last executing test programs:

2.307009961s ago: executing program 0 (id=343):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

2.306619201s ago: executing program 4 (id=344):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000), 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f909000000210002"], 0x1c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0), 0x4)

2.262214635s ago: executing program 0 (id=347):
readlinkat(0xffffffffffffffff, 0x0, &(0x7f0000000180)=""/1, 0x1)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x15)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x619, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = dup(r0)
r2 = getpid()
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f00000002c0)=0x80000d073)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000d8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r4)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0}], 0x2, &(0x7f0000000300)=ANY=[@ANYRES16=r4, @ANYRES32=r6], 0x20, 0x2400e044}, 0x10)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x20004090)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x5, 0x6, 0x87, 0xffffffff, 0x40})
r7 = syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = syz_pidfd_open(r7, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r8, 0xff06, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00"/11], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

2.220598228s ago: executing program 4 (id=349):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMETA(r1, 0x4bfa, &(0x7f0000000180))
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r0}, 0x18)
r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000080)={0x0})
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
unshare(0x2c060000)
socket$inet_icmp(0x2, 0x2, 0x1)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000000))
unshare(0x2c020400)
r5 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
close_range(r5, r2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000640)={0x194, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xa2, 0xa9, @random="40b16b62d1e0a5c0c59cfe64804725f4949424cd934e8aa4e6e8e5b105fda9b62efe702c7479daa268cc78f460f14fa6c838640ea7e2e8a311b3daee77cbb85c70489142d914101ce858c29ed5aff4faacf89927e0b3c4d56d685ec353c4d6f4120ea89eae0f95e826d35d20f8b1880123d7de3b4040cc7e9e226ef3ac52c21c3ce9af99b492522f7a2d931a238a4bf52204d731a559dc61c3df4df8b45e"}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0x73, 0xa9, @random="669e8603451d21eb745f7bf87f742c2e940f194e59b1bad1152c91db024b01cf422eb6c24ff9628e340d9ab8efa298b4507fdc5ede446ca224bd72d3868284cd1b4826c0f72d6f05e4581e52f69102d4f3d6994771ce2c32865eb6599f8bea6bd41bbfb16ac638861dc47a2655b0e5"}]}, 0x194}, 0x1, 0x0, 0x0, 0x40000}, 0x845)
recvmmsg(0xffffffffffffffff, &(0x7f0000003dc0)=[{{0x0, 0x0, 0x0}, 0xe5}], 0x1, 0x0, 0x0)
r6 = open(&(0x7f0000000200)='./file1\x00', 0x4401, 0xb5)
fallocate(r6, 0x11, 0xfff, 0x8800000)
truncate(&(0x7f0000000900)='./file1\x00', 0xbf39)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x6}}, 0x20)

1.193020403s ago: executing program 0 (id=358):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

1.154025876s ago: executing program 4 (id=360):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0)
fcntl$getownex(r0, 0x10, 0x0)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)={0x2c, r2, 0x1, 0x70bd2d, 0x0, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x2c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xa3, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x30, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r5 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r5, &(0x7f0000e15000)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f00000002c0)=[{0x6}]}, 0x10)
listen(r5, 0x0)
write(r5, &(0x7f0000000700)="28e4fb390fb5471382d82c4c66edc771eb", 0x11)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r6=>0x0})
getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f00000004c0)={@dev, @dev, <r7=>0x0}, &(0x7f0000000500)=0xc)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000540)=<r8=>0x0, &(0x7f0000000580)=0x4)
write$snapshot(0xffffffffffffffff, &(0x7f00000009c0)="9e224079d57d8be22f32bc2203deffcf7bd3a7f12921da42461219c6199c5d34fed43ba417fb8d157a64f8a763f19685259b5e7c97c44b5f5eaa52c049af9a53ed185791eef8258474fbe926e0f2357db96f112356b682bb59887618965ab4065ff1163ea1e704a5449843afa57ef8857b973ed7e053f6ccb951a0cba2a9db428e4a0c46a818649b0aef28421c82458e94d0dba03657335906f914c0ae53fab13d671287db7967b6cd29b2b014201f3a28840574fe00e6cf46102a8ae7a814d024b1490ab2bfd28cb97b0e1b48a44e6caaa4b04caa9a94a97cb00a282fafeafadd015fcd24a86a778e", 0xe9)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000006c0)={'ip_vti0\x00', &(0x7f00000005c0)={'gre0\x00', <r9=>0x0, 0x0, 0x0, 0x0, 0x3, {{0x2c, 0x4, 0x2, 0x1, 0xb0, 0x68, 0x0, 0x5, 0x2f, 0x0, @multicast1, @loopback, {[@timestamp_addr={0x44, 0x3c, 0x4e, 0x1, 0x9, [{@remote, 0x4}, {@multicast1, 0x5}, {@private=0xa010101, 0x10000}, {@private=0xa010100}, {@private=0xa010101, 0xfffffa3f}, {@empty, 0xfffffffa}, {@multicast1, 0x4}]}, @timestamp_prespec={0x44, 0x2c, 0x6f, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@rand_addr=0x64010102, 0x1}, {@rand_addr=0x64010102, 0xf4b}, {@empty, 0x2}, {@loopback, 0xfffffbff}]}, @timestamp_prespec={0x44, 0x34, 0x7c, 0x3, 0x7, [{@local, 0x9}, {@remote, 0x7}, {@remote, 0x401}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x400}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}, {@remote, 0x6}]}]}}}}})
sendmsg$ETHTOOL_MSG_WOL_GET(r1, &(0x7f0000000880)={&(0x7f0000000000), 0xc, &(0x7f0000000840)={&(0x7f0000000ac0)={0x130, r2, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x130}}, 0x20000000)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000007c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_DEL_MPATH(r1, &(0x7f0000000c00)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000800)={&(0x7f00000008c0)={0x88, r10, 0x2, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0xfffffffa, 0x40}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x10)

1.069389033s ago: executing program 2 (id=362):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000f00), 0xffffffffffffffff)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f00000001c0), 0x8)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6004, 0x1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r4, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x480c0}, 0x0)
close(r5)
accept4(r4, 0x0, 0x0, 0x400000000000000)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ffff7fff00000000180000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000600160000000000050012000000000006001100ffdd000008000b002f0000000f3f5ed66b5f72c96c8415126cc63facb88968222af9c1a19649ac80ffe0c8dd97760089e1ba3a0c56ccdfb125ca2e22f2a216e16976e49e76fda52cacd5f6c3b8aba8b6c358574150e51a9b8116"], 0x64}, 0x1, 0x0, 0x0, 0x240008c4}, 0x0)

1.019429427s ago: executing program 4 (id=363):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
syz_usb_disconnect(r0)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x40095505, 0x0) (fail_nth: 4)

1.019099087s ago: executing program 2 (id=364):
set_mempolicy(0x3, 0x0, 0x8)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000000)="1400000010003507", 0x8}], 0x1}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
futex(&(0x7f0000000040)=0x1, 0xd, 0x0, &(0x7f0000000140)={r1, r2+10000000}, &(0x7f00000001c0)=0x1, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={0xffffffffffffffff, r3}, 0x40)
syz_emit_ethernet(0xfdef, &(0x7f00000006c0)=ANY=[], 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r4}, 0x8)
clock_nanosleep(0x4, 0x1, &(0x7f0000000900)={0x0, 0x989680}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="d76b1961cd0083108ae09218ed1b9c1395cd79ab731add02d2763a87d7228062df7d54beb2e06e5719c11d37ee1a1ff890fb80e88c4b9874139e097951090c15d9"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x43, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
fdatasync(0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), 0xffffffffffffffff)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r5, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r6, 0x0, 0x7}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f0000000980)=ANY=[@ANYBLOB="000000004c900200080000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000001b00000000000000000000000000000000000000000000000000000000000000ffffffffcf00000002000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cf34262bbbc53ea512f3e3227e200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f4205ee066abd05f55a559cc038578d762f47f03f4a528496a4fdf4dc844528440486cbe550f6bbe0a4ece43fcc795730f7031c73b0d8"])
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$inet(0x2, 0x3, 0x5)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000540)=0x710, 0x4)
setsockopt$inet6_int(r8, 0x29, 0x31, &(0x7f0000000040)=0x80, 0x4)
sendto$inet6(r8, 0x0, 0x0, 0x80, &(0x7f0000000000)={0xa, 0x4e23, 0x40000004, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
recvmsg(r8, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x2063)
socket$nl_netfilter(0x10, 0x3, 0xc)
rt_sigaction(0x10, &(0x7f0000000500)={&(0x7f00000003c0)="0fc450f4f7c461e85e9d655666668f4968921cba2ef245a7c4a225a817f30f1ef3c42139d259030f4a141ef3ad66470fdcde", 0x90000004, &(0x7f00000004c0)="dbddc421a5f61f0f5f557226f20f0fd0a43e45dd11460f0d6efe643e64652e364a0f38f921c4412d5976003064b8a20fbafc18", {[0x8]}}, &(0x7f0000000580)={&(0x7f00000007c0)="2e0f122538000000660f598ecc335b720fc7a4725634d56af240aa0f8186000000660fecaf54b66f9d418140e30b0000003406c461fc51a43619000000c4017de764f693", 0x0, &(0x7f0000000840)="c42268f39a0000008065646666440f3834be000001002c3265f24c0f2d3d53b40000660f3a416172ffc42215b8f365660fd0f2640f1c69e92e470f4e695f65470ff1a4b2e04b0000"}, 0x8, &(0x7f0000000740))

967.269371ms ago: executing program 0 (id=367):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
socket$kcm(0xa, 0x2, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x90)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a0001000500000000000072000000000000000000", 0x39}], 0x1)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x28}}], 0x30}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4da0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x29, 0x5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008020000d900000000000000", @ANYRES32, @ANYBLOB="faff083a600f06000000f3078123f9a764b2dd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000080000000000076eb120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
socket$nl_xfrm(0x10, 0x3, 0x6)

966.770831ms ago: executing program 0 (id=368):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x18)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x70bd27, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
write$selinux_attr(r1, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
socketpair$tipc(0x20, 0x1, 0x0, &(0x7f0000000600))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$key(0xf, 0x3, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r4 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000580)=ANY=[], 0x0, 0xb7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffc499}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$qrtr(r6, &(0x7f0000003480)={0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000002100)="f20fe54a", 0x4}], 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="10000000000078000000000000003915cb9c000000000000010000000100010052e2118fafb73406d0d222379aa066024de2732763138221d479e1b7a10f5ecd8d1afdd37be31852bb66c2d6ede5d350750b3eba3cd4c0407480e7db5c042c420484b85fd8d19c97aecbdbb5da6873b04e778c0fb2569a2f795b7cadba8cd1e1a6e9791792cfb6e6ff0113b82a6704786d94e929d5505b26892165cea59dfe433109a523"], 0x20, 0x1}, 0x38)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')

559.375364ms ago: executing program 2 (id=371):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7}, 0x18)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000140)=ANY=[], 0x7)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x1}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\xac\xed\x00\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r4}, 0x18)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

485.81584ms ago: executing program 0 (id=375):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
clock_getres(0x9, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f00000003c0)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000400))
clock_gettime(0x0, &(0x7f0000000440)={<r4=>0x0, <r5=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000280)={{r2, r3+10000000}, {r4, r5+10000000}}, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r6, &(0x7f0000000740)={0x1f, @none}, 0x8)
listen(r6, 0x0)
accept4(r6, 0x0, 0x0, 0x80800)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="200000006100000080000000000000004ddaffffffffffffff07000201000000a6000000000000009dcad78bbd64a6f0085043883f1c210deaf4d51cb54345d533f64c5b05be429e29b08185764240f505371441918c0a36e29610fd2a160facb9b688fa4bef5fae6f89f5ccc55229e8271308dd6edb74662e0d35dd123e7b1730e0d9c2af632c6f4ad4db2bc0915db238e00b104351af358c4e81bb3cbee039bcf0b5aaea33142be631c494cc56eadcb4aa1994d2a0ce0db8c0abb305cbdd57"], &(0x7f0000000380), 0x0)
r7 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85LX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%|j\xd8)|\xb8:f`\x8cA|\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er2\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*t9\xa9\b X \x04\"\x17\xbf\xcb\xceF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9-)\x90\x01\v\xee\xcb\xca\xc0\'\xd5W\xc5;\x92\\\xf8u\x03Y\xee\x99EI\xf1t\xadn<\x9bJ6\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07\x00'/296, 0x6)
write$binfmt_script(r7, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
r8 = socket(0xa, 0x3, 0x87)
sendmmsg$unix(r8, &(0x7f0000000040)=[{{&(0x7f0000000100)=@abs, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20048004}}], 0x1, 0x0)
execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

321.934884ms ago: executing program 1 (id=377):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

321.481884ms ago: executing program 2 (id=378):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
socket$kcm(0xa, 0x2, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x90)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a0001000500000000000072000000000000000000", 0x39}], 0x1)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x28}}], 0x30}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4da0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x29, 0x5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008020000d900000000000000", @ANYRES32, @ANYBLOB="faff083a600f06000000f3078123f9a764b2dd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000080000000000076eb120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
socket$nl_xfrm(0x10, 0x3, 0x6)

288.073326ms ago: executing program 2 (id=379):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getrusage(0xffffffffffffffff, &(0x7f0000001040))

275.173898ms ago: executing program 1 (id=380):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000100)=0x100000000, 0x8)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002000)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e4ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241af5ac30189eced78c1611b972d03bfef046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f"], 0x1, 0x21b, &(0x7f0000000300)="$eJzs2j+LHGUcB/DfnJHEC5dd8R8JiA9aqM2Q3doihyQgLiiaFaIgmXizuuy4e+wsBytirtLWl2AtlnaCpLS5xldgYXfNlSnEkWRjcnesxSHein4+zXzhmS88D8/w8BSz/9rXn44GdT4oZrGWZbF2JXbjbhbtWIs/7carL9/46fl3b7z/5mavd/WdlK5tXu90U0oXXvjxg8+/e/HO7Px731/44WzstT/cP+j+uvfs3sX9369/MqzTsE7jySwV6dZkMituVWXaGtajPKW3q7KoyzQc1+X0yPigmmxvz1Mx3tpY356WdZ2K8TyNynmaTdJsOk/Fx8VwnPI8Txvrwd/R//Zu08RB8/jNaJrmiW/i/J3Y+CVakT2ZsqeuZM/czJ7bzS4eNE1r1VPlH2H//98OHernIqqvdvo7/cVzMb45iGFUUcblaMVvce8zeWCRr73Ru3o53deOL6vbD/q3d/qPHe13ohXt5f3Oop+O9s/G+uF+N1rx9PJ+d2n/XLzy0qF+Hq34+aOYRBVbca/7qP9FJ6XX3+od61+6/x4AwH9Nnh5aen/L878aX/RPcD88dr86E5fOrHbtRNTzz0ZFVZVTQRCEh2HVJxOn4dGmr3omAAAAAAAAAAAAnMRp/E646jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/bn8EAAD//xrx1cI=")
syz_emit_ethernet(0x1e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaa"], 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x180)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
getrlimit(0xc, &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4f, &(0x7f0000000a80)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d0100001984"], 0x0)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300030c000000ff0e0000000000000200090008000000ee00000000005d0003000600000000000200000000000000000000000000000002000100000004d300000602000000e0030005000000000002000000ac1414000000000000000000"], 0x60}, 0x1, 0x7}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)

218.556122ms ago: executing program 3 (id=381):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x36b, &(0x7f0000000100)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8100, 0x6}}, {@ipv4={0x800, @gre={{0x1b, 0x4, 0x1, 0x8, 0x355, 0x66, 0x0, 0xba, 0x2f, 0x0, @local, @remote, {[@timestamp_addr={0x44, 0x14, 0x58, 0x1, 0x4, [{@multicast2, 0x9}, {@rand_addr=0x64010100, 0x8}]}, @generic={0x88, 0x9, "537f934912f6f2"}, @end, @rr={0x7, 0x23, 0x68, [@empty, @local, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x36}, @multicast1, @multicast2, @broadcast, @multicast1]}, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x13, 0xf7, [@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @private=0xa010100]}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x8a, 0x1, [], "2fe97875b5cb6d427613a9a5fdf651cf98d3f7b94711c2a5064d97e77b06896503dc5c562040d18e66420f49ee0d6e4d25c66bc28547109e44869cc6667f4900b201ef16c3bbfb59985a1952e8cdb49a91625bf4f0d93caf8f0dd4cb99f30f3105bf9ad2e144bcc285a2e1916f943c009132d1bbe70c63c3ee3968fdc23c7b9def29fdedd2ac15afb723"}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800, [0x80, 0x8001, 0x4], "49aa704fd98b52b9910f53e1a0f667c837e01318b76e9853c32b0db95a83d098a13c69f87811149d17d6f8f7f464c3c28d3a78901db5a9cb2aa73bafb066ec2eede127e0d1aa444169e2154c0a487c13ebd63d3887707c781e8deb8c7b69104b97164d02e0bef7c7b1058f851b7cb90717e7e6f21074b246ada68225ec72053ef5163ed83cf6c1e0a2674ad210b19eb5569c7b5790e3a90c7ef778da96859faf1139e64abe60151adff9df97f1403601a5"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x101], "b0eb7b2115a24374da8963fee7a9e9f9a0775857894ede53c0acde4df5eec4f17e82fce03e2033def5505cf9667f606edca85a9cadc51f47dbe8cb21f8c2e79ab3cefb563f98b8ab0e73f29938afe241feb8eded72d6241db4b0747b1520e505c8e6c005a3905e386cf8f5270c8fb7007aa4bbac51856e723043bc2330000b420addf2296f816d7571f3c79d7beba28e8cd565ea80ebadbf8671f6c79d4cf228c9914498610396cb9a3c04d8e475b26aff2cee31a31d10c666a415f9bf066f0bb7920088e98f8cc1c82255e173d3bb54af72bd6a4649531f2b58a141"}, {0x8, 0x88be, 0x3, {{0x6, 0x1, 0x9, 0x3, 0x1, 0x0, 0x1, 0x80}, 0x1, {0x1000}}}, {0x8, 0x22eb, 0x3, {{0x8, 0x2, 0x2, 0x2, 0x1, 0x1, 0x0, 0x90}, 0x2, {0xff, 0x7fff, 0x3, 0x4, 0x1, 0x0, 0x1, 0x1}}}, {0x8, 0x6558, 0x4, "ad8d6cb913acfc767375f6d50847af94f711f6674be2fe4f28c7e5a3721af2bc4efc45802e8a3e832e833c2d2160fec576f40a4a8ac85aab834c62dd399e6d8e44ab50a1f0ba6eaa5e63efb1bfde95a0e31b4ee02367421fbc1e7f2e76cab66c927366964a56e8075ef7efd0551c868ca69cd41960f16de7b6648f78c141a1410e2e716f8b90"}}}}}}, 0x0)

