509][ T6467]  ? __pfx_seq_read+0x10/0x10
[   73.248579][ T6467]  proc_reg_read+0x125/0x1c0
[   73.248610][ T6467]  ? __pfx_proc_reg_read+0x10/0x10
[   73.248642][ T6467]  vfs_readv+0x3f8/0x690
[   73.248680][ T6467]  __x64_sys_preadv+0xfd/0x1c0
[   73.248710][ T6467]  x64_sys_call+0x1503/0x2fb0
[   73.248733][ T6467]  do_syscall_64+0xd2/0x200
[   73.248757][ T6467]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.248852][ T6467]  ? clear_bhb_loop+0x40/0x90
[   73.248895][ T6467]  ? clear_bhb_loop+0x40/0x90
[   73.248923][ T6467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.249011][ T6467] RIP: 0033:0x7f39e949e929
[   73.249030][ T6467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.249052][ T6467] RSP: 002b:00007f39e7ae6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   73.249074][ T6467] RAX: ffffffffffffffda RBX: 00007f39e96c6080 RCX: 00007f39e949e929
[   73.249086][ T6467] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000009
[   73.249097][ T6467] RBP: 00007f39e7ae6090 R08: 0000000000000000 R09: 0000000000000000
[   73.249156][ T6467] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[   73.249172][ T6467] R13: 0000000000000000 R14: 00007f39e96c6080 R15: 00007ffcad5d8788
[   73.249195][ T6467]  </TASK>
[   73.494548][ T6480] loop5: detected capacity change from 0 to 512
[   73.501735][ T6482] xt_hashlimit: max too large, truncated to 1048576
[   73.511770][ T6482] Cannot find set identified by id 0 to match
[   73.519660][ T6480] ext4: Unknown parameter 'subj_type'
[   73.662989][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.683448][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.703831][ T6513] loop3: detected capacity change from 0 to 512
[   73.801637][ T6527] serio: Serial port ttyS3
[   73.854687][ T6532] loop4: detected capacity change from 0 to 512
[   73.861922][ T6532] ext4: Unknown parameter 'subj_type'
[   73.862060][ T6527] loop1: detected capacity change from 0 to 128
[   73.909665][ T6527] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.953754][ T6527] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   74.002884][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.410'.
[   74.073934][ T6552] loop0: detected capacity change from 0 to 1024
[   74.083262][ T6552] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   74.095559][ T6552] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   74.113494][ T6552] JBD2: no valid journal superblock found
[   74.119408][ T6552] EXT4-fs (loop0): Could not load journal inode
[   74.142624][ T6552] netlink: 52 bytes leftover after parsing attributes in process `syz.0.411'.
[   74.184132][ T6552] vlan2: entered allmulticast mode
[   74.189438][ T6552] bond1: entered allmulticast mode
[   74.452375][ T6587] xt_hashlimit: max too large, truncated to 1048576
[   74.461731][ T6587] Cannot find set identified by id 0 to match
[   74.562462][ T6599] ip6gre2: entered allmulticast mode
[   74.798039][ T6623] lo speed is unknown, defaulting to 1000
[   74.814906][ T6630] netlink: 'syz.5.422': attribute type 13 has an invalid length.
[   74.840045][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   74.911837][ T6634] loop1: detected capacity change from 0 to 512
[   74.919231][ T6634] ext4: Unknown parameter 'subj_type'
[   74.945925][ T6630] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.953755][ T6630] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.006689][ T6630] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.016973][ T6630] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.052283][ T6630] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.062156][ T6630] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.072180][ T6630] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.081749][ T6630] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.100059][ T6623] lo speed is unknown, defaulting to 1000
[   75.358052][ T6643] loop9: detected capacity change from 0 to 7
[   75.379972][ T6643] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.409534][ T6643] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.417716][ T6643]  loop9: unable to read partition table
[   75.427982][ T6650] xt_hashlimit: max too large, truncated to 1048576
[   75.444035][ T6643] loop_reread_partitions: partition scan of loop9 (�被������ڬ��dƤ����ݡ�����
[   75.444035][ T6643] 
U�������) failed (rc=-5)
[   75.458654][ T6650] Cannot find set identified by id 0 to match
[   75.467775][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.476700][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.491637][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.506514][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.536476][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.553914][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.578219][ T6655] ip6gre2: entered allmulticast mode
[   75.587751][ T6656] siw: device registration error -23
[   75.597375][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.624302][ T3298] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.694215][ T6659] Illegal XDP return value 4294967274 on prog  (id 328) dev N/A, expect packet loss!
