last executing test programs:

33.278930183s ago: executing program 3 (id=1127):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0xe66}, 0x8)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0xb, &(0x7f0000000140), 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfff9, 0x9, 0x4}, 0x8)
sendto$inet6(r1, &(0x7f00000002c0)='W', 0x1, 0x4, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @private1, 0x8}, 0x1c)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xa, 0xc, &(0x7f0000000900)=ANY=[], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000340), &(0x7f0000000300)}, 0x39)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10)
syslog(0x4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
open(&(0x7f0000000000)='./bus\x00', 0x10000, 0x170)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
copy_file_range(0xffffffffffffffff, &(0x7f0000000400)=0x6, r4, &(0x7f0000000580)=0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000a40)={[{@nolazytime}, {@lazytime}, {@jqfmt_vfsv0}, {@mb_optimize_scan}, {@lazytime}, {@noload}]}, 0x3, 0x45c, &(0x7f0000002400)="$eJzs3MtvG8UfAPDv+pG+m/yq/oA+gCBAlAJJk5bSAxcQSBxAQoJDOYYkrUrdBjVBIlUFBaFyRJU4cUEckfgLOMEFASckLhzgjipVqJcWTkYb76a2a+dVP0j9+UjrzuyuO/P1ztizM7EDGFij6UMSsTMifo+I4Vq28YTR2j+3blya/vvGpekkqtU3/kpK6eGbNy5N56fmz9uRZ0oRhU+SONCi3PnFi2enKpXZC1l+fOHcu+PzixefOXNu6vTs6dnzkydOHDs68dzxyWc7Emca1839H8wd3PfKW1dfmz559e2fvkny+Jvi6JDRlQ4+Xq12uLj+2lWXrrUMNoNirZtGean/D0cxbl+84Xj5475WDuiqarVava/94ctV4B6WRL9rAPRH/kGf3v/mW4+GHv8J11+o3QClcd/KttqRUhSyc8pN97edNBoRJy//82W6RXfmIQAAGnyXjn+ebjX+K0T9vNDubA1lJCL+FxF7IuJ4ROyNiP9HLJ17f0Q8sM7ymxdJ7hz/FK5tKLA1Ssd/z2drW43jv3z0FyPFLLdrKf5ycupMZfZI9pocivKWND+xQhnfv/TrZ+2O1Y//0i0tPx8LZvW4VtrS+JyZqYWpu4m53vWPIvaXWsWfLK8EJBGxLyL2b7CMM4e/Ptju2Orxr6AD60zVryKeqF3/y9EUfy5ZeX1yfGtUZo+M563iTj//cuX1duXfVfwdkF7/7S3b/3L8I0n9eu38ev73L55MH6/88Wnbe5qNtv+h5M2Gfe9PLSxcmIgYSl6tVbp+/2TTeZO3z0/jP/Ro6/6/J26/EgciIm3ED0bEQxHxcFb3R37bveqr8OOLj72z8fi7K41/Zu3XvzockTeExaHIEst7WieKZ3/4tqHQkdbx7257/Y8tpQ5le9by/reWeq23NQMAAMBmVYiInZEUxpbThcLYWO1v+PfG9kJlbn7hqVNz752fqX1HYCTKhXyma7huPnQiu63P85NN+aPZvPHnxW1L+bHpucpMv4OHAbejTf9P/Vnsd+2ArvN9LRhc+j8MLv0fBted/X9rX+oB9F6Lz/9t/agH0Hutxv8fruWJOztfF6C3mvq/ZT8YIOb/YHBtpP97z4B7Q2mln2we6mlVgN6Z3xarf0leYjMl8l+u6UYR5bS1HI6IxYtR6HukEl1M9PudCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDP+DQAA//+CSeFs")

31.995297962s ago: executing program 3 (id=1147):
getitimer(0x0, &(0x7f0000000000))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x50f)

31.941300373s ago: executing program 3 (id=1149):
r0 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x5af82)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda", 0x3}], 0x1)

31.816241055s ago: executing program 3 (id=1151):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040), 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r0}, &(0x7f0000000c00), &(0x7f0000000ac0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={<r3=>0x0, <r4=>0x0, <r5=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0000000000000000010000000100000000000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="01000080"], 0x38, 0x40044}}], 0x1, 0x400c5)
r6 = socket$netlink(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040)={0x0, <r7=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d00)=ANY=[@ANYBLOB="2800000018000100c0000000000000000200998e48cbe81592e130982f3c4d1df1000008000000040000000c00088008008392a7c64def784a712897c0f96a40ba0c00", @ANYRES32=r7, @ANYBLOB], 0x28}}, 0x0)
mount$9p_virtio(&(0x7f0000000980), &(0x7f0000000a00)='./file0\x00', &(0x7f0000000a40), 0x209009, &(0x7f0000000b00)={'trans=virtio,', {[{@cache_none}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@access_user}, {@cache_none}, {@fscache}, {@cache_loose}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'ext4\x00'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@euid_lt={'euid<', r7}}]}})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80b, &(0x7f0000000d80)={[{@barrier_val}, {@resuid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@errors_remount}]}, 0x1, 0x79b, &(0x7f0000000180)="$eJzs3c1rXFUbAPDnTpImTfu+zQsv2LppVloonbQ1tgqCERciWCjo2jZMpiFmkimZSWlCFhYRBBG0uBB049qPunMruvZvcCMiLVXTYsWFjNz5SKb5mHw0k2mb3w9ucs6dc+ecZ+7cc8/MPcwNYM8aTP9kIo5ExIdJxKH6+iQieqqp7oiRWrl7iwu5dEmiUnn996Ra5u7iQi6atkkdqGcOR8T370Ycz6yutzQ3PzlaKORn6vmh8tTlodLc/ImJqdHx/Hh++syp4eHTZ589e2bnYv3zx/mDtz565emvR/5+54kbH/yQxEgcrD/WHMdOGYzB+mvSk76E93l5pyvrsKTTDWBb0kOzq3aUx5E4FF3VFADwOEvP/xUAYI9JnP8BYI9pfA9wd3Eh11g6+43E7rr9UkT01eJvXN+sPdJdv2bXV70O2n83ie76FdHYwetdgxHx2bdvfpku0abrkABreftaRFwcGFzd/yer5ixs1clNlBlckdf/we75Lh3/PLfW+C+zNP6JpfHPst41jt3tGIzY15xfffxnbq654Ys7UHl9/PdCbW5bGmjT+G9p0tpAVz33nzRzNCImCvm0b/tvRByLnt5LE4X8qRZ1HLvzz531Hmse//1x/a0v0vrT/8slMje7e+/fZmy0PPogMTe7fS3iye7luX33VvX/fdWx7sr9n6473+qJjy4nX33+vU/XK5bGn8bbWFbH316VzyOeirXjb0hazk8cSnf/ydrftev45udP+terv3n/p0taf+OzwG5I939/6/gHkub5mqWdrX/j+Nd+/+9L3qimG53H1dFyeeZUxL7ktdXrTy9v28g3yqfx1yJdGX+m5fs//SR4cZMxdt/67avtx7+kLVMs0/jHtrT/t564cW+ya/vxp/t/uJo6Vl+zmf5vsw18kNcOAAAAAAAAAAAAAAAAAAAAAAAAADYrExEHI8lkl9KZTDZbu4f3/6M/UyiWyscvFWenx6J6r+yB6Mk0furyUC2fNH7/dKApf3pF/pmI+F9EfNy7v5rP5oqFsU4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1B9a5/3/q195Otw4AaJu+DUvcyd+XrVQqlTa2BwBov43P/wDA46bF+X//brYDANg9Pv8DwN7j/A8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG12/ty5dKn8tbiQS/NjV+ZmJ4tXTozlS5PZqdlcNlecuZwdLxbHC/lsrji10fMVisXLwzE9e3WonC+Vh0pz8xemirPT5QsTU6Pj+Qv5nl2JCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2pjQ3PzlaKORnHovE+xHxEDSjHYkkHopmdCTxy4mfDrcqc32Dt/HIQxHFI5bodM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj4NwAA//8PbSWm")
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r8)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="a4020000", @ANYRES16=r9, @ANYBLOB="01000000000000000000010020001c000480050003000100000005000300800000000500030005000000040108805400078008000600b4000000080006003600000008000600bf000000080006008500000008000500419d6a4d08000600d1000000080006007d00000008000600b80000000800060032000000080006003200000014000780080006003400000008000500e200207c0c00078008000600760000004c00078008000500a45eec2d08000500b97bcf02080006007c0000000800050096f6a0670800050054c6e21f0800060085000000080006004200000008000500c3272e1a0800050015dc893c3400078008000500d3d2b03a08000600920000000800060094000000080006003f000000080005009105476008000600e90000000c00078008000600f100000008000100030000003c00048005000300070000000500030002000000050003000700000005000300000000000500030006000000050003000000000005000300070000000800020003"], 0x2a4}, 0x1, 0x0, 0x0, 0x10}, 0x2004c842)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$IEEE802154_LIST_PHY(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r10, 0x200, 0x70bd27, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000006}, 0x4044)
lseek(r2, 0x5, 0x4)
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")
r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r11, &(0x7f0000000180)='./bus\x00', 0x0)

30.392581317s ago: executing program 3 (id=1161):
r0 = syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@nobarrier}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="184504006800000000000000", @ANYRES16=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@mangle={'mangle\x00', 0x64, 0x6, 0x548, 0x0, 0x0, 0x2a8, 0x2a8, 0x1b8, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x5, 0x703}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@private}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x7, 0x6, @ipv4=@local, 0x4e23}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a8)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000280)=""/5, 0x0, 0x0, 0x10004, 0x3}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'sit0\x00', <r5=>0x0})
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x40f3, 0x4)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, &(0x7f0000000240), &(0x7f0000000340)=0x30)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00', 0x1})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x1, 0x1, 0x0, 0x0, 0xa}})
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10)
bind$inet6(r8, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @empty, 0x80ad}, 0x1c)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
alarm(0x81)

30.006322032s ago: executing program 3 (id=1165):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x27}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

29.940999233s ago: executing program 32 (id=1165):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x27}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

5.517006056s ago: executing program 2 (id=1410):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x80940)
signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0xff]}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r3, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x4442)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000004c0))
r6 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='bridge_slave_1\x00', 0x10)
sendmmsg$inet6(r6, &(0x7f0000000440)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000480)="a0002882781ecc0e", 0x8}], 0x1}}], 0x1, 0x0)
pipe(&(0x7f0000000040))
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={r5, 0x9, {0x0, 0x0, 0x0, 0x8000000000000000, 0xfff, 0x0, 0x9, 0x19, 0x14, "112e92cfea3f846dfa081a4381e06b79ebeae62c89c5117b0fdc870c8ae629caf30543c13eed4cede48079690f4707e6d8ea8844968e6e670aaca0373938e1e2", "b74b77e02c54570a3c318d9e492e0f23991a27eaeb62d8d1fdf81eb6fa710f0e21c905c1123d6797b940f1a8324bcc554af8cac3c41c857f20bcf8621fe8ba7f", "d190a4a24ab3307ec2fad4e90414546f1c74c698738b934bde8aee16dafcabfb", [0x7, 0x100]}})

5.099423562s ago: executing program 2 (id=1417):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000e80)={{r0}, "023f08f52a910202cda96b7a047e045b4129fe9e7756c2ec9650090ddf03f71a47767a964293ef307a13aa52abf57cab081251af280a394a146e5a187ee92499ff71cf9acc9b4f6768df7ac7ec4d7ed8e08cbacd2945ff69f2a0dab8d6744678a9a5d824edc6f3d5a14e469deb84cb13d9d5d674dfdf584177a0cb55314cf103bf591c1f379b65c4b258345edae36040b353eec117802c2c1d860d4be219554ef69b227f5272bacacab3623f858ab6f945875f47ae17434b50a90f49c1e1220a6bcff68df9bcb4e0d0656de0ab248bf2a5fc94c4fee6f06520be4a5e1a3a2f7b9bde3cdd5563bc73de6f2a5adfbc10a0e56b86ccefba78d7bb16f5b12dfdbfa009a280ca2c40fde249a97bb107148c68bf242d6e80ec0f3e99fa392070342d1bf85a27c74fc24b848cede9d832a06a3db436da133d2f2b7e19891f7a5a410be2c898cd6c119fb1c00e63af75a015f2b90e06031f2ececc6bd657fc11288c5ccde7d109e380b9cf6486ad5e0ca783b85229308df3dd5e5de2d52a3831fa1ebf08805e64e6e7b5825b5347dbc9a4aab8aed183d1ead5f555003f6d463a73fa8ef16fe219d1c5bf5f4aa56fd8c1fecf83aa3466a609a494fa05377f555a9f5947ad9205e80e684653ec256eafb61cc4d33c6174982b30c6e23bb4308177a4101e43a0cc72da6ba0e62635453c293115b82ddad63013164fb4a3ddb50a0a0e1405f62d1d393e34d8778e85ff9d1110cdbce3f3a2647f2506bd142ae9d9d48b8a4a2d16972de6a5ac283bc4a9d347b21684a271df1863f51a18423780cb43a4acd97757c0433472438dadb68333aa28ea9a0254e88ea6c27185fa2a04afded74215f4f917fb2db031d1991541d101902ce79ef7e56f813942a566b58fbb3e109f9e00c8a4c6d087cd8ed8f6807de42677c9c71ad10e8df1210096c9ad5f59b3c844b720a11e9e85255cbedfb9353388f2d36f7d29af4317c52951ea7f28af3645472c4f0d8a94cf98699b547d1c41df6a6c20836879c7edc187ca8df1c3e1030dc793957e93d0c7958b9493e88f5b5b0550d2968f8e895b97cc03ac43901e438663aec8fd568385d1197f563ff59094c50d4b7d8c65e7557723c73895495ff332d728b2ea305d3cdae78e7998c984f9177df02aaa5c2ccc951149f90e07ee81e2911f80aebc6ec7b18df6b261daabffb44cbee2dd8d32eeea1b49c4ac3460a8e78aa4a4d4b2bae7c054cea3a6b5b6f364abd41926857b1ac06f6b944e614235bd47dff91eadbf4385c632539e68eede7adc5237a3b70400b24ba76115fbd725315a9160e73d1f2ca2e10efa7823006fa58252bd23c04d6d52913215dbcb5dbfe4c0ba41870d2ffce72aafff488cd033ef98715ddd0168f22d7a3fc58caf175f9e72ec7fe74f617c6f1cdb1269ba688bbbbc9816676869c51c96ca02da230256eaf6bfb4af615349bae1727385058feec63098156f06fb187fd651feac9a94e9db729f50669acd2da8644935e74c6523c66f399d4b1660231f169bbffb0f6e95175a1dbc9d85c7ccb3bc478e36383903390f6cf6b1c1d3bd7b546bacbc6be9bf04aa79dc1c1cc10b6679a04862be452e65cb7e460854d8c1a5d47eb87c7b40403d92c16c470c2b2742fc331468961459b95fb9bf1181a3da5cc7fdb21ee20c9ab7f233137ad72a488d5f022b95bf24c1c034ae7aee8e0091b19c0c12aa57fb43849a7b69b951717e3eeca673e7dd5b89a783b7a0b0084672a24ddf3ebb869c6fd1ef611524ae8836800570c04271d58f29668dbe8e7540827c06e58872c26d31d073dd393406ee8e21da7584380dabf5295a74e963f37819720ccbf29c343cd536f380a69f03d693821b2bce1bee79ff55fcf508ca2d888eb573f23af9c84f73ea5905b7311bddf6aeb3aa844e576b73e5e9f1ac4b26e05e99b7688a1f547bc067e8d8694c3447a4d7faabaaa24d00aecd502806410371392e2db13691c1b178058e7d69776691b3a8334e1682017458bd2dbc6bc874d9c1388bf6411b5617f6ebd9e0687c8048546853795f8dc9e1c0e776d511a1acc61463d723ae60f5680c4c64d9832ca975c0e58040b2c7604a5fee59b4a1ef346b32eda980f4d5291218d1867cd64e704bcb39d4a07ea7aa65174b242704cd28ae3a81286786bc1a9707e9bbc674fcada2e3648b015eac723213b3223101fa8273411f54f0514f95cd90b5e49bfbf693ef5f43210c147e6c682b6da7505da708f5030ec2e0b77d334e1772427bdd572baaf8ab90855bf562540b3083706c209ae1fa8c79b684a851ad566aa59ea10d9e6f9b400b2aee90ae4341f1fffd4770474dc77b28f958443636db206da08ea00e311a9d78639982f7e478e73f2bc97fd88ab0c944f24926f0968cb2dbea59f190408d7d801a2c7a555a510657cf912a4f3ec4a9d3ff36cb7689e66b6152f12d62b82c8e041f856ca523cdd7cbabe2d8056a1a946439bd2d08a187f2afc5fbae1a5cae2e21bde88bea83cc788b468d58f14aa7933686bf60b3451d097f38a1dcf7713c9a8453fc45e0dc573b9735b502fc3f5480709dabb5a8b5b6ad2e8cea536c00b12dc5c8d72eaa1f74136d854c033d0591ad2260c89b1bdb391bcebd740b303e76097f82232853c2777dff010a5397ae27ff9019f71e6293247e0dbda5730e2803d502feee925346d7b0de8f029486b7e1a80bfec723cc83793471a59d4b46dbcfe2a6f71446bd368cd816756abc299de68e90b35d62d16acfd1edf75ce55dce386473c841a091647c76a4883580d2eeda44e50a3981f515c139dfc11cc671f415bf557da183cb245636936793f49f9be65a3f3ab1471e1d295b5434234869b8134ee37abbbea1615fb4ae1b8e6f88dc953a2463d93fa2e16ea558f3c20ea145b2fa0c96148942742c93de91d94ea30cd413be32b3f2aeec29bc151b625e78bd24d4c023650cff08a31061d07b1fbe9eee5baeba9e0141c3f1fb8f44d3bd4f083e654da107730032275e42d38a9db96ac09e70053e3ebf5aab324473fdb8f57a12b200eec66950764647af0fb727e64f4857c5534d845fe4fcbb4cd9859584e6fb03b5207c338bf8f12085ce4da6414ae991c35d744894d5a8ce54f4cc966621487713eca8bfb6dc9b53425a17f7c6575bb21bf771924ee7ce21144595d4f06d2fe56fd39ae7c43706c13727316313396f3db9adc2d8baa745c4d72207a226ba395fbed9bca82c960569871eb3fbd21a8157412ca0ac552e143a9f080d1eb01559155450dd2e99f3e7c575ea1d124c66ee85fa43628a1229df8ee6cfbf3b06d09ad933439f59157bc3f568f7f367c99352880e7d506eae87fa53d65d7e967b6dcc0f19974588840e3b7c411d9cc407f79b75ec0d02bbb81e3ba796e3b0820ff60545f16c4b1f1b17954368f976faf749fa834faca46e1f072374d399622328987d0d209c82f8a3d3f76a4198ddc39b16931d637dbb980ec413c0def9da7de5b7536914e786c80a0c53a8cf5e4764448d20d9900a0b0b52db5ba910e7cd2620ca2d5db00989c4d82598acb016da1c8bd1153be336f6676b3d6b7766d572783fe31b1535cdf47f0f467f5c3942de31400c48c9121c3b8e13fb68f260e40311ca0b7ff52082cd3210d1a4b8c2d488df0d8a5a3e208dd1d3445a2dc68691b08f07622543039cc72daf696073f579c45fd7ed2ad913e48abd773fd718298c405d1fdde13503c93cf2cf0d3ca86f64cd077310a7f073f2d6e769f2b49470042c3e09baf1a80c0096452fe5b11a387032538ee409c378a55ef90b44d4ab5fca58efb71c1ebaa6b5b9a376c31884454fb921c116f42bc8be9ec4bc95ce87ae14552ccbda7ce1bf6bf1bcca36235693689794e8a655c36e53254622b63f971ccd163dde573f21c757745c8199230ab8c70fb3756822f2b1fe8de9a9d5e1e48636ac5e0286d5ca5b6069815f5c5ef046b47bb3c22974de73aa168955b815d35105d9445289845cb6bbdbf26bae4faa4c78dbc96825be9aed91141b1adef3b8fe58a8784d3c70ca12ba75960a4a1b65edb8f5c4c876a0def1c57581d5f42d3795fd1cea1a104ce9b3d08db6537ca95f36dd881278a1342362a4769120e348dbb17c837e1dcc25fc4150216fdb51b7297e8e1778a4f83feceb6e8ba96e0e7397eaf8ac382328bd3c0717fe7475cf393da2523121820aa42c38f723672b7116eee2c4e6348e8e260dc30d4622d2f81210a44bd85d23675068efc126aada06ddba3a43eaa68aedeb4630ba72405eb8f9a79192c70e86d9da8fce6bc59364a50ef6a41beb374cf376428f33f731bca03f227d63f9487496a4394817f87846721d3cea2031616a169289c5fa722095a860e53298691dd273621566c1c72ecec6585f921a9efb9496826ea37756ed41b28ba4ced874344a627754000922e0d375c2823a603034a7e48cd5ace54584c85451667a742e5df763da5f05ee5fa0b2bb6f0a4339ee521ef79655a52fd68663c49c0baf395c9008770b468a132365ca08183eba2f1e1edaca3c4388b39c3a13ce826911ae5783254e02d12092d475b44ce763c9e2b051fe6440a7f674e9f374671a8652afcb5945367e990099f5b014868c8314d089e21715105d698506568f8c21152a6c97788b93b163eb8fb37e8533635972e9827f2aa5948144870f3c567c2a53465d3cad4d401f3e002df8b3c78a28ed36d290c522f07864a539d3c3ae6ac9b0a581b51a07c0da01dceb4194d7d5407cb249d6487411952a6cda1e49c8f1d11027a1cd1463b688346d3160ffc2239612da7b3677bb202dd2b56a8b813d31660836b613f35d1cc2ff7fc36e9a3cdd28a26c53b980e67bbf911ae1e1ca4f0166bc821e035778dc9183e7ba4bf065577d9a6457b2a9cc79411d00ffa92db0e56d06f6b0f4e6957aa92e08fe34712f400618662e9972947238b5a1ad4928f15eac1e4051f529f23387a24b6c060ad7bd42cb03d52de8256b33bfea2209d102ccb00b112c492edb5702fcccf42f756503230b0ed7a5baa048d0b87bea03284ebf7006aba30b0489ced2cc7868ee3aad6d6a0c172d92cb3b744ee24c4750cbabd99bcc390f30b42c73596726cce3aeca8c2403f48f283f07f3070abb4f2c9f4dd17cd20f79575d214fa06396326e82eed6e7762c12d81a07d9f8186864631ca002461476d4c3ab0e605976eaaee3d2f45a6e502967177e0af0a688faf1e404439cc25b3bd6708bf448902653e210af91a761f9d6211997edfb4b35fb3da78ca3f1fb4c72d88cfd0c43cd422723e07ca37268a86627e49cca215056134e82fcc680a7808c948b90d56fd13da4004efbe46168ef582fa4132089882dd222f36acf73c8f2055f66366030b1bdd30e87d3d91b0b6a3b2f4a24f9189a8baf682f4243e76c35b9655aca09a319f04a505fb875362339e85cf40a69c976c841625b63a1c8f3bdbce287d702ba0d4e7b42f86452385caf9dc2f247ca3cd0c3ed2d22733aeba24f708b08b3d3b957f39a6fcdb2d2b12aeebc91f88102b6d0e5eba66ec4fe18292ed469c0265a2618f94560172aa7c8f07de60799e69b86c4feb0be71923cbd0b13d2de821f3ee4f182743b86bbd9841975a4111fe59c8a72fc01712bd8a063b8889aa4367d4e762fb9675b3d6ab03903d6c7a850471d3a1682acb2a41eae097b9e5e7a1b42b88d21cf1982e8bfdaef2214d34615710b9400ec1f85cb9efd4b1eeb0d5c861cf0b20d70e71d1359c14c0d2c49b70932afa24eb2bd7c3c38b94721011b2f16e09fa346a389e3"})
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r2 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x400, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4}, 0x10)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x17)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x1100, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