218.244392ms ago: executing program 2 (id=382):
r0 = gettid()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x49000)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x3]}, 0x8)
r3 = dup(r2)
read$msr(r3, &(0x7f0000002c00)=""/4108, 0x100c)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001240)=<r5=>0x0)
creat(0x0, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100ebff00001c0007800c00018008000140ffffffff0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01000000bfce0dad37cf2d913b624c158d15167a082616b77f19d71e80a2e17a9397768fcbc8d91e01740d5e54b2efad9173c9fa98", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r8, @ANYRESOCT=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet_sctp(r4, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}], 0x1, &(0x7f0000000280)=[@init={0x18, 0x84, 0x0, {0x7ff, 0x0, 0x3}}, @dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x30, 0x14001}], 0x1, 0x4044040)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10, &(0x7f0000000040)={[{@usrjquota}]}, 0x1, 0x3e7, &(0x7f0000000480)="$eJzs3E1vG0UfAPD/bl7apn1qV3oOvFwsQCISImnSFqgEEhEXDu2JHjhixWmJ6jSoMRKtIl4E4gYSiA8AB+AjcIQD3wHOwAEqRSgHUm5Ga+86Jn5pQx0skt9PGnlmZ+OZ9WTWu+PZCeDIqkTEixExERFnI6KUb0/zEO+2Q7bfzvbm8p/bm8tJNJuv/J5Ekm8r3ivJX0/mbzCbRqQfJPFon3I3bt2+Xq3XV27m6fnG2hvzG7duP726Vr22cm3lxuIz585fuPDcxcVnR3asW2vJR098demXTz6sffrDb9+Ws/qeyvO6j2NUKlHpfCZ7XRx1YWN2vCueTI6xIgAADJXm1/6Trev/UkzE7sVbKT7+fqyVAwAAAEai2SxeAQAAgMMrce8PAAAAh1wxD2Bne3O5CGOcjsC/bGspIsrt9r+bh3bOZOeZ3qk9z/eOUiUiXj5+eTELcUDPYQMAAAAcZd8ttRf+6x3/S+Ohrv1ORMRMsbbfCFX2pHvHf9I7Iy6SLltLEc9HxN2e8b+02KU8kaf+1xoqnEqurtZXzkbE6YiYjaljWXphSBlvP3b960F53eN/n//86kJWfva6u0d6Z/LY3/+mVm1UH+SY2bX1XsQjk/3aP+mM+Xavk/lPvLa688KgvKz9s/YuQm/7c5CaX0Q82bf/765cmgxfn3W+dT6YL84KvX469eX7g8rv7v9ZyMovfgvg4GX9f2Z4+7fWye2s17ux/zK++ePyj4Py7t3+/c//08mVVgWn821vVRuNmwsR08ml3u3+mzqKz6P4vLL2n328//d/cf2X5N/9p7vWh+4x5AfCl945c2VQnv4/Xln71/bV//cfeX3m4dlB5d9f/z/fqkzxJq7/7u1+G2jc9QQAAAAAAABgNNLW3L4knevE03Rurj3P9/8xk9bXNxpPXV1/80atPQewHFNpMdOr1DUfdKH9GHknvbgnfS4izkTEZ6UTrfTc8nq9Nu6DBwAAgCPi5ID7/8yvAx/2AAAAAP5zyuOuAAAAAHDg3P8DAADAofYg6/qLiIgc1si4z0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR9tfAQAA///8h8MD")
r9 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
sendfile(r9, 0xffffffffffffffff, 0x0, 0x40001)

217.668763ms ago: executing program 3 (id=383):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000010c0), 0x2, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x2, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x48810}, 0x44080)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffdc, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x9, 0x4, 0x6, 0x7}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x400)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@sysvgroups}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x174)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x490e7, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)={0xc0, 0x1, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}, @CTA_NAT_DST={0x64, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @local}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V4_MINIP={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x39}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010101}, @CTA_NAT_V4_MINIP={0x8, 0x1, @empty}]}, @CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @rand_addr=0x64010102}}}]}, @CTA_TUPLE_ORIG={0x28, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x20044801}, 0x40000)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xf, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10)
sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, &(0x7f00000000c0)={<r10=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r10, r0}}, 0x18)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x59}, {&(0x7f0000000100)="0d000000246804003199aee6fdb9291b3091ec1a2d41d2270a00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x21}, {&(0x7f00000024c0)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc94638440073bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)

216.854612ms ago: executing program 1 (id=384):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

181.374566ms ago: executing program 1 (id=385):
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xa, 0x4, 0x8, 0x8}, 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fsetxattr$security_selinux(r1, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)

161.036517ms ago: executing program 1 (id=386):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000aee9cbfe224d5000000000000000400000a00000ac952f6bcc83c4cf2c8403a0a67609f9cca74c03712c19ae17f76d291c06a48d0726dcbcca29a23524c7a1aec1b2572c71430992d7ed644ffb11fcd1128a328832a9c10e11b10c0480c9740329dbee1ac5bc9293e5111e18635edf637a2c96681851b331ba7ae9b93801896ef38abf86ba9758f1743ff176059560507"], 0x28}, 0x1, 0x0, 0x0, 0xc0d5}, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0xff, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(r2, &(0x7f0000001c00), 0x400000000000159, 0x40840)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

100.946692ms ago: executing program 1 (id=387):
r0 = gettid()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x49000)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x3]}, 0x8)
r3 = dup(r2)
read$msr(r3, &(0x7f0000002c00)=""/4108, 0x100c)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001240)=<r5=>0x0)
creat(0x0, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100ebff00001c0007800c00018008000140ffffffff0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01000000bfce0dad37cf2d913b624c158d15167a082616b77f19d71e80a2e17a9397768fcbc8d91e01740d5e54b2efad9173c9", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r8, @ANYRESOCT=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet_sctp(r4, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}], 0x1, &(0x7f0000000280)=[@init={0x18, 0x84, 0x0, {0x7ff, 0x0, 0x3}}, @dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x30, 0x14001}], 0x1, 0x4044040)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10, &(0x7f0000000040)={[{@usrjquota}]}, 0x1, 0x3e7, &(0x7f0000000480)="$eJzs3E1vG0UfAPD/bl7apn1qV3oOvFwsQCISImnSFqgEEhEXDu2JHjhixWmJ6jSoMRKtIl4E4gYSiA8AB+AjcIQD3wHOwAEqRSgHUm5Ga+86Jn5pQx0skt9PGnlmZ+OZ9WTWu+PZCeDIqkTEixExERFnI6KUb0/zEO+2Q7bfzvbm8p/bm8tJNJuv/J5Ekm8r3ivJX0/mbzCbRqQfJPFon3I3bt2+Xq3XV27m6fnG2hvzG7duP726Vr22cm3lxuIz585fuPDcxcVnR3asW2vJR098demXTz6sffrDb9+Ws/qeyvO6j2NUKlHpfCZ7XRx1YWN2vCueTI6xIgAADJXm1/6Trev/UkzE7sVbKT7+fqyVAwAAAEai2SxeAQAAgMMrce8PAAAAh1wxD2Bne3O5CGOcjsC/bGspIsrt9r+bh3bOZOeZ3qk9z/eOUiUiXj5+eTELcUDPYQMAAAAcZd8ttRf+6x3/S+Ohrv1ORMRMsbbfCFX2pHvHf9I7Iy6SLltLEc9HxN2e8b+02KU8kaf+1xoqnEqurtZXzkbE6YiYjaljWXphSBlvP3b960F53eN/n//86kJWfva6u0d6Z/LY3/+mVm1UH+SY2bX1XsQjk/3aP+mM+Xavk/lPvLa688KgvKz9s/YuQm/7c5CaX0Q82bf/765cmgxfn3W+dT6YL84KvX469eX7g8rv7v9ZyMovfgvg4GX9f2Z4+7fWye2s17ux/zK++ePyj4Py7t3+/c//08mVVgWn821vVRuNmwsR08ml3u3+mzqKz6P4vLL2n328//d/cf2X5N/9p7vWh+4x5AfCl945c2VQnv4/Xln71/bV//cfeX3m4dlB5d9f/z/fqkzxJq7/7u1+G2jc9QQAAAAAAABgNNLW3L4knevE03Rurj3P9/8xk9bXNxpPXV1/80atPQewHFNpMdOr1DUfdKH9GHknvbgnfS4izkTEZ6UTrfTc8nq9Nu6DBwAAgCPi5ID7/8yvAx/2AAAAAP5zyuOuAAAAAHDg3P8DAADAofYg6/qLiIgc1si4z0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR9tfAQAA///8h8MD")
r9 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
sendfile(r9, 0xffffffffffffffff, 0x0, 0x40001)

100.173662ms ago: executing program 3 (id=388):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x801}, 0x0)

99.757202ms ago: executing program 3 (id=389):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
socket$kcm(0xa, 0x2, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x90)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a0001000500000000000072000000000000000000", 0x39}], 0x1)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x28}}], 0x30}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4da0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x29, 0x5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008020000d900000000000000", @ANYRES32, @ANYBLOB="faff083a600f06000000f3078123f9a764b2dd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000080000000000076eb120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
socket$nl_xfrm(0x10, 0x3, 0x6)

61.304205ms ago: executing program 3 (id=390):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

10.032639ms ago: executing program 4 (id=391):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$kcm(0xa, 0x1, 0x106)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r2)
sendmsg$kcm(r1, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)
close(r1) (fail_nth: 2)

9.419799ms ago: executing program 3 (id=392):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa1000000f8ffffffb702000008000000b70300000000008385000000710000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$kcm(0xa, 0x1, 0x106)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0900000004000000010000000b00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000edec173170041403706df8435ff3395a67e466a2f5862c0d3cbd78813bda952e713766d4f8d5310f6e4609"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001bc0)=@newtaction={0x488, 0x30, 0xffff, 0x3, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xe6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x7f, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x400, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10001, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x100, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x33cabbbe, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x6b40, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000000, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1a6d, 0x4, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x8, 0x0, 0x0, 0xfffffffe, {0x4, 0x0, 0x0, 0x0, 0xb, 0x3}, {0x4, 0x2, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x3, 0x2}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x2}}}}]}]}, 0x488}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = getpid()
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="0248060002200000140012800900010076657468000e00000000028008001300", @ANYRES32=r6], 0x3c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setreuid(0xffffffffffffffff, 0xee01)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000100)=0x42, 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r7)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x24, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x4c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r9 = creat(&(0x7f00000000c0)='./file0\x00', 0x48)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[])
sendmsg$kcm(r1, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)
linkat(r9, &(0x7f0000000180)='./file1\x00', r9, &(0x7f00000001c0)='./file0\x00', 0x0)
close(r1)

0s ago: executing program 4 (id=393):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getrusage(0xffffffffffffffff, &(0x7f0000001040))

0s ago: executing program 4 (id=394):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1400, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0xc, 0x10001, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000140), 0x0, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xcc, 0xcc, 0x6, [@type_tag={0xd, 0x0, 0x0, 0x12, 0x2}, @union={0x6, 0x6, 0x0, 0x5, 0x0, 0x2, [{0xc, 0x4, 0x4}, {0xd, 0x3, 0x18}, {0xf, 0x5, 0x8}, {0x2, 0x1, 0x8}, {0x1, 0x3, 0x4}, {0x0, 0x0, 0x6}]}, @enum64={0xa, 0x2, 0x0, 0x13, 0x0, 0x9, [{0x7, 0x10, 0x8}, {0x5, 0x0, 0x800}]}, @enum={0x2, 0x3, 0x0, 0x6, 0x4, [{0x4, 0x81}, {0x9, 0x1}, {0x2, 0xffffffff}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xc, 0x1}, {0x7, 0x1}, {0xd, 0x5}]}]}, {0x0, [0x20, 0x2e, 0xff, 0x2e]}}, &(0x7f0000000000)=""/144, 0xea, 0x90, 0x0, 0x7fff, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1400, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0xc, 0x10001, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) (async)
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xcc, 0xcc, 0x6, [@type_tag={0xd, 0x0, 0x0, 0x12, 0x2}, @union={0x6, 0x6, 0x0, 0x5, 0x0, 0x2, [{0xc, 0x4, 0x4}, {0xd, 0x3, 0x18}, {0xf, 0x5, 0x8}, {0x2, 0x1, 0x8}, {0x1, 0x3, 0x4}, {0x0, 0x0, 0x6}]}, @enum64={0xa, 0x2, 0x0, 0x13, 0x0, 0x9, [{0x7, 0x10, 0x8}, {0x5, 0x0, 0x800}]}, @enum={0x2, 0x3, 0x0, 0x6, 0x4, [{0x4, 0x81}, {0x9, 0x1}, {0x2, 0xffffffff}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xc, 0x1}, {0x7, 0x1}, {0xd, 0x5}]}]}, {0x0, [0x20, 0x2e, 0xff, 0x2e]}}, &(0x7f0000000000)=""/144, 0xea, 0x90, 0x0, 0x7fff, 0x10000}, 0x28) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) (async)

kernel console output (not intermixed with test programs):

09] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   39.577821][ T3302] 8021q: adding VLAN 0 to HW filter on device team0
[   39.608962][  T110] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.617395][  T110] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.629385][ T3311] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   39.645543][  T110] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.653497][  T110] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.664486][ T3311] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   39.673783][ T3311] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   39.693286][ T3311] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   39.708289][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.736650][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   39.753707][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.761146][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.769910][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.777258][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.814241][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.828535][ T3306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   39.848742][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.869019][ T3309] 8021q: adding VLAN 0 to HW filter on device team0
[   39.891494][ T3304] 8021q: adding VLAN 0 to HW filter on device team0
[   39.915058][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.922412][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.932377][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.939574][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.957468][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.964897][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.985492][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.993396][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.010290][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.057217][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.066578][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.091272][ T3311] 8021q: adding VLAN 0 to HW filter on device team0
[   40.123166][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.130818][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.157731][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.165156][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.194243][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.255065][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.292745][ T3302] veth0_vlan: entered promiscuous mode
[   40.301171][ T3302] veth1_vlan: entered promiscuous mode
[   40.353074][ T3306] veth0_vlan: entered promiscuous mode
[   40.360609][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.377520][ T3302] veth0_macvtap: entered promiscuous mode
[   40.390619][ T3306] veth1_vlan: entered promiscuous mode
[   40.399921][ T3302] veth1_macvtap: entered promiscuous mode
[   40.419052][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.434417][ T3304] veth0_vlan: entered promiscuous mode
[   40.455121][ T3306] veth0_macvtap: entered promiscuous mode
[   40.469503][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.491106][ T3306] veth1_macvtap: entered promiscuous mode
[   40.502574][ T3304] veth1_vlan: entered promiscuous mode
[   40.513601][ T1711] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.538274][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.558129][ T3304] veth0_macvtap: entered promiscuous mode
[   40.568252][ T1711] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.580205][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.599546][ T3304] veth1_macvtap: entered promiscuous mode
[   40.606967][   T29] kauditd_printk_skb: 9 callbacks suppressed
[   40.606983][   T29] audit: type=1400 audit(1754126866.964:81): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/root/syzkaller.mlCweb/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   40.620138][ T3311] veth0_vlan: entered promiscuous mode
[   40.646881][   T29] audit: type=1400 audit(1754126866.964:82): avc:  denied  { mount } for  pid=3302 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   40.669542][   T29] audit: type=1400 audit(1754126866.964:83): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/root/syzkaller.mlCweb/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   40.695889][   T29] audit: type=1400 audit(1754126866.964:84): avc:  denied  { mount } for  pid=3302 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   40.719929][   T29] audit: type=1400 audit(1754126866.964:85): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/root/syzkaller.mlCweb/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   40.721689][ T1711] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.746629][   T29] audit: type=1400 audit(1754126866.964:86): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/root/syzkaller.mlCweb/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   40.764403][ T1711] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.783910][   T29] audit: type=1400 audit(1754126866.964:87): avc:  denied  { unmount } for  pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   40.819263][   T29] audit: type=1400 audit(1754126867.034:88): avc:  denied  { mounton } for  pid=3302 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   40.819865][ T3302] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   40.842990][   T29] audit: type=1400 audit(1754126867.034:89): avc:  denied  { mount } for  pid=3302 comm="syz-executor" name="/" dev="gadgetfs" ino=3841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   40.886770][ T1813] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.898478][   T29] audit: type=1400 audit(1754126867.254:90): avc:  denied  { read write } for  pid=3302 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   40.943734][ T1813] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.946317][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.978634][ T1813] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.991073][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.005460][ T3311] veth1_vlan: entered promiscuous mode
[   41.021257][ T3309] veth0_vlan: entered promiscuous mode
[   41.028390][ T1813] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   41.058948][ T1813] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   41.070214][ T3478] FAULT_INJECTION: forcing a failure.
[   41.070214][ T3478] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   41.072446][ T3311] veth0_macvtap: entered promiscuous mode
[   41.086226][ T3478] CPU: 1 UID: 0 PID: 3478 Comm: syz.1.6 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   41.086265][ T3478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   41.086282][ T3478] Call Trace:
[   41.086291][ T3478]  <TASK>
[   41.086304][ T3478]  __dump_stack+0x1d/0x30
[   41.086337][ T3478]  dump_stack_lvl+0xe8/0x140
[   41.086399][ T3478]  dump_stack+0x15/0x1b
[   41.086421][ T3478]  should_fail_ex+0x265/0x280
[   41.086467][ T3478]  should_fail+0xb/0x20
[   41.086554][ T3478]  should_fail_usercopy+0x1a/0x20
[   41.086579][ T3478]  _copy_to_user+0x20/0xa0
[   41.086614][ T3478]  simple_read_from_buffer+0xb5/0x130
[   41.086643][ T3478]  proc_fail_nth_read+0x10e/0x150
[   41.086680][ T3478]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   41.086757][ T3478]  vfs_read+0x1a0/0x6f0
[   41.086784][ T3478]  ? __sys_setsockopt+0x18e/0x200
[   41.086834][ T3478]  ? __rcu_read_unlock+0x4f/0x70
[   41.086874][ T3478]  ? __fget_files+0x184/0x1c0
[   41.086948][ T3478]  ksys_read+0xda/0x1a0
[   41.086979][ T3478]  __x64_sys_read+0x40/0x50
[   41.087008][ T3478]  x64_sys_call+0x27bc/0x2ff0
[   41.087036][ T3478]  do_syscall_64+0xd2/0x200
[   41.087068][ T3478]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.087106][ T3478]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   41.087135][ T3478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.087165][ T3478] RIP: 0033:0x7f353613d57c
[   41.087190][ T3478] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   41.087235][ T3478] RSP: 002b:00007f35347a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   41.087264][ T3478] RAX: ffffffffffffffda RBX: 00007f3536365fa0 RCX: 00007f353613d57c
[   41.087279][ T3478] RDX: 000000000000000f RSI: 00007f35347a70a0 RDI: 0000000000000008
[   41.087296][ T3478] RBP: 00007f35347a7090 R08: 0000000000000000 R09: 0000000000000000
[   41.087313][ T3478] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   41.087330][ T3478] R13: 0000000000000000 R14: 00007f3536365fa0 R15: 00007ffff5136dc8
[   41.087419][ T3478]  </TASK>
[   41.347100][ T3485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7'.
[   41.356019][ T3485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7'.
[   41.364966][ T3485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7'.
[   41.377094][ T3485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7'.
[   41.377583][ T3488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9'.
[   41.386020][ T3485] netlink: 'syz.1.7': attribute type 6 has an invalid length.
[   41.399458][ T3488] FAULT_INJECTION: forcing a failure.
[   41.399458][ T3488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.417727][ T3488] CPU: 1 UID: 0 PID: 3488 Comm: syz.0.9 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   41.417785][ T3488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   41.417811][ T3488] Call Trace:
[   41.417820][ T3488]  <TASK>
[   41.417830][ T3488]  __dump_stack+0x1d/0x30
[   41.417891][ T3488]  dump_stack_lvl+0xe8/0x140
[   41.417915][ T3488]  dump_stack+0x15/0x1b
[   41.417944][ T3488]  should_fail_ex+0x265/0x280
[   41.417990][ T3488]  should_fail+0xb/0x20
[   41.418027][ T3488]  should_fail_usercopy+0x1a/0x20
[   41.418102][ T3488]  _copy_to_user+0x20/0xa0
[   41.418130][ T3488]  simple_read_from_buffer+0xb5/0x130
[   41.418152][ T3488]  proc_fail_nth_read+0x10e/0x150
[   41.418218][ T3488]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   41.418243][ T3488]  vfs_read+0x1a0/0x6f0
[   41.418267][ T3488]  ? __rcu_read_unlock+0x4f/0x70
[   41.418340][ T3488]  ? __fget_files+0x184/0x1c0
[   41.418371][ T3488]  ksys_read+0xda/0x1a0
[   41.418441][ T3488]  __x64_sys_read+0x40/0x50
[   41.418461][ T3488]  x64_sys_call+0x27bc/0x2ff0
[   41.418482][ T3488]  do_syscall_64+0xd2/0x200
[   41.418511][ T3488]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.418584][ T3488]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   41.418607][ T3488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.418693][ T3488] RIP: 0033:0x7f8227f8d57c
[   41.418711][ T3488] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   41.418733][ T3488] RSP: 002b:00007f82265ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   41.418759][ T3488] RAX: ffffffffffffffda RBX: 00007f82281b5fa0 RCX: 00007f8227f8d57c
[   41.418831][ T3488] RDX: 000000000000000f RSI: 00007f82265ef0a0 RDI: 0000000000000006
[   41.418846][ T3488] RBP: 00007f82265ef090 R08: 0000000000000000 R09: 0000000000000000
[   41.418859][ T3488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.418919][ T3488] R13: 0000000000000000 R14: 00007f82281b5fa0 R15: 00007ffdc04fefa8
[   41.418944][ T3488]  </TASK>
[   41.437426][ T3309] veth1_vlan: entered promiscuous mode
[   41.643902][   T51] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   41.653818][   T51] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   41.666577][ T3311] veth1_macvtap: entered promiscuous mode
[   41.696974][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.704603][   T51] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   41.731534][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.784839][ T3309] veth0_macvtap: entered promiscuous mode
[   41.806713][ T3498] loop0: detected capacity change from 0 to 512
[   41.814480][ T3498] =======================================================
[   41.814480][ T3498] WARNING: The mand mount option has been deprecated and
[   41.814480][ T3498]          and is ignored by this kernel. Remove the mand
[   41.814480][ T3498]          option from the mount to silence this warning.
[   41.814480][ T3498] =======================================================
[   41.855042][ T1711] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   41.867226][ T3309] veth1_macvtap: entered promiscuous mode
[   41.880911][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.888473][ T3498] EXT4-fs (loop0): orphan cleanup on readonly fs
[   41.890269][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.917705][ T3498] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.12: bg 0: block 248: padding at end of block bitmap is not set
[   41.935187][ T3498] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.12: Failed to acquire dquot type 1
[   41.946499][ T1711] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   41.958277][ T1711] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   41.963555][ T3498] EXT4-fs (loop0): 1 truncate cleaned up
[   41.988808][ T3498] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   41.989195][ T1813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   42.079254][ T1813] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.105427][ T1813] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   42.105535][ T1813] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   42.105606][ T1813] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   42.275772][    C1] hrtimer: interrupt took 54882 ns
[   42.283269][ T3521] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   42.510991][ T3524] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   42.672441][ T3524] syz.2.19 (3524) used greatest stack depth: 10632 bytes left
[   42.725569][ T3521] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   42.737777][ T3498] syz.0.12 (3498) used greatest stack depth: 9280 bytes left
[   42.740094][ T3534] loop2: detected capacity change from 0 to 1024
[   42.766956][ T3536] loop4: detected capacity change from 0 to 128
[   42.775404][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.855954][ T3542] FAULT_INJECTION: forcing a failure.
[   42.855954][ T3542] name failslab, interval 1, probability 0, space 0, times 1
[   42.869236][ T3542] CPU: 0 UID: 0 PID: 3542 Comm: syz.4.25 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   42.869302][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   42.869317][ T3542] Call Trace:
[   42.869324][ T3542]  <TASK>
[   42.869376][ T3542]  __dump_stack+0x1d/0x30
[   42.869462][ T3542]  dump_stack_lvl+0xe8/0x140
[   42.869486][ T3542]  dump_stack+0x15/0x1b
[   42.869516][ T3542]  should_fail_ex+0x265/0x280
[   42.869557][ T3542]  should_failslab+0x8c/0xb0
[   42.869583][ T3542]  kmem_cache_alloc_noprof+0x50/0x310
[   42.869665][ T3542]  ? getname_flags+0x80/0x3b0
[   42.869700][ T3542]  ? vfs_write+0x75e/0x8e0
[   42.869729][ T3542]  getname_flags+0x80/0x3b0
[   42.869765][ T3542]  user_path_at+0x28/0x130
[   42.869860][ T3542]  vfs_open_tree+0xef/0x540
[   42.869892][ T3542]  __x64_sys_open_tree+0x45/0xc0
[   42.869912][ T3542]  x64_sys_call+0x2a87/0x2ff0
[   42.870006][ T3542]  do_syscall_64+0xd2/0x200
[   42.870037][ T3542]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   42.870067][ T3542]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   42.870090][ T3542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.870127][ T3542] RIP: 0033:0x7f3c691aeb69
[   42.870141][ T3542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.870237][ T3542] RSP: 002b:00007f3c6780f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[   42.870287][ T3542] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691aeb69
[   42.870303][ T3542] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[   42.870319][ T3542] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   42.870333][ T3542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.870348][ T3542] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   42.870369][ T3542]  </TASK>
[   43.260870][ T3548] loop3: detected capacity change from 0 to 512
[   43.352142][ T3548] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   43.388861][ T3548] System zones: 0-2, 18-18, 34-35
[   43.420072][ T3548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.491568][ T3548] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.577271][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.607707][ T3572] loop2: detected capacity change from 0 to 512
[   43.642172][ T3572] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.32: corrupted in-inode xattr: invalid ea_ino
[   43.674386][ T3572] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.32: couldn't read orphan inode 15 (err -117)
[   43.691132][ T3577] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   43.703356][ T3574] loop1: detected capacity change from 0 to 512
[   43.721284][ T3572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.723788][ T3577] pimreg: tun_chr_ioctl cmd 2148553947
[   43.745900][ T3574] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.795364][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.876214][ T3594] tunl0: entered promiscuous mode
[   43.887091][ T3594] netlink: 'syz.4.37': attribute type 1 has an invalid length.
[   43.894772][ T3594] netlink: 9 bytes leftover after parsing attributes in process `syz.4.37'.
[   43.920655][ T3597] loop3: detected capacity change from 0 to 1024
[   43.947033][ T3597] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   43.959418][ T3597] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.975657][ T3591] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.39: Freeing blocks not in datazone - block = 0, count = 16
[   43.998284][ T1956] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   44.015878][ T1956] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28
[   44.030161][ T1956] EXT4-fs (loop3): This should not happen!! Data will be lost
[   44.030161][ T1956] 
[   44.040775][ T1956] EXT4-fs (loop3): Total free blocks count 0
[   44.047379][ T1956] EXT4-fs (loop3): Free/Dirty block details
[   44.053590][ T1956] EXT4-fs (loop3): free_blocks=4293918736
[   44.059616][ T1956] EXT4-fs (loop3): dirty_blocks=16
[   44.065476][ T1956] EXT4-fs (loop3): Block reservation details
[   44.073090][ T1956] EXT4-fs (loop3): i_reserved_data_blocks=1
[   44.081345][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   44.148441][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.239761][ T3613] loop1: detected capacity change from 0 to 2048
[   44.257930][ T3613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.280664][ T3614] tunl0: entered promiscuous mode