[   75.723434][ T6665] serio: Serial port ttyS3
[   75.878631][ T6665] loop5: detected capacity change from 0 to 128
[   75.895432][ T6670] lo speed is unknown, defaulting to 1000
[   75.935741][ T6670] lo speed is unknown, defaulting to 1000
[   75.952785][ T6665] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   75.996810][ T6665] ext4 filesystem being mounted at /58/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   76.210269][ T6709] ip6gre3: entered allmulticast mode
[   76.256191][ T6714] loop3: detected capacity change from 0 to 1024
[   76.267561][ T6714] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   76.279140][ T6714] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   76.312305][ T6718] serio: Serial port ttyS3
[   76.323027][ T6714] JBD2: no valid journal superblock found
[   76.329216][ T6714] EXT4-fs (loop3): Could not load journal inode
[   76.369867][ T6718] loop4: detected capacity change from 0 to 128
[   76.387862][ T6718] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   76.428704][ T6718] ext4 filesystem being mounted at /82/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   76.475659][ T6714] vlan0: entered allmulticast mode
[   76.481195][ T6714] bond1: entered allmulticast mode
[   76.580818][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   76.591354][ T4227] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   76.658960][ T6761] loop5: detected capacity change from 0 to 512
[   76.708810][ T6761] ext4: Unknown parameter 'subj_type'
[   76.815571][   T29] kauditd_printk_skb: 155 callbacks suppressed
[   76.815588][   T29] audit: type=1400 audit(2000000031.560:1565): avc:  denied  { load_policy } for  pid=6775 comm="syz.3.450" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   76.846080][ T6776] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[   76.867364][ T6776] SELinux: failed to load policy
[   77.013330][ T6790] ip6gre4: entered allmulticast mode
[   77.033133][ T6793] ip6gre2: entered allmulticast mode
[   77.106444][ T6801] serio: Serial port ttyS3
[   77.174134][ T6801] loop3: detected capacity change from 0 to 128
[   77.215719][ T6801] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   77.233951][ T6823] serio: Serial port ttyS3
[   77.234099][ T6801] ext4 filesystem being mounted at /104/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   77.290525][ T6827] syzkaller0: entered promiscuous mode
[   77.296384][ T6827] syzkaller0: entered allmulticast mode
[   77.382096][ T6842] loop0: detected capacity change from 0 to 1024
[   77.392660][ T6842] EXT4-fs: Ignoring removed nomblk_io_submit option
[   77.418355][ T6842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.525000][ T6861] loop5: detected capacity change from 0 to 512
[   77.533922][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.539392][ T6861] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   77.564830][ T6861] EXT4-fs (loop5): 1 truncate cleaned up
[   77.571417][ T6861] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.626868][ T6868] ip6gre3: entered allmulticast mode
[   77.682359][   T29] audit: type=1400 audit(2000000032.430:1566): avc:  denied  { create } for  pid=6873 comm="syz.0.469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   77.709517][ T6875] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.746699][   T29] audit: type=1400 audit(2000000032.460:1567): avc:  denied  { accept } for  pid=6873 comm="syz.0.469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   77.773412][ T6861] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000.
[   77.819701][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.850759][ T6890] siw: device registration error -23
[   77.857584][ T6890] __nla_validate_parse: 15 callbacks suppressed
[   77.857697][ T6890] netlink: 16 bytes leftover after parsing attributes in process `syz.5.471'.
