last executing test programs:

54.718239324s ago: executing program 3 (id=43):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{0x0}], 0x1}, 0x1f00)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x50)
close(0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000200b703000000000000850000000400000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r3}, 0x10)
syz_clone(0x20a00000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
select(0x40, &(0x7f0000000000)={0x4, 0x5, 0x10001, 0x2a, 0xffffffffffffffcc, 0x7fa3aaae, 0x2, 0xdd3}, &(0x7f00000000c0)={0x2, 0x1, 0x6, 0x2, 0x6, 0xb, 0x2, 0x400}, &(0x7f0000000140)={0xfff, 0x10001, 0x3, 0x100, 0x1, 0x5, 0x3, 0x2}, &(0x7f00000002c0)={r4, r5/1000+10000})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x40000000)

53.806424138s ago: executing program 3 (id=54):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
set_tid_address(&(0x7f0000000380))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_IMMEDIATE_DATA={0x4}]}}}]}]}], {0x14}}, 0xc4}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r5, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
setsockopt$inet6_opts(r5, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8)
sendto$inet6(r5, 0x0, 0x0, 0x400c0, &(0x7f0000000040)={0xa, 0xcaa1, 0xffffff7c, @empty, 0xd}, 0x1c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r1)
getsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000480)={@local, @broadcast, <r10=>0x0}, &(0x7f00000004c0)=0xc)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000580)={'gre0\x00', &(0x7f0000000500)={'syztnl2\x00', <r11=>0x0, 0x700, 0x91, 0x1, 0x10, {{0x14, 0x4, 0x3, 0x26, 0x50, 0x66, 0x0, 0x3, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x27}, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp={0x44, 0x10, 0xe0, 0x0, 0x1, [0x7fff, 0xa482, 0x2]}, @timestamp_prespec={0x44, 0x2c, 0xe7, 0x3, 0xd, [{@broadcast, 0x3}, {@dev={0xac, 0x14, 0x14, 0x38}, 0x2ac}, {@empty, 0x4}, {@private=0xa010100, 0x4}, {@remote, 0x9}]}]}}}}})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gretap0\x00', <r12=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000600)={'wg0\x00', <r13=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000640)={'batadv_slave_0\x00', <r14=>0x0})
getpeername$packet(r7, &(0x7f0000000680)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000006c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000840)={'sit0\x00', &(0x7f0000000700)={'syztnl0\x00', <r16=>0x0, 0x700, 0x8, 0x4, 0xff, {{0x41, 0x4, 0x2, 0x38, 0x104, 0x67, 0x0, 0x6, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @loopback, {[@cipso={0x86, 0x10, 0x3, [{0x5, 0xa, "add50892e6810aa2"}]}, @timestamp_prespec={0x44, 0x14, 0x83, 0x3, 0xd, [{@local, 0x4}, {@local, 0x4}]}, @timestamp={0x44, 0x10, 0xda, 0x0, 0x6, [0x0, 0x0, 0xffffffff]}, @timestamp_addr={0x44, 0x44, 0xa8, 0x1, 0x2, [{@dev={0xac, 0x14, 0x14, 0xd}, 0x9}, {@multicast1, 0x9}, {@multicast1, 0xc}, {@multicast1, 0x5}, {@rand_addr=0x64010101, 0x6}, {@empty, 0x4}, {@private=0xa010100, 0x2}, {@empty, 0x3}]}, @ssrr={0x89, 0x1f, 0xa4, [@remote, @broadcast, @multicast1, @multicast1, @local, @remote, @loopback]}, @timestamp_prespec={0x44, 0x44, 0x80, 0x3, 0x0, [{@remote, 0x10000}, {@multicast1, 0x3}, {@broadcast, 0xb}, {@rand_addr=0x64010101, 0xb6}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x5}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x6}, {@loopback}, {@multicast2}]}, @ssrr={0x89, 0x13, 0x80, [@multicast2, @empty, @loopback, @private=0xa010100]}]}}}}})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f00000008c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000880)={&(0x7f0000000a00)={0x17c, r9, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x24008850}, 0x40005)
r17 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x34, r17, 0x1, 0x0, 0x1, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x4000)

53.68739677s ago: executing program 3 (id=55):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x6)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
r4 = dup(0xffffffffffffffff)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r6}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x1}, {0xfffb}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x38, 0x2, [@TCA_BPF_ACT={0x34, 0x1, [@m_ctinfo={0x30, 0x1c, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x64}}, 0x0)

53.453314033s ago: executing program 3 (id=57):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000340)=0x5, 0x4)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./bus\x00', 0x280008a, &(0x7f0000000240)=ANY=[@ANYBLOB='shortname=lower,shortname=win95,rodir,iocharset=default,uni_xlate=0,nonumtail=1,utf8=0,flush,rodir,shortname=win95,shortname=winnt,shortname=win95,showexec,uni_xlate=0,utf8=0,utf8=0,uni_xlate=0,shortname=mixed,\x00'], 0x97, 0x2ad, &(0x7f00000007c0)="$eJzs3b9rO2UYAPDn0jQJOiSCkwge6OD05dvv6pIiLRQzKRnUQYttQZogtFDwB8ZOri6Ori6C4OY/4eJ/ILgKbhYsnNzlrklqGpPatP74fJa+fe953nve69uWDvf03eeHxwdpHJ1/8lO0WknUutGNiyQ6UYvKZzGj+0UAAP9mF1kWv2Zjq+QlEdFaX1kAwBqt/Pv/u7WXBACs2RtvvvXadq+383qatmJ3+PlZP//LPv84vr59FO/HIA7jcbTjMiK7Mh7vZlk2qqe5Trw0HJ3188zhOz+U62//ElHkb0U7OsXUbP5eb2crHZvKH+V1PFXev5vnP4l2PDvn/nu9nSdz8qPfiJdfnKr/UbTjx/figxjEQVHEOD9qEZ9upemr2Ze/ffx2Xl6en4zO+s0ibiLbuOcvDQAAAAAAAAAAAAAAAAAAAAAA/2GPyt45zSj69+RTZf+djcv8k81IK53Z/jzj/KRa6Fp/oFEWX1X9eR6naZqVgZP8ejxXj/rD7BoAAAAAAAAAAAAAAAAAAAD+WU4//Oh4fzA4PLmTQdUNoHqt/7brdKdmXojFwc3JvWrlcMHKsVHFJBELy8g3sXTNv5dtD2736J65qeZvvl16na//eu/lYHOJmL85qE7X8X4y/xk2o5ppVYfk++mYRix5r8ZNl7KVjl9j7qX2yntvPF0MRgtiIllU2Cs/j59cOZNc30WjeKpz0zfLwVT6bExr+fOcf6f8SXLVrSO52x9CAAAAAAAAAAAAAAAAAABAYfLS75yL5wtTa1lzbWUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL2a/P//FQajMnmJ4EacnD7wFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgf+CMAAP//SfdjDw==")
openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000240)='./bus\x00', 0x20100, 0x10b)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
recvmmsg(r4, &(0x7f0000003280)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x100, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0)
ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000100)=0x3)
ioctl$PPPIOCSNPMODE(r5, 0x4008744b, &(0x7f0000000440)={0xfd})
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000060000000400000000000008000000000000000061"], 0x0, 0x2a}, 0x20)
fremovexattr(r6, &(0x7f00000002c0)=@known='trusted.overlay.redirect\x00')
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000ccb5c4406cfc991700003d0631c6a72cdf4cbe8daf251c70620000788b40e041bed57def891d6040193d3c9ea6077324ae03b28f5d28632939e5bb7c9cdd033cb907b3e89ffc74fe461143453f098f00000000000000d75b93e640725922a63d73e21ac311d407c89aad519867ae7f2b209f2be2ca7f47222fe86da5d06319daa1300f5b45b0c3be46590f000000e668af037f62b8b62ee9db4bdde1e01770006a661024e2799ec0d7a5036be2c332940bb677775cb6dd34d599ee9046a9e8b4916406f50a6f1d789f7e25ce28ffe4b5930a84ba3d25e94db9463032d6f68054aa878854d219b9720ac5a9651c6c3aaec96021c69f81187f369725661f34e9ca637f004325a9a69279c5b4d29434a15834924c4ee1396df72600", @ANYRESHEX=r4, @ANYBLOB='\x00'/20, @ANYRES8=r5, @ANYRES64=r2, @ANYBLOB='\x00'/28, @ANYRES64=r6, @ANYRES16=r1], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000001000000000000000000010018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000070000007bff0700f8ffffffb703000008000000b7040000020000bfe8d5832954d96c00aea800000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000090000017b8af8ff00000000bfa200000000000007170000f8ffffffb703000008000000b70400000100000085000000030000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)
ioctl$BLKFLSBUF(r2, 0x1261, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r1, &(0x7f0000000040)={&(0x7f00000007c0)=@llc={0x1a, 0x20, 0x6, 0xeb, 0xe0, 0xda, @multicast}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000100)="ec000900062b2c25fe800000f7ffffffdc8b851a238466cc80007a000000ad6e911b51818462b4003a000001828c75416cf99116e3a902d8d4c969bf612c7e731b3bab308a5cedf2baaabcffcddab1ae7d912405834326afe1232d0e11daed5a0dba86d864ca5279001f11e4f725a2", 0x6f}], 0x1}, 0x0)

52.837833403s ago: executing program 3 (id=64):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000b80), r2)
sendmsg$NFC_CMD_VENDOR(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x2c, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x200}, @NFC_ATTR_VENDOR_SUBCMD={0x8, 0x1e, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2400c000}, 0x200048c0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000001480), r5)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r4, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f00000014c0)={0x14, r6, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x85}, 0x10)
sendmsg$NFC_CMD_VENDOR(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, r6, 0x4, 0x70bd27, 0x25dfdbff, {}, [@NFC_ATTR_VENDOR_DATA={0x46, 0x1f, "e8f941c76ab76e92e40bb8a2725e6f7560736b136246ef4037e952fe7b61465ad62ba656e8bd948bc1faefa37d3ff7520794d0ca459d8703b0648a42907f55409ac8"}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x992}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x6ac493f9}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4800}, 0x24000100)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xffff, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r8}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

52.42700886s ago: executing program 3 (id=69):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000400)=0x1, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket(0x10, 0x803, 0x0)
kexec_load(0x0, 0x0, &(0x7f0000000140), 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x14124, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x2df}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r2, 0x5406, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x800a, 0x2, "5f7300fbffffff00"})
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r3, 0x84, 0x2, 0x0, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000700000"], 0x0, 0x2002, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x605, @mcast2, 0xfffffffe}], 0x1c)
sendto$inet6(r4, &(0x7f0000000780)="d2", 0xffe0, 0xc0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

52.41489236s ago: executing program 32 (id=69):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000400)=0x1, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket(0x10, 0x803, 0x0)
kexec_load(0x0, 0x0, &(0x7f0000000140), 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x14124, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x2df}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r2, 0x5406, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x800a, 0x2, "5f7300fbffffff00"})
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r3, 0x84, 0x2, 0x0, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000700000"], 0x0, 0x2002, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x605, @mcast2, 0xfffffffe}], 0x1c)
sendto$inet6(r4, &(0x7f0000000780)="d2", 0xffe0, 0xc0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

3.882718968s ago: executing program 1 (id=955):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
dup(r2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$loop(&(0x7f0000000440), 0x200000000081, 0x2a82)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000001540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020816c2500000000e12020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000006fd6850000002d000000850000002300000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000080000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008100000b704000000000000850000008200000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x39, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='sched_process_wait\x00', r4, 0x0, 0xfffffffffffffffc}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r5 = socket(0x27, 0x1, 0x9)
getsockopt$sock_buf(r5, 0x1, 0x2b, 0x0, &(0x7f0000000040))
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f0000001100)='./file0\x00', 0x2810, &(0x7f00000017c0)={[{@nodioread_nolock}, {@acl}, {@nodelalloc}, {@errors_continue}, {@dioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x3ff}}, {@nomblk_io_submit}, {@nomblk_io_submit}]}, 0xff, 0x5e7, &(0x7f0000001880)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICbMaTBH/HixQoFkQINrdGiCSXBi4nxYoyJJw/iv+BJiVw56cmDF0+GhKjhaOKa2Z0p/TG7pUu7i53PJ1k6772dvjdsv31vX9+bDaC0htN/KhG7I2ImiRhMFhbLuiMrHK4/7+7fH59MH0lUq6//mUSS5eXPT7KvA9nJfRHx809J7OpaXe/s/OVzk9PTU5ey9Ojc+ZnR2fnL+8+enzwzdWbqwvgL40cOHzp8ZOxAS9d1pSDv+LX3Phj8dOKtb7/+Jxn77reJJI7GK9kTl17HRhmO4dr/SbK6aODIRlfWIV3Zz8nSlzjpLnpmT/saxX3LX7/01XkiBqMr7r14g/HJqx1tHLCpqklEFSipRPxDSeXjgPy9/cr3wZWOjEqAdrhzrD4BsDr+u+tzg9FXmxvYfjeJpdM6SUS0NjO33I6IuHVz4trpmxPXYpPm4YBiC1cj4smi+E9q8T8UfTFUi//KsvhPxwUnsq9p/mst1r9yqlj8Q/vU47+vafxHg/h/e0n8v9Ni/cP3Dt/tz+K/XmN/y9cEAAAAAAAAZXXjWEQ8X/T3/8ri+p8oWP8zEBFHN6D+4RXp1X//r9zegGqAAneORbxUuP63kq/+HerKjh6prQfoSU6fnZ46EBGPRsS+6NmWpsea1LH/s11fNSobztb/5Y+0/lvZWsCsHbe7ty0/59Tk3OSDXjcQcedqxFOF63+Txf4/Kej/098HM3ni5e+b1rHr2esnGpWtHf/AZql+E7G3sP+/d9eKpPn9OUZr44HRfFSw2tMfff5Do/pbjf/CW0wA65L2/9ubx/9QsvR+PbPrr+PgfHe1UVmr4//e5I3aLWd6s7wPJ+fmLo1F9CbHu9LcZfnj628zbEV5POTxksb/vmeaz/8Vjf/7I2JhxfdO/lq+pzj3+L8Dvzdqj/E/dE4a/6fW1f+v/2D8+tCPjeq/v/7/UK2v35flmP+Dui/zMO1dnl8Qjt1FRe1uLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsBZWI2BFJZWTxuFIZGYkYiIjHYntl+uLs3HOnL75/4VT94/6GoqeSf9LvYD2d5J//P7QkPb4ifTAidkbEF139tfTIyYs9nb52AAAAAAAAAAAAAAAAAAAAeFgMNNj/n/qjq9OtAzZdd6cbAHRMQfz/0ol2AO2n/4fyEv9QXuIfykv8Q3mJfygv8Q/lJf6hvMQ/AAAAAABsKTv33Pg1iYiFF/trj1RvVuYD+mFrq3S6AUDHuMUPlJelP1Be3uMDyRrlfQ1PWuvMZmZOPsDJAAAAAAAAAAAAAFA6e3fb/w9lZf8/lJf9/1Be+f7/PR1uB9B+3uMDscZO/sL9/2ueBQAAAAAAAAAAAABspNn5y+cmp6enLjl48+FoRjsPqtXqlfSn4GFpz//8IF8K/yDfpzciNqmF+V6/+zurc7+TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5f4LAAD//6ulI+M=")
r7 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
preadv(r7, &(0x7f0000000380)=[{&(0x7f0000000280)=""/240, 0xf0}], 0x1, 0x33, 0x2)

3.656602682s ago: executing program 1 (id=961):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015)

3.636219662s ago: executing program 1 (id=962):
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
fcntl$lock(r2, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0x401})
openat2(r2, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x82, 0x1, 0x12}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
r6 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
setuid(r8)
pwritev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x1, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]})
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f00000004c0)=""/26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0}, 0x18)
r9 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r9, &(0x7f0000000040), 0x0, 0x4004040)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
getsockopt$WPAN_SECURITY(r1, 0x0, 0x1, 0x0, &(0x7f0000000080))
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x60, 0x9, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xd4}, @IPSET_ATTR_DATA={0x40, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x901}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x7}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x4}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r10, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

2.194841235s ago: executing program 1 (id=1006):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000580)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0xb5b}}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_FREE(r0, 0x3314)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18)
r3 = open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40)
pwrite64(r3, &(0x7f0000000940)='2', 0x1, 0x8000c61)
fallocate(r3, 0x8, 0x0, 0x10000)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r3)
sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r4, @ANYBLOB="00082dbd7000fcdbdf25050000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030002000000080001007063690011000200303030303a30303a31302e30000000000800030003000000050001006e657464657673696d7464657673696d30000008000300000000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000000080001007063690011000200303030303a30303a31302e30000000000800030801000000080001007063690011000200303030303a30303a31302e3000000000080003000300"/242], 0xf8}}, 0x800)