[   44.288251][ T3614] netlink: 'syz.3.45': attribute type 1 has an invalid length.
[   44.296062][ T3614] netlink: 9 bytes leftover after parsing attributes in process `syz.3.45'.
[   44.307897][ T3613] SELinux: ebitmap: truncated map
[   44.317687][ T3613] SELinux: failed to load policy
[   44.345200][ T3302] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[   44.360999][ T3302] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   44.378260][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.546514][ T3625] loop2: detected capacity change from 0 to 512
[   44.579584][ T3625] EXT4-fs (loop2): orphan cleanup on readonly fs
[   44.606193][ T3625] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.51: bg 0: block 248: padding at end of block bitmap is not set
[   44.637204][ T3625] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.51: Failed to acquire dquot type 1
[   44.658408][ T3622] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   44.660446][ T3636] loop3: detected capacity change from 0 to 512
[   44.671383][ T3622] netlink: 'syz.1.49': attribute type 12 has an invalid length.
[   44.685165][ T3622] netlink: 'syz.1.49': attribute type 29 has an invalid length.
[   44.693280][ T3622] netlink: 148 bytes leftover after parsing attributes in process `syz.1.49'.
[   44.702487][ T3622] netlink: 'syz.1.49': attribute type 1 has an invalid length.
[   44.712470][ T3622] netlink: 'syz.1.49': attribute type 2 has an invalid length.
[   44.720939][ T3622] netlink: 39 bytes leftover after parsing attributes in process `syz.1.49'.
[   44.721946][ T3625] EXT4-fs (loop2): 1 truncate cleaned up
[   44.734968][ T3636] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   44.765623][ T3636] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[   44.767945][ T3625] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   44.787113][ T3636] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.54: corrupted in-inode xattr: e_value size too large
[   44.812836][ T3636] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.54: couldn't read orphan inode 15 (err -117)
[   44.826442][ T3636] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.848460][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.921062][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.935430][ T3647] loop0: detected capacity change from 0 to 512
[   44.954327][ T3652] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   45.000713][ T3647] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   45.024789][ T3647] System zones: 0-2, 18-18, 34-35
[   45.031100][ T3656] tunl0: entered promiscuous mode
[   45.033414][ T3647] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.044933][ T3656] netlink: 'syz.1.65': attribute type 1 has an invalid length.
[   45.056608][ T3656] netlink: 9 bytes leftover after parsing attributes in process `syz.1.65'.
[   45.080342][ T3647] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.187151][ T3671] loop2: detected capacity change from 0 to 512
[   45.210196][ T3671] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   45.230284][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.232220][ T3669] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[   45.270772][ T3669] loop4: detected capacity change from 0 to 164
[   45.280680][ T3665] FAULT_INJECTION: forcing a failure.
[   45.280680][ T3665] name failslab, interval 1, probability 0, space 0, times 0
[   45.295193][ T3665] CPU: 1 UID: 0 PID: 3665 Comm: syz.3.68 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   45.295249][ T3665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   45.295264][ T3665] Call Trace:
[   45.295271][ T3665]  <TASK>
[   45.295280][ T3665]  __dump_stack+0x1d/0x30
[   45.295306][ T3665]  dump_stack_lvl+0xe8/0x140
[   45.295329][ T3665]  dump_stack+0x15/0x1b
[   45.295399][ T3665]  should_fail_ex+0x265/0x280
[   45.295498][ T3665]  ? security_load_policy+0x90/0x890
[   45.295539][ T3665]  should_failslab+0x8c/0xb0
[   45.295639][ T3665]  __kmalloc_cache_noprof+0x4c/0x320
[   45.295723][ T3665]  security_load_policy+0x90/0x890
[   45.295765][ T3665]  ? rep_movs_alternative+0x4a/0x90
[   45.295805][ T3665]  sel_write_load+0x1d4/0x380
[   45.295900][ T3665]  ? __pfx_sel_write_load+0x10/0x10
[   45.295988][ T3665]  vfs_write+0x266/0x8e0
[   45.296015][ T3665]  ? __rcu_read_unlock+0x4f/0x70
[   45.296085][ T3665]  ? __fget_files+0x184/0x1c0
[   45.296112][ T3665]  ksys_write+0xda/0x1a0
[   45.296141][ T3665]  __x64_sys_write+0x40/0x50
[   45.296247][ T3665]  x64_sys_call+0x27fe/0x2ff0
[   45.296303][ T3665]  do_syscall_64+0xd2/0x200
[   45.296331][ T3665]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.296503][ T3665]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   45.296528][ T3665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.296555][ T3665] RIP: 0033:0x7f74b7c3eb69
[   45.296570][ T3665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.296593][ T3665] RSP: 002b:00007f74b62a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   45.296615][ T3665] RAX: ffffffffffffffda RBX: 00007f74b7e65fa0 RCX: 00007f74b7c3eb69
[   45.296629][ T3665] RDX: 00000000000044f0 RSI: 0000200000000000 RDI: 0000000000000005
[   45.296643][ T3665] RBP: 00007f74b62a7090 R08: 0000000000000000 R09: 0000000000000000
[   45.296654][ T3665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.296719][ T3665] R13: 0000000000000000 R14: 00007f74b7e65fa0 R15: 00007ffde22ad888
[   45.296740][ T3665]  </TASK>
[   45.296820][ T3665] SELinux: failed to load policy
[   45.325524][ T3671] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[   45.369885][ T3671] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.70: corrupted in-inode xattr: e_value size too large
[   45.418746][ T3671] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.70: couldn't read orphan inode 15 (err -117)
[   45.423168][ T3669] RR
[   45.455689][ T3683] SELinux: ebitmap: truncated map
[   45.467714][ T3669] I
[   45.482941][ T3683] SELinux: failed to load policy
[   45.485978][ T3669] P_1991
[   45.498822][ T3671] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.504128][ T3669] A
[   45.523859][ T3671] FAULT_INJECTION: forcing a failure.
[   45.523859][ T3671] name failslab, interval 1, probability 0, space 0, times 0
[   45.525660][ T3669] 
[   45.530798][ T3671] CPU: 0 UID: 0 PID: 3671 Comm: syz.2.70 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   45.530912][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   45.530930][ T3671] Call Trace:
[   45.530941][ T3671]  <TASK>
[   45.530953][ T3671]  __dump_stack+0x1d/0x30
[   45.530984][ T3671]  dump_stack_lvl+0xe8/0x140
[   45.531011][ T3671]  dump_stack+0x15/0x1b
[   45.531082][ T3671]  should_fail_ex+0x265/0x280
[   45.531127][ T3671]  should_failslab+0x8c/0xb0
[   45.531161][ T3671]  kmem_cache_alloc_noprof+0x50/0x310
[   45.531270][ T3671]  ? ext4_mb_new_blocks+0x79f/0x2080
[   45.531336][ T3671]  ext4_mb_new_blocks+0x79f/0x2080
[   45.531377][ T3671]  ? ext4_new_meta_blocks+0xff/0x1b0
[   45.531426][ T3671]  ext4_ind_map_blocks+0xb4c/0x14f0
[   45.531523][ T3671]  ? folio_mark_accessed+0x240/0x3d0
[   45.531589][ T3671]  ext4_map_blocks+0x598/0xd00
[   45.531625][ T3671]  ? ext4_get_group_desc+0x16b/0x190
[   45.531694][ T3671]  ext4_iomap_begin+0x88d/0xe00
[   45.531742][ T3671]  ? __pfx_ext4_iomap_begin+0x10/0x10
[   45.531887][ T3671]  iomap_iter+0x32f/0x730
[   45.531928][ T3671]  ? should_failslab+0x8c/0xb0
[   45.531969][ T3671]  __iomap_dio_rw+0x708/0x1250
[   45.532017][ T3671]  ? ext4_journal_check_start+0x11a/0x1b0
[   45.532048][ T3671]  iomap_dio_rw+0x40/0x90
[   45.532078][ T3671]  ext4_file_write_iter+0xad9/0xf00
[   45.532216][ T3671]  do_iter_readv_writev+0x421/0x4c0
[   45.532255][ T3671]  vfs_writev+0x2df/0x8b0
[   45.532309][ T3671]  __se_sys_pwritev2+0xfc/0x1c0
[   45.532420][ T3671]  __x64_sys_pwritev2+0x67/0x80
[   45.532456][ T3671]  x64_sys_call+0x2c55/0x2ff0
[   45.532485][ T3671]  do_syscall_64+0xd2/0x200
[   45.532516][ T3671]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.532594][ T3671]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   45.532624][ T3671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.532654][ T3671] RIP: 0033:0x7f938a18eb69
[   45.532676][ T3671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.532699][ T3671] RSP: 002b:00007f93887ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   45.532725][ T3671] RAX: ffffffffffffffda RBX: 00007f938a3b5fa0 RCX: 00007f938a18eb69
[   45.532809][ T3671] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
[   45.532826][ T3671] RBP: 00007f93887ef090 R08: 0000000000000000 R09: 0000000000000003
[   45.532901][ T3671] R10: 0000000000007c00 R11: 0000000000000246 R12: 0000000000000001
[   45.532949][ T3671] R13: 0000000000000000 R14: 00007f938a3b5fa0 R15: 00007ffc9ff53d48
[   45.532975][ T3671]  </TASK>
[   45.639514][ T3690] tipc: Started in network mode
[   45.640175][   T29] kauditd_printk_skb: 373 callbacks suppressed
[   45.640194][   T29] audit: type=1326 audit(1754126871.944:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   45.643038][ T3690] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   45.645863][   T29] audit: type=1326 audit(1754126871.944:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   45.736465][ T3690] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[   45.740205][   T29] audit: type=1326 audit(1754126871.944:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   45.740243][   T29] audit: type=1326 audit(1754126871.944:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   45.740271][   T29] audit: type=1326 audit(1754126871.944:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   45.746114][ T3690] tipc: Enabled bearer <udp:syz0>, priority 10
[   45.754150][   T29] audit: type=1326 audit(1754126871.944:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   45.754186][   T29] audit: type=1326 audit(1754126871.944:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   46.116318][   T29] audit: type=1326 audit(1754126871.944:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   46.141088][   T29] audit: type=1326 audit(1754126871.944:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   46.164994][   T29] audit: type=1326 audit(1754126871.974:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.0.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   46.190540][ T3701] loop0: detected capacity change from 0 to 512
[   46.210175][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.248499][ T3701] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #17: comm syz.0.82: iget: bogus i_mode (0)
[   46.324269][ T3701] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.82: couldn't read orphan inode 17 (err -117)
[   46.355442][ T3701] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.389869][ T3714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.86'.
[   46.404669][ T3714] hsr_slave_0: left promiscuous mode
[   46.425244][ T3714] hsr_slave_1: left promiscuous mode
[   46.436950][ T3717] loop2: detected capacity change from 0 to 1024
[   46.477462][ T3701] batman_adv: batadv0: Adding interface: ipvlan2
[   46.484123][ T3701] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.511730][ T3701] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   46.522984][ T3701] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   46.523093][ T3719] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   46.590932][ T3701] batman_adv: batadv0: Interface activated: ipvlan2
[   46.606996][ T3721] loop1: detected capacity change from 0 to 512
[   46.666224][ T3721] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   46.694982][ T3721] System zones: 0-2, 18-18, 34-35
[   46.707418][ T3721] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.726245][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.738961][ T3723] loop4: detected capacity change from 0 to 8192
[   46.740313][ T3721] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.862657][ T3398] tipc: Node number set to 1
[   46.886725][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.170715][ T3750] FAULT_INJECTION: forcing a failure.
[   47.170715][ T3750] name failslab, interval 1, probability 0, space 0, times 0
[   47.184782][ T3750] CPU: 0 UID: 0 PID: 3750 Comm: syz.3.100 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   47.184819][ T3750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   47.184835][ T3750] Call Trace:
[   47.184844][ T3750]  <TASK>
[   47.184854][ T3750]  __dump_stack+0x1d/0x30
[   47.184916][ T3750]  dump_stack_lvl+0xe8/0x140
[   47.184940][ T3750]  dump_stack+0x15/0x1b
[   47.184959][ T3750]  should_fail_ex+0x265/0x280
[   47.185001][ T3750]  ? sg_read+0x3ce/0xcb0
[   47.185136][ T3750]  should_failslab+0x8c/0xb0
[   47.185168][ T3750]  __kmalloc_cache_noprof+0x4c/0x320
[   47.185254][ T3750]  ? kstrtouint+0x76/0xc0
[   47.185296][ T3750]  sg_read+0x3ce/0xcb0
[   47.185344][ T3750]  ? __pfx_sg_read+0x10/0x10
[   47.185446][ T3750]  vfs_read+0x1a0/0x6f0
[   47.185472][ T3750]  ? __rcu_read_unlock+0x4f/0x70
[   47.185500][ T3750]  ? __fget_files+0x184/0x1c0
[   47.185533][ T3750]  ksys_read+0xda/0x1a0
[   47.185620][ T3750]  __x64_sys_read+0x40/0x50
[   47.185718][ T3750]  x64_sys_call+0x27bc/0x2ff0
[   47.185811][ T3750]  do_syscall_64+0xd2/0x200
[   47.185842][ T3750]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   47.185873][ T3750]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   47.185934][ T3750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.185956][ T3750] RIP: 0033:0x7f74b7c3eb69
[   47.185975][ T3750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.185998][ T3750] RSP: 002b:00007f74b62a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   47.186022][ T3750] RAX: ffffffffffffffda RBX: 00007f74b7e65fa0 RCX: 00007f74b7c3eb69
[   47.186055][ T3750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   47.186068][ T3750] RBP: 00007f74b62a7090 R08: 0000000000000000 R09: 0000000000000000
[   47.186083][ T3750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   47.186098][ T3750] R13: 0000000000000000 R14: 00007f74b7e65fa0 R15: 00007ffde22ad888
[   47.186122][ T3750]  </TASK>
[   47.811390][ T3766] loop1: detected capacity change from 0 to 512
[   47.850636][ T3768] netlink: 4 bytes leftover after parsing attributes in process `syz.2.108'.
[   47.860507][ T3769] loop3: detected capacity change from 0 to 164
[   47.943632][ T3766] EXT4-fs (loop1): orphan cleanup on readonly fs
[   48.028937][ T3766] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.106: bg 0: block 248: padding at end of block bitmap is not set
[   48.081371][ T3766] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.106: Failed to acquire dquot type 1
[   48.143045][ T3766] EXT4-fs (loop1): 1 truncate cleaned up
[   48.233454][ T3780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.110'.
[   48.244811][ T3764] process '{' launched '/dev/fd/6' with NULL argv: empty string added
[   48.259645][ T3764] {: attempt to access beyond end of device
[   48.259645][ T3764] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   48.275281][ T3764] {: attempt to access beyond end of device
[   48.275281][ T3764] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[   48.415895][ T3766] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   48.460844][ T3782] loop3: detected capacity change from 0 to 1024
[   48.513013][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.606965][ T3786] loop1: detected capacity change from 0 to 164
[   48.621947][ T3786] �: attempt to access beyond end of device
[   48.621947][ T3786] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   48.647965][ T3786] �: attempt to access beyond end of device
[   48.647965][ T3786] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   48.705296][ T3788] loop1: detected capacity change from 0 to 1024
[   48.716054][ T3788] EXT4-fs: Ignoring removed mblk_io_submit option
[   48.755701][ T3788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.810324][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.852635][ T3793] loop2: detected capacity change from 0 to 128
[   49.132525][ T3805] loop1: detected capacity change from 0 to 512
[   49.317445][ T3807] loop4: detected capacity change from 0 to 4096
[   49.337195][ T3807] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   49.354164][ T3805] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   49.363244][ T3807] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.377094][ T3807] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.501423][ T3805] System zones: 0-2, 18-18, 34-35
[   49.527709][ T3813] FAULT_INJECTION: forcing a failure.
[   49.527709][ T3813] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.541221][ T3813] CPU: 1 UID: 0 PID: 3813 Comm: syz.4.123 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   49.541299][ T3813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.541359][ T3813] Call Trace:
[   49.541366][ T3813]  <TASK>
[   49.541374][ T3813]  __dump_stack+0x1d/0x30
[   49.541411][ T3813]  dump_stack_lvl+0xe8/0x140
[   49.541434][ T3813]  dump_stack+0x15/0x1b
[   49.541454][ T3813]  should_fail_ex+0x265/0x280
[   49.541537][ T3813]  should_fail+0xb/0x20
[   49.541574][ T3813]  should_fail_usercopy+0x1a/0x20
[   49.541598][ T3813]  _copy_to_user+0x20/0xa0
[   49.541631][ T3813]  simple_read_from_buffer+0xb5/0x130
[   49.541700][ T3813]  proc_fail_nth_read+0x10e/0x150
[   49.541790][ T3813]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   49.541824][ T3813]  vfs_read+0x1a0/0x6f0
[   49.541882][ T3813]  ? __rcu_read_unlock+0x4f/0x70
[   49.541908][ T3813]  ? __fget_files+0x184/0x1c0
[   49.541941][ T3813]  ksys_read+0xda/0x1a0
[   49.541970][ T3813]  __x64_sys_read+0x40/0x50
[   49.541994][ T3813]  x64_sys_call+0x27bc/0x2ff0
[   49.542131][ T3813]  do_syscall_64+0xd2/0x200
[   49.542157][ T3813]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.542245][ T3813]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.542267][ T3813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.542288][ T3813] RIP: 0033:0x7f3c691ad57c
[   49.542348][ T3813] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   49.542371][ T3813] RSP: 002b:00007f3c6780f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   49.542394][ T3813] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691ad57c
[   49.542410][ T3813] RDX: 000000000000000f RSI: 00007f3c6780f0a0 RDI: 0000000000000003
[   49.542424][ T3813] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   49.542565][ T3813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.542586][ T3813] R13: 0000000000000001 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   49.542608][ T3813]  </TASK>