[   77.873263][ T6890] netlink: 16 bytes leftover after parsing attributes in process `syz.5.471'.
[   77.979741][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   78.008859][ T6912] loop4: detected capacity change from 0 to 1024
[   78.043054][ T6912] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.088035][ T6922] netlink: 4 bytes leftover after parsing attributes in process `syz.5.474'.
[   78.138654][   T29] audit: type=1400 audit(2000000032.880:1568): avc:  denied  { read write } for  pid=6911 comm="syz.4.472" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   78.161508][   T29] audit: type=1400 audit(2000000032.880:1569): avc:  denied  { open } for  pid=6911 comm="syz.4.472" path="/89/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   78.195189][ T6925] netlink: 16 bytes leftover after parsing attributes in process `syz.1.476'.
[   78.214593][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.237871][ T6928] loop5: detected capacity change from 0 to 512
[   78.244814][ T6928] ext4: Unknown parameter 'subj_type'
[   78.270198][   T29] audit: type=1326 audit(2000000032.960:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6924 comm="syz.1.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   78.293704][   T29] audit: type=1326 audit(2000000032.960:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6924 comm="syz.1.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   78.317097][   T29] audit: type=1326 audit(2000000032.960:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6924 comm="syz.1.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31348ce929 code=0x7ffc0000
[   78.384271][   T29] audit: type=1400 audit(2000000033.090:1573): avc:  denied  { create } for  pid=6929 comm="syz.1.479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[   78.404916][   T29] audit: type=1400 audit(2000000033.110:1574): avc:  denied  { read } for  pid=6880 comm="syz.0.470" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[   78.642402][ T6949] serio: Serial port ttyS3
[   78.697343][ T6949] loop4: detected capacity change from 0 to 128
[   78.731162][ T6949] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   78.758567][ T6961] FAULT_INJECTION: forcing a failure.
[   78.758567][ T6961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.766215][ T6949] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   78.772064][ T6961] CPU: 1 UID: 0 PID: 6961 Comm: syz.0.483 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   78.772105][ T6961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.772138][ T6961] Call Trace:
[   78.772150][ T6961]  <TASK>
[   78.772161][ T6961]  __dump_stack+0x1d/0x30
[   78.772191][ T6961]  dump_stack_lvl+0xe8/0x140
[   78.772224][ T6961]  dump_stack+0x15/0x1b
[   78.772248][ T6961]  should_fail_ex+0x265/0x280
[   78.772296][ T6961]  should_fail+0xb/0x20
[   78.772370][ T6961]  should_fail_usercopy+0x1a/0x20
[   78.772502][ T6961]  _copy_to_user+0x20/0xa0
[   78.772537][ T6961]  simple_read_from_buffer+0xb5/0x130
[   78.772602][ T6961]  proc_fail_nth_read+0x100/0x140
[   78.772643][ T6961]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   78.772673][ T6961]  vfs_read+0x19d/0x6f0
[   78.772698][ T6961]  ? __rcu_read_unlock+0x4f/0x70
[   78.772798][ T6961]  ? __fget_files+0x184/0x1c0
[   78.772833][ T6961]  ksys_read+0xda/0x1a0
[   78.772861][ T6961]  __x64_sys_read+0x40/0x50
[   78.772887][ T6961]  x64_sys_call+0x2d77/0x2fb0
[   78.772990][ T6961]  do_syscall_64+0xd2/0x200
[   78.773022][ T6961]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   78.773057][ T6961]  ? clear_bhb_loop+0x40/0x90
[   78.773089][ T6961]  ? clear_bhb_loop+0x40/0x90
[   78.773135][ T6961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.773204][ T6961] RIP: 0033:0x7f39e949d33c
[   78.773225][ T6961] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   78.773312][ T6961] RSP: 002b:00007f39e7b07030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   78.773338][ T6961] RAX: ffffffffffffffda RBX: 00007f39e96c5fa0 RCX: 00007f39e949d33c
[   78.773356][ T6961] RDX: 000000000000000f RSI: 00007f39e7b070a0 RDI: 0000000000000005
[   78.773375][ T6961] RBP: 00007f39e7b07090 R08: 0000000000000000 R09: 0000000000000000
[   78.773401][ T6961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.773418][ T6961] R13: 0000000000000000 R14: 00007f39e96c5fa0 R15: 00007ffcad5d8788
[   78.773443][ T6961]  </TASK>
[   79.018312][ T6976] siw: device registration error -23
[   79.025206][ T6976] netlink: 16 bytes leftover after parsing attributes in process `syz.0.484'.