4.754068318s ago: executing program 2 (id=1421):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x4868800c1b5db081, 0x4382, 0x4, 0x2, 0x100, r0, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x50)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)={@multicast1, @rand_addr, <r3=>0x0}, &(0x7f00000002c0)=0xc)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x1, 0x0, r2, 0x8, '\x00', r3, r4, 0x4, 0x4, 0x5}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000600), 0x200002, 0x0)
sendmsg$AUDIT_USER(r5, &(0x7f0000000940)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000900)={&(0x7f0000000800)={0x100, 0x3ed, 0x2, 0x70bd27, 0x25dfdbfe, "dd3429f7597848328bea7a68456adc9958121be201555664aff4e44dc7c853ca26f4a3d4376ee11e5ef11c0737b0b18b9e3648377d2be27968e41b1c20f720080121938c5180c032f0b1573c71bcb5c1fb431f17c69d227931230787cd1ce1ffb43799ee004cac984de344bf60cb018b613c5bc84dd380f3ba6ccc1a3565f623e126cdc45fe25041454ea90e82e5923548b345ee9aa5056bb8c46f4b260c9937903e0886d6307af4e5eca70cb9d804e8b8be3735e3ff998db3e8b46da70fffb9f99578657998fe5d30b9c366c8202409e68ffd0a27afcc7f8789ca18be8726e8dcd4b281ee297ec2803ba11e98", ["", "", ""]}, 0x100}, 0x1, 0x0, 0x0, 0xc400}, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)=""/114, 0x72}, {&(0x7f0000000440)=""/138, 0x8a}, {&(0x7f0000000540)=""/39, 0x27}, {&(0x7f0000000580)=""/131, 0x83}, {&(0x7f0000000640)}], 0x5)

4.693756139s ago: executing program 2 (id=1422):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000d5648c1d82a145dd6415ad67039417a73d8512f05ddb80fb359dac5afc9a43f182c63ca1ee2410f5eea28095ba11cca5d7c7e353e4065669139c82624a3ddf037d814dc859ca5c25e5634beca63fb3e70a55b1077dad76610e983f07b838140253dd262e02bdf34549661325f46583855df014a2bd752c90f081a82aef5520f5ce2446eddad7fef6d484ec68d22f8e123d878cc6fa7ec0e4b55d5f6cbbce2d5f7a5a9e89ca60cfb2b2a9f64f226b7bd9113fc2e61521a24433e7900214552a7a7d5120f2dba9509cef", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x102, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x4110, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000140)=ANY=[], 0xfe44, 0x2)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x4}, {}, {0x0, 0xffffffff, 0x1}, {0x0, 0x0, 0x3800}, {}, {}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {0x0, 0x0, 0x1}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0xffffffff}, {0x0, 0x2}, {}, {}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x1}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0x0, 0x800000, 0x0, 0x0, 0x0, 0x2000000}, {}, {0x0, 0x0, 0x1ff}, {}, {0x0, 0x0, 0x2}, {0x4, 0x4000000}, {}, {0x0, 0x80000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x767c4148}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x3, 0x0, 0x80000}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x2, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {0xfffffffd}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, {0xfeb, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0xfffffffe}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {0x0, 0x0, 0xfffffff8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x6}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x4}, {}, {0x0, 0x5}], [{0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {0x3}, {0x9f6acee820ff84a1}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x5, 0x9463d21cb8c2d83b}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18117700229ac44badb611f2e59afff613fa11018fa31c1ea0dec82ea350bae402918fe2e6945241f9a49a4a80", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='sched_switch\x00', r4}, 0x18)
unshare(0x6a040000)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
write$binfmt_misc(r5, &(0x7f0000000240), 0xfffffecc)
ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000000)=0x81d)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000006820010000000000e873ed25ef532ffc6e2093978ecc007976a152e9d28fda00000006000700800c0000000000000000", @ANYRES32=0x0, @ANYBLOB], 0x38}}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'pim6reg1\x00', &(0x7f00000001c0)=@ethtool_sset_info={0x37, 0x6, 0x9, [0x30d2, 0x0, 0x8001, 0x7]}})
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)

3.680721734s ago: executing program 4 (id=1430):
r0 = socket(0x10, 0x3, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000340)={0x10000000})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES8=r0, @ANYBLOB="f56c70275afd932acc122b1b1c81d273a69a", @ANYRES32=r0], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x10, 0x5, &(0x7f0000000840)=ANY=[@ANYBLOB="180000000600000000000000000000007910000000000000631b6372c920b932610000000000000079a50a876dfac75efd5e49c0d63b6012a8d1c58c4a02938932b57e81886bcec95f7ff6691bfb5704571e1321e67b764f1c44f6bb008b354af2e758a02910b6f0bac7761cb429d093d9c3dffcbbe7e5a09c2b66a4941221ebe36c63250283ec4779ce08b7024f4ed698cb62c487664c85b360890c66bc2ff8055480cac6e735a713c4fb883e40183f79074ea112e1b1e1f6e369d440f3e3e3a0fcd9ce7a68aa9a6c5df5b05cd330d24d72811693723d013adbc5570031554001c85463424fff8ae828266495263bebf557def6bc6c4caef8309be5fba36e28eab16a7d9812e4577f2125d8706409019320658f239440c1eeabe18db4ca45891b"], &(0x7f0000000100)='GPL\x00', 0x2, 0xc4, &(0x7f00000002c0)=""/196}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
memfd_secret(0x80000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f000019d000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000020000000f502f70000004944090000000000009833574fc8b23c01f95dea4b38c9a2eeb0445ef71207848a19545fb010d86141b5577a52c4ddd40dbcadafec78b192716ac76e45c277629521a8a06087"], 0x50)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
unshare(0x40000000)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
syz_io_uring_setup(0x3b52, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x5, 0x1c2}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000680)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x6, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})

3.368923209s ago: executing program 4 (id=1436):
io_uring_setup(0x4a85, &(0x7f00000004c0)={0x0, 0x4176, 0x1, 0x8001003, 0x3d7})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8000000}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200))
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/bus/input/handlers\x00', 0x0, 0x0)
preadv2(r3, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/139, 0x8b}], 0x1, 0x867, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x1c, 0x45, &(0x7f0000000000)="adc3313930ddcacf798cb06800df6187bd21a969b81bcdbd9ef2d796", &(0x7f0000000340)=""/69, 0xc3ea, 0x0, 0xb2, 0x9f, &(0x7f0000000400)="aa741a4a7c861e61c29de6e867f4451a9cd862c99179f9f8a036bb2e32f4e4f44d5d4b61b08abfc6b527c3775bbd521a2d38786c057da37f089169ef95144fca63d1772cb294943d1807837addda373263389b4af194295d7272f71ee908c81c9ebfc9b12ced890d4f5dafd9cd28f576c5d5af9a254c5fc757de291699de4b0b808e2a6cf40d262512134dd416019c1aa6f76629493c1ad1723cc20155b44006f355e3e9b85aa9c5d4f96017be76d1d04aab", &(0x7f0000000540)="f9d85a99c8a067c3502fb588e1f011084264f1a9af7747de19eb5d017b6eb0b2266f4dfb11fc632f580d14dc534a258871bfe265aa78fed8af1ce522f6a2e4ff0c183c76f6a6d02798f6bcc10a41c759053a673a2da119209152acdfb676bf4df427e68f4e8856795a1211fd9670de6caf37c14e9bace730b6556b94fc64a0b7f89da633789d86582da043fc76ebdd8673a506e7fcddf68f6663b675b1272e", 0x1, 0x0, 0x3ff}, 0x50)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2000002, 0x42032, 0xffffffffffffffff, 0x80000000)

3.146861802s ago: executing program 4 (id=1440):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x4}, 0x18)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'ip6tnl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
r9 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = fsmount(r9, 0x0, 0x0)
fchdir(r10)
setresuid(0xee00, 0xee01, 0xee01)
r11 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
utimensat(r11, 0x0, &(0x7f0000000580)={{0x0, 0x3ffffffe}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)

3.126920963s ago: executing program 5 (id=1443):
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6)
syz_open_dev$tty1(0xc, 0x4, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a301000000088000000090a010400000000000000000700000308000a3d000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e4e6c696d69740000000c000280080001400000e41f0800034000000120140000001000010000000000000000000084000a"], 0xd0}}, 0x20050800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f00000004c0)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@init_itable}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
r9 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200))
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b)

3.028123814s ago: executing program 1 (id=1444):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r1, @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x4c80, 0xffffffffffffffb6)
syz_open_dev$tty1(0xc, 0x4, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a301000000088000000090a010400000000000000000700000308000a3d000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e4e6c696d69740000000c000280080001400000e41f0800034000000120140000001000010000000000000000000084000a"], 0xd0}}, 0x20050800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f00000004c0)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@init_itable}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000040), 0x208e24b)

1.620444145s ago: executing program 4 (id=1445):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x40008, 0x590, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x4c58, 0x0, 0x0, 0x0, 0x8, 0xffffffff, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0)
r1 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r3, 0x6, 0x23, &(0x7f0000000040)=""/36, &(0x7f0000000200)=0x24)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r6}, &(0x7f0000000000), &(0x7f00000005c0)=r7}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[])
creat(&(0x7f0000000300)='./file0\x00', 0x20)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x1, 0x0, 0x0, 0x1, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5, 0x0, 0x0, 0x0, 0x784}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {}, {0x2, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffd}, {}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x2, 0x0, 0x4, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x9}, {0x0, 0x0, 0x3, 0x0, 0xfffff800}, {}, {}, {0xffffffff}, {}, {}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x80}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x8510}, {0xffff}, {}, {0x0, 0x0, 0x0, 0x401}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x0, 0x0, 0x200}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x5}, {}, {}, {}, {0x0, 0x101, 0x8000000, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0a7}, {}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f, 0x0, 0x0, 0x0, 0x0, 0x1000}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x46923d3d}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x7, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0xda4}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x800000, 0x7fffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0xffffffff, 0x0, 0x8}, {}, {}, {}, {0xfffffffe, 0x0, 0x4, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7fff800}, {}, {}, {0x4, 0x0, 0x0, 0x3, 0x0, 0x4}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x3}, {0x2, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)

1.131260472s ago: executing program 4 (id=1446):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x110, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0)

959.172615ms ago: executing program 0 (id=1447):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000080)={[{@nobh}, {@usrjquota}]}, 0x1, 0x77e, &(0x7f0000000a80)="$eJzs3d9rW1UcAPDvTX/tl7aCoPOpIGhhLLWzbgo+VHwQwcFAn91CmpXZtBlNOtZS0CGCL4KKb/qyZ3/MN1/98ar/hQ/imNoNJz5I5abJmq1Jl25pMs3nA7c9596bnPO9P849yT3cBNC3xtM/mYjDEfFhEjFam59ExFA1NRgxs7nezfW1fDolsbHx+u9JdZ0b62v5aHhN6mAt83hEfP9exJHM9nLLK6vzuWKxsFTLT1YWzk+WV1aPnlvIzRXmCovHp6anj5147sTxzsX650+rh65+9MrTX838/e5jVz74IYmZOFRb1hhHp4zHeG2bDKWb8DYvd7qwHkt6XQHuSXpqDmye5XE4RmOgmgIA/s/ejogNAKDPJK7/ANBn6t8D3Fhfy9en3n4j0V3XXoqIfZvx1+9vbi4ZrN2z21e9D3rgRnLbnZEkIsY6UP54RHz2zZtfpFPs0X1IgGbeuRQRZ8bGt7f/ybYxC7v1zA7Lhmv/x++Yr/2D7vk27f8836z/l7nV/4km/Z+RJufuvai+x/BWftv5v78Dhewg7f+92DC27WZD/DVjA7XcQ9U+31By9lyxkLZtD0fERAyNpPmpHcqYuP7P9VbLGvt/f3z81udp+en/rTUyvw6O3P6a2Vwldz8xN7p2KeKJwWbxJ7f2f9Ki/3uqzTJefeH9T1stS+NP461P2+OP2uikvbFxOeKppvt/a0RbsuP4xMnq4TBZPyia+Prn1vVv3P/plJZf/yzQDen+P7Bz/GNJ43jN8u7L+PHy6Hetlt09/ubH/3DyRjVdbzou5iqVpamI4eS17fOPbb22nq+vn8Y/8WTz83+n4z/9THimzfgHr/725b3Hv7fS+Gd3tf93n7hyc36gVfnt7f/pamqiNqed9q/dCt7PtgMAAAAAAAAAAAAAAAAAAAAAAACAdmUi4lAkmeytdCaTzW7+hvejcSBTLJUrR86Wlhdno/pb2WMxlKk/6nK04XmoU7Xn4dfzx+7IPxsRj0TEJyP7k/pzFGd7HDsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1B1s8fv/qV9Gel07AGDP7Ot1BQCArnP9B4D+4/oPAP3H9R8A+o/rPwD0H9d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9tipkyfTaeOv9bV8mp+9sLI8X7pwdLZQns8uLOez+dLS+excqTRXLGTzpYW7vV+xVDo/HYvLFycrhXJlsryyenqhtLxYOX1uITdXOF0Y6kpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA75ZXV+VyxWFiS2EqkG6atlTd6XtUOJGY68D4DtcPpAQin+4nkwahGhxPNWovhrrZNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8F/wYAAP//hNkgcA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)

955.928125ms ago: executing program 5 (id=1448):
r0 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x14)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r2, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @multicast2}, 'syz_tun\x00'})

907.649006ms ago: executing program 4 (id=1449):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffff0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22, @remote}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x10000002}, 0x18)
mount$9p_rdma(&(0x7f0000001d00), &(0x7f0000001d40)='./file0\x00', &(0x7f0000001d80), 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB='tea=0x0000000000004e24,\x00'])
mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x41200100, 0x0, 0x0, 0x0, 0x0, 0x0)

823.351537ms ago: executing program 1 (id=1450):
r0 = syz_io_uring_setup(0x27b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x3, 0x313}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x0, 0x40000103})
io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0)

718.591659ms ago: executing program 2 (id=1451):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r2, 0x2285, 0x0)
writev(r2, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd24", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