[   49.772772][ T3805] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.807590][ T3805] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.830233][ T3821] FAULT_INJECTION: forcing a failure.
[   49.830233][ T3821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.843734][ T3821] CPU: 0 UID: 0 PID: 3821 Comm: syz.4.125 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   49.843771][ T3821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.843787][ T3821] Call Trace:
[   49.843814][ T3821]  <TASK>
[   49.843823][ T3821]  __dump_stack+0x1d/0x30
[   49.843843][ T3821]  dump_stack_lvl+0xe8/0x140
[   49.843862][ T3821]  dump_stack+0x15/0x1b
[   49.843884][ T3821]  should_fail_ex+0x265/0x280
[   49.844001][ T3821]  should_fail+0xb/0x20
[   49.844030][ T3821]  should_fail_usercopy+0x1a/0x20
[   49.844051][ T3821]  _copy_from_user+0x1c/0xb0
[   49.844085][ T3821]  ___sys_sendmsg+0xc1/0x1d0
[   49.844177][ T3821]  __x64_sys_sendmsg+0xd4/0x160
[   49.844243][ T3821]  x64_sys_call+0x191e/0x2ff0
[   49.844267][ T3821]  do_syscall_64+0xd2/0x200
[   49.844297][ T3821]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.844365][ T3821]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.844386][ T3821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.844410][ T3821] RIP: 0033:0x7f3c691aeb69
[   49.844430][ T3821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.844471][ T3821] RSP: 002b:00007f3c6780f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   49.844490][ T3821] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691aeb69
[   49.844557][ T3821] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000006
[   49.844573][ T3821] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   49.844589][ T3821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.844605][ T3821] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   49.844629][ T3821]  </TASK>
[   50.086642][ T3825] loop4: detected capacity change from 0 to 512
[   50.117474][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.129409][ T3825] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   50.150836][ T3825] System zones: 0-2, 18-18, 34-35
[   50.166947][ T3833] Zero length message leads to an empty skb
[   50.197777][ T3825] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.219432][ T3833] loop1: detected capacity change from 0 to 512
[   50.227630][ T3833] ext4: Unknown parameter 'func'
[   50.236171][ T3825] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.269543][ T3836] syz.2.121 uses obsolete (PF_INET,SOCK_PACKET)
[   50.328803][ T3840] loop3: detected capacity change from 0 to 512
[   50.345065][ T3840] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.132: bad orphan inode 15
[   50.359281][ T3844] sg_write: data in/out 2012/14 bytes for SCSI command 0x0-- guessing data in;
[   50.359281][ T3844]    program syz.1.133 not setting count and/or reply_len properly
[   50.379981][ T3840] ext4_test_bit(bit=14, block=18) = 1
[   50.385914][ T3840] is_bad_inode(inode)=0
[   50.390093][ T3840] NEXT_ORPHAN(inode)=1023
[   50.394494][ T3840] max_ino=32
[   50.397737][ T3840] i_nlink=0
[   50.413852][ T3840] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2962: inode #15: comm syz.3.132: corrupted xattr block 19: invalid header
[   50.434654][ T3840] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[   50.444517][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.458945][ T3840] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[   50.496597][ T3840] ext4 filesystem being mounted at /26/�q�Y�3aK supports timestamps until 2038-01-19 (0x7fffffff)
[   50.533243][ T3858] loop1: detected capacity change from 0 to 512
[   50.557089][ T3858] EXT4-fs error (device loop1): ext4_quota_enable:7120: comm syz.1.139: Bad quota inum: 1, type: 2
[   50.572446][ T3863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.586043][ T3865] loop2: detected capacity change from 0 to 128
[   50.604760][ T3863] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.605836][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[   50.627326][ T3858] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix.
[   50.646643][ T3866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.658030][ T3858] EXT4-fs (loop1): mount failed
[   50.664400][ T3866] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.702056][ T3865] FAULT_INJECTION: forcing a failure.
[   50.702056][ T3865] name failslab, interval 1, probability 0, space 0, times 0
[   50.717047][ T3865] CPU: 0 UID: 0 PID: 3865 Comm: syz.2.141 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   50.717079][ T3865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   50.717094][ T3865] Call Trace:
[   50.717102][ T3865]  <TASK>
[   50.717111][ T3865]  __dump_stack+0x1d/0x30
[   50.717135][ T3865]  dump_stack_lvl+0xe8/0x140
[   50.717176][ T3865]  dump_stack+0x15/0x1b
[   50.717196][ T3865]  should_fail_ex+0x265/0x280
[   50.717238][ T3865]  should_failslab+0x8c/0xb0
[   50.717268][ T3865]  kmem_cache_alloc_noprof+0x50/0x310
[   50.717381][ T3865]  ? getname_flags+0x80/0x3b0
[   50.717419][ T3865]  getname_flags+0x80/0x3b0
[   50.717454][ T3865]  do_sys_openat2+0x60/0x110
[   50.717567][ T3865]  __x64_sys_openat+0xf2/0x120
[   50.717605][ T3865]  x64_sys_call+0x2e9c/0x2ff0
[   50.717674][ T3865]  do_syscall_64+0xd2/0x200
[   50.717761][ T3865]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.717798][ T3865]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   50.717824][ T3865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.717899][ T3865] RIP: 0033:0x7f938a18eb69
[   50.717917][ T3865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.717940][ T3865] RSP: 002b:00007f93887ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   50.717963][ T3865] RAX: ffffffffffffffda RBX: 00007f938a3b5fa0 RCX: 00007f938a18eb69
[   50.717977][ T3865] RDX: 0000000000101042 RSI: 0000200000000280 RDI: ffffffffffffff9c
[   50.717989][ T3865] RBP: 00007f93887ef090 R08: 0000000000000000 R09: 0000000000000000
[   50.718000][ T3865] R10: 00000000000000b0 R11: 0000000000000246 R12: 0000000000000001
[   50.718080][ T3865] R13: 0000000000000000 R14: 00007f938a3b5fa0 R15: 00007ffc9ff53d48
[   50.718104][ T3865]  </TASK>
[   50.719866][ T3873] FAULT_INJECTION: forcing a failure.
[   50.719866][ T3873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.831138][   T29] kauditd_printk_skb: 149 callbacks suppressed
[   50.831158][   T29] audit: type=1400 audit(1754126877.184:616): avc:  denied  { create } for  pid=3868 comm="syz.4.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   50.832806][ T3873] CPU: 1 UID: 0 PID: 3873 Comm: syz.0.144 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   50.832896][ T3873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   50.832914][ T3873] Call Trace:
[   50.832926][ T3873]  <TASK>
[   50.832937][ T3873]  __dump_stack+0x1d/0x30
[   50.832965][ T3873]  dump_stack_lvl+0xe8/0x140
[   50.833001][ T3873]  dump_stack+0x15/0x1b
[   50.833024][ T3873]  should_fail_ex+0x265/0x280
[   50.833069][ T3873]  should_fail+0xb/0x20
[   50.833109][ T3873]  should_fail_usercopy+0x1a/0x20
[   50.833157][ T3873]  _copy_to_user+0x20/0xa0
[   50.833193][ T3873]  simple_read_from_buffer+0xb5/0x130
[   50.833224][ T3873]  proc_fail_nth_read+0x10e/0x150
[   50.833262][ T3873]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   50.833297][ T3873]  vfs_read+0x1a0/0x6f0
[   50.833328][ T3873]  ? touch_atime+0x2a8/0x340
[   50.833364][ T3873]  ? __rcu_read_unlock+0x4f/0x70
[   50.833395][ T3873]  ? __fget_files+0x184/0x1c0
[   50.833431][ T3873]  ksys_read+0xda/0x1a0
[   50.833481][ T3873]  __x64_sys_read+0x40/0x50
[   50.833510][ T3873]  x64_sys_call+0x27bc/0x2ff0
[   50.833601][ T3873]  do_syscall_64+0xd2/0x200
[   50.833632][ T3873]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.833665][ T3873]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   50.833694][ T3873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.833723][ T3873] RIP: 0033:0x7f8227f8d57c
[   50.833823][ T3873] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   50.833848][ T3873] RSP: 002b:00007f82265ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   50.833879][ T3873] RAX: ffffffffffffffda RBX: 00007f82281b5fa0 RCX: 00007f8227f8d57c
[   50.833968][ T3873] RDX: 000000000000000f RSI: 00007f82265ef0a0 RDI: 0000000000000005
[   50.833988][ T3873] RBP: 00007f82265ef090 R08: 0000000000000000 R09: 0000000000000000
[   50.834003][ T3873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.834020][ T3873] R13: 0000000000000000 R14: 00007f82281b5fa0 R15: 00007ffdc04fefa8
[   50.834049][ T3873]  </TASK>
[   50.923023][ T3879] FAULT_INJECTION: forcing a failure.
[   50.923023][ T3879] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   50.943335][   T29] audit: type=1400 audit(1754126877.214:617): avc:  denied  { sys_admin } for  pid=3868 comm="syz.4.143" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   50.948163][ T3879] CPU: 1 UID: 0 PID: 3879 Comm: syz.0.147 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   50.948273][ T3879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   50.948290][ T3879] Call Trace:
[   50.948299][ T3879]  <TASK>
[   50.948310][ T3879]  __dump_stack+0x1d/0x30
[   50.948340][ T3879]  dump_stack_lvl+0xe8/0x140
[   50.948435][ T3879]  dump_stack+0x15/0x1b
[   50.948456][ T3879]  should_fail_ex+0x265/0x280
[   50.948503][ T3879]  should_fail_alloc_page+0xf2/0x100
[   50.948574][ T3879]  __alloc_frozen_pages_noprof+0xff/0x360
[   50.948658][ T3879]  alloc_pages_mpol+0xb3/0x250
[   50.948703][ T3879]  folio_alloc_mpol_noprof+0x39/0x80
[   50.948748][ T3879]  shmem_get_folio_gfp+0x3cf/0xd60
[   50.948831][ T3879]  shmem_fault+0xf6/0x250
[   50.948859][ T3879]  __do_fault+0xb9/0x200
[   50.948900][ T3879]  handle_mm_fault+0xd69/0x2c20
[   50.949015][ T3879]  ? __rcu_read_lock+0x37/0x50
[   50.949043][ T3879]  ? __pte_offset_map_lock+0x1d4/0x230
[   50.949118][ T3879]  __get_user_pages+0x102e/0x1fa0
[   50.949163][ T3879]  __gup_longterm_locked+0xbdb/0xe60
[   50.949202][ T3879]  ? __ptrace_may_access+0x2c3/0x340
[   50.949236][ T3879]  pin_user_pages_remote+0x7e/0xb0
[   50.949292][ T3879]  process_vm_rw+0x484/0x960
[   50.949358][ T3879]  __x64_sys_process_vm_writev+0x78/0x90
[   50.949417][ T3879]  x64_sys_call+0x2a7c/0x2ff0
[   50.949462][ T3879]  do_syscall_64+0xd2/0x200
[   50.949493][ T3879]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.949526][ T3879]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   50.949557][ T3879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.949586][ T3879] RIP: 0033:0x7f8227f8eb69
[   50.949671][ T3879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.949696][ T3879] RSP: 002b:00007f82265ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[   50.949720][ T3879] RAX: ffffffffffffffda RBX: 00007f82281b5fa0 RCX: 00007f8227f8eb69
[   50.949797][ T3879] RDX: 0000000000000001 RSI: 0000200000001c80 RDI: 0000000000000045
[   50.949814][ T3879] RBP: 00007f82265ef090 R08: 0000000000000001 R09: 0000000000000000
[   50.949831][ T3879] R10: 0000200000001d80 R11: 0000000000000246 R12: 0000000000000001
[   50.949848][ T3879] R13: 0000000000000000 R14: 00007f82281b5fa0 R15: 00007ffdc04fefa8
[   50.949880][ T3879]  </TASK>
[   51.175668][ T3883] netlink: 'syz.0.148': attribute type 2 has an invalid length.
[   51.345608][   T29] audit: type=1326 audit(1754126877.684:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.351516][ T3883] netlink: 'syz.0.148': attribute type 1 has an invalid length.
[   51.357459][   T29] audit: type=1326 audit(1754126877.684:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.363556][ T3883] netlink: 'syz.0.148': attribute type 2 has an invalid length.
[   51.407840][ T3887] loop3: detected capacity change from 0 to 1024
[   51.409328][   T29] audit: type=1326 audit(1754126877.694:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.501313][ T3888] loop1: detected capacity change from 0 to 512
[   51.521524][   T29] audit: type=1326 audit(1754126877.694:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.592956][   T29] audit: type=1326 audit(1754126877.694:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.619356][   T29] audit: type=1326 audit(1754126877.694:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.644001][   T29] audit: type=1326 audit(1754126877.694:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.667547][   T29] audit: type=1326 audit(1754126877.694:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3884 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938a18eb69 code=0x7ffc0000
[   51.737836][ T3888] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   51.770283][ T3888] System zones: 0-2, 18-18, 34-35
[   51.781468][ T3888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.800020][ T3888] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.860614][ T3893] netlink: 368 bytes leftover after parsing attributes in process `GPL'.
[   51.883268][ T3897] tunl0: entered promiscuous mode
[   51.927104][ T3897] netlink: 'syz.0.152': attribute type 1 has an invalid length.
[   51.935066][ T3897] netlink: 9 bytes leftover after parsing attributes in process `syz.0.152'.
[   51.967993][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.020387][ T3902] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   52.028934][ T3902] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   52.121112][ T3918] capability: warning: `syz.0.157' uses 32-bit capabilities (legacy support in use)
[   52.201237][ T3914] FAULT_INJECTION: forcing a failure.
[   52.201237][ T3914] name failslab, interval 1, probability 0, space 0, times 0
[   52.215082][ T3914] CPU: 0 UID: 0 PID: 3914 Comm: syz.1.154 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   52.215119][ T3914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.215134][ T3914] Call Trace:
[   52.215142][ T3914]  <TASK>
[   52.215150][ T3914]  __dump_stack+0x1d/0x30
[   52.215216][ T3914]  dump_stack_lvl+0xe8/0x140
[   52.215241][ T3914]  dump_stack+0x15/0x1b
[   52.215262][ T3914]  should_fail_ex+0x265/0x280
[   52.215373][ T3914]  should_failslab+0x8c/0xb0
[   52.215405][ T3914]  kmem_cache_alloc_node_noprof+0x57/0x320
[   52.215462][ T3914]  ? __alloc_skb+0x101/0x320
[   52.215563][ T3914]  __alloc_skb+0x101/0x320
[   52.215688][ T3914]  _sctp_make_chunk+0x59/0x210
[   52.215759][ T3914]  sctp_make_heartbeat+0x4f/0x260
[   52.215788][ T3914]  sctp_sf_do_prm_requestheartbeat+0x29/0x130
[   52.215825][ T3914]  sctp_do_sm+0xbe/0x3230
[   52.215842][ T3914]  ? __x64_sys_openat+0xf2/0x120
[   52.215970][ T3914]  ? x64_sys_call+0x2e9c/0x2ff0
[   52.215992][ T3914]  ? __kernel_text_address+0xd/0x40
[   52.216019][ T3914]  ? unwind_get_return_address+0x16/0x40
[   52.216063][ T3914]  ? perf_callchain_kernel+0x30b/0x330
[   52.216110][ T3914]  sctp_primitive_REQUESTHEARTBEAT+0x74/0x90
[   52.216149][ T3914]  sctp_apply_peer_addr_params+0x93/0xbe0
[   52.216292][ T3914]  sctp_setsockopt_peer_addr_params+0x41a/0x4e0
[   52.216327][ T3914]  sctp_setsockopt+0x6bd/0xe30
[   52.216361][ T3914]  sock_common_setsockopt+0x66/0x80
[   52.216484][ T3914]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   52.216514][ T3914]  __sys_setsockopt+0x181/0x200
[   52.216555][ T3914]  __x64_sys_setsockopt+0x64/0x80
[   52.216644][ T3914]  x64_sys_call+0x20ec/0x2ff0
[   52.216669][ T3914]  do_syscall_64+0xd2/0x200
[   52.216691][ T3914]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.216720][ T3914]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   52.216766][ T3914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.216795][ T3914] RIP: 0033:0x7f353613eb69
[   52.216814][ T3914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.216836][ T3914] RSP: 002b:00007f3534786038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   52.216859][ T3914] RAX: ffffffffffffffda RBX: 00007f3536366080 RCX: 00007f353613eb69
[   52.216946][ T3914] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003
[   52.216958][ T3914] RBP: 00007f3534786090 R08: 000000000000009c R09: 0000000000000000
[   52.216970][ T3914] R10: 0000200000000a00 R11: 0000000000000246 R12: 0000000000000001
[   52.216981][ T3914] R13: 0000000000000001 R14: 00007f3536366080 R15: 00007ffff5136dc8
[   52.217017][ T3914]  </TASK>
[   52.529323][ T3924] netlink: 12 bytes leftover after parsing attributes in process `syz.4.158'.
[   52.672760][ T3936] netlink: 'syz.1.167': attribute type 1 has an invalid length.
[   52.681256][ T3936] netlink: 9 bytes leftover after parsing attributes in process `syz.1.167'.
[   52.758634][ T3946] FAULT_INJECTION: forcing a failure.
[   52.758634][ T3946] name failslab, interval 1, probability 0, space 0, times 0
[   52.771961][ T3946] CPU: 0 UID: 0 PID: 3946 Comm: syz.2.169 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   52.772043][ T3946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.772055][ T3946] Call Trace:
[   52.772086][ T3946]  <TASK>
[   52.772096][ T3946]  __dump_stack+0x1d/0x30
[   52.772168][ T3946]  dump_stack_lvl+0xe8/0x140
[   52.772193][ T3946]  dump_stack+0x15/0x1b
[   52.772220][ T3946]  should_fail_ex+0x265/0x280
[   52.772253][ T3946]  should_failslab+0x8c/0xb0
[   52.772285][ T3946]  __kmalloc_noprof+0xa5/0x3e0
[   52.772347][ T3946]  ? bpf_test_init+0xa9/0x160
[   52.772385][ T3946]  bpf_test_init+0xa9/0x160
[   52.772414][ T3946]  bpf_prog_test_run_xdp+0x274/0x910
[   52.772475][ T3946]  ? kstrtouint+0x76/0xc0
[   52.772514][ T3946]  ? __rcu_read_unlock+0x4f/0x70
[   52.772539][ T3946]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   52.772576][ T3946]  bpf_prog_test_run+0x227/0x390
[   52.772664][ T3946]  __sys_bpf+0x4b9/0x7b0
[   52.772700][ T3946]  __x64_sys_bpf+0x41/0x50
[   52.772728][ T3946]  x64_sys_call+0x2aea/0x2ff0
[   52.772762][ T3946]  do_syscall_64+0xd2/0x200
[   52.772794][ T3946]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.772823][ T3946]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   52.772850][ T3946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.772920][ T3946] RIP: 0033:0x7f938a18eb69
[   52.772938][ T3946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.772960][ T3946] RSP: 002b:00007f93887ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   52.772979][ T3946] RAX: ffffffffffffffda RBX: 00007f938a3b5fa0 RCX: 00007f938a18eb69
[   52.773008][ T3946] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[   52.773077][ T3946] RBP: 00007f93887ef090 R08: 0000000000000000 R09: 0000000000000000
[   52.773092][ T3946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.773104][ T3946] R13: 0000000000000000 R14: 00007f938a3b5fa0 R15: 00007ffc9ff53d48
[   52.773128][ T3946]  </TASK>
[   52.815770][ T3948] netlink: 'syz.3.170': attribute type 3 has an invalid length.
[   52.979301][ T3952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.172'.
[   53.297368][ T3970] loop0: detected capacity change from 0 to 512
[   53.354675][ T3970] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.386193][ T3974] loop1: detected capacity change from 0 to 164
[   53.508088][ T3977] netlink: 76 bytes leftover after parsing attributes in process `syz.2.176'.
[   53.533939][ T3976] netlink: 76 bytes leftover after parsing attributes in process `syz.2.176'.
[   53.733818][ T3995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.184'.
[   53.743572][ T3997] FAULT_INJECTION: forcing a failure.
[   53.743572][ T3997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   53.756943][ T3997] CPU: 0 UID: 0 PID: 3997 Comm: syz.1.185 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   53.756975][ T3997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   53.756986][ T3997] Call Trace:
[   53.756995][ T3997]  <TASK>
[   53.757003][ T3997]  __dump_stack+0x1d/0x30
[   53.757092][ T3997]  dump_stack_lvl+0xe8/0x140
[   53.757117][ T3997]  dump_stack+0x15/0x1b
[   53.757197][ T3997]  should_fail_ex+0x265/0x280
[   53.757308][ T3997]  should_fail+0xb/0x20
[   53.757344][ T3997]  should_fail_usercopy+0x1a/0x20
[   53.757369][ T3997]  _copy_from_user+0x1c/0xb0
[   53.757469][ T3997]  __se_sys_rt_sigtimedwait+0x83/0x200
[   53.757543][ T3997]  __x64_sys_rt_sigtimedwait+0x55/0x70
[   53.757571][ T3997]  x64_sys_call+0x2759/0x2ff0
[   53.757596][ T3997]  do_syscall_64+0xd2/0x200
[   53.757626][ T3997]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.757656][ T3997]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   53.757684][ T3997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.757731][ T3997] RIP: 0033:0x7f353613eb69
[   53.757747][ T3997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.757767][ T3997] RSP: 002b:00007f35347a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000080
[   53.757790][ T3997] RAX: ffffffffffffffda RBX: 00007f3536365fa0 RCX: 00007f353613eb69
[   53.757805][ T3997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[   53.757820][ T3997] RBP: 00007f35347a7090 R08: 0000000000000000 R09: 0000000000000000
[   53.757895][ T3997] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[   53.757907][ T3997] R13: 0000000000000000 R14: 00007f3536365fa0 R15: 00007ffff5136dc8
[   53.757931][ T3997]  </TASK>
[   54.026868][ T3995] loop4: detected capacity change from 0 to 1024
[   54.101281][ T4009] loop2: detected capacity change from 0 to 512
[   54.230771][ T4012] netlink: 'syz.3.191': attribute type 10 has an invalid length.
[   54.240284][ T3995] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[   54.289180][ T4009] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.312815][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.358828][ T4012] team0: Port device dummy0 added
[   54.530019][ T4017] FAULT_INJECTION: forcing a failure.
[   54.530019][ T4017] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   54.543469][ T4017] CPU: 1 UID: 0 PID: 4017 Comm: syz.3.192 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   54.543505][ T4017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.543521][ T4017] Call Trace:
[   54.543530][ T4017]  <TASK>
[   54.543541][ T4017]  __dump_stack+0x1d/0x30
[   54.543567][ T4017]  dump_stack_lvl+0xe8/0x140
[   54.543591][ T4017]  dump_stack+0x15/0x1b
[   54.543674][ T4017]  should_fail_ex+0x265/0x280
[   54.543706][ T4017]  should_fail_alloc_page+0xf2/0x100
[   54.543751][ T4017]  __alloc_frozen_pages_noprof+0xff/0x360
[   54.543792][ T4017]  alloc_pages_mpol+0xb3/0x250
[   54.543883][ T4017]  vma_alloc_folio_noprof+0x1aa/0x300
[   54.543981][ T4017]  handle_mm_fault+0xec2/0x2c20
[   54.544085][ T4017]  do_user_addr_fault+0x636/0x1090
[   54.544119][ T4017]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   54.544226][ T4017]  exc_page_fault+0x62/0xa0
[   54.544251][ T4017]  asm_exc_page_fault+0x26/0x30
[   54.544319][ T4017] RIP: 0033:0x7f74b7b00ce3
[   54.544370][ T4017] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   54.544388][ T4017] RSP: 002b:00007f74b62a64a0 EFLAGS: 00010202
[   54.544421][ T4017] RAX: 0000000000001000 RBX: 00007f74b62a6540 RCX: 00007f74ade87000
[   54.544434][ T4017] RDX: 00007f74b62a66e0 RSI: 0000000000000011 RDI: 00007f74b62a65e0
[   54.544450][ T4017] RBP: 00000000000000dc R08: 000000000000000a R09: 000000000000039d
[   54.544505][ T4017] R10: 00000000000003c2 R11: 00007f74b62a6540 R12: 0000000000000001
[   54.544549][ T4017] R13: 00007f74b7cdd940 R14: 000000000000007f R15: 00007f74b62a65e0
[   54.544574][ T4017]  </TASK>
[   54.544663][ T4017] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   54.792245][ T4017] loop3: detected capacity change from 0 to 2048
[   54.808599][ T4017] EXT4-fs: Ignoring removed nobh option
[   54.820989][ T4020] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4020 comm=syz.4.184
[   54.840296][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.861166][ T4017] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.879772][ T4019] loop0: detected capacity change from 0 to 2048
[   54.904024][ T4017] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.915366][ T4019] EXT4-fs: Ignoring removed nobh option
[   54.985363][ T4019] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.067427][ T4039] loop3: detected capacity change from 0 to 1024
[   55.075718][ T4019] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.138305][ T4043] netlink: 'syz.4.201': attribute type 1 has an invalid length.
[   55.146201][ T4043] netlink: 9 bytes leftover after parsing attributes in process `syz.4.201'.
[   55.240310][ T4054] loop2: detected capacity change from 0 to 128
[   55.270953][ T4060] FAULT_INJECTION: forcing a failure.
[   55.270953][ T4060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.287066][ T4060] CPU: 1 UID: 0 PID: 4060 Comm: syz.4.209 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   55.287172][ T4060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   55.287188][ T4060] Call Trace:
[   55.287200][ T4060]  <TASK>
[   55.287210][ T4060]  __dump_stack+0x1d/0x30
[   55.287294][ T4060]  dump_stack_lvl+0xe8/0x140
[   55.287319][ T4060]  dump_stack+0x15/0x1b
[   55.287405][ T4060]  should_fail_ex+0x265/0x280
[   55.287438][ T4060]  should_fail+0xb/0x20
[   55.287499][ T4060]  should_fail_usercopy+0x1a/0x20
[   55.287523][ T4060]  _copy_to_user+0x20/0xa0
[   55.287551][ T4060]  simple_read_from_buffer+0xb5/0x130
[   55.287737][ T4060]  proc_fail_nth_read+0x10e/0x150
[   55.287811][ T4060]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   55.287845][ T4060]  vfs_read+0x1a0/0x6f0
[   55.287870][ T4060]  ? __rcu_read_unlock+0x4f/0x70
[   55.287951][ T4060]  ? __fget_files+0x184/0x1c0
[   55.288054][ T4060]  ksys_read+0xda/0x1a0
[   55.288084][ T4060]  __x64_sys_read+0x40/0x50
[   55.288182][ T4060]  x64_sys_call+0x27bc/0x2ff0
[   55.288210][ T4060]  do_syscall_64+0xd2/0x200
[   55.288242][ T4060]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.288272][ T4060]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   55.288364][ T4060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.288449][ T4060] RIP: 0033:0x7f3c691ad57c
[   55.288479][ T4060] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   55.288502][ T4060] RSP: 002b:00007f3c6780f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   55.288525][ T4060] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691ad57c
[   55.288608][ T4060] RDX: 000000000000000f RSI: 00007f3c6780f0a0 RDI: 0000000000000004
[   55.288623][ T4060] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   55.288637][ T4060] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   55.288650][ T4060] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   55.288728][ T4060]  </TASK>
[   55.544855][ T4067] loop1: detected capacity change from 0 to 512
[   55.569220][ T4071] FAULT_INJECTION: forcing a failure.
[   55.569220][ T4071] name failslab, interval 1, probability 0, space 0, times 0
[   55.582617][ T4071] CPU: 1 UID: 0 PID: 4071 Comm: syz.2.212 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   55.582651][ T4071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   55.582693][ T4071] Call Trace:
[   55.582699][ T4071]  <TASK>
[   55.582707][ T4071]  __dump_stack+0x1d/0x30
[   55.582728][ T4071]  dump_stack_lvl+0xe8/0x140
[   55.582767][ T4071]  dump_stack+0x15/0x1b
[   55.582786][ T4071]  should_fail_ex+0x265/0x280
[   55.582853][ T4071]  should_failslab+0x8c/0xb0
[   55.582877][ T4071]  kmem_cache_alloc_node_noprof+0x57/0x320
[   55.582942][ T4071]  ? __alloc_skb+0x101/0x320
[   55.583015][ T4071]  __alloc_skb+0x101/0x320
[   55.583051][ T4071]  netlink_alloc_large_skb+0xba/0xf0
[   55.583087][ T4071]  netlink_sendmsg+0x3cf/0x6b0
[   55.583124][ T4071]  ? __pfx_netlink_sendmsg+0x10/0x10
[   55.583217][ T4071]  __sock_sendmsg+0x142/0x180
[   55.583240][ T4071]  ____sys_sendmsg+0x345/0x4e0
[   55.583354][ T4071]  ___sys_sendmsg+0x17b/0x1d0
[   55.583408][ T4071]  __sys_sendmmsg+0x178/0x300
[   55.583464][ T4071]  __x64_sys_sendmmsg+0x57/0x70
[   55.583948][ T4071]  x64_sys_call+0x1c4a/0x2ff0
[   55.583971][ T4071]  do_syscall_64+0xd2/0x200
[   55.584047][ T4071]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.584076][ T4071]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   55.584102][ T4071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.584184][ T4071] RIP: 0033:0x7f938a18eb69
[   55.584247][ T4071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.584268][ T4071] RSP: 002b:00007f93887ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   55.584293][ T4071] RAX: ffffffffffffffda RBX: 00007f938a3b5fa0 RCX: 00007f938a18eb69
[   55.584308][ T4071] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[   55.584323][ T4071] RBP: 00007f93887ef090 R08: 0000000000000000 R09: 0000000000000000
[   55.584335][ T4071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.584346][ T4071] R13: 0000000000000000 R14: 00007f938a3b5fa0 R15: 00007ffc9ff53d48
[   55.584436][ T4071]  </TASK>
[   55.849308][ T4074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.213'.
[   55.863831][ T4076] netlink: 'syz.2.214': attribute type 1 has an invalid length.
[   55.899145][ T4081] loop4: detected capacity change from 0 to 128
[   55.912950][ T4076] bond1: entered promiscuous mode
[   55.925222][ T4076] 8021q: adding VLAN 0 to HW filter on device bond1
[   55.968659][ T4067] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.984992][ T4086] netlink: 'syz.0.218': attribute type 1 has an invalid length.
[   55.997299][ T4067] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   56.024775][ T4067] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.210: corrupted inode contents
[   56.039200][ T4067] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #2: comm syz.1.210: mark_inode_dirty error
[   56.050972][ T4089] loop2: detected capacity change from 0 to 128
[   56.053432][ T4067] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.210: corrupted inode contents
[   56.071059][ T4067] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.210: mark_inode_dirty error
[   56.113018][   T29] kauditd_printk_skb: 299 callbacks suppressed
[   56.113035][   T29] audit: type=1400 audit(1754126882.474:925): avc:  denied  { create } for  pid=4093 comm="syz.0.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   56.192835][   T29] audit: type=1400 audit(1754126882.484:926): avc:  denied  { ioctl } for  pid=4093 comm="syz.0.221" path="socket:[6019]" dev="sockfs" ino=6019 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   56.219898][   T29] audit: type=1400 audit(1754126882.554:927): avc:  denied  { create } for  pid=4066 comm="syz.1.210" name=06 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   56.248449][ T4092] EXT4-fs error (device loop1): ext4_lookup:1784: inode #18: comm syz.1.210: '' linked to parent dir
[   56.285216][ T4107] loop4: detected capacity change from 0 to 512
[   56.285271][ T4099] loop3: detected capacity change from 0 to 4096
[   56.317861][   T29] audit: type=1400 audit(1754126882.674:928): avc:  denied  { mount } for  pid=4103 comm="syz.2.224" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   56.346098][ T4107] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   56.357112][ T4107] EXT4-fs (loop4): orphan cleanup on readonly fs
[   56.382902][ T4107] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[   56.385093][ T4099] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #2: comm syz.3.223: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   56.405966][ T4107] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   56.425643][ T4107] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   56.434822][ T4099] EXT4-fs (loop3): get root inode failed
[   56.440785][ T4099] EXT4-fs (loop3): mount failed
[   56.457535][ T4107] EXT4-fs error (device loop4): __ext4_iget:5464: inode #16: block 127754: comm syz.4.225: invalid block
[   56.480542][ T4114] loop2: detected capacity change from 0 to 1024
[   56.495540][ T4107] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.225: couldn't read orphan inode 16 (err -117)
[   56.541477][ T4107] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   56.542761][ T4116] loop2: detected capacity change from 0 to 1024
[   56.583689][ T4116] EXT4-fs: test_dummy_encryption option not supported
[   56.644880][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.710054][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.743660][ T4123] netlink: 'syz.1.231': attribute type 1 has an invalid length.
[   56.781247][   T29] audit: type=1326 audit(1754126883.134:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4129 comm="syz.4.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c691aeb69 code=0x7ffc0000
[   56.806636][   T29] audit: type=1326 audit(1754126883.134:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4129 comm="syz.4.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c691aeb69 code=0x7ffc0000
[   56.831514][   T29] audit: type=1326 audit(1754126883.184:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4129 comm="syz.4.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f3c691aeb69 code=0x7ffc0000
[   56.855009][   T29] audit: type=1326 audit(1754126883.184:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4129 comm="syz.4.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c691aeb69 code=0x7ffc0000
[   56.880742][   T29] audit: type=1326 audit(1754126883.184:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4129 comm="syz.4.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c691aeb69 code=0x7ffc0000
[   56.919652][ T4132] __nla_validate_parse: 4 callbacks suppressed
[   56.919672][ T4132] netlink: 196 bytes leftover after parsing attributes in process `syz.4.233'.
[   57.031780][ T4143] loop1: detected capacity change from 0 to 1024
[   57.193927][ T4164] loop3: detected capacity change from 0 to 1024
[   57.224845][ T4167] loop1: detected capacity change from 0 to 512
[   57.234234][ T4164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   57.253122][ T4164] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.266688][ T4167] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   57.288757][ T4164] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.241: Freeing blocks not in datazone - block = 0, count = 16
[   57.307577][ T4167] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.242: corrupted inode contents
[   57.321117][ T4167] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #16: comm syz.1.242: mark_inode_dirty error
[   57.333920][ T4167] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.242: corrupted inode contents
[   57.343735][ T4174] loop4: detected capacity change from 0 to 2048
[   57.346163][ T4167] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.242: mark_inode_dirty error
[   57.364067][ T4167] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.242: corrupted inode contents
[   57.376975][ T4167] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   57.387020][   T37] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   57.408340][   T37] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   57.411130][ T4046] Alternate GPT is invalid, using primary GPT.
[   57.421220][   T37] EXT4-fs (loop3): This should not happen!! Data will be lost
[   57.421220][   T37] 
[   57.421242][   T37] EXT4-fs (loop3): Total free blocks count 0
[   57.421257][   T37] EXT4-fs (loop3): Free/Dirty block details
[   57.421271][   T37] EXT4-fs (loop3): free_blocks=4293918736
[   57.427974][ T4046]  loop4: p2 p3 p7
[   57.437345][   T37] EXT4-fs (loop3): dirty_blocks=16
[   57.437363][   T37] EXT4-fs (loop3): Block reservation details
[   57.472499][   T37] EXT4-fs (loop3): i_reserved_data_blocks=1
[   57.479069][ T4167] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.242: corrupted inode contents
[   57.486831][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   57.505457][ T4167] EXT4-fs error (device loop1): ext4_truncate:4666: inode #16: comm syz.1.242: mark_inode_dirty error
[   57.519279][ T4167] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   57.531181][ T4167] EXT4-fs (loop1): 1 truncate cleaned up
[   57.542178][ T4167] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.558545][ T4167] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.577271][ T4175] netlink: 'syz.4.244': attribute type 1 has an invalid length.
[   57.586177][   T37] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1
[   57.620646][ T4175] 8021q: adding VLAN 0 to HW filter on device bond1
[   57.650063][ T3675] udevd[3675]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory
[   57.662352][ T3475] udevd[3475]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[   57.675647][ T4046] udevd[4046]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[   57.675933][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.746152][ T4198] loop1: detected capacity change from 0 to 512
[   57.764992][ T4198] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   57.773479][ T4198] System zones: 0-2, 18-18, 34-35
[   57.784907][ T4198] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.801607][ T4198] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.814464][ T4204] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=30768 sclass=netlink_route_socket pid=4204 comm=syz.4.249
[   57.831083][ T4196] netlink: 48 bytes leftover after parsing attributes in process `wޣ�'.
[   57.842323][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.858511][ T4206] FAULT_INJECTION: forcing a failure.
[   57.858511][ T4206] name failslab, interval 1, probability 0, space 0, times 0
[   57.872951][ T4206] CPU: 1 UID: 0 PID: 4206 Comm: syz.4.253 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   57.872985][ T4206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   57.872999][ T4206] Call Trace:
[   57.873007][ T4206]  <TASK>
[   57.873016][ T4206]  __dump_stack+0x1d/0x30
[   57.873097][ T4206]  dump_stack_lvl+0xe8/0x140
[   57.873121][ T4206]  dump_stack+0x15/0x1b
[   57.873188][ T4206]  should_fail_ex+0x265/0x280
[   57.873222][ T4206]  ? __request_module+0x1c4/0x3e0
[   57.873244][ T4206]  should_failslab+0x8c/0xb0
[   57.873282][ T4206]  ? get_fs_type+0x11d/0x330
[   57.873376][ T4206]  __kmalloc_cache_noprof+0x4c/0x320
[   57.873408][ T4206]  ? get_fs_type+0x11d/0x330
[   57.873434][ T4206]  __request_module+0x1c4/0x3e0
[   57.873503][ T4206]  ? strncmp+0x34/0x70
[   57.873528][ T4206]  get_fs_type+0x11d/0x330
[   57.873557][ T4206]  __se_sys_fsopen+0x86/0x1e0
[   57.873582][ T4206]  __x64_sys_fsopen+0x31/0x40
[   57.873662][ T4206]  x64_sys_call+0x2a9d/0x2ff0
[   57.873689][ T4206]  do_syscall_64+0xd2/0x200
[   57.873712][ T4206]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   57.873806][ T4206]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   57.873827][ T4206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.873848][ T4206] RIP: 0033:0x7f3c691aeb69
[   57.873864][ T4206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.873881][ T4206] RSP: 002b:00007f3c6780f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[   57.873917][ T4206] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691aeb69
[   57.873931][ T4206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000280
[   57.873943][ T4206] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   57.873955][ T4206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.873967][ T4206] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   57.874002][ T4206]  </TASK>
[   58.133588][ T4214] FAULT_INJECTION: forcing a failure.
[   58.133588][ T4214] name failslab, interval 1, probability 0, space 0, times 0
[   58.142724][ T4216] autofs4:pid:4216:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0xc0189375)
[   58.146941][ T4214] CPU: 1 UID: 0 PID: 4214 Comm: syz.4.256 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   58.146982][ T4214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.147001][ T4214] Call Trace:
[   58.147011][ T4214]  <TASK>
[   58.147090][ T4214]  __dump_stack+0x1d/0x30
[   58.147121][ T4214]  dump_stack_lvl+0xe8/0x140
[   58.147148][ T4214]  dump_stack+0x15/0x1b
[   58.147169][ T4214]  should_fail_ex+0x265/0x280
[   58.147215][ T4214]  should_failslab+0x8c/0xb0
[   58.147315][ T4214]  kmem_cache_alloc_noprof+0x50/0x310
[   58.147416][ T4214]  ? alloc_empty_file+0x76/0x200
[   58.147460][ T4214]  alloc_empty_file+0x76/0x200
[   58.147501][ T4214]  dentry_open+0x2d/0x90
[   58.147540][ T4214]  __se_sys_fsmount+0x455/0x580
[   58.147655][ T4214]  __x64_sys_fsmount+0x43/0x50
[   58.147687][ T4214]  x64_sys_call+0x2ab3/0x2ff0
[   58.147716][ T4214]  do_syscall_64+0xd2/0x200
[   58.147748][ T4214]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.147808][ T4214]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.147837][ T4214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.147879][ T4214] RIP: 0033:0x7f3c691aeb69
[   58.147900][ T4214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.147925][ T4214] RSP: 002b:00007f3c6780f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b0
[   58.147950][ T4214] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691aeb69
[   58.147968][ T4214] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003
[   58.147993][ T4214] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   58.148009][ T4214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.148024][ T4214] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   58.148089][ T4214]  </TASK>
[   58.364781][ T4216] autofs4:pid:4216:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189375)
[   58.431971][ T4227] loop2: detected capacity change from 0 to 256
[   58.469860][ T4227] vfat: Bad value for 'fmask'
[   58.470404][ T4233] FAULT_INJECTION: forcing a failure.
[   58.470404][ T4233] name failslab, interval 1, probability 0, space 0, times 0
[   58.489246][ T4233] CPU: 0 UID: 0 PID: 4233 Comm: syz.1.263 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   58.489279][ T4233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.489293][ T4233] Call Trace:
[   58.489300][ T4233]  <TASK>
[   58.489308][ T4233]  __dump_stack+0x1d/0x30
[   58.489330][ T4233]  dump_stack_lvl+0xe8/0x140
[   58.489434][ T4233]  dump_stack+0x15/0x1b
[   58.489456][ T4233]  should_fail_ex+0x265/0x280
[   58.489494][ T4233]  should_failslab+0x8c/0xb0
[   58.489517][ T4233]  __kmalloc_noprof+0xa5/0x3e0
[   58.489634][ T4233]  ? security_prepare_creds+0x52/0x120
[   58.489673][ T4233]  security_prepare_creds+0x52/0x120
[   58.489760][ T4233]  prepare_creds+0x34a/0x4c0
[   58.489790][ T4233]  __sys_setreuid+0xdc/0x520
[   58.489831][ T4233]  ? __secure_computing+0x82/0x150
[   58.489898][ T4233]  __x64_sys_setreuid+0x2d/0x40
[   58.489939][ T4233]  x64_sys_call+0x244c/0x2ff0
[   58.489967][ T4233]  do_syscall_64+0xd2/0x200
[   58.490056][ T4233]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.490091][ T4233]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.490119][ T4233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.490144][ T4233] RIP: 0033:0x7f353613eb69
[   58.490164][ T4233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.490187][ T4233] RSP: 002b:00007f35347a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071
[   58.490212][ T4233] RAX: ffffffffffffffda RBX: 00007f3536365fa0 RCX: 00007f353613eb69
[   58.490291][ T4233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   58.490303][ T4233] RBP: 00007f35347a7090 R08: 0000000000000000 R09: 0000000000000000
[   58.490344][ T4233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.490360][ T4233] R13: 0000000000000000 R14: 00007f3536365fa0 R15: 00007ffff5136dc8
[   58.490384][ T4233]  </TASK>
[   58.730562][ T4238] netlink: 'syz.3.265': attribute type 1 has an invalid length.
[   58.738390][ T4238] netlink: 9 bytes leftover after parsing attributes in process `syz.3.265'.
[   58.769351][ T4227] loop2: detected capacity change from 0 to 8192
[   58.785873][ T4227] vfat: Unknown parameter '����q�g�}�ľ)
Y���_ڝ�S.f��H��T���j���i`MQ�D���1q�G���v	?'
[   58.807727][ T4241] FAULT_INJECTION: forcing a failure.
[   58.807727][ T4241] name failslab, interval 1, probability 0, space 0, times 0
[   58.823832][ T4241] CPU: 1 UID: 0 PID: 4241 Comm: syz.1.266 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   58.823867][ T4241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.823883][ T4241] Call Trace:
[   58.823892][ T4241]  <TASK>
[   58.823902][ T4241]  __dump_stack+0x1d/0x30
[   58.823928][ T4241]  dump_stack_lvl+0xe8/0x140
[   58.824018][ T4241]  dump_stack+0x15/0x1b
[   58.824038][ T4241]  should_fail_ex+0x265/0x280
[   58.824070][ T4241]  ? sctp_association_new+0x71/0x1200
[   58.824098][ T4241]  should_failslab+0x8c/0xb0
[   58.824163][ T4241]  __kmalloc_cache_noprof+0x4c/0x320
[   58.824297][ T4241]  sctp_association_new+0x71/0x1200
[   58.824329][ T4241]  ? sctp_v4_to_sk_saddr+0x29/0x40
[   58.824367][ T4241]  ? sctp_do_bind+0x49a/0x4b0
[   58.824446][ T4241]  ? sctp_v4_scope+0x140/0x150
[   58.824475][ T4241]  sctp_connect_new_asoc+0x1a8/0x3a0
[   58.824509][ T4241]  sctp_sendmsg+0xf10/0x18d0
[   58.824662][ T4241]  ? selinux_socket_sendmsg+0xa1/0x1b0
[   58.824701][ T4241]  ? __pfx_sctp_sendmsg+0x10/0x10
[   58.824801][ T4241]  inet_sendmsg+0xc5/0xd0
[   58.824842][ T4241]  __sock_sendmsg+0x102/0x180
[   58.824874][ T4241]  ____sys_sendmsg+0x345/0x4e0
[   58.824972][ T4241]  ___sys_sendmsg+0x17b/0x1d0
[   58.825070][ T4241]  __sys_sendmmsg+0x178/0x300
[   58.825152][ T4241]  __x64_sys_sendmmsg+0x57/0x70
[   58.825270][ T4241]  x64_sys_call+0x1c4a/0x2ff0
[   58.825298][ T4241]  do_syscall_64+0xd2/0x200
[   58.825327][ T4241]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.825350][ T4241]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.825432][ T4241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.825534][ T4241] RIP: 0033:0x7f353613eb69
[   58.825552][ T4241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.825575][ T4241] RSP: 002b:00007f35347a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   58.825594][ T4241] RAX: ffffffffffffffda RBX: 00007f3536365fa0 RCX: 00007f353613eb69
[   58.825689][ T4241] RDX: 0000000000000001 RSI: 0000200000000900 RDI: 0000000000000004
[   58.825708][ T4241] RBP: 00007f35347a7090 R08: 0000000000000000 R09: 0000000000000000
[   58.825762][ T4241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.825778][ T4241] R13: 0000000000000000 R14: 00007f3536365fa0 R15: 00007ffff5136dc8
[   58.825841][ T4241]  </TASK>
[   59.167419][ T4245] loop2: detected capacity change from 0 to 1024
[   59.219112][ T4245] EXT4-fs: Ignoring removed orlov option
[   59.236835][ T4245] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.249977][ T4253] FAULT_INJECTION: forcing a failure.
[   59.249977][ T4253] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.264071][ T4253] CPU: 1 UID: 0 PID: 4253 Comm: syz.1.273 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   59.264104][ T4253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   59.264173][ T4253] Call Trace:
[   59.264181][ T4253]  <TASK>
[   59.264190][ T4253]  __dump_stack+0x1d/0x30
[   59.264214][ T4253]  dump_stack_lvl+0xe8/0x140
[   59.264236][ T4253]  dump_stack+0x15/0x1b
[   59.264254][ T4253]  should_fail_ex+0x265/0x280
[   59.264320][ T4253]  should_fail+0xb/0x20
[   59.264351][ T4253]  should_fail_usercopy+0x1a/0x20
[   59.264371][ T4253]  _copy_to_user+0x20/0xa0
[   59.264476][ T4253]  lsm_fill_user_ctx+0x13a/0x1e0
[   59.264500][ T4253]  selinux_getselfattr+0x87/0xd0
[   59.264527][ T4253]  security_getselfattr+0x24a/0x500
[   59.264605][ T4253]  __x64_sys_lsm_get_self_attr+0x51/0x60
[   59.264644][ T4253]  x64_sys_call+0xeb8/0x2ff0
[   59.264737][ T4253]  do_syscall_64+0xd2/0x200
[   59.264776][ T4253]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   59.264804][ T4253]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   59.264829][ T4253]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.264858][ T4253] RIP: 0033:0x7f353613eb69
[   59.264916][ T4253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.264937][ T4253] RSP: 002b:00007f35347a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001cb
[   59.264955][ T4253] RAX: ffffffffffffffda RBX: 00007f3536365fa0 RCX: 00007f353613eb69
[   59.265049][ T4253] RDX: 0000200000000040 RSI: ffffffffffffffff RDI: 0000000000000064
[   59.265065][ T4253] RBP: 00007f35347a7090 R08: 0000000000000000 R09: 0000000000000000
[   59.265081][ T4253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.265093][ T4253] R13: 0000000000000000 R14: 00007f3536365fa0 R15: 00007ffff5136dc8
[   59.265112][ T4253]  </TASK>
[   59.468784][ T4257] loop4: detected capacity change from 0 to 512
[   59.493097][ T4257] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.515268][ T4260] loop3: detected capacity change from 0 to 512
[   59.542232][ T4261] tmpfs: Bad value for 'mpol'
[   59.576125][ T4260] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   59.595962][ T4255] tmpfs: Bad value for 'mpol'
[   59.623991][ T4260] EXT4-fs (loop3): orphan cleanup on readonly fs
[   59.696800][ T4260] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   59.713702][ T4266] netlink: 72 bytes leftover after parsing attributes in process `syz.2.268'.
[   59.739737][ T4260] EXT4-fs (loop3): Cannot turn on quotas: error -117
[   59.764865][ T4260] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.274: bg 0: block 40: padding at end of block bitmap is not set
[   59.786118][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.796579][ T4260] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   59.807300][ T4260] EXT4-fs (loop3): 1 truncate cleaned up
[   59.815756][ T4260] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   59.887378][ T4268] hub 9-0:1.0: USB hub found
[   59.896432][ T4268] hub 9-0:1.0: 8 ports detected
[   59.908020][ T4270] loop1: detected capacity change from 0 to 1024
[   59.963420][ T4270] EXT4-fs: Ignoring removed orlov option
[   59.987972][ T4270] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.078621][ T3398] kernel read not supported for file /185/statm (pid: 3398 comm: kworker/0:4)
[   60.134984][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.183307][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.625337][ T4303] netlink: 40 bytes leftover after parsing attributes in process `syz.4.286'.
[   60.731048][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.903476][ T4315] loop3: detected capacity change from 0 to 8192
[   61.070797][ T4317] FAULT_INJECTION: forcing a failure.
[   61.070797][ T4317] name failslab, interval 1, probability 0, space 0, times 0
[   61.083882][ T4317] CPU: 1 UID: 0 PID: 4317 Comm: syz.1.291 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   61.083914][ T4317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   61.083929][ T4317] Call Trace:
[   61.083988][ T4317]  <TASK>
[   61.083997][ T4317]  __dump_stack+0x1d/0x30
[   61.084023][ T4317]  dump_stack_lvl+0xe8/0x140
[   61.084078][ T4317]  dump_stack+0x15/0x1b
[   61.084097][ T4317]  should_fail_ex+0x265/0x280
[   61.084137][ T4317]  should_failslab+0x8c/0xb0
[   61.084193][ T4317]  kmem_cache_alloc_noprof+0x50/0x310
[   61.084228][ T4317]  ? __anon_vma_prepare+0xcd/0x2f0
[   61.084274][ T4317]  __anon_vma_prepare+0xcd/0x2f0
[   61.084320][ T4317]  do_wp_page+0x1926/0x24e0
[   61.084373][ T4317]  ? __lruvec_stat_mod_folio+0xd6/0x120
[   61.084414][ T4317]  ? css_rstat_updated+0xb7/0x240
[   61.084443][ T4317]  ? __rcu_read_lock+0x37/0x50
[   61.084541][ T4317]  handle_mm_fault+0x77d/0x2c20
[   61.084581][ T4317]  do_user_addr_fault+0x636/0x1090
[   61.084623][ T4317]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   61.084662][ T4317]  exc_page_fault+0x62/0xa0
[   61.084752][ T4317]  asm_exc_page_fault+0x26/0x30
[   61.084775][ T4317] RIP: 0033:0x7f3536000ce3
[   61.084793][ T4317] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   61.084816][ T4317] RSP: 002b:00007f35347a64a0 EFLAGS: 00010202
[   61.084834][ T4317] RAX: 0000000000000400 RBX: 00007f35347a6540 RCX: 00007f352c387000
[   61.084931][ T4317] RDX: 00007f35347a66e0 RSI: 0000000000000059 RDI: 00007f35347a65e0
[   61.084943][ T4317] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000af
[   61.084954][ T4317] R10: 00000000000000c6 R11: 00007f35347a6540 R12: 0000000000000001
[   61.084966][ T4317] R13: 00007f35361dd940 R14: 0000000000000020 R15: 00007f35347a65e0
[   61.084984][ T4317]  </TASK>
[   61.100035][ T4318] loop2: detected capacity change from 0 to 2048
[   61.100360][ T4317] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   61.107273][ T4317] loop1: detected capacity change from 0 to 1024
[   61.325579][ T4318] EXT4-fs (loop2): failed to initialize system zone (-117)
[   61.335356][ T4317] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   61.349567][ T4318] EXT4-fs (loop2): mount failed
[   61.380987][ T4318] 9pnet_fd: Insufficient options for proto=fd
[   61.394774][   T29] kauditd_printk_skb: 362 callbacks suppressed
[   61.394790][   T29] audit: type=1326 audit(1754126887.754:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.394873][ T4317] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.291: Invalid block bitmap block 0 in block_group 0
[   61.406089][ T4318] lo speed is unknown, defaulting to 1000
[   61.450730][   T29] audit: type=1326 audit(1754126887.794:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.453044][ T4317] Quota error (device loop1): write_blk: dquota write failed
[   61.476821][   T29] audit: type=1326 audit(1754126887.794:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.476858][   T29] audit: type=1326 audit(1754126887.794:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.484951][ T4317] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   61.510640][   T29] audit: type=1326 audit(1754126887.794:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.547086][ T4318] lo speed is unknown, defaulting to 1000
[   61.569820][   T29] audit: type=1326 audit(1754126887.794:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.569863][   T29] audit: type=1326 audit(1754126887.794:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.587920][ T4318] lo speed is unknown, defaulting to 1000
[   61.607398][   T29] audit: type=1326 audit(1754126887.794:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4322 comm="syz.0.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8227f8eb69 code=0x7ffc0000
[   61.610955][ T4317] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.291: Failed to acquire dquot type 0
[   61.640018][ T4318] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   61.645496][ T4317] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.291: Freeing blocks not in datazone - block = 0, count = 4096
[   61.708139][ T4318] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   61.729780][ T4317] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.291: Invalid inode bitmap blk 0 in block_group 0
[   61.759266][ T4187] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[   61.776956][ T4317] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[   61.777034][ T4317] EXT4-fs (loop1): 1 orphan inode deleted
[   61.800673][ T4333] loop0: detected capacity change from 0 to 512
[   61.828766][ T4318] lo speed is unknown, defaulting to 1000
[   61.858154][ T4334] netlink: 300 bytes leftover after parsing attributes in process `syz.4.297'.
[   61.875942][ T4318] lo speed is unknown, defaulting to 1000
[   61.883992][ T4318] lo speed is unknown, defaulting to 1000
[   61.891445][ T4333] ext4 filesystem being mounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   61.892120][ T4318] lo speed is unknown, defaulting to 1000
[   61.892426][ T4318] lo speed is unknown, defaulting to 1000
[   61.894380][ T4318] lo speed is unknown, defaulting to 1000
[   61.923857][ T4333] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.295: corrupted inode contents
[   61.951813][ T4333] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #2: comm syz.0.295: mark_inode_dirty error
[   61.987867][ T4333] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.295: corrupted inode contents
[   62.017449][ T4333] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.295: mark_inode_dirty error