2.194320975s ago: executing program 4 (id=1007):
r0 = socket(0x2b, 0x80801, 0x1)
unshare(0x8040480)
r1 = socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mq_open(&(0x7f0000000000)='kfree\x00', 0x40, 0x40, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00'})
iopl(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_ifreq(r3, 0x8923, &(0x7f00000000c0)={'lo\x00', @ifru_map={0x1, 0xb7f8, 0x2800, 0x9, 0x8, 0x3}})
connect$llc(r0, &(0x7f0000000200)={0x1a, 0x324, 0x6, 0xa3, 0x8, 0x1, @multicast}, 0x10)

2.108196286s ago: executing program 0 (id=1008):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r7, 0x400455c8, 0xfffffffffffffffd)
r8 = accept$packet(0xffffffffffffffff, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000007c0)=0x14)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000800)={0x0, r8, 0x5, 0x9, 0x2, 0x4})
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x2020, 0x8, 0x3, 0x5, 0x1}, 0x8)
r10 = syz_open_dev$ttys(0xc, 0x2, 0x1)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000d00)={{{@in6=@private1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@private1}}, &(0x7f0000000e00)=0xe8)
r12 = getuid()
sendmsg$unix(r2, &(0x7f0000000f40)={&(0x7f0000000840)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f00000008c0)}, {&(0x7f00000009c0)="fa1053ab3dfafa9f1283da070c46376b4f62f788d97b721506c3ecc02779cee5d7de0164361529b1138b9f48522f76b2d2c6d653b7be935a9f4bd79d2f3ae4572dcf965679fa9148b9a28a4ac7a6dcf3bda6df6539157b0ecd13336ace8beb988db3fb2aee71258e0a533c", 0x6b}, {&(0x7f0000000900)="b00e04e11ff4b2a4ac0df8fdcfba37e97bee329ba66202ba59757955654b1f5e", 0x20}, {&(0x7f0000000a40)="f35a9ba3a5b44ec0e76ed0753f3196ccf141080c47e0411cbb703fa61a8bb30790d1795af840e4bc52d5aa65adb5e05f77f5f252961a50d0dc4890186ec2e558b1b55ab5fc05c6f1fc7daddc5b8fe77a4a388c2be0d20856ddf3834297f2dd9c968861f9b03ef98af6041bc02fc5301d93cccff3601d", 0x76}, {&(0x7f0000000ac0)="a3b949ce892a7d89ebc33c557eb6f85a9fd06d5a29441993892236fa178124a6e341693104345b158aeafedd2f4afde03d4829a6947282715ccd962387299fbc1e91c4a3252dfdd6c133e2789a401a71b4db75e032f574d1e917b18cf0f6d1c111825d6fabfa6438ece83be2590df4562f25186e02a784a23130b57b0de1a9842ec77b9aa4751a35c80dab5e337958697f5b48376b1194944779d61d314482ad47a75147e443c4db952bf94331c7293c6908d51d054f1c744b74f8658061175a42c4bee5ac36f7f055a6bfd6deada4855e129a9ea90b72d2318e98303b7d3932c3f9ab0ab20a99bb83ae6c", 0xeb}], 0x5, &(0x7f0000000f80)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r6, @ANYRES32=r8, @ANYRES32=r3, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r8, @ANYRES32=r5, @ANYRES32, @ANYRES32=r1, @ANYBLOB="30000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r7, @ANYRES32=r6, @ANYRES32=r5, @ANYRES32=r4, @ANYRES32, @ANYRES32=r4, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0000fd992b000000000000855d08bdeff92e41f63194f52cb48dc3cfc28e7d63a8f200a4d882b27daf85e44182329158c3ffe3b0cf641efca6fc6262ccc6e6af85dec299", @ANYRES32=r10, @ANYRES32=r3, @ANYRES32=r9, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r11, @ANYRES32=0xee01, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r12, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xf8, 0x40}, 0x4c000)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r13}, 0x10)
bind$bt_hci(r2, &(0x7f0000000780)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")

1.950655939s ago: executing program 4 (id=1010):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x2}, 0x8)
close(r2)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffffc, @empty, 0x2}, 0x1c)
listen(r1, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002"], 0x50)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0xff1f, &(0x7f0000000180)={&(0x7f0000003140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="01002cbd7000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)

1.539137095s ago: executing program 1 (id=1013):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r0}, 0x3d)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x4c, &(0x7f000002eff0)={0x20000000000003da, &(0x7f0000000000)=[{}]}, 0x10)
connect$unix(r1, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r1, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
splice(r4, 0x0, r3, 0x0, 0x408cd, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.002670354s ago: executing program 4 (id=1014):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014"], 0x80}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./file1\x00', 0x102004c, &(0x7f0000000200), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="02000000010002000000000002000500", @ANYRES32=0x0, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="040000000000000030000500000000002000000000000000"], 0x34, 0x2)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r1, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

967.817544ms ago: executing program 4 (id=1015):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="640e3d8c20"], 0x5)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071123400000500009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000028a, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={0xffffffffffffffff, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0, 0x3b, &(0x7f0000000680)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x5e, 0x8, 0x8, &(0x7f0000000800)}}, 0x10)

857.435026ms ago: executing program 4 (id=1017):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[], 0x154}}, 0x8044)
epoll_create1(0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xab)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580), &(0x7f00000005c0)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4008010)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, 0x0)
socket$kcm(0x2, 0x3, 0x84)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
sendto$inet(r3, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)

748.145538ms ago: executing program 2 (id=1020):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="640e3d8c20"], 0x5)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071123400000500009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000028a, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={r4, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0, 0x3b, &(0x7f0000000680)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x5e, 0x8, 0x8, &(0x7f0000000800)}}, 0x10)

653.125209ms ago: executing program 2 (id=1022):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48041, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffefc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x10000}, 0x18)
setxattr$incfs_id(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0), &(0x7f0000000600)={'0000000000000000000000000000000', 0x32}, 0x20, 0x3)

629.76044ms ago: executing program 2 (id=1023):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

603.70169ms ago: executing program 2 (id=1024):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r3 = dup(r2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$loop(&(0x7f0000000440), 0x200000000081, 0x2a82)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000001540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020816c2500000000e12020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000006fd6850000002d000000850000002300000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000080000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008100000b704000000000000850000008200000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x39, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='sched_process_wait\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r6 = socket(0x27, 0x1, 0x9)
getsockopt$sock_buf(r6, 0x1, 0x2b, 0x0, &(0x7f0000000040))
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r7, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f0000001100)='./file0\x00', 0x2810, &(0x7f00000017c0)={[{@nodioread_nolock}, {@acl}, {@nodelalloc}, {@errors_continue}, {@dioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x3ff}}, {@nomblk_io_submit}, {@nomblk_io_submit}]}, 0xff, 0x5e7, &(0x7f0000001880)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICbMaTBH/HixQoFkQINrdGiCSXBi4nxYoyJJw/iv+BJiVw56cmDF0+GhKjhaOKa2Z0p/TG7pUu7i53PJ1k6772dvjdsv31vX9+bDaC0htN/KhG7I2ImiRhMFhbLuiMrHK4/7+7fH59MH0lUq6//mUSS5eXPT7KvA9nJfRHx809J7OpaXe/s/OVzk9PTU5ey9Ojc+ZnR2fnL+8+enzwzdWbqwvgL40cOHzp8ZOxAS9d1pSDv+LX3Phj8dOKtb7/+Jxn77reJJI7GK9kTl17HRhmO4dr/SbK6aODIRlfWIV3Zz8nSlzjpLnpmT/saxX3LX7/01XkiBqMr7r14g/HJqx1tHLCpqklEFSipRPxDSeXjgPy9/cr3wZWOjEqAdrhzrD4BsDr+u+tzg9FXmxvYfjeJpdM6SUS0NjO33I6IuHVz4trpmxPXYpPm4YBiC1cj4smi+E9q8T8UfTFUi//KsvhPxwUnsq9p/mst1r9yqlj8Q/vU47+vafxHg/h/e0n8v9Ni/cP3Dt/tz+K/XmN/y9cEAAAAAAAAZXXjWEQ8X/T3/8ri+p8oWP8zEBFHN6D+4RXp1X//r9zegGqAAneORbxUuP63kq/+HerKjh6prQfoSU6fnZ46EBGPRsS+6NmWpsea1LH/s11fNSobztb/5Y+0/lvZWsCsHbe7ty0/59Tk3OSDXjcQcedqxFOF63+Txf4/Kej/098HM3ni5e+b1rHr2esnGpWtHf/AZql+E7G3sP+/d9eKpPn9OUZr44HRfFSw2tMfff5Do/pbjf/CW0wA65L2/9ubx/9QsvR+PbPrr+PgfHe1UVmr4//e5I3aLWd6s7wPJ+fmLo1F9CbHu9LcZfnj628zbEV5POTxksb/vmeaz/8Vjf/7I2JhxfdO/lq+pzj3+L8Dvzdqj/E/dE4a/6fW1f+v/2D8+tCPjeq/v/7/UK2v35flmP+Dui/zMO1dnl8Qjt1FRe1uLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsBZWI2BFJZWTxuFIZGYkYiIjHYntl+uLs3HOnL75/4VT94/6GoqeSf9LvYD2d5J//P7QkPb4ifTAidkbEF139tfTIyYs9nb52AAAAAAAAAAAAAAAAAAAAeFgMNNj/n/qjq9OtAzZdd6cbAHRMQfz/0ol2AO2n/4fyEv9QXuIfykv8Q3mJfygv8Q/lJf6hvMQ/AAAAAABsKTv33Pg1iYiFF/trj1RvVuYD+mFrq3S6AUDHuMUPlJelP1Be3uMDyRrlfQ1PWuvMZmZOPsDJAAAAAAAAAAAAAFA6e3fb/w9lZf8/lJf9/1Be+f7/PR1uB9B+3uMDscZO/sL9/2ueBQAAAAAAAAAAAABspNn5y+cmp6enLjl48+FoRjsPqtXqlfSn4GFpz//8IF8K/yDfpzciNqmF+V6/+zurc7+TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5f4LAAD//6ulI+M=")
r8 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
preadv(r8, &(0x7f0000000380)=[{&(0x7f0000000280)=""/240, 0xf0}], 0x1, 0x33, 0x2)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r9, 0xffffffffffffffff, 0x0)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$UHID_INPUT(r3, &(0x7f0000000080)={0x9, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b33393b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313020376d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cbdb4a5fb7e2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72b64d01c6a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dca89c9c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x8f7}}, 0x1006)

449.787253ms ago: executing program 5 (id=1026):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8000009, 0x5, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x0)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)

243.271786ms ago: executing program 5 (id=1027):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = socket(0x1e, 0x4, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r5, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
mq_open(&(0x7f00000001c0)='GPL\x00', 0x40, 0x168, 0x0)

239.921356ms ago: executing program 0 (id=1028):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="640e3d8c20"], 0x5)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071123400000500009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000028a, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={0xffffffffffffffff, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0, 0x3b, &(0x7f0000000680)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x5e, 0x8, 0x8, &(0x7f0000000800)}}, 0x10)

167.738547ms ago: executing program 5 (id=1029):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1101)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00'})
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="25390000290003"], 0x33fe0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e00)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x9, @local, 0x5}, 0x1c, 0x0}}], 0x1, 0x14)
openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x3b, 0x2, 0x1})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
munlockall()

141.636787ms ago: executing program 2 (id=1030):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x6)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r5}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x1}, {0xfffb}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x38, 0x2, [@TCA_BPF_ACT={0x34, 0x1, [@m_ctinfo={0x30, 0x1c, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x64}}, 0x0)

138.757107ms ago: executing program 5 (id=1031):
r0 = io_uring_setup(0x560d, &(0x7f0000000680)={0x0, 0xb586, 0x2, 0xfffffffe, 0x3bd})
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000003400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r1, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], &(0x7f0000000180)='syzkaller\x00', 0x7f, 0x9f, &(0x7f0000000240)=""/159, 0x40f00, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0x3, 0x408, 0x8}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x1}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='kfree\x00', r3}, 0x18)
close_range(r0, r1, 0x0)

111.046698ms ago: executing program 2 (id=1032):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r1}, 0x18)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_BULK(r3, 0x5523, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x5522, 0x0)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80045510, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000800000010"], 0x48)
r6 = socket(0x10, 0x3, 0x6)
r7 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000040)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0xfffc, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000280)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl1\x00', <r9=>r8, 0x29, 0x7f, 0x0, 0x2, 0x4, @loopback, @mcast2, 0x7, 0x7800, 0x10000, 0xf}})
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', r9, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)

98.535608ms ago: executing program 0 (id=1033):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d40)=@base={0x12, 0x30, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20)

94.291988ms ago: executing program 5 (id=1034):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

70.442789ms ago: executing program 5 (id=1035):
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @remote}], 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x4e21, 0xfa9, @private1, 0x9}], 0x2c)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000080)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x1c, 0xe, [@ext_channel_switch={0x1c, 0x4, {0x1, 0x0, 0x9d, 0x7}}, @mic={0x8c, 0x10, {0x20e, "48dd13d0eb67", @short="bd84e7e46fbc4d6a"}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x840}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)

64.364089ms ago: executing program 0 (id=1036):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8000009, 0x5, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x0)
sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)

32.759749ms ago: executing program 1 (id=1037):
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f00000002c0)={&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, 0x0, 0xffffff77})
r2 = dup3(r0, r1, 0x0)
ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000300), 0x0})
socket$inet6(0xa, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0000000000009115b3671b2d00000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f00000000c0), 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x105042, 0x1db)
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000040)={0x0, 0xffffffff, 0xe, 0x5, 0x7})

32.162909ms ago: executing program 0 (id=1038):
r0 = socket$kcm(0x2b, 0x1, 0x0)
close(r0)
r1 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r1, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380)}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000000000000400300110000000000000f00fdffff0700", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c0000000000000000078f000c000000", @ANYRES32=0x0, @ANYBLOB="a005000000000000000000002400000000000000840000000700000094040000441000000000000000050000000000000000000011000000000000000000011601000000000000000000000003cfaff1a411936940e815b82c26205472b6847265849d913aac5ebe"], 0x98}, 0x4dc) (async)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10)
write(r2, &(0x7f0000000040)="240000001a005f0014f9f507000909000aff8000000000000000000008001e0000000000", 0x24)
setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f00000001c0), 0x45) (async)
close(r0) (async)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00')
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)
ioctl$TUNSETDEBUG(r3, 0x400454c9, &(0x7f0000000180))

1.27312ms ago: executing program 0 (id=1039):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000940)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")

0s ago: executing program 4 (id=1040):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='sys_enter\x00', r2, 0x0, 0x4}, 0x18) (async)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='sys_enter\x00', r2, 0x0, 0x4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r4}, 0x10)
lsm_get_self_attr(0x69, &(0x7f0000000500)={0x0, 0x0, 0x101e, 0xffe, ""/4094}, &(0x7f0000000000)=0x101e, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
openat(0xffffffffffffff9c, 0x0, 0x103a42, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mlockall(0x1) (async)
mlockall(0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=r5, @ANYRES32=r3, @ANYBLOB="00000000000000000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x800000, &(0x7f0000006680)) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x800000, &(0x7f0000006680))
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
ptrace(0x10, r6) (async)
ptrace(0x10, r6)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r9}, 0x10)
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000007c0)=0xfffffffffffffccd)
sendmsg$nl_route_sched(r11, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=@newtaction={0x1b8, 0x30, 0x300, 0x80000000, 0xfffffffe, {0x0, 0x0, 0x6a00}, [{0x1a4, 0x1, [@m_mirred={0x148, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x6}, 0x2, r12}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x6, 0x3, 0x7, 0x6}, 0x4, r12}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7f, 0x200, 0x1, 0x57b, 0x9}, 0x1, r12}}]}, {0xbb, 0xa, "f6388c92747e56686d9521cae3d6f6b724f90431f67813e55ce9ff193e608d5a4f14b1f726910cad1f4a2a344c1051581b9a78fcc1ee7786f10d9a93acd79b375f9e78a13b676db3223d75e71245a2b396b7743e524c25dc222eb010f268c2c371c4676ac1e8514dc4bcdca4d8a272139a16945e29d80daafa3a4bbd64edd6fbf95af46d665735986563cf877796f8799687e401914bd3747b09e208bbf446a7bc128735ced6a6d7bf07272a71207426fdb9b6e314cdd2"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x58, 0x10, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @local}]}, {0x1d, 0x6, "85f5c5d9b77e55376753adac7dbdd17dff83b2ea9bbaca08b5"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x1b8}}, 0x0) (async)
sendmsg$nl_route_sched(r11, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=@newtaction={0x1b8, 0x30, 0x300, 0x80000000, 0xfffffffe, {0x0, 0x0, 0x6a00}, [{0x1a4, 0x1, [@m_mirred={0x148, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x6}, 0x2, r12}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x6, 0x3, 0x7, 0x6}, 0x4, r12}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7f, 0x200, 0x1, 0x57b, 0x9}, 0x1, r12}}]}, {0xbb, 0xa, "f6388c92747e56686d9521cae3d6f6b724f90431f67813e55ce9ff193e608d5a4f14b1f726910cad1f4a2a344c1051581b9a78fcc1ee7786f10d9a93acd79b375f9e78a13b676db3223d75e71245a2b396b7743e524c25dc222eb010f268c2c371c4676ac1e8514dc4bcdca4d8a272139a16945e29d80daafa3a4bbd64edd6fbf95af46d665735986563cf877796f8799687e401914bd3747b09e208bbf446a7bc128735ced6a6d7bf07272a71207426fdb9b6e314cdd2"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x58, 0x10, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @local}]}, {0x1d, 0x6, "85f5c5d9b77e55376753adac7dbdd17dff83b2ea9bbaca08b5"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x1b8}}, 0x0)

kernel console output (not intermixed with test programs):