705.732059ms ago: executing program 0 (id=1452):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000e80)={{r0}, "023f08f52a910202cda96b7a047e045b4129fe9e7756c2ec9650090ddf03f71a47767a964293ef307a13aa52abf57cab081251af280a394a146e5a187ee92499ff71cf9acc9b4f6768df7ac7ec4d7ed8e08cbacd2945ff69f2a0dab8d6744678a9a5d824edc6f3d5a14e469deb84cb13d9d5d674dfdf584177a0cb55314cf103bf591c1f379b65c4b258345edae36040b353eec117802c2c1d860d4be219554ef69b227f5272bacacab3623f858ab6f945875f47ae17434b50a90f49c1e1220a6bcff68df9bcb4e0d0656de0ab248bf2a5fc94c4fee6f06520be4a5e1a3a2f7b9bde3cdd5563bc73de6f2a5adfbc10a0e56b86ccefba78d7bb16f5b12dfdbfa009a280ca2c40fde249a97bb107148c68bf242d6e80ec0f3e99fa392070342d1bf85a27c74fc24b848cede9d832a06a3db436da133d2f2b7e19891f7a5a410be2c898cd6c119fb1c00e63af75a015f2b90e06031f2ececc6bd657fc11288c5ccde7d109e380b9cf6486ad5e0ca783b85229308df3dd5e5de2d52a3831fa1ebf08805e64e6e7b5825b5347dbc9a4aab8aed183d1ead5f555003f6d463a73fa8ef16fe219d1c5bf5f4aa56fd8c1fecf83aa3466a609a494fa05377f555a9f5947ad9205e80e684653ec256eafb61cc4d33c6174982b30c6e23bb4308177a4101e43a0cc72da6ba0e62635453c293115b82ddad63013164fb4a3ddb50a0a0e1405f62d1d393e34d8778e85ff9d1110cdbce3f3a2647f2506bd142ae9d9d48b8a4a2d16972de6a5ac283bc4a9d347b21684a271df1863f51a18423780cb43a4acd97757c0433472438dadb68333aa28ea9a0254e88ea6c27185fa2a04afded74215f4f917fb2db031d1991541d101902ce79ef7e56f813942a566b58fbb3e109f9e00c8a4c6d087cd8ed8f6807de42677c9c71ad10e8df1210096c9ad5f59b3c844b720a11e9e85255cbedfb9353388f2d36f7d29af4317c52951ea7f28af3645472c4f0d8a94cf98699b547d1c41df6a6c20836879c7edc187ca8df1c3e1030dc793957e93d0c7958b9493e88f5b5b0550d2968f8e895b97cc03ac43901e438663aec8fd568385d1197f563ff59094c50d4b7d8c65e7557723c73895495ff332d728b2ea305d3cdae78e7998c984f9177df02aaa5c2ccc951149f90e07ee81e2911f80aebc6ec7b18df6b261daabffb44cbee2dd8d32eeea1b49c4ac3460a8e78aa4a4d4b2bae7c054cea3a6b5b6f364abd41926857b1ac06f6b944e614235bd47dff91eadbf4385c632539e68eede7adc5237a3b70400b24ba76115fbd725315a9160e73d1f2ca2e10efa7823006fa58252bd23c04d6d52913215dbcb5dbfe4c0ba41870d2ffce72aafff488cd033ef98715ddd0168f22d7a3fc58caf175f9e72ec7fe74f617c6f1cdb1269ba688bbbbc9816676869c51c96ca02da230256eaf6bfb4af615349bae1727385058feec63098156f06fb187fd651feac9a94e9db729f50669acd2da8644935e74c6523c66f399d4b1660231f169bbffb0f6e95175a1dbc9d85c7ccb3bc478e36383903390f6cf6b1c1d3bd7b546bacbc6be9bf04aa79dc1c1cc10b6679a04862be452e65cb7e460854d8c1a5d47eb87c7b40403d92c16c470c2b2742fc331468961459b95fb9bf1181a3da5cc7fdb21ee20c9ab7f233137ad72a488d5f022b95bf24c1c034ae7aee8e0091b19c0c12aa57fb43849a7b69b951717e3eeca673e7dd5b89a783b7a0b0084672a24ddf3ebb869c6fd1ef611524ae8836800570c04271d58f29668dbe8e7540827c06e58872c26d31d073dd393406ee8e21da7584380dabf5295a74e963f37819720ccbf29c343cd536f380a69f03d693821b2bce1bee79ff55fcf508ca2d888eb573f23af9c84f73ea5905b7311bddf6aeb3aa844e576b73e5e9f1ac4b26e05e99b7688a1f547bc067e8d8694c3447a4d7faabaaa24d00aecd502806410371392e2db13691c1b178058e7d69776691b3a8334e1682017458bd2dbc6bc874d9c1388bf6411b5617f6ebd9e0687c8048546853795f8dc9e1c0e776d511a1acc61463d723ae60f5680c4c64d9832ca975c0e58040b2c7604a5fee59b4a1ef346b32eda980f4d5291218d1867cd64e704bcb39d4a07ea7aa65174b242704cd28ae3a81286786bc1a9707e9bbc674fcada2e3648b015eac723213b3223101fa8273411f54f0514f95cd90b5e49bfbf693ef5f43210c147e6c682b6da7505da708f5030ec2e0b77d334e1772427bdd572baaf8ab90855bf562540b3083706c209ae1fa8c79b684a851ad566aa59ea10d9e6f9b400b2aee90ae4341f1fffd4770474dc77b28f958443636db206da08ea00e311a9d78639982f7e478e73f2bc97fd88ab0c944f24926f0968cb2dbea59f190408d7d801a2c7a555a510657cf912a4f3ec4a9d3ff36cb7689e66b6152f12d62b82c8e041f856ca523cdd7cbabe2d8056a1a946439bd2d08a187f2afc5fbae1a5cae2e21bde88bea83cc788b468d58f14aa7933686bf60b3451d097f38a1dcf7713c9a8453fc45e0dc573b9735b502fc3f5480709dabb5a8b5b6ad2e8cea536c00b12dc5c8d72eaa1f74136d854c033d0591ad2260c89b1bdb391bcebd740b303e76097f82232853c2777dff010a5397ae27ff9019f71e6293247e0dbda5730e2803d502feee925346d7b0de8f029486b7e1a80bfec723cc83793471a59d4b46dbcfe2a6f71446bd368cd816756abc299de68e90b35d62d16acfd1edf75ce55dce386473c841a091647c76a4883580d2eeda44e50a3981f515c139dfc11cc671f415bf557da183cb245636936793f49f9be65a3f3ab1471e1d295b5434234869b8134ee37abbbea1615fb4ae1b8e6f88dc953a2463d93fa2e16ea558f3c20ea145b2fa0c96148942742c93de91d94ea30cd413be32b3f2aeec29bc151b625e78bd24d4c023650cff08a31061d07b1fbe9eee5baeba9e0141c3f1fb8f44d3bd4f083e654da107730032275e42d38a9db96ac09e70053e3ebf5aab324473fdb8f57a12b200eec66950764647af0fb727e64f4857c5534d845fe4fcbb4cd9859584e6fb03b5207c338bf8f12085ce4da6414ae991c35d744894d5a8ce54f4cc966621487713eca8bfb6dc9b53425a17f7c6575bb21bf771924ee7ce21144595d4f06d2fe56fd39ae7c43706c13727316313396f3db9adc2d8baa745c4d72207a226ba395fbed9bca82c960569871eb3fbd21a8157412ca0ac552e143a9f080d1eb01559155450dd2e99f3e7c575ea1d124c66ee85fa43628a1229df8ee6cfbf3b06d09ad933439f59157bc3f568f7f367c99352880e7d506eae87fa53d65d7e967b6dcc0f19974588840e3b7c411d9cc407f79b75ec0d02bbb81e3ba796e3b0820ff60545f16c4b1f1b17954368f976faf749fa834faca46e1f072374d399622328987d0d209c82f8a3d3f76a4198ddc39b16931d637dbb980ec413c0def9da7de5b7536914e786c80a0c53a8cf5e4764448d20d9900a0b0b52db5ba910e7cd2620ca2d5db00989c4d82598acb016da1c8bd1153be336f6676b3d6b7766d572783fe31b1535cdf47f0f467f5c3942de31400c48c9121c3b8e13fb68f260e40311ca0b7ff52082cd3210d1a4b8c2d488df0d8a5a3e208dd1d3445a2dc68691b08f07622543039cc72daf696073f579c45fd7ed2ad913e48abd773fd718298c405d1fdde13503c93cf2cf0d3ca86f64cd077310a7f073f2d6e769f2b49470042c3e09baf1a80c0096452fe5b11a387032538ee409c378a55ef90b44d4ab5fca58efb71c1ebaa6b5b9a376c31884454fb921c116f42bc8be9ec4bc95ce87ae14552ccbda7ce1bf6bf1bcca36235693689794e8a655c36e53254622b63f971ccd163dde573f21c757745c8199230ab8c70fb3756822f2b1fe8de9a9d5e1e48636ac5e0286d5ca5b6069815f5c5ef046b47bb3c22974de73aa168955b815d35105d9445289845cb6bbdbf26bae4faa4c78dbc96825be9aed91141b1adef3b8fe58a8784d3c70ca12ba75960a4a1b65edb8f5c4c876a0def1c57581d5f42d3795fd1cea1a104ce9b3d08db6537ca95f36dd881278a1342362a4769120e348dbb17c837e1dcc25fc4150216fdb51b7297e8e1778a4f83feceb6e8ba96e0e7397eaf8ac382328bd3c0717fe7475cf393da2523121820aa42c38f723672b7116eee2c4e6348e8e260dc30d4622d2f81210a44bd85d23675068efc126aada06ddba3a43eaa68aedeb4630ba72405eb8f9a79192c70e86d9da8fce6bc59364a50ef6a41beb374cf376428f33f731bca03f227d63f9487496a4394817f87846721d3cea2031616a169289c5fa722095a860e53298691dd273621566c1c72ecec6585f921a9efb9496826ea37756ed41b28ba4ced874344a627754000922e0d375c2823a603034a7e48cd5ace54584c85451667a742e5df763da5f05ee5fa0b2bb6f0a4339ee521ef79655a52fd68663c49c0baf395c9008770b468a132365ca08183eba2f1e1edaca3c4388b39c3a13ce826911ae5783254e02d12092d475b44ce763c9e2b051fe6440a7f674e9f374671a8652afcb5945367e990099f5b014868c8314d089e21715105d698506568f8c21152a6c97788b93b163eb8fb37e8533635972e9827f2aa5948144870f3c567c2a53465d3cad4d401f3e002df8b3c78a28ed36d290c522f07864a539d3c3ae6ac9b0a581b51a07c0da01dceb4194d7d5407cb249d6487411952a6cda1e49c8f1d11027a1cd1463b688346d3160ffc2239612da7b3677bb202dd2b56a8b813d31660836b613f35d1cc2ff7fc36e9a3cdd28a26c53b980e67bbf911ae1e1ca4f0166bc821e035778dc9183e7ba4bf065577d9a6457b2a9cc79411d00ffa92db0e56d06f6b0f4e6957aa92e08fe34712f400618662e9972947238b5a1ad4928f15eac1e4051f529f23387a24b6c060ad7bd42cb03d52de8256b33bfea2209d102ccb00b112c492edb5702fcccf42f756503230b0ed7a5baa048d0b87bea03284ebf7006aba30b0489ced2cc7868ee3aad6d6a0c172d92cb3b744ee24c4750cbabd99bcc390f30b42c73596726cce3aeca8c2403f48f283f07f3070abb4f2c9f4dd17cd20f79575d214fa06396326e82eed6e7762c12d81a07d9f8186864631ca002461476d4c3ab0e605976eaaee3d2f45a6e502967177e0af0a688faf1e404439cc25b3bd6708bf448902653e210af91a761f9d6211997edfb4b35fb3da78ca3f1fb4c72d88cfd0c43cd422723e07ca37268a86627e49cca215056134e82fcc680a7808c948b90d56fd13da4004efbe46168ef582fa4132089882dd222f36acf73c8f2055f66366030b1bdd30e87d3d91b0b6a3b2f4a24f9189a8baf682f4243e76c35b9655aca09a319f04a505fb875362339e85cf40a69c976c841625b63a1c8f3bdbce287d702ba0d4e7b42f86452385caf9dc2f247ca3cd0c3ed2d22733aeba24f708b08b3d3b957f39a6fcdb2d2b12aeebc91f88102b6d0e5eba66ec4fe18292ed469c0265a2618f94560172aa7c8f07de60799e69b86c4feb0be71923cbd0b13d2de821f3ee4f182743b86bbd9841975a4111fe59c8a72fc01712bd8a063b8889aa4367d4e762fb9675b3d6ab03903d6c7a850471d3a1682acb2a41eae097b9e5e7a1b42b88d21cf1982e8bfdaef2214d34615710b9400ec1f85cb9efd4b1eeb0d5c861cf0b20d70e71d1359c14c0d2c49b70932afa24eb2bd7c3c38b94721011b2f16e09fa346a389e3"})
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r2 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x400, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4}, 0x10)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x1100, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

681.143079ms ago: executing program 5 (id=1453):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/12], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) (fail_nth: 1)

653.144ms ago: executing program 1 (id=1454):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x110, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0)

539.808782ms ago: executing program 1 (id=1455):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0)

539.316301ms ago: executing program 5 (id=1456):
prctl$PR_SET_NAME(0xf, &(0x7f0000000500)='kfree\x00')
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x48a201, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x57}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000001000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040022000000008500000082"], 0x0, 0x1000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

510.821482ms ago: executing program 1 (id=1457):
r0 = openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'erspan0\x00', &(0x7f0000000380)={'tunl0\x00', <r2=>0x0, 0x20, 0x7800, 0xc, 0x6, {{0x13, 0x4, 0x3, 0x20, 0x4c, 0x64, 0x0, 0x2, 0x2f, 0x0, @local, @private=0xa010101, {[@noop, @timestamp_addr={0x44, 0x34, 0x6, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}, {@broadcast, 0xffffff65}, {@private=0xa010102, 0x50000000}, {@rand_addr=0x64010100, 0xff}, {@empty, 0x7}, {@remote, 0xffff8000}]}]}}}}})
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'wg1\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000000)=0xf3e, 0x4)
sendto$packet(r3, &(0x7f0000000240)='\x00', 0x1, 0x800, &(0x7f0000000080)={0x11, 0x0, r4, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfc}}, 0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000e00)={'vxcan0\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000010c0)={'veth0_vlan\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000001100)={'wg1\x00', <r7=>0x0})
sendmmsg$inet(r0, &(0x7f00000015c0)=[{{&(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000200)="5b8d694fa603f131dfcdca8cd61edb815f3da2911e4f17496a853e507073", 0x1e}, {&(0x7f0000000240)="3d079e4e2cb3ee9a7b68680832bf281a880a728836dde697c04ea8f717cf0bc1b6f8f010a6df69e9103674cff34d8cdf0084b6f9783cafcc3b5467fc764b2f933ecb2ca6860c477cfdfab5117102be9a4740631fa02dbc347d83d1f86c0bc68f7f9ace08116889208b33f6003fe7bbbf387ac803af84ce62bfbd82af43cff593b4eb436a28393f9c6e7f4a6d4e84e38fa59033d64ad414e289fdf9ae74a4615e29bfc6294e7e970d2fb6b9071366eecda37e29a08916e2955748f3e3621eddd9c7d3e42738b8d1cc3609", 0xca}], 0x2, &(0x7f0000000440)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xfffffff8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @multicast2, @multicast1}}}, @ip_retopts={{0x8c, 0x0, 0x7, {[@ra={0x94, 0x4}, @noop, @cipso={0x86, 0x4c, 0x2, [{0x5, 0xe, "14736cf8460fa52c2568c5f7"}, {0x5, 0x7, "a57f80a715"}, {0x5, 0x5, "f237b1"}, {0x2, 0x12, "544cc71899c143e61cf7bb3168882fa8"}, {0x7, 0x9, "3270789a637203"}, {0x2, 0xe, "a0ab441d28972cc7a395b97c"}, {0x5, 0x3, '\t'}]}, @timestamp={0x44, 0x28, 0x33, 0x0, 0x9, [0x2, 0x0, 0xff, 0x0, 0x9b3, 0x2, 0x1, 0x6, 0x0]}]}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @end, @ra={0x94, 0x4}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xe40a}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @dev={0xac, 0x14, 0x14, 0x44}, @dev={0xac, 0x14, 0x14, 0x13}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1ff}}], 0x150}}, {{&(0x7f00000005c0)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000600)="0b3c03885ad77ac22f30fd80cc37387d34e92dd38ca5dca771bcb14f03590008b4697d8eff90dbcfc8726655cefc1efad131e7106ae75e", 0x37}, {&(0x7f0000000640)="c5b72c28d835fe857c791e5e7707453f447f83f2483200bb5cc4a8880c0dca6516c8cc0dc194a02b5db4aac42fca63e3c9325f0bf313fbda60a8d802ddf306f9581d570fe4adcb71152b0beb5c49beeb17feabdd903aab0ff3ecb31756bfe27442ba4f379f8943f3b4b6189bb4a5b08f234e32f03118fcb4462778e10adaeb35bfccb3570b9115c20b5f4f48ba460591b4feeeeab0dc753513de0022c175acb1c5cd13620c11d9775945908444846b58ab2ab4a68d9beaf573ef5a08e007715856c1d87fb011b9461e", 0xc9}, {&(0x7f0000000d00)="2565a4e5b372cefb4953f7cf93b1d6c7d993f0c888de7c1d75c31b2af320cb401732f6b114fb25fe609dd1e026c5d40a245aa09b252e270fc76187c79ed3533355d42b8fd46cd33fca3c8495da861d7fcf980a393877a30aaa490b01c90e0d2eef97c37232bb50992612faee705ef56e8a2988bd60c51a5f1288dac88970d874ac120d6ec31524152c6f63f857b9a3ddd32a7e504b5c955c35513cdd603c60a0f9bab85c512b6389fe3f26694eefeb18d1a4d42fc106a5a93f5b3038034eb6356a2ad61915a54e1ff02e", 0xca}], 0x3, &(0x7f0000000e40)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0x10001}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @remote, @multicast2}}}, @ip_retopts={{0x2c, 0x0, 0x7, {[@generic={0x83, 0x11, "5702cbf1bedcf3b78ca8276b43c3a2"}, @noop, @timestamp={0x44, 0x8, 0xd9, 0x0, 0x2, [0x9]}]}}}], 0x98}}, {{&(0x7f0000000f00)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000f40)="1d04db41e6bb1acaa827755fba003870c4cc58cb19931afd19abc492b504ee1dd66240a403ee4b76d578881e355d9742fec808ba04aedc87df3239d556b3ead6615374c2351451a2db7c777c70eed03d529bef132ec13959e4b9c2d8f45837f03bdcd325f03efc4a2bf4df7276181be4186ac3cfce4fde8f350c98a109c56caec420cf241e38241d9f6a841ef8b41be234879d61201198bd3a3591e1db51932870232e376cb533ccbca0ba43e937d77e4da7e85679eb23de7f7d292fbc716775274da6721d94c885870c4b21938273c16afe6cb033799379be73b91b32", 0xdd}, {&(0x7f0000001040)="ee00b18a904ac21ebee976a212eb465ea55ca0aef1d3b7a24eee55138e67159d9239213dedfd1699de1567a4f6af58a04976", 0x32}], 0x2, &(0x7f0000001140)=[@ip_retopts={{0x8c, 0x0, 0x7, {[@cipso={0x86, 0x2d, 0xffffffffffffffff, [{0xe, 0x4, "51e7"}, {0x7, 0x5, "59a097"}, {0x6, 0x12, "3474ef74bca23d517a122adeedc11d3a"}, {0x0, 0xc, "2b28ad0b1bcbb03ff92f"}]}, @ssrr={0x89, 0xf, 0x1c, [@rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x11}, @local]}, @rr={0x7, 0x1b, 0x6c, [@private=0xa010101, @rand_addr=0x64010101, @private=0xa010100, @empty, @rand_addr=0x64010101, @rand_addr=0x64010100]}, @rr={0x7, 0x7, 0x9e, [@multicast2]}, @lsrr={0x83, 0xf, 0x95, [@loopback, @rand_addr=0x64010101, @broadcast]}, @generic={0x82, 0xd, "18969abf7256ddb8eeaaf7"}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @dev={0xac, 0x14, 0x14, 0x2b}, @multicast2}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @multicast2, @rand_addr=0x64010102}}}], 0xd0}}, {{&(0x7f0000001240)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f00000014c0)=[{&(0x7f0000001280)="29a857963210c5ac", 0x8}, {&(0x7f00000012c0)="16d12f416a96fa226cd46d1ff43f72beffba38d7f0e0a233518f1ee3bf87a1a0edf2be27c2ae026e526dbb74e921a8544f2b02fe1d17e91b5d3e89ead7f736b8dab1553ba246a53e0c991a45836e5c6fb42e44a5deb157df05c32737e67cf80da7e8505fd85ad30c2c5a990f1658e6f9879fc65a3bb38f0a4bd0e4a490e05a051525b6d908da5adbb45bf1403a820904d78258cc0d9710276d8c02ab236cbf6ec093ca655681b3fee72cfc0b2e42fea8bd0afac33172300e53ef298e889f34fcdf84ef9af3243bd85259648fb624373e810c0c7cf7917d19b1f9f5c5c8a91655a39a647327a201c0b21f8cbbd33ba8bc24122f6ec83c7a6b23d0", 0xfa}, {&(0x7f00000013c0)="c5575cabb1fbd00d7be2c389720943b3ace32a8a61934dff540d9c35571acbc551e021afd372db25de36b6c1b9a4bc75f9a8df8dea085705d715a66502c55bbe5fd1ae4adb74b9b3bcb24fd5201fc9ccf419505b73f581f20210ee938bc36e073f840ee2b366e21383bd92d502fa536aadcedf43ca0cef02e2812dadc325b6dc29c057e0bb14b6cff756cc5cc5e30f837ea2784052ae50bab332ef07dc08fd5c063349fd078b919bce6676b76374b69b760ff9e1998df2ff8d575aae1fe1007d6594891d756a31dbbf4e1222ba2d6efa7a8797795f", 0xd5}], 0x3, &(0x7f0000001500)=[@ip_ttl={{0x14, 0x0, 0x2, 0x10000}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x400}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x48}}], 0x90}}], 0x4, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa0)

506.725922ms ago: executing program 5 (id=1458):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x5}, {0x0, [0x30, 0x5f, 0x71]}}, &(0x7f0000000900)=""/205, 0x1d, 0xcd, 0x1, 0xf8b, 0x10000}, 0x28)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close(r0)
socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)
syz_emit_ethernet(0x52, &(0x7f0000000a00)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @multicast, @val={@val={0x88a8, 0x0, 0x1, 0x4}, {0x8100, 0x0, 0x0, 0x1}}, {@mpls_uc={0x8847, {[], @ipv6=@tcp={0x3, 0x6, "cb9bbd", 0x14, 0x6, 0xff, @private2, @empty, {[], {{0x4e24, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x4, 0x2, 0x0, 0x9}}}}}}}}, 0x0)

394.694794ms ago: executing program 0 (id=1459):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x110, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002c00000018000180140002006e657464657673696d30"], 0x2c}}, 0x0)

351.010204ms ago: executing program 0 (id=1460):
setuid(0x0)
r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x3c, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}]}]}, 0x3c}}, 0x400c040)
r5 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x2e}, 0x48, 0xffffffffffffffff)
r6 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r6, r5, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000240)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r8, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c"], 0x1d8}}, 0x0)
keyctl$KEYCTL_MOVE(0x4, r0, r0, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a30000000005c000000030a030000000000000000000300000009000b0073797a30000000000900010073797a3000000000140004800800024000000000080001"], 0xcc}}, 0x0)

236.820276ms ago: executing program 5 (id=1461):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x12, 0x0, &(0x7f0000000040))
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x402)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016000900014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0xc854)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0})

43.677379ms ago: executing program 0 (id=1462):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000850)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000080009000200000008000b"], 0x24}}, 0x10)

28.819269ms ago: executing program 2 (id=1463):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x0, <r1=>0x0}, 0x8)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x9c, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x800040, &(0x7f00000001c0), 0x1, 0x597, &(0x7f0000000b80)="$eJzs3U1sG2UaAOB3xvH2L9t0pV1pd9VDtYtUpKpO0h8onNorolKlHpC4lMhxoyhOHMUONFEO6b1C9IAA9VJucOAI4sABcUHiwpULiDNSRSOQmh7AyH9pm9jBKXWdxs8jjT3ffON5v2/G73hmNCMHMLCO1V7SiP9ExKUkYuShuqFoVh5rzLe+tpK/v7aST6JavfxzEklE3FtbybfmT5rvhyJiNSL+HRFfZSNOpFvjlpeWZyaKxcJCszxamZ0fLS8tn5yenZgqTBXmTr/40tlzZ86Onxrv3Pjszvp644ebb9/49pXbNz/+5Ohq/t2JJM7HcLPu4X48SY11ko3zm6af6UWwPkr63QAeS6aZ57VU+leMRKaZ9e1UR55q04Aeq+6LqO5Esrqj2YHdLNlZ/gN7Rus4oHb+2xoeOUDI9Pb4486FxglILe56c2jUDDWuTcT++rnJwV+SR85MauebR3rbNAbA6vWIGBsa2vr9T5rfv8c39iQaSE99eaGxobZu/3Rj/xNt9j/DrWunf1Fr/7e+Zf/3IH6mw/7vUpcxfnv9xw86xr8e8d+28ZON+Emb+GlEvNFl/FuvfX6uU131w4jj0T5+S7L99eHRq9PFwljjtW2ML44ffXm7/h/sEL9xzXZ//Wem3fqf77L/n3396f9Wt4n//P+33/7t1v+BiHiny/j/uPfRq53q7lxP7taOAna6/WvTbncZ/4Xzx77vUHWgy0UAAAAAAAAAAABtpPV72ZI0tzGeprlc4xnef8bBtFgqV05cLS3OTTbueTsS2bR1p9VIo5zUyuPN+3Fb5VObyqdb9xFnDtTLuXypONnnvgMAAAAAAAAAAAAAAAAAAMBucWjT8/+/ZurP/2/+u2pgr+r8l9/AXif/YXA9mv9JxL6+NQV4yvz+w8Cqyn8YXPIfBpf8h8El/2FwyX8YXPIfBpf8BwAAAAAAAAAAAAAAAAAAAAAAAACAnrh08WJtqN5fW8nXypNDS4szpTdPThbKM7nZxXwuX1qYz02VSlPFQi5fmv2z5RVLpfmxmFu8NloplCuj5aXlK7OlxbnKlenZianClUL2qfQKAAAAAAAAAAAAAAAAAAAAni3D9SFJcxGR1sfTNJeL+HtEHIlscnW6WBiLiMMR8V0mu69WHu93owEAAAAAAAAAAAAAAAAAAGCPKS8tz0wUi4WFARkZ2jLlm84zR8Tqk21GbYk7/lS2ua12yzp81kYObz9PJvrewt040ucdEwAAAAAAAAAAAAAAAAAADKAHD/12+4nfe9sgAAAAAAAAAAAAAAAAAAAAGEjpT0lE1IbjI88Nb679W7Keqb9HxFu3Lr93baJSWRivTb+7Mb3yfnP6qX60H+hWK09beQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8UF5anpkoFgsLPRzpdx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHscfAQAA//+aXtbd")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x802, 0xa2)
pwrite64(r4, &(0x7f0000000180)="f7", 0x1, 0x200980)
ioctl$FIBMAP(r4, 0x1, &(0x7f0000000000)=0x4)

