last executing test programs:

9.855039444s ago: executing program 0 (id=963):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710046000000000095000300"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="80420000000000001400030076657468305f746f5f626f6e6400000008003a007a8677"], 0x3c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x51857000)
mbind(&(0x7f00004fa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x1ff, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000a50000002a00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r2}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x20000000000001c6, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRESDEC=r4], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r7}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
sendmsg$inet(r6, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'], 0x30}, 0x7e8166965e22236a)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r9, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x5, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810d8, 0x8})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r9, 0x40505330, &(0x7f00000001c0)={0x800000, 0x80, 0xfdfffffd, 0x5, 0x3ffd, 0x7})
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r10, 0xffffffffffffffff, 0x0)
r11 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r11, 0x402, 0x5)
fcntl$notify(r11, 0x402, 0x848234f1c7d17d24)
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000080)=0x2, 0xfffffffffffffdc0)

9.198709077s ago: executing program 0 (id=968):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="060000000400000008000000ffffff7f00000000", @ANYRES32, @ANYBLOB="000000000067bfbcdcf600500600000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0xfffffffa, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000000080)}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r3)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x400, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)

9.135723632s ago: executing program 0 (id=970):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c0073e3313216d615d773bd46c6880000031c010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010800000000000000000a0000010900020073797a31000000000900010073797a31000000001400038010"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
syz_mount_image$msdos(&(0x7f0000000300), &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x81, 0x2ca, &(0x7f00000006c0)="$eJzs3T1rW1ccBvBT1bWNi1+mQrv00C7tcnHdL1BRbDAVtLhWaTsErvF1IqRIRlcQyWTwniVzxowmY7ZAyBfwB8iezUvwZDJEwZLjtyhkCPLF+PcDcR54EJyDuOK/XM7Bvw/v1rfyZCvthNJvMZRCCKU3/bAwSENfnKylQZ4M5+2Gn18+fvTg7//+/6NcqSyvxbhSXv91KcY49/3ze/ef/PCi8/U/T+eeTYX9hVsHr5de7X+z/+3B2/U7tTzW8thsdWIaN1qtTrrRyOJmLa8nMf7VyNI8i7VmnrUv9FuN1vZ2L6bNzdmZ7XaW5zFt9mI968VOK3bavZjeTmvNmCRJnJ0JfEp1b20tLRe9C8ar3S6nx8/w1AdNda+QDQEAhRo5/x8F8/+NYP6/CY7n/8mT5/ci8z8AAAAAAAAAAAAAAFwHR/3+fL/fn3+/Xv4UvT/Gy+9/s517cW86hMPdbrVbHa7DfmW1srwYBxbOvnXY7Va/PO1/GfbxYv9VmDnpl0b20+GnH4f9cff7n5VL/VTYHP/xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAgiadG3u+fJB/rh2lltbK8OPJ+/4nw3cSVHQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPkve26mnjUbWFgRBOA1F/zMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA1Tu79LvonQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCkvLdTTxuNrD3GUPQZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArpN3AQAA//9nCtIB")
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x6a400, 0x82, 0xe}, 0x18)
mknodat$loop(r1, &(0x7f0000000140)='./file0\x00', 0x100, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r3, @ANYRES16=r4, @ANYBLOB="010000000000000000001c000000180001801400020074756e6c30"], 0x2c}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x3c, r4, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0x20, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x11, 0x5, "ffce00c1e92caa55a234497a62"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4c054}, 0x4000)