/0x200
[   66.659185][ T4982]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.659226][ T4982]  ? clear_bhb_loop+0x40/0x90
[   66.659261][ T4982]  ? clear_bhb_loop+0x40/0x90
[   66.659295][ T4982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.659342][ T4982] RIP: 0033:0x7fbe4256e929
[   66.659368][ T4982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.659394][ T4982] RSP: 002b:00007fbe40bd7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[   66.659424][ T4982] RAX: ffffffffffffffda RBX: 00007fbe42795fa0 RCX: 00007fbe4256e929
[   66.659444][ T4982] RDX: 0000000000000168 RSI: 0000000000000040 RDI: 00002000000001c0
[   66.659463][ T4982] RBP: 00007fbe40bd7090 R08: 0000000000000000 R09: 0000000000000000
[   66.659482][ T4982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.659499][ T4982] R13: 0000000000000000 R14: 00007fbe42795fa0 R15: 00007ffc83685328
[   66.659589][ T4982]  </TASK>
[   66.689691][ T4983] loop5: detected capacity change from 0 to 1024
[   66.692848][ T4967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.779559][ T4983] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   66.959063][ T4983] EXT4-fs (loop5): can't mount with commit=, fs mounted w/o journal
[   66.968657][ T4995] FAULT_INJECTION: forcing a failure.
[   66.968657][ T4995] name failslab, interval 1, probability 0, space 0, times 0
[   66.981509][ T4995] CPU: 0 UID: 0 PID: 4995 Comm: syz.2.448 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   66.981545][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   66.981623][ T4995] Call Trace:
[   66.981630][ T4995]  <TASK>
[   66.981638][ T4995]  __dump_stack+0x1d/0x30
[   66.981659][ T4995]  dump_stack_lvl+0xe8/0x140
[   66.981679][ T4995]  dump_stack+0x15/0x1b
[   66.981751][ T4995]  should_fail_ex+0x265/0x280
[   66.981792][ T4995]  should_failslab+0x8c/0xb0
[   66.981821][ T4995]  kmem_cache_alloc_noprof+0x50/0x310
[   66.981931][ T4995]  ? add+0x419/0xb40
[   66.981981][ T4995]  add+0x419/0xb40
[   66.982015][ T4995]  wg_allowedips_insert_v6+0x8e/0xc0
[   66.982059][ T4995]  wg_set_device+0xf71/0x12e0
[   66.982145][ T4995]  ? genl_family_rcv_msg_attrs_parse+0x184/0x190
[   66.982180][ T4995]  genl_family_rcv_msg_doit+0x140/0x1b0
[   66.982218][ T4995]  genl_rcv_msg+0x422/0x460
[   66.982250][ T4995]  ? __pfx_wg_set_device+0x10/0x10
[   66.982342][ T4995]  netlink_rcv_skb+0x120/0x220
[   66.982381][ T4995]  ? __pfx_genl_rcv_msg+0x10/0x10
[   66.982420][ T4995]  genl_rcv+0x28/0x40
[   66.982504][ T4995]  netlink_unicast+0x59e/0x670
[   66.982536][ T4995]  netlink_sendmsg+0x58b/0x6b0
[   66.982557][ T4995]  ? __pfx_netlink_sendmsg+0x10/0x10
[   66.982581][ T4995]  __sock_sendmsg+0x145/0x180
[   66.982607][ T4995]  ____sys_sendmsg+0x31e/0x4e0
[   66.982695][ T4995]  ___sys_sendmsg+0x17b/0x1d0
[   66.982749][ T4995]  __x64_sys_sendmsg+0xd4/0x160
[   66.982815][ T4995]  x64_sys_call+0x2999/0x2fb0
[   66.982843][ T4995]  do_syscall_64+0xd2/0x200
[   66.982904][ T4995]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.982941][ T4995]  ? clear_bhb_loop+0x40/0x90
[   66.983000][ T4995]  ? clear_bhb_loop+0x40/0x90
[   66.983076][ T4995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.983098][ T4995] RIP: 0033:0x7f2786aee929
[   66.983176][ T4995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.983196][ T4995] RSP: 002b:00007f2785157038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   66.983215][ T4995] RAX: ffffffffffffffda RBX: 00007f2786d15fa0 RCX: 00007f2786aee929
[   66.983228][ T4995] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000006
[   66.983241][ T4995] RBP: 00007f2785157090 R08: 0000000000000000 R09: 0000000000000000
[   66.983254][ T4995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   66.983266][ T4995] R13: 0000000000000000 R14: 00007f2786d15fa0 R15: 00007ffee5b1f8f8
[   66.983285][ T4995]  </TASK>
[   67.270840][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.301423][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.308955][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.337798][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.345464][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.353087][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.360541][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.368108][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.375634][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.383247][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.390829][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.398275][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.405818][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.419815][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.427374][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.434890][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.442370][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.449872][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.457339][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.464868][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.472379][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.479819][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.480669][ T5004] netlink: 'syz.0.450': attribute type 4 has an invalid length.
[   67.487270][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.495036][ T5004] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.450'.
[   67.502462][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.518967][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.526520][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.534101][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.541649][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   67.575200][ T5006] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.677198][ T5012] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.711081][ T3400] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   67.786672][ T5006] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.867678][ T5033] netlink: 12 bytes leftover after parsing attributes in process `syz.1.461'.
[   67.911442][ T5012] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.928829][ T5037] rdma_op ffff88811bc7d980 conn xmit_rdma 0000000000000000
[   67.978118][ T5042] loop2: detected capacity change from 0 to 512
[   67.984998][ T5042] EXT4-fs: user quota file already specified
[   68.024407][ T5046] xt_hashlimit: max too large, truncated to 1048576
[   68.032912][ T5006] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.066043][ T5012] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.154891][ T5006] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.183966][ T5053] netlink: 36 bytes leftover after parsing attributes in process `syz.0.470'.
[   68.267973][ T5012] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.324871][ T5070] 9pnet_fd: Insufficient options for proto=fd
[   68.364674][ T5006] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.391697][ T5006] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.421001][ T5006] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.444423][ T5006] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.481555][ T5012] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.515469][ T5012] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.543311][ T5012] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.564870][ T5012] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.656310][ T5094] loop4: detected capacity change from 0 to 512
[   68.669609][ T5094] EXT4-fs: Ignoring removed orlov option
[   68.677673][ T5094] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   68.686797][ T5094] EXT4-fs (loop4): orphan cleanup on readonly fs
[   68.695321][ T5094] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.480: bg 0: block 248: padding at end of block bitmap is not set
[   68.732305][ T5094] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.480: Failed to acquire dquot type 1
[   68.803723][ T5094] EXT4-fs (loop4): 1 truncate cleaned up
[   68.825337][ T5094] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   68.997216][ T5110] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   69.327433][ T5106] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   69.347696][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.390988][   T29] kauditd_printk_skb: 328 callbacks suppressed
[   69.391005][   T29] audit: type=1326 audit(1751231870.037:13696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.406442][ T5118] bpf: Bad value for 'uid'
[   69.421277][   T29] audit: type=1326 audit(1751231870.037:13697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.448684][   T29] audit: type=1326 audit(1751231870.047:13698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.472586][   T29] audit: type=1326 audit(1751231870.047:13699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.475812][ T5122] random: crng reseeded on system resumption
[   69.496064][   T29] audit: type=1326 audit(1751231870.047:13700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.526239][   T29] audit: type=1326 audit(1751231870.047:13701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.549858][   T29] audit: type=1326 audit(1751231870.047:13702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.573426][   T29] audit: type=1326 audit(1751231870.047:13703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.597186][   T29] audit: type=1326 audit(1751231870.047:13704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.620829][   T29] audit: type=1326 audit(1751231870.047:13705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5117 comm="syz.0.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   69.889730][ T5128] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.901889][ T5128] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   70.017715][ T5135] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.128254][ T5128] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.163012][ T5128] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   70.282414][ T5135] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.357550][ T5163] netem: change failed
[   70.370349][ T5163] loop4: detected capacity change from 0 to 128
[   70.451763][ T5169] loop4: detected capacity change from 0 to 512
[   70.455942][ T5128] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.471511][ T5169] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   70.473341][ T5169] EXT4-fs (loop4): 1 truncate cleaned up
[   70.482882][ T5128] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   70.490554][ T5169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.553069][ T5135] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.582380][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.598643][ T5178] FAULT_INJECTION: forcing a failure.
[   70.598643][ T5178] name failslab, interval 1, probability 0, space 0, times 0
[   70.611463][ T5178] CPU: 0 UID: 0 PID: 5178 Comm: syz.5.507 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   70.611498][ T5178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.611519][ T5178] Call Trace:
[   70.611527][ T5178]  <TASK>
[   70.611536][ T5178]  __dump_stack+0x1d/0x30
[   70.611615][ T5178]  dump_stack_lvl+0xe8/0x140
[   70.611637][ T5178]  dump_stack+0x15/0x1b
[   70.611657][ T5178]  should_fail_ex+0x265/0x280
[   70.611748][ T5178]  should_failslab+0x8c/0xb0
[   70.611778][ T5178]  __kvmalloc_node_noprof+0x123/0x4e0
[   70.611890][ T5178]  ? alloc_netdev_mqs+0x73f/0xab0
[   70.611932][ T5178]  alloc_netdev_mqs+0x73f/0xab0
[   70.611978][ T5178]  rtnl_create_link+0x239/0x710
[   70.612047][ T5178]  rtnl_newlink_create+0x14c/0x620
[   70.612072][ T5178]  ? __list_del_entry_valid_or_report+0x65/0x130
[   70.612101][ T5178]  rtnl_newlink+0xf29/0x12d0
[   70.612141][ T5178]  ? __rcu_read_unlock+0x34/0x70
[   70.612180][ T5178]  ? __memcg_slab_free_hook+0x135/0x230
[   70.612213][ T5178]  ? __kfree_skb+0x109/0x150
[   70.612248][ T5178]  ? __rcu_read_unlock+0x4f/0x70
[   70.612317][ T5178]  ? avc_has_perm_noaudit+0x1b1/0x200
[   70.612428][ T5178]  ? selinux_capable+0x1f9/0x270
[   70.612473][ T5178]  ? security_capable+0x83/0x90
[   70.612507][ T5178]  ? ns_capable+0x7d/0xb0
[   70.612531][ T5178]  ? __pfx_rtnl_newlink+0x10/0x10
[   70.612576][ T5178]  rtnetlink_rcv_msg+0x5fe/0x6d0
[   70.612614][ T5178]  netlink_rcv_skb+0x120/0x220
[   70.612706][ T5178]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   70.612741][ T5178]  rtnetlink_rcv+0x1c/0x30
[   70.612765][ T5178]  netlink_unicast+0x59e/0x670
[   70.612806][ T5178]  netlink_sendmsg+0x58b/0x6b0
[   70.612854][ T5178]  ? __pfx_netlink_sendmsg+0x10/0x10
[   70.612879][ T5178]  __sock_sendmsg+0x145/0x180
[   70.612911][ T5178]  ____sys_sendmsg+0x31e/0x4e0
[   70.613025][ T5178]  ___sys_sendmsg+0x17b/0x1d0
[   70.613087][ T5178]  __x64_sys_sendmsg+0xd4/0x160
[   70.613151][ T5178]  x64_sys_call+0x2999/0x2fb0
[   70.613239][ T5178]  do_syscall_64+0xd2/0x200
[   70.613332][ T5178]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   70.613362][ T5178]  ? clear_bhb_loop+0x40/0x90
[   70.613390][ T5178]  ? clear_bhb_loop+0x40/0x90
[   70.613419][ T5178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.613443][ T5178] RIP: 0033:0x7f04169be929
[   70.613462][ T5178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.613523][ T5178] RSP: 002b:00007f0414fe5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.613541][ T5178] RAX: ffffffffffffffda RBX: 00007f0416be6160 RCX: 00007f04169be929
[   70.613559][ T5178] RDX: 0000000000008044 RSI: 0000200000000440 RDI: 0000000000000006
[   70.613572][ T5178] RBP: 00007f0414fe5090 R08: 0000000000000000 R09: 0000000000000000
[   70.613586][ T5178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   70.613604][ T5178] R13: 0000000000000000 R14: 00007f0416be6160 R15: 00007fff36401d78
[   70.613623][ T5178]  </TASK>
[   70.619615][ T5128] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.717681][ T5185] __nla_validate_parse: 15 callbacks suppressed
[   70.717702][ T5185] netlink: 36 bytes leftover after parsing attributes in process `syz.5.511'.
[   70.718924][ T5128] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   70.723563][ T5185] netlink: 16 bytes leftover after parsing attributes in process `syz.5.511'.
[   70.907467][ T5184] netlink: 'syz.0.512': attribute type 4 has an invalid length.
[   70.912541][ T5185] netlink: 36 bytes leftover after parsing attributes in process `syz.5.511'.
[   70.914515][ T5185] netlink: 36 bytes leftover after parsing attributes in process `syz.5.511'.
[   70.915643][ T5184] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.512'.
[   70.999637][ T5189] netlink: 'syz.4.514': attribute type 4 has an invalid length.
[   71.007375][ T5189] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.514'.
[   71.021269][ T5135] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.065081][ T5128] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   71.073567][ T5128] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   71.115327][ T5135] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.126613][ T5128] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   71.135061][ T5128] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   71.147285][ T5135] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.158790][ T5128] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   71.167264][ T5128] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   71.178868][ T5135] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.192089][ T5128] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   71.201081][ T5128] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   71.212665][ T5135] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.307867][ T5219] netlink: 12 bytes leftover after parsing attributes in process `syz.0.525'.
[   71.345769][ T5223] loop1: detected capacity change from 0 to 2048
[   71.362218][ T5223] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.465629][ T5235] FAULT_INJECTION: forcing a failure.
[   71.465629][ T5235] name failslab, interval 1, probability 0, space 0, times 0
[   71.478345][ T5235] CPU: 0 UID: 0 PID: 5235 Comm: syz.0.530 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   71.478381][ T5235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   71.478423][ T5235] Call Trace:
[   71.478431][ T5235]  <TASK>
[   71.478441][ T5235]  __dump_stack+0x1d/0x30
[   71.478467][ T5235]  dump_stack_lvl+0xe8/0x140
[   71.478492][ T5235]  dump_stack+0x15/0x1b
[   71.478513][ T5235]  should_fail_ex+0x265/0x280
[   71.478625][ T5235]  ? assoc_array_insert+0x2e0/0x1990
[   71.478673][ T5235]  should_failslab+0x8c/0xb0
[   71.478704][ T5235]  __kmalloc_cache_noprof+0x4c/0x320
[   71.478743][ T5235]  assoc_array_insert+0x2e0/0x1990
[   71.478769][ T5235]  ? __pfx_key_default_cmp+0x10/0x10
[   71.478833][ T5235]  ? __pfx_keyring_search_iterator+0x10/0x10
[   71.478868][ T5235]  __key_link_begin+0x8a/0x140
[   71.478896][ T5235]  request_key_and_link+0x51f/0xd70
[   71.479056][ T5235]  ? __pfx_key_default_cmp+0x10/0x10
[   71.479083][ T5235]  ? __pfx_keyring_search_iterator+0x10/0x10
[   71.479117][ T5235]  __se_sys_request_key+0x1df/0x290
[   71.479164][ T5235]  ? fput+0x8f/0xc0
[   71.479211][ T5235]  __x64_sys_request_key+0x55/0x70
[   71.479287][ T5235]  x64_sys_call+0x2f19/0x2fb0
[   71.479314][ T5235]  do_syscall_64+0xd2/0x200
[   71.479335][ T5235]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   71.479365][ T5235]  ? clear_bhb_loop+0x40/0x90
[   71.479459][ T5235]  ? clear_bhb_loop+0x40/0x90
[   71.479493][ T5235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.479520][ T5235] RIP: 0033:0x7fbe4256e929
[   71.479540][ T5235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.479561][ T5235] RSP: 002b:00007fbe40bd7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[   71.479583][ T5235] RAX: ffffffffffffffda RBX: 00007fbe42795fa0 RCX: 00007fbe4256e929
[   71.479657][ T5235] RDX: 0000200000000140 RSI: 0000200000000080 RDI: 0000200000000040
[   71.479672][ T5235] RBP: 00007fbe40bd7090 R08: 0000000000000000 R09: 0000000000000000