[   79.034199][ T6976] netlink: 16 bytes leftover after parsing attributes in process `syz.0.484'.
[   79.119960][ T6981] syzkaller0: entered promiscuous mode
[   79.125586][ T6981] syzkaller0: entered allmulticast mode
[   79.212748][ T7000] netlink: 16 bytes leftover after parsing attributes in process `syz.3.489'.
[   79.247981][ T6998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.488'.
[   79.321129][ T7012] netlink: 'syz.3.491': attribute type 13 has an invalid length.
[   79.350381][ T7012] Cannot find add_set index 0 as target
[   79.452254][ T7035] loop3: detected capacity change from 0 to 512
[   79.459156][ T7024] serio: Serial port ttyS3
[   79.509802][ T7035] ext4: Unknown parameter 'subj_type'
[   79.523674][ T7024] loop0: detected capacity change from 0 to 128
[   79.573291][ T7058] loop5: detected capacity change from 0 to 1024
[   79.576667][ T7057] siw: device registration error -23
[   79.586656][ T7024] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   79.592967][ T7058] EXT4-fs: Ignoring removed nomblk_io_submit option
[   79.606789][ T7057] netlink: 16 bytes leftover after parsing attributes in process `syz.1.497'.
[   79.615831][ T7057] netlink: 16 bytes leftover after parsing attributes in process `syz.1.497'.
[   79.629052][ T7024] ext4 filesystem being mounted at /97/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   79.683581][ T7058] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.799707][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.293781][ T7143] loop5: detected capacity change from 0 to 1024
[   80.296776][ T7143] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   80.296823][ T7143] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   80.298237][ T7143] JBD2: no valid journal superblock found
[   80.298247][ T7143] EXT4-fs (loop5): Could not load journal inode
[   80.428145][ T7162] loop3: detected capacity change from 0 to 1024
[   80.459422][ T7162] EXT4-fs: Ignoring removed nomblk_io_submit option
[   80.497253][ T7162] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.626048][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.818568][ T7212] loop5: detected capacity change from 0 to 1024
[   80.831285][ T7212] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   80.842283][ T7212] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   80.853438][ T7213] siw: device registration error -23
[   80.881173][ T7222] serio: Serial port ttyS3
[   80.888185][ T7212] JBD2: no valid journal superblock found
[   80.894066][ T7212] EXT4-fs (loop5): Could not load journal inode
[   80.936921][ T7222] loop3: detected capacity change from 0 to 128
[   80.948642][ T7222] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   80.971269][ T7233] loop1: detected capacity change from 0 to 512
[   80.986776][ T7233] ext4: Unknown parameter 'nouser_xattr'
[   80.997009][ T7222] ext4 filesystem being mounted at /113/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   81.046109][ T7242] loop5: detected capacity change from 0 to 1024
[   81.055237][ T7242] EXT4-fs: Ignoring removed nomblk_io_submit option
[   81.088409][ T7242] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.179495][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   81.226918][ T7257] netlink: 'syz.1.529': attribute type 13 has an invalid length.