[   62.110265][ T4357] loop1: detected capacity change from 0 to 256
[   62.156027][ T4344] EXT4-fs error (device loop0): ext4_lookup:1784: inode #18: comm syz.0.295: '' linked to parent dir
[   62.171421][ T4357] netlink: 16 bytes leftover after parsing attributes in process `syz.1.305'.
[   62.181781][ T4357] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'.
[   62.210836][ T4357] bridge1: entered promiscuous mode
[   62.216794][ T4357] bridge1: entered allmulticast mode
[   62.266788][ T4366] loop2: detected capacity change from 0 to 1024
[   62.305358][ T4366] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.319168][ T4369] netlink: 'syz.1.310': attribute type 4 has an invalid length.
[   62.341916][ T4369] loop1: detected capacity change from 0 to 2048
[   62.359813][ T4366] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.309: lblock 1 mapped to illegal pblock 1 (length 15)
[   62.408314][ T4374] FAULT_INJECTION: forcing a failure.
[   62.408314][ T4374] name failslab, interval 1, probability 0, space 0, times 0
[   62.421700][ T4374] CPU: 0 UID: 0 PID: 4374 Comm: syz.4.312 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   62.421816][ T4374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   62.421869][ T4374] Call Trace:
[   62.421877][ T4374]  <TASK>
[   62.421886][ T4374]  __dump_stack+0x1d/0x30
[   62.421913][ T4374]  dump_stack_lvl+0xe8/0x140
[   62.421939][ T4374]  dump_stack+0x15/0x1b
[   62.421999][ T4374]  should_fail_ex+0x265/0x280
[   62.422034][ T4374]  should_failslab+0x8c/0xb0
[   62.422065][ T4374]  kmem_cache_alloc_node_noprof+0x57/0x320
[   62.422140][ T4374]  ? dup_task_struct+0x70/0x6a0
[   62.422176][ T4374]  dup_task_struct+0x70/0x6a0
[   62.422204][ T4374]  ? _parse_integer+0x27/0x40
[   62.422247][ T4374]  copy_process+0x399/0x2000
[   62.422330][ T4374]  ? kstrtouint+0x76/0xc0
[   62.422370][ T4374]  ? kstrtouint_from_user+0x9f/0xf0
[   62.422421][ T4374]  ? __rcu_read_unlock+0x4f/0x70
[   62.422452][ T4374]  kernel_clone+0x16c/0x5c0
[   62.422486][ T4374]  ? vfs_write+0x75e/0x8e0
[   62.422516][ T4374]  __x64_sys_clone+0xe6/0x120
[   62.422550][ T4374]  x64_sys_call+0x119c/0x2ff0
[   62.422654][ T4374]  do_syscall_64+0xd2/0x200
[   62.422684][ T4374]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   62.422794][ T4374]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   62.422816][ T4374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.422844][ T4374] RIP: 0033:0x7f3c691aeb69
[   62.422863][ T4374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.422883][ T4374] RSP: 002b:00007f3c6780efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   62.422901][ T4374] RAX: ffffffffffffffda RBX: 00007f3c693d5fa0 RCX: 00007f3c691aeb69
[   62.423039][ T4374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400
[   62.423063][ T4374] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   62.423074][ T4374] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   62.423086][ T4374] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   62.423111][ T4374]  </TASK>
[   62.690056][ T4366] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   62.703040][ T4366] EXT4-fs (loop2): This should not happen!! Data will be lost
[   62.703040][ T4366] 
[   62.735976][ T4366] netlink: 44 bytes leftover after parsing attributes in process `syz.2.309'.
[   62.762930][ T4366] serio: Serial port ptm0
[   62.836475][ T4387] netlink: 12 bytes leftover after parsing attributes in process `syz.3.314'.
[   62.860384][ T4380] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   62.876142][ T4380] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1528 with error 28
[   62.888715][ T4380] EXT4-fs (loop1): This should not happen!! Data will be lost
[   62.888715][ T4380] 
[   62.898456][ T4380] EXT4-fs (loop1): Total free blocks count 0
[   62.904926][ T4380] EXT4-fs (loop1): Free/Dirty block details
[   62.910860][ T4380] EXT4-fs (loop1): free_blocks=2415919104
[   62.916648][ T4380] EXT4-fs (loop1): dirty_blocks=1536
[   62.922209][ T4380] EXT4-fs (loop1): Block reservation details
[   62.928333][ T4380] EXT4-fs (loop1): i_reserved_data_blocks=96
[   62.953488][ T4391] loop0: detected capacity change from 0 to 2048
[   63.002362][ T4399] netlink: 196 bytes leftover after parsing attributes in process `syz.3.319'.
[   63.035302][ T4401] netlink: 8 bytes leftover after parsing attributes in process `syz.4.320'.
[   63.090916][ T4406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.322'.
[   63.141796][ T4406] loop3: detected capacity change from 0 to 2048
[   63.149570][   T37] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[   63.161917][   T37] EXT4-fs (loop1): This should not happen!! Data will be lost
[   63.161917][   T37] 
[   63.179116][ T4408] tunl0: entered promiscuous mode
[   63.204861][ T4408] netlink: 'syz.2.323': attribute type 1 has an invalid length.
[   63.213431][ T4408] netlink: 9 bytes leftover after parsing attributes in process `syz.2.323'.
[   63.287899][ T4416] netlink: 20 bytes leftover after parsing attributes in process `syz.0.325'.
[   63.304273][ T4416] loop0: detected capacity change from 0 to 512
[   63.333551][ T4416] msdos: Bad value for 'uid'
[   63.338206][ T4416] msdos: Bad value for 'uid'
[   63.374627][ T4416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'.
[   63.491701][ T4437] FAULT_INJECTION: forcing a failure.
[   63.491701][ T4437] name failslab, interval 1, probability 0, space 0, times 0
[   63.506094][ T4437] CPU: 0 UID: 0 PID: 4437 Comm: syz.3.333 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   63.506130][ T4437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   63.506142][ T4437] Call Trace:
[   63.506147][ T4437]  <TASK>
[   63.506155][ T4437]  __dump_stack+0x1d/0x30
[   63.506175][ T4437]  dump_stack_lvl+0xe8/0x140
[   63.506198][ T4437]  dump_stack+0x15/0x1b
[   63.506215][ T4437]  should_fail_ex+0x265/0x280
[   63.506301][ T4437]  ? audit_log_d_path+0x8d/0x150
[   63.506353][ T4437]  should_failslab+0x8c/0xb0
[   63.506410][ T4437]  __kmalloc_cache_noprof+0x4c/0x320
[   63.506440][ T4437]  audit_log_d_path+0x8d/0x150
[   63.506480][ T4437]  audit_log_d_path_exe+0x42/0x70
[   63.506556][ T4437]  audit_log_task+0x1e9/0x250
[   63.506589][ T4437]  audit_seccomp+0x61/0x100
[   63.506613][ T4437]  ? __seccomp_filter+0x68c/0x10d0
[   63.506641][ T4437]  __seccomp_filter+0x69d/0x10d0
[   63.506668][ T4437]  ? do_vfs_ioctl+0xb9e/0xe10
[   63.506725][ T4437]  ? selinux_file_ioctl+0x195/0x3a0
[   63.506771][ T4437]  __secure_computing+0x82/0x150
[   63.506797][ T4437]  syscall_trace_enter+0xcf/0x1e0
[   63.506901][ T4437]  do_syscall_64+0xac/0x200
[   63.507011][ T4437]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   63.507042][ T4437]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   63.507070][ T4437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.507095][ T4437] RIP: 0033:0x7f74b7c3d57c
[   63.507155][ T4437] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   63.507173][ T4437] RSP: 002b:00007f74b62a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   63.507237][ T4437] RAX: ffffffffffffffda RBX: 00007f74b7e65fa0 RCX: 00007f74b7c3d57c
[   63.507311][ T4437] RDX: 000000000000000f RSI: 00007f74b62a70a0 RDI: 0000000000000004
[   63.507323][ T4437] RBP: 00007f74b62a7090 R08: 0000000000000000 R09: 0000000000000000
[   63.507377][ T4437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   63.507393][ T4437] R13: 0000000000000000 R14: 00007f74b7e65fa0 R15: 00007ffde22ad888
[   63.507418][ T4437]  </TASK>
[   63.797048][ T4449] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[   63.807161][ T4445] netlink: 'syz.2.337': attribute type 1 has an invalid length.
[   63.839390][ T4450] loop3: detected capacity change from 0 to 1024
[   63.934566][ T4455] lo speed is unknown, defaulting to 1000
[   64.052154][ T4471] loop4: detected capacity change from 0 to 1024
[   64.063904][ T4469] ALSA: seq fatal error: cannot create timer (-19)
[   64.177443][ T4481] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.349: Allocating blocks 385-513 which overlap fs metadata
[   64.218803][ T4481] EXT4-fs (loop4): pa ffff8881071d1850: logic 16, phys. 129, len 24
[   64.227855][ T4481] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   64.358040][ T4483] loop3: detected capacity change from 0 to 1024
[   64.445174][ T4483] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.483278][ T4483] netlink: 'syz.3.352': attribute type 3 has an invalid length.
[   64.508793][ T4483] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 13)
[   64.509059][ T4469] loop2: detected capacity change from 0 to 512
[   64.538276][ T4483] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[   64.551303][ T4483] EXT4-fs (loop3): This should not happen!! Data will be lost
[   64.551303][ T4483] 
[   64.564957][ T4469] ext4 filesystem being mounted at /74/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   64.599806][ T4490] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.655784][ T4482] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.673015][ T4482] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.689749][ T4490] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.726039][ T4482] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.733119][ T4172] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   64.778815][ T4490] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.814083][ T4482] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.846096][ T4490] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.352: lblock 3 mapped to illegal pblock 3 (length 1)
[   64.847010][ T4499] SELinux: ebitmap: truncated map
[   64.870424][ T4502] FAULT_INJECTION: forcing a failure.
[   64.870424][ T4502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   64.887277][ T4502] CPU: 0 UID: 0 PID: 4502 Comm: syz.2.357 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   64.887309][ T4502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   64.887323][ T4502] Call Trace:
[   64.887331][ T4502]  <TASK>
[   64.887340][ T4502]  __dump_stack+0x1d/0x30
[   64.887430][ T4502]  dump_stack_lvl+0xe8/0x140
[   64.887457][ T4502]  dump_stack+0x15/0x1b
[   64.887485][ T4502]  should_fail_ex+0x265/0x280
[   64.887529][ T4502]  should_fail+0xb/0x20
[   64.887621][ T4502]  should_fail_usercopy+0x1a/0x20
[   64.887644][ T4502]  _copy_from_user+0x1c/0xb0
[   64.887748][ T4502]  ___sys_sendmsg+0xc1/0x1d0
[   64.887805][ T4502]  __x64_sys_sendmsg+0xd4/0x160
[   64.887850][ T4502]  x64_sys_call+0x191e/0x2ff0
[   64.887916][ T4502]  do_syscall_64+0xd2/0x200
[   64.887944][ T4502]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   64.887967][ T4502]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   64.887987][ T4502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.888088][ T4502] RIP: 0033:0x7f938a18eb69
[   64.888107][ T4502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.888144][ T4502] RSP: 002b:00007f93887ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.888185][ T4502] RAX: ffffffffffffffda RBX: 00007f938a3b5fa0 RCX: 00007f938a18eb69
[   64.888229][ T4502] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[   64.888244][ T4502] RBP: 00007f93887ef090 R08: 0000000000000000 R09: 0000000000000000
[   64.888259][ T4502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.888273][ T4502] R13: 0000000000000000 R14: 00007f938a3b5fa0 R15: 00007ffc9ff53d48
[   64.888297][ T4502]  </TASK>
[   65.132771][ T4499] SELinux: failed to load policy
[   65.285075][ T4523] netlink: 'syz.0.367': attribute type 1 has an invalid length.
[   65.345128][ T4522] loop2: detected capacity change from 0 to 1024
[   65.361233][ T4522] EXT4-fs: Ignoring removed orlov option
[   65.366824][ T4525] loop3: detected capacity change from 0 to 512
[   65.367428][ T4522] EXT4-fs: Ignoring removed nomblk_io_submit option
[   65.379200][ T4525] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.388372][ T4525] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   65.388865][ T4527] tunl0: left promiscuous mode
[   65.401543][ T4525] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   65.416036][ T4525] EXT4-fs (loop3): orphan cleanup on readonly fs
[   65.423640][ T4525] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.366: Invalid block bitmap block 0 in block_group 0
[   65.439331][ T4525] EXT4-fs (loop3): Remounting filesystem read-only
[   65.446374][ T4525] EXT4-fs (loop3): 1 orphan inode deleted
[   65.463123][ T4517] FAULT_INJECTION: forcing a failure.
[   65.463123][ T4517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.477375][ T4517] CPU: 1 UID: 0 PID: 4517 Comm: syz.4.363 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   65.477406][ T4517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   65.477419][ T4517] Call Trace:
[   65.477427][ T4517]  <TASK>
[   65.477438][ T4517]  __dump_stack+0x1d/0x30
[   65.477464][ T4517]  dump_stack_lvl+0xe8/0x140
[   65.477488][ T4517]  dump_stack+0x15/0x1b
[   65.477509][ T4517]  should_fail_ex+0x265/0x280
[   65.477553][ T4517]  should_fail+0xb/0x20
[   65.477587][ T4517]  should_fail_usercopy+0x1a/0x20
[   65.477605][ T4517]  _copy_to_user+0x20/0xa0
[   65.477708][ T4517]  copy_siginfo_to_user+0x22/0xb0
[   65.477735][ T4517]  x64_setup_rt_frame+0x2b5/0x580
[   65.477763][ T4517]  arch_do_signal_or_restart+0x27c/0x480
[   65.477796][ T4517]  exit_to_user_mode_loop+0x7a/0x100
[   65.477844][ T4517]  do_syscall_64+0x1d6/0x200
[   65.477873][ T4517]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   65.477903][ T4517]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   65.477923][ T4517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.478007][ T4517] RIP: 0033:0x7f3c691aeb69
[   65.478077][ T4517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.478100][ T4517] RSP: 002b:00007f3c6780f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.478123][ T4517] RAX: fffffffffffffff2 RBX: 00007f3c693d5fa0 RCX: 00007f3c691aeb69
[   65.478139][ T4517] RDX: 0000000000000000 RSI: 0000000040095505 RDI: 0000000000000003
[   65.478155][ T4517] RBP: 00007f3c6780f090 R08: 0000000000000000 R09: 0000000000000000
[   65.478237][ T4517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.478248][ T4517] R13: 0000000000000000 R14: 00007f3c693d5fa0 R15: 00007ffdc9d72ce8
[   65.478267][ T4517]  </TASK>
[   65.674851][ T4527] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   65.836616][ T4555] loop3: detected capacity change from 0 to 512
[   65.845511][ T4555] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.376: bg 0: block 288: padding at end of block bitmap is not set
[   65.861639][ T4555] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   65.873843][ T4555] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.376: attempt to clear invalid blocks 1024 len 1
[   65.891674][ T4555] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.376: invalid indirect mapped block 1819239214 (level 0)
[   65.920260][ T4555] EXT4-fs (loop3): 1 truncate cleaned up
[   65.940446][ T4562] netlink: 'syz.2.378': attribute type 1 has an invalid length.
[   66.025341][ T4566] loop1: detected capacity change from 0 to 128
[   66.054912][ T4573] sch_tbf: burst 19870 is lower than device lo mtu (65550) !
[   66.070578][ T4573] loop3: detected capacity change from 0 to 512
[   66.086172][ T4573] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   66.189488][ T4588] netlink: 'syz.3.389': attribute type 1 has an invalid length.
[   66.237062][ T4590] loop2: detected capacity change from 0 to 512
[   66.337123][ T4602] ==================================================================
[   66.346972][ T4602] BUG: KCSAN: data-race in mas_state_walk / mas_wr_store_entry
[   66.357105][ T4602] 
[   66.359451][ T4602] write to 0xffff888106761810 of 8 bytes by task 4600 on cpu 1:
[   66.367880][ T4602]  mas_wr_store_entry+0x1581/0x2b50
[   66.373202][ T4602]  mas_store_prealloc+0x74d/0x9e0
[   66.379555][ T4602]  commit_merge+0x6a5/0x730
[   66.385304][ T4602]  vma_expand+0x220/0x320
[   66.389936][ T4602]  vma_merge_new_range+0x296/0x310
[   66.395939][ T4602]  mmap_region+0xa59/0x1630
[   66.401089][ T4602]  do_mmap+0x9b3/0xbe0
[   66.405285][ T4602]  vm_mmap_pgoff+0x17a/0x2e0
[   66.411253][ T4602]  ksys_mmap_pgoff+0xc2/0x310
[   66.417067][ T4602]  x64_sys_call+0x14a3/0x2ff0
[   66.422823][ T4602]  do_syscall_64+0xd2/0x200
[   66.427438][ T4602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.433441][ T4602] 
[   66.436568][ T4602] read to 0xffff888106761810 of 8 bytes by task 4602 on cpu 0:
[   66.445279][ T4602]  mas_state_walk+0x2f5/0x650
[   66.451038][ T4602]  mas_walk+0x60/0x150
[   66.456036][ T4602]  lock_vma_under_rcu+0xa2/0x2f0
[   66.462603][ T4602]  do_user_addr_fault+0x233/0x1090
[   66.469231][ T4602]  exc_page_fault+0x62/0xa0
[   66.475228][ T4602]  asm_exc_page_fault+0x26/0x30
[   66.480709][ T4602] 
[   66.483255][ T4602] value changed: 0x00007f3c677cdfff -> 0x00007f3c677acfff
[   66.491153][ T4602] 
[   66.493663][ T4602] Reported by Kernel Concurrency Sanitizer on:
[   66.500364][ T4602] CPU: 0 UID: 0 PID: 4602 Comm: syz.4.394 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) 
[   66.515689][ T4602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   66.528859][ T4602] ==================================================================
[   66.547090][   T29] kauditd_printk_skb: 1568 callbacks suppressed
[   66.547104][   T29] audit: type=1326 audit(1754126892.904:2866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.580468][   T29] audit: type=1326 audit(1754126892.924:2867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.607967][   T29] audit: type=1326 audit(1754126892.924:2868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.636849][   T29] audit: type=1326 audit(1754126892.924:2869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.663311][   T29] audit: type=1326 audit(1754126892.924:2870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.663792][ T4607] loop1: detected capacity change from 0 to 512
[   66.690190][   T29] audit: type=1326 audit(1754126892.924:2871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.690228][   T29] audit: type=1326 audit(1754126892.924:2872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.758902][   T29] audit: type=1326 audit(1754126892.924:2873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.784816][   T29] audit: type=1326 audit(1754126892.924:2874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000
[   66.811949][   T29] audit: type=1326 audit(1754126892.924:2875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4604 comm="syz.3.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f74b7c3eb69 code=0x7ffc0000