[   71.479686][ T5235] R10: fffffffffffffffe R11: 0000000000000246 R12: 0000000000000002
[   71.479701][ T5235] R13: 0000000000000000 R14: 00007fbe42795fa0 R15: 00007ffc83685328
[   71.479759][ T5235]  </TASK>
[   71.704380][ T5242] netlink: 36 bytes leftover after parsing attributes in process `syz.4.528'.
[   71.713442][ T5242] netlink: 16 bytes leftover after parsing attributes in process `syz.4.528'.
[   71.722417][ T5242] netlink: 36 bytes leftover after parsing attributes in process `syz.4.528'.
[   71.811420][ T5253] bpf: Bad value for 'uid'
[   71.916917][ T5264] random: crng reseeded on system resumption
[   72.066718][ T5281] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.174731][ T5281] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.200131][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.219613][ T5293] FAULT_INJECTION: forcing a failure.
[   72.219613][ T5293] name failslab, interval 1, probability 0, space 0, times 0
[   72.232452][ T5293] CPU: 1 UID: 0 PID: 5293 Comm: syz.2.552 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   72.232487][ T5293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.232509][ T5293] Call Trace:
[   72.232517][ T5293]  <TASK>
[   72.232526][ T5293]  __dump_stack+0x1d/0x30
[   72.232551][ T5293]  dump_stack_lvl+0xe8/0x140
[   72.232575][ T5293]  dump_stack+0x15/0x1b
[   72.232595][ T5293]  should_fail_ex+0x265/0x280
[   72.232634][ T5293]  should_failslab+0x8c/0xb0
[   72.232717][ T5293]  kmem_cache_alloc_noprof+0x50/0x310
[   72.232752][ T5293]  ? audit_log_start+0x365/0x6c0
[   72.232795][ T5293]  audit_log_start+0x365/0x6c0
[   72.232905][ T5293]  audit_seccomp+0x48/0x100
[   72.232931][ T5293]  ? __seccomp_filter+0x68c/0x10d0
[   72.232956][ T5293]  __seccomp_filter+0x69d/0x10d0
[   72.232987][ T5293]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   72.233065][ T5293]  ? vfs_write+0x75e/0x8e0
[   72.233116][ T5293]  ? __rcu_read_unlock+0x4f/0x70
[   72.233143][ T5293]  ? __fget_files+0x184/0x1c0
[   72.233230][ T5293]  __secure_computing+0x82/0x150
[   72.233260][ T5293]  syscall_trace_enter+0xcf/0x1e0
[   72.233291][ T5293]  do_syscall_64+0xac/0x200
[   72.233346][ T5293]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   72.233444][ T5293]  ? clear_bhb_loop+0x40/0x90
[   72.233472][ T5293]  ? clear_bhb_loop+0x40/0x90
[   72.233501][ T5293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.233528][ T5293] RIP: 0033:0x7f2786aee929
[   72.233547][ T5293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.233612][ T5293] RSP: 002b:00007f2785157038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[   72.233636][ T5293] RAX: ffffffffffffffda RBX: 00007f2786d15fa0 RCX: 00007f2786aee929
[   72.233651][ T5293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c
[   72.233691][ T5293] RBP: 00007f2785157090 R08: 0000000000000000 R09: 0000000000000000
[   72.233706][ T5293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.233721][ T5293] R13: 0000000000000000 R14: 00007f2786d15fa0 R15: 00007ffee5b1f8f8
[   72.233747][ T5293]  </TASK>
[   72.564041][ T5281] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.583392][ T5307] random: crng reseeded on system resumption
[   72.759476][ T5281] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.778424][ T5317] loop2: detected capacity change from 0 to 512
[   72.786662][ T5317] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   72.802636][ T5317] EXT4-fs (loop2): 1 truncate cleaned up
[   72.809191][ T5317] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.903687][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.946819][ T5329] loop1: detected capacity change from 0 to 128
[   72.955027][ T5281] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.970867][ T5281] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.983726][ T5281] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.995855][ T5281] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.042655][ T5336] random: crng reseeded on system resumption
[   73.130294][ T5343] loop2: detected capacity change from 0 to 512
[   73.137146][ T5343] EXT4-fs: Ignoring removed orlov option
[   73.143373][ T5343] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   73.152888][ T5343] EXT4-fs (loop2): orphan cleanup on readonly fs
[   73.159894][ T5343] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.572: bg 0: block 248: padding at end of block bitmap is not set
[   73.175371][ T5343] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.572: Failed to acquire dquot type 1
[   73.190073][ T5343] EXT4-fs (loop2): 1 truncate cleaned up
[   73.197629][ T5343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   73.263241][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.318274][ T5356] loop1: detected capacity change from 0 to 512
[   73.328432][ T5356] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   73.343875][ T5337] SELinux: failed to load policy
[   73.352834][ T5356] EXT4-fs (loop1): 1 truncate cleaned up
[   73.358996][ T5356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.425980][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.601006][ T5369] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.649550][ T5379] loop4: detected capacity change from 0 to 128
[   73.690197][ T5382] FAULT_INJECTION: forcing a failure.
[   73.690197][ T5382] name failslab, interval 1, probability 0, space 0, times 0
[   73.694775][ T5374] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.702989][ T5382] CPU: 0 UID: 0 PID: 5382 Comm: syz.4.586 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   73.703080][ T5382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.703128][ T5382] Call Trace:
[   73.703136][ T5382]  <TASK>
[   73.703145][ T5382]  __dump_stack+0x1d/0x30
[   73.703170][ T5382]  dump_stack_lvl+0xe8/0x140
[   73.703195][ T5382]  dump_stack+0x15/0x1b
[   73.703216][ T5382]  should_fail_ex+0x265/0x280
[   73.703255][ T5382]  should_failslab+0x8c/0xb0
[   73.703352][ T5382]  kmem_cache_alloc_noprof+0x50/0x310
[   73.703447][ T5382]  ? audit_log_start+0x365/0x6c0
[   73.703522][ T5382]  audit_log_start+0x365/0x6c0
[   73.703559][ T5382]  ? should_fail_ex+0xdb/0x280
[   73.703599][ T5382]  audit_seccomp+0x48/0x100
[   73.703641][ T5382]  ? __seccomp_filter+0x68c/0x10d0
[   73.703679][ T5382]  __seccomp_filter+0x69d/0x10d0
[   73.703712][ T5382]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   73.703818][ T5382]  ? vfs_read+0x47f/0x6f0
[   73.703898][ T5382]  ? __rcu_read_unlock+0x4f/0x70
[   73.703944][ T5382]  ? __fget_files+0x184/0x1c0
[   73.703979][ T5382]  __secure_computing+0x82/0x150
[   73.704011][ T5382]  syscall_trace_enter+0xcf/0x1e0
[   73.704046][ T5382]  do_syscall_64+0xac/0x200
[   73.704113][ T5382]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.704149][ T5382]  ? clear_bhb_loop+0x40/0x90
[   73.704261][ T5382]  ? clear_bhb_loop+0x40/0x90
[   73.704292][ T5382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.704328][ T5382] RIP: 0033:0x7f8a75ebd3df
[   73.704349][ T5382] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   73.704394][ T5382] RSP: 002b:00007f8a74527030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   73.704420][ T5382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a75ebd3df
[   73.704481][ T5382] RDX: 0000000000000001 RSI: 00007f8a745270a0 RDI: 0000000000000007
[   73.704497][ T5382] RBP: 00007f8a74527090 R08: 0000000000000000 R09: 0000000000000000
[   73.704514][ T5382] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[   73.704531][ T5382] R13: 0000000000000000 R14: 00007f8a760e5fa0 R15: 00007ffeee34da98
[   73.704558][ T5382]  </TASK>
[   74.006674][ T5372] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   74.017886][ T5372] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   74.085367][ T5374] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.147241][ T5369] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.202960][ T5372] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   74.215201][ T5372] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   74.244440][ T5395] loop5: detected capacity change from 0 to 512
[   74.253738][ T5395] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.590: bg 0: block 131: padding at end of block bitmap is not set
[   74.285684][ T5395] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   74.289087][ T5398] FAULT_INJECTION: forcing a failure.
[   74.289087][ T5398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   74.308581][ T5398] CPU: 1 UID: 0 PID: 5398 Comm: syz.4.591 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   74.308658][ T5398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   74.308672][ T5398] Call Trace:
[   74.308679][ T5398]  <TASK>
[   74.308687][ T5398]  __dump_stack+0x1d/0x30
[   74.308734][ T5398]  dump_stack_lvl+0xe8/0x140
[   74.308758][ T5398]  dump_stack+0x15/0x1b
[   74.308778][ T5398]  should_fail_ex+0x265/0x280
[   74.308874][ T5398]  should_fail+0xb/0x20
[   74.308924][ T5398]  should_fail_usercopy+0x1a/0x20
[   74.308956][ T5398]  _copy_from_iter+0xcf/0xe40
[   74.308994][ T5398]  ? __build_skb_around+0x1a0/0x200
[   74.309041][ T5398]  ? __alloc_skb+0x223/0x320
[   74.309135][ T5395] EXT4-fs (loop5): 1 truncate cleaned up
[   74.309080][ T5398]  netlink_sendmsg+0x471/0x6b0
[   74.309183][ T5398]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.309203][ T5398]  __sock_sendmsg+0x145/0x180
[   74.309229][ T5398]  ____sys_sendmsg+0x31e/0x4e0
[   74.309265][ T5398]  ___sys_sendmsg+0x17b/0x1d0
[   74.309411][ T5398]  __x64_sys_sendmsg+0xd4/0x160
[   74.309466][ T5398]  x64_sys_call+0x2999/0x2fb0
[   74.309496][ T5398]  do_syscall_64+0xd2/0x200
[   74.309521][ T5398]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   74.309574][ T5398]  ? clear_bhb_loop+0x40/0x90
[   74.309603][ T5398]  ? clear_bhb_loop+0x40/0x90
[   74.309633][ T5398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.309663][ T5398] RIP: 0033:0x7f8a75ebe929
[   74.309686][ T5398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.309709][ T5398] RSP: 002b:00007f8a74527038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.309741][ T5398] RAX: ffffffffffffffda RBX: 00007f8a760e5fa0 RCX: 00007f8a75ebe929
[   74.309758][ T5398] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[   74.309783][ T5398] RBP: 00007f8a74527090 R08: 0000000000000000 R09: 0000000000000000
[   74.309798][ T5398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.309815][ T5398] R13: 0000000000000000 R14: 00007f8a760e5fa0 R15: 00007ffeee34da98
[   74.309842][ T5398]  </TASK>
[   74.525664][ T5395] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.539013][ T5395] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.553120][ T5374] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.583446][ T5369] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.596595][ T5372] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   74.606655][ T5372] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   74.622936][   T29] kauditd_printk_skb: 815 callbacks suppressed
[   74.622952][   T29] audit: type=1326 audit(1751231875.267:14515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.623908][ T5374] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.629149][   T29] audit: type=1326 audit(1751231875.267:14516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.691944][ T5407] random: crng reseeded on system resumption
[   74.703796][   T29] audit: type=1326 audit(1751231875.327:14517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.727419][   T29] audit: type=1326 audit(1751231875.327:14518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.750901][   T29] audit: type=1326 audit(1751231875.327:14519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.774677][   T29] audit: type=1326 audit(1751231875.327:14520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.798147][   T29] audit: type=1326 audit(1751231875.327:14521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.822081][   T29] audit: type=1326 audit(1751231875.327:14522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.845820][   T29] audit: type=1326 audit(1751231875.327:14523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.856457][ T5409] loop4: detected capacity change from 0 to 128
[   74.869646][   T29] audit: type=1326 audit(1751231875.327:14524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5404 comm="syz.5.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   74.905010][ T5369] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.919941][ T5372] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   74.930314][ T5372] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   74.972749][ T5415] random: crng reseeded on system resumption
[   74.983863][ T5417] loop5: detected capacity change from 0 to 512
[   74.991037][ T5417] EXT4-fs: Ignoring removed orlov option
[   74.997311][ T5417] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   75.008737][ T5417] EXT4-fs (loop5): orphan cleanup on readonly fs
[   75.016022][ T5417] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.600: bg 0: block 248: padding at end of block bitmap is not set
[   75.031319][ T5417] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.600: Failed to acquire dquot type 1
[   75.043089][ T5417] EXT4-fs (loop5): 1 truncate cleaned up
[   75.049432][ T5417] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   75.073323][ T3690] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.111452][ T5425] netlink: 'syz.5.603': attribute type 5 has an invalid length.
[   75.246573][ T5435] loop5: detected capacity change from 0 to 128
[   75.696199][ T5372] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   75.704637][ T5372] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   75.716647][ T5372] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   75.725388][ T5372] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   75.736294][ T5372] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   75.744809][ T5372] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   75.756823][ T5372] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   75.765172][ T5372] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   75.939069][ T5449] loop4: detected capacity change from 0 to 512
[   75.946094][ T5449] EXT4-fs: Ignoring removed orlov option
[   75.952247][ T5449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   75.961913][ T5449] EXT4-fs (loop4): orphan cleanup on readonly fs
[   75.968849][ T5449] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.613: bg 0: block 248: padding at end of block bitmap is not set
[   75.983548][ T5449] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.613: Failed to acquire dquot type 1
[   75.995523][ T5449] EXT4-fs (loop4): 1 truncate cleaned up
[   76.002096][ T5449] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.024760][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.048111][ T5369] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.059668][ T5369] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.074959][ T5369] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.089038][ T5369] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.204300][ T5462] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.287073][ T5470] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.330129][ T5462] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.368187][ T5470] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.407302][ T5462] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.453055][ T5470] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.494984][ T5462] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.528036][ T5470] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.618162][ T5462] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.718380][ T5462] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.746078][ T5462] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.776453][ T5462] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.824841][ T5485] loop2: detected capacity change from 0 to 512
[   76.831708][ T5485] EXT4-fs: Ignoring removed orlov option
[   76.837988][ T5485] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   76.848003][ T5485] EXT4-fs (loop2): orphan cleanup on readonly fs
[   76.855165][ T5485] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.626: bg 0: block 248: padding at end of block bitmap is not set
[   76.870247][ T5485] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.626: Failed to acquire dquot type 1
[   76.884630][ T5489] __nla_validate_parse: 23 callbacks suppressed
[   76.884649][ T5489] netlink: 36 bytes leftover after parsing attributes in process `syz.4.627'.
[   76.900228][ T5489] netlink: 16 bytes leftover after parsing attributes in process `syz.4.627'.
[   76.909293][ T5489] netlink: 36 bytes leftover after parsing attributes in process `syz.4.627'.
[   76.918285][ T5485] EXT4-fs (loop2): 1 truncate cleaned up
[   76.924247][ T5489] netlink: 36 bytes leftover after parsing attributes in process `syz.4.627'.
[   76.934027][ T5485] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.963799][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.062149][ T5499] FAULT_INJECTION: forcing a failure.
[   77.062149][ T5499] name failslab, interval 1, probability 0, space 0, times 0
[   77.074775][ T5499] CPU: 0 UID: 0 PID: 5499 Comm: syz.2.631 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   77.074882][ T5499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   77.074893][ T5499] Call Trace:
[   77.074899][ T5499]  <TASK>
[   77.074906][ T5499]  __dump_stack+0x1d/0x30
[   77.074972][ T5499]  dump_stack_lvl+0xe8/0x140
[   77.074995][ T5499]  dump_stack+0x15/0x1b
[   77.075009][ T5499]  should_fail_ex+0x265/0x280
[   77.075072][ T5499]  should_failslab+0x8c/0xb0
[   77.075092][ T5499]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   77.075124][ T5499]  ? sidtab_context_to_sid+0x1c5/0x5e0
[   77.075143][ T5499]  ? context_to_sid+0x2da/0x310
[   77.075162][ T5499]  kstrdup+0x3e/0xd0
[   77.075257][ T5499]  sidtab_context_to_sid+0x1c5/0x5e0
[   77.075280][ T5499]  security_context_to_sid_core+0x294/0x3b0
[   77.075323][ T5499]  security_context_to_sid_force+0x30/0x40
[   77.075344][ T5499]  selinux_inode_setxattr+0x4e8/0x6e0
[   77.075452][ T5499]  security_inode_setxattr+0x13a/0x1b0
[   77.075482][ T5499]  __vfs_setxattr_locked+0x83/0x1d0
[   77.075581][ T5499]  vfs_setxattr+0x132/0x270
[   77.075612][ T5499]  filename_setxattr+0x1ad/0x400
[   77.075633][ T5499]  path_setxattrat+0x2c9/0x310
[   77.075740][ T5499]  __x64_sys_lsetxattr+0x71/0x90
[   77.075758][ T5499]  x64_sys_call+0x1e36/0x2fb0
[   77.075777][ T5499]  do_syscall_64+0xd2/0x200
[   77.075793][ T5499]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   77.075815][ T5499]  ? clear_bhb_loop+0x40/0x90
[   77.075913][ T5499]  ? clear_bhb_loop+0x40/0x90
[   77.075932][ T5499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.076004][ T5499] RIP: 0033:0x7f2786aee929
[   77.076018][ T5499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.076081][ T5499] RSP: 002b:00007f2785157038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   77.076098][ T5499] RAX: ffffffffffffffda RBX: 00007f2786d15fa0 RCX: 00007f2786aee929
[   77.076115][ T5499] RDX: 0000200000000940 RSI: 0000200000000400 RDI: 00002000000003c0
[   77.076125][ T5499] RBP: 00007f2785157090 R08: 0000000000000003 R09: 0000000000000000
[   77.076137][ T5499] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001
[   77.076147][ T5499] R13: 0000000000000000 R14: 00007f2786d15fa0 R15: 00007ffee5b1f8f8
[   77.076164][ T5499]  </TASK>
[   77.315069][ T5492] loop5: detected capacity change from 0 to 764
[   77.322832][ T5492] rock: directory entry would overflow storage
[   77.329234][ T5492] rock: sig=0x4654, size=5, remaining=4
[   77.340164][ T5491] netlink: 8 bytes leftover after parsing attributes in process `syz.5.628'.
[   77.349156][ T5491] netlink: 4 bytes leftover after parsing attributes in process `syz.5.628'.
[   77.453610][ T5517] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.639'.
[   77.465196][ T5517] random: crng reseeded on system resumption
[   77.488416][ T5374] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.499845][ T5520] netlink: 12 bytes leftover after parsing attributes in process `syz.5.640'.
[   77.500838][ T5374] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.520397][ T5374] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.535710][ T5374] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.635393][ T5534] loop2: detected capacity change from 0 to 512
[   77.642667][ T5535] netlink: 36 bytes leftover after parsing attributes in process `syz.5.643'.
[   77.651798][ T5535] netlink: 16 bytes leftover after parsing attributes in process `syz.5.643'.
[   77.662927][ T5534] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   77.675841][ T5534] EXT4-fs (loop2): 1 truncate cleaned up
[   77.693776][ T5534] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.769696][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.996603][ T5573] loop4: detected capacity change from 0 to 512
[   78.004063][ T5573] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   78.017130][ T5574] netlink: 'syz.0.657': attribute type 13 has an invalid length.
[   78.026330][ T5573] EXT4-fs (loop4): 1 truncate cleaned up
[   78.034578][ T5573] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.047317][ T5574] gretap0: refused to change device tx_queue_len
[   78.054438][ T5574] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   78.126998][ T5581] loop2: detected capacity change from 0 to 512
[   78.133856][ T5581] EXT4-fs: Ignoring removed orlov option
[   78.140710][ T5581] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   78.150235][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.161741][ T5581] EXT4-fs (loop2): orphan cleanup on readonly fs
[   78.168655][ T5581] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.662: bg 0: block 248: padding at end of block bitmap is not set
[   78.191209][ T5581] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.662: Failed to acquire dquot type 1
[   78.205030][ T5581] EXT4-fs (loop2): 1 truncate cleaned up
[   78.211761][ T5581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.258296][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.383274][ T5598] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   78.398056][ T5598] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   78.525152][ T5598] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   78.535593][ T5598] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   78.660473][ T5598] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   78.672390][ T5598] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   78.782955][ T5598] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   78.794266][ T5598] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   78.837392][ T5617] loop4: detected capacity change from 0 to 128
[   78.848242][ T5617] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   78.862819][ T5617] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   78.938369][ T3313] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   78.968186][ T5626] bridge: RTM_NEWNEIGH with invalid state 0x31
[   79.057616][ T5633] loop4: detected capacity change from 0 to 512
[   79.064666][ T5633] EXT4-fs: Ignoring removed orlov option
[   79.071087][ T5633] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   79.080304][ T5633] EXT4-fs (loop4): orphan cleanup on readonly fs
[   79.087703][ T5633] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.681: bg 0: block 248: padding at end of block bitmap is not set
[   79.104147][ T5633] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.681: Failed to acquire dquot type 1
[   79.116242][ T5633] EXT4-fs (loop4): 1 truncate cleaned up
[   79.124035][ T5633] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   79.150919][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.187071][ T5643] loop4: detected capacity change from 0 to 512
[   79.194388][ T5643] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   79.205153][ T5643] EXT4-fs (loop4): failed to initialize system zone (-117)
[   79.212686][ T5643] EXT4-fs (loop4): mount failed
[   79.233139][ T5646] netlink: 'syz.0.685': attribute type 13 has an invalid length.
[   79.243522][ T5646] gretap0: refused to change device tx_queue_len
[   79.248003][ T5648] loop4: detected capacity change from 0 to 512
[   79.250849][ T5646] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   79.258483][ T5648] EXT4-fs: Ignoring removed orlov option
[   79.278040][ T5648] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   79.289250][ T5648] EXT4-fs (loop4): orphan cleanup on readonly fs
[   79.296210][ T5648] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.686: bg 0: block 248: padding at end of block bitmap is not set
[   79.311584][ T5648] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.686: Failed to acquire dquot type 1
[   79.329898][ T5598] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   79.339806][ T5598] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   79.340963][ T5648] EXT4-fs (loop4): 1 truncate cleaned up
[   79.354397][ T5598] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   79.364699][ T5598] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   79.376390][ T5598] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   79.384743][ T5598] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   79.388667][ T5648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   79.398421][ T5598] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   79.413826][ T5598] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   79.448557][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.488944][ T5655] loop5: detected capacity change from 0 to 512
[   79.496240][ T5655] EXT4-fs: Ignoring removed nobh option
[   79.514082][ T5655] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #3: comm syz.5.690: corrupted inode contents
[   79.527915][ T5655] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #3: comm syz.5.690: mark_inode_dirty error
[   79.540075][ T5655] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #3: comm syz.5.690: corrupted inode contents
[   79.554890][ T5655] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #3: comm syz.5.690: mark_inode_dirty error
[   79.567317][ T5655] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.690: Failed to acquire dquot type 0
[   79.580844][ T5655] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.690: corrupted inode contents
[   79.594590][ T5655] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #16: comm syz.5.690: mark_inode_dirty error
[   79.615227][ T5655] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.690: corrupted inode contents
[   79.625281][ T5653] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   79.627234][ T5655] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.690: mark_inode_dirty error
[   79.637318][ T5653] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   79.649044][ T5655] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.690: corrupted inode contents
[   79.678794][ T5655] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[   79.688686][ T5655] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.690: corrupted inode contents
[   79.707710][ T5655] EXT4-fs error (device loop5): ext4_truncate:4597: inode #16: comm syz.5.690: mark_inode_dirty error
[   79.720334][ T5655] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[   79.731878][ T5655] EXT4-fs (loop5): 1 truncate cleaned up
[   79.738077][ T5655] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.758232][ T5655] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.780034][ T5670] loop4: detected capacity change from 0 to 512
[   79.787833][ T5670] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   79.788174][ T5653] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   79.810564][   T29] kauditd_printk_skb: 516 callbacks suppressed
[   79.810582][   T29] audit: type=1326 audit(1751231880.437:15027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810664][   T29] audit: type=1326 audit(1751231880.447:15028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810693][   T29] audit: type=1326 audit(1751231880.447:15029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810757][   T29] audit: type=1326 audit(1751231880.447:15030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810787][   T29] audit: type=1326 audit(1751231880.447:15031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810845][   T29] audit: type=1326 audit(1751231880.447:15032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810924][   T29] audit: type=1326 audit(1751231880.447:15033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810960][   T29] audit: type=1326 audit(1751231880.447:15034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.810994][   T29] audit: type=1326 audit(1751231880.447:15035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.811025][   T29] audit: type=1326 audit(1751231880.447:15036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5654 comm="syz.5.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04169be929 code=0x7ffc0000
[   79.816601][ T5655] FAULT_INJECTION: forcing a failure.
[   79.816601][ T5655] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   79.817953][ T5653] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   79.842811][ T5655] CPU: 1 UID: 0 PID: 5655 Comm: syz.5.690 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   79.842896][ T5655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   79.842911][ T5655] Call Trace:
[   79.842918][ T5655]  <TASK>
[   79.842927][ T5655]  __dump_stack+0x1d/0x30
[   79.842954][ T5655]  dump_stack_lvl+0xe8/0x140
[   79.842979][ T5655]  dump_stack+0x15/0x1b
[   79.843077][ T5655]  should_fail_ex+0x265/0x280
[   79.843276][ T5655]  should_fail+0xb/0x20
[   79.843313][ T5655]  should_fail_usercopy+0x1a/0x20
[   79.843349][ T5655]  _copy_to_user+0x20/0xa0
[   79.843374][ T5655]  simple_read_from_buffer+0xb5/0x130
[   79.843416][ T5655]  proc_fail_nth_read+0x100/0x140
[   79.843600][ T5655]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   79.843647][ T5655]  vfs_read+0x19d/0x6f0
[   79.843693][ T5655]  ? __cond_resched+0x4e/0x90
[   79.843733][ T5655]  ksys_read+0xda/0x1a0
[   79.843798][ T5655]  __x64_sys_read+0x40/0x50
[   79.843840][ T5655]  x64_sys_call+0x2d77/0x2fb0
[   79.843877][ T5655]  do_syscall_64+0xd2/0x200
[   79.843911][ T5655]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   79.843949][ T5655]  ? clear_bhb_loop+0x40/0x90
[   79.843972][ T5655]  ? clear_bhb_loop+0x40/0x90
[   79.844075][ T5655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.844107][ T5655] RIP: 0033:0x7f04169bd33c
[   79.844127][ T5655] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   79.844201][ T5655] RSP: 002b:00007f0415027030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   79.844306][ T5655] RAX: ffffffffffffffda RBX: 00007f0416be5fa0 RCX: 00007f04169bd33c
[   79.844324][ T5655] RDX: 000000000000000f RSI: 00007f04150270a0 RDI: 000000000000000d
[   79.844340][ T5655] RBP: 00007f0415027090 R08: 0000000000000000 R09: 0000000000000000
[   79.844412][ T5655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   79.844430][ T5655] R13: 0000000000000000 R14: 00007f0416be5fa0 R15: 00007fff36401d78
[   79.844458][ T5655]  </TASK>
[   79.883730][ T5670] EXT4-fs (loop4): 1 truncate cleaned up
[   80.296200][ T5670] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.314390][ T3690] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.376881][ T5653] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   80.390926][ T5653] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   80.403439][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.417698][ T5470] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.456119][ T5673] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.496668][ T5653] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   80.506618][ T5653] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   80.523324][ T5470] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.535285][ T5470] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.577643][ T5673] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.649439][ T5470] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.683647][ T5673] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.731048][ T5699] loop4: detected capacity change from 0 to 2048
[   80.755980][ T5699] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.769513][ T5701] loop1: detected capacity change from 0 to 512
[   80.773741][ T5701] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   80.792831][ T5701] EXT4-fs (loop1): 1 truncate cleaned up
[   80.793201][ T5701] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.834541][ T5673] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.865596][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.156409][ T5721] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=5721 comm=syz.1.708
[   81.258618][ T5673] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.295839][ T5673] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.299526][ T5673] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.303341][ T5673] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.314990][ T5723] loop1: detected capacity change from 0 to 128
[   81.338094][ T5723] msdos: Unknown parameter ''
[   81.423565][ T5735] loop5: detected capacity change from 0 to 512
[   81.451159][ T5735] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.714: Failed to acquire dquot type 1
[   81.452061][ T5735] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.714: corrupted inode contents
[   81.480508][ T5735] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #16: comm syz.5.714: mark_inode_dirty error
[   81.502314][ T5735] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.714: corrupted inode contents
[   81.518063][ T5743] random: crng reseeded on system resumption
[   81.525793][ T5735] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.714: mark_inode_dirty error
[   81.540825][ T5735] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.714: corrupted inode contents
[   81.564306][ T5735] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[   81.578102][ T5735] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #16: comm syz.5.714: corrupted inode contents
[   81.578173][   T51] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   81.610686][   T51] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   81.623255][   T51] EXT4-fs (loop4): This should not happen!! Data will be lost
[   81.623255][   T51] 
[   81.623267][ T5735] EXT4-fs error (device loop5): ext4_truncate:4597: inode #16: comm syz.5.714: mark_inode_dirty error
[   81.632969][   T51] EXT4-fs (loop4): Total free blocks count 0
[   81.649956][   T51] EXT4-fs (loop4): Free/Dirty block details
[   81.650059][ T5735] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[   81.655928][   T51] EXT4-fs (loop4): free_blocks=2415919104
[   81.655946][   T51] EXT4-fs (loop4): dirty_blocks=8208
[   81.655958][   T51] EXT4-fs (loop4): Block reservation details
[   81.655968][   T51] EXT4-fs (loop4): i_reserved_data_blocks=513
[   81.682891][   T51] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   81.691369][ T5735] EXT4-fs (loop5): 1 truncate cleaned up
[   81.710066][ T5735] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.722755][ T5735] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   81.785388][ T5735] SELinux:  policydb version 508263358 does not match my version range 15-34
[   81.794635][ T5735] SELinux: failed to load policy
[   81.800565][ T5755] loop1: detected capacity change from 0 to 512
[   81.811975][ T5755] EXT4-fs: Ignoring removed orlov option
[   81.837716][ T5755] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   81.852651][ T3690] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.862615][ T5755] EXT4-fs (loop1): orphan cleanup on readonly fs
[   81.870218][ T5755] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.724: bg 0: block 248: padding at end of block bitmap is not set
[   81.903278][ T5755] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.724: Failed to acquire dquot type 1
[   81.915668][ T5755] EXT4-fs (loop1): 1 truncate cleaned up
[   81.924417][ T5768] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[   81.932861][ T5755] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   81.963060][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.976383][ T5764] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.073533][ T5764] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.136924][ T5768] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[   82.168352][ T5764] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.175869][ T5776] loop4: detected capacity change from 0 to 512
[   82.187713][ T5776] EXT4-fs: Ignoring removed orlov option
[   82.194117][ T5776] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   82.204377][ T5776] EXT4-fs (loop4): orphan cleanup on readonly fs
[   82.211475][ T5776] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.730: bg 0: block 248: padding at end of block bitmap is not set
[   82.226199][ T5776] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.730: Failed to acquire dquot type 1
[   82.237981][ T5776] EXT4-fs (loop4): 1 truncate cleaned up
[   82.244423][ T5776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   82.269592][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.277766][ T5764] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.314682][ T5779] loop4: detected capacity change from 0 to 2048
[   82.332320][ T5779] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.382806][ T5764] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.456788][ T5764] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.524783][ T5764] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.597627][ T5764] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.750763][ T5790] __nla_validate_parse: 15 callbacks suppressed
[   82.750783][ T5790] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.735'.
[   82.768133][ T5790] random: crng reseeded on system resumption
[   82.873974][ T5800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   82.890143][ T5800] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   82.977788][ T5812] netlink: 12 bytes leftover after parsing attributes in process `syz.0.743'.
[   82.992892][ T5816] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.745'.
[   83.052406][ T5822] loop5: detected capacity change from 0 to 512
[   83.059812][ T5822] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   83.072412][ T5822] EXT4-fs (loop5): 1 truncate cleaned up
[   83.078548][ T5822] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.121253][ T5827] FAULT_INJECTION: forcing a failure.
[   83.121253][ T5827] name failslab, interval 1, probability 0, space 0, times 0
[   83.134151][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz.0.750 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   83.134187][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   83.134208][ T5827] Call Trace:
[   83.134216][ T5827]  <TASK>
[   83.134227][ T5827]  __dump_stack+0x1d/0x30
[   83.134252][ T5827]  dump_stack_lvl+0xe8/0x140
[   83.134277][ T5827]  dump_stack+0x15/0x1b
[   83.134298][ T5827]  should_fail_ex+0x265/0x280
[   83.134338][ T5827]  should_failslab+0x8c/0xb0
[   83.134362][ T5827]  kmem_cache_alloc_noprof+0x50/0x310
[   83.134388][ T5827]  ? vm_area_dup+0x33/0x2c0
[   83.134416][ T5827]  ? xa_load+0xb1/0xe0
[   83.134439][ T5827]  vm_area_dup+0x33/0x2c0
[   83.134479][ T5827]  __split_vma+0xe9/0x650
[   83.134506][ T5827]  ? mas_find+0x4ea/0x610
[   83.134525][ T5827]  vms_gather_munmap_vmas+0x2a5/0x7a0
[   83.134554][ T5827]  mmap_region+0x4ce/0x1580
[   83.134588][ T5827]  ? mntput_no_expire+0x6f/0x3c0
[   83.134622][ T5827]  ? mntput+0x4b/0x80
[   83.134667][ T5827]  do_mmap+0x9b3/0xbe0
[   83.134709][ T5827]  vm_mmap_pgoff+0x17a/0x2e0
[   83.134752][ T5827]  ksys_mmap_pgoff+0x268/0x310
[   83.134802][ T5827]  x64_sys_call+0x1602/0x2fb0
[   83.134836][ T5827]  do_syscall_64+0xd2/0x200
[   83.134858][ T5827]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   83.134892][ T5827]  ? clear_bhb_loop+0x40/0x90
[   83.134917][ T5827]  ? clear_bhb_loop+0x40/0x90
[   83.134938][ T5827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.134962][ T5827] RIP: 0033:0x7fbe4256e929
[   83.134982][ T5827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.135004][ T5827] RSP: 002b:00007fbe40bd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   83.135028][ T5827] RAX: ffffffffffffffda RBX: 00007fbe42795fa0 RCX: 00007fbe4256e929
[   83.135043][ T5827] RDX: 0000000001000002 RSI: 0000000000400000 RDI: 0000200000000000
[   83.135059][ T5827] RBP: 00007fbe40bd7090 R08: 0000000000000003 R09: 0000000000000000
[   83.135074][ T5827] R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000001
[   83.135089][ T5827] R13: 0000000000000000 R14: 00007fbe42795fa0 R15: 00007ffc83685328
[   83.135113][ T5827]  </TASK>
[   83.395185][   T31] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   83.395947][ T3690] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.412356][   T31] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   83.432172][   T31] EXT4-fs (loop4): This should not happen!! Data will be lost
[   83.432172][   T31] 
[   83.442098][   T31] EXT4-fs (loop4): Total free blocks count 0
[   83.448148][   T31] EXT4-fs (loop4): Free/Dirty block details
[   83.454306][   T31] EXT4-fs (loop4): free_blocks=2415919104
[   83.460175][   T31] EXT4-fs (loop4): dirty_blocks=8208
[   83.465526][   T31] EXT4-fs (loop4): Block reservation details
[   83.470272][ T5833] loop8: detected capacity change from 0 to 16384
[   83.471665][   T31] EXT4-fs (loop4): i_reserved_data_blocks=513
[   83.489510][   T31] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   83.535889][ T5833] netlink: 48 bytes leftover after parsing attributes in process `syz.1.753'.
[   83.615702][ T5844] netlink: 8 bytes leftover after parsing attributes in process `syz.5.759'.
[   83.650325][ T5848] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.760'.
[   83.665911][ T5847] loop4: detected capacity change from 0 to 512
[   83.671529][ T5653] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   83.673403][ T5847] EXT4-fs: Ignoring removed orlov option
[   83.680609][ T5653] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   83.697021][ T5847] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   83.697079][ T5842] loop8: detected capacity change from 16384 to 16383
[   83.718249][ T5653] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   83.726678][ T5653] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   83.736187][ T5847] EXT4-fs (loop4): orphan cleanup on readonly fs
[   83.748057][ T5653] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   83.756534][ T5653] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   83.768399][ T5847] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.752: bg 0: block 248: padding at end of block bitmap is not set
[   83.784019][ T5653] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   83.792608][ T5653] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   83.801236][ T5847] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.752: Failed to acquire dquot type 1
[   83.824659][ T5847] EXT4-fs (loop4): 1 truncate cleaned up
[   83.840172][ T5856] loop1: detected capacity change from 0 to 2048
[   83.861212][ T5847] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   83.903573][ T5856] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.937277][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.018003][ T5875] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.772'.
[   84.051420][ T5882] SELinux:  policydb magic number 0x1 does not match expected magic number 0xf97cff8c
[   84.064673][ T5882] SELinux: failed to load policy
[   84.111854][ T5893] netlink: 4 bytes leftover after parsing attributes in process `syz.5.777'.
[   84.253849][ T5906] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.784'.
[   84.281228][ T5909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.785'.
[   84.353870][ T5912] loop2: detected capacity change from 0 to 512
[   84.369507][ T5912] EXT4-fs: Ignoring removed orlov option
[   84.385920][ T5912] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.396682][ T5912] EXT4-fs (loop2): orphan cleanup on readonly fs
[   84.417776][ T5912] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.786: bg 0: block 248: padding at end of block bitmap is not set
[   84.434291][ T5912] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.786: Failed to acquire dquot type 1
[   84.446135][ T5912] EXT4-fs (loop2): 1 truncate cleaned up
[   84.454050][ T5912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   84.507808][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.572000][ T5929] FAULT_INJECTION: forcing a failure.
[   84.572000][ T5929] name failslab, interval 1, probability 0, space 0, times 0
[   84.584956][ T5929] CPU: 0 UID: 0 PID: 5929 Comm: syz.2.793 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   84.585011][ T5929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   84.585028][ T5929] Call Trace:
[   84.585037][ T5929]  <TASK>
[   84.585047][ T5929]  __dump_stack+0x1d/0x30
[   84.585128][ T5929]  dump_stack_lvl+0xe8/0x140
[   84.585152][ T5929]  dump_stack+0x15/0x1b
[   84.585173][ T5929]  should_fail_ex+0x265/0x280
[   84.585212][ T5929]  should_failslab+0x8c/0xb0
[   84.585259][ T5929]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   84.585362][ T5929]  ? v9fs_session_init+0x78/0xde0
[   84.585426][ T5929]  kstrdup+0x3e/0xd0
[   84.585481][ T5929]  v9fs_session_init+0x78/0xde0
[   84.585513][ T5929]  ? obj_cgroup_charge_account+0xba/0x1a0
[   84.585554][ T5929]  ? __rcu_read_unlock+0x4f/0x70
[   84.585579][ T5929]  ? v9fs_mount+0x51/0x590
[   84.585692][ T5929]  ? __kmalloc_cache_noprof+0x299/0x320
[   84.585730][ T5929]  v9fs_mount+0x67/0x590
[   84.585762][ T5929]  ? __pfx_v9fs_mount+0x10/0x10
[   84.585861][ T5929]  legacy_get_tree+0x75/0xd0
[   84.585895][ T5929]  vfs_get_tree+0x54/0x1d0
[   84.585927][ T5929]  do_new_mount+0x207/0x680
[   84.585998][ T5929]  path_mount+0x4a4/0xb20
[   84.586042][ T5929]  ? user_path_at+0x109/0x130
[   84.586073][ T5929]  __se_sys_mount+0x28f/0x2e0
[   84.586095][ T5929]  ? fput+0x8f/0xc0
[   84.586133][ T5929]  __x64_sys_mount+0x67/0x80
[   84.586151][ T5929]  x64_sys_call+0xd36/0x2fb0
[   84.586227][ T5929]  do_syscall_64+0xd2/0x200
[   84.586251][ T5929]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   84.586283][ T5929]  ? clear_bhb_loop+0x40/0x90
[   84.586378][ T5929]  ? clear_bhb_loop+0x40/0x90
[   84.586406][ T5929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.586434][ T5929] RIP: 0033:0x7f2786aee929
[   84.586452][ T5929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.586472][ T5929] RSP: 002b:00007f2785157038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   84.586576][ T5929] RAX: ffffffffffffffda RBX: 00007f2786d15fa0 RCX: 00007f2786aee929
[   84.586591][ T5929] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000
[   84.586603][ T5929] RBP: 00007f2785157090 R08: 0000200000000240 R09: 0000000000000000
[   84.586679][ T5929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   84.586695][ T5929] R13: 0000000000000000 R14: 00007f2786d15fa0 R15: 00007ffee5b1f8f8
[   84.586719][ T5929]  </TASK>
[   84.862027][  T112] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   84.867441][ T5933] loop2: detected capacity change from 0 to 512
[   84.885624][ T5933] ext2: Unknown parameter '�uX�v�cz�A^��F��:��~�J e�c��2�i4zq�c�t��E6b��J5�W]`4�D�)��Q�]Ot'�tDF���(��Dg>�5#aT�'
[   84.900714][  T112] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   84.913767][  T112] EXT4-fs (loop1): This should not happen!! Data will be lost
[   84.913767][  T112] 
[   84.924248][  T112] EXT4-fs (loop1): Total free blocks count 0
[   84.930356][  T112] EXT4-fs (loop1): Free/Dirty block details
[   84.936426][  T112] EXT4-fs (loop1): free_blocks=2415919104
[   84.942403][  T112] EXT4-fs (loop1): dirty_blocks=8208
[   84.947865][  T112] EXT4-fs (loop1): Block reservation details
[   84.954057][  T112] EXT4-fs (loop1): i_reserved_data_blocks=513
[   85.019797][   T29] kauditd_printk_skb: 262 callbacks suppressed
[   85.019812][   T29] audit: type=1326 audit(1751231885.657:15289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.054909][   T29] audit: type=1326 audit(1751231885.657:15290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.059140][   T51] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   85.078450][   T29] audit: type=1400 audit(1751231885.657:15291): avc:  denied  { append } for  pid=5949 comm="syz.4.802" name="loop9" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   85.115572][   T29] audit: type=1400 audit(1751231885.657:15292): avc:  denied  { listen } for  pid=5949 comm="syz.4.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   85.136400][   T29] audit: type=1400 audit(1751231885.657:15293): avc:  denied  { accept } for  pid=5949 comm="syz.4.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   85.156570][   T29] audit: type=1326 audit(1751231885.657:15294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.180410][   T29] audit: type=1326 audit(1751231885.657:15295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.203912][   T29] audit: type=1326 audit(1751231885.657:15296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.204171][ T5954] lo speed is unknown, defaulting to 1000
[   85.227589][   T29] audit: type=1326 audit(1751231885.657:15297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.227625][   T29] audit: type=1326 audit(1751231885.657:15298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5951 comm="syz.2.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   85.329965][ T5962] loop2: detected capacity change from 0 to 512
[   85.337278][ T5962] EXT4-fs: Ignoring removed orlov option
[   85.341774][   T10] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   85.352011][ T5962] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.361113][   T10] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   85.372415][ T5962] EXT4-fs (loop2): orphan cleanup on readonly fs
[   85.379935][ T5962] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.805: bg 0: block 248: padding at end of block bitmap is not set
[   85.396494][ T5962] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.805: Failed to acquire dquot type 1
[   85.408519][ T5962] EXT4-fs (loop2): 1 truncate cleaned up
[   85.416913][ T5962] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   85.445459][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.467121][ T5969] loop2: detected capacity change from 0 to 512
[   85.475261][ T5969] EXT4-fs: Ignoring removed orlov option
[   85.481522][ T5969] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.492087][ T5969] EXT4-fs (loop2): orphan cleanup on readonly fs
[   85.499018][ T5969] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.807: bg 0: block 248: padding at end of block bitmap is not set
[   85.513867][ T5969] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.807: Failed to acquire dquot type 1
[   85.526173][ T5969] EXT4-fs (loop2): 1 truncate cleaned up
[   85.533833][ T5969] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   85.569601][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.647696][ T5990] 9pnet: Could not find request transport: 0xffffffffffffffff
[   85.705992][ T6002] loop9: detected capacity change from 0 to 7
[   85.720714][ T6002] Buffer I/O error on dev loop9, logical block 0, async page read
[   85.730912][ T6005] loop5: detected capacity change from 0 to 512
[   85.735690][ T6002] Buffer I/O error on dev loop9, logical block 0, async page read
[   85.737787][ T6005] EXT4-fs: Ignoring removed orlov option
[   85.745189][ T6002]  loop9: unable to read partition table
[   85.756701][ T6005] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.765988][ T6005] EXT4-fs (loop5): orphan cleanup on readonly fs
[   85.774622][ T6005] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.821: bg 0: block 248: padding at end of block bitmap is not set
[   85.789485][ T6005] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.821: Failed to acquire dquot type 1
[   85.802850][ T6005] EXT4-fs (loop5): 1 truncate cleaned up
[   85.804210][ T6002] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   85.804210][ T6002] 
) failed (rc=-5)
[   85.809240][ T6005] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   85.849069][ T6008] loop2: detected capacity change from 0 to 128
[   85.850293][ T3690] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.888688][ T6002] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   85.896696][ T6002] FAT-fs (loop2): Filesystem has been set read-only
[   85.928111][ T6002] bio_check_eod: 49 callbacks suppressed
[   85.928134][ T6002] syz.2.820: attempt to access beyond end of device
[   85.928134][ T6002] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   85.961164][ T6002] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   85.969183][ T6002] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   85.978784][ T6002] syz.2.820: attempt to access beyond end of device
[   85.978784][ T6002] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[   85.995954][ T6017] loop5: detected capacity change from 0 to 2048
[   85.998021][ T6002] syz.2.820: attempt to access beyond end of device
[   85.998021][ T6002] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[   86.032888][ T6017] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.125697][ T6031] netlink: 'syz.5.824': attribute type 13 has an invalid length.
[   86.226263][ T6031] gretap0: refused to change device tx_queue_len
[   86.234278][ T6031] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   86.256758][ T6044] random: crng reseeded on system resumption
[   86.580486][ T6062] loop2: detected capacity change from 0 to 512
[   86.587166][ T6062] EXT4-fs: Ignoring removed orlov option
[   86.593456][ T6062] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   86.602610][ T6062] EXT4-fs (loop2): orphan cleanup on readonly fs
[   86.609916][ T6062] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.842: bg 0: block 248: padding at end of block bitmap is not set
[   86.624685][ T6062] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.842: Failed to acquire dquot type 1
[   86.636728][ T6062] EXT4-fs (loop2): 1 truncate cleaned up
[   86.643285][ T6062] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   86.665844][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.771112][ T6067] netlink: 'syz.4.844': attribute type 3 has an invalid length.
[   86.817574][  T112] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   86.834677][  T112] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   86.847264][  T112] EXT4-fs (loop5): This should not happen!! Data will be lost
[   86.847264][  T112] 
[   86.856983][  T112] EXT4-fs (loop5): Total free blocks count 0
[   86.863084][  T112] EXT4-fs (loop5): Free/Dirty block details
[   86.869016][  T112] EXT4-fs (loop5): free_blocks=2415919104
[   86.874819][  T112] EXT4-fs (loop5): dirty_blocks=8208
[   86.880139][  T112] EXT4-fs (loop5): Block reservation details
[   86.886256][  T112] EXT4-fs (loop5): i_reserved_data_blocks=513
[   86.905976][  T155] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   87.006745][ T6072] loop5: detected capacity change from 0 to 512
[   87.014520][ T6072] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   87.017113][ T6074] random: crng reseeded on system resumption
[   87.048795][ T6072] EXT4-fs (loop5): 1 truncate cleaned up
[   87.064468][ T6072] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.124437][ T3690] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.281988][ T6097] loop1: detected capacity change from 0 to 2048
[   87.292680][ T6095] FAULT_INJECTION: forcing a failure.
[   87.292680][ T6095] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.305869][ T6095] CPU: 1 UID: 0 PID: 6095 Comm: syz.5.853 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   87.305897][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.305970][ T6095] Call Trace:
[   87.305976][ T6095]  <TASK>
[   87.305983][ T6095]  __dump_stack+0x1d/0x30
[   87.306009][ T6095]  dump_stack_lvl+0xe8/0x140
[   87.306034][ T6095]  dump_stack+0x15/0x1b
[   87.306122][ T6095]  should_fail_ex+0x265/0x280
[   87.306157][ T6095]  should_fail+0xb/0x20
[   87.306193][ T6095]  should_fail_usercopy+0x1a/0x20
[   87.306230][ T6095]  copy_fpstate_to_sigframe+0x628/0x7d0
[   87.306322][ T6095]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[   87.306366][ T6095]  ? x86_task_fpu+0x36/0x60
[   87.306401][ T6095]  get_sigframe+0x34d/0x490
[   87.306442][ T6095]  ? get_signal+0xdc8/0xf70
[   87.306477][ T6095]  x64_setup_rt_frame+0xa8/0x580
[   87.306502][ T6095]  arch_do_signal_or_restart+0x27c/0x480
[   87.306534][ T6095]  exit_to_user_mode_loop+0x7a/0x100
[   87.306602][ T6095]  do_syscall_64+0x1d6/0x200
[   87.306622][ T6095]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   87.306649][ T6095]  ? clear_bhb_loop+0x40/0x90
[   87.306735][ T6095]  ? clear_bhb_loop+0x40/0x90
[   87.306763][ T6095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.306787][ T6095] RIP: 0033:0x7f04169be927
[   87.306802][ T6095] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   87.306823][ T6095] RSP: 002b:00007f0415027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   87.306898][ T6095] RAX: 0000000000000113 RBX: 00007f0416be5fa0 RCX: 00007f04169be929
[   87.306914][ T6095] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000005
[   87.306985][ T6095] RBP: 00007f0415027090 R08: 00000000000408cd R09: 0000000000000000
[   87.306998][ T6095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   87.307009][ T6095] R13: 0000000000000000 R14: 00007f0416be5fa0 R15: 00007fff36401d78
[   87.307029][ T6095]  </TASK>
[   87.561242][ T6097] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.636187][ T6113] netlink: 'syz.1.855': attribute type 13 has an invalid length.
[   87.653336][ T6113] gretap0: refused to change device tx_queue_len
[   87.653993][ T6113] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   87.654021][   T10] lo speed is unknown, defaulting to 1000
[   87.706031][ T6115] loop5: detected capacity change from 0 to 512
[   87.709152][ T6115] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   87.717592][ T6115] EXT4-fs (loop5): 1 truncate cleaned up
[   87.955733][ T6126] __nla_validate_parse: 42 callbacks suppressed
[   87.955918][ T6126] netlink: 12 bytes leftover after parsing attributes in process `syz.5.865'.
[   88.078876][ T6129] loop5: detected capacity change from 0 to 2048
[   88.118583][ T6129] FAULT_INJECTION: forcing a failure.
[   88.118583][ T6129] name failslab, interval 1, probability 0, space 0, times 0
[   88.131358][ T6129] CPU: 0 UID: 0 PID: 6129 Comm: syz.5.866 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   88.131401][ T6129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.131417][ T6129] Call Trace:
[   88.131425][ T6129]  <TASK>
[   88.131434][ T6129]  __dump_stack+0x1d/0x30
[   88.131471][ T6129]  dump_stack_lvl+0xe8/0x140
[   88.131492][ T6129]  dump_stack+0x15/0x1b
[   88.131514][ T6129]  should_fail_ex+0x265/0x280
[   88.131558][ T6129]  ? __iomap_dio_rw+0x14b/0x1250
[   88.131589][ T6129]  should_failslab+0x8c/0xb0
[   88.131612][ T6129]  __kmalloc_cache_noprof+0x4c/0x320
[   88.131686][ T6129]  __iomap_dio_rw+0x14b/0x1250
[   88.131716][ T6129]  ? ext4_mark_iloc_dirty+0xd3f/0xda0
[   88.131840][ T6129]  ? ext4_journal_check_start+0x11a/0x1b0
[   88.131871][ T6129]  iomap_dio_rw+0x40/0x90
[   88.131904][ T6129]  ext4_file_write_iter+0xad9/0xf00
[   88.131995][ T6129]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   88.132019][ T6129]  vfs_write+0x49d/0x8e0
[   88.132065][ T6129]  __x64_sys_pwrite64+0xfd/0x150
[   88.132240][ T6129]  x64_sys_call+0xe45/0x2fb0
[   88.132268][ T6129]  do_syscall_64+0xd2/0x200
[   88.132291][ T6129]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   88.132319][ T6129]  ? clear_bhb_loop+0x40/0x90
[   88.132358][ T6129]  ? clear_bhb_loop+0x40/0x90
[   88.132385][ T6129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.132405][ T6129] RIP: 0033:0x7f04169be929
[   88.132420][ T6129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.132445][ T6129] RSP: 002b:00007f0415027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   88.132467][ T6129] RAX: ffffffffffffffda RBX: 00007f0416be5fa0 RCX: 00007f04169be929
[   88.132478][ T6129] RDX: 00000000fffffe97 RSI: 00002000000003c0 RDI: 0000000000000008
[   88.132493][ T6129] RBP: 00007f0415027090 R08: 0000000000000000 R09: 0000000000000000
[   88.132508][ T6129] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[   88.132522][ T6129] R13: 0000000000000000 R14: 00007f0416be5fa0 R15: 00007fff36401d78
[   88.132542][ T6129]  </TASK>
[   88.323056][  T155] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   88.375717][  T155] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   88.388119][ T6133] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[   88.388284][  T155] EXT4-fs (loop1): This should not happen!! Data will be lost
[   88.388284][  T155] 
[   88.407280][  T155] EXT4-fs (loop1): Total free blocks count 0
[   88.407309][ T6134] xt_connbytes: Forcing CT accounting to be enabled
[   88.407321][  T155] EXT4-fs (loop1): Free/Dirty block details
[   88.426220][  T155] EXT4-fs (loop1): free_blocks=2415919104
[   88.430480][ T6134] Cannot find set identified by id 0 to match
[   88.432137][  T155] EXT4-fs (loop1): dirty_blocks=5472
[   88.443551][  T155] EXT4-fs (loop1): Block reservation details
[   88.449617][  T155] EXT4-fs (loop1): i_reserved_data_blocks=342
[   88.468933][  T155] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   88.577958][ T6142] loop1: detected capacity change from 0 to 2048
[   88.622457][ T6137] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.739531][ T6146] netlink: 8 bytes leftover after parsing attributes in process `syz.4.870'.
[   88.780378][ T6137] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.953814][ T6137] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.046751][ T6142] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   89.122036][ T6159] loop4: detected capacity change from 0 to 512
[   89.161033][ T6159] EXT4-fs: Ignoring removed orlov option
[   89.176745][ T6137] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.187685][ T6159] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   89.202816][ T6159] EXT4-fs (loop4): orphan cleanup on readonly fs
[   89.209754][ T6159] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.876: bg 0: block 248: padding at end of block bitmap is not set
[   89.240123][ T6159] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.876: Failed to acquire dquot type 1
[   89.252991][ T6159] EXT4-fs (loop4): 1 truncate cleaned up
[   89.330013][ T6166] loop4: detected capacity change from 0 to 2048
[   89.375368][ T6137] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.387891][ T6137] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.401206][ T6137] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.414456][ T6137] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.434963][ T6173] netlink: 'syz.4.877': attribute type 13 has an invalid length.
[   89.470279][ T6173] gretap0: refused to change device tx_queue_len
[   89.477644][ T6179] netlink: 12 bytes leftover after parsing attributes in process `syz.2.882'.
[   89.506813][ T6173] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   89.584858][ T6186] netlink: 36 bytes leftover after parsing attributes in process `syz.1.885'.
[   89.593953][ T6186] netlink: 16 bytes leftover after parsing attributes in process `syz.1.885'.
[   89.602980][ T6186] netlink: 36 bytes leftover after parsing attributes in process `syz.1.885'.
[   89.645342][ T6186] netlink: 36 bytes leftover after parsing attributes in process `syz.1.885'.
[   89.694871][ T6197] loop5: detected capacity change from 0 to 512
[   89.716351][ T6197] EXT4-fs: Ignoring removed orlov option
[   89.741035][ T6197] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   89.742519][ T6199] loop2: detected capacity change from 0 to 512
[   89.773940][ T6197] EXT4-fs (loop5): orphan cleanup on readonly fs
[   89.774060][ T6199] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   89.807407][ T6199] EXT4-fs (loop2): 1 truncate cleaned up
[   89.808480][ T6197] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.888: bg 0: block 248: padding at end of block bitmap is not set
[   89.863284][ T6197] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.888: Failed to acquire dquot type 1
[   89.890852][ T6203] FAULT_INJECTION: forcing a failure.
[   89.890852][ T6203] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   89.904224][ T6203] CPU: 0 UID: 0 PID: 6203 Comm: syz.2.891 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   89.904257][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.904273][ T6203] Call Trace:
[   89.904281][ T6203]  <TASK>
[   89.904291][ T6203]  __dump_stack+0x1d/0x30
[   89.904317][ T6203]  dump_stack_lvl+0xe8/0x140
[   89.904342][ T6203]  dump_stack+0x15/0x1b
[   89.904360][ T6203]  should_fail_ex+0x265/0x280
[   89.904462][ T6203]  should_fail_alloc_page+0xf2/0x100
[   89.904554][ T6203]  __alloc_frozen_pages_noprof+0xff/0x360
[   89.904603][ T6203]  alloc_pages_mpol+0xb3/0x250
[   89.904638][ T6203]  vma_alloc_folio_noprof+0x1aa/0x300
[   89.904723][ T6203]  handle_mm_fault+0xec2/0x2be0
[   89.904754][ T6203]  ? mas_walk+0xf2/0x120
[   89.904796][ T6203]  do_user_addr_fault+0x636/0x1090
[   89.904902][ T6203]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   89.904944][ T6203]  exc_page_fault+0x62/0xa0
[   89.904981][ T6203]  asm_exc_page_fault+0x26/0x30
[   89.905077][ T6203] RIP: 0033:0x7f27869b0d50
[   89.905093][ T6203] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41
[   89.905119][ T6203] RSP: 002b:00007f27851564a0 EFLAGS: 00010286
[   89.905137][ T6203] RAX: 0000000000001000 RBX: 00007f2785156540 RCX: 0000000000000001
[   89.905153][ T6203] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00007f27851565e0
[   89.905316][ T6203] RBP: 00000000000000f7 R08: 00007f277cd37000 R09: 00000000000000ff
[   89.905363][ T6203] R10: 0000000000000000 R11: 00007f2785156550 R12: 0000000000000001
[   89.905375][ T6203] R13: 00007f2786b8c200 R14: 0000000000000000 R15: 00007f27851565e0
[   89.905394][ T6203]  </TASK>
[   89.905404][ T6203] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   90.090448][ T6197] EXT4-fs (loop5): 1 truncate cleaned up
[   90.112666][ T6203] loop2: detected capacity change from 0 to 1024
[   90.127187][ T6203] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   90.138285][ T6203] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   90.163301][ T6203] JBD2: no valid journal superblock found
[   90.169133][ T6203] EXT4-fs (loop2): Could not load journal inode
[   90.176180][  T112] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   90.191617][  T112] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   90.204369][  T112] EXT4-fs (loop4): This should not happen!! Data will be lost
[   90.204369][  T112] 
[   90.214228][  T112] EXT4-fs (loop4): Total free blocks count 0
[   90.220275][  T112] EXT4-fs (loop4): Free/Dirty block details
[   90.226217][  T112] EXT4-fs (loop4): free_blocks=2415919104
[   90.232006][  T112] EXT4-fs (loop4): dirty_blocks=8208
[   90.237353][  T112] EXT4-fs (loop4): Block reservation details
[   90.243456][  T112] EXT4-fs (loop4): i_reserved_data_blocks=513
[   90.249317][ T6221] netlink: 'syz.2.891': attribute type 10 has an invalid length.
[   90.260499][ T6203] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   90.265324][  T112] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   90.270365][ T6203] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   90.283078][  T112] EXT4-fs (loop4): This should not happen!! Data will be lost
[   90.283078][  T112] 
[   90.372292][ T6203] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   90.382260][ T6203] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   90.424234][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.5.898'.
[   90.443250][ T6203] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   90.453747][ T6203] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   90.502285][ T6203] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   90.512448][ T6203] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   90.585418][ T6239] loop4: detected capacity change from 0 to 2048
[   90.592336][ T6203] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   90.600708][ T6203] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   90.629052][ T6203] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   90.637586][ T6203] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   90.670860][ T6203] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   90.679307][ T6203] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   90.716651][ T6203] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   90.725053][ T6203] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   90.789989][ T6251] loop5: detected capacity change from 0 to 512
[   90.802238][ T6251] EXT4-fs: Ignoring removed orlov option
[   90.808512][ T6251] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   90.818258][ T6251] EXT4-fs (loop5): orphan cleanup on readonly fs
[   90.826783][ T6251] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.908: bg 0: block 248: padding at end of block bitmap is not set
[   90.843038][ T6251] __quota_error: 231 callbacks suppressed
[   90.843057][ T6251] Quota error (device loop5): write_blk: dquota write failed
[   90.856427][ T6251] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[   90.866458][ T6251] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.908: Failed to acquire dquot type 1
[   90.881093][ T6251] EXT4-fs (loop5): 1 truncate cleaned up
[   91.021818][ T6260] FAULT_INJECTION: forcing a failure.
[   91.021818][ T6260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   91.035044][ T6260] CPU: 0 UID: 0 PID: 6260 Comm: syz.2.912 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   91.035073][ T6260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   91.035134][ T6260] Call Trace:
[   91.035142][ T6260]  <TASK>
[   91.035152][ T6260]  __dump_stack+0x1d/0x30
[   91.035177][ T6260]  dump_stack_lvl+0xe8/0x140
[   91.035197][ T6260]  dump_stack+0x15/0x1b
[   91.035293][ T6260]  should_fail_ex+0x265/0x280
[   91.035335][ T6260]  should_fail+0xb/0x20
[   91.035398][ T6260]  should_fail_usercopy+0x1a/0x20
[   91.035476][ T6260]  copy_fpstate_to_sigframe+0x628/0x7d0
[   91.035516][ T6260]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[   91.035577][ T6260]  ? x86_task_fpu+0x36/0x60
[   91.035613][ T6260]  get_sigframe+0x34d/0x490
[   91.035682][ T6260]  ? get_signal+0xdc8/0xf70
[   91.035726][ T6260]  x64_setup_rt_frame+0xa8/0x580
[   91.035753][ T6260]  arch_do_signal_or_restart+0x27c/0x480
[   91.035784][ T6260]  exit_to_user_mode_loop+0x7a/0x100
[   91.035869][ T6260]  do_syscall_64+0x1d6/0x200
[   91.035890][ T6260]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   91.035919][ T6260]  ? clear_bhb_loop+0x40/0x90
[   91.035940][ T6260]  ? clear_bhb_loop+0x40/0x90
[   91.035995][ T6260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.036023][ T6260] RIP: 0033:0x7f2786aee927
[   91.036042][ T6260] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   91.036065][ T6260] RSP: 002b:00007f2785157038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   91.036083][ T6260] RAX: 0000000000000113 RBX: 00007f2786d15fa0 RCX: 00007f2786aee929
[   91.036114][ T6260] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000008
[   91.036126][ T6260] RBP: 00007f2785157090 R08: 00000000000408cd R09: 0000000000000000
[   91.036141][ T6260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   91.036157][ T6260] R13: 0000000000000000 R14: 00007f2786d15fa0 R15: 00007ffee5b1f8f8
[   91.036177][ T6260]  </TASK>
[   91.240715][ T6269] loop5: detected capacity change from 0 to 128
[   91.308835][ T6269] ext4 filesystem being mounted at /153/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   91.362456][ T6268] lo speed is unknown, defaulting to 1000
[   91.504165][ T6273] lo speed is unknown, defaulting to 1000
[   91.641183][ T6291] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.921'.
[   91.652826][ T6291] random: crng reseeded on system resumption
[   91.664274][   T29] audit: type=1326 audit(1751231892.307:15518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6289 comm="syz.0.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   91.687820][   T29] audit: type=1326 audit(1751231892.307:15519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6289 comm="syz.0.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   91.711481][   T29] audit: type=1326 audit(1751231892.307:15520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6289 comm="syz.0.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   91.735037][   T29] audit: type=1326 audit(1751231892.307:15521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6289 comm="syz.0.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   91.758747][   T29] audit: type=1326 audit(1751231892.307:15522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6289 comm="syz.0.921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe4256e929 code=0x7ffc0000
[   91.813782][ T6298] loop2: detected capacity change from 0 to 512
[   91.821084][ T6298] EXT4-fs: Ignoring removed orlov option
[   91.842045][ T6298] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   91.857831][ T6298] EXT4-fs (loop2): orphan cleanup on readonly fs
[   91.878183][ T6298] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.923: bg 0: block 248: padding at end of block bitmap is not set
[   91.911139][ T6298] Quota error (device loop2): write_blk: dquota write failed
[   91.918678][ T6298] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   91.928739][ T6298] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.923: Failed to acquire dquot type 1
[   91.965914][ T6298] EXT4-fs (loop2): 1 truncate cleaned up
[   92.011781][ T6304] usb usb8: usbfs: process 6304 (syz.4.928) did not claim interface 0 before use
[   92.041824][   T29] audit: type=1400 audit(1751231892.677:15523): avc:  denied  { bind } for  pid=6303 comm="syz.4.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   92.131734][ T6323] loop4: detected capacity change from 0 to 512
[   92.157508][ T6323] EXT4-fs: Ignoring removed orlov option
[   92.171717][ T6323] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.202166][ T6323] EXT4-fs (loop4): orphan cleanup on readonly fs
[   92.235553][ T6323] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.934: bg 0: block 248: padding at end of block bitmap is not set
[   92.268406][ T6339] loop2: detected capacity change from 0 to 512
[   92.281366][ T6339] EXT4-fs: Ignoring removed orlov option
[   92.283052][ T6323] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.934: Failed to acquire dquot type 1
[   92.298409][ T6339] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.335247][ T6323] EXT4-fs (loop4): 1 truncate cleaned up
[   92.336348][ T6339] EXT4-fs (loop2): orphan cleanup on readonly fs
[   92.359300][ T6339] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.942: bg 0: block 248: padding at end of block bitmap is not set
[   92.388846][ T6339] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.942: Failed to acquire dquot type 1
[   92.421853][ T6339] EXT4-fs (loop2): 1 truncate cleaned up
[   92.553861][ T6369] loop4: detected capacity change from 0 to 512
[   92.575426][ T6370] (unnamed net_device) (uninitialized): option ad_select: invalid value (34)
[   92.575837][ T6369] EXT4-fs: Ignoring removed orlov option
[   92.600321][ T6369] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.612189][ T6375] loop2: detected capacity change from 0 to 512
[   92.612389][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   92.618993][ T6375] EXT4-fs: Ignoring removed orlov option
[   92.634894][ T6375] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.644343][ T6375] EXT4-fs (loop2): orphan cleanup on readonly fs
[   92.651953][ T6375] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.956: bg 0: block 248: padding at end of block bitmap is not set
[   92.654302][ T6369] EXT4-fs (loop4): orphan cleanup on readonly fs
[   92.668836][ T6375] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.956: Failed to acquire dquot type 1
[   92.686573][   T10] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   92.687083][ T6375] EXT4-fs (loop2): 1 truncate cleaned up
[   92.704123][ T6369] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.953: bg 0: block 248: padding at end of block bitmap is not set
[   92.728472][ T6369] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.953: Failed to acquire dquot type 1
[   92.747366][ T6369] EXT4-fs (loop4): 1 truncate cleaned up
[   92.790958][ T6383] loop4: detected capacity change from 0 to 512
[   92.797757][ T6383] EXT4-fs: Ignoring removed orlov option
[   92.805058][ T6383] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.819526][ T6383] EXT4-fs (loop4): orphan cleanup on readonly fs
[   92.842119][ T6379] tmpfs: Unknown parameter 'n�'
[   92.858924][ T6383] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.959: bg 0: block 248: padding at end of block bitmap is not set
[   92.905958][ T6383] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.959: Failed to acquire dquot type 1
[   92.928189][ T6383] EXT4-fs (loop4): 1 truncate cleaned up
[   93.094014][ T6413] netlink: 'syz.4.971': attribute type 11 has an invalid length.
[   93.110646][ T6413] __nla_validate_parse: 4 callbacks suppressed
[   93.110665][ T6413] netlink: 448 bytes leftover after parsing attributes in process `syz.4.971'.
[   93.154942][ T6420] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.972'.
[   93.186239][ T6420] random: crng reseeded on system resumption
[   93.412123][ T6440] loop4: detected capacity change from 0 to 512
[   93.419193][ T6440] EXT4-fs: Ignoring removed orlov option
[   93.425719][ T6440] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   93.435486][ T6440] EXT4-fs (loop4): orphan cleanup on readonly fs
[   93.442620][ T6440] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.980: bg 0: block 248: padding at end of block bitmap is not set
[   93.457465][ T6440] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.980: Failed to acquire dquot type 1
[   93.469550][ T6440] EXT4-fs (loop4): 1 truncate cleaned up
[   93.518149][ T6449] loop4: detected capacity change from 0 to 512
[   93.525174][ T6449] EXT4-fs: Ignoring removed orlov option
[   93.531819][ T6449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   93.542860][ T6449] EXT4-fs (loop4): orphan cleanup on readonly fs
[   93.546374][ T6452] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.985'.
[   93.550166][ T6449] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.984: bg 0: block 248: padding at end of block bitmap is not set
[   93.560076][ T6452] random: crng reseeded on system resumption
[   93.575168][ T6449] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.984: Failed to acquire dquot type 1
[   93.592218][ T6449] EXT4-fs (loop4): 1 truncate cleaned up
[   93.843066][ T4361] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   93.881073][ T4361] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   93.919080][ T6475] netlink: 36 bytes leftover after parsing attributes in process `syz.2.993'.
[   93.928052][ T6475] netlink: 16 bytes leftover after parsing attributes in process `syz.2.993'.
[   93.937015][ T6475] netlink: 36 bytes leftover after parsing attributes in process `syz.2.993'.
[   93.952457][ T6479] loop4: detected capacity change from 0 to 512
[   93.959324][ T6479] EXT4-fs: Ignoring removed orlov option
[   93.976580][ T6479] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   93.986327][ T6479] EXT4-fs (loop4): orphan cleanup on readonly fs
[   93.993754][ T6479] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.995: bg 0: block 248: padding at end of block bitmap is not set
[   94.008383][ T6475] netlink: 36 bytes leftover after parsing attributes in process `syz.2.993'.
[   94.012237][ T6479] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.995: Failed to acquire dquot type 1
[   94.031813][ T6479] EXT4-fs (loop4): 1 truncate cleaned up
[   94.087555][ T6486] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.997'.
[   94.118433][ T6486] random: crng reseeded on system resumption
[   94.169936][ T6488] netlink: 68 bytes leftover after parsing attributes in process `syz.0.998'.
[   94.283962][ T6504] FAULT_INJECTION: forcing a failure.
[   94.283962][ T6504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.297154][ T6504] CPU: 1 UID: 0 PID: 6504 Comm: syz.5.1004 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   94.297185][ T6504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.297201][ T6504] Call Trace:
[   94.297208][ T6504]  <TASK>
[   94.297217][ T6504]  __dump_stack+0x1d/0x30
[   94.297280][ T6504]  dump_stack_lvl+0xe8/0x140
[   94.297300][ T6504]  dump_stack+0x15/0x1b
[   94.297390][ T6504]  should_fail_ex+0x265/0x280
[   94.297426][ T6504]  should_fail+0xb/0x20
[   94.297460][ T6504]  should_fail_usercopy+0x1a/0x20
[   94.297582][ T6504]  _copy_from_iter+0xcf/0xe40
[   94.297624][ T6504]  ? __build_skb_around+0x1a0/0x200
[   94.297663][ T6504]  ? __alloc_skb+0x223/0x320
[   94.297764][ T6504]  netlink_sendmsg+0x471/0x6b0
[   94.297787][ T6504]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.297809][ T6504]  __sock_sendmsg+0x145/0x180
[   94.297903][ T6504]  ____sys_sendmsg+0x31e/0x4e0
[   94.297950][ T6504]  ___sys_sendmsg+0x17b/0x1d0
[   94.298054][ T6504]  __x64_sys_sendmsg+0xd4/0x160
[   94.298102][ T6504]  x64_sys_call+0x2999/0x2fb0
[   94.298152][ T6504]  do_syscall_64+0xd2/0x200
[   94.298173][ T6504]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   94.298204][ T6504]  ? clear_bhb_loop+0x40/0x90
[   94.298232][ T6504]  ? clear_bhb_loop+0x40/0x90
[   94.298257][ T6504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.298339][ T6504] RIP: 0033:0x7f04169be929
[   94.298356][ T6504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.298377][ T6504] RSP: 002b:00007f0415027038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.298400][ T6504] RAX: ffffffffffffffda RBX: 00007f0416be5fa0 RCX: 00007f04169be929
[   94.298415][ T6504] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[   94.298429][ T6504] RBP: 00007f0415027090 R08: 0000000000000000 R09: 0000000000000000
[   94.298444][ T6504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.298456][ T6504] R13: 0000000000000000 R14: 00007f0416be5fa0 R15: 00007fff36401d78
[   94.298518][ T6504]  </TASK>
[   94.308205][ T6508] 
: renamed from lo (while UP)
[   94.386461][ T6507] loop1: detected capacity change from 0 to 1024
[   94.455861][ T6503] loop2: detected capacity change from 0 to 1024
[   94.467229][ T6507] EXT4-fs: Ignoring removed orlov option
[   94.496778][ T6511] loop5: detected capacity change from 0 to 512
[   94.528287][ T6507] EXT4-fs: Ignoring removed nomblk_io_submit option
[   94.532326][ T6511] EXT4-fs: Ignoring removed orlov option
[   94.539845][ T6507] EXT4-fs (loop1): stripe (2907) is not aligned with cluster size (16), stripe is disabled
[   94.554184][ T6511] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   94.578669][ T6507] random: crng reseeded on system resumption
[   94.581353][ T6511] EXT4-fs (loop5): orphan cleanup on readonly fs
[   94.592602][ T6511] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1009: bg 0: block 248: padding at end of block bitmap is not set
[   94.607694][ T6511] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1009: Failed to acquire dquot type 1
[   94.622151][ T6511] EXT4-fs (loop5): 1 truncate cleaned up
[   94.662816][ T6524] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1010'.
[   95.480861][ T6528] loop4: detected capacity change from 0 to 1024
[   95.603717][ T6536] random: crng reseeded on system resumption
[   95.773775][ T1035] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   95.793015][ T1035] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   95.807262][ T6552] loop5: detected capacity change from 0 to 1024
[   95.890175][   T29] kauditd_printk_skb: 412 callbacks suppressed
[   95.890190][   T29] audit: type=1326 audit(1751231896.527:15918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   95.920029][   T29] audit: type=1326 audit(1751231896.527:15919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   95.958393][ T1035] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   95.973955][ T6558] loop2: detected capacity change from 0 to 1024
[   95.985588][ T1035] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   96.023631][   T29] audit: type=1326 audit(1751231896.597:15920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.047210][   T29] audit: type=1326 audit(1751231896.597:15921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.071286][   T29] audit: type=1326 audit(1751231896.597:15922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.094973][   T29] audit: type=1326 audit(1751231896.597:15923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.118533][   T29] audit: type=1326 audit(1751231896.597:15924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.142090][   T29] audit: type=1326 audit(1751231896.597:15925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.165904][   T29] audit: type=1326 audit(1751231896.597:15926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.189666][   T29] audit: type=1326 audit(1751231896.597:15927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6557 comm="syz.2.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2786aee929 code=0x7ffc0000
[   96.309862][ T6574] random: crng reseeded on system resumption
[   96.417067][ T6588] loop5: detected capacity change from 0 to 2048
[   96.433467][ T6592] loop1: detected capacity change from 0 to 512
[   96.444930][ T6592] EXT4-fs (loop1): 1 truncate cleaned up
[   96.470700][ T3305] ==================================================================
[   96.478993][ T3305] BUG: KCSAN: data-race in pollwake / pollwake
[   96.485179][ T3305] 
[   96.487598][ T3305] write to 0xffffc900016079e0 of 4 bytes by interrupt on cpu 1:
[   96.495278][ T3305]  pollwake+0xb6/0x100
[   96.499471][ T3305]  __wake_up_sync_key+0x4f/0x80
[   96.504344][ T3305]  sock_def_readable+0x70/0x190
[   96.509252][ T3305]  tcp_data_ready+0x1ae/0x290
[   96.513949][ T3305]  tcp_data_queue+0x15b0/0x3270
[   96.518814][ T3305]  tcp_rcv_established+0xa0f/0xef0
[   96.523959][ T3305]  tcp_v4_do_rcv+0x672/0x740
[   96.528577][ T3305]  tcp_v4_rcv+0x1bd7/0x1f60
[   96.533121][ T3305]  ip_protocol_deliver_rcu+0x397/0x780
[   96.538603][ T3305]  ip_local_deliver_finish+0x184/0x220
[   96.544085][ T3305]  ip_local_deliver+0xe8/0x1c0
[   96.548872][ T3305]  ip_sublist_rcv+0x56b/0x650
[   96.553570][ T3305]  ip_list_rcv+0x261/0x290
[   96.558015][ T3305]  __netif_receive_skb_list_core+0x4dc/0x500
[   96.564009][ T3305]  netif_receive_skb_list_internal+0x487/0x600
[   96.570189][ T3305]  napi_complete_done+0x1a3/0x410
[   96.575240][ T3305]  virtnet_poll+0x189f/0x1d10
[   96.579939][ T3305]  __napi_poll+0x66/0x3a0
[   96.584373][ T3305]  net_rx_action+0x391/0x830
[   96.588979][ T3305]  handle_softirqs+0xba/0x290
[   96.593678][ T3305]  __irq_exit_rcu+0x3a/0xc0
[   96.598200][ T3305]  common_interrupt+0x83/0x90
[   96.602892][ T3305]  asm_common_interrupt+0x26/0x40
[   96.607947][ T3305]  kcsan_setup_watchpoint+0x415/0x430
[   96.613342][ T3305]  batadv_mcast_mla_update+0x8ff/0x1850
[   96.619181][ T3305]  process_scheduled_works+0x4ce/0x9d0
[   96.624665][ T3305]  worker_thread+0x582/0x770
[   96.629275][ T3305]  kthread+0x486/0x510
[   96.633363][ T3305]  ret_from_fork+0xda/0x150
[   96.637887][ T3305]  ret_from_fork_asm+0x1a/0x30
[   96.642673][ T3305] 
[   96.645002][ T3305] write to 0xffffc900016079e0 of 4 bytes by task 3305 on cpu 0:
[   96.652662][ T3305]  pollwake+0xb6/0x100
[   96.656767][ T3305]  __wake_up_sync_key+0x4f/0x80
[   96.661647][ T3305]  anon_pipe_write+0x8ba/0xaa0
[   96.666436][ T3305]  vfs_write+0x49d/0x8e0
[   96.670702][ T3305]  ksys_write+0xda/0x1a0
[   96.674966][ T3305]  __x64_sys_write+0x40/0x50
[   96.679583][ T3305]  x64_sys_call+0x2cdd/0x2fb0
[   96.684284][ T3305]  do_syscall_64+0xd2/0x200
[   96.688806][ T3305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.694720][ T3305] 
[   96.697047][ T3305] value changed: 0x00000000 -> 0x00000001
[   96.702778][ T3305] 
[   96.705145][ T3305] Reported by Kernel Concurrency Sanitizer on:
[   96.711306][ T3305] CPU: 0 UID: 0 PID: 3305 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(voluntary) 
[   96.723932][ T3305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   96.734118][ T3305] ==================================================================
[   96.814783][    T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   96.824759][    T9] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   97.256804][   T12] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   97.271829][   T12] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   97.284368][   T12] EXT4-fs (loop5): This should not happen!! Data will be lost
[   97.284368][   T12] 
[   97.294163][   T12] EXT4-fs (loop5): Total free blocks count 0
[   97.300265][   T12] EXT4-fs (loop5): Free/Dirty block details
[   97.306199][   T12] EXT4-fs (loop5): free_blocks=2415919104
[   97.311959][   T12] EXT4-fs (loop5): dirty_blocks=8208
[   97.317284][   T12] EXT4-fs (loop5): Block reservation details
[   97.323417][   T12] EXT4-fs (loop5): i_reserved_data_blocks=513
[   97.340820][   T31] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   97.353605][   T31] EXT4-fs (loop5): This should not happen!! Data will be lost
[   97.353605][   T31]