last executing test programs:

28.937501741s ago: executing program 1 (id=2914):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x8}, 0x18)
r2 = io_uring_setup(0x5f6f, &(0x7f0000000000)={0x0, 0x84bf, 0x40, 0x20, 0xfffffffd})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f00000022c0)=ANY=[@ANYBLOB="18000000000000000000001100005e77d4ef5a1d55f4061b5e814a33ce4d719460c636db80a06d46edc1742c5ff93629c9e84b4d2b73119b00000000", @ANYRES32=<r4=>r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
lsm_set_self_attr(0x66, &(0x7f0000001280)={0x6a, 0x4, 0xc20, 0xc00, "36f1185f9f67cf8d775b9feaf8a2da49958f1046c00db4e7872bb057e15a2901f94546a212e0715662af7cb16c20d7b9e50531f820120f8579f2c334d45199605b2ddaaea03ba432440f5cac23ee76abbbcb0053e1e6b5f7b06255a84dc1e823311b018bf29365f96455d0fd922ea92e784548a9bd8c5dab6172bc551b58e715fb4fed195fbb19ae28f63f274c8c064d3de4eeaea03842bf2d7855eb8f15c18c6454dc4f5e54796163d5230840fb591f773bf1b24ac8ef0264bf20e774e0255ea61700126c3a54b3f3102565080bdee1e86adeafeccfca22be823c306fb2939253b5ec343418ee3e91a1db2c3f0d6dc18f3a31d732ef5f284cfb4cf7f58107f664c4efb29b9179367c46c0408001444c07a77352b58ba42b700740ba8b6a614634fa1ebd4563a9c8155f6883d3f2fee3c6021c14cb4f235a3f0d380b364c94ceda393089d2b2cd714578359d016fb74f6452feee7f9a106b16f070ebfd17349da1865c634e1242595ec4b7a0c0fc0c546c6de93b2513d1ce57d887700bb2319c6e4c05c702ddf08ae8887c40500b964683e6c6b7585644f08ecab161300ceead1e907ef7422404bb8ff5cf52defe783616594c964ea198d903faee16716eecce7cdae448c3b6ffe503b373951c80bdff15d1c084d1370a508279241387eed486a8fd943158ff4d68c4333caa36ac8255dbfd7a0041218cdd5b78ca961c0c1a4784847d35d38517efc9da6ac002d7a670e6b931720f9bfc01ac393f8f924cbaea9e50d4dced35218ba4d0077baeb7e0dd32807ad247a1ed43d325d9aca00f73120eeadb0818baecd0d6fb274f58bcbb39408e460863a6c27fbd1640b8b95609ed407db19d554f2787c6b6da688dd761c92db2cc1d7103faca850e1b98faeafe0599b310fc1b976a337ed389f390e36b16a29f4426d91263697dabbd5092ea6bf1735d9467f2fc8988ffea76d550a7b8aa781ee460ddf81cb41ee49e1c13c721aa5117e53e29b39bfc2ed3f880441a9d6413c584a1d520626057bf088fed0496b84f03eb1f40eae63347c1a171a08e3c116a97ab35699abe7ae1191ecbbff838e6a9b84dd855bb82f0b37e800a92752b91827536c8fec2887cafe9c2dea027364d88e7cb9dad634ff012d29f479b702da2557d00c1abb757e00de001772e424933931eb5aeeb36df7ee4ae5118b90ed0024c3fc10df778e238cb22f21cd060b21ffe2f41e29adcdc3fc57d56c1b9fea21095b4cf6729fa7b988f077066d3ef1d96c44c6f12811acb0f29ed92ef8bf9cdc408b6c7dc4c3ff2a941b7dfc04024b24650d22817d9a783a9e1b249bec04939d044724c140102689f786fd573ed85455a30d582327220527a79d5845e18201b8e173b530b52fb81f2d4b544033275b70cb0198c867ec5ab4ae9d300599a844a199f15ba437684da75fdf923d27d8e3b5aa2e98eee596d564e6fb06cfcc9382e4f40f54e9b7aed9485eaa194f2797e44a76b67bdfa7efda88b2f237fde5f5d264b1f486c9cd5b7b3d16936e627366ff7d69feaae59c1f9201c134a8b3823b09725310d1ff6cf78143bf7af456d24d3565586ca7595930f68ac1336e2f4f377d099d830a2517e97dd8979050ce80d74e841616a90bc9c4b851f6896831f1db3cd4f163e1fb7b36e5d9f34029a32fefe0bdbaee3bee096390fc8a46806387dfb5ef2d596db8bbd9c2640bf226a0315c936794df50fa264288a2e5652d8634b4f4f730cfdf2f3356cead788956d7f481626b54128376fa2bc2e00c65ea9d5e79e8c59abf5406699e22f28f6a62392440676be77347cad40ff0cda5f74ce747a3639b47986496ce6762274330dcc7fc4ebe280672534784e15eac359e221d90c17e2586def08921be15eff4a38b26de2f515754f0a68ac87bcebfb930ba786b57281626d4b1f17f37f73013532154b305c9741dd7fe675b15168c7b977bad7e34f65d8cabd9273581b8c1796d514831c29c55981a4cd4fb4cd87f05c194da8593b163dbe622b3c74f42b9300690eb16266e7606ecbec0bed93ec424e851a5440cf00581a70f1b6597971dbeb9685d698301a5d22167875689adbecbd15e42401b8dacc2e1d5c399cdfc11935c6b9ac5369e513bf7c10740e007b13c51a84f87915db2e6b090484ae946570b7a51ee9fa99e4dc2cd40c190d1c8b11db3f65e4dc7dd6ba30c3487eafa89f854935e8bbf9bf916a89fcb9bc8c39f09b4ab76ce59fdf7afabbba308773d008be799ee6544fc3239371fa768758c62b47d24a924df12d0eb48b094dde306131e9f4b6dd2515f1cd234cfb3979854acee3b1a22fdf835fabd7362b1b616346d753684e6a345528f7d04088b8117100a6bb3a15b373e04275e4a2ed40a307689ef026424083175011b5276dbbec3594103fdd8ca13261f98c196e8ec2bb8301cee4f193f33f2896248722900584c6c1258511ce8a794e69caf38dc568f60c462355f1cafdf298e9f93c36bed9f98422ff29b0b8e5d65f21b9fc51de33c4e26ba0b015604d82f785f08a122ae99bbdbd5d0ad8bdde9ce5598cba730860cab5345d4a3346427bad13f723b04065ada739d7f5d82299330a48329e677cf0ef2976107930b737b5fcc595bb22f329d343a2d0ce1d2374cef2db1dcf88b160106987ee21eef6ddd65368ec86e808b68ede3d3b915dc32a585c4ea647aa956720efa7bf01f07e21f3ca65df12fc6ba369774d0a31368a27764b388065c0491bd3f2cffff1f4ed829669f6b8c4ee0a99c75ff26332fccec9f6f698b27e014684af6ca9964672f3d7d28ef83b69995504740debc8885bac6ad78f8d6fef45b4035da052d9bc5a2651a6a313c34b975b141cc393367f6e3f72572daf27b89e61fb4eedb0b60093bf6a473d478128c73ee92157cfaeee3530b48d52f8dd0bfa03e142142e9949a05e9476cc00b6afd1eb7dc86491201a5f186a433388df25400c79028d68530cbc91ceed9cf05bf21a78f0fef0a589d694b5b0b1cad7f401c52778d868a91288743b0d6e67d7b849a394cb6e2cf598ca6153dab95429231d4a318666367ec285c7457e2417edb830436452f359df4309b95d64c1d3455f9bcd2df2173a800c83cf1dde763a6ecbf25f37d073991d17d23b863a74c378aa43ce3ce9c92991db58e8d9f4dee8c3bcff7a3bc009fa3b8c48e8a2d25a313ad07295b4b667bae53f31d7c6e0c000875eaf77fdc6755d470e14d20e9931e918f76538d8fe1b8562845dc2afc28aa83e644f255a4e31e2fdf0948c35f1cb41c960f0b68afa6d2226b3a081296fdc24767f009bff88a7043ab3aa172bd7e3e096f3447439e28a0e88e612e55d0a032d2dc415e41a05fe258c9104c5a2672e0e55ecadd14e3cd36a90559f36e137a736bb61062baec23595c5b4eb4653d8f2c7f4912c51035f80a3893fcc10a4ce88cc4c4dd35db0de2da00e749aa86079896c4a8b20ac33537b696a5974c1f11260876900828ff70036b90a4f29a643ebd152583d53a4c0473afb883f05c8195d8dddaffe934b85cac7066523391b1331502d8e0a6794e25bafb1b93c7dc609969dc0114dcddd391e2eb4c51775bcff3c2bf881ec1ef893d0b8455c38030155a50328a2dde670d1a05e0ee994802c8ba5b9225bbd6696aa09bbda78436387630780c47c33f945bbfe0859ebae0f4ceb01ff6a9365c5b59f5d28faddf60ed068d27af6a3e18b9f8855a61e4408555258b537b254e56377e068f3aedb8c25c330e9a475907db4ebba7094a2187e8bcfeb6e8a9f14c75c0a0cf0d6642f0e5449dacaa4f27ea36218cfccc311c4a49ee47be70211ac718ee0d7b26b95f31b302b764d1679c83da6989d314321f340ed2971a2dd387b6ac5a907cf69e0cb93c365b4b253a80ba1e1e86f2f74309352a158a3d2b1b700cc48c5d2ec0145c9ebea7f9a38493ee6be4ecbe7d5b58ff5c2f5da2bcb69e21fad1afad05058aec148e7929a75779ac3734b56c9076ad55c2f74893cc9687bd3e6ac23599acaf0e9417d5a206a8d7ddf5a37a156b403f666c12b0559be39ba95eec8aefc22b9ed981d86d52dac0286c843ddc37b14ba6f09f1c91d6a9abc93ee091a649ea4db09a3a2cb0414e25d7617a40abec6114bf09f6f195ab4fb2b6ed680343ee52792ba56b9ffb43fc893001f14625b92b4f51018d9268020beaa3be6c3179bfa5adb4cf8d78afcef7f152fd6c156a8e5d6d7f827f7e0d293a45c6b66750ef4d5709cd3769277ce6119d899998295746b3c652e94b6d9173da67a473a37f3e547f0d2fe6f606345272c9ffd05d32af8a4ff8c0fb963934af823a494c9066b811e633f1fe86984e6ed8b52d3e3a13d"}, 0xc20, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r6)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x1c, r7, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60001}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r11 = gettid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, r10, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PID={0x8, 0x1c, r11}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
sendmsg$NL802154_CMD_DEL_SEC_DEV(r6, &(0x7f0000001240)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001200)={&(0x7f00000011c0)={0x20, r10, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x20}, 0x1, 0x0, 0x0, 0x51}, 0x48002)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r12, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCGUNIT(r12, 0x80047456, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
memfd_secret(0x80000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
r14 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
preadv(r14, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4084, 0xff4}], 0x1, 0x0, 0x0)
sendmsg$nl_generic(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r4], 0x20}, 0x1, 0x0, 0x0, 0x20040050}, 0x400d5)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, &(0x7f0000000500), 0x66)

28.368525169s ago: executing program 1 (id=2918):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00', r1}, 0x10)
inotify_init()

28.189138321s ago: executing program 1 (id=2921):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000e40688bd65d388cb42d2d2d0bf1c80b74a6a950d6ce7f21a7019", @ANYRES32=0x0, @ANYRES32, @ANYRES64=r0], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{0xfffffffd}, {0x0, 0x4}, {0x3, 0x4, 0x10009}], 0x10, 0xfffffff5}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b35, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030036000b05d25a806c8c6f94f90424fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x8, &(0x7f0000000700)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
uname(0x0)

27.862703885s ago: executing program 1 (id=2924):
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={0xffffffffffffffff, 0x7, 0x4}, 0xc)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6_vti0\x00', &(0x7f0000000180)={'syztnl2\x00', <r1=>0x0, 0x29, 0xa, 0x91, 0x8001, 0x6c, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x20, 0x7, 0x6, 0x5}})
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1e00000006000000090000000200000008010000", @ANYRES32=r0, @ANYBLOB="e60100"/20, @ANYRES32=r1, @ANYRES32, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00\x00@\x00'/28], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/uts\x00')
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf78b04963d679d5a5d07e618a1ef9057fec00f9e93021f5a8d30e716de8cde9c6000000000c3b64d10f0939b42b33ab2a8717096c58bb3bb1d457d8bb96870f5a7e2ba31fd69bb80235d957eaa9a40b764e5381ffa604aaafb76a980e72b408f686b185736693089213b4e140f8f38e5589663115093889deb646122a5dc5a9e5ba4d37749a36b880110e2bf524b79bc91105f1d3f7d0de694a9417d68694f17ba5e27ea1cec518b93fadcfe0de010ae9be3273ff73c34b5695080a35bfa5c69e3b533e1b939c81b3beda037b7191cb0000000000000000000010e5d683b8938db5c305cf7e6e62a6890ba9e1f4ee64f8202b59de5036569febfaa95f4633db108b2f786333ec7bacc927f4a1785165b5d2444b4c022bb5cff472e6a0c8ee9d6d8df83b704669147b732ac508c9b9f0ca0a1ce45319d43d4643eb285835daf2065b57bebd61ad6671296c27253a5f9688d57c91ccd40ffe2dbc5dd1613a2e6f5b363cc8d205ce6ef3c3c6ded7dd3dfdb39008d8997213f68cdc971c1d6fdacb7729a5560880a77525e9cfb94ef1735dfe74e6b948697f7e3580436b532a82e315d56b17a5dba98436cc24babaae409f0aab0b40af116001bc85492455956e853ead08b5793d4ecf72378a3dfd9cc837b1c66212d9a2be8fd6341c2f837c7fe09924a51ec42912856cce3d3b2d092c80813aad03e1e63a655f4138730f302df339f30a4fbd453c9a0fba381d071ad7cb80a52bec572e29b0b9b55c235806b97e166609f8083ce776075c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'ipvlan1\x00', 0x100}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x89901)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socket$netlink(0x10, 0x3, 0x0)
socket$tipc(0x1e, 0x4, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = shmget$private(0x0, 0x9000, 0x80, &(0x7f0000ff6000/0x9000)=nil)
shmctl$SHM_LOCK(r5, 0xb)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

27.757951766s ago: executing program 1 (id=2927):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket(0x10, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x2251197285d76a80, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

27.592188248s ago: executing program 1 (id=2929):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x100}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
sendmsg$key(r4, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@rand_addr=0x64010100, 0x2c, 0x30}]}, 0x38}}, 0x40408c0)

27.560817659s ago: executing program 32 (id=2929):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x100}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
sendmsg$key(r4, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@rand_addr=0x64010100, 0x2c, 0x30}]}, 0x38}}, 0x40408c0)

3.637553863s ago: executing program 3 (id=3244):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x2000)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56)
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))

3.599684184s ago: executing program 3 (id=3245):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r4=>0x0})
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x0, {0x0, 0x0, 0x2}, {0x0, 0xff, 0x2}, 0xfe}], 0x20)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r4, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840)

3.085394121s ago: executing program 0 (id=3251):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4006, &(0x7f0000000380)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x443, &(0x7f0000001040)="$eJzs28tvG8UfAPDvrpP019cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgJC5YgqcUcckfgLOMEFASckrsAZVapQLi2cjNbebRzXdpNg1yH+fKRNZnbHmfl6duzZnWwAA2ss+5FE7IqIXyNitJ5dXWCs/uvm8uWZv5YvzyRRrb7xZ1Ird2P58kxRtHjdziIzFJF+ksSBFvUuXLx0drpSmbuQ5ycWz707sXDx0jNnzk2fnjs9d37qxIljRyefOz71bFfizOK6sf+D+YP7Xnnr6mszJ6++/ePXSRF/UxxdMtbp4OPVaper66/dDelkqI8NYV1K9WEaw7XxPxqlWOm80Xj54742DuiparVava/94aUqsIUl0e8WAP1RfNFn17/FdpemHpvC9RfqF0BZ3DfzrX5kKNK8zHDT9W03jUXEyaW/v8i2aL4Psb1HlQIAA+3bbP7zdKv5XxqN94X+n6+hlCPinojYExHHI2JvRNwbUSt7f0Q8sM76mxdJbp9/ptc2FNgaZfO/5/O1rdXzv2L2F+VSnttdi384OXWmMnckf08Ox/C2LD/ZoY7vXvrls3bHGud/2ZbVX8wF83ZcG9q2+jWz04vT/ybmRtc/itg/1Cr+5NZKQBIR+yJi/wbrOPPkVwfbHWsT/8ia/nAX1pmqX0Y8Ue//pWiKv5B0Xp+c+F9U5o5MFGfF7X76+crr7eq/c//3Vtb/O1qe/0X8v5eTxvXahfXXceW3T9teU270/B9J3ly17/3pxcULkxEjyau1fLlx/1RTuamV8ln8hw+1Hv97YuWdOBAR2Un8YEQ8FBEP521/JCIejYhDHeL/4cXH3tl4/L2VxT/bsf+jqf9XEiPRvKd1onT2+29WVVpeT/xZ/x+rpQ7ne9by+beWdm3sbAYAAID/njQidkWSjt9Kp+n4eP1/+PfGjrQyv7D41Kn5987P1p8RKMdwWtzpGm24HzqZX9YX+amm/NH8vvHnpe21/PjMfGW238HDgNvZZvxn/ij1u3VAz3leCwaX8Q+Dy/iHwWX8w+BqMf49egYDotX3/4d9aAdw9zWN/47LfiYGsLW4/ofBZfzD4DL+YSAtbI87PyS/NRJpRGyCZmyVRKSbohkSPUr0+5MJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgO/4JAAD//5025W8=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x10)
mkdirat(r2, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x11000000}]}]}}, 0x0, 0x42}, 0x20)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=ANY=[@ANYBLOB='U'])
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x18, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x75}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x0, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x80000001}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x1000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x34}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x9}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