9.0412428s ago: executing program 0 (id=971):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x20}, @TCA_FQ_PIE_BETA={0x8, 0x6, 0x7}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
r5 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000300)="9f10b9a84afcf6d62360e6f819419a51fcb18dd00455b8c542819139b629400312cf8a9535e822e24ed9c7bbe0b8dd4354b1dea0f829a76ade67038921d3047b0fdc3a1c131f487e66373bf997885c5a55f5b69e9b5735bf0b5e002c461c34cbcf952f488606b139e1a9e84446a145ce4382a5e67ce2e7464a6983b2c1df275c337d347d1b39d97cb3be8f43197e24f616c069e8bfa86b5056b7a43178b557d14070dda34a18460e96a272d38246a6b96046679cb125dd9fe6000000000000009c94df24356845a86c77bb9d53280c8c774a0a40a21a1c32e7729582698201a285a8ff83ca52dbe7abfea1cac1009f71d82ecfcb96970be7a893f7c53e54c63e919bba47c1a31f6cf1ebfe3483b4b1795a42c72513508cba91d84fc8aab1ff33384fc769ada247b31ed3150d0f1a5c471843aae8c30fb7296935aabd27762a3ea8dc3307636d3d0888e96705dbe14748d0bdbca6a4afcf87f0d6d502d5c3fa9494247d85d8e143d729fc4fd65f4cf7edd78ebc67af3dd4", 0x177, 0xffffffffffffffff)
r6 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r5})
keyctl$KEYCTL_MOVE(0x1e, r5, 0xffffffffffffffff, r6, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x6c, 0x2, {{}, [@TCA_NETEM_LOSS={0x30, 0x2, 0x0, 0x1, [@NETEM_LOSS_GE={0x18}, @NETEM_LOSS_GI={0x18}]}, @TCA_NETEM_RATE={0x4, 0xd}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x9c}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
ioctl$SCSI_IOCTL_START_UNIT(r7, 0x5)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x38, 0x1, 0x2, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x8008)
getgroups(0x1, &(0x7f0000007780)=[0xffffffffffffffff])

8.973375896s ago: executing program 0 (id=972):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000080)=0x3f6f)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c696f636861727365743d63703733378c726f6469722c757466383d302c696f636861727365743d63703836332c6e6f6e756d7461696c3d302c696f636861727365743d63703835322c73686f72746e616d653d77696e39352c696f636861727365743d757466382c636865636b3d72656c617865642c757466383d312c73686f72746e616d653d77696e39352c757365667265652c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d312c646973636172642c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c726f6469722c73686f72746e616d653d77696e6e742c73686f72746e616d653d77696e39352c6673636f6e746578743d756e636f6e66696e65645f752c00"], 0x1, 0x36b, &(0x7f0000000340)="$eJzs3cFrHFUYAPAvsU3SaLo5iKAiPupFL0sS/4EGaUEMKLEr1YMwNRNdMs2GnSWyRbQ3r/4dxaM3QfwHctC7N2+5eOyhdCS72WaTrlFok7H6+8Hyvt33vt03O8vw7WH49m9+d3trs2xuZr2YvppiOiKm70csDqJD00fDVMzEuLvxVuPmb699+PEn762urV1bT+n66o23V1JKl1//6cuvvr/yc+/5j364/ONs7C1+uv/Hyu97L+29vP/wxhftMrXLtN3ppSzd6nR62a0iTxvtcquZ0gdFnpV5am+XeffY/GbR2dnpp2x7Y2F+p5uXZcq2+2kr76deJ/W6/ZR9nrW3U7PZTAvzwd9p3Vtfz1aH8dwp666e14Y4A93uajYVEbOPzbTu1bIhAKBW/6T+nzocJ9X/M0+1/r8Y6v/zNF7/8191UP/PHP2NH6P+BwAAAAAAAAAAAACAZ8H9qmpUVdUYjdXoJuHD5zVvjzP22Pk/8ah7f5ytsRv35iKKb3dbu63hOJxf3Yx2FJHHUjTiwcFlYWQYX3937dpSGliMhdvfDPKv/BLReu54/nI0YnFy/vIwPz3Kj4PxYsyP569EI16cnL8yMX8m3nxjLL8Zjfj1s+hEERuDy9tR/tfLKb3z/tqJ/NnBOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+H5pp5NUY9r3fbUVcit3D/v3NowWLx/vjD/Mf9ddfikY8mNyff2lif/4L8cqFeo8dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEbK/p2trCjy7nkFo57/g1dmRsFfZ00Nl989MXUpznHPRZFPP603fFhV1Vltde58T+WTBBcjTjuD1eGv5Mk/64WIOGXNbETU/238G4O6rkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQn6Om33XvBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDqV/TtbWVHk3TMM6j5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZ8mfAQAA//8nphGO")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1e2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r5}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x14}, 0x94)
pipe2$9p(&(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
r9 = dup(r8)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r9])
ioctl$SIOCSIFHWADDR(r9, 0x8924, &(0x7f0000000300)={'nicvf0\x00', @multicast})
r10 = syz_clone(0x44044000, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$lock(r6, 0x5, &(0x7f0000000180)={0x2, 0x4, 0x0, 0x9, r10})

8.907399411s ago: executing program 0 (id=973):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000500)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00)=0x8000000, &(0x7f0000001c40)=r2}, 0x20)
getegid()
pipe2$9p(&(0x7f0000001900), 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, 0x0)
mount(&(0x7f0000000040)=@rnullb, &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x84, &(0x7f0000000300)='trAnsa,')