[   81.249098][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.265921][ T3308] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   81.266710][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   81.294739][ T7261] Cannot find add_set index 0 as target
[   81.351779][ T7257] bridge0: port 3(dummy0) entered disabled state
[   81.358282][ T7257] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.365539][ T7257] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.368548][ T7269] loop3: detected capacity change from 0 to 512
[   81.398196][ T7269] ext4: Unknown parameter 'nouser_xattr'
[   81.531876][ T7257] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.541324][ T7257] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.550858][ T7257] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.559919][ T7257] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   81.684984][ T7281] loop5: detected capacity change from 0 to 1024
[   81.721427][ T7281] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   81.732664][ T7281] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   81.753355][ T7281] JBD2: no valid journal superblock found
[   81.759209][ T7281] EXT4-fs (loop5): Could not load journal inode
[   81.853206][ T7286] syzkaller0: entered promiscuous mode
[   81.858797][ T7286] syzkaller0: entered allmulticast mode
[   82.069494][ T7295] serio: Serial port ttyS3
[   82.129167][ T7295] loop1: detected capacity change from 0 to 128
[   82.140758][ T7295] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   82.156155][ T7302] loop5: detected capacity change from 0 to 1024
[   82.179345][ T7302] EXT4-fs: Ignoring removed nomblk_io_submit option
[   82.224568][ T7295] ext4 filesystem being mounted at /107/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   82.239991][   T29] kauditd_printk_skb: 30 callbacks suppressed
[   82.240008][   T29] audit: type=1400 audit(2000000036.990:1605): avc:  denied  { ioctl } for  pid=7312 comm="syz.4.542" path="socket:[11401]" dev="sockfs" ino=11401 ioctlcmd=0x48de scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   82.288176][ T7302] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.368407][   T29] audit: type=1400 audit(2000000037.020:1606): avc:  denied  { bind } for  pid=7312 comm="syz.4.542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   82.388228][   T29] audit: type=1326 audit(2000000037.030:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.411776][   T29] audit: type=1326 audit(2000000037.030:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.435246][   T29] audit: type=1326 audit(2000000037.030:1609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.458639][   T29] audit: type=1326 audit(2000000037.030:1610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.482204][   T29] audit: type=1326 audit(2000000037.030:1611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.505894][   T29] audit: type=1326 audit(2000000037.030:1612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.529370][   T29] audit: type=1326 audit(2000000037.030:1613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.552783][   T29] audit: type=1326 audit(2000000037.030:1614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7312 comm="syz.4.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49fadce929 code=0x7ffc0000
[   82.578161][ T4227] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.621893][ T7338] FAULT_INJECTION: forcing a failure.
[   82.621893][ T7338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   82.635266][ T7338] CPU: 1 UID: 0 PID: 7338 Comm: syz.5.544 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   82.635301][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   82.635318][ T7338] Call Trace:
[   82.635327][ T7338]  <TASK>
[   82.635337][ T7338]  __dump_stack+0x1d/0x30
[   82.635362][ T7338]  dump_stack_lvl+0xe8/0x140
[   82.635412][ T7338]  dump_stack+0x15/0x1b
[   82.635433][ T7338]  should_fail_ex+0x265/0x280
[   82.635479][ T7338]  should_fail+0xb/0x20
[   82.635521][ T7338]  should_fail_usercopy+0x1a/0x20
[   82.635629][ T7338]  _copy_from_iter+0xcf/0xe40
[   82.635712][ T7338]  ? mntput+0x4b/0x80
[   82.635745][ T7338]  ? terminate_walk+0x27f/0x2a0
[   82.635775][ T7338]  tun_get_user+0x144/0x2500
[   82.635816][ T7338]  ? ref_tracker_alloc+0x1f2/0x2f0
[   82.636007][ T7338]  ? selinux_file_permission+0x1e4/0x320