2.747433645s ago: executing program 2 (id=3256):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
uname(0x0)

2.725113755s ago: executing program 2 (id=3257):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = open(&(0x7f0000000040)='./file2\x00', 0x81, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x4c06, 0x3)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000005c0)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
setgid(0x0)

2.685159586s ago: executing program 2 (id=3258):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
uname(0x0)

2.684591946s ago: executing program 2 (id=3259):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001340)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000a0e97b2c68a5dc53086d1fac030000000000000000faffff1f000c"], &(0x7f0000000240)='GPL\x00', 0xd, 0x0, 0x0, 0x41000, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r3, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0x18}], 0x1)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffa000/0x1000)=nil)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000200)=[@mss={0x2, 0x6}, @timestamp, @sack_perm, @mss={0x2, 0x200}, @sack_perm], 0x5)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x401c5820, &(0x7f00000001c0)=0x8)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{}, &(0x7f0000000580), &(0x7f00000007c0)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}})

2.668340676s ago: executing program 3 (id=3260):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x608a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="03000000040000000400000001"], 0x48) (fail_nth: 6)

2.37395364s ago: executing program 0 (id=3261):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x0, 0x7, 0x1, 'queue1\x00', 0x7}) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x0, 0x7, 0x1, 'queue1\x00', 0x7})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'}) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r1}, 0x8) (async)
r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r1}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x18, 0x4, 0x208, 0xe, 0x13881, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x0, 0x0, @void, @value, @value=r2}, 0x50) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x18, 0x4, 0x208, 0xe, 0x13881, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x0, 0x0, @void, @value, @value=r2}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x20, 0x10, 0x503, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}}, 0x20}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) (async)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r5}, 0x18)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x100000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000080))
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r8, 0x80104592, &(0x7f0000000300)={0x0, 0x8, &(0x7f0000000200)="952bb3e006ae9a4c"})
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r8, 0x80004509, 0x0) (async)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r8, 0x80004509, 0x0)
ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, @l2tp={0x2, 0x0, @local, 0x1}, @in={0x2, 0x4e21, @private=0xa010102}, @llc={0x1a, 0x1, 0x1, 0x72, 0x7, 0x4, @random="67de0b32462b"}, 0xa03, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000080)='nicvf0\x00', 0x1, 0x4, 0xff})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)

2.281132631s ago: executing program 3 (id=3262):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd88500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000880)=0x20000000)
msgctl$IPC_RMID(0x0, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000800)=ANY=[@ANYBLOB="1221010200000008020921d3060201220f0609058103ff03080804000000000000000000000090410e33a79a4f721997e804d8614351534bd77357f4b4ce4665984c1a58901742c24e00"/89], &(0x7f0000000740)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x200, 0x3, 0xd, 0x3, 0x0, 0x40}, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="050f8f0000"]})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f0000000540), 0x10, 0x7e0, &(0x7f0000002800)="$eJzs3d9rXFkdAPDvnUyaNG1NBMHq04CggdKJqbFV8KHigwgWCvokaBsm01AzyZTMpDQhWIsIvghafBD0pc9V65tP4q9X91/YfVmWpWV/pGXb3Ydlljs/kkkymUyyyaTbfD5wk3PuPTfnfufce+7J3MNMAMdWLv2RifhSRPwuiRhtrk8iYnBLuedrq4V0SaJW+9F7Sb3Ms7XVQrTtEyMjcaqZORsR//11xLnM9noryytz06VScbGZn6jO35qoLK+cvzk/PVucLS5cnJyaunDpm5eGDi7WD15bOf3k99//2t8uf/SrLz767f+SuBynm9va4+jJL/65a5Fc5BqvSQzG5S3bvrenyl5+yVEfAPuSXpoDEZGNtA8YzcaJ3vfNHuaBAQCH5m5E1ACAYyZx/weAY6b1PsCztdVCutTuHu37Ef32zncjYrgRf+v5ZmNLtvnMbrj+HHTkWbLpeUcSEWMHUH8uIv78j5/9JV1iP88hAfbpl/ci4vpYrtX/b/Q/ybY5Cw29T8j4eivRZXJAbkte/wf98+90/POtjfHfxvWXWR//RIfxz1CHa3c/crF5xsn26z/z+ACq2VE6/vvO4Mbctudt8TeNDTRzZ+pjvsHkxs1SMe3bPhcR4zE4lOYnN//ZM2faMuNPP366aWtbxO3jv/fv//xhWn/6e6NE5nF2S5c7M12dPpDg0/jvRXw52yn+ZL39kx3Gv1d7rOMH3/7Nn3balsafxttaNsd/+LPKag8ivhqd429Jus1PvDhRPx0mWidFB39/848jO9Xf3v7pktbf+l+gH9L2H+ke/1jSPl+zsvc6/v9g9D87bctFDHSPv/P5fyL5cT3dupTuTFeri5MRJ5Ifbl9/YWPfVr5VPo1//Cudr/9u53/6P+H1HuPPPnn3r13ib7R/a8VO7d/ohuPKv3qstEdp/DN7av+9Jx49nxvYNf6u7T9VT4031/TS//V6gJ/mtQMAAAAAAAAAAAAAAAAAAAAAAACAXmUi4nQkmfx6OpPJ56P+Hd5fiJFMqVypnrtRXlqYifp3ZY/FYKb1UZejbZ+HOtn8PPxW/sKW/Dci4vMR8Yehk/V8vlAuzRx18AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQdGqH7/9PvT3U+P3iSI8QADgUw7uWeFrsy4EAAH2z+/0/IoYO/zgAgP7p6f4PALxS3P8B4Phx/weA42c4IttDsZ/04VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4NV29ciVdai/WVgtpfub28tJc+fb5mWJlLj+/VMgXyou38rPl8mypmC+U59t2fb3T3yuVy7emYmHpzkS1WKlOVJZXrs2Xlxaq127OT88WrxUH+xYZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPSusrwyN10qFRebiYcjEZvXSBx+4sNardZz4dpoo+leloM//MRb5984263M/W2n8XripyeP0wt1kImj7pkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhs+CQAA//8W7yc1")
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=ANY=[@ANYBLOB="080000210197a200"], 0x8, 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)

2.280845951s ago: executing program 0 (id=3263):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'veth1_to_team\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x3b, 0x1, [{0x8, 0x1}]}})
timer_settime(0x0, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)
ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xfffff)

2.27348599s ago: executing program 5 (id=3264):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00', r1}, 0x10)
inotify_init()

2.133008263s ago: executing program 5 (id=3266):
sched_setaffinity(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="05000000040000"], 0x48)
socket$inet_sctp(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f00000008c0)={0x70, r0, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x4488c}, 0x20004804)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00'}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))

1.868688206s ago: executing program 5 (id=3270):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
uname(0x0)

1.847101286s ago: executing program 5 (id=3271):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000e0000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000e4000000e4000000050000000c0000000000000e04000000010000000900000000000010040000000a000000000000080000000009000000000000080300000007000000000000100c000000020000000800000f0300000020c00000040c00000100000004000000e807000007000000010000000100000001000000010000000600000067150000b97c62b9c29f4c5e7ae474c21509a0cc04000000890e0000060000000300000006750000000700000004000000001000001c0d0000030000000d00000081000000ca6c15000000000200000d000000000e0000000100000002002ad46c45615b77b100000100000f01000000039923b8040b8ed80ce48c6a7177187e835408c09721069eb92357fabac1e2b64e875057a3f323ded9ad2e9f697e5a94966362d4e9ae6f2fa6a22529779ad46dc4c4901e7e7e5a6cca178b16488483320f0b6c180f55312d8ed9ce9ea22fada469476774698a009d04a4043eceaec540bb1b400fe11558d935dbf4dfca1d936e510c1ded8d9a12f428d2a63c87c5096de853c4bf063719"], &(0x7f0000000180)=""/176, 0x101, 0xb0, 0x1, 0x10001, 0x10000}, 0x28)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
setrlimit(0x4, &(0x7f0000000280)={0x5, 0x6})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x100000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r3}, 0x18)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000201}, 0x94)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0xfffd}, {0x2, 0x4e24, @loopback}, {0x2, 0x4e22, @empty}, 0x261, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4004, 0x1, 0x6})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r5, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2})
socket$inet(0xa, 0x801, 0x84)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$cgroup_subtree(r6, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r7, 0x0, 0x5)

1.793527957s ago: executing program 5 (id=3272):
r0 = msgget$private(0x0, 0x790)
msgsnd(r0, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x64, 0x1, 0x0, 0x0, 0x0, 0x210e, 0xc0002, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b80, 0x2, @perf_bp={&(0x7f0000000040), 0xe}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0xb)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
msgctl$IPC_RMID(r0, 0x0)
close(0xffffffffffffffff)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x3, 0x0, 0xfffffffd}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}}, 0x1c}}, 0x0)
r4 = syz_io_uring_setup(0x10f, &(0x7f0000000300)={0x0, 0x5885, 0x80, 0x1}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.792349327s ago: executing program 2 (id=3274):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001340)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000a0e97b2c68a5dc53086d1fac030000000000000000faffff1f000c"], &(0x7f0000000240)='GPL\x00', 0xd, 0x0, 0x0, 0x41000, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r3, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0x18}], 0x1)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffa000/0x1000)=nil)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xfffffd26)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000200)=[@mss={0x2, 0x6}, @timestamp, @sack_perm, @mss={0x2, 0x200}, @sack_perm], 0x5)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x401c5820, &(0x7f00000001c0)=0x8)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{}, &(0x7f0000000580), &(0x7f00000007c0)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}})

1.483020861s ago: executing program 3 (id=3277):
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0)
syz_emit_ethernet(0x6f, &(0x7f0000000980)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x4d, 0x0, @opaque="49061741a8a88a9c64c5207e6c0af06215b7fb1a74c61d607d43211301300d7c274f461e9993b48c91bcdf1aecc1f39ebad04a191154d2a893447067ee92e2c86ecfd35472"}}}}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001940)=""/4096, 0x1000}], 0x1}, 0x7061ab3a}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000e80)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @empty, @dev={0xac, 0x14, 0x14, 0xd}}}}}, 0x0)

1.423600492s ago: executing program 3 (id=3278):
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x1000)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(0xffffffffffffffff, 0x0, r2, 0x0, 0x46)
close(r2)
socket$igmp6(0xa, 0x3, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
memfd_create(0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000100)='./file1\x00', 0x200880, &(0x7f0000000280)=ANY=[], 0x11, 0x736, &(0x7f0000000b40)="$eJzs3c1uG+fVAOBDWY4VfYARfC2CwHWciZOFDTgySSUyhCwKlhrJk1AkMUMFNroogtgujMhJETdArS7SbNJ20UvoItveRO6h6K7XkH1XVTHDH/1Yol1bEQP3eQhzXs6cmffMkODRS3OGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABErb1Wrzdq0cm6W7eS47XX8t7mlOXj7X13YDKl34ha+S8WFuK14azXfrq3+NXy7nJcHD66GAvlZCF2/u/VV97/yfzceP0pCZ2Kh492Pv14e/vuF7NOZEY20m5W9LLN1kaaZEUvWV1ZqV+/uV4k61knLW4Xg3Qzaedpa9DLkyvtq0ljdXU5SZdu97a6G2utTjqeeeOdZr2+knyw1E9bedHrXv9gqWjfzDqdrLtRxZSLy5gbya8/zz/MBskgbW0myb3723eXn5RkGdR4mqDmk4Ka9Waz0Wg2Gyvvrb53o16fb9YX4sCM+iFxYJWkXp8fv2jjleFr+6mP9T7/eJaV+MHMlXd//3L0hMYfpj+zJ/PGDSdgblT/oxNZdGMrbkVy5K0da5FHLzaPWT7yXcTvq8b1dGq/Zf1eGNX/cZV/bW/xhfLu8sLo0aXj6v8xuZze7WE8ip34ND6O7diOu/HFzDM63dtGpNGNLIroRRab0armJKM5SazGSqxEPX4VN2M9ikhiPbLoRBpF3I4iBpFWr6h25JFGKwbRizySuBLtuBpJNGI1VmM5kkhjKW5HL7aiGxuxFq1qK/fifnXcl6fkOAlqPE1Qc0rQqJiXL7zK/GN/ENTr86NlR9X/G5P6/9eqPjx8+zSrFDN1Ztw4uTdveE674/ofu7v/3i3NOiMAAADgpNWqT99rl16aPF7POukvZ5wVAAAAcJKqrzJdLCdny9brUSvH//W9gJdmlxsAAABwMmpxafQpwGK8MWyNz4SqG/sDAADAi6H6//9L5WSxbM2NZg/H/2NzM0oOAAAAOBF/2rvG/k4ceY3dol8O/+cjovZ1/9bbtQetMq714MxwvTOHtzhYv1A7P9pINVmZHz1qpxdro6tfTi6C+f1ocu9J1/qv5fnZ501g75OMN+8Mp3cmS6peFtezTrrU7nXeb0SrdX5ukN4afPnZ/d9FlL3/ubt5vhb37m/fXfrk8+07VS5fl1v5+sHoirC1/yKX38brw5jXz8Vje7wTtbPViRijfheH/db37/9oX8a79PJT9PnNOOby4nC6eHD/F8o+G0vH7f1i7dxo/efa82/GwW9deWs4OSKL5pQsqmPR3H/8Dx2Lp8oi3joui/OTLJbHWezG+MqYB7NYfs4sAGbl3qQKHay7Zyf1/7G6+wzvcqdT3b+JK8OYKxeqN9b5C0fUlfqRdWX3zKEa++zV7W9xdRhzdRx8XI0t9/kvk34bVb/flit8e2y/RWd8QB78Jq7PPdp5534Ve/ezZnN5pf5uvf5eM85WuzGalJn+a+Fwpi+H2gPwP+1y9f3/ab+xc3TEmb3SXHs33iynP9s3qi5r0qTi/f/klIKl+CQ+j+24E9eqsw0i4o2j+13cdxrCtbg8SvboUevivl94uXb8qG5f7Phvl6eJHf68DAC8SC4/oQ5P6v/4t/jGEVUJHY7dr+0bdy/sjbtjNMI8VMunj47313IA4IeR5t/XFgd/rOXlg8bqaqM1uJkmea/9YZJnaxtpknUHad6+2epupEk/7w167V6nbHyUraVFUmz1+718kKz38qTfK7JbP4+skyajn34v0s1Wd5C1i34nbRVp0u51B632IFnLinbS3/pFJyu+2t3dLVcu+mk7W8/arUHW6yZFbytvp0tJUqTpKPBmmifZWtodZOtZ2ewm/Tw7F/nt5KNeZ2szTdbSop1n/UEvr7IZ95V118/lm9Vml2Z9sAHgR+Lho51PP97evvvF0Y2FOHZR1fjn9NWHjVnvIwBw0LQq/di3zwAAAAAAAAAAAAAAgJl4wvl/z96oHZozFxE/VF8vXGP3q1Ppa3yCx+yenTM/kgP+eOPbfXOSE9zyyxHxo9jBA41zjy+a8RsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzhPwEAAP//ONRIwg==")
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8000000003, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x5, 0x800000000003}, 0x115d2, 0x0, 0x10000005, 0x3, 0x3c, 0xa, 0xfffc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
membarrier(0x10, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)

1.292530343s ago: executing program 0 (id=3279):
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[], 0x48)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, 0x0, 0x20004804)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r2}, 0x10)
r3 = io_uring_setup(0x1694, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)

1.045809707s ago: executing program 4 (id=3280):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r1}, 0x10)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000140)=@o_path={&(0x7f00000000c0)='./file1\x00', r1}, 0x18)

990.138777ms ago: executing program 0 (id=3281):
sched_setaffinity(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="05000000040000"], 0x48)
socket$inet_sctp(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f00000008c0)={0x70, r0, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xa}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x4488c}, 0x20004804)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00'}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))

989.788817ms ago: executing program 4 (id=3282):
close(0xffffffffffffffff)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
setgroups(0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000e1000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601020500000005000100070000000900020073797a1b00000000050005000200ff000c0007800500150001000000050004000000000011006b00000000"], 0x58}, 0x1, 0x0, 0x0, 0xc8f0}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={0xffffffffffffffff, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, &(0x7f00000005c0)=[0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0], 0x0, 0xc6, &(0x7f0000000680)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x7c, 0x8, 0x8, &(0x7f0000000740)}}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000000)={0x1})
fcntl$lock(r4, 0x25, &(0x7f0000000140)={0x2, 0x2, 0x5, 0x80000000})

905.315608ms ago: executing program 4 (id=3283):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000a40), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x4}, {0x6}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0xffffffff}, {0x0, 0x2}, {}, {}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x1}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x1}, {0x0, 0x800000, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {0x0, 0x0, 0x2}, {0x4, 0x4000000}, {}, {0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x3, 0x0, 0x2, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x400000}, {}, {0xfffffffd}, {}, {}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x6}, {}, {}, {0x0, 0x3}, {}, {0x0, 0x0, 0x1}, {}, {0x0, 0x5}], [{0x2}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) (fail_nth: 6)

904.747978ms ago: executing program 2 (id=3284):
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', <r0=>0x0, 0x0, 0x1, 0x82, 0xfffffff9, 0x12, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x40, 0x7, 0x2}})
syz_open_procfs(0x0, &(0x7f00000001c0)='net/softnet_stat\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES64], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0x4000000000002ab}, 0x18)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000580)={0x2, 0x201, 0xca25, 0x5, r4}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@acl}, {@resgid}, {@norecovery}, {@noinit_itable}, {@data_writeback}]}, 0x21, 0x5fb, &(0x7f00000004c0)="$eJzs3c9vFGUfAPDvTH/Svu/bQt6oeJAmxkCitLSAIcZEuBOCP26eKi0EKZTQGi2SWBK8mBgvHkw8eRD/CyXx6sGrBy+eDAkxhoMYImtmO1Om293SX7tbup9PMnSeme48z5R++5199nlmAuhYI9k/acT+iLiaRAyV9nVHvnNk6fvu/3njXLYkUam8/UcSNz5JFsvHSvKvg/mL/xmK5Oc0Yl/X6nrnFq5fmpyZmb6Wl8fmL18dm1u4fvji5ckL0xemr0y8OnHi+LHjJ8aPbOn8ylWfvvX+h0OfnXn3268fJuPf/XomiZPxKP+G7LxqX9u3pZqzn9lIVJY8KG/Pfq4ntnjsneKvoeL35LGkdgM7Vpr/Pv4vIp6Noegq/W8OxadvtrVxQFNVkihyFNBxkk3Ff//2NwRoseI6oHhvX+998Gppk69KgFa4d2qpA2Ap9nsiooj/7qW+weiPbOvA/WRFP08SEVvrmVuS1fHTj2duZUs06IcDmmPxZtHLXZv/k2psDkd/tTRwP10R/2lpyba/tcn6R2rK4h9aZ/FmRDyX5//e2FD8j5Ti/71N1i/+AQAAAAAAYPvcORURr9Qb/5cuj//prTP+ZzAiTm5D/U/+/C+9m68k21AdUHLvVMTrdcf/Lo/xHe7KS/+tjgfoSc5fnJk+ks8ZPBQ9fVl5vOa45RHChz/f91Wj+svj/7Ilq78YC5gf6W53zUTcqcn5ya2eNxBx72bE89XxvwfyLSvH/2T5P6mT/7P4vrrOOva9dPtso31Pjn+gWSrfRBysm/8fX24na9+fY6x6PTBWXBWs9sLHX3zfqH7xD+2T5f+BteO/Lynfr2duY8fvjYijC92VRvs3e/3fm7zTVRw/89Hk/Py18Yje5PTq7RMbazPsVkU8FPGSxf+hF9fu/1u+/i/F4Z6IWFxnnc88Gvyt0T75H9oni/+ptfP/8Mr8v/GVidvDPzSq/+y68v+xak4/lG/R/wdlq+/Hsd4AbUtzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOApl0bEfyJJR5fX03R0NGIwIv4fA+nM7Nz8y+dnP7gyle2rPv8/LZ70O7RUTorn/w+XyhM15aMRsTcivuzaUy2PnpudmWr3yQMAAAAAAAAAAAAAAAAAAMAOMVid81/pq53/n/m9q92tA5quO/8q3qHzdG/6lZW+bW0I0HKbj3/gabf++O9pajuA1msc/w8eVqpa2hyghVz/Q+faZPz7uAB2AfkfOtU6+/T6m90OoB3kfwAAAAAA2FX2HrjzSxIRi6/tqS6Z3nyfwf6wu6XtbgDQNsbwQufqnm13C4B28R4fSJbX/q472b/x6P+kOQ0CAAAAAAAAAAAAAFY5uN/8f+hUa8//N7YfdrM15v/XC363C4BdpPGjP+R+2O28xweelO3N/wcAAAAAAAAAAACAHaD/+qXJmZnpa3MLT9/KGzujGRtbWZzcEc3Y1pVHzTlyT0TsjBNs9UpxC442NqPNf5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBl/wYAAP//SlcnIw==")

850.211889ms ago: executing program 0 (id=3285):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001340)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000a0e97b2c68a5dc53086d1fac030000000000000000faffff1f000c"], &(0x7f0000000240)='GPL\x00', 0xd, 0x0, 0x0, 0x41000, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r3, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0x18}], 0x1)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffa000/0x1000)=nil)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000200)=[@mss={0x2, 0x6}, @timestamp, @sack_perm, @mss={0x2, 0x200}, @sack_perm], 0x5)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x401c5820, &(0x7f00000001c0)=0x8)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{}, &(0x7f0000000580), &(0x7f00000007c0)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}})

259.868367ms ago: executing program 4 (id=3286):
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
inotify_init1(0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0a00000001000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000068797e9305678c8c00"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000300), &(0x7f00000002c0)}, 0x20)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f0000000340)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, 0x0, 0x0)

255.529897ms ago: executing program 5 (id=3287):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd88500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000880)=0x20000000)
msgctl$IPC_RMID(0x0, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000800)=ANY=[@ANYBLOB="1221010200000008020921d3060201220f0609058103ff03080804000000000000000000000090410e33a79a4f721997e804d8614351534bd77357f4b4ce4665984c1a58901742c24e00"/89], &(0x7f0000000740)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x200, 0x3, 0xd, 0x3, 0x0, 0x40}, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="050f8f0000"]})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f0000000540), 0x10, 0x7e0, &(0x7f0000002800)="$eJzs3d9rXFkdAPDvnUyaNG1NBMHq04CggdKJqbFV8KHigwgWCvokaBsm01AzyZTMpDQhWIsIvghafBD0pc9V65tP4q9X91/YfVmWpWV/pGXb3Ydlljs/kkkymUyyyaTbfD5wk3PuPTfnfufce+7J3MNMAMdWLv2RifhSRPwuiRhtrk8iYnBLuedrq4V0SaJW+9F7Sb3Ms7XVQrTtEyMjcaqZORsR//11xLnM9noryytz06VScbGZn6jO35qoLK+cvzk/PVucLS5cnJyaunDpm5eGDi7WD15bOf3k99//2t8uf/SrLz767f+SuBynm9va4+jJL/65a5Fc5BqvSQzG5S3bvrenyl5+yVEfAPuSXpoDEZGNtA8YzcaJ3vfNHuaBAQCH5m5E1ACAYyZx/weAY6b1PsCztdVCutTuHu37Ef32zncjYrgRf+v5ZmNLtvnMbrj+HHTkWbLpeUcSEWMHUH8uIv78j5/9JV1iP88hAfbpl/ci4vpYrtX/b/Q/ybY5Cw29T8j4eivRZXJAbkte/wf98+90/POtjfHfxvWXWR//RIfxz1CHa3c/crF5xsn26z/z+ACq2VE6/vvO4Mbctudt8TeNDTRzZ+pjvsHkxs1SMe3bPhcR4zE4lOYnN//ZM2faMuNPP366aWtbxO3jv/fv//xhWn/6e6NE5nF2S5c7M12dPpDg0/jvRXw52yn+ZL39kx3Gv1d7rOMH3/7Nn3balsafxttaNsd/+LPKag8ivhqd429Jus1PvDhRPx0mWidFB39/848jO9Xf3v7pktbf+l+gH9L2H+ke/1jSPl+zsvc6/v9g9D87bctFDHSPv/P5fyL5cT3dupTuTFeri5MRJ5Ifbl9/YWPfVr5VPo1//Cudr/9u53/6P+H1HuPPPnn3r13ib7R/a8VO7d/ohuPKv3qstEdp/DN7av+9Jx49nxvYNf6u7T9VT4031/TS//V6gJ/mtQMAAAAAAAAAAAAAAAAAAAAAAACAXmUi4nQkmfx6OpPJ56P+Hd5fiJFMqVypnrtRXlqYifp3ZY/FYKb1UZejbZ+HOtn8PPxW/sKW/Dci4vMR8Yehk/V8vlAuzRx18AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQdGqH7/9PvT3U+P3iSI8QADgUw7uWeFrsy4EAAH2z+/0/IoYO/zgAgP7p6f4PALxS3P8B4Phx/weA42c4IttDsZ/04VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4NV29ciVdai/WVgtpfub28tJc+fb5mWJlLj+/VMgXyou38rPl8mypmC+U59t2fb3T3yuVy7emYmHpzkS1WKlOVJZXrs2Xlxaq127OT88WrxUH+xYZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPSusrwyN10qFRebiYcjEZvXSBx+4sNardZz4dpoo+leloM//MRb5984263M/W2n8XripyeP0wt1kImj7pkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhs+CQAA//8W7yc1")
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=ANY=[@ANYBLOB="080000210197a200"], 0x8, 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)

49.144159ms ago: executing program 4 (id=3288):
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0)
syz_emit_ethernet(0x6f, &(0x7f0000000980)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x4d, 0x0, @opaque="49061741a8a88a9c64c5207e6c0af06215b7fb1a74c61d607d43211301300d7c274f461e9993b48c91bcdf1aecc1f39ebad04a191154d2a893447067ee92e2c86ecfd35472"}}}}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001940)=""/4096, 0x1000}], 0x1}, 0x7061ab3a}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000e80)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @empty, @dev={0xac, 0x14, 0x14, 0xd}}}}}, 0x0)

0s ago: executing program 4 (id=3289):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'veth1_to_team\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x3b, 0x1, [{0x8, 0x1}]}})
timer_settime(0x0, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)
ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xfffff)

kernel console output (not intermixed with test programs):

 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  150.100318][   T29] audit: type=1326 audit(1751453446.570:228268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10244 comm="syz.4.2745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  150.124138][   T29] audit: type=1326 audit(1751453446.570:228269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10244 comm="syz.4.2745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  150.147872][   T29] audit: type=1326 audit(1751453446.570:228270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10244 comm="syz.4.2745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  150.205798][T10260] sd 0:0:1:0: device reset
[  150.260763][T10264] loop4: detected capacity change from 0 to 1024
[  150.267918][T10264] EXT4-fs: Ignoring removed orlov option
[  150.277471][T10264] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  150.298984][T10264] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  150.318876][T10264] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840e01c, mo2=0000]
[  150.327078][T10264] System zones: 0-1, 3-12
[  150.330740][T10269] netlink: 'syz.0.2755': attribute type 2 has an invalid length.
[  150.332643][T10264] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #3: block 1: comm syz.4.2753: lblock 1 mapped to illegal pblock 1 (length 1)
[  150.339257][T10269] netlink: 'syz.0.2755': attribute type 9 has an invalid length.
[  150.353385][T10264] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2753: Failed to acquire dquot type 0
[  150.360842][T10269] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2755'.
[  150.381436][T10264] EXT4-fs error (device loop4): ext4_free_blocks:6587: comm syz.4.2753: Freeing blocks not in datazone - block = 0, count = 4096
[  150.395531][T10264] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2753: Invalid inode bitmap blk 0 in block_group 0
[  150.411662][T10105] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  150.412403][T10272] loop2: detected capacity change from 0 to 512
[  150.432003][T10264] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  150.432144][T10264] EXT4-fs (loop4): 1 orphan inode deleted
[  150.447218][T10105] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  150.473057][T10272] EXT4-fs: Ignoring removed oldalloc option
[  150.483959][T10272] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  150.494759][T10272] EXT4-fs (loop2): 1 truncate cleaned up
[  150.592752][T10281] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10281 comm=syz.4.2760
[  150.638333][T10288] FAULT_INJECTION: forcing a failure.
[  150.638333][T10288] name failslab, interval 1, probability 0, space 0, times 0
[  150.651127][T10288] CPU: 1 UID: 0 PID: 10288 Comm: syz.0.2762 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  150.651154][T10288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.651182][T10288] Call Trace:
[  150.651188][T10288]  <TASK>
[  150.651195][T10288]  __dump_stack+0x1d/0x30
[  150.651217][T10288]  dump_stack_lvl+0xe8/0x140
[  150.651236][T10288]  dump_stack+0x15/0x1b
[  150.651253][T10288]  should_fail_ex+0x265/0x280
[  150.651284][T10288]  should_failslab+0x8c/0xb0
[  150.651344][T10288]  kmem_cache_alloc_node_noprof+0x57/0x320
[  150.651372][T10288]  ? __alloc_skb+0x101/0x320
[  150.651401][T10288]  __alloc_skb+0x101/0x320
[  150.651442][T10288]  netlink_alloc_large_skb+0xba/0xf0
[  150.651496][T10288]  netlink_sendmsg+0x3cf/0x6b0
[  150.651517][T10288]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.651537][T10288]  __sock_sendmsg+0x145/0x180
[  150.651562][T10288]  ____sys_sendmsg+0x31e/0x4e0
[  150.651646][T10288]  ___sys_sendmsg+0x17b/0x1d0
[  150.651689][T10288]  __x64_sys_sendmsg+0xd4/0x160
[  150.651775][T10288]  x64_sys_call+0x2999/0x2fb0
[  150.651854][T10288]  do_syscall_64+0xd2/0x200
[  150.651873][T10288]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  150.651900][T10288]  ? clear_bhb_loop+0x40/0x90
[  150.651922][T10288]  ? clear_bhb_loop+0x40/0x90
[  150.651944][T10288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.652013][T10288] RIP: 0033:0x7f3664e7e929
[  150.652092][T10288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.652167][T10288] RSP: 002b:00007f36634e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  150.652216][T10288] RAX: ffffffffffffffda RBX: 00007f36650a5fa0 RCX: 00007f3664e7e929
[  150.652232][T10288] RDX: 0000000000000004 RSI: 0000200000000300 RDI: 000000000000000b
[  150.652270][T10288] RBP: 00007f36634e7090 R08: 0000000000000000 R09: 0000000000000000
[  150.652283][T10288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.652295][T10288] R13: 0000000000000000 R14: 00007f36650a5fa0 R15: 00007ffe5cc97c88
[  150.652377][T10288]  </TASK>
[  151.008983][T10312] sd 0:0:1:0: device reset
[  151.196419][T10325] loop4: detected capacity change from 0 to 2048
[  151.263291][T10332] netlink: 'syz.4.2776': attribute type 2 has an invalid length.
[  151.271088][T10332] netlink: 'syz.4.2776': attribute type 9 has an invalid length.
[  151.278881][T10332] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2776'.
[  151.305904][T10334] loop4: detected capacity change from 0 to 512
[  151.313982][T10334] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  151.324936][T10334] EXT4-fs (loop4): 1 truncate cleaned up
[  151.386261][T10126] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.396888][T10126] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.408126][T10126] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.420094][T10126] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.450368][T10346] sd 0:0:1:0: device reset
[  151.462173][T10341] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2780'.
[  151.496719][T10351] netlink: 'syz.4.2783': attribute type 2 has an invalid length.
[  151.504589][T10351] netlink: 'syz.4.2783': attribute type 9 has an invalid length.
[  151.512335][T10351] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2783'.
[  151.548586][T10355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.557843][T10355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.574465][T10355] loop4: detected capacity change from 0 to 2048
[  151.583291][T10355] EXT4-fs (loop4): VFS: Can't find ext4 filesystem
[  151.786065][T10361] netlink: 'syz.2.2787': attribute type 2 has an invalid length.
[  151.793850][T10361] netlink: 'syz.2.2787': attribute type 9 has an invalid length.
[  151.801618][T10361] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2787'.
[  151.828111][T10365] loop0: detected capacity change from 0 to 512
[  151.835421][T10365] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  151.847167][T10365] EXT4-fs (loop0): 1 truncate cleaned up
[  151.858259][T10368] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2790'.
[  151.870831][T10368] batadv0: entered promiscuous mode
[  151.876430][T10368] batadv0: entered allmulticast mode
[  151.941539][T10374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2793'.
[  151.981252][T10382] loop0: detected capacity change from 0 to 1024
[  151.988194][T10382] EXT4-fs: Ignoring removed nomblk_io_submit option
[  152.188192][T10397] netlink: 'syz.2.2801': attribute type 2 has an invalid length.
[  152.196037][T10397] netlink: 'syz.2.2801': attribute type 9 has an invalid length.
[  152.203784][T10397] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2801'.
[  152.230892][T10401] 9pnet_fd: Insufficient options for proto=fd
[  152.239229][T10401] loop2: detected capacity change from 0 to 512
[  152.245837][T10401] EXT4-fs: Ignoring removed nomblk_io_submit option
[  152.253667][T10401] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  152.261656][T10401] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  152.270121][T10401] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80)
[  152.279673][T10401] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features
[  152.280561][T10399] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2800'.
[  152.374061][T10413] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2807'.
[  152.385312][T10413] batadv0: entered promiscuous mode
[  152.390587][T10413] batadv0: entered allmulticast mode
[  152.414679][T10415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.423392][T10415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.438163][T10415] loop2: detected capacity change from 0 to 2048
[  152.445641][T10415] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[  152.542716][T10421] loop3: detected capacity change from 0 to 1024
[  152.572952][T10421] ext4 filesystem being mounted at /576/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.585227][T10421] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 1: comm syz.3.2811: lblock 1 mapped to illegal pblock 1 (length 4)
[  152.599868][T10421] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 4 with error 117
[  152.612180][T10421] EXT4-fs (loop3): This should not happen!! Data will be lost
[  152.612180][T10421] 
[  152.627978][T10421] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2811: lblock 3 mapped to illegal pblock 3 (length 2)
[  152.642794][T10421] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 2 with error 117
[  152.655231][T10421] EXT4-fs (loop3): This should not happen!! Data will be lost
[  152.655231][T10421] 
[  152.666084][T10421] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm syz.3.2811: lblock 8 mapped to illegal pblock 8 (length 8)
[  152.680435][T10421] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  152.692756][T10421] EXT4-fs (loop3): This should not happen!! Data will be lost
[  152.692756][T10421] 
[  152.704067][T10421] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  152.721878][T10426] pim6reg1: entered promiscuous mode
[  152.727235][T10426] pim6reg1: entered allmulticast mode
[  152.748959][T10428] loop3: detected capacity change from 0 to 1024
[  152.755767][T10428] EXT4-fs: Ignoring removed orlov option
[  152.863750][T10433] loop4: detected capacity change from 0 to 512
[  152.870662][T10433] EXT4-fs: test_dummy_encryption option not supported
[  153.006617][T10437] FAULT_INJECTION: forcing a failure.
[  153.006617][T10437] name failslab, interval 1, probability 0, space 0, times 0
[  153.019341][T10437] CPU: 1 UID: 0 PID: 10437 Comm: syz.0.2815 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  153.019389][T10437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.019401][T10437] Call Trace:
[  153.019407][T10437]  <TASK>
[  153.019414][T10437]  __dump_stack+0x1d/0x30
[  153.019434][T10437]  dump_stack_lvl+0xe8/0x140
[  153.019452][T10437]  dump_stack+0x15/0x1b
[  153.019469][T10437]  should_fail_ex+0x265/0x280
[  153.019499][T10437]  should_failslab+0x8c/0xb0
[  153.019585][T10437]  __kmalloc_node_noprof+0xa9/0x410
[  153.019672][T10437]  ? __rcu_read_unlock+0x4f/0x70
[  153.019690][T10437]  ? qdisc_alloc+0x65/0x440
[  153.019797][T10437]  qdisc_alloc+0x65/0x440
[  153.019885][T10437]  ? __rcu_read_unlock+0x4f/0x70
[  153.019905][T10437]  qdisc_create_dflt+0x7f/0x2d0
[  153.019930][T10437]  dev_activate+0x209/0x9e0
[  153.020040][T10437]  __dev_open+0x472/0x530
[  153.020098][T10437]  __dev_change_flags+0x163/0x400
[  153.020125][T10437]  netif_change_flags+0x5a/0xd0
[  153.020270][T10437]  dev_change_flags+0xce/0x180
[  153.020291][T10437]  ? netdev_name_node_lookup+0xa4/0xd0
[  153.020323][T10437]  dev_ifsioc+0x44b/0xaa0
[  153.020341][T10437]  ? __rcu_read_unlock+0x4f/0x70
[  153.020443][T10437]  dev_ioctl+0x70a/0x960
[  153.020461][T10437]  sock_do_ioctl+0x197/0x220
[  153.020483][T10437]  sock_ioctl+0x41b/0x610
[  153.020505][T10437]  ? __pfx_sock_ioctl+0x10/0x10
[  153.020525][T10437]  __se_sys_ioctl+0xce/0x140
[  153.020592][T10437]  __x64_sys_ioctl+0x43/0x50
[  153.020679][T10437]  x64_sys_call+0x19a8/0x2fb0
[  153.020699][T10437]  do_syscall_64+0xd2/0x200
[  153.020770][T10437]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  153.020796][T10437]  ? clear_bhb_loop+0x40/0x90
[  153.020852][T10437]  ? clear_bhb_loop+0x40/0x90
[  153.020870][T10437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.020888][T10437] RIP: 0033:0x7f3664e7e929
[  153.020904][T10437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.020918][T10437] RSP: 002b:00007f36634e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  153.020935][T10437] RAX: ffffffffffffffda RBX: 00007f36650a5fa0 RCX: 00007f3664e7e929
[  153.021000][T10437] RDX: 0000200000000140 RSI: 0000000000008914 RDI: 0000000000000009
[  153.021010][T10437] RBP: 00007f36634e7090 R08: 0000000000000000 R09: 0000000000000000
[  153.021020][T10437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.021098][T10437] R13: 0000000000000000 R14: 00007f36650a5fa0 R15: 00007ffe5cc97c88
[  153.021115][T10437]  </TASK>
[  153.021124][T10437] pim6reg1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  153.280758][T10437] pim6reg1: entered promiscuous mode
[  153.286182][T10437] pim6reg1: entered allmulticast mode
[  153.295904][T10441] loop3: detected capacity change from 0 to 8192
[  153.326927][ T3311] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  153.334874][ T3311] FAT-fs (loop3): Filesystem has been set read-only
[  153.373528][T10452] batadv0: entered promiscuous mode
[  153.378761][T10452] batadv0: entered allmulticast mode
[  153.629301][T10470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.638204][T10470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.657121][T10470] loop0: detected capacity change from 0 to 2048
[  153.669869][T10470] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[  153.821246][T10478] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  153.830003][T10478] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  153.838252][T10478] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  153.846531][T10478] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  153.995475][T10495] loop2: detected capacity change from 0 to 1024
[  154.002351][T10495] EXT4-fs: Ignoring removed nomblk_io_submit option
[  154.016885][T10497] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.029299][T10495] EXT4-fs mount: 38 callbacks suppressed
[  154.029312][T10495] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.061123][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.071637][T10497] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.122966][T10497] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.173132][T10497] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  154.239252][T10497] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  154.268455][T10497] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  154.310425][T10497] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  154.353260][T10497] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  154.506874][T10527] x_tables: ip_tables: icmp match: only valid for protocol 1
[  154.517224][T10527] loop3: detected capacity change from 0 to 512
[  154.581440][T10530] loop2: detected capacity change from 0 to 512
[  154.880715][T10538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.893304][T10538] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.921784][T10538] loop1: detected capacity change from 0 to 2048
[  154.944495][T10538] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[  155.060450][T10527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.073857][T10527] ext4 filesystem being mounted at /583/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  155.235165][   T29] kauditd_printk_skb: 211 callbacks suppressed
[  155.235180][   T29] audit: type=1400 audit(1751453451.910:228479): avc:  denied  { ioctl } for  pid=10526 comm="syz.3.2847" path="/583/bus/file1" dev="loop3" ino=15 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  155.463070][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.559007][   T29] audit: type=1400 audit(1751453452.230:228480): avc:  denied  { sqpoll } for  pid=10557 comm="syz.0.2858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  155.589316][T10558] FAULT_INJECTION: forcing a failure.
[  155.589316][T10558] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.602407][T10558] CPU: 0 UID: 0 PID: 10558 Comm: syz.0.2858 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  155.602456][T10558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.602465][T10558] Call Trace:
[  155.602471][T10558]  <TASK>
[  155.602478][T10558]  __dump_stack+0x1d/0x30
[  155.602572][T10558]  dump_stack_lvl+0xe8/0x140
[  155.602588][T10558]  dump_stack+0x15/0x1b
[  155.602603][T10558]  should_fail_ex+0x265/0x280
[  155.602639][T10558]  should_fail+0xb/0x20
[  155.602731][T10558]  should_fail_usercopy+0x1a/0x20
[  155.602761][T10558]  _copy_from_user+0x1c/0xb0
[  155.602898][T10558]  snd_seq_event_dup+0x306/0x460
[  155.602926][T10558]  snd_seq_client_enqueue_event+0x1dc/0x2a0
[  155.602962][T10558]  snd_seq_write+0x41a/0x530
[  155.602988][T10558]  ? __pfx_snd_seq_write+0x10/0x10
[  155.603010][T10558]  vfs_write+0x266/0x8e0
[  155.603192][T10558]  ? __rcu_read_unlock+0x4f/0x70
[  155.603215][T10558]  ? __fget_files+0x184/0x1c0
[  155.603237][T10558]  ksys_write+0xda/0x1a0
[  155.603336][T10558]  __x64_sys_write+0x40/0x50
[  155.603366][T10558]  x64_sys_call+0x2cdd/0x2fb0
[  155.603388][T10558]  do_syscall_64+0xd2/0x200
[  155.603450][T10558]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  155.603476][T10558]  ? clear_bhb_loop+0x40/0x90
[  155.603494][T10558]  ? clear_bhb_loop+0x40/0x90
[  155.603511][T10558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.603637][T10558] RIP: 0033:0x7f3664e7e929
[  155.603653][T10558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.603671][T10558] RSP: 002b:00007f36634e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  155.603691][T10558] RAX: ffffffffffffffda RBX: 00007f36650a5fa0 RCX: 00007f3664e7e929
[  155.603705][T10558] RDX: 000000000000ffc8 RSI: 0000200000000000 RDI: 0000000000000004
[  155.603718][T10558] RBP: 00007f36634e7090 R08: 0000000000000000 R09: 0000000000000000
[  155.603731][T10558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.603857][T10558] R13: 0000000000000000 R14: 00007f36650a5fa0 R15: 00007ffe5cc97c88
[  155.603876][T10558]  </TASK>
[  155.844306][T10564] __nla_validate_parse: 9 callbacks suppressed
[  155.844320][T10564] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2859'.
[  155.862675][T10564] batadv0: entered promiscuous mode
[  155.867902][T10564] batadv0: entered allmulticast mode
[  156.044808][T10569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2861'.
[  156.158456][T10572] validate_nla: 2 callbacks suppressed
[  156.158472][T10572] netlink: 'syz.4.2862': attribute type 2 has an invalid length.
[  156.171812][T10572] netlink: 'syz.4.2862': attribute type 9 has an invalid length.
[  156.179527][T10572] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2862'.
[  156.232197][   T29] audit: type=1400 audit(1751453452.810:228481): avc:  denied  { ioctl } for  pid=10559 comm="syz.3.2856" path="socket:[29054]" dev="sockfs" ino=29054 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  156.257704][   T29] audit: type=1326 audit(1751453452.870:228482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.281380][   T29] audit: type=1326 audit(1751453452.870:228483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.305018][   T29] audit: type=1326 audit(1751453452.870:228484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.328661][   T29] audit: type=1326 audit(1751453452.870:228485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.352373][   T29] audit: type=1326 audit(1751453452.870:228486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.376084][   T29] audit: type=1326 audit(1751453452.870:228487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.399852][   T29] audit: type=1326 audit(1751453452.870:228488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10571 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f387e929 code=0x7ffc0000
[  156.479359][T10579] geneve0: left promiscuous mode
[  156.658440][T10595] loop1: detected capacity change from 0 to 512
[  156.698647][T10595] EXT4-fs (loop1): too many log groups per flexible block group
[  156.706407][T10595] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  156.746001][T10595] EXT4-fs (loop1): mount failed
[  156.758815][T10599] loop3: detected capacity change from 0 to 512
[  156.845488][T10599] EXT4-fs (loop3): too many log groups per flexible block group
[  156.853185][T10599] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  156.862750][T10599] EXT4-fs (loop3): mount failed
[  156.890994][T10594] 9pnet_fd: Insufficient options for proto=fd
[  156.905770][T10586] 9pnet_fd: Insufficient options for proto=fd
[  157.054366][T10615] loop2: detected capacity change from 0 to 1024
[  157.063471][T10615] SELinux: syz.2.2877 (10615) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  157.228500][T10629] loop2: detected capacity change from 0 to 512
[  157.252742][T10629] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  157.267125][T10629] EXT4-fs (loop2): 1 truncate cleaned up
[  157.273909][T10629] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.310102][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.411515][T10630] lo speed is unknown, defaulting to 1000
[  157.554559][T10630] chnl_net:caif_netlink_parms(): no params data found
[  157.608623][T10658] sd 0:0:1:0: device reset
[  157.646898][T10663] loop3: detected capacity change from 0 to 1024
[  157.665789][T10663] EXT4-fs: Ignoring removed nomblk_io_submit option
[  157.703274][T10663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.726245][T10630] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.733365][T10630] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.757853][T10630] bridge_slave_0: entered allmulticast mode
[  157.764819][T10630] bridge_slave_0: entered promiscuous mode
[  157.772154][T10630] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.779302][T10630] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.787454][T10630] bridge_slave_1: entered allmulticast mode
[  157.787568][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.794099][T10630] bridge_slave_1: entered promiscuous mode
[  157.852222][T10681] tipc: Started in network mode
[  157.857136][T10681] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  157.864386][T10681] tipc: Enabled bearer <eth:team0>, priority 0
[  157.872046][T10630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.904316][T10682] loop1: detected capacity change from 0 to 512
[  157.923840][T10630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.933218][   T31] dummy0: left allmulticast mode
[  157.969518][   T31] dummy0: left promiscuous mode
[  157.974549][   T31] bridge0: port 3(dummy0) entered disabled state
[  157.990256][T10682] EXT4-fs (loop1): too many log groups per flexible block group
[  157.997991][T10682] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  158.005807][   T31] bridge_slave_1: left allmulticast mode
[  158.011747][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.022060][   T31] bridge_slave_0: left allmulticast mode
[  158.027860][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.028201][T10682] EXT4-fs (loop1): mount failed
[  158.077869][T10682] 9pnet_fd: Insufficient options for proto=fd
[  158.157057][   T31] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.170226][   T31] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.180973][   T31] $Hÿ (unregistering): Released all slaves
[  158.231816][T10717] loop4: detected capacity change from 0 to 128
[  158.243784][T10630] team0: Port device team_slave_0 added
[  158.257000][T10630] team0: Port device team_slave_1 added
[  158.276894][   T31] tipc: Left network mode
[  158.290636][T10630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.297737][T10630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.323711][T10630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.336094][T10630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.343144][T10630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.369377][T10630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.395668][   T31] pim6reg (unregistering): left allmulticast mode
[  158.417795][T10736] netlink: 'syz.2.2911': attribute type 2 has an invalid length.
[  158.425626][T10736] netlink: 'syz.2.2911': attribute type 9 has an invalid length.
[  158.433449][T10736] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2911'.
[  158.498470][   T31] team0 (unregistering): Port device team_slave_1 removed
[  158.538808][   T31] team0 (unregistering): Port device team_slave_0 removed
[  158.568072][T10747] loop2: detected capacity change from 0 to 1024
[  158.592225][T10747] EXT4-fs: Ignoring removed nomblk_io_submit option
[  158.613617][T10747] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.663133][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.693789][T10630] hsr_slave_0: entered promiscuous mode
[  158.715357][T10754] sd 0:0:1:0: device reset
[  158.720903][T10630] hsr_slave_1: entered promiscuous mode
[  158.756974][T10756] FAULT_INJECTION: forcing a failure.
[  158.756974][T10756] name failslab, interval 1, probability 0, space 0, times 0
[  158.769638][T10756] CPU: 0 UID: 0 PID: 10756 Comm: syz.2.2916 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  158.769664][T10756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.769673][T10756] Call Trace:
[  158.769679][T10756]  <TASK>
[  158.769685][T10756]  __dump_stack+0x1d/0x30
[  158.769708][T10756]  dump_stack_lvl+0xe8/0x140
[  158.769735][T10756]  dump_stack+0x15/0x1b
[  158.769779][T10756]  should_fail_ex+0x265/0x280
[  158.769804][T10756]  should_failslab+0x8c/0xb0
[  158.769826][T10756]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  158.769870][T10756]  ? v9fs_session_init+0x78/0xde0
[  158.769897][T10756]  kstrdup+0x3e/0xd0
[  158.769918][T10756]  v9fs_session_init+0x78/0xde0
[  158.769941][T10756]  ? obj_cgroup_charge_account+0x122/0x1a0
[  158.770042][T10756]  ? __rcu_read_unlock+0x4f/0x70
[  158.770064][T10756]  ? should_fail_ex+0xdb/0x280
[  158.770091][T10756]  ? v9fs_mount+0x51/0x590
[  158.770130][T10756]  ? should_failslab+0x8c/0xb0
[  158.770152][T10756]  ? __kmalloc_cache_noprof+0x189/0x320
[  158.770179][T10756]  v9fs_mount+0x67/0x590
[  158.770258][T10756]  ? __pfx_v9fs_mount+0x10/0x10
[  158.770286][T10756]  legacy_get_tree+0x78/0xd0
[  158.770321][T10756]  vfs_get_tree+0x54/0x1d0
[  158.770390][T10756]  do_new_mount+0x207/0x680
[  158.770472][T10756]  path_mount+0x4a4/0xb20
[  158.770500][T10756]  ? user_path_at+0x109/0x130
[  158.770522][T10756]  __se_sys_mount+0x28f/0x2e0
[  158.770560][T10756]  ? fput+0x8f/0xc0
[  158.770631][T10756]  __x64_sys_mount+0x67/0x80
[  158.770666][T10756]  x64_sys_call+0xd36/0x2fb0
[  158.770684][T10756]  do_syscall_64+0xd2/0x200
[  158.770699][T10756]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  158.770763][T10756]  ? clear_bhb_loop+0x40/0x90
[  158.770780][T10756]  ? clear_bhb_loop+0x40/0x90
[  158.770798][T10756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.770817][T10756] RIP: 0033:0x7f5a81d3e929
[  158.770833][T10756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.770864][T10756] RSP: 002b:00007f5a803a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  158.770901][T10756] RAX: ffffffffffffffda RBX: 00007f5a81f65fa0 RCX: 00007f5a81d3e929
[  158.770914][T10756] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000
[  158.770926][T10756] RBP: 00007f5a803a7090 R08: 0000200000000240 R09: 0000000000000000
[  158.770939][T10756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  158.771010][T10756] R13: 0000000000000000 R14: 00007f5a81f65fa0 R15: 00007fffcbef1448
[  158.771029][T10756]  </TASK>
[  159.034881][   T10] tipc: Node number set to 11578026
[  159.076941][T10762] loop2: detected capacity change from 0 to 512
[  159.084956][T10762] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  159.211836][T10778] loop3: detected capacity change from 0 to 1024
[  159.218675][T10778] EXT4-fs: Ignoring removed nomblk_io_submit option
[  159.262058][T10762] EXT4-fs (loop2): 1 truncate cleaned up
[  159.268022][T10762] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.297757][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.312021][T10778] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.336745][T10788] FAULT_INJECTION: forcing a failure.
[  159.336745][T10788] name failslab, interval 1, probability 0, space 0, times 0
[  159.349422][T10788] CPU: 0 UID: 0 PID: 10788 Comm: syz.2.2920 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  159.349470][T10788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.349479][T10788] Call Trace:
[  159.349485][T10788]  <TASK>
[  159.349491][T10788]  __dump_stack+0x1d/0x30
[  159.349511][T10788]  dump_stack_lvl+0xe8/0x140
[  159.349527][T10788]  dump_stack+0x15/0x1b
[  159.349570][T10788]  should_fail_ex+0x265/0x280
[  159.349597][T10788]  ? audit_log_d_path+0x8d/0x150
[  159.349693][T10788]  should_failslab+0x8c/0xb0
[  159.349786][T10788]  __kmalloc_cache_noprof+0x4c/0x320
[  159.349811][T10788]  audit_log_d_path+0x8d/0x150
[  159.349870][T10788]  audit_log_d_path_exe+0x42/0x70
[  159.349900][T10788]  audit_log_task+0x1e9/0x250
[  159.349929][T10788]  audit_seccomp+0x61/0x100
[  159.349953][T10788]  ? __seccomp_filter+0x68c/0x10d0
[  159.350046][T10788]  __seccomp_filter+0x69d/0x10d0
[  159.350069][T10788]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  159.350097][T10788]  ? vfs_write+0x75e/0x8e0
[  159.350121][T10788]  ? __rcu_read_unlock+0x4f/0x70
[  159.350153][T10788]  ? __fget_files+0x184/0x1c0
[  159.350225][T10788]  __secure_computing+0x82/0x150
[  159.350246][T10788]  syscall_trace_enter+0xcf/0x1e0
[  159.350276][T10788]  do_syscall_64+0xac/0x200
[  159.350294][T10788]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  159.350314][T10788]  ? clear_bhb_loop+0x40/0x90
[  159.350338][T10788]  ? clear_bhb_loop+0x40/0x90
[  159.350401][T10788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.350421][T10788] RIP: 0033:0x7f5a81d3e929
[  159.350436][T10788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.350454][T10788] RSP: 002b:00007f5a803a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  159.350472][T10788] RAX: ffffffffffffffda RBX: 00007f5a81f65fa0 RCX: 00007f5a81d3e929
[  159.350485][T10788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  159.350495][T10788] RBP: 00007f5a803a7090 R08: 0000000000000000 R09: 0000000000000000
[  159.350505][T10788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.350593][T10788] R13: 0000000000000000 R14: 00007f5a81f65fa0 R15: 00007fffcbef1448
[  159.350611][T10788]  </TASK>
[  159.576792][T10786] netlink: 'syz.1.2921': attribute type 2 has an invalid length.
[  159.584564][T10786] netlink: 'syz.1.2921': attribute type 9 has an invalid length.
[  159.592308][T10786] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2921'.
[  159.612128][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.664595][T10797] IPVS: stopping master sync thread 10803 ...
[  159.670736][T10803] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  159.784835][T10817] loop3: detected capacity change from 0 to 1024
[  159.793518][T10817] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  159.834215][T10817] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  159.877831][T10630] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  159.889493][T10630] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  159.905233][T10630] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  159.917694][T10630] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  159.931143][T10829] loop2: detected capacity change from 0 to 512
[  159.943665][T10829] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  159.944421][   T31] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.958880][T10829] EXT4-fs (loop2): 1 truncate cleaned up
[  159.970020][T10829] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.003085][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.024545][   T31] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.063633][T10849] netlink: 'syz.2.2933': attribute type 2 has an invalid length.
[  160.071468][T10849] netlink: 'syz.2.2933': attribute type 9 has an invalid length.
[  160.073273][T10630] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.079224][T10849] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2933'.
[  160.090041][T10630] 8021q: adding VLAN 0 to HW filter on device team0
[  160.109128][T10105] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.116256][T10105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.132224][   T31] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.167035][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.174135][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.202111][   T31] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.271099][T10630] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  160.281647][T10630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  160.403094][   T31] bridge_slave_1: left allmulticast mode
[  160.408882][   T31] bridge_slave_1: left promiscuous mode
[  160.414639][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.421941][   T29] kauditd_printk_skb: 261 callbacks suppressed
[  160.421951][   T29] audit: type=1326 audit(1751453457.080:228750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.451985][   T29] audit: type=1326 audit(1751453457.080:228751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.475812][   T29] audit: type=1326 audit(1751453457.080:228752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.499565][   T29] audit: type=1326 audit(1751453457.080:228753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.523275][   T29] audit: type=1326 audit(1751453457.080:228754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.546969][   T29] audit: type=1326 audit(1751453457.080:228755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.570720][   T29] audit: type=1326 audit(1751453457.080:228756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.594495][   T29] audit: type=1326 audit(1751453457.080:228757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.618106][   T29] audit: type=1326 audit(1751453457.080:228758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.641842][   T29] audit: type=1326 audit(1751453457.080:228759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10893 comm="syz.2.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  160.704245][   T31] bridge_slave_0: left allmulticast mode
[  160.709935][   T31] bridge_slave_0: left promiscuous mode
[  160.715688][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.833710][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  160.843348][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  160.852835][   T31] bond0 (unregistering): Released all slaves
[  160.890384][T10928] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2945'.
[  160.902571][T10928] batadv0: entered promiscuous mode
[  160.907825][T10928] batadv0: entered allmulticast mode
[  160.922578][   T31] hsr_slave_0: left promiscuous mode
[  160.929870][   T31] hsr_slave_1: left promiscuous mode
[  160.938774][   T31] veth1_macvtap: left promiscuous mode
[  160.944410][   T31] veth0_macvtap: left promiscuous mode
[  160.950101][   T31] veth1_vlan: left promiscuous mode
[  160.956236][   T31] veth0_vlan: left promiscuous mode
[  161.053161][   T31] team0 (unregistering): Port device team_slave_1 removed
[  161.065760][   T31] team0 (unregistering): Port device team_slave_0 removed
[  161.146387][T10959] loop3: detected capacity change from 0 to 1024
[  161.149104][T10630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  161.160500][T10959] EXT4-fs: Ignoring removed oldalloc option
[  161.190958][T10959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.201182][T10845] chnl_net:caif_netlink_parms(): no params data found
[  161.263383][T10845] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.270496][T10845] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.293137][T10845] bridge_slave_0: entered allmulticast mode
[  161.294232][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.299510][T10845] bridge_slave_0: entered promiscuous mode
[  161.325306][T10630] veth0_vlan: entered promiscuous mode
[  161.339886][T10845] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.347130][T10845] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.366889][T10845] bridge_slave_1: entered allmulticast mode
[  161.373474][T10845] bridge_slave_1: entered promiscuous mode
[  161.394277][T10630] veth1_vlan: entered promiscuous mode
[  161.409527][T10845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.426772][T10630] veth0_macvtap: entered promiscuous mode
[  161.437259][T10845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.447538][T10630] veth1_macvtap: entered promiscuous mode
[  161.467658][T10630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  161.499106][T10997] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2955'.
[  161.514261][T10845] team0: Port device team_slave_0 added
[  161.521296][T10845] team0: Port device team_slave_1 added
[  161.530650][T10997] batadv0: entered promiscuous mode
[  161.535935][T10997] batadv0: entered allmulticast mode
[  161.567679][T10630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  161.575273][T10845] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.582316][T10845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.608257][T10845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.621030][T10845] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.628103][T10845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.654099][T10845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.670966][T10630] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  161.679771][T10630] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  161.688512][T10630] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  161.697368][T10630] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  161.722573][T10845] hsr_slave_0: entered promiscuous mode
[  161.728538][T10845] hsr_slave_1: entered promiscuous mode
[  161.734727][T10845] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.742574][T10845] Cannot create hsr debugfs directory
[  161.938343][T10845] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  161.962040][T10845] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  161.993858][T10845] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  162.012850][T10845] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  162.101646][T10845] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.130148][T10845] 8021q: adding VLAN 0 to HW filter on device team0
[  162.148488][T11056] loop0: detected capacity change from 0 to 1024
[  162.162647][T11056] EXT4-fs: Ignoring removed nomblk_io_submit option
[  162.165436][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.176405][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.194792][T11056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.219180][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.226294][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.245924][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.251062][T11070] loop3: detected capacity change from 0 to 512
[  162.278912][T10845] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  162.289377][T10845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  162.303599][T11076] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2966'.
[  162.309292][T11070] EXT4-fs: Ignoring removed oldalloc option
[  162.323537][T11070] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  162.339020][T11076] batadv1: entered promiscuous mode
[  162.342350][T11070] EXT4-fs (loop3): 1 truncate cleaned up
[  162.344288][T11076] batadv1: entered allmulticast mode
[  162.350175][T11070] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.414256][T10845] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.515683][T11104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2967'.
[  162.596944][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.636304][T10845] veth0_vlan: entered promiscuous mode
[  162.657973][T10845] veth1_vlan: entered promiscuous mode
[  162.666748][T11127] loop3: detected capacity change from 0 to 512
[  162.678968][T11127] EXT4-fs: Ignoring removed oldalloc option
[  162.696402][T11127] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  162.708525][T10845] veth0_macvtap: entered promiscuous mode
[  162.711415][T11127] EXT4-fs (loop3): 1 truncate cleaned up
[  162.716175][T10845] veth1_macvtap: entered promiscuous mode
[  162.726185][T11127] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.730846][T10845] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.752221][T10845] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.766249][T10845] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.775046][T10845] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.783872][T10845] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.792654][T10845] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.941544][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.343026][T11198] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2973'.
[  163.389163][T11153] chnl_net:caif_netlink_parms(): no params data found
[  163.414310][T11201] loop2: detected capacity change from 0 to 512
[  163.432033][T11201] EXT4-fs error (device loop2): __ext4_fill_super:5500: inode #2: comm syz.2.2973: casefold flag without casefold feature
[  163.454673][T11153] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.461898][T11153] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.469327][T11201] EXT4-fs (loop2): get root inode failed
[  163.475016][T11201] EXT4-fs (loop2): mount failed
[  163.481689][T11153] bridge_slave_0: entered allmulticast mode
[  163.493304][T11153] bridge_slave_0: entered promiscuous mode
[  163.500076][T11153] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.507193][T11153] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.514084][T11201] loop2: detected capacity change from 0 to 128
[  163.514970][T11153] bridge_slave_1: entered allmulticast mode
[  163.527031][T11153] bridge_slave_1: entered promiscuous mode
[  163.544051][   T57] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.571318][T11153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.594642][T11153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.604686][   T57] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.632804][T11207] bio_check_eod: 4 callbacks suppressed
[  163.632834][T11207] syz.2.2973: attempt to access beyond end of device
[  163.632834][T11207] loop2: rw=0, sector=97, nr_sectors = 120 limit=128
[  163.643787][T11209] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11209 comm=syz.0.2975
[  163.674583][   T57] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.693680][T11153] team0: Port device team_slave_0 added
[  163.703208][T11153] team0: Port device team_slave_1 added
[  163.728426][T11153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.735477][T11153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.761590][T11153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  163.803607][T11213] loop5: detected capacity change from 0 to 1024
[  163.813771][T11213] EXT4-fs: Ignoring removed nomblk_io_submit option
[  163.828243][   T57] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.840902][T11213] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.854488][T11153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  163.861446][T11153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.887615][T11153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  163.949589][   T57] bridge_slave_1: left allmulticast mode
[  163.955318][   T57] bridge_slave_1: left promiscuous mode
[  163.960983][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.010928][   T57] bridge_slave_0: left allmulticast mode
[  164.016627][   T57] bridge_slave_0: left promiscuous mode
[  164.022286][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.043026][T10845] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.107799][   T41] kworker/u8:2: attempt to access beyond end of device
[  164.107799][   T41] loop2: rw=1, sector=217, nr_sectors = 824 limit=128
[  164.194287][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.209094][T11243] 9pnet_fd: Insufficient options for proto=fd
[  164.216557][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  164.226331][   T57] bond0 (unregistering): Released all slaves
[  164.244676][T11153] hsr_slave_0: entered promiscuous mode
[  164.250652][T11153] hsr_slave_1: entered promiscuous mode
[  164.256448][T11153] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  164.264354][T11153] Cannot create hsr debugfs directory
[  164.292855][   T57] tipc: Disabling bearer <eth:team0>
[  164.298739][   T57] tipc: Left network mode
[  164.341936][   T57] hsr_slave_0: left promiscuous mode
[  164.347868][   T57] hsr_slave_1: left promiscuous mode
[  164.356573][   T57] veth1_vlan: left promiscuous mode
[  164.363393][   T57] veth0_vlan: left promiscuous mode
[  164.425804][   T57] team0 (unregistering): Port device team_slave_1 removed
[  164.437918][   T57] team0 (unregistering): Port device team_slave_0 removed
[  164.817835][T11336] SELinux:  Context system_u:object_r:wtmp_t:s0 is not valid (left unmapped).
[  164.869381][T11153] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  164.886368][T11153] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  164.894091][T11353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2987'.
[  164.905241][T11153] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  164.916372][T11153] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  164.950981][T11336] loop0: detected capacity change from 0 to 512
[  165.035055][T11153] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.077278][T11153] 8021q: adding VLAN 0 to HW filter on device team0
[  165.102109][T10105] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.109312][T10105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  165.124628][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.131754][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.177630][T11153] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  165.188116][T11153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  165.433694][T11153] 8021q: adding VLAN 0 to HW filter on device batadv0
[  165.548165][T11153] veth0_vlan: entered promiscuous mode
[  165.558603][T11153] veth1_vlan: entered promiscuous mode
[  165.575744][T11153] veth0_macvtap: entered promiscuous mode
[  165.583913][T11153] veth1_macvtap: entered promiscuous mode
[  165.596307][T11153] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.608285][T11153] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.619090][T11153] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.627895][T11153] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.636665][T11153] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.645421][T11153] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.942926][T11517] 9pnet_fd: Insufficient options for proto=fd
[  166.040718][T11523] loop4: detected capacity change from 0 to 512
[  166.047722][T11523] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  166.058922][T11523] EXT4-fs (loop4): 1 truncate cleaned up
[  166.065919][T11523] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.120133][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.149180][   T29] kauditd_printk_skb: 76 callbacks suppressed
[  166.149193][   T29] audit: type=1326 audit(1751453462.820:228836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.179065][   T29] audit: type=1326 audit(1751453462.820:228837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.202925][   T29] audit: type=1326 audit(1751453462.820:228838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.226816][   T29] audit: type=1326 audit(1751453462.820:228839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.250445][   T29] audit: type=1326 audit(1751453462.820:228840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.280142][   T29] audit: type=1326 audit(1751453462.950:228841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.303769][   T29] audit: type=1326 audit(1751453462.950:228842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.327624][   T29] audit: type=1326 audit(1751453462.950:228843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.351326][   T29] audit: type=1326 audit(1751453462.950:228844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.375455][   T29] audit: type=1326 audit(1751453462.950:228845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11526 comm="syz.2.3003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a81d3e929 code=0x7ffc0000
[  166.421456][T11539] loop2: detected capacity change from 0 to 1024
[  166.429329][T11539] EXT4-fs: Ignoring removed nomblk_io_submit option
[  166.446767][T11539] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.460282][T11545] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  166.471826][T11545] tipc: Disabling bearer <eth:syzkaller0>
[  166.490343][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.557005][T11550] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  166.564587][T11550] batman_adv: batadv0: Removing interface: batadv_slave_0
[  166.581784][T11550] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  166.589288][T11550] batman_adv: batadv0: Removing interface: batadv_slave_1
[  166.992824][T11579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.001878][T11579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.022185][T11579] loop5: detected capacity change from 0 to 2048
[  167.037018][T11579] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[  167.164380][T11582] SELinux: failed to load policy
[  167.191857][T11582] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=22032 sclass=netlink_xfrm_socket pid=11582 comm=syz.2.3019
[  167.479868][T11542] syz.0.3007 (11542) used greatest stack depth: 6648 bytes left
[  167.535243][T11589] tipc: Started in network mode
[  167.540154][T11589] tipc: Node identity b239da193a93, cluster identity 4711
[  167.547445][T11589] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  167.559525][T11589] tipc: Disabling bearer <eth:syzkaller0>
[  167.617510][T11603] pim6reg: entered allmulticast mode
[  167.624862][T10105] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.647059][T11606] 9pnet_fd: Insufficient options for proto=fd
[  167.699086][T10105] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.780996][T11591] chnl_net:caif_netlink_parms(): no params data found
[  167.803174][T10105] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.834380][T11591] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.841612][T11591] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.849370][T11591] bridge_slave_0: entered allmulticast mode
[  167.860239][T11591] bridge_slave_0: entered promiscuous mode
[  167.867609][T10105] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.895466][T11591] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.902618][T11591] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.921772][T11591] bridge_slave_1: entered allmulticast mode
[  167.930046][T11591] bridge_slave_1: entered promiscuous mode
[  167.962948][T11591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.000215][T11591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.223034][T10105] bond0 (unregistering): Released all slaves
[  168.246432][T10105] bond1 (unregistering): Released all slaves
[  168.266208][T10105] bond2 (unregistering): Released all slaves
[  168.292593][T10105] bond3 (unregistering): Released all slaves
[  168.313021][T11591] team0: Port device team_slave_0 added
[  168.338127][T11591] team0: Port device team_slave_1 added
[  168.373844][T10105] tipc: Left network mode
[  168.396801][T11591] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.403820][T11591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.429862][T11591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.515555][T10105] pim6reg (unregistering): left allmulticast mode
[  168.707010][T11644] loop2: detected capacity change from 0 to 1024
[  168.728925][T11644] EXT4-fs: Ignoring removed nomblk_io_submit option
[  168.805788][T11644] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.843680][T11591] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.850770][T11591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.876748][T11591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.928270][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.023866][T11663] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.031290][T11663] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.042136][T11663] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  169.049542][T11663] batman_adv: batadv0: Removing interface: batadv_slave_1
[  169.063853][T11591] hsr_slave_0: entered promiscuous mode
[  169.069782][T11591] hsr_slave_1: entered promiscuous mode
[  169.076082][T11591] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  169.083918][T11591] Cannot create hsr debugfs directory
[  169.141036][T11675] 9pnet_fd: Insufficient options for proto=fd
[  169.356470][T11591] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  169.363361][T11684] loop0: detected capacity change from 0 to 32768
[  169.374214][T11591] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  169.384616][T11591] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  169.391939][ T9119]  loop0: p1 p2 p3 < p5 p6 >
[  169.393831][T11591] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  169.403413][ T9119] loop0: p1 size 242222080 extends beyond EOD, truncated
[  169.412000][ T9119] loop0: p2 start 4294967295 is beyond EOD, truncated
[  169.425751][T11684]  loop0: p1 p2 p3 < p5 p6 >
[  169.434404][T11684] loop0: p1 size 242222080 extends beyond EOD, truncated
[  169.445351][T11684] loop0: p2 start 4294967295 is beyond EOD, truncated
[  169.464067][T11591] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.482415][T11591] 8021q: adding VLAN 0 to HW filter on device team0
[  169.498406][T10105] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.505489][T10105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.524873][ T3446] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.532065][ T3446] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.712644][T11744] loop0: detected capacity change from 0 to 512
[  169.723052][T11746] netlink: 'syz.5.3041': attribute type 1 has an invalid length.
[  169.730923][T11744] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  169.753122][T11591] 8021q: adding VLAN 0 to HW filter on device batadv0
[  169.766123][ T9382] udevd[9382]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  169.766397][ T9802] udevd[9802]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[  169.795038][ T8985] udevd[8985]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory
[  169.801358][ T9119] udevd[9119]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  169.817824][T11744] EXT4-fs (loop0): 1 truncate cleaned up
[  169.829676][ T9119] udevd[9119]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  169.834184][T11744] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.850566][ T8985] udevd[8985]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[  169.862585][ T9382] udevd[9382]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory
[  169.862655][ T9119] udevd[9119]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  169.931159][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.048069][T11777] sd 0:0:1:0: device reset
[  170.108670][T11781] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.157485][T11791] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3048'.
[  170.180089][T11591] veth0_vlan: entered promiscuous mode
[  170.203340][T11798] loop0: detected capacity change from 0 to 2048
[  170.210606][T11781] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.240824][T11591] veth1_vlan: entered promiscuous mode
[  170.263889][ T9119]  loop0: p1 < > p4
[  170.275553][T11781] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.277595][T11805] netlink: 5 bytes leftover after parsing attributes in process `syz.5.3053'.
[  170.298282][ T9119] loop0: p4 size 8388608 extends beyond EOD, truncated
[  170.307673][T11805] 0ªX¹¦D: renamed from gretap0 (while UP)
[  170.314991][T11805] 0ªX¹¦D: entered allmulticast mode
[  170.332622][T11805] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  170.337277][T11798]  loop0: p1 < > p4
[  170.354278][T11798] loop0: p4 size 8388608 extends beyond EOD, truncated
[  170.354825][T11781] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.374187][ T2994]  loop0: p1 < > p4
[  170.377013][T11591] veth0_macvtap: entered promiscuous mode
[  170.384158][ T2994] loop0: p4 size 8388608 extends beyond EOD, truncated
[  170.399998][T11591] veth1_macvtap: entered promiscuous mode
[  170.433392][T11591] batman_adv: batadv0: Interface activated: batadv_slave_0
[  170.462769][T11813] loop5: detected capacity change from 0 to 512
[  170.471268][T11781] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.484781][T11591] batman_adv: batadv0: Interface activated: batadv_slave_1
[  170.495584][T11813] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  170.499766][T11781] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.511607][ T9119] udevd[9119]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  170.525970][ T8985] udevd[8985]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  170.526549][T11813] EXT4-fs (loop5): 1 truncate cleaned up
[  170.553479][T11813] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.560613][T11781] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.589088][T10845] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.600426][T11781] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.612259][T11591] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.621019][T11591] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.629885][T11591] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.632502][T11823] loop5: detected capacity change from 0 to 128
[  170.638627][T11591] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.670216][T11825] sd 0:0:1:0: device reset
[  170.685747][T11823] vfat: Bad value for 'gid'
[  170.690304][T11823] vfat: Bad value for 'gid'
[  170.717993][T11828] loop0: detected capacity change from 0 to 512
[  170.750099][T11828] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.762903][T11828] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  170.794183][T11828] FAULT_INJECTION: forcing a failure.
[  170.794183][T11828] name failslab, interval 1, probability 0, space 0, times 0
[  170.806936][T11828] CPU: 1 UID: 0 PID: 11828 Comm: syz.0.3061 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  170.807048][T11828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.807059][T11828] Call Trace:
[  170.807065][T11828]  <TASK>
[  170.807072][T11828]  __dump_stack+0x1d/0x30
[  170.807092][T11828]  dump_stack_lvl+0xe8/0x140
[  170.807111][T11828]  dump_stack+0x15/0x1b
[  170.807127][T11828]  should_fail_ex+0x265/0x280
[  170.807203][T11828]  should_failslab+0x8c/0xb0
[  170.807222][T11828]  kmem_cache_alloc_noprof+0x50/0x310
[  170.807260][T11828]  ? security_inode_alloc+0x37/0x100
[  170.807289][T11828]  security_inode_alloc+0x37/0x100
[  170.807317][T11828]  inode_init_always_gfp+0x4b7/0x500
[  170.807408][T11828]  ? __pfx_hugetlbfs_alloc_inode+0x10/0x10
[  170.807483][T11828]  alloc_inode+0x58/0x170
[  170.807512][T11828]  new_inode+0x1d/0xe0
[  170.807530][T11828]  hugetlbfs_get_inode+0x7b/0x370
[  170.807557][T11828]  hugetlb_file_setup+0x192/0x3d0
[  170.807687][T11828]  ksys_mmap_pgoff+0x157/0x310
[  170.807718][T11828]  x64_sys_call+0x1602/0x2fb0
[  170.807735][T11828]  do_syscall_64+0xd2/0x200
[  170.807749][T11828]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  170.807804][T11828]  ? clear_bhb_loop+0x40/0x90
[  170.807826][T11828]  ? clear_bhb_loop+0x40/0x90
[  170.807846][T11828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.807868][T11828] RIP: 0033:0x7f2d4062e929
[  170.807883][T11828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.807972][T11828] RSP: 002b:00007f2d3ec97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  170.807988][T11828] RAX: ffffffffffffffda RBX: 00007f2d40855fa0 RCX: 00007f2d4062e929
[  170.807999][T11828] RDX: 0000000001000002 RSI: 0000000000ff5000 RDI: 0000200000000000
[  170.808009][T11828] RBP: 00007f2d3ec97090 R08: ffffffffffffffff R09: 0000000000000000
[  170.808020][T11828] R10: 000200000005c831 R11: 0000000000000246 R12: 0000000000000001
[  170.808031][T11828] R13: 0000000000000000 R14: 00007f2d40855fa0 R15: 00007ffc6db32098
[  170.808052][T11828]  </TASK>
[  171.025159][T11839] loop3: detected capacity change from 0 to 512
[  171.053023][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.069117][T11839] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.087956][T11846] loop4: detected capacity change from 0 to 1024
[  171.101167][T11846] EXT4-fs: Ignoring removed orlov option
[  171.112866][T11839] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  171.121313][T11846] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.164830][T11153] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.192957][T11855] loop0: detected capacity change from 0 to 512
[  171.203152][T11855] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  171.233695][T11860] sd 0:0:1:0: device reset
[  171.240416][T11855] EXT4-fs (loop0): 1 truncate cleaned up
[  171.256137][T11855] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.300003][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.418817][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.440822][T11874] loop4: detected capacity change from 0 to 1024
[  171.447939][T11874] EXT4-fs: Ignoring removed orlov option
[  171.464429][T11874] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.478151][   T29] kauditd_printk_skb: 45 callbacks suppressed
[  171.478165][   T29] audit: type=1400 audit(1751453468.150:228889): avc:  denied  { getopt } for  pid=11871 comm="syz.0.3075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  171.537250][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.591987][T11883] random: crng reseeded on system resumption
[  171.594192][   T29] audit: type=1400 audit(1751453468.270:228890): avc:  denied  { append } for  pid=11882 comm="syz.4.3078" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  171.621577][   T29] audit: type=1400 audit(1751453468.270:228891): avc:  denied  { open } for  pid=11882 comm="syz.4.3078" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  171.650530][T11885] netlink: 'syz.5.3079': attribute type 1 has an invalid length.
[  171.682750][   T29] audit: type=1326 audit(1751453468.360:228892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  171.723229][T11887] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=64528 sclass=netlink_xfrm_socket pid=11887 comm=syz.5.3080
[  171.751817][   T29] audit: type=1326 audit(1751453468.360:228893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  171.775521][   T29] audit: type=1326 audit(1751453468.360:228894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  171.799491][   T29] audit: type=1326 audit(1751453468.360:228895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  171.823327][   T29] audit: type=1326 audit(1751453468.360:228896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  171.847006][   T29] audit: type=1326 audit(1751453468.360:228897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  171.870742][   T29] audit: type=1326 audit(1751453468.360:228898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11882 comm="syz.4.3078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  172.373325][T11916] netlink: 'syz.2.3090': attribute type 1 has an invalid length.
[  172.753739][T11943] lo speed is unknown, defaulting to 1000
[  172.759532][T11943] lo speed is unknown, defaulting to 1000
[  172.765785][T11943] lo speed is unknown, defaulting to 1000
[  172.772888][T11943] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  172.785060][T11943] lo speed is unknown, defaulting to 1000
[  172.791291][T11943] lo speed is unknown, defaulting to 1000
[  172.797663][T11943] lo speed is unknown, defaulting to 1000
[  172.803868][T11943] lo speed is unknown, defaulting to 1000
[  172.810187][T11943] lo speed is unknown, defaulting to 1000
[  172.835803][T11943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3097'.
[  172.844746][T11943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3097'.
[  172.867270][T11945] sd 0:0:1:0: device reset
[  173.015685][T11943] wireguard0: entered promiscuous mode
[  173.059344][T11956] loop2: detected capacity change from 0 to 512
[  173.067941][T11956] EXT4-fs: Ignoring removed oldalloc option
[  173.082015][T11956] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  173.101480][T11956] EXT4-fs (loop2): 1 truncate cleaned up
[  173.113885][T11956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.340005][T11966] netlink: 'syz.0.3106': attribute type 1 has an invalid length.
[  173.413021][T11969] SELinux:  Context system_u:object_r:dhcpc_state_t:s0 is not valid (left unmapped).
[  173.455349][T11971] pimreg: entered allmulticast mode
[  173.495976][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.517406][T11971] netlink: 'syz.0.3107': attribute type 10 has an invalid length.
[  173.530085][T11969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3108'.
[  173.556463][T11971] team0: Port device dummy0 added
[  173.572317][T11976] netlink: 'syz.0.3107': attribute type 10 has an invalid length.
[  173.597903][T11976] team0: Port device dummy0 removed
[  173.614225][T11976] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  173.653044][T11970] pimreg: left allmulticast mode
[  173.788039][T11986] loop0: detected capacity change from 0 to 128
[  173.892027][T12001] loop4: detected capacity change from 0 to 512
[  173.918681][T12001] EXT4-fs: Ignoring removed oldalloc option
[  173.945640][T12001] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  173.970073][T11979] tipc: Started in network mode
[  173.975013][T11979] tipc: Node identity 3a92bcb6e9b, cluster identity 4711
[  173.982108][T11979] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  174.011532][T11979] tipc: Disabling bearer <eth:syzkaller0>
[  174.037872][T12007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.068426][T12001] EXT4-fs (loop4): 1 truncate cleaned up
[  174.080913][T11979] pim6reg: entered allmulticast mode
[  174.087160][T12007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.094431][T12001] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.123552][T12013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3118'.
[  174.128011][T12007] loop2: detected capacity change from 0 to 2048
[  174.167395][T12007] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[  174.346307][T12028] loop5: detected capacity change from 0 to 1024
[  174.403933][T12028] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.495791][T12044] sd 0:0:1:0: device reset
[  174.509353][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.526469][T10845] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.630874][T12055] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.664886][T12062] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3122'.
[  174.678452][T12053] loop5: detected capacity change from 0 to 8192
[  174.712663][T12055] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.802558][T12055] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.934920][T12055] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.034080][T12055] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.073981][T12055] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.100944][T12055] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.125929][T12055] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.197639][T12098] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  175.204186][T12098] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  175.212499][T12098] vhci_hcd vhci_hcd.0: Device attached
[  175.261867][T12105] vhci_hcd vhci_hcd.0: port 0 already used
[  175.290834][T12101] vhci_hcd: connection closed
[  175.291036][   T41] vhci_hcd: stop threads
[  175.300039][   T41] vhci_hcd: release socket
[  175.304475][   T41] vhci_hcd: disconnect device
[  175.323024][T12112] loop4: detected capacity change from 0 to 512
[  175.367506][T12112] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  175.426354][T12112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  175.458864][T12112] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  175.509107][T12112] FAULT_INJECTION: forcing a failure.
[  175.509107][T12112] name failslab, interval 1, probability 0, space 0, times 0
[  175.521846][T12112] CPU: 0 UID: 0 PID: 12112 Comm: syz.4.3132 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  175.521936][T12112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.521948][T12112] Call Trace:
[  175.521955][T12112]  <TASK>
[  175.521963][T12112]  __dump_stack+0x1d/0x30
[  175.521984][T12112]  dump_stack_lvl+0xe8/0x140
[  175.522004][T12112]  dump_stack+0x15/0x1b
[  175.522020][T12112]  should_fail_ex+0x265/0x280
[  175.522057][T12112]  ? audit_log_d_path+0x8d/0x150
[  175.522100][T12112]  should_failslab+0x8c/0xb0
[  175.522123][T12112]  __kmalloc_cache_noprof+0x4c/0x320
[  175.522152][T12112]  audit_log_d_path+0x8d/0x150
[  175.522237][T12112]  audit_log_d_path_exe+0x42/0x70
[  175.522319][T12112]  audit_log_task+0x1e9/0x250
[  175.522417][T12112]  audit_seccomp+0x61/0x100
[  175.522437][T12112]  ? __seccomp_filter+0x68c/0x10d0
[  175.522456][T12112]  __seccomp_filter+0x69d/0x10d0
[  175.522497][T12112]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  175.522530][T12112]  ? vfs_write+0x75e/0x8e0
[  175.522648][T12112]  __secure_computing+0x82/0x150
[  175.522671][T12112]  syscall_trace_enter+0xcf/0x1e0
[  175.522741][T12112]  do_syscall_64+0xac/0x200
[  175.522803][T12112]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  175.522828][T12112]  ? clear_bhb_loop+0x40/0x90
[  175.522846][T12112]  ? clear_bhb_loop+0x40/0x90
[  175.522866][T12112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.522955][T12112] RIP: 0033:0x7f881832e929
[  175.522970][T12112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.522987][T12112] RSP: 002b:00007f8816997038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[  175.523006][T12112] RAX: ffffffffffffffda RBX: 00007f8818555fa0 RCX: 00007f881832e929
[  175.523018][T12112] RDX: ffffffffffffffff RSI: 000000000000ee01 RDI: 0000200000000000
[  175.523031][T12112] RBP: 00007f8816997090 R08: 0000000000000000 R09: 0000000000000000
[  175.523044][T12112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.523056][T12112] R13: 0000000000000000 R14: 00007f8818555fa0 R15: 00007ffefb56a8f8
[  175.523113][T12112]  </TASK>
[  175.877265][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  175.953593][T12134] loop0: detected capacity change from 0 to 512
[  175.973331][T12134] EXT4-fs: Ignoring removed oldalloc option
[  175.994902][T12134] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  176.039465][T12134] EXT4-fs (loop0): 1 truncate cleaned up
[  176.061798][T12134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.087691][T12144] loop4: detected capacity change from 0 to 1024
[  176.109951][T12144] EXT4-fs: Ignoring removed nomblk_io_submit option
[  176.183900][T12144] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.261957][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.515315][T12172] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3137'.
[  176.588778][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.609548][   T29] kauditd_printk_skb: 229 callbacks suppressed
[  176.609562][   T29] audit: type=1400 audit(1751453473.280:229128): avc:  denied  { append } for  pid=12175 comm="syz.5.3139" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  176.639394][   T29] audit: type=1400 audit(1751453473.280:229129): avc:  denied  { open } for  pid=12175 comm="syz.5.3139" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  176.664581][   T29] audit: type=1400 audit(1751453473.340:229130): avc:  denied  { ioctl } for  pid=12175 comm="syz.5.3139" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  176.822064][   T29] audit: type=1400 audit(1751453473.500:229131): avc:  denied  { wake_alarm } for  pid=12182 comm="syz.5.3141" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  176.856781][   T29] audit: type=1400 audit(1751453473.520:229132): avc:  denied  { read } for  pid=12182 comm="syz.5.3141" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  176.880270][   T29] audit: type=1400 audit(1751453473.520:229133): avc:  denied  { open } for  pid=12182 comm="syz.5.3141" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  176.941753][T12190] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.990481][T12198] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3142'.
[  177.008862][T12197] loop0: detected capacity change from 0 to 512
[  177.023939][T12197] EXT4-fs: Ignoring removed oldalloc option
[  177.045920][T12190] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.059388][T12199] loop5: detected capacity change from 0 to 512
[  177.073078][T12197] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  177.091988][   T29] audit: type=1400 audit(1751453473.760:229134): avc:  denied  { mounton } for  pid=12182 comm="syz.5.3141" path="/36/file0" dev="tmpfs" ino=215 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  177.126384][T12197] EXT4-fs (loop0): 1 truncate cleaned up
[  177.133268][T12197] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.148166][T12190] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.174829][T12199] EXT4-fs (loop5): too many log groups per flexible block group
[  177.182563][T12199] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  177.191640][T12199] EXT4-fs (loop5): mount failed
[  177.220152][T12199] 9pnet_fd: Insufficient options for proto=fd
[  177.249970][T12190] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.323858][T12190] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.362871][T12190] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.388735][T12190] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.404238][T12190] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  177.419153][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.005970][T12216] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3150'.
[  178.323513][   T29] audit: type=1400 audit(1751453475.000:229135): avc:  denied  { map } for  pid=12217 comm="syz.4.3151" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=35410 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  178.348094][   T29] audit: type=1400 audit(1751453475.000:229136): avc:  denied  { read write } for  pid=12217 comm="syz.4.3151" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=35410 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  178.480028][T12236] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.506588][   T29] audit: type=1400 audit(1751453475.180:229137): avc:  denied  { name_bind } for  pid=12239 comm="syz.2.3157" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  178.528484][T12241] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3155'.
[  178.573059][T12236] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.623141][T12236] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.643822][T12248] netlink: 'syz.5.3159': attribute type 1 has an invalid length.
[  178.686349][T12236] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.707404][T12252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.724523][T12252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.741206][T12252] loop5: detected capacity change from 0 to 2048
[  178.753264][T12252] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[  178.755233][T12236] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.773282][T12236] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.786038][T12236] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.798053][T12236] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.894344][T12254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.903009][T12254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.934633][T12254] loop0: detected capacity change from 0 to 2048
[  178.965988][T12254] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[  179.430967][T12274] netlink: 'syz.2.3170': attribute type 1 has an invalid length.
[  179.584811][T12287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.604596][T12287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.734544][T12287] loop5: detected capacity change from 0 to 2048
[  179.752037][T12287] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[  180.002420][T12304] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3180'.
[  180.011430][T12304] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3180'.
[  180.031963][T12304] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3180'.
[  180.032031][T12304] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3180'.
[  180.032054][T12304] netlink: 84 bytes leftover after parsing attributes in process `syz.2.3180'.
[  180.247052][T12313] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3182'.
[  180.315637][T12317] netlink: 'syz.5.3184': attribute type 1 has an invalid length.
[  180.679382][T12337] FAULT_INJECTION: forcing a failure.
[  180.679382][T12337] name failslab, interval 1, probability 0, space 0, times 0
[  180.692098][T12337] CPU: 0 UID: 0 PID: 12337 Comm: syz.3.3193 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  180.692121][T12337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.692130][T12337] Call Trace:
[  180.692136][T12337]  <TASK>
[  180.692142][T12337]  __dump_stack+0x1d/0x30
[  180.692160][T12337]  dump_stack_lvl+0xe8/0x140
[  180.692230][T12337]  dump_stack+0x15/0x1b
[  180.692272][T12337]  should_fail_ex+0x265/0x280
[  180.692298][T12337]  should_failslab+0x8c/0xb0
[  180.692315][T12337]  __kvmalloc_node_noprof+0x123/0x4e0
[  180.692346][T12337]  ? alloc_netdev_mqs+0x8b7/0xab0
[  180.692369][T12337]  ? __kmalloc_cache_noprof+0x22e/0x320
[  180.692390][T12337]  alloc_netdev_mqs+0x8b7/0xab0
[  180.692430][T12337]  rtnl_create_link+0x239/0x710
[  180.692550][T12337]  rtnl_newlink_create+0x14c/0x620
[  180.692570][T12337]  ? security_capable+0x83/0x90
[  180.692655][T12337]  ? netlink_ns_capable+0x86/0xa0
[  180.692678][T12337]  rtnl_newlink+0xf29/0x12d0
[  180.692708][T12337]  ? xas_load+0x413/0x430
[  180.692731][T12337]  ? __memcg_slab_free_hook+0x135/0x230
[  180.692756][T12337]  ? __kfree_skb+0x109/0x150
[  180.692954][T12337]  ? __rcu_read_unlock+0x4f/0x70
[  180.693010][T12337]  ? avc_has_perm_noaudit+0x1b1/0x200
[  180.693065][T12337]  ? selinux_capable+0x1f9/0x270
[  180.693206][T12337]  ? security_capable+0x83/0x90
[  180.693237][T12337]  ? ns_capable+0x7d/0xb0
[  180.693252][T12337]  ? __pfx_rtnl_newlink+0x10/0x10
[  180.693269][T12337]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  180.693289][T12337]  netlink_rcv_skb+0x123/0x220
[  180.693313][T12337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  180.693358][T12337]  rtnetlink_rcv+0x1c/0x30
[  180.693372][T12337]  netlink_unicast+0x59e/0x670
[  180.693396][T12337]  netlink_sendmsg+0x58b/0x6b0
[  180.693412][T12337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.693427][T12337]  __sock_sendmsg+0x145/0x180
[  180.693524][T12337]  ____sys_sendmsg+0x31e/0x4e0
[  180.693550][T12337]  ___sys_sendmsg+0x17b/0x1d0
[  180.693603][T12337]  __x64_sys_sendmsg+0xd4/0x160
[  180.693629][T12337]  x64_sys_call+0x2999/0x2fb0
[  180.693646][T12337]  do_syscall_64+0xd2/0x200
[  180.693660][T12337]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  180.693737][T12337]  ? clear_bhb_loop+0x40/0x90
[  180.693753][T12337]  ? clear_bhb_loop+0x40/0x90
[  180.693770][T12337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.693849][T12337] RIP: 0033:0x7f7f7a30e929
[  180.693862][T12337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.693876][T12337] RSP: 002b:00007f7f78977038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.693892][T12337] RAX: ffffffffffffffda RBX: 00007f7f7a535fa0 RCX: 00007f7f7a30e929
[  180.693903][T12337] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  180.693912][T12337] RBP: 00007f7f78977090 R08: 0000000000000000 R09: 0000000000000000
[  180.693992][T12337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  180.694001][T12337] R13: 0000000000000000 R14: 00007f7f7a535fa0 R15: 00007ffc322e3e88
[  180.694016][T12337]  </TASK>
[  181.071152][T12338] siw: device registration error -23
[  181.175070][T12341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.199024][T12341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.283672][T12341] loop3: detected capacity change from 0 to 2048
[  181.295949][T12346] netlink: 'syz.0.3197': attribute type 1 has an invalid length.
[  181.305252][T12341] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[  181.489237][T12353] vlan2: entered allmulticast mode
[  181.494470][T12353] bond0: entered allmulticast mode
[  181.499583][T12353] bond_slave_0: entered allmulticast mode
[  181.505349][T12353] bond_slave_1: entered allmulticast mode
[  181.544602][T12360] 9pnet_fd: Insufficient options for proto=fd
[  181.624598][T12368] loop4: detected capacity change from 0 to 1024
[  181.629734][   T29] kauditd_printk_skb: 73 callbacks suppressed
[  181.629747][   T29] audit: type=1400 audit(1751453478.300:229211): avc:  denied  { read write } for  pid=12369 comm="syz.5.3205" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  181.646563][T12368] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  181.662250][   T29] audit: type=1400 audit(1751453478.300:229212): avc:  denied  { open } for  pid=12369 comm="syz.5.3205" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  181.674926][T12368] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.702506][T12370] 9pnet_fd: Insufficient options for proto=fd
[  181.716113][T12368] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  181.731220][   T29] audit: type=1400 audit(1751453478.390:229213): avc:  denied  { remove_name } for  pid=12367 comm="syz.4.3204" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  181.754161][   T29] audit: type=1400 audit(1751453478.390:229214): avc:  denied  { rename } for  pid=12367 comm="syz.4.3204" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  181.776969][   T29] audit: type=1400 audit(1751453478.390:229215): avc:  denied  { unlink } for  pid=12367 comm="syz.4.3204" name="file3" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  181.799553][   T29] audit: type=1400 audit(1751453478.390:229216): avc:  denied  { execute } for  pid=12369 comm="syz.5.3205" path="/53/memory.events" dev="tmpfs" ino=307 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  181.823215][   T29] audit: type=1400 audit(1751453478.390:229217): avc:  denied  { watch } for  pid=12369 comm="syz.5.3205" path="/proc/132" dev="proc" ino=35970 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  181.829965][T12375] __nla_validate_parse: 2 callbacks suppressed
[  181.829979][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3206'.
[  181.847105][T12368] EXT4-fs (loop4): Remounting filesystem read-only
[  181.851783][T12375] netlink: 3 bytes leftover after parsing attributes in process `syz.5.3206'.
[  181.941080][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.967343][T12382] loop4: detected capacity change from 0 to 1024
[  181.968810][T12383] netlink: 'syz.5.3209': attribute type 1 has an invalid length.
[  181.977125][T12382] EXT4-fs: Ignoring removed nomblk_io_submit option
[  182.005367][T12382] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.035466][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.053397][   T29] audit: type=1400 audit(1751453478.730:229218): avc:  denied  { connect } for  pid=12388 comm="syz.5.3212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  182.073192][T12391] loop4: detected capacity change from 0 to 1024
[  182.080756][T12391] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  182.081156][   T29] audit: type=1400 audit(1751453478.750:229219): avc:  denied  { setopt } for  pid=12388 comm="syz.5.3212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  182.091874][T12391] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  182.128287][T12391] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  182.141473][T12391] EXT4-fs (loop4): invalid journal inode
[  182.147414][T12391] EXT4-fs (loop4): can't get journal size
[  182.164712][T12391] EXT4-fs error (device loop4): ext4_protect_reserved_inode:182: inode #3: comm syz.4.3211: blocks 2-2 from inode overlap system zone
[  182.178732][T12396] loop5: detected capacity change from 0 to 1024
[  182.184961][T12398] loop3: detected capacity change from 0 to 512
[  182.187806][T12396] EXT4-fs: Ignoring removed nomblk_io_submit option
[  182.192111][T12391] EXT4-fs (loop4): failed to initialize system zone (-117)
[  182.212262][T12398] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  182.213147][T12391] EXT4-fs (loop4): mount failed
[  182.235165][T12398] EXT4-fs (loop3): 1 truncate cleaned up
[  182.305821][T12403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3217'.
[  182.317942][T12403] FAULT_INJECTION: forcing a failure.
[  182.317942][T12403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.331081][T12403] CPU: 0 UID: 0 PID: 12403 Comm: syz.3.3217 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  182.331106][T12403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.331117][T12403] Call Trace:
[  182.331123][T12403]  <TASK>
[  182.331131][T12403]  __dump_stack+0x1d/0x30
[  182.331153][T12403]  dump_stack_lvl+0xe8/0x140
[  182.331169][T12403]  dump_stack+0x15/0x1b
[  182.331183][T12403]  should_fail_ex+0x265/0x280
[  182.331228][T12403]  should_fail+0xb/0x20
[  182.331253][T12403]  should_fail_usercopy+0x1a/0x20
[  182.331282][T12403]  _copy_to_user+0x20/0xa0
[  182.331303][T12403]  simple_read_from_buffer+0xb5/0x130
[  182.331437][T12403]  proc_fail_nth_read+0x100/0x140
[  182.331492][T12403]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.331523][T12403]  vfs_read+0x1a0/0x6f0
[  182.331555][T12403]  ? __rcu_read_unlock+0x4f/0x70
[  182.331574][T12403]  ? __fget_files+0x184/0x1c0
[  182.331688][T12403]  ksys_read+0xda/0x1a0
[  182.331715][T12403]  __x64_sys_read+0x40/0x50
[  182.331739][T12403]  x64_sys_call+0x2d77/0x2fb0
[  182.331798][T12403]  do_syscall_64+0xd2/0x200
[  182.331817][T12403]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  182.331940][T12403]  ? clear_bhb_loop+0x40/0x90
[  182.331962][T12403]  ? clear_bhb_loop+0x40/0x90
[  182.331983][T12403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.332006][T12403] RIP: 0033:0x7f7f7a30d33c
[  182.332020][T12403] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  182.332053][T12403] RSP: 002b:00007f7f78977030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  182.332069][T12403] RAX: ffffffffffffffda RBX: 00007f7f7a535fa0 RCX: 00007f7f7a30d33c
[  182.332145][T12403] RDX: 000000000000000f RSI: 00007f7f789770a0 RDI: 000000000000000b
[  182.332156][T12403] RBP: 00007f7f78977090 R08: 0000000000000000 R09: 0000000000000000
[  182.332174][T12403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.332264][T12403] R13: 0000000000000000 R14: 00007f7f7a535fa0 R15: 00007ffc322e3e88
[  182.332281][T12403]  </TASK>
[  182.541705][   T29] audit: type=1400 audit(1751453479.210:229220): avc:  denied  { connect } for  pid=12405 comm="syz.5.3218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  182.597866][T12414] FAULT_INJECTION: forcing a failure.
[  182.597866][T12414] name failslab, interval 1, probability 0, space 0, times 0
[  182.610615][T12414] CPU: 1 UID: 0 PID: 12414 Comm: syz.4.3219 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  182.610643][T12414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.610655][T12414] Call Trace:
[  182.610663][T12414]  <TASK>
[  182.610670][T12414]  __dump_stack+0x1d/0x30
[  182.610688][T12414]  dump_stack_lvl+0xe8/0x140
[  182.610781][T12414]  dump_stack+0x15/0x1b
[  182.610795][T12414]  should_fail_ex+0x265/0x280
[  182.610861][T12414]  should_failslab+0x8c/0xb0
[  182.610893][T12414]  kmem_cache_alloc_noprof+0x50/0x310
[  182.610919][T12414]  ? alloc_empty_file+0x76/0x200
[  182.610944][T12414]  alloc_empty_file+0x76/0x200
[  182.610968][T12414]  alloc_file_pseudo+0xc6/0x160
[  182.611054][T12414]  __shmem_file_setup+0x1de/0x210
[  182.611102][T12414]  shmem_file_setup+0x3b/0x50
[  182.611128][T12414]  __se_sys_memfd_create+0x2c3/0x590
[  182.611153][T12414]  __x64_sys_memfd_create+0x31/0x40
[  182.611206][T12414]  x64_sys_call+0x122f/0x2fb0
[  182.611224][T12414]  do_syscall_64+0xd2/0x200
[  182.611272][T12414]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  182.611298][T12414]  ? clear_bhb_loop+0x40/0x90
[  182.611320][T12414]  ? clear_bhb_loop+0x40/0x90
[  182.611342][T12414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.611417][T12414] RIP: 0033:0x7f881832e929
[  182.611433][T12414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.611451][T12414] RSP: 002b:00007f8816996e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  182.611471][T12414] RAX: ffffffffffffffda RBX: 00000000000005fb RCX: 00007f881832e929
[  182.611482][T12414] RDX: 00007f8816996ef0 RSI: 0000000000000000 RDI: 00007f88183b14cc
[  182.611537][T12414] RBP: 00002000000004c0 R08: 00007f8816996bb7 R09: 00007f8816996e40
[  182.611547][T12414] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040
[  182.611561][T12414] R13: 00007f8816996ef0 R14: 00007f8816996eb0 R15: 0000200000000100
[  182.611576][T12414]  </TASK>
[  182.854445][T12417] sd 0:0:1:0: device reset
[  182.986077][T12432] netlink: 'syz.0.3226': attribute type 1 has an invalid length.
[  183.077006][T12439] siw: device registration error -23
[  183.114003][T12432] loop0: detected capacity change from 0 to 1024
[  183.131339][T12432] EXT4-fs (loop0): orphan cleanup on readonly fs
[  183.145842][T12432] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  183.163053][T12432] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  183.170375][T12432] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3226: bg 0: block 32: padding at end of block bitmap is not set
[  183.186277][T12432] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  183.203067][T12432] EXT4-fs (loop0): 1 truncate cleaned up
[  183.395328][T12452] FAULT_INJECTION: forcing a failure.
[  183.395328][T12452] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  183.408746][T12452] CPU: 1 UID: 0 PID: 12452 Comm: syz.0.3233 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  183.408772][T12452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.408782][T12452] Call Trace:
[  183.408787][T12452]  <TASK>
[  183.408793][T12452]  __dump_stack+0x1d/0x30
[  183.408860][T12452]  dump_stack_lvl+0xe8/0x140
[  183.408879][T12452]  dump_stack+0x15/0x1b
[  183.408945][T12452]  should_fail_ex+0x265/0x280
[  183.408969][T12452]  should_fail_alloc_page+0xf2/0x100
[  183.409001][T12452]  __alloc_frozen_pages_noprof+0xff/0x360
[  183.409086][T12452]  alloc_pages_mpol+0xb3/0x250
[  183.409155][T12452]  alloc_pages_noprof+0x90/0x130
[  183.409183][T12452]  __pmd_alloc+0x47/0x470
[  183.409205][T12452]  handle_mm_fault+0x19d1/0x2be0
[  183.409233][T12452]  ? check_vma_flags+0x26e/0x340
[  183.409257][T12452]  __get_user_pages+0x1036/0x1fb0
[  183.409314][T12452]  get_user_pages_remote+0x1dc/0x7a0
[  183.409337][T12452]  get_arg_page+0x8e/0x1e0
[  183.409417][T12452]  copy_string_kernel+0x134/0x340
[  183.409445][T12452]  do_execveat_common+0x5ad/0x750
[  183.409485][T12452]  __x64_sys_execve+0x5c/0x70
[  183.409515][T12452]  x64_sys_call+0x13ab/0x2fb0
[  183.409615][T12452]  do_syscall_64+0xd2/0x200
[  183.409633][T12452]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  183.409678][T12452]  ? clear_bhb_loop+0x40/0x90
[  183.409697][T12452]  ? clear_bhb_loop+0x40/0x90
[  183.409761][T12452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.409780][T12452] RIP: 0033:0x7f2d4062e929
[  183.409811][T12452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.409865][T12452] RSP: 002b:00007f2d3ec97038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  183.409885][T12452] RAX: ffffffffffffffda RBX: 00007f2d40855fa0 RCX: 00007f2d4062e929
[  183.409896][T12452] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000300
[  183.409906][T12452] RBP: 00007f2d3ec97090 R08: 0000000000000000 R09: 0000000000000000
[  183.409917][T12452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  183.409929][T12452] R13: 0000000000000000 R14: 00007f2d40855fa0 R15: 00007ffc6db32098
[  183.409945][T12452]  </TASK>
[  183.708511][T12467] loop3: detected capacity change from 0 to 164
[  183.744010][T12467] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  183.868073][T12479] sd 0:0:1:0: device reset
[  183.910678][T12483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3245'.
[  183.983620][T12484] lo speed is unknown, defaulting to 1000
[  184.032639][T12485] loop5: detected capacity change from 0 to 512
[  184.083130][T12485] EXT4-fs (loop5): too many log groups per flexible block group
[  184.090829][T12485] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  184.100875][T12485] EXT4-fs (loop5): mount failed
[  184.160866][T12489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3246'.
[  184.169919][T12489] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3246'.
[  184.441756][T12500] loop0: detected capacity change from 0 to 512
[  184.450635][T12500] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  184.492310][T12500] EXT4-fs (loop0): 1 truncate cleaned up
[  184.498876][T12500] EXT4-fs mount: 6 callbacks suppressed
[  184.498887][T12500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.525435][T12500] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3251'.
[  184.831879][T12525] FAULT_INJECTION: forcing a failure.
[  184.831879][T12525] name failslab, interval 1, probability 0, space 0, times 0
[  184.844616][T12525] CPU: 0 UID: 0 PID: 12525 Comm: syz.3.3260 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  184.844640][T12525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  184.844664][T12525] Call Trace:
[  184.844671][T12525]  <TASK>
[  184.844678][T12525]  __dump_stack+0x1d/0x30
[  184.844696][T12525]  dump_stack_lvl+0xe8/0x140
[  184.844769][T12525]  dump_stack+0x15/0x1b
[  184.844791][T12525]  should_fail_ex+0x265/0x280
[  184.844822][T12525]  should_failslab+0x8c/0xb0
[  184.844843][T12525]  kmem_cache_alloc_noprof+0x50/0x310
[  184.844864][T12525]  ? alloc_empty_file+0x76/0x200
[  184.844889][T12525]  alloc_empty_file+0x76/0x200
[  184.844909][T12525]  alloc_file_pseudo+0xc6/0x160
[  184.844931][T12525]  anon_inode_getfd+0xc1/0x150
[  184.845006][T12525]  bpf_map_new_fd+0x52/0x70
[  184.845025][T12525]  map_create+0xb5a/0xb90
[  184.845103][T12525]  ? security_bpf+0x2b/0x90
[  184.845120][T12525]  __sys_bpf+0x5ab/0x790
[  184.845148][T12525]  __x64_sys_bpf+0x41/0x50
[  184.845174][T12525]  x64_sys_call+0x2478/0x2fb0
[  184.845289][T12525]  do_syscall_64+0xd2/0x200
[  184.845308][T12525]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  184.845330][T12525]  ? clear_bhb_loop+0x40/0x90
[  184.845375][T12525]  ? clear_bhb_loop+0x40/0x90
[  184.845450][T12525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.845511][T12525] RIP: 0033:0x7f7f7a30e929
[  184.845576][T12525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.845593][T12525] RSP: 002b:00007f7f78977038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  184.845632][T12525] RAX: ffffffffffffffda RBX: 00007f7f7a535fa0 RCX: 00007f7f7a30e929
[  184.845645][T12525] RDX: 0000000000000048 RSI: 00002000000009c0 RDI: 0000000000000000
[  184.845674][T12525] RBP: 00007f7f78977090 R08: 0000000000000000 R09: 0000000000000000
[  184.845684][T12525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.845696][T12525] R13: 0000000000000000 R14: 00007f7f7a535fa0 R15: 00007ffc322e3e88
[  184.845715][T12525]  </TASK>
[  185.089424][T12475] 9pnet_fd: Insufficient options for proto=fd
[  185.096942][T10630] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.174538][T12532] 9pnet_fd: Insufficient options for proto=fd
[  185.178183][T12534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.238300][T12534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.283011][T12534] loop3: detected capacity change from 0 to 2048
[  185.343124][T12534] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[  185.355281][T12545] SELinux: syz.4.3267 (12545) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  185.372936][T12545] FAULT_INJECTION: forcing a failure.
[  185.372936][T12545] name failslab, interval 1, probability 0, space 0, times 0
[  185.385634][T12545] CPU: 0 UID: 0 PID: 12545 Comm: syz.4.3267 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  185.385663][T12545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  185.385676][T12545] Call Trace:
[  185.385683][T12545]  <TASK>
[  185.385753][T12545]  __dump_stack+0x1d/0x30
[  185.385776][T12545]  dump_stack_lvl+0xe8/0x140
[  185.385795][T12545]  dump_stack+0x15/0x1b
[  185.385812][T12545]  should_fail_ex+0x265/0x280
[  185.385842][T12545]  should_failslab+0x8c/0xb0
[  185.385869][T12545]  __kmalloc_noprof+0xa5/0x3e0
[  185.385894][T12545]  ? sel_write_user+0x197/0x440
[  185.385923][T12545]  sel_write_user+0x197/0x440
[  185.385947][T12545]  selinux_transaction_write+0xc6/0x110
[  185.385984][T12545]  ? __pfx_selinux_transaction_write+0x10/0x10
[  185.386011][T12545]  vfs_write+0x266/0x8e0
[  185.386037][T12545]  ? __rcu_read_unlock+0x4f/0x70
[  185.386060][T12545]  ? __fget_files+0x184/0x1c0
[  185.386082][T12545]  ksys_write+0xda/0x1a0
[  185.386169][T12545]  __x64_sys_write+0x40/0x50
[  185.386198][T12545]  x64_sys_call+0x2cdd/0x2fb0
[  185.386219][T12545]  do_syscall_64+0xd2/0x200
[  185.386236][T12545]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  185.386276][T12545]  ? clear_bhb_loop+0x40/0x90
[  185.386299][T12545]  ? clear_bhb_loop+0x40/0x90
[  185.386391][T12545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.386408][T12545] RIP: 0033:0x7f881832e929
[  185.386425][T12545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.386443][T12545] RSP: 002b:00007f8816997038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  185.386498][T12545] RAX: ffffffffffffffda RBX: 00007f8818555fa0 RCX: 00007f881832e929
[  185.386512][T12545] RDX: 0000000000000027 RSI: 0000200000000040 RDI: 0000000000000006
[  185.386524][T12545] RBP: 00007f8816997090 R08: 0000000000000000 R09: 0000000000000000
[  185.386538][T12545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.386550][T12545] R13: 0000000000000000 R14: 00007f8818555fa0 R15: 00007ffefb56a8f8
[  185.386569][T12545]  </TASK>
[  185.625329][T12549] vlan2: entered allmulticast mode
[  185.729508][T12561] loop4: detected capacity change from 0 to 1024
[  185.752909][T12561] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.765380][T12561] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.797697][T12561] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  185.849369][T12561] EXT4-fs (loop4): Remounting filesystem read-only
[  185.904739][T12569] loop2: detected capacity change from 0 to 512
[  185.937760][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.955637][T12569] EXT4-fs (loop2): too many log groups per flexible block group
[  185.963384][T12569] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  185.980587][T12569] EXT4-fs (loop2): mount failed
[  185.986877][T12573] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.022889][T12573] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.027264][T12565] 9pnet_fd: Insufficient options for proto=fd
[  186.035121][T12576] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3276'.
[  186.073501][T12573] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.145532][T12573] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.249582][T12573] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.285758][T12573] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.325727][T12573] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.363016][T12573] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.579180][T12592] loop4: detected capacity change from 0 to 1024
[  186.649860][T12592] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.701296][   T29] kauditd_printk_skb: 114 callbacks suppressed
[  186.701310][   T29] audit: type=1326 audit(1751453483.370:229335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  186.707820][T12592] FAULT_INJECTION: forcing a failure.
[  186.707820][T12592] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.744252][T12592] CPU: 1 UID: 0 PID: 12592 Comm: syz.4.3283 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  186.744320][T12592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.744331][T12592] Call Trace:
[  186.744337][T12592]  <TASK>
[  186.744344][T12592]  __dump_stack+0x1d/0x30
[  186.744363][T12592]  dump_stack_lvl+0xe8/0x140
[  186.744460][T12592]  dump_stack+0x15/0x1b
[  186.744477][T12592]  should_fail_ex+0x265/0x280
[  186.744514][T12592]  should_fail+0xb/0x20
[  186.744540][T12592]  should_fail_usercopy+0x1a/0x20
[  186.744586][T12592]  _copy_from_user+0x1c/0xb0
[  186.744661][T12592]  ___sys_sendmsg+0xc1/0x1d0
[  186.744765][T12592]  __x64_sys_sendmsg+0xd4/0x160
[  186.744793][T12592]  x64_sys_call+0x2999/0x2fb0
[  186.744882][T12592]  do_syscall_64+0xd2/0x200
[  186.744898][T12592]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  186.744920][T12592]  ? clear_bhb_loop+0x40/0x90
[  186.744951][T12592]  ? clear_bhb_loop+0x40/0x90
[  186.744969][T12592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.744986][T12592] RIP: 0033:0x7f881832e929
[  186.745050][T12592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.745067][T12592] RSP: 002b:00007f8816997038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.745087][T12592] RAX: ffffffffffffffda RBX: 00007f8818555fa0 RCX: 00007f881832e929
[  186.745141][T12592] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  186.745153][T12592] RBP: 00007f8816997090 R08: 0000000000000000 R09: 0000000000000000
[  186.745163][T12592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.745173][T12592] R13: 0000000000000000 R14: 00007f8818555fa0 R15: 00007ffefb56a8f8
[  186.745190][T12592]  </TASK>
[  186.928430][   T29] audit: type=1326 audit(1751453483.370:229336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  186.952192][   T29] audit: type=1326 audit(1751453483.380:229337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  186.975879][   T29] audit: type=1326 audit(1751453483.380:229338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  186.999702][   T29] audit: type=1326 audit(1751453483.380:229339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  187.015783][T12601] loop2: detected capacity change from 0 to 1024
[  187.023410][   T29] audit: type=1326 audit(1751453483.380:229340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  187.053400][   T29] audit: type=1326 audit(1751453483.380:229341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  187.077099][   T29] audit: type=1326 audit(1751453483.380:229342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  187.100902][   T29] audit: type=1326 audit(1751453483.380:229343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  187.124620][   T29] audit: type=1326 audit(1751453483.380:229344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12591 comm="syz.4.3283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881832e929 code=0x7ffc0000
[  187.128856][T12601] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  187.159357][T12601] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  187.179165][T12598] 9pnet_fd: Insufficient options for proto=fd
[  187.240851][T11591] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.254322][T12601] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  187.301805][T12601] EXT4-fs (loop2): invalid journal inode
[  187.302573][T12604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.311804][T12601] EXT4-fs (loop2): can't get journal size
[  187.344011][T12601] EXT4-fs error (device loop2): ext4_protect_reserved_inode:182: inode #3: comm syz.2.3284: blocks 2-2 from inode overlap system zone
[  187.358250][T12604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.358683][T12601] EXT4-fs (loop2): failed to initialize system zone (-117)
[  187.401131][T12604] loop5: detected capacity change from 0 to 2048
[  187.423013][T12601] EXT4-fs (loop2): mount failed
[  187.428524][T12604] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[  187.443117][T12604] ==================================================================
[  187.451220][T12604] BUG: KCSAN: data-race in blkdev_open / queue_limits_commit_update
[  187.459221][T12604] 
[  187.461537][T12604] read to 0xffff8881008953e4 of 4 bytes by task 9382 on cpu 0:
[  187.469079][T12604]  blkdev_open+0x161/0x290
[  187.473510][T12604]  do_dentry_open+0x646/0xa20
[  187.478201][T12604]  vfs_open+0x37/0x1e0
[  187.482272][T12604]  path_openat+0x1c5e/0x2170
[  187.486861][T12604]  do_filp_open+0x109/0x230
[  187.491357][T12604]  do_sys_openat2+0xa6/0x110
[  187.495939][T12604]  __x64_sys_openat+0xf2/0x120
[  187.500696][T12604]  x64_sys_call+0x1af/0x2fb0
[  187.505305][T12604]  do_syscall_64+0xd2/0x200
[  187.509796][T12604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.515679][T12604] 
[  187.517989][T12604] write to 0xffff888100895360 of 184 bytes by task 12604 on cpu 1:
[  187.525864][T12604]  queue_limits_commit_update+0x4c/0x110
[  187.531494][T12604]  lo_release+0x1e9/0x400
[  187.535823][T12604]  bdev_release+0x370/0x3d0
[  187.540315][T12604]  blkdev_release+0x15/0x20
[  187.544812][T12604]  __fput+0x298/0x650
[  187.548785][T12604]  fput_close_sync+0x6e/0x120
[  187.553458][T12604]  __x64_sys_close+0x56/0xf0
[  187.558040][T12604]  x64_sys_call+0x2747/0x2fb0
[  187.562709][T12604]  do_syscall_64+0xd2/0x200
[  187.567199][T12604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.573083][T12604] 
[  187.575392][T12604] Reported by Kernel Concurrency Sanitizer on:
[  187.581532][T12604] CPU: 1 UID: 0 PID: 12604 Comm: syz.5.3287 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  187.594025][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.604080][T12604] ==================================================================