8.879680803s ago: executing program 32 (id=973):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000500)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00)=0x8000000, &(0x7f0000001c40)=r2}, 0x20)
getegid()
pipe2$9p(&(0x7f0000001900), 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, 0x0)
mount(&(0x7f0000000040)=@rnullb, &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x84, &(0x7f0000000300)='trAnsa,')

3.124454787s ago: executing program 1 (id=1020):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="93000000", @ANYRES16=r2, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x2, &(0x7f0000000300)=[{0x50, 0xff, 0x0, 0x6}, {0x6, 0x60}]})
write$ppp(r0, &(0x7f0000000200)="4176adc3a0", 0x5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe2(&(0x7f00000024c0), 0x80000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f00000002c0), &(0x7f0000000300)=r4}, 0x20)
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1\x00', 0x81c0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x5}, 0x0, 0x10000, 0x80, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x0)

2.489293379s ago: executing program 1 (id=1024):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0x192}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}], 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100636f756e746572"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0)

2.458025301s ago: executing program 1 (id=1026):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)

2.131434098s ago: executing program 1 (id=1033):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3, <r6=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000180)=r5}, 0x20)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001300)=@newtfilter={0x478, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x5, 0xd}, {}, {0xa, 0xf}}, [@filter_kind_options=@f_route={{0xa}, {0x448, 0x2, [@TCA_ROUTE4_POLICE={0x444, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000000, 0xffffffffffffffff, 0xff, 0x7fff, 0x0, {0x1, 0x0, 0xb, 0x8, 0xff, 0x4b8b0173}, {0x3, 0x1, 0xf, 0x8, 0x42}, 0x25, 0x9, 0x1}}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0xa28e, 0x6, 0x2, 0x2, 0x13c2, 0x2, 0x7, 0x1ff, 0x8, 0x8, 0x1fe2db56, 0x0, 0x2, 0x3, 0x7f, 0x5, 0x7ff, 0x2, 0x4, 0xa, 0x7, 0x1, 0x4, 0x5, 0x23, 0x7, 0x334, 0x3, 0x200, 0x0, 0x8, 0x4, 0x550a06bc, 0x1000, 0x8, 0x2, 0x101, 0x8000, 0x3, 0x8001, 0xfffffff3, 0x1, 0xfffefffc, 0x5, 0x5, 0x6, 0x5, 0x0, 0x63d, 0x0, 0x5, 0x1, 0x3, 0x9, 0x1ff, 0x7, 0x6, 0xffffffff, 0x7fff, 0x4, 0x1, 0x8, 0x67, 0x9, 0x80000000, 0x4, 0x8, 0x8, 0x8, 0xfffffffa, 0x4, 0x0, 0x2, 0x9, 0xa704, 0x4, 0xe, 0x1, 0x5, 0x6, 0x0, 0xe2, 0x8c5, 0x3, 0x73, 0x8f, 0x0, 0xd, 0x80000001, 0x4, 0x7, 0xfffffc01, 0x4, 0x1d, 0x0, 0x7, 0x6, 0x6, 0xa, 0x81, 0x9, 0x9, 0x4, 0x1, 0x9, 0x8f31, 0x20000007, 0x8, 0x101, 0xb01, 0x80000000, 0x1, 0x8, 0x80000000, 0xfffffff9, 0xfff, 0x10001, 0x9, 0x8, 0xfffffffe, 0x2, 0xffffffff, 0x9, 0x8, 0xffff, 0x7, 0x1, 0x3, 0x2, 0x0, 0x9, 0x8, 0x4, 0x8001, 0x39, 0x568d88d6, 0x4, 0x3, 0x0, 0x1ff, 0x8, 0x1ff, 0x0, 0x7, 0x400, 0x7, 0x3, 0xfffffff7, 0x3f80, 0x1ff, 0x4, 0x1, 0x8, 0x3, 0x8, 0x5, 0x7, 0xa, 0x4c9, 0xe792, 0xb5, 0x7ac, 0xe6, 0x6, 0x2, 0x6, 0x4, 0xcc, 0x6, 0xfffffffe, 0x6, 0xfab, 0x3, 0xf, 0x8, 0x6, 0x8004, 0x8, 0xff, 0x4, 0x8001, 0x1ff, 0x9af9, 0x8, 0x7, 0x2da000, 0x7, 0xc2d, 0x7, 0x8, 0x8, 0xffffff34, 0x2, 0xfffffffa, 0x9, 0x4, 0x8, 0x7, 0x3, 0x10001, 0x8000, 0xfffff14c, 0x5, 0x6, 0xee, 0x9, 0x3, 0x4, 0x7, 0x4, 0xa1d, 0x4, 0xb4cc, 0x0, 0x5, 0x200, 0x5, 0x97c, 0x6, 0x7, 0x8eb7, 0x7, 0x6, 0x8, 0xffffffff, 0x7, 0xff, 0x10000, 0x7, 0xfffffffc, 0x6, 0x7, 0x6, 0x2e150fab, 0x6, 0x8000, 0xc, 0xf2, 0x4f9, 0xe, 0x7, 0x5, 0x278b7678, 0x100, 0x3ff, 0x2, 0x8, 0x5de955bb, 0xf4, 0x1, 0xffffff4c, 0x4, 0x6, 0x8]}]}]}}]}, 0x478}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r10, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x17, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000850000001a93be041811000000000000000000ec730c36", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000850000007c00000018270000", @ANYRES32=r3, @ANYBLOB="00000000f7200000183800000100000000000000000000000442ce8e7f00000018000000564dffff0000000005000000183000000200000000000000000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x4a9, 0xeb, &(0x7f0000000380)=""/235, 0x41000, 0x40, '\x00', r9, 0x25, r10, 0x8, &(0x7f0000000480)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0x1, 0x4, 0xfffffe01}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r3, r3, r3], 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r11 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r12}, 0x10)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0)
shmat(r11, &(0x7f0000000000/0x3000)=nil, 0x7000)