[   82.636034][ T7338]  tun_chr_write_iter+0x15e/0x210
[   82.636066][ T7338]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   82.636104][ T7338]  vfs_write+0x49d/0x8e0
[   82.636148][ T7338]  ksys_write+0xda/0x1a0
[   82.636171][ T7338]  __x64_sys_write+0x40/0x50
[   82.636197][ T7338]  x64_sys_call+0x2cdd/0x2fb0
[   82.636292][ T7338]  do_syscall_64+0xd2/0x200
[   82.636321][ T7338]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   82.636349][ T7338]  ? clear_bhb_loop+0x40/0x90
[   82.636371][ T7338]  ? clear_bhb_loop+0x40/0x90
[   82.636410][ T7338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.636438][ T7338] RIP: 0033:0x7fe6cfe9e929
[   82.636458][ T7338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.636483][ T7338] RSP: 002b:00007fe6ce507038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   82.636522][ T7338] RAX: ffffffffffffffda RBX: 00007fe6d00c5fa0 RCX: 00007fe6cfe9e929
[   82.636539][ T7338] RDX: 0000000000000036 RSI: 00002000000003c0 RDI: 0000000000000004
[   82.636563][ T7338] RBP: 00007fe6ce507090 R08: 0000000000000000 R09: 0000000000000000
[   82.636580][ T7338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.636596][ T7338] R13: 0000000000000000 R14: 00007fe6d00c5fa0 R15: 00007ffc5d6e3b38
[   82.636619][ T7338]  </TASK>
[   82.981585][ T7385] netlink: 'syz.3.546': attribute type 1 has an invalid length.
[   82.993533][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   83.028673][ T7390] netlink: 'syz.5.549': attribute type 10 has an invalid length.
[   83.036577][ T7390] __nla_validate_parse: 19 callbacks suppressed
[   83.036593][ T7390] netlink: 40 bytes leftover after parsing attributes in process `syz.5.549'.
[   83.067879][ T7387] syzkaller0: entered promiscuous mode
[   83.073433][ T7387] syzkaller0: entered allmulticast mode
[   83.081389][ T7393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.550'.
[   83.092446][ T7390] dummy0: entered promiscuous mode
[   83.100257][ T7390] bridge0: port 3(dummy0) entered blocking state
[   83.106753][ T7390] bridge0: port 3(dummy0) entered disabled state
[   83.128395][ T7390] dummy0: entered allmulticast mode
[   83.206874][ T7398] netlink: 36 bytes leftover after parsing attributes in process `syz.1.552'.
[   83.255788][ T7403] loop4: detected capacity change from 0 to 1024
[   83.263037][ T7403] EXT4-fs: Ignoring removed nomblk_io_submit option
[   83.288297][ T7406] netlink: 100 bytes leftover after parsing attributes in process `syz.5.553'.
[   83.327104][ T7403] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.460527][ T7413] serio: Serial port ttyS3
[   83.547311][ T7413] loop1: detected capacity change from 0 to 128
[   83.562789][ T7413] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   83.607574][ T7413] ext4 filesystem being mounted at /111/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   83.608265][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.985655][ T7449] netlink: 'syz.3.560': attribute type 1 has an invalid length.
[   84.076483][ T7461] serio: Serial port ttyS3
[   84.101646][ T7463] netlink: 'syz.3.562': attribute type 39 has an invalid length.
[   84.141657][ T7461] loop5: detected capacity change from 0 to 128
[   84.170763][ T7461] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   84.234482][ T7461] ext4 filesystem being mounted at /89/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   84.250894][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   84.345980][ T7504] loop1: detected capacity change from 0 to 1024
[   84.388619][ T4227] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   84.411427][ T7506] loop5: detected capacity change from 0 to 512
[   84.420058][ T7504] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.436495][ T7405] syz.0.555 (7405) used greatest stack depth: 6952 bytes left
[   84.444928][ T7509] loop4: detected capacity change from 0 to 512
[   84.479298][ T7511] netlink: 36 bytes leftover after parsing attributes in process `syz.0.566'.
[   84.489924][ T7509] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   84.507503][ T7506] ext4: Unknown parameter 'nouser_xattr'
[   84.547758][ T7509] EXT4-fs (loop4): 1 truncate cleaned up
[   84.563339][ T7509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.918425][ T7529] netlink: 'syz.0.571': attribute type 13 has an invalid length.