5.584729ms ago: executing program 1 (id=1464):
r0 = syz_io_uring_setup(0x27b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x3, 0x313}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x0, 0x40000103})
io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=1465):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r1, 0x2285, 0x0)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd24", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

kernel console output (not intermixed with test programs):

4][ T7138] RSP: 002b:00007fb6eee17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  141.853117][ T7138] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ad33c
[  141.853133][ T7138] RDX: 000000000000000f RSI: 00007fb6eee170a0 RDI: 0000000000000005
[  141.853148][ T7138] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  141.853164][ T7138] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001
[  141.853179][ T7138] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  141.853263][ T7138]  </TASK>
[  142.066192][ T7074] can0 (unregistered): slcan off ttyS3.
[  142.076268][ T7141] loop4: detected capacity change from 0 to 1024
[  142.179493][ T7141] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.203038][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.234616][ T7156] lo speed is unknown, defaulting to 1000
[  142.272573][ T7141] ext4 filesystem being mounted at /211/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.299989][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.355829][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.616151][ T7178] lo speed is unknown, defaulting to 1000
[  142.616639][ T7172] __nla_validate_parse: 4 callbacks suppressed
[  142.616657][ T7172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1089'.
[  142.632423][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.637339][ T7172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1089'.
[  142.718429][ T7182] syzkaller1: entered promiscuous mode
[  142.724159][ T7182] syzkaller1: entered allmulticast mode
[  142.905498][ T7185] loop3: detected capacity change from 0 to 128
[  143.131163][ T7189] loop0: detected capacity change from 0 to 1024
[  143.161539][ T7189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.189381][ T7189] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.202735][ T7189] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1095: bg 0: block 393: padding at end of block bitmap is not set
[  143.218923][ T7189] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  143.231492][ T7189] EXT4-fs (loop0): This should not happen!! Data will be lost
[  143.231492][ T7189] 
[  143.241214][ T7189] EXT4-fs (loop0): Total free blocks count 0
[  143.247236][ T7189] EXT4-fs (loop0): Free/Dirty block details
[  143.253285][ T7189] EXT4-fs (loop0): free_blocks=0
[  143.258248][ T7189] EXT4-fs (loop0): dirty_blocks=16
[  143.263420][ T7189] EXT4-fs (loop0): Block reservation details
[  143.269427][ T7189] EXT4-fs (loop0): i_reserved_data_blocks=1
[  143.324524][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.379065][ T7200] loop2: detected capacity change from 0 to 1024
[  143.385641][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'.
[  143.395503][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'.
[  143.484369][ T7200] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.515145][ T7200] ext4 filesystem being mounted at /221/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.562282][ T7200] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1097: bg 0: block 393: padding at end of block bitmap is not set
[  143.562710][ T7200] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  143.562734][ T7200] EXT4-fs (loop2): This should not happen!! Data will be lost
[  143.562734][ T7200] 
[  143.562751][ T7200] EXT4-fs (loop2): Total free blocks count 0
[  143.562805][ T7200] EXT4-fs (loop2): Free/Dirty block details
[  143.562818][ T7200] EXT4-fs (loop2): free_blocks=0
[  143.562831][ T7200] EXT4-fs (loop2): dirty_blocks=16
[  143.562846][ T7200] EXT4-fs (loop2): Block reservation details
[  143.562859][ T7200] EXT4-fs (loop2): i_reserved_data_blocks=1
[  143.645093][ T7213] loop4: detected capacity change from 0 to 128
[  143.673574][ T7211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1101'.
[  143.683118][ T7211] loop1: detected capacity change from 0 to 512
[  143.735814][ T7211] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  143.745853][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.783781][ T1390] bio_check_eod: 206 callbacks suppressed
[  143.783798][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.783798][ T1390] loop3: rw=1, sector=153, nr_sectors = 8 limit=128
[  143.804197][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.804197][ T1390] loop3: rw=1, sector=169, nr_sectors = 8 limit=128
[  143.804238][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.804238][ T1390] loop3: rw=1, sector=185, nr_sectors = 8 limit=128
[  143.804321][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.804321][ T1390] loop3: rw=1, sector=201, nr_sectors = 8 limit=128
[  143.804361][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.804361][ T1390] loop3: rw=1, sector=217, nr_sectors = 8 limit=128
[  143.804395][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.804395][ T1390] loop3: rw=1, sector=233, nr_sectors = 8 limit=128
[  143.845589][ T7217] 9pnet_fd: Insufficient options for proto=fd
[  143.871532][ T7211] EXT4-fs (loop1): 1 truncate cleaned up
[  143.877900][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.877900][ T1390] loop3: rw=1, sector=249, nr_sectors = 8 limit=128
[  143.894124][ T7211] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.944189][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.944189][ T1390] loop3: rw=1, sector=265, nr_sectors = 8 limit=128
[  143.977082][ T7224] loop2: detected capacity change from 0 to 1024
[  143.981926][ T7223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1107'.
[  143.984607][ T1390] kworker/u8:6: attempt to access beyond end of device
[  143.984607][ T1390] loop3: rw=1, sector=281, nr_sectors = 8 limit=128
[  143.992480][ T7223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1107'.
[  144.008726][ T7224] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.028699][ T1390] kworker/u8:6: attempt to access beyond end of device
[  144.028699][ T1390] loop3: rw=1, sector=297, nr_sectors = 8 limit=128
[  144.040898][ T7224] ext4 filesystem being mounted at /223/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.075268][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.085158][ T7224] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1106: bg 0: block 393: padding at end of block bitmap is not set
[  144.112237][ T7224] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  144.125644][ T7224] EXT4-fs (loop2): This should not happen!! Data will be lost
[  144.125644][ T7224] 
[  144.127296][ T7235] loop1: detected capacity change from 0 to 2048
[  144.135341][ T7224] EXT4-fs (loop2): Total free blocks count 0
[  144.135361][ T7224] EXT4-fs (loop2): Free/Dirty block details
[  144.154663][ T7224] EXT4-fs (loop2): free_blocks=0
[  144.159694][ T7224] EXT4-fs (loop2): dirty_blocks=16
[  144.164888][ T7224] EXT4-fs (loop2): Block reservation details
[  144.170924][ T7224] EXT4-fs (loop2): i_reserved_data_blocks=1
[  144.178141][ T7235] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.193359][ T7235] EXT4-fs (loop1): shut down requested (0)
[  144.214758][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.225692][ T7238] lo speed is unknown, defaulting to 1000
[  144.226740][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.319254][ T7243] loop3: detected capacity change from 0 to 2048
[  144.329269][ T7236] lo speed is unknown, defaulting to 1000
[  144.371588][ T7243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.386623][ T7243] EXT4-fs (loop3): shut down requested (0)
[  144.429468][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.457820][ T7261] lo speed is unknown, defaulting to 1000
[  144.476031][ T7258] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1119'.
[  144.492251][ T7263] xt_hashlimit: size too large, truncated to 1048576
[  144.539975][ T7267] loop4: detected capacity change from 0 to 512
[  144.549671][ T7272] –: renamed from vxcan1 (while UP)
[  144.560307][ T7267] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  144.606210][ T7267] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.622077][ T7267] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.658877][ T7267] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1120: corrupted xattr block 19: overlapping e_value 
[  144.684861][ T7283] FAULT_INJECTION: forcing a failure.
[  144.684861][ T7283] name failslab, interval 1, probability 0, space 0, times 0
[  144.698405][ T7283] CPU: 1 UID: 0 PID: 7283 Comm: syz.1.1124 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  144.698446][ T7283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  144.698463][ T7283] Call Trace:
[  144.698472][ T7283]  <TASK>
[  144.698483][ T7283]  __dump_stack+0x1d/0x30
[  144.698511][ T7283]  dump_stack_lvl+0xe8/0x140
[  144.698617][ T7283]  dump_stack+0x15/0x1b
[  144.698663][ T7283]  should_fail_ex+0x265/0x280
[  144.698721][ T7283]  should_failslab+0x8c/0xb0
[  144.698753][ T7283]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  144.698867][ T7283]  ? __d_alloc+0x3d/0x350
[  144.698900][ T7283]  __d_alloc+0x3d/0x350
[  144.698952][ T7283]  d_alloc+0x2e/0x100
[  144.698982][ T7283]  vfs_tmpfile+0xe8/0x4d0
[  144.699025][ T7283]  ? path_lookupat+0x1fc/0x2a0
[  144.699059][ T7283]  do_tmpfile+0xa8/0x190
[  144.699100][ T7283]  path_openat+0x1dd7/0x2170
[  144.699137][ T7283]  ? _parse_integer_limit+0x170/0x190
[  144.699207][ T7283]  ? _parse_integer+0x27/0x40
[  144.699242][ T7283]  ? kstrtoull+0x111/0x140
[  144.699325][ T7283]  ? kstrtouint+0x76/0xc0
[  144.699362][ T7283]  do_filp_open+0x109/0x230
[  144.699414][ T7283]  do_sys_openat2+0xa6/0x110
[  144.699449][ T7283]  __x64_sys_open+0xe6/0x110
[  144.699517][ T7283]  x64_sys_call+0x14d4/0x2fb0
[  144.699543][ T7283]  do_syscall_64+0xd2/0x200
[  144.699565][ T7283]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  144.699665][ T7283]  ? clear_bhb_loop+0x40/0x90
[  144.699692][ T7283]  ? clear_bhb_loop+0x40/0x90
[  144.699795][ T7283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.699815][ T7283] RIP: 0033:0x7fb6f07ae929
[  144.699829][ T7283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.699856][ T7283] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  144.699877][ T7283] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  144.699891][ T7283] RDX: 000000000000050f RSI: 0000000000591002 RDI: 0000200000000100
[  144.699905][ T7283] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  144.699939][ T7283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.699954][ T7283] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  144.699978][ T7283]  </TASK>
[  144.708100][ T7267] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  144.740137][ T7281] loop0: detected capacity change from 0 to 2048
[  144.775077][ T7267] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1120: corrupted xattr block 19: overlapping e_value 
[  144.888078][ T7281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.914988][ T7267] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  144.929270][ T7281] EXT4-fs (loop0): shut down requested (0)
[  144.948226][ T7267] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1120: corrupted xattr block 19: overlapping e_value 
[  145.006866][ T7292] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  145.006866][ T7292]    program syz.1.1126 not setting count and/or reply_len properly
[  145.041012][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.051132][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.094963][ T7296] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1130'.
[  145.104056][ T7296] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1130'.
[  145.178031][ T7306] loop4: detected capacity change from 0 to 512
[  145.194531][ T7301] loop3: detected capacity change from 0 to 512
[  145.203116][ T7306] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  145.208458][ T7307] lo speed is unknown, defaulting to 1000
[  145.236748][ T7301] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  145.254722][ T7306] EXT4-fs (loop4): 1 truncate cleaned up
[  145.263907][ T7309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.281347][ T7306] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.300724][ T7301] EXT4-fs (loop3): 1 truncate cleaned up
[  145.302497][ T7309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.314260][ T7301] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.348295][ T7320] loop2: detected capacity change from 0 to 512
[  145.357744][ T7320] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.1135: corrupted in-inode xattr: invalid ea_ino
[  145.371517][ T7320] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1135: couldn't read orphan inode 15 (err -117)
[  145.384627][ T7320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.412834][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.471818][ T7327] loop2: detected capacity change from 0 to 512
[  145.478983][ T7327] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  145.489985][ T7327] EXT4-fs (loop2): 1 truncate cleaned up
[  145.496423][ T7327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.523366][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.738667][ T7341] loop2: detected capacity change from 0 to 512
[  145.745478][ T7341] EXT4-fs: Ignoring removed bh option
[  145.752648][ T7341] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  145.762094][ T7341] EXT4-fs (loop2): 1 truncate cleaned up
[  145.768021][ T7341] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.997112][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.278541][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.289098][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.346729][ T7354] loop4: detected capacity change from 0 to 128
[  146.388108][   T29] kauditd_printk_skb: 296 callbacks suppressed
[  146.388123][   T29] audit: type=1400 audit(1752304182.065:2158): avc:  denied  { write } for  pid=7356 comm="syz.2.1150" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  146.540187][   T29] audit: type=1400 audit(1752304182.215:2159): avc:  denied  { validate_trans } for  pid=7364 comm="syz.2.1153" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  146.570076][   T29] audit: type=1400 audit(1752304182.235:2160): avc:  denied  { append } for  pid=7367 comm="syz.1.1152" name="loop0" dev="devtmpfs" ino=1519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  146.607855][ T7366] loop3: detected capacity change from 0 to 4096
[  146.635642][   T29] audit: type=1400 audit(1752304182.315:2161): avc:  denied  { create } for  pid=7367 comm="syz.1.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  146.660314][ T7366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.668294][   T29] audit: type=1400 audit(1752304182.325:2162): avc:  denied  { connect } for  pid=7367 comm="syz.1.1152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  146.711749][   T29] audit: type=1400 audit(1752304182.395:2163): avc:  denied  { create } for  pid=7369 comm="syz.2.1154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  146.737358][ T7375] loop2: detected capacity change from 0 to 2048
[  146.742227][   T29] audit: type=1400 audit(1752304182.405:2164): avc:  denied  { setopt } for  pid=7369 comm="syz.2.1154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  146.800561][ T7375]  loop2: p1 < > p4
[  146.811118][ T7375] loop2: p4 size 8388608 extends beyond EOD, truncated
[  146.843747][   T29] audit: type=1400 audit(1752304182.525:2165): avc:  denied  { mounton } for  pid=7362 comm="syz.3.1151" path="/230/file0/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  146.867845][   T29] audit: type=1400 audit(1752304182.525:2166): avc:  denied  { mount } for  pid=7362 comm="syz.3.1151" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  146.898611][   T29] audit: type=1400 audit(1752304182.525:2167): avc:  denied  { mounton } for  pid=7362 comm="syz.3.1151" path="/230/file0/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  146.922478][ T7377] loop1: detected capacity change from 0 to 512
[  146.961971][ T2996]  loop2: p1 < > p4
[  146.968356][ T2996] loop2: p4 size 8388608 extends beyond EOD, truncated
[  146.978605][ T7377] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.1155: corrupted in-inode xattr: invalid ea_ino
[  147.024610][ T7375] SELinux: ebitmap: truncated map
[  147.030395][ T7375] SELinux: failed to load policy
[  147.048900][ T7377] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1155: couldn't read orphan inode 15 (err -117)
[  147.114810][ T7377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.175057][ T7377] FAULT_INJECTION: forcing a failure.
[  147.175057][ T7377] name failslab, interval 1, probability 0, space 0, times 0
[  147.187892][ T7377] CPU: 0 UID: 0 PID: 7377 Comm: syz.1.1155 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  147.187920][ T7377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.187935][ T7377] Call Trace:
[  147.187944][ T7377]  <TASK>
[  147.187954][ T7377]  __dump_stack+0x1d/0x30
[  147.188009][ T7377]  dump_stack_lvl+0xe8/0x140
[  147.188028][ T7377]  dump_stack+0x15/0x1b
[  147.188043][ T7377]  should_fail_ex+0x265/0x280
[  147.188074][ T7377]  should_failslab+0x8c/0xb0
[  147.188132][ T7377]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  147.188157][ T7377]  ? __d_alloc+0x3d/0x350
[  147.188233][ T7377]  __d_alloc+0x3d/0x350
[  147.188302][ T7377]  d_alloc_parallel+0x53/0xc40
[  147.188332][ T7377]  ? __rcu_read_unlock+0x4f/0x70
[  147.188386][ T7377]  ? __d_lookup+0x316/0x340
[  147.188408][ T7377]  ? try_to_unlazy+0x25e/0x3a0
[  147.188480][ T7377]  path_openat+0x6b5/0x2170
[  147.188524][ T7377]  do_filp_open+0x109/0x230
[  147.188558][ T7377]  do_sys_openat2+0xa6/0x110
[  147.188611][ T7377]  __x64_sys_openat+0xf2/0x120
[  147.188637][ T7377]  x64_sys_call+0x1af/0x2fb0
[  147.188657][ T7377]  do_syscall_64+0xd2/0x200
[  147.188674][ T7377]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  147.188700][ T7377]  ? clear_bhb_loop+0x40/0x90
[  147.188719][ T7377]  ? clear_bhb_loop+0x40/0x90
[  147.188742][ T7377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.188823][ T7377] RIP: 0033:0x7fb6f07ae929
[  147.188837][ T7377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.188868][ T7377] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  147.188894][ T7377] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  147.188911][ T7377] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c
[  147.188927][ T7377] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  147.188942][ T7377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.188957][ T7377] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  147.188981][ T7377]  </TASK>
[  147.451685][ T2996]  loop2: p1 < > p4
[  147.456402][ T2996] loop2: p4 size 8388608 extends beyond EOD, truncated
[  147.475410][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.513241][ T7383] loop2: detected capacity change from 0 to 2048
[  147.599251][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  147.610598][ T3544] udevd[3544]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  147.629168][ T7392] loop4: detected capacity change from 0 to 512
[  147.680843][ T7392] journal_path: Lookup failure for './file0/../file0'
[  147.687715][ T7392] EXT4-fs: error: could not find journal device path
[  147.719706][ T7383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.770635][ T7392] siw: device registration error -23
[  147.905021][ T3307] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 131109
[  147.926911][ T3307] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 131109
[  147.951879][ T7397] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7397 comm=syz.4.1162
[  147.977628][ T7395] lo speed is unknown, defaulting to 1000
[  147.998884][ T7390] can0: slcan on ttyS3.
[  148.008027][ T7390] loop1: detected capacity change from 0 to 1024
[  148.060616][ T7390] EXT4-fs: Ignoring removed nobh option
[  148.066250][ T7390] EXT4-fs: inline encryption not supported
[  148.093414][ T7390] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  148.164295][  T296] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.183310][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.198627][ T7390] loop1: detected capacity change from 0 to 512
[  148.244364][ T7402] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  148.244364][ T7402]    program syz.0.1164 not setting count and/or reply_len properly
[  148.276763][ T7390] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.305794][ T7390] ext4 filesystem being mounted at /233/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  148.317085][  T296] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.361170][ T7411] loop0: detected capacity change from 0 to 1024
[  148.363503][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.387431][  T296] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.417153][ T7411] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.430350][ T7389] can0 (unregistered): slcan off ttyS3.
[  148.481606][  T296] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.575815][ T7411] ÿ: renamed from bond_slave_0 (while UP)
[  148.589786][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.640511][ T7411] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.659656][ T7411] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  148.686001][ T7435] loop2: detected capacity change from 0 to 512
[  148.692439][ T7438] loop4: detected capacity change from 0 to 512
[  148.711246][ T7411] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  148.718735][ T7438] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  148.736507][ T7435] journal_path: Lookup failure for './file0/../file0'
[  148.744119][ T7435] EXT4-fs: error: could not find journal device path
[  148.751863][  T296] bridge_slave_1: left allmulticast mode
[  148.757608][  T296] bridge_slave_1: left promiscuous mode
[  148.763367][  T296] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.794631][ T7438] EXT4-fs (loop4): 1 truncate cleaned up
[  148.818860][ T7438] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.839757][ T7451] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  148.839757][ T7451]    program syz.1.1171 not setting count and/or reply_len properly
[  148.858687][ T7435] siw: device registration error -23