1.656315566s ago: executing program 5 (id=1040):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
r3 = syz_io_uring_setup(0x5c2, &(0x7f0000000840)={0x0, 0x0, 0x10, 0x8003}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x13, r3, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r3, 0x6e2, 0x600, 0x65, 0x0, 0x0)

1.572760143s ago: executing program 3 (id=1043):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000500)={0x0, 0x1, 0x8, 0x0, 0x4401}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b", 0x83}], 0x1}, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000300)={0x2d, 0x0, 0x4001}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})

1.541043555s ago: executing program 3 (id=1045):
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x5001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x4, @perf_config_ext={0x1, 0xa}, 0x5a14, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
getgroups(0x0, 0x0)

1.524531417s ago: executing program 3 (id=1046):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_usbip_server_init(0xaa7f3cec63cbb9d)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB=',pcr=00000000000000000056,rootcontext=', @ANYRESOCT])
kexec_load(0x0, 0x0, 0x0, 0x0)

1.457137282s ago: executing program 2 (id=1047):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0x204, &(0x7f0000000480)={0x0, 0x7b36, 0x0, 0x1, 0x2fd}, &(0x7f00000000c0), &(0x7f0000000080))
r2 = syz_open_dev$vcsu(&(0x7f0000000100), 0x1, 0x100)
getdents64(r2, &(0x7f0000000140)=""/153, 0x99)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, 0x0, 0x1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x441, 0x104)
fallocate(r3, 0x8, 0x4000, 0x10000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r4, 0x400, 0x0, 0x25cfdbfc, {0x54}}, 0x14}}, 0x40010)

1.451451443s ago: executing program 5 (id=1048):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r1)
mlock(&(0x7f0000656000/0x3000)=nil, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000200), 0x400035c, 0x10)
syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x936, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000480)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x3, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000380)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x6a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2040, 0x1})
syz_io_uring_submit(r2, r5, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x4, 0x0, 0x0, 0x0, &(0x7f0000658000/0x4000)=nil, 0x4000, 0x18, 0x1})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)