[   84.953974][ T7509] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[   84.966430][ T7533] netlink: 20 bytes leftover after parsing attributes in process `syz.5.573'.
[   85.001897][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.029480][ T7537] FAULT_INJECTION: forcing a failure.
[   85.029480][ T7537] name failslab, interval 1, probability 0, space 0, times 0
[   85.042281][ T7537] CPU: 0 UID: 0 PID: 7537 Comm: syz.0.575 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   85.042314][ T7537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   85.042459][ T7537] Call Trace:
[   85.042467][ T7537]  <TASK>
[   85.042476][ T7537]  __dump_stack+0x1d/0x30
[   85.042502][ T7537]  dump_stack_lvl+0xe8/0x140
[   85.042525][ T7537]  dump_stack+0x15/0x1b
[   85.042541][ T7537]  should_fail_ex+0x265/0x280
[   85.042642][ T7537]  should_failslab+0x8c/0xb0
[   85.042747][ T7537]  __kmalloc_noprof+0xa5/0x3e0
[   85.042777][ T7537]  ? genl_family_rcv_msg_attrs_parse+0x75/0x190
[   85.042842][ T7537]  genl_family_rcv_msg_attrs_parse+0x75/0x190
[   85.042887][ T7537]  genl_family_rcv_msg_doit+0x48/0x1b0
[   85.042951][ T7537]  ? security_capable+0x83/0x90
[   85.043042][ T7537]  ? ns_capable+0x7d/0xb0
[   85.043119][ T7537]  genl_rcv_msg+0x422/0x460
[   85.043156][ T7537]  ? __pfx_hwsim_del_radio_nl+0x10/0x10
[   85.043250][ T7537]  netlink_rcv_skb+0x120/0x220
[   85.043276][ T7537]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.043334][ T7537]  genl_rcv+0x28/0x40
[   85.043374][ T7537]  netlink_unicast+0x5a1/0x670
[   85.043434][ T7537]  netlink_sendmsg+0x58b/0x6b0
[   85.043465][ T7537]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.043591][ T7537]  __sock_sendmsg+0x142/0x180
[   85.043689][ T7537]  ____sys_sendmsg+0x31e/0x4e0
[   85.043723][ T7537]  ___sys_sendmsg+0x17b/0x1d0
[   85.043769][ T7537]  __x64_sys_sendmsg+0xd4/0x160
[   85.043812][ T7537]  x64_sys_call+0x2999/0x2fb0
[   85.043841][ T7537]  do_syscall_64+0xd2/0x200
[   85.043907][ T7537]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   85.043942][ T7537]  ? clear_bhb_loop+0x40/0x90
[   85.043969][ T7537]  ? clear_bhb_loop+0x40/0x90
[   85.044016][ T7537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.044045][ T7537] RIP: 0033:0x7f39e949e929
[   85.044083][ T7537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.044108][ T7537] RSP: 002b:00007f39e7b07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.044134][ T7537] RAX: ffffffffffffffda RBX: 00007f39e96c5fa0 RCX: 00007f39e949e929
[   85.044151][ T7537] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[   85.044167][ T7537] RBP: 00007f39e7b07090 R08: 0000000000000000 R09: 0000000000000000
[   85.044232][ T7537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   85.044249][ T7537] R13: 0000000000000000 R14: 00007f39e96c5fa0 R15: 00007ffcad5d8788
[   85.044273][ T7537]  </TASK>
[   85.307366][ T7537] netlink: 24 bytes leftover after parsing attributes in process `syz.0.575'.
[   85.321273][ T7539] loop3: detected capacity change from 0 to 512
[   85.362523][ T7539] ext4: Unknown parameter 'subj_type'
[   85.391290][ T7504] ==================================================================
[   85.399447][ T7504] BUG: KCSAN: data-race in filemap_write_and_wait_range / xas_set_mark
[   85.407752][ T7504] 
[   85.410108][ T7504] write to 0xffff888106b73b04 of 4 bytes by task 7516 on cpu 0:
[   85.417776][ T7504]  xas_set_mark+0x12b/0x140
[   85.422318][ T7504]  __folio_start_writeback+0x1dd/0x440
[   85.427816][ T7504]  ext4_bio_write_folio+0x5ad/0x9f0
[   85.433119][ T7504]  mpage_submit_folio+0xe4/0x170
[   85.438115][ T7504]  mpage_process_page_bufs+0x39b/0x4a0
[   85.443632][ T7504]  mpage_prepare_extent_to_map+0x741/0xaa0
[   85.449478][ T7504]  ext4_do_writepages+0xa1a/0x21c0
[   85.454614][ T7504]  ext4_writepages+0x176/0x300
[   85.459410][ T7504]  do_writepages+0x1c6/0x310
[   85.464025][ T7504]  file_write_and_wait_range+0x156/0x2c0
[   85.469746][ T7504]  generic_buffers_fsync_noflush+0x45/0x120
[   85.475677][ T7504]  ext4_sync_file+0x1ab/0x690
[   85.480379][ T7504]  vfs_fsync_range+0x10d/0x130
[   85.485174][ T7504]  ext4_buffered_write_iter+0x34f/0x3c0
[   85.490767][ T7504]  ext4_file_write_iter+0xdbf/0xf00
[   85.496004][ T7504]  iter_file_splice_write+0x5f2/0x970
[   85.501516][ T7504]  direct_splice_actor+0x156/0x2a0
[   85.506664][ T7504]  splice_direct_to_actor+0x312/0x680
[   85.512078][ T7504]  do_splice_direct+0xda/0x150
[   85.517018][ T7504]  do_sendfile+0x380/0x650
[   85.521466][ T7504]  __x64_sys_sendfile64+0x105/0x150
[   85.526703][ T7504]  x64_sys_call+0xb39/0x2fb0
[   85.531405][ T7504]  do_syscall_64+0xd2/0x200
[   85.535928][ T7504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.541856][ T7504] 
[   85.544193][ T7504] read to 0xffff888106b73b04 of 4 bytes by task 7504 on cpu 1:
[   85.551769][ T7504]  filemap_write_and_wait_range+0xfc/0x340
[   85.557628][ T7504]  filemap_invalidate_pages+0xa4/0x1a0
[   85.563131][ T7504]  kiocb_invalidate_pages+0x6e/0x80
[   85.568370][ T7504]  __iomap_dio_rw+0x5d4/0x1250
[   85.573181][ T7504]  iomap_dio_rw+0x40/0x90
[   85.577545][ T7504]  ext4_file_write_iter+0xad9/0xf00
[   85.582802][ T7504]  iter_file_splice_write+0x5f2/0x970
[   85.588256][ T7504]  direct_splice_actor+0x156/0x2a0
[   85.593419][ T7504]  splice_direct_to_actor+0x312/0x680
[   85.598828][ T7504]  do_splice_direct+0xda/0x150
[   85.603652][ T7504]  do_sendfile+0x380/0x650
[   85.608109][ T7504]  __x64_sys_sendfile64+0x105/0x150
[   85.613331][ T7504]  x64_sys_call+0xb39/0x2fb0
[   85.617962][ T7504]  do_syscall_64+0xd2/0x200
[   85.622492][ T7504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.628404][ T7504] 
[   85.630735][ T7504] value changed: 0x0a000021 -> 0x04000021
[   85.636463][ T7504] 
[   85.638799][ T7504] Reported by Kernel Concurrency Sanitizer on:
[   85.644967][ T7504] CPU: 1 UID: 0 PID: 7504 Comm: syz.1.563 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(voluntary) 
[   85.655581][ T7504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   85.665920][ T7504] ==================================================================
[   85.705831][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.721253][ T7548] netlink: 'syz.0.578': attribute type 13 has an invalid length.