[  148.864985][  T296] bridge_slave_0: left allmulticast mode
[  148.871384][  T296] bridge_slave_0: left promiscuous mode
[  148.877076][  T296] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.946320][ T3372] IPv4: Oversized IP packet from 127.0.0.1
[  148.952373][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  148.958310][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  148.973267][ T3372] IPv4: Oversized IP packet from 127.0.0.1
[  148.979258][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  148.985159][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  149.082739][  T296] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.101437][  T296] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.111261][  T296] bond0 (unregistering): Released all slaves
[  149.139789][ T7466] __nla_validate_parse: 7 callbacks suppressed
[  149.146074][ T7466] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1174'.
[  149.155129][ T7466] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1174'.
[  149.168042][ T7468] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1175'.
[  149.177087][ T7468] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1175'.
[  149.218679][ T7475] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  149.227857][  T296] hsr_slave_0: left promiscuous mode
[  149.241842][  T296] hsr_slave_1: left promiscuous mode
[  149.257089][  T296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.264604][  T296] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.279473][  T296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  149.287703][  T296] batman_adv: batadv0: Removing interface: batadv_slave_1
[  149.312278][ T7479] random: crng reseeded on system resumption
[  149.312871][  T296] veth1_macvtap: left promiscuous mode
[  149.336328][ T7481] loop0: detected capacity change from 0 to 512
[  149.340109][  T296] veth0_macvtap: left promiscuous mode
[  149.348183][  T296] veth1_vlan: left promiscuous mode
[  149.356841][  T296] veth0_vlan: left promiscuous mode
[  149.375958][ T7481] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.390660][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1179'.
[  149.444845][ T7486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1179'.
[  149.467573][  T296] team0 (unregistering): Port device team_slave_1 removed
[  149.480087][  T296] team0 (unregistering): Port device team_slave_0 removed
[  149.541322][ T7481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.555229][ T7491] loop2: detected capacity change from 0 to 256
[  149.569898][ T3574] infiniband syz1: ib_query_port failed (-19)
[  149.576126][ T3372] lo speed is unknown, defaulting to 1000
[  149.582539][ T3372] syz0: Port: 1 Link DOWN
[  149.588062][ T7481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.599707][ T7490] loop4: detected capacity change from 0 to 2048
[  149.605975][ T7491] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  149.626481][ T7493] loop1: detected capacity change from 0 to 512
[  149.634819][ T7493] EXT4-fs (loop1): bad block size 65536
[  149.654494][ T7490] EXT4-fs (loop4): shut down requested (0)
[  149.769354][ T7504] hsr0: entered promiscuous mode
[  149.782953][ T7505] FAULT_INJECTION: forcing a failure.
[  149.782953][ T7505] name failslab, interval 1, probability 0, space 0, times 0
[  149.795631][ T7505] CPU: 0 UID: 0 PID: 7505 Comm: syz.1.1182 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  149.795739][ T7505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.795755][ T7505] Call Trace:
[  149.795764][ T7505]  <TASK>
[  149.795774][ T7505]  __dump_stack+0x1d/0x30
[  149.795866][ T7505]  dump_stack_lvl+0xe8/0x140
[  149.795891][ T7505]  dump_stack+0x15/0x1b
[  149.795912][ T7505]  should_fail_ex+0x265/0x280
[  149.795945][ T7505]  should_failslab+0x8c/0xb0
[  149.795966][ T7505]  kmem_cache_alloc_node_noprof+0x57/0x320
[  149.796026][ T7505]  ? __alloc_skb+0x101/0x320
[  149.796063][ T7505]  __alloc_skb+0x101/0x320
[  149.796112][ T7505]  alloc_uevent_skb+0x5c/0x120
[  149.796141][ T7505]  kobject_uevent_net_broadcast+0x23c/0x410
[  149.796169][ T7505]  kobject_uevent_env+0x43d/0x570
[  149.796221][ T7505]  kobject_uevent+0x1d/0x30
[  149.796253][ T7505]  device_del+0x710/0x790
[  149.796276][ T7505]  ? __try_to_del_timer_sync+0x152/0x170
[  149.796336][ T7505]  device_unregister+0x15/0x40
[  149.796363][ T7505]  wakeup_source_sysfs_remove+0x25/0x30
[  149.796394][ T7505]  wakeup_source_unregister+0xf0/0x330
[  149.796414][ T7505]  ep_destroy_wakeup_source+0x3a/0x50
[  149.796503][ T7505]  ep_modify+0xb3/0x490
[  149.796529][ T7505]  do_epoll_ctl+0x62c/0x8c0
[  149.796555][ T7505]  __x64_sys_epoll_ctl+0xcb/0x100
[  149.796580][ T7505]  x64_sys_call+0x26ef/0x2fb0
[  149.796607][ T7505]  do_syscall_64+0xd2/0x200
[  149.796636][ T7505]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  149.796667][ T7505]  ? clear_bhb_loop+0x40/0x90
[  149.796686][ T7505]  ? clear_bhb_loop+0x40/0x90
[  149.796707][ T7505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.796730][ T7505] RIP: 0033:0x7fb6f07ae929
[  149.796790][ T7505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.796807][ T7505] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  149.796825][ T7505] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  149.796840][ T7505] RDX: 0000000000000007 RSI: 0000000000000003 RDI: 0000000000000006
[  149.796855][ T7505] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  149.796870][ T7505] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  149.796905][ T7505] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  149.796968][ T7505]  </TASK>
[  149.810196][ T7503] hsr0: left promiscuous mode
[  149.964780][ T7513] loop2: detected capacity change from 0 to 512
[  150.066602][ T7510] loop1: detected capacity change from 0 to 256
[  150.108939][ T7510] FAT-fs (loop1): Directory bread(block 64) failed
[  150.128735][ T7425] chnl_net:caif_netlink_parms(): no params data found
[  150.141744][ T7513] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.1184: bad orphan inode 15
[  150.153986][ T7510] FAT-fs (loop1): Directory bread(block 65) failed
[  150.154220][ T7513] ext4_test_bit(bit=14, block=5) = 0
[  150.191286][ T7510] FAT-fs (loop1): Directory bread(block 66) failed
[  150.198095][ T7510] FAT-fs (loop1): Directory bread(block 67) failed
[  150.205199][ T7510] FAT-fs (loop1): Directory bread(block 68) failed
[  150.212568][ T7510] FAT-fs (loop1): Directory bread(block 69) failed
[  150.219152][ T7510] FAT-fs (loop1): Directory bread(block 70) failed
[  150.225860][ T7510] FAT-fs (loop1): Directory bread(block 71) failed
[  150.232506][ T7510] FAT-fs (loop1): Directory bread(block 72) failed
[  150.242626][ T7510] FAT-fs (loop1): Directory bread(block 73) failed
[  150.251073][ T7513] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  150.295104][ T7510] bio_check_eod: 214 callbacks suppressed
[  150.295118][ T7510] syz.1.1185: attempt to access beyond end of device
[  150.295118][ T7510] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  150.315336][ T7510] syz.1.1185: attempt to access beyond end of device
[  150.315336][ T7510] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256
[  150.353908][ T7527] loop4: detected capacity change from 0 to 1024
[  150.367287][ T7527] EXT4-fs: Ignoring removed orlov option
[  150.399153][ T7527] serio: Serial port ptm0
[  150.447126][ T7425] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.454301][ T7425] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.622675][ T7425] bridge_slave_0: entered allmulticast mode
[  150.627014][ T7549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.630722][ T7425] bridge_slave_0: entered promiscuous mode
[  150.641666][ T7549] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.665908][ T7425] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.673131][ T7425] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.782604][ T7425] bridge_slave_1: entered allmulticast mode
[  150.804055][ T7552] loop1: detected capacity change from 0 to 2048
[  150.828933][ T7425] bridge_slave_1: entered promiscuous mode
[  151.066023][ T7425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  151.184276][ T7425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  151.267146][ T7425] team0: Port device team_slave_0 added
[  151.284427][ T7425] team0: Port device team_slave_1 added
[  151.399763][ T7569] 9pnet_fd: Insufficient options for proto=fd
[  151.420399][ T7425] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.427502][ T7425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.453536][ T7425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.475111][ T7425] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.482212][ T7425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.508215][ T7425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.524975][ T7569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1194'.
[  151.534032][ T7569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1194'.
[  151.639977][ T7425] hsr_slave_0: entered promiscuous mode
[  151.655822][ T7586] loop2: detected capacity change from 0 to 764
[  151.660654][ T7425] hsr_slave_1: entered promiscuous mode
[  151.680140][ T7425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  151.688370][ T7586] rock: directory entry would overflow storage
[  151.694767][ T7586] rock: sig=0x4654, size=5, remaining=4
[  151.699104][ T7425] Cannot create hsr debugfs directory
[  151.716525][ T7588] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  151.716525][ T7588]    program syz.0.1198 not setting count and/or reply_len properly
[  151.721696][   T29] kauditd_printk_skb: 187 callbacks suppressed
[  151.721715][   T29] audit: type=1400 audit(1752304187.395:2355): avc:  denied  { mount } for  pid=7585 comm="syz.2.1197" name="/" dev="loop2" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  151.791455][   T29] audit: type=1400 audit(1752304187.465:2356): avc:  denied  { read } for  pid=7585 comm="syz.2.1197" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  151.814693][   T29] audit: type=1400 audit(1752304187.465:2357): avc:  denied  { open } for  pid=7585 comm="syz.2.1197" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  151.839438][   T29] audit: type=1400 audit(1752304187.475:2358): avc:  denied  { ioctl } for  pid=7585 comm="syz.2.1197" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  151.899556][   T29] audit: type=1400 audit(1752304187.555:2359): avc:  denied  { unmount } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  151.992253][ T7595] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  151.992253][ T7595]    program syz.2.1199 not setting count and/or reply_len properly
[  151.994249][ T7600] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1201'.
[  152.113969][ T7611] loop2: detected capacity change from 0 to 512
[  152.120967][ T7611] EXT4-fs: Ignoring removed bh option
[  152.129049][ T7425] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  152.146135][ T7611] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  152.164211][ T7425] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  152.226664][ T7425] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  152.247755][ T7611] EXT4-fs (loop2): 1 truncate cleaned up
[  152.362512][ T7425] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  152.387499][   T29] audit: type=1400 audit(1752304188.065:2360): avc:  denied  { write } for  pid=7624 comm="syz.4.1205" path="<no_memory>" dev="sockfs" ino=16982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  152.745670][ T7425] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.837007][ T7425] 8021q: adding VLAN 0 to HW filter on device team0
[  152.909573][ T1390] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.916716][ T1390] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.951750][  T296] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.959010][  T296] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.135605][ T7651] netlink: 'syz.0.1211': attribute type 11 has an invalid length.
[  153.143609][ T7651] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1211'.
[  153.159686][ T7651] loop0: detected capacity change from 0 to 128
[  153.167448][ T7651] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[  153.235492][ T3297] udevd[3297]: incorrect ext4 checksum on /dev/loop0
[  153.350167][ T3297] udevd[3297]: incorrect ext4 checksum on /dev/loop0
[  153.520335][   T29] audit: type=1400 audit(1752304189.195:2361): avc:  denied  { write } for  pid=7662 comm="syz.1.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  153.551495][   T29] audit: type=1400 audit(1752304189.235:2362): avc:  denied  { read } for  pid=7662 comm="syz.1.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  153.572261][   T29] audit: type=1400 audit(1752304189.235:2363): avc:  denied  { bind } for  pid=7662 comm="syz.1.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  153.597100][ T7425] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.662356][ T7672] loop4: detected capacity change from 0 to 1024
[  153.697465][ T7677] IPv6: Can't replace route, no match found
[  153.703942][ T7677] netlink: 'syz.2.1213': attribute type 13 has an invalid length.
[  153.762768][ T7677] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  153.805983][   T29] audit: type=1400 audit(1752304189.475:2364): avc:  denied  { bind } for  pid=7675 comm="syz.2.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  153.826671][ T7685] loop1: detected capacity change from 0 to 512
[  153.900279][ T7685] EXT4-fs: Ignoring removed bh option
[  153.970331][ T7685] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  154.074204][ T7685] EXT4-fs (loop1): 1 truncate cleaned up
[  154.132064][ T7425] veth0_vlan: entered promiscuous mode
[  154.256730][ T7425] veth1_vlan: entered promiscuous mode
[  154.286934][ T7425] veth0_macvtap: entered promiscuous mode
[  154.294942][ T7425] veth1_macvtap: entered promiscuous mode
[  154.314608][ T7425] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.496196][ T7425] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.589121][ T7425] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.598017][ T7425] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.606770][ T7425] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.616299][ T7425] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.856782][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1216'.
[  154.866540][ T7694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1216'.
[  154.875655][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1216'.
[  154.895314][ T7694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1216'.
[  154.904377][ T7694] netlink: 'syz.2.1216': attribute type 6 has an invalid length.
[  155.061103][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1225'.
[  155.070145][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1225'.
[  155.138667][ T7767] loop5: detected capacity change from 0 to 128
[  155.149298][ T7756] loop0: detected capacity change from 0 to 2048
[  155.199736][ T7767] $Hÿ: renamed from bond0 (while UP)
[  155.207199][ T7767] $Hÿ: entered promiscuous mode
[  155.212356][ T7767] bond_slave_0: entered promiscuous mode
[  155.218200][ T7767] bond_slave_1: entered promiscuous mode
[  156.489078][ T7831] loop2: detected capacity change from 0 to 8192
[  156.512482][ T7841] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.559357][ T3312] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  156.567270][ T3312] FAT-fs (loop2): Filesystem has been set read-only
[  156.645395][ T7859] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1244'.
[  156.687812][ T7859] loop2: detected capacity change from 0 to 128
[  156.698246][ T7854] loop4: detected capacity change from 0 to 8192
[  156.709062][ T7859] vfat: Unknown parameter '0xffffffffffffffff'
[  156.726469][ T7857] loop1: detected capacity change from 0 to 512
[  156.755833][ T7857] EXT4-fs (loop1): can't read group descriptor 0
[  156.819290][ T7868] loop4: detected capacity change from 0 to 512
[  156.832619][ T7857] loop1: detected capacity change from 0 to 2048
[  156.853535][ T7868] journal_path: Lookup failure for './file0/../file0'
[  156.860392][ T7868] EXT4-fs: error: could not find journal device path
[  156.883473][ T7857] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1245'.
[  156.922563][ T7868] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  156.949208][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  156.949227][   T29] audit: type=1400 audit(1752304192.625:2379): avc:  denied  { read write } for  pid=7878 comm="syz.2.1248" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  156.978898][   T29] audit: type=1400 audit(1752304192.625:2380): avc:  denied  { open } for  pid=7878 comm="syz.2.1248" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  157.003268][    T9] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  157.015832][ T7879] loop2: detected capacity change from 0 to 1024
[  157.033395][    T9] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  157.044599][ T7879] EXT4-fs: Ignoring removed oldalloc option
[  157.056235][ T7879] EXT4-fs: Ignoring removed nomblk_io_submit option
[  157.068636][   T29] audit: type=1400 audit(1752304192.755:2381): avc:  denied  { append } for  pid=7882 comm="syz.1.1249" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  157.091893][   T29] audit: type=1326 audit(1752304192.755:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.115335][   T29] audit: type=1326 audit(1752304192.755:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.138867][   T29] audit: type=1326 audit(1752304192.755:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.153257][ T7879] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  157.162457][   T29] audit: type=1326 audit(1752304192.755:2385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.162497][   T29] audit: type=1326 audit(1752304192.755:2386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.162591][   T29] audit: type=1326 audit(1752304192.755:2387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.162627][   T29] audit: type=1326 audit(1752304192.755:2388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.1.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  157.292175][ T7889] can0: slcan on ttyS3.
[  157.328787][ T7849] loop0: detected capacity change from 0 to 1024
[  157.348233][ T7849] EXT4-fs: Ignoring removed nobh option
[  157.354047][ T7849] EXT4-fs: inline encryption not supported
[  157.448778][ T7849] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  157.504276][ T7900] loop4: detected capacity change from 0 to 2048
[  157.514289][ T7888] 8021q: VLANs not supported on ip6_vti0
[  157.610716][ T7847] can0 (unregistered): slcan off ttyS3.
[  158.071327][ T7943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1253'.
[  158.080507][ T7943] FAULT_INJECTION: forcing a failure.
[  158.080507][ T7943] name failslab, interval 1, probability 0, space 0, times 0
[  158.098947][ T7943] CPU: 0 UID: 0 PID: 7943 Comm: syz.2.1253 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  158.098983][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.099006][ T7943] Call Trace:
[  158.099014][ T7943]  <TASK>
[  158.099023][ T7943]  __dump_stack+0x1d/0x30
[  158.099049][ T7943]  dump_stack_lvl+0xe8/0x140
[  158.099084][ T7943]  dump_stack+0x15/0x1b
[  158.099102][ T7943]  should_fail_ex+0x265/0x280
[  158.099136][ T7943]  should_failslab+0x8c/0xb0
[  158.099157][ T7943]  kmem_cache_alloc_noprof+0x50/0x310
[  158.099201][ T7943]  ? security_file_alloc+0x32/0x100
[  158.099246][ T7943]  security_file_alloc+0x32/0x100
[  158.099338][ T7943]  init_file+0x5c/0x1d0
[  158.099365][ T7943]  alloc_empty_file+0x8b/0x200
[  158.099455][ T7943]  alloc_file_pseudo+0xc6/0x160
[  158.099519][ T7943]  __shmem_file_setup+0x1de/0x210
[  158.099557][ T7943]  shmem_file_setup+0x3b/0x50
[  158.099586][ T7943]  __se_sys_memfd_create+0x2c3/0x590
[  158.099661][ T7943]  __x64_sys_memfd_create+0x31/0x40
[  158.099698][ T7943]  x64_sys_call+0x122f/0x2fb0
[  158.099726][ T7943]  do_syscall_64+0xd2/0x200
[  158.099760][ T7943]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  158.099792][ T7943]  ? clear_bhb_loop+0x40/0x90
[  158.099812][ T7943]  ? clear_bhb_loop+0x40/0x90
[  158.099839][ T7943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.099869][ T7943] RIP: 0033:0x7f6b82cfe929
[  158.099887][ T7943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.099911][ T7943] RSP: 002b:00007f6b81345e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  158.099931][ T7943] RAX: ffffffffffffffda RBX: 0000000000000269 RCX: 00007f6b82cfe929
[  158.099945][ T7943] RDX: 00007f6b81345ef0 RSI: 0000000000000000 RDI: 00007f6b82d814cc
[  158.100011][ T7943] RBP: 0000200000000a00 R08: 00007f6b81345bb7 R09: 00007f6b81345e40
[  158.100074][ T7943] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000740
[  158.100089][ T7943] R13: 00007f6b81345ef0 R14: 00007f6b81345eb0 R15: 0000200000000380
[  158.100119][ T7943]  </TASK>
[  158.528667][ T7946] loop0: detected capacity change from 0 to 8192
[  158.605846][ T7948] 9pnet_fd: Insufficient options for proto=fd
[  158.615161][ T7841] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.669998][ T7946] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  158.678693][ T7946] FAT-fs (loop0): Filesystem has been set read-only
[  158.772820][ T7957] loop1: detected capacity change from 0 to 512
[  158.791916][ T7957] EXT4-fs: Ignoring removed mblk_io_submit option
[  158.798461][ T7957] EXT4-fs: Ignoring removed nobh option
[  158.804165][ T7957] EXT4-fs: Ignoring removed oldalloc option
[  158.901534][ T7959] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  159.032902][ T7841] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.272568][ T7841] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.383355][ T7841] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.395377][ T7972] FAULT_INJECTION: forcing a failure.
[  159.395377][ T7972] name failslab, interval 1, probability 0, space 0, times 0
[  159.408856][ T7972] CPU: 1 UID: 0 PID: 7972 Comm: syz.4.1260 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  159.408959][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.409022][ T7972] Call Trace:
[  159.409029][ T7972]  <TASK>
[  159.409039][ T7972]  __dump_stack+0x1d/0x30
[  159.409065][ T7972]  dump_stack_lvl+0xe8/0x140
[  159.409090][ T7972]  dump_stack+0x15/0x1b
[  159.409112][ T7972]  should_fail_ex+0x265/0x280
[  159.409314][ T7972]  should_failslab+0x8c/0xb0
[  159.409342][ T7972]  __kvmalloc_node_noprof+0x123/0x4e0
[  159.409373][ T7972]  ? file_tty_write+0x1a8/0x670
[  159.409401][ T7972]  file_tty_write+0x1a8/0x670
[  159.409488][ T7972]  ? __pfx_tty_write+0x10/0x10
[  159.409514][ T7972]  tty_write+0x25/0x30
[  159.409545][ T7972]  vfs_write+0x4a0/0x8e0
[  159.409605][ T7972]  ksys_write+0xda/0x1a0
[  159.409638][ T7972]  __x64_sys_write+0x40/0x50
[  159.409673][ T7972]  x64_sys_call+0x2cdd/0x2fb0
[  159.409699][ T7972]  do_syscall_64+0xd2/0x200
[  159.409716][ T7972]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  159.409741][ T7972]  ? clear_bhb_loop+0x40/0x90
[  159.409761][ T7972]  ? clear_bhb_loop+0x40/0x90
[  159.409874][ T7972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.409962][ T7972] RIP: 0033:0x7fcf9c67e929
[  159.409979][ T7972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.410030][ T7972] RSP: 002b:00007fcf9ace7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.410054][ T7972] RAX: ffffffffffffffda RBX: 00007fcf9c8a5fa0 RCX: 00007fcf9c67e929
[  159.410114][ T7972] RDX: 0000000000001006 RSI: 00002000000010c0 RDI: 0000000000000004
[  159.410137][ T7972] RBP: 00007fcf9ace7090 R08: 0000000000000000 R09: 0000000000000000
[  159.410149][ T7972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.410160][ T7972] R13: 0000000000000000 R14: 00007fcf9c8a5fa0 R15: 00007ffcc3d60e58
[  159.410178][ T7972]  </TASK>
[  159.607519][ T7841] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.625983][ T7841] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.658156][ T7976] SELinux:  policydb version 1869407660 does not match my version range 15-34
[  159.670938][ T7841] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.691517][ T7976] SELinux: failed to load policy
[  159.866954][ T7994] FAULT_INJECTION: forcing a failure.
[  159.866954][ T7994] name failslab, interval 1, probability 0, space 0, times 0
[  159.879865][ T7994] CPU: 0 UID: 0 PID: 7994 Comm: syz.1.1266 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  159.879900][ T7994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.879991][ T7994] Call Trace:
[  159.879998][ T7994]  <TASK>
[  159.880007][ T7994]  __dump_stack+0x1d/0x30
[  159.880030][ T7994]  dump_stack_lvl+0xe8/0x140
[  159.880054][ T7994]  dump_stack+0x15/0x1b
[  159.880075][ T7994]  should_fail_ex+0x265/0x280
[  159.880152][ T7994]  should_failslab+0x8c/0xb0
[  159.880256][ T7994]  kmem_cache_alloc_node_noprof+0x57/0x320
[  159.880308][ T7994]  ? dup_task_struct+0x70/0x6a0
[  159.880340][ T7994]  dup_task_struct+0x70/0x6a0
[  159.880370][ T7994]  ? _parse_integer+0x27/0x40
[  159.880403][ T7994]  copy_process+0x399/0x1f90
[  159.880497][ T7994]  ? kstrtouint+0x76/0xc0
[  159.880527][ T7994]  ? kstrtouint_from_user+0x9f/0xf0
[  159.880559][ T7994]  ? __rcu_read_unlock+0x4f/0x70
[  159.880595][ T7994]  kernel_clone+0x16c/0x5b0
[  159.880707][ T7994]  ? vfs_write+0x75e/0x8e0
[  159.880741][ T7994]  __x64_sys_clone+0xe6/0x120
[  159.880791][ T7994]  x64_sys_call+0x2c59/0x2fb0
[  159.880816][ T7994]  do_syscall_64+0xd2/0x200
[  159.880838][ T7994]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  159.880911][ T7994]  ? clear_bhb_loop+0x40/0x90
[  159.880931][ T7994]  ? clear_bhb_loop+0x40/0x90
[  159.881008][ T7994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.881029][ T7994] RIP: 0033:0x7fb6f07ae929
[  159.881043][ T7994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.881086][ T7994] RSP: 002b:00007fb6eee16fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  159.881109][ T7994] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  159.881125][ T7994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000042000000
[  159.881143][ T7994] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  159.881157][ T7994] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  159.881237][ T7994] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  159.881380][ T7994]  </TASK>
[  160.142108][ T7992] loop2: detected capacity change from 0 to 8192
[  160.161923][ T7992] FAULT_INJECTION: forcing a failure.
[  160.161923][ T7992] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  160.175297][ T7992] CPU: 0 UID: 0 PID: 7992 Comm: syz.2.1267 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  160.175328][ T7992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  160.175340][ T7992] Call Trace:
[  160.175346][ T7992]  <TASK>
[  160.175353][ T7992]  __dump_stack+0x1d/0x30
[  160.175394][ T7992]  dump_stack_lvl+0xe8/0x140
[  160.175418][ T7992]  dump_stack+0x15/0x1b
[  160.175439][ T7992]  should_fail_ex+0x265/0x280
[  160.175528][ T7992]  should_fail_alloc_page+0xf2/0x100
[  160.175580][ T7992]  __alloc_frozen_pages_noprof+0xff/0x360
[  160.175615][ T7992]  alloc_pages_mpol+0xb3/0x250
[  160.175646][ T7992]  folio_alloc_noprof+0x97/0x150
[  160.175710][ T7992]  filemap_alloc_folio_noprof+0x66/0x210
[  160.175750][ T7992]  __filemap_get_folio+0x28f/0x6b0
[  160.175786][ T7992]  ? avc_has_perm+0xd3/0x150
[  160.175816][ T7992]  cont_write_begin+0x5c8/0x970
[  160.175865][ T7992]  fat_write_begin+0x4f/0xe0
[  160.175899][ T7992]  ? __pfx_fat_get_block+0x10/0x10
[  160.175977][ T7992]  cont_write_begin+0x1ad/0x970
[  160.176082][ T7992]  ? path_openat+0x1bf8/0x2170
[  160.176111][ T7992]  fat_write_begin+0x4f/0xe0
[  160.176135][ T7992]  ? __pfx_fat_get_block+0x10/0x10
[  160.176173][ T7992]  generic_cont_expand_simple+0xb0/0x150
[  160.176233][ T7992]  fat_cont_expand+0x3e/0x170
[  160.176283][ T7992]  fat_setattr+0x2a5/0x8a0
[  160.176305][ T7992]  ? __pfx_fat_setattr+0x10/0x10
[  160.176333][ T7992]  notify_change+0x806/0x890
[  160.176372][ T7992]  do_ftruncate+0x34b/0x450
[  160.176397][ T7992]  __x64_sys_ftruncate+0x68/0xc0
[  160.176425][ T7992]  x64_sys_call+0xd65/0x2fb0
[  160.176451][ T7992]  do_syscall_64+0xd2/0x200
[  160.176504][ T7992]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  160.176532][ T7992]  ? clear_bhb_loop+0x40/0x90
[  160.176552][ T7992]  ? clear_bhb_loop+0x40/0x90
[  160.176580][ T7992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.176607][ T7992] RIP: 0033:0x7f6b82cfe929
[  160.176625][ T7992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.176646][ T7992] RSP: 002b:00007f6b81367038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[  160.176752][ T7992] RAX: ffffffffffffffda RBX: 00007f6b82f25fa0 RCX: 00007f6b82cfe929
[  160.176768][ T7992] RDX: 0000000000000000 RSI: 0000000002000009 RDI: 0000000000000004
[  160.176783][ T7992] RBP: 00007f6b81367090 R08: 0000000000000000 R09: 0000000000000000
[  160.176794][ T7992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.176860][ T7992] R13: 0000000000000000 R14: 00007f6b82f25fa0 R15: 00007fff5b7e8a78
[  160.176883][ T7992]  </TASK>
[  160.588671][ T8007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1272'.
[  160.618324][ T8007] netlink: 38916 bytes leftover after parsing attributes in process `syz.1.1272'.
[  160.657617][ T8011] loop2: detected capacity change from 0 to 256
[  160.715743][ T8019] loop1: detected capacity change from 0 to 512
[  160.721942][ T8011] FAT-fs (loop2): IO charset cp860 not found
[  160.729084][ T8020] loop5: detected capacity change from 0 to 512
[  160.738010][ T8019] EXT4-fs: Ignoring removed nomblk_io_submit option
[  160.758142][ T8011] netlink: 'syz.2.1270': attribute type 7 has an invalid length.
[  160.766269][ T8019] ext4: Unknown parameter 'mask'
[  160.796092][ T8020] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  160.804800][ T8029] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1279'.
[  160.805008][ T8020] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.1277: invalid indirect mapped block 2683928664 (level 1)
[  160.828126][ T8020] EXT4-fs (loop5): Remounting filesystem read-only
[  160.834881][ T8020] EXT4-fs (loop5): 1 truncate cleaned up
[  160.860283][ T8026] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  160.860283][ T8026]    program syz.1.1278 not setting count and/or reply_len properly
[  160.877695][ T8015] loop4: detected capacity change from 0 to 4096
[  160.925629][ T8015] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1275'.
[  160.973081][ T8033] FAULT_INJECTION: forcing a failure.
[  160.973081][ T8033] name failslab, interval 1, probability 0, space 0, times 0
[  160.985797][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.2.1281 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  160.985908][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  160.985924][ T8033] Call Trace:
[  160.985932][ T8033]  <TASK>
[  160.985941][ T8033]  __dump_stack+0x1d/0x30
[  160.985967][ T8033]  dump_stack_lvl+0xe8/0x140
[  160.986051][ T8033]  dump_stack+0x15/0x1b
[  160.986067][ T8033]  should_fail_ex+0x265/0x280
[  160.986150][ T8033]  should_failslab+0x8c/0xb0
[  160.986178][ T8033]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  160.986214][ T8033]  ? rds_rm_size+0x2bd/0x490
[  160.986239][ T8033]  krealloc_noprof+0xb9/0x2d0
[  160.986335][ T8033]  rds_rm_size+0x2bd/0x490
[  160.986362][ T8033]  rds_sendmsg+0x842/0x14a0
[  160.986398][ T8033]  ? __pfx_rds_sendmsg+0x10/0x10
[  160.986505][ T8033]  __sock_sendmsg+0x145/0x180
[  160.986536][ T8033]  ____sys_sendmsg+0x31e/0x4e0
[  160.986572][ T8033]  ___sys_sendmsg+0x17b/0x1d0
[  160.986629][ T8033]  __x64_sys_sendmsg+0xd4/0x160
[  160.986676][ T8033]  x64_sys_call+0x2999/0x2fb0
[  160.986703][ T8033]  do_syscall_64+0xd2/0x200
[  160.986720][ T8033]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  160.986788][ T8033]  ? clear_bhb_loop+0x40/0x90
[  160.986815][ T8033]  ? clear_bhb_loop+0x40/0x90
[  160.986906][ T8033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.986933][ T8033] RIP: 0033:0x7f6b82cfe929
[  160.986951][ T8033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.986974][ T8033] RSP: 002b:00007f6b81367038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  160.986997][ T8033] RAX: ffffffffffffffda RBX: 00007f6b82f25fa0 RCX: 00007f6b82cfe929
[  160.987010][ T8033] RDX: 0000000000000040 RSI: 0000200000001600 RDI: 0000000000000003
[  160.987047][ T8033] RBP: 00007f6b81367090 R08: 0000000000000000 R09: 0000000000000000
[  160.987062][ T8033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.987073][ T8033] R13: 0000000000000000 R14: 00007f6b82f25fa0 R15: 00007fff5b7e8a78
[  160.987092][ T8033]  </TASK>
[  161.333716][ T3574] kernel write not supported for file /708/clear_refs (pid: 3574 comm: kworker/1:5)
[  161.445055][ T8052] FAULT_INJECTION: forcing a failure.
[  161.445055][ T8052] name failslab, interval 1, probability 0, space 0, times 0
[  161.457749][ T8052] CPU: 0 UID: 0 PID: 8052 Comm: syz.1.1289 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  161.457779][ T8052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.457808][ T8052] Call Trace:
[  161.457814][ T8052]  <TASK>
[  161.457822][ T8052]  __dump_stack+0x1d/0x30
[  161.457844][ T8052]  dump_stack_lvl+0xe8/0x140
[  161.457864][ T8052]  dump_stack+0x15/0x1b
[  161.457882][ T8052]  should_fail_ex+0x265/0x280
[  161.457913][ T8052]  should_failslab+0x8c/0xb0
[  161.457989][ T8052]  kmem_cache_alloc_noprof+0x50/0x310
[  161.458016][ T8052]  ? security_file_alloc+0x32/0x100
[  161.458129][ T8052]  security_file_alloc+0x32/0x100
[  161.458163][ T8052]  init_file+0x5c/0x1d0
[  161.458188][ T8052]  alloc_empty_file+0x8b/0x200
[  161.458246][ T8052]  alloc_file_pseudo+0xc6/0x160
[  161.458274][ T8052]  sock_alloc_file+0x9c/0x1e0
[  161.458299][ T8052]  do_accept+0x1e4/0x3a0
[  161.458334][ T8052]  __sys_accept4+0xbf/0x140
[  161.458499][ T8052]  __x64_sys_accept+0x42/0x50
[  161.458532][ T8052]  x64_sys_call+0x2f50/0x2fb0
[  161.458575][ T8052]  do_syscall_64+0xd2/0x200
[  161.458623][ T8052]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  161.458656][ T8052]  ? clear_bhb_loop+0x40/0x90
[  161.458720][ T8052]  ? clear_bhb_loop+0x40/0x90
[  161.458747][ T8052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.458803][ T8052] RIP: 0033:0x7fb6f07ae929
[  161.458821][ T8052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.458842][ T8052] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  161.458902][ T8052] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  161.458917][ T8052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  161.458975][ T8052] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  161.458989][ T8052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.459004][ T8052] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  161.459028][ T8052]  </TASK>
[  161.699212][ T8056] loop5: detected capacity change from 0 to 2048
[  161.729064][ T8056] EXT4-fs: quotafile must be on filesystem root
[  161.765601][ T8060] SELinux: failed to load policy
[  161.770553][ T8062] loop2: detected capacity change from 0 to 512
[  161.771249][ T8062] journal_path: Lookup failure for './file0/../file0'
[  161.771336][ T8062] EXT4-fs: error: could not find journal device path
[  161.774044][ T8062] siw: device registration error -23
[  161.869188][ T8065] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1291'.
[  161.933964][ T8075] netlink: 664 bytes leftover after parsing attributes in process `syz.2.1298'.
[  161.950986][   T29] kauditd_printk_skb: 233 callbacks suppressed
[  161.951002][   T29] audit: type=1326 audit(1752304197.635:2622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8055 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad0c2e929 code=0x7ffc0000
[  161.987214][   T29] audit: type=1326 audit(1752304197.665:2623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8055 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad0c2e929 code=0x7ffc0000
[  162.008378][ T8075] loop2: detected capacity change from 0 to 256
[  162.031198][ T8077] loop0: detected capacity change from 0 to 2048
[  162.046522][   T29] audit: type=1326 audit(1752304197.705:2624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8078 comm="syz.4.1300" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf9c67e929 code=0x0
[  162.080880][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198)
[  162.089014][ T8075] FAT-fs (loop2): Filesystem has been set read-only
[  162.099715][ T8081] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1300'.
[  162.112792][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198)
[  162.122510][ T8077] EXT4-fs mount: 28 callbacks suppressed
[  162.122528][ T8077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.150946][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198)
[  162.160358][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198)
[  162.172043][ T8075] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 198)
[  162.191261][ T8075] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 198)
[  162.262038][ T8090] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1301'.
[  162.271203][ T8090] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1301'.
[  162.347121][   T29] audit: type=1400 audit(1752304198.025:2625): avc:  denied  { listen } for  pid=8092 comm="syz.2.1302" lport=40589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  162.379709][ T8093] sctp: [Deprecated]: syz.2.1302 (pid 8093) Use of int in max_burst socket option.
[  162.379709][ T8093] Use struct sctp_assoc_value instead
[  162.385389][ T8093] loop2: detected capacity change from 0 to 736
[  162.402498][   T29] audit: type=1400 audit(1752304198.055:2626): avc:  denied  { accept } for  pid=8092 comm="syz.2.1302" lport=40589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  162.402547][   T29] audit: type=1400 audit(1752304198.065:2627): avc:  denied  { getopt } for  pid=8092 comm="syz.2.1302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  162.548834][ T8101] loop2: detected capacity change from 0 to 2048
[  162.613768][ T3297] Alternate GPT is invalid, using primary GPT.
[  162.620179][ T3297]  loop2: p2 p3 p7
[  162.677187][ T8101] Alternate GPT is invalid, using primary GPT.
[  162.677441][ T8101]  loop2: p2 p3 p7
[  162.773993][ T8107] loop1: detected capacity change from 0 to 1024
[  162.801469][   T29] audit: type=1400 audit(1752304198.485:2628): avc:  denied  { read write } for  pid=8097 comm="syz.2.1303" name="loop2p3" dev="devtmpfs" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  162.824906][   T29] audit: type=1400 audit(1752304198.485:2629): avc:  denied  { open } for  pid=8097 comm="syz.2.1303" path="/dev/loop2p3" dev="devtmpfs" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  162.826639][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.893772][ T8109] openvswitch: netlink: Message has 6 unknown bytes.
[  162.902164][ T8107] loop1: detected capacity change from 0 to 1024
[  162.909436][   T29] audit: type=1400 audit(1752304198.555:2630): avc:  denied  { ioctl } for  pid=8097 comm="syz.2.1303" path="/dev/loop2p3" dev="devtmpfs" ino=1792 ioctlcmd=0x54da scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  162.935037][   T29] audit: type=1400 audit(1752304198.585:2631): avc:  denied  { bind } for  pid=8108 comm="syz.2.1307" lport=32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  162.991237][ T3544] udevd[3544]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  162.998601][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  163.014579][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory
[  163.031583][ T8107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.080712][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory
[  163.092964][ T7773] udevd[7773]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  163.104338][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  163.124834][ T8119] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1310'.
[  163.137551][ T8107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.143613][ T3544] udevd[3544]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  163.147303][ T7773] udevd[7773]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory
[  163.166507][ T8107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.167753][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  163.187654][ T8107] SELinux:  Context system_u:object_r:agp_device_t:s0 is not valid (left unmapped).
[  163.225705][ T8107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.234093][ T8124] loop0: detected capacity change from 0 to 512
[  163.237174][ T8107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.291806][ T8129] FAULT_INJECTION: forcing a failure.
[  163.291806][ T8129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.304939][ T8129] CPU: 0 UID: 0 PID: 8129 Comm: syz.4.1313 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  163.304966][ T8129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.305034][ T8129] Call Trace:
[  163.305042][ T8129]  <TASK>
[  163.305079][ T8129]  __dump_stack+0x1d/0x30
[  163.305101][ T8129]  dump_stack_lvl+0xe8/0x140
[  163.305126][ T8129]  dump_stack+0x15/0x1b
[  163.305150][ T8129]  should_fail_ex+0x265/0x280
[  163.305185][ T8129]  should_fail+0xb/0x20
[  163.305241][ T8129]  should_fail_usercopy+0x1a/0x20
[  163.305291][ T8129]  _copy_to_iter+0xcf/0xe30
[  163.305390][ T8129]  ? chacha_block_generic+0x218/0x240
[  163.305433][ T8129]  get_random_bytes_user+0x12d/0x290
[  163.305459][ T8129]  ? import_ubuf+0xe8/0x120
[  163.305478][ T8129]  __x64_sys_getrandom+0xcf/0x1a0
[  163.305502][ T8129]  x64_sys_call+0x2bb4/0x2fb0
[  163.305540][ T8129]  do_syscall_64+0xd2/0x200
[  163.305562][ T8129]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.305626][ T8129]  ? clear_bhb_loop+0x40/0x90
[  163.305650][ T8129]  ? clear_bhb_loop+0x40/0x90
[  163.305677][ T8129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.305703][ T8129] RIP: 0033:0x7fcf9c67e929
[  163.305741][ T8129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.305763][ T8129] RSP: 002b:00007fcf9ace7038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e
[  163.305862][ T8129] RAX: ffffffffffffffda RBX: 00007fcf9c8a5fa0 RCX: 00007fcf9c67e929
[  163.305873][ T8129] RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000200000000240
[  163.305885][ T8129] RBP: 00007fcf9ace7090 R08: 0000000000000000 R09: 0000000000000000
[  163.305896][ T8129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.305910][ T8129] R13: 0000000000000000 R14: 00007fcf9c8a5fa0 R15: 00007ffcc3d60e58
[  163.305931][ T8129]  </TASK>
[  163.571904][ T8124] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1311: bg 0: block 248: padding at end of block bitmap is not set
[  163.608309][ T8124] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1311: Failed to acquire dquot type 1
[  163.622649][ T8124] EXT4-fs (loop0): 1 truncate cleaned up
[  163.629005][ T8124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.656870][ T8144] loop2: detected capacity change from 0 to 512
[  163.677453][ T8142] loop4: detected capacity change from 0 to 8192
[  163.697427][ T8124] ext4 filesystem being mounted at /263/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  163.717436][ T8144] EXT4-fs (loop2): 1 orphan inode deleted
[  163.728945][ T8144] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.758444][ T8142] FAULT_INJECTION: forcing a failure.
[  163.758444][ T8142] name failslab, interval 1, probability 0, space 0, times 0
[  163.771181][ T8142] CPU: 0 UID: 0 PID: 8142 Comm: syz.4.1317 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  163.771210][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.771222][ T8142] Call Trace:
[  163.771228][ T8142]  <TASK>
[  163.771236][ T8142]  __dump_stack+0x1d/0x30
[  163.771257][ T8142]  dump_stack_lvl+0xe8/0x140
[  163.771275][ T8142]  dump_stack+0x15/0x1b
[  163.771316][ T8142]  should_fail_ex+0x265/0x280
[  163.771347][ T8142]  should_failslab+0x8c/0xb0
[  163.771381][ T8142]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  163.771433][ T8142]  ? sidtab_sid2str_get+0xa0/0x130
[  163.771464][ T8142]  kmemdup_noprof+0x2b/0x70
[  163.771493][ T8142]  sidtab_sid2str_get+0xa0/0x130
[  163.771572][ T8142]  security_sid_to_context_core+0x1eb/0x2e0
[  163.771599][ T8142]  security_sid_to_context+0x27/0x40
[  163.771619][ T8142]  selinux_lsmprop_to_secctx+0x67/0xf0
[  163.771640][ T8142]  security_lsmprop_to_secctx+0x43/0x80
[  163.771737][ T8142]  audit_log_task_context+0x77/0x190
[  163.771773][ T8142]  audit_log_task+0xf4/0x250
[  163.771862][ T8142]  audit_seccomp+0x61/0x100
[  163.771894][ T8142]  ? __seccomp_filter+0x68c/0x10d0
[  163.771921][ T8142]  __seccomp_filter+0x69d/0x10d0
[  163.771946][ T8142]  ? errseq_sample+0x2f/0x40
[  163.771965][ T8142]  ? file_init_path+0x278/0x2a0
[  163.772053][ T8142]  ? alloc_file_pseudo+0x129/0x160
[  163.772084][ T8142]  __secure_computing+0x82/0x150
[  163.772127][ T8142]  syscall_trace_enter+0xcf/0x1e0
[  163.772157][ T8142]  do_syscall_64+0xac/0x200
[  163.772180][ T8142]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.772247][ T8142]  ? clear_bhb_loop+0x40/0x90
[  163.772268][ T8142]  ? clear_bhb_loop+0x40/0x90
[  163.772330][ T8142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.772357][ T8142] RIP: 0033:0x7fcf9c67d33c
[  163.772383][ T8142] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  163.772403][ T8142] RSP: 002b:00007fcf9ace7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  163.772421][ T8142] RAX: ffffffffffffffda RBX: 00007fcf9c8a5fa0 RCX: 00007fcf9c67d33c
[  163.772432][ T8142] RDX: 000000000000000f RSI: 00007fcf9ace70a0 RDI: 0000000000000006
[  163.772445][ T8142] RBP: 00007fcf9ace7090 R08: 0000000000000000 R09: 0000000000000000
[  163.772460][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  163.772608][ T8142] R13: 0000000000000000 R14: 00007fcf9c8a5fa0 R15: 00007ffcc3d60e58
[  163.772632][ T8142]  </TASK>
[  163.773580][ T1083] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 1
[  163.895261][ T8144] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.067013][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.143084][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.210187][ T8160] loop0: detected capacity change from 0 to 512
[  164.222429][ T8160] ext3: Unknown parameter 'uid<00000000000000000000'
[  164.443947][ T8165] pim6reg: entered allmulticast mode
[  165.924609][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.037217][ T8186] __nla_validate_parse: 5 callbacks suppressed
[  166.037237][ T8186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1327'.
[  166.052513][ T8186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1327'.
[  166.105537][ T8190] loop0: detected capacity change from 0 to 512
[  166.130486][ T8198] netlink: 'syz.1.1334': attribute type 3 has an invalid length.
[  166.196733][ T8190] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1331: Failed to acquire dquot type 1
[  166.211787][ T8190] EXT4-fs (loop0): 1 truncate cleaned up
[  166.218039][ T8190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.247861][ T8208] 9pnet_fd: Insufficient options for proto=fd
[  166.263209][ T8190] ext4 filesystem being mounted at /267/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.302225][ T8196] veth1_macvtap: left promiscuous mode
[  166.302251][ T8196] macsec0: entered allmulticast mode
[  166.337479][ T8210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1337'.
[  166.346533][ T8210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1337'.
[  166.357424][ T8190] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.442429][ T8215] loop1: detected capacity change from 0 to 1024
[  166.480830][ T8215] EXT4-fs: Ignoring removed orlov option
[  166.491522][ T8215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.889172][ T8222] loop2: detected capacity change from 0 to 512
[  166.891493][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.916504][ T8222] journal_path: Lookup failure for './file0/../file0'
[  166.923427][ T8222] EXT4-fs: error: could not find journal device path
[  166.977997][ T8222] siw: device registration error -23
[  167.053708][ T8228] FAULT_INJECTION: forcing a failure.
[  167.053708][ T8228] name failslab, interval 1, probability 0, space 0, times 0
[  167.066404][ T8228] CPU: 0 UID: 0 PID: 8228 Comm: syz.5.1342 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  167.066434][ T8228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.066448][ T8228] Call Trace:
[  167.066454][ T8228]  <TASK>
[  167.066462][ T8228]  __dump_stack+0x1d/0x30
[  167.066486][ T8228]  dump_stack_lvl+0xe8/0x140
[  167.066509][ T8228]  dump_stack+0x15/0x1b
[  167.066529][ T8228]  should_fail_ex+0x265/0x280
[  167.066565][ T8228]  should_failslab+0x8c/0xb0
[  167.066591][ T8228]  kmem_cache_alloc_noprof+0x50/0x310
[  167.066619][ T8228]  ? mas_alloc_nodes+0x265/0x520
[  167.066643][ T8228]  mas_alloc_nodes+0x265/0x520
[  167.066667][ T8228]  mas_preallocate+0x33e/0x520
[  167.066712][ T8228]  mmap_region+0xb7e/0x1580
[  167.066770][ T8228]  do_mmap+0x9b3/0xbe0
[  167.066807][ T8228]  vm_mmap_pgoff+0x17a/0x2e0
[  167.066835][ T8228]  ksys_mmap_pgoff+0xc2/0x310
[  167.066869][ T8228]  ? __x64_sys_mmap+0x49/0x70
[  167.066898][ T8228]  x64_sys_call+0x1602/0x2fb0
[  167.066922][ T8228]  do_syscall_64+0xd2/0x200
[  167.066938][ T8228]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  167.066962][ T8228]  ? clear_bhb_loop+0x40/0x90
[  167.066982][ T8228]  ? clear_bhb_loop+0x40/0x90
[  167.067006][ T8228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.067031][ T8228] RIP: 0033:0x7fbad0c2e963
[  167.067049][ T8228] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
[  167.067071][ T8228] RSP: 002b:00007fbacf296e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  167.067093][ T8228] RAX: ffffffffffffffda RBX: 0000000000000435 RCX: 00007fbad0c2e963
[  167.067108][ T8228] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000
[  167.067130][ T8228] RBP: 0000200000000d82 R08: 00000000ffffffff R09: 0000000000000000
[  167.067144][ T8228] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000006
[  167.067159][ T8228] R13: 00007fbacf296ef0 R14: 00007fbacf296eb0 R15: 00002000000011c0
[  167.067182][ T8228]  </TASK>
[  167.461481][ T8235] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1345'.
[  167.470513][ T8235] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1345'.
[  167.571823][   T29] kauditd_printk_skb: 119 callbacks suppressed
[  167.571858][   T29] audit: type=1400 audit(1752304203.255:2745): avc:  denied  { setopt } for  pid=8238 comm="syz.5.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  167.576217][ T8240] lo speed is unknown, defaulting to 1000
[  167.606933][ T8240] lo speed is unknown, defaulting to 1000
[  167.650349][ T8240] lo speed is unknown, defaulting to 1000
[  167.682532][ T8240] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  167.693173][ T8240] lo speed is unknown, defaulting to 1000
[  167.699654][ T8240] lo speed is unknown, defaulting to 1000
[  167.710519][ T8240] lo speed is unknown, defaulting to 1000
[  167.731003][ T8240] lo speed is unknown, defaulting to 1000
[  167.740431][ T8246] loop1: detected capacity change from 0 to 2048
[  167.748688][ T8240] lo speed is unknown, defaulting to 1000
[  167.925487][ T8246] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.982454][   T29] audit: type=1400 audit(1752304203.665:2746): avc:  denied  { ioctl } for  pid=8245 comm="syz.1.1349" path="/277/file1/file1" dev="loop1" ino=15 ioctlcmd=0xf504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  168.101009][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.179927][ T8270] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1350'.
[  168.214050][ T8270] lo speed is unknown, defaulting to 1000
[  168.468640][   T29] audit: type=1326 audit(1752304204.125:2747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.492890][   T29] audit: type=1326 audit(1752304204.125:2748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.516364][   T29] audit: type=1326 audit(1752304204.125:2749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.540594][   T29] audit: type=1326 audit(1752304204.125:2750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.564125][   T29] audit: type=1326 audit(1752304204.125:2751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.587648][   T29] audit: type=1326 audit(1752304204.145:2752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.611808][   T29] audit: type=1326 audit(1752304204.145:2753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.635469][   T29] audit: type=1326 audit(1752304204.145:2754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8268 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f07ae929 code=0x7ffc0000
[  168.848754][ T8291] Unsupported ieee802154 address type: 0
[  168.860454][ T8288] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  168.860454][ T8288]    program syz.0.1354 not setting count and/or reply_len properly
[  168.890050][ T8293] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1356'.
[  168.924439][ T8288] loop0: detected capacity change from 0 to 1024
[  168.992347][ T8288] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.006567][ T8288] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.028086][ T8288] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1354: bg 0: block 393: padding at end of block bitmap is not set
[  169.074664][ T8313] FAULT_INJECTION: forcing a failure.
[  169.074664][ T8313] name failslab, interval 1, probability 0, space 0, times 0
[  169.087425][ T8313] CPU: 0 UID: 0 PID: 8313 Comm: syz.1.1361 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  169.087512][ T8313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.087527][ T8313] Call Trace:
[  169.087535][ T8313]  <TASK>
[  169.087544][ T8313]  __dump_stack+0x1d/0x30
[  169.087569][ T8313]  dump_stack_lvl+0xe8/0x140
[  169.087588][ T8313]  dump_stack+0x15/0x1b
[  169.087605][ T8313]  should_fail_ex+0x265/0x280
[  169.087671][ T8313]  should_failslab+0x8c/0xb0
[  169.087693][ T8313]  kmem_cache_alloc_noprof+0x50/0x310
[  169.087719][ T8313]  ? security_inode_alloc+0x37/0x100
[  169.087783][ T8313]  security_inode_alloc+0x37/0x100
[  169.087819][ T8313]  inode_init_always_gfp+0x4b7/0x500
[  169.087883][ T8313]  ? __pfx_proc_alloc_inode+0x10/0x10
[  169.087905][ T8313]  alloc_inode+0x58/0x170
[  169.087939][ T8313]  new_inode+0x1d/0xe0
[  169.087956][ T8313]  proc_pid_make_inode+0x1f/0xd0
[  169.088118][ T8313]  proc_map_files_instantiate+0x81/0x130
[  169.088140][ T8313]  proc_fill_cache+0x1c4/0x240
[  169.088233][ T8313]  ? __pfx_proc_map_files_instantiate+0x10/0x10
[  169.088301][ T8313]  proc_map_files_readdir+0x500/0x680
[  169.088333][ T8313]  iterate_dir+0x111/0x330
[  169.088360][ T8313]  ? mutex_lock+0xd/0x30
[  169.088388][ T8313]  __se_sys_getdents64+0x88/0x1b0
[  169.088417][ T8313]  ? __pfx_filldir64+0x10/0x10
[  169.088488][ T8313]  __x64_sys_getdents64+0x43/0x50
[  169.088518][ T8313]  x64_sys_call+0x1302/0x2fb0
[  169.088539][ T8313]  do_syscall_64+0xd2/0x200
[  169.088557][ T8313]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  169.088705][ T8313]  ? clear_bhb_loop+0x40/0x90
[  169.088727][ T8313]  ? clear_bhb_loop+0x40/0x90
[  169.088774][ T8313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.088795][ T8313] RIP: 0033:0x7fb6f07ae929
[  169.088811][ T8313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.088830][ T8313] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  169.088848][ T8313] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  169.088908][ T8313] RDX: 0000000000001002 RSI: 0000200000002f40 RDI: 0000000000000003
[  169.088958][ T8313] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  169.088970][ T8313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.088982][ T8313] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  169.089009][ T8313]  </TASK>
[  169.347960][ T8288] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  169.361089][ T8288] EXT4-fs (loop0): This should not happen!! Data will be lost
[  169.361089][ T8288] 
[  169.371494][ T8288] EXT4-fs (loop0): Total free blocks count 0
[  169.377546][ T8288] EXT4-fs (loop0): Free/Dirty block details
[  169.383527][ T8288] EXT4-fs (loop0): free_blocks=0
[  169.388545][ T8288] EXT4-fs (loop0): dirty_blocks=16
[  169.393734][ T8288] EXT4-fs (loop0): Block reservation details
[  169.399748][ T8288] EXT4-fs (loop0): i_reserved_data_blocks=1
[  169.416839][ T8317] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  169.416839][ T8317]    program syz.2.1360 not setting count and/or reply_len properly
[  169.462873][ T8320] $Hÿ: renamed from bond0 (while UP)
[  169.491186][ T8320] $Hÿ: entered promiscuous mode
[  169.496272][ T8320] bond_slave_0: entered promiscuous mode
[  169.497584][ T8317] loop2: detected capacity change from 0 to 1024
[  169.502150][ T8320] bond_slave_1: entered promiscuous mode
[  169.530053][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.593726][ T8317] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.626249][ T8317] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.658938][ T8340] Unsupported ieee802154 address type: 0
[  169.667266][ T8342] FAULT_INJECTION: forcing a failure.
[  169.667266][ T8342] name failslab, interval 1, probability 0, space 0, times 0
[  169.679992][ T8342] CPU: 1 UID: 0 PID: 8342 Comm: syz.5.1366 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  169.680028][ T8342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.680053][ T8342] Call Trace:
[  169.680083][ T8342]  <TASK>
[  169.680091][ T8342]  __dump_stack+0x1d/0x30
[  169.680111][ T8342]  dump_stack_lvl+0xe8/0x140
[  169.680136][ T8342]  dump_stack+0x15/0x1b
[  169.680157][ T8342]  should_fail_ex+0x265/0x280
[  169.680249][ T8342]  should_failslab+0x8c/0xb0
[  169.680274][ T8342]  kmem_cache_alloc_noprof+0x50/0x310
[  169.680299][ T8342]  ? skb_clone+0x151/0x1f0
[  169.680358][ T8342]  skb_clone+0x151/0x1f0
[  169.680380][ T8342]  __netlink_deliver_tap+0x2c9/0x500
[  169.680427][ T8342]  netlink_unicast+0x653/0x680
[  169.680468][ T8342]  netlink_sendmsg+0x58b/0x6b0
[  169.680527][ T8342]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.680546][ T8342]  __sock_sendmsg+0x145/0x180
[  169.680605][ T8342]  ____sys_sendmsg+0x31e/0x4e0
[  169.680647][ T8342]  ___sys_sendmsg+0x17b/0x1d0
[  169.680693][ T8342]  __x64_sys_sendmsg+0xd4/0x160
[  169.680779][ T8342]  x64_sys_call+0x2999/0x2fb0
[  169.680801][ T8342]  do_syscall_64+0xd2/0x200
[  169.680820][ T8342]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  169.680860][ T8342]  ? clear_bhb_loop+0x40/0x90
[  169.680943][ T8342]  ? clear_bhb_loop+0x40/0x90
[  169.680972][ T8342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.680999][ T8342] RIP: 0033:0x7fbad0c2e929
[  169.681019][ T8342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.681114][ T8342] RSP: 002b:00007fbacf297038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.681137][ T8342] RAX: ffffffffffffffda RBX: 00007fbad0e55fa0 RCX: 00007fbad0c2e929
[  169.681175][ T8342] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  169.681187][ T8342] RBP: 00007fbacf297090 R08: 0000000000000000 R09: 0000000000000000
[  169.681202][ T8342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.681218][ T8342] R13: 0000000000000000 R14: 00007fbad0e55fa0 R15: 00007ffec9666608
[  169.681242][ T8342]  </TASK>
[  169.903175][ T8342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1366'.
[  169.903828][ T8331] SELinux:  policydb magic number 0x303 does not match expected magic number 0xf97cff8c
[  169.922077][ T8331] SELinux: failed to load policy
[  169.933594][ T8317] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1360: bg 0: block 393: padding at end of block bitmap is not set
[  169.968223][ T8317] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  169.980778][ T8317] EXT4-fs (loop2): This should not happen!! Data will be lost
[  169.980778][ T8317] 
[  169.986835][ T8345] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0
[  169.991347][ T8317] EXT4-fs (loop2): Total free blocks count 0
[  169.999495][ T8345] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0
[  170.005403][ T8317] EXT4-fs (loop2): Free/Dirty block details
[  170.014174][ T8345] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0
[  170.020927][ T8317] EXT4-fs (loop2): free_blocks=0
[  170.028839][ T8345] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0
[  170.033860][ T8317] EXT4-fs (loop2): dirty_blocks=16
[  170.047949][ T8317] EXT4-fs (loop2): Block reservation details
[  170.054670][ T8317] EXT4-fs (loop2): i_reserved_data_blocks=1
[  170.145810][ T8354] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1370'.
[  170.201281][ T8363] loop5: detected capacity change from 0 to 128
[  170.210599][ T8366] FAULT_INJECTION: forcing a failure.
[  170.210599][ T8366] name failslab, interval 1, probability 0, space 0, times 0
[  170.223974][ T8366] CPU: 1 UID: 0 PID: 8366 Comm: syz.0.1371 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  170.224046][ T8366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.224061][ T8366] Call Trace:
[  170.224068][ T8366]  <TASK>
[  170.224077][ T8366]  __dump_stack+0x1d/0x30
[  170.224100][ T8366]  dump_stack_lvl+0xe8/0x140
[  170.224165][ T8366]  dump_stack+0x15/0x1b
[  170.224185][ T8366]  should_fail_ex+0x265/0x280
[  170.224220][ T8366]  should_failslab+0x8c/0xb0
[  170.224297][ T8366]  kmem_cache_alloc_node_noprof+0x57/0x320
[  170.224353][ T8366]  ? __alloc_skb+0x101/0x320
[  170.224385][ T8366]  __alloc_skb+0x101/0x320
[  170.224415][ T8366]  ? audit_log_start+0x365/0x6c0
[  170.224450][ T8366]  audit_log_start+0x380/0x6c0
[  170.224553][ T8366]  audit_log+0x5e/0xd0
[  170.224596][ T8366]  sel_write_enforce+0x260/0x2d0
[  170.224632][ T8366]  vfs_writev+0x403/0x8b0
[  170.224695][ T8366]  ? __pfx_sel_write_enforce+0x10/0x10
[  170.224763][ T8366]  ? mutex_lock+0xd/0x30
[  170.224809][ T8366]  do_writev+0xe7/0x210
[  170.224838][ T8366]  __x64_sys_writev+0x45/0x50
[  170.224861][ T8366]  x64_sys_call+0x2006/0x2fb0
[  170.224888][ T8366]  do_syscall_64+0xd2/0x200
[  170.224924][ T8366]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  170.224955][ T8366]  ? clear_bhb_loop+0x40/0x90
[  170.224978][ T8366]  ? clear_bhb_loop+0x40/0x90
[  170.225074][ T8366]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.225101][ T8366] RIP: 0033:0x7f4e065be929
[  170.225120][ T8366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.225153][ T8366] RSP: 002b:00007f4e04c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  170.225176][ T8366] RAX: ffffffffffffffda RBX: 00007f4e067e5fa0 RCX: 00007f4e065be929
[  170.225191][ T8366] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003
[  170.225206][ T8366] RBP: 00007f4e04c27090 R08: 0000000000000000 R09: 0000000000000000
[  170.225221][ T8366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.225299][ T8366] R13: 0000000000000000 R14: 00007f4e067e5fa0 R15: 00007fff937727c8
[  170.225317][ T8366]  </TASK>
[  170.537115][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.637817][ T8390] xt_hashlimit: max too large, truncated to 1048576
[  170.714414][ T8396] FAULT_INJECTION: forcing a failure.
[  170.714414][ T8396] name failslab, interval 1, probability 0, space 0, times 0
[  170.727902][ T8396] CPU: 1 UID: 0 PID: 8396 Comm: syz.2.1378 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  170.727937][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.728007][ T8396] Call Trace:
[  170.728013][ T8396]  <TASK>
[  170.728020][ T8396]  __dump_stack+0x1d/0x30
[  170.728044][ T8396]  dump_stack_lvl+0xe8/0x140
[  170.728110][ T8396]  dump_stack+0x15/0x1b
[  170.728126][ T8396]  should_fail_ex+0x265/0x280
[  170.728227][ T8396]  should_failslab+0x8c/0xb0
[  170.728255][ T8396]  kmem_cache_alloc_noprof+0x50/0x310
[  170.728281][ T8396]  ? skb_clone+0x151/0x1f0
[  170.728305][ T8396]  skb_clone+0x151/0x1f0
[  170.728325][ T8396]  __netlink_deliver_tap+0x2c9/0x500
[  170.728382][ T8396]  netlink_unicast+0x653/0x680
[  170.728419][ T8396]  netlink_sendmsg+0x58b/0x6b0
[  170.728481][ T8396]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.728505][ T8396]  __sock_sendmsg+0x145/0x180
[  170.728593][ T8396]  ____sys_sendmsg+0x31e/0x4e0
[  170.728682][ T8396]  ___sys_sendmsg+0x17b/0x1d0
[  170.728731][ T8396]  __x64_sys_sendmsg+0xd4/0x160
[  170.728776][ T8396]  x64_sys_call+0x2999/0x2fb0
[  170.728856][ T8396]  do_syscall_64+0xd2/0x200
[  170.728878][ T8396]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  170.728979][ T8396]  ? clear_bhb_loop+0x40/0x90
[  170.729006][ T8396]  ? clear_bhb_loop+0x40/0x90
[  170.729034][ T8396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.729060][ T8396] RIP: 0033:0x7f6b82cfe929
[  170.729076][ T8396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.729100][ T8396] RSP: 002b:00007f6b81367038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.729118][ T8396] RAX: ffffffffffffffda RBX: 00007f6b82f25fa0 RCX: 00007f6b82cfe929
[  170.729172][ T8396] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000003
[  170.729187][ T8396] RBP: 00007f6b81367090 R08: 0000000000000000 R09: 0000000000000000
[  170.729202][ T8396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.729218][ T8396] R13: 0000000000000000 R14: 00007f6b82f25fa0 R15: 00007fff5b7e8a78
[  170.729255][ T8396]  </TASK>
[  170.789997][ T8396] netlink: 'syz.2.1378': attribute type 1 has an invalid length.
[  170.986843][ T8410] loop1: detected capacity change from 0 to 128
[  171.021872][ T8410] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  171.077976][ T8419] __nla_validate_parse: 7 callbacks suppressed
[  171.077997][ T8419] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1383'.
[  171.086174][ T8410] ext4 filesystem being mounted at /287/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  171.093220][ T8419] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1383'.
[  171.138903][ T8426] loop4: detected capacity change from 0 to 128
[  171.332750][ T3316] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  171.451447][ T8458] FAULT_INJECTION: forcing a failure.
[  171.451447][ T8458] name failslab, interval 1, probability 0, space 0, times 0
[  171.464151][ T8458] CPU: 0 UID: 0 PID: 8458 Comm: syz.1.1389 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  171.464179][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.464192][ T8458] Call Trace:
[  171.464198][ T8458]  <TASK>
[  171.464262][ T8458]  __dump_stack+0x1d/0x30
[  171.464286][ T8458]  dump_stack_lvl+0xe8/0x140
[  171.464304][ T8458]  dump_stack+0x15/0x1b
[  171.464319][ T8458]  should_fail_ex+0x265/0x280
[  171.464393][ T8458]  should_failslab+0x8c/0xb0
[  171.464415][ T8458]  __kmalloc_noprof+0xa5/0x3e0
[  171.464451][ T8458]  ? rds_message_alloc+0x45/0x120
[  171.464478][ T8458]  rds_message_alloc+0x45/0x120
[  171.464503][ T8458]  rds_sendmsg+0x860/0x14a0
[  171.464538][ T8458]  ? __pfx_rds_sendmsg+0x10/0x10
[  171.464616][ T8458]  __sock_sendmsg+0x145/0x180
[  171.464646][ T8458]  ____sys_sendmsg+0x31e/0x4e0
[  171.464752][ T8458]  ___sys_sendmsg+0x17b/0x1d0
[  171.464837][ T8458]  __x64_sys_sendmsg+0xd4/0x160
[  171.464880][ T8458]  x64_sys_call+0x2999/0x2fb0
[  171.464906][ T8458]  do_syscall_64+0xd2/0x200
[  171.464987][ T8458]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  171.465019][ T8458]  ? clear_bhb_loop+0x40/0x90
[  171.465045][ T8458]  ? clear_bhb_loop+0x40/0x90
[  171.465071][ T8458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.465178][ T8458] RIP: 0033:0x7fb6f07ae929
[  171.465195][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.465217][ T8458] RSP: 002b:00007fb6eee17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.465240][ T8458] RAX: ffffffffffffffda RBX: 00007fb6f09d5fa0 RCX: 00007fb6f07ae929
[  171.465255][ T8458] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000003
[  171.465270][ T8458] RBP: 00007fb6eee17090 R08: 0000000000000000 R09: 0000000000000000
[  171.465284][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  171.465353][ T8458] R13: 0000000000000000 R14: 00007fb6f09d5fa0 R15: 00007fff56893268
[  171.465384][ T8458]  </TASK>
[  171.545000][ T8465] loop1: detected capacity change from 0 to 512
[  171.605169][ T8472] loop2: detected capacity change from 0 to 512
[  171.715189][ T8465] journal_path: Lookup failure for './file0/../file0'
[  171.742629][ T8465] EXT4-fs: error: could not find journal device path
[  171.794690][ T8476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1392'.
[  171.794713][ T8476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1392'.
[  171.837480][ T8472] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  171.855029][ T8480] xt_hashlimit: size too large, truncated to 1048576
[  171.937520][ T8465] siw: device registration error -23
[  171.988223][ T8472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.988310][ T8472] ext4 filesystem being mounted at /293/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.111669][ T8496] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1395'.
[  172.132285][ T8502] netlink: 'syz.1.1396': attribute type 21 has an invalid length.
[  172.140206][ T8502] IPv6: NLM_F_CREATE should be specified when creating new route
[  172.169154][ T8502] rdma_op ffff88811b19f180 conn xmit_rdma 0000000000000000
[  172.177709][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.193412][ T8502] batadv_slave_1: entered promiscuous mode
[  172.204859][ T8501] batadv_slave_1: left promiscuous mode
[  172.297224][ T8511] loop5: detected capacity change from 0 to 1024
[  172.309180][ T8515] netlink: 'syz.2.1401': attribute type 29 has an invalid length.
[  172.331843][ T8511] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.367705][ T8511] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.402257][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.402257][ T5453] loop4: rw=1, sector=153, nr_sectors = 8 limit=128
[  172.432651][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.432651][ T5453] loop4: rw=1, sector=169, nr_sectors = 8 limit=128
[  172.433268][ T8511] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1399: bg 0: block 393: padding at end of block bitmap is not set
[  172.446283][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.446283][ T5453] loop4: rw=1, sector=185, nr_sectors = 8 limit=128
[  172.473836][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.473836][ T5453] loop4: rw=1, sector=201, nr_sectors = 8 limit=128
[  172.485092][ T8511] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  172.496599][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.496599][ T5453] loop4: rw=1, sector=217, nr_sectors = 8 limit=128
[  172.500472][ T8511] EXT4-fs (loop5): This should not happen!! Data will be lost
[  172.500472][ T8511] 
[  172.515230][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.515230][ T5453] loop4: rw=1, sector=233, nr_sectors = 8 limit=128
[  172.523353][ T8511] EXT4-fs (loop5): Total free blocks count 0
[  172.540207][ T8524] lo speed is unknown, defaulting to 1000
[  172.541917][ T8511] EXT4-fs (loop5): Free/Dirty block details
[  172.555657][ T8511] EXT4-fs (loop5): free_blocks=0
[  172.560871][ T8511] EXT4-fs (loop5): dirty_blocks=16
[  172.566078][ T8511] EXT4-fs (loop5): Block reservation details
[  172.572194][ T8511] EXT4-fs (loop5): i_reserved_data_blocks=1
[  172.572580][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.572580][ T5453] loop4: rw=1, sector=249, nr_sectors = 8 limit=128
[  172.599703][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.599703][ T5453] loop4: rw=1, sector=265, nr_sectors = 8 limit=128
[  172.625462][ T7425] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.634597][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.634597][ T5453] loop4: rw=1, sector=281, nr_sectors = 8 limit=128
[  172.634710][ T5453] kworker/u8:8: attempt to access beyond end of device
[  172.634710][ T5453] loop4: rw=1, sector=297, nr_sectors = 8 limit=128
[  172.673244][ T8534] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1407'.
[  172.682265][ T8534] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1407'.
[  172.702652][   T29] kauditd_printk_skb: 294 callbacks suppressed
[  172.702669][   T29] audit: type=1400 audit(1752304208.385:3047): avc:  denied  { create } for  pid=8536 comm="syz.5.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  172.754539][   T29] audit: type=1400 audit(1752304208.425:3048): avc:  denied  { create } for  pid=8535 comm="syz.4.1404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  172.782614][   T29] audit: type=1400 audit(1752304208.465:3049): avc:  denied  { ioctl } for  pid=8541 comm="syz.2.1410" path="socket:[20290]" dev="sockfs" ino=20290 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  172.810843][ T8538] loop4: detected capacity change from 0 to 128
[  172.829002][ T8545] loop1: detected capacity change from 0 to 256
[  172.844291][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1410'.
[  172.855403][ T8548] FAULT_INJECTION: forcing a failure.
[  172.855403][ T8548] name failslab, interval 1, probability 0, space 0, times 0
[  172.865701][   T29] audit: type=1400 audit(1752304208.485:3050): avc:  denied  { write } for  pid=8535 comm="syz.4.1404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  172.868108][ T8548] CPU: 1 UID: 0 PID: 8548 Comm: syz.5.1412 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  172.868149][ T8548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.868166][ T8548] Call Trace:
[  172.868174][ T8548]  <TASK>
[  172.868247][ T8548]  __dump_stack+0x1d/0x30
[  172.868276][ T8548]  dump_stack_lvl+0xe8/0x140
[  172.868303][ T8548]  dump_stack+0x15/0x1b
[  172.868370][ T8548]  should_fail_ex+0x265/0x280
[  172.868412][ T8548]  should_failslab+0x8c/0xb0
[  172.868442][ T8548]  kmem_cache_alloc_noprof+0x50/0x310
[  172.868510][ T8548]  ? alloc_empty_file+0x76/0x200
[  172.868544][ T8548]  alloc_empty_file+0x76/0x200
[  172.868575][ T8548]  dentry_open+0x2d/0x90
[  172.868649][ T8548]  do_mq_open+0x3c7/0x4f0
[  172.868687][ T8548]  __x64_sys_mq_open+0xcb/0x100
[  172.868721][ T8548]  x64_sys_call+0x27d6/0x2fb0
[  172.868784][ T8548]  do_syscall_64+0xd2/0x200
[  172.868807][ T8548]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  172.868843][ T8548]  ? clear_bhb_loop+0x40/0x90
[  172.868927][ T8548]  ? clear_bhb_loop+0x40/0x90
[  172.868956][ T8548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.868985][ T8548] RIP: 0033:0x7fbad0c2e929
[  172.869006][ T8548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.869031][ T8548] RSP: 002b:00007fbacf297038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  172.869101][ T8548] RAX: ffffffffffffffda RBX: 00007fbad0e55fa0 RCX: 00007fbad0c2e929
[  172.869135][ T8548] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000b40
[  172.869153][ T8548] RBP: 00007fbacf297090 R08: 0000000000000000 R09: 0000000000000000
[  172.869170][ T8548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.869187][ T8548] R13: 0000000000000000 R14: 00007fbad0e55fa0 R15: 00007ffec9666608
[  172.869221][ T8548]  </TASK>
[  172.892425][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed
[  173.031913][ T8556] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1414'.
[  173.036123][   T29] audit: type=1400 audit(1752304208.585:3051): avc:  denied  { append } for  pid=8541 comm="syz.2.1410" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  173.085082][ T8556] FAULT_INJECTION: forcing a failure.
[  173.085082][ T8556] name failslab, interval 1, probability 0, space 0, times 0
[  173.093699][   T29] audit: type=1400 audit(1752304208.585:3052): avc:  denied  { create } for  pid=8541 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  173.093728][   T29] audit: type=1400 audit(1752304208.585:3053): avc:  denied  { setopt } for  pid=8541 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  173.117411][ T8556] CPU: 0 UID: 0 PID: 8556 Comm: syz.5.1414 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  173.117493][ T8556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.117509][ T8556] Call Trace:
[  173.117518][ T8556]  <TASK>
[  173.117528][ T8556]  __dump_stack+0x1d/0x30
[  173.117553][ T8556]  dump_stack_lvl+0xe8/0x140
[  173.117575][ T8556]  dump_stack+0x15/0x1b
[  173.117595][ T8556]  should_fail_ex+0x265/0x280
[  173.117687][ T8556]  should_failslab+0x8c/0xb0
[  173.117712][ T8556]  kmem_cache_alloc_node_noprof+0x57/0x320
[  173.117786][ T8556]  ? __alloc_skb+0x101/0x320
[  173.117861][ T8556]  __alloc_skb+0x101/0x320
[  173.117898][ T8556]  netlink_ack+0xfd/0x500
[  173.117935][ T8556]  netlink_rcv_skb+0x192/0x220
[  173.118001][ T8556]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  173.118032][ T8556]  rtnetlink_rcv+0x1c/0x30
[  173.118071][ T8556]  netlink_unicast+0x5a8/0x680
[  173.118108][ T8556]  netlink_sendmsg+0x58b/0x6b0
[  173.118131][ T8556]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.118214][ T8556]  __sock_sendmsg+0x145/0x180
[  173.118249][ T8556]  ____sys_sendmsg+0x31e/0x4e0
[  173.118299][ T8556]  ___sys_sendmsg+0x17b/0x1d0
[  173.118409][ T8556]  __x64_sys_sendmsg+0xd4/0x160
[  173.118444][ T8556]  x64_sys_call+0x2999/0x2fb0
[  173.118515][ T8556]  do_syscall_64+0xd2/0x200
[  173.118539][ T8556]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  173.118577][ T8556]  ? clear_bhb_loop+0x40/0x90
[  173.118606][ T8556]  ? clear_bhb_loop+0x40/0x90
[  173.118693][ T8556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.118722][ T8556] RIP: 0033:0x7fbad0c2e929
[  173.118744][ T8556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.118770][ T8556] RSP: 002b:00007fbacf276038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.118794][ T8556] RAX: ffffffffffffffda RBX: 00007fbad0e56080 RCX: 00007fbad0c2e929
[  173.118812][ T8556] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  173.118869][ T8556] RBP: 00007fbacf276090 R08: 0000000000000000 R09: 0000000000000000
[  173.118886][ T8556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  173.118903][ T8556] R13: 0000000000000000 R14: 00007fbad0e56080 R15: 00007ffec9666608
[  173.118928][ T8556]  </TASK>
[  173.162417][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed
[  173.170602][   T29] audit: type=1400 audit(1752304208.585:3054): avc:  denied  { write } for  pid=8541 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  173.184623][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed
[  173.197377][ T8560] bridge: RTM_NEWNEIGH with invalid state 0x31
[  173.265331][   T29] audit: type=1400 audit(1752304208.835:3055): avc:  denied  { create } for  pid=8558 comm="syz.2.1417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  173.269296][ T8545] FAT-fs (loop1): Directory bread(block 1285) failed
[  173.272913][   T29] audit: type=1400 audit(1752304208.885:3056): avc:  denied  { getopt } for  pid=8557 comm="syz.0.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  173.544086][ T8579] loop1: detected capacity change from 0 to 512
[  173.552722][ T8579] EXT4-fs: Ignoring removed nomblk_io_submit option
[  173.583455][ T8579] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  173.591483][ T8579] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  173.603932][ T8579] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[  173.613613][ T8579] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[  173.626564][ T8586] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1423'.
[  173.635242][ T8579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  173.684306][ T8584] loop2: detected capacity change from 0 to 2048
[  173.724013][ T8584] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.781047][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.913568][ T8602] lo speed is unknown, defaulting to 1000
[  173.995029][ T8599] loop0: detected capacity change from 0 to 512
[  174.026566][ T8599] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  174.026739][ T8599] EXT4-fs (loop0): orphan cleanup on readonly fs
[  174.035545][ T8599] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #16: comm syz.0.1424: corrupted inode contents
[  174.035780][ T8599] EXT4-fs (loop0): Remounting filesystem read-only
[  174.035894][ T8599] EXT4-fs (loop0): 1 truncate cleaned up
[  174.036061][ T5453] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  174.036083][ T5453] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  174.036220][ T5453] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  174.050128][ T8599] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  174.343382][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.420452][ T8614] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  174.420452][ T8614]    program syz.0.1429 not setting count and/or reply_len properly
[  174.484570][ T8615] loop5: detected capacity change from 0 to 512
[  174.593528][ T8615] EXT4-fs (loop5): can't read group descriptor 0
[  174.739180][ T8617] loop4: detected capacity change from 0 to 128
[  174.788016][ T8617] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  174.788203][ T8617] ext4 filesystem being mounted at /274/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  174.799735][ T8617] lo speed is unknown, defaulting to 1000
[  174.832734][ T8627] netlink: 'syz.1.1433': attribute type 5 has an invalid length.
[  174.878921][ T8629] loop5: detected capacity change from 0 to 256
[  174.882901][ T8629] vfat: Unknown parameter 'ÿÿ'
[  174.887061][ T8629] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  174.887178][ T8629] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  174.951432][ T3310] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  176.252488][ T8641] loop0: detected capacity change from 0 to 512
[  176.599048][ T8661] loop5: detected capacity change from 0 to 512
[  176.600555][ T8661] EXT4-fs: Ignoring removed mblk_io_submit option
[  176.600589][ T8661] EXT4-fs: Ignoring removed bh option
[  176.657289][ T8664] __nla_validate_parse: 6 callbacks suppressed
[  176.657378][ T8664] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1445'.
[  176.657400][ T8664] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1445'.
[  177.117296][ T8661] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  177.125874][ T8661] EXT4-fs (loop5): 1 truncate cleaned up
[  177.126302][ T8661] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.144853][ T8660] loop1: detected capacity change from 0 to 512
[  177.145153][ T8660] EXT4-fs: Ignoring removed mblk_io_submit option
[  177.145250][ T8660] EXT4-fs: Ignoring removed bh option
[  177.156205][ T8660] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  177.168600][ T8660] EXT4-fs (loop1): 1 truncate cleaned up
[  177.169083][ T8660] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.209307][ T8641] EXT4-fs (loop0): can't read group descriptor 0
[  177.349075][ T7425] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.444569][ T8670] loop0: detected capacity change from 0 to 2048
[  177.460245][ T8670] EXT4-fs: Ignoring removed nobh option
[  177.488846][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.501048][ T8670] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.574447][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.604315][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.647664][ T8682] lo speed is unknown, defaulting to 1000
[  177.724662][   T29] kauditd_printk_skb: 41 callbacks suppressed
[  177.724680][   T29] audit: type=1400 audit(1752304213.405:3092): avc:  denied  { mounton } for  pid=8687 comm="kfree" path="/38/file0" dev="tmpfs" ino=223 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  177.789775][   T29] audit: type=1400 audit(1752304213.445:3093): avc:  denied  { mount } for  pid=8687 comm="kfree" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  177.812096][   T29] audit: type=1400 audit(1752304213.445:3094): avc:  denied  { write } for  pid=8687 comm="kfree" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  177.832591][   T29] audit: type=1400 audit(1752304213.445:3095): avc:  denied  { open } for  pid=8687 comm="kfree" path="/38/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  177.855055][   T29] audit: type=1400 audit(1752304213.465:3096): avc:  denied  { unmount } for  pid=7425 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  177.935531][ T8692] loop1: detected capacity change from 0 to 512
[  177.970201][ T8692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.001459][ T8700] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  178.001459][ T8700]    program syz.2.1451 not setting count and/or reply_len properly
[  178.019937][ T8703] netlink: 'syz.0.1460': attribute type 11 has an invalid length.
[  178.027835][ T8703] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1460'.
[  178.040281][ T8692] ext4 filesystem being mounted at /310/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  178.058682][ T8706] netlink: 'syz.5.1461': attribute type 21 has an invalid length.
[  178.068013][   T29] audit: type=1400 audit(1752304213.735:3097): avc:  denied  { append } for  pid=8705 comm="syz.5.1461" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  178.104143][ T8692] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1457: corrupted inode contents
[  178.117913][ T8692] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1457: mark_inode_dirty error
[  178.129987][   T29] audit: type=1400 audit(1752304213.785:3098): avc:  denied  { write } for  pid=8691 comm="syz.1.1457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  178.149645][   T29] audit: type=1400 audit(1752304213.785:3099): avc:  denied  { create } for  pid=8691 comm="syz.1.1457" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  178.174485][   T29] audit: type=1400 audit(1752304213.815:3100): avc:  denied  { map } for  pid=8705 comm="syz.5.1461" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  178.183671][ T8707] vhci_hcd: invalid port number 96
[  178.199126][ T8692] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1457: corrupted inode contents
[  178.204002][ T8707] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  178.227431][ T8692] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1457: mark_inode_dirty error
[  178.240655][ T8706] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1461'.
[  178.301242][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.316658][ T8711] loop2: detected capacity change from 0 to 1024
[  178.332058][ T2996] ==================================================================
[  178.340205][ T2996] BUG: KCSAN: data-race in set_nlink / set_nlink
[  178.346583][ T2996] 
[  178.348920][ T2996] read to 0xffff888106735120 of 4 bytes by task 3297 on cpu 0:
[  178.356487][ T2996]  set_nlink+0x29/0xb0
[  178.360604][ T2996]  kernfs_iop_permission+0x1e2/0x220
[  178.365914][ T2996]  inode_permission+0x1c7/0x310
[  178.370788][ T2996]  link_path_walk+0x162/0x900
[  178.375482][ T2996]  path_openat+0x1de/0x2170
[  178.380019][ T2996]  do_filp_open+0x109/0x230
[  178.384559][ T2996]  do_sys_openat2+0xa6/0x110
[  178.389175][ T2996]  __x64_sys_openat+0xf2/0x120
[  178.393975][ T2996]  x64_sys_call+0x1af/0x2fb0
[  178.398598][ T2996]  do_syscall_64+0xd2/0x200
[  178.403135][ T2996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.409067][ T2996] 
[  178.411410][ T2996] write to 0xffff888106735120 of 4 bytes by task 2996 on cpu 1:
[  178.419160][ T2996]  set_nlink+0x99/0xb0
[  178.423269][ T2996]  kernfs_iop_permission+0x1e2/0x220
[  178.428585][ T2996]  inode_permission+0x1c7/0x310
[  178.433462][ T2996]  link_path_walk+0x162/0x900
[  178.438166][ T2996]  path_lookupat+0x63/0x2a0
[  178.442795][ T2996]  filename_lookup+0x147/0x340
[  178.447583][ T2996]  vfs_statx+0x9d/0x390
[  178.451765][ T2996]  vfs_fstatat+0x115/0x170
[  178.456204][ T2996]  __se_sys_newfstatat+0x55/0x260
[  178.461263][ T2996]  __x64_sys_newfstatat+0x55/0x70
[  178.466319][ T2996]  x64_sys_call+0x2c22/0x2fb0
[  178.471028][ T2996]  do_syscall_64+0xd2/0x200
[  178.475547][ T2996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.481456][ T2996] 
[  178.483880][ T2996] value changed: 0x00000008 -> 0x00000009
[  178.489613][ T2996] 
[  178.491954][ T2996] Reported by Kernel Concurrency Sanitizer on:
[  178.498122][ T2996] CPU: 1 UID: 0 PID: 2996 Comm: udevd Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(voluntary) 
[  178.510111][ T2996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.520177][ T2996] ==================================================================
[  178.532913][ T8714] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  178.532913][ T8714]    program syz.0.1465 not setting count and/or reply_len properly
[  178.553009][ T8715] loop5: detected capacity change from 0 to 1024
[  178.596854][ T8715] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.612569][ T8711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.663539][ T8715] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.675082][ T8711] ext4 filesystem being mounted at /302/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.688870][ T8711] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1463: bg 0: block 393: padding at end of block bitmap is not set
[  178.704907][ T8715] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1466: bg 0: block 393: padding at end of block bitmap is not set
[  178.720817][ T8711] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  178.733398][ T8711] EXT4-fs (loop2): This should not happen!! Data will be lost
[  178.733398][ T8711] 
[  178.743199][ T8711] EXT4-fs (loop2): Total free blocks count 0
[  178.749206][ T8711] EXT4-fs (loop2): Free/Dirty block details
[  178.755228][ T8711] EXT4-fs (loop2): free_blocks=0
[  178.760195][ T8711] EXT4-fs (loop2): dirty_blocks=16
[  178.765410][ T8711] EXT4-fs (loop2): Block reservation details
[  178.771432][ T8711] EXT4-fs (loop2): i_reserved_data_blocks=1
[  178.780633][ T8715] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  178.793185][ T8715] EXT4-fs (loop5): This should not happen!! Data will be lost
[  178.793185][ T8715] 
[  178.802869][ T8715] EXT4-fs (loop5): Total free blocks count 0
[  178.808981][ T8715] EXT4-fs (loop5): Free/Dirty block details
[  178.814925][ T8715] EXT4-fs (loop5): free_blocks=0
[  178.819935][ T8715] EXT4-fs (loop5): dirty_blocks=16
[  178.825067][ T8715] EXT4-fs (loop5): Block reservation details
[  178.831097][ T8715] EXT4-fs (loop5): i_reserved_data_blocks=1
[  178.838275][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.862703][ T7425] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.