1.433202734s ago: executing program 2 (id=1049):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
io_uring_setup(0x4663, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000780)={'syztnl0\x00', <r4=>0x0, 0x80, 0x700, 0x2, 0x9, {{0x26, 0x4, 0x3, 0x38, 0x98, 0x66, 0x0, 0x4, 0x2f, 0x0, @rand_addr=0x64010100, @rand_addr=0x64010101, {[@rr={0x7, 0x7, 0x56, [@remote]}, @noop, @timestamp_addr={0x44, 0x4c, 0x4e, 0x1, 0x8, [{@dev={0xac, 0x14, 0x14, 0x40}, 0x80000000}, {@multicast1, 0x921}, {@rand_addr=0x64010102, 0x3}, {@multicast1, 0x10}, {@remote, 0x3}, {@multicast1, 0x40}, {@private=0xa010101, 0x27c4643b}, {@multicast1, 0xfffffffa}, {@local, 0x5}]}, @timestamp_addr={0x44, 0xc, 0x2d, 0x1, 0x1, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8000}]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x1f, 0xfa, [@empty, @broadcast, @remote, @dev={0xac, 0x14, 0x14, 0x35}, @local, @private=0xa010102, @multicast2]}]}}}}})
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000840)={&(0x7f0000000a00)={0x94, 0x12, 0x10, 0x70bd2c, 0x25dfdbfc, {0x3, 0x4, 0x8, 0x1, {0x4e22, 0x4e22, [0x3e5c8e5f, 0xffffffff, 0x2, 0x1000], [0x5, 0x18d1, 0x9, 0x7], r4, [0x6, 0x24be]}, 0x9, 0x4}, [@INET_DIAG_REQ_BYTECODE={0x46, 0x1, "ad03257d84143ceabe2850095b63d82114504033c1f5e58496a0aa1b2097a9bbadc4509075c8f945e384e3ea7ca2fc0f93516b0bf6ea6a2c8f38c9079d1b18fd4aac"}]}, 0x94}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e23}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x24040014}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/12, 0xc}], 0x1, &(0x7f0000000440)=""/7, 0x7}, 0xaee02048}], 0x1, 0x0, 0x0)
setxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x0, 0x0, 0x2)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[], 0x48)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7, 0x0, 0x80010000}, 0x18)
gettid()
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r8, &(0x7f0000000200)=""/209, 0xd1)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="40860000", @ANYRES16=r6, @ANYBLOB="010000000000000000000200000014000200626f6e643000000000000000000000000900010073797a30000000000900030073797a3100000000"], 0x40}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0x0, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_clsact={0xfffffffffffffff2}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.220555091s ago: executing program 1 (id=1050):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572003c0000000c0a01010000000000000000070000000900020073796e31000000000900010073797a3000000000100003800c0000800800034000000002140000001000010000000000000000000384000a"], 0xd0}, 0x1, 0x0, 0x0, 0xc800}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@discard}, {@resgid}, {@jqfmt_vfsold}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
io_submit(0x0, 0x0, 0x0)

1.056085154s ago: executing program 4 (id=1051):
r0 = socket$netlink(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x3, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x3}, 0x18)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)

1.055374225s ago: executing program 4 (id=1052):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6}}, 0x20)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r1, r0, 0x4, r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
accept4$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x80800)
sched_setscheduler(0x0, 0x5, &(0x7f0000000480))
ioprio_set$pid(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
shmctl$IPC_RMID(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x2c060000)
unshare(0x2c020400)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141042, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0)

869.2632ms ago: executing program 3 (id=1053):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20200006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32=r0, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x70)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x16, 0x8, &(0x7f0000001c00)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000040)={{0x1}})
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='mm_vmscan_write_folio\x00', r3, 0x0, 0x2}, 0x18)
r6 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x210000)
r7 = syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r7, 0x1, 0x455b843fbdb64c65)
ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, 0x0)

673.262925ms ago: executing program 4 (id=1054):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00'], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x40047451, &(0x7f0000000180))
ioctl$TUNGETVNETLE(r2, 0x40047451, &(0x7f00000002c0)) (fail_nth: 1)

386.152909ms ago: executing program 5 (id=1055):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='sys_enter\x00', r4, 0x0, 0x8001}, 0x18)
sched_getparam(0x0, &(0x7f00000012c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
vmsplice(r2, &(0x7f0000000040)=[{&(0x7f0000000280)="1a79fa90a625370e6ff35fcbdffba51a9471b595aa4a4937c20fddc65ffc8e67b5de78dd789801e927f2423f86f3c20908a4412d3b16da189d47ff2c30c092586e62797463fcec672863497e4b1482a47693c4bd62405cc9119aad6ee951", 0x5e}, {&(0x7f0000000380)="8b064a0e2b5551f48077b15764e2e5f7718ee22f6a29bf19ff606d95a578a73f7b009f64419c2cc729360088d9372dda3b6968a6cec69f22f41475f074fa40148131cf5853c2075f5ec920", 0x4b}], 0x2, 0x4)
setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r8, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
close_range(r6, 0xffffffffffffffff, 0x0)
getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540))

340.598912ms ago: executing program 2 (id=1056):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000500)={0x0, 0x1, 0x8, 0x0, 0x4401}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b", 0x83}], 0x1}, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000300)={0x2d, 0x0, 0x4001}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})

340.291592ms ago: executing program 3 (id=1057):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00'], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x40047451, &(0x7f0000000180))
ioctl$TUNGETVNETLE(r2, 0x40047451, &(0x7f00000002c0))

339.633002ms ago: executing program 2 (id=1058):
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r2, 0x5) (async)
flock(r2, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r2}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r2}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000900)={'gre0\x00', &(0x7f0000000800)={'syztnl0\x00', <r3=>0x0, 0x0, 0x7, 0x2, 0xeca0, {{0x1f, 0x4, 0x1, 0x23, 0x7c, 0x65, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x18}, @dev={0xac, 0x14, 0x14, 0x30}, {[@timestamp_prespec={0x44, 0x4, 0x32, 0x3, 0x6}, @cipso={0x86, 0x31, 0xffffffffffffffff, [{0x0, 0x2}, {0x7, 0x8, "197dcaefc6e9"}, {0x7, 0x3, "0f"}, {0x5, 0x5, "221a0e"}, {0x608f9c8b42d942e7, 0x12, "622010d3857a900f6bd6be794b67b054"}, {0x4, 0x7, "03260c687a"}]}, @ssrr={0x89, 0x3, 0x90}, @end, @timestamp={0x44, 0x14, 0x3a, 0x0, 0x1, [0x4, 0x401, 0x7ff, 0x1000]}, @ssrr={0x89, 0xf, 0x89, [@local, @broadcast, @rand_addr=0x64010102]}, @generic={0x88, 0xb, "c4ba74a23a0ef3bde1"}]}}}}})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xc, 0xf, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1800000006000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005709000000000000bf91000000000000b7020000010000008500008084000000b7000000000000009500000000000000431d83715efc184ce0f9f669de00aca99cdf8c86fd4e4179b27580a9dc7446dd525444190bae4b63ab14e89ffd4f70d856d170f961987cee89676af35dda883db500d26ab00359d6b501dbbbee34c50bcfe92c21048eaccda0c9862c3a8d8d536e776fbace56a796ef4dd1db4ee6a93fa98dbffc7bfb5ef1afff6a825b5be5b88ce2db667e762719245e1357c8e10d3d49ac1ec84409984bd66fb93d9927f4c72605c8849405d3b7e3dee208f37716c6203bfb2fc824c3b500f727f255ee26fde68f1fcbf894dba05b9c90a9f773"], &(0x7f0000000700)='GPL\x00', 0x101, 0x83, &(0x7f0000000740)=""/131, 0x40f00, 0x11, '\x00', r3, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x4, 0xe, 0x3, 0xfff}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f00000009c0)=[r4, r5, r0], &(0x7f0000000a00)=[{0x4, 0x3, 0x6, 0x7}, {0x4, 0x3, 0x5, 0x5}, {0x0, 0x1, 0x1, 0xb}], 0x10, 0x7}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xc, 0xf, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1800000006000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005709000000000000bf91000000000000b7020000010000008500008084000000b7000000000000009500000000000000431d83715efc184ce0f9f669de00aca99cdf8c86fd4e4179b27580a9dc7446dd525444190bae4b63ab14e89ffd4f70d856d170f961987cee89676af35dda883db500d26ab00359d6b501dbbbee34c50bcfe92c21048eaccda0c9862c3a8d8d536e776fbace56a796ef4dd1db4ee6a93fa98dbffc7bfb5ef1afff6a825b5be5b88ce2db667e762719245e1357c8e10d3d49ac1ec84409984bd66fb93d9927f4c72605c8849405d3b7e3dee208f37716c6203bfb2fc824c3b500f727f255ee26fde68f1fcbf894dba05b9c90a9f773"], &(0x7f0000000700)='GPL\x00', 0x101, 0x83, &(0x7f0000000740)=""/131, 0x40f00, 0x11, '\x00', r3, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x4, 0xe, 0x3, 0xfff}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f00000009c0)=[r4, r5, r0], &(0x7f0000000a00)=[{0x4, 0x3, 0x6, 0x7}, {0x4, 0x3, 0x5, 0x5}, {0x0, 0x1, 0x1, 0xb}], 0x10, 0x7}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0], 0xc3}, 0x1, 0x100000000000000}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x140) (async)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x140)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000300)={0x8, 0x0, 0x0, 'queue1\x00'}) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000300)={0x8, 0x0, 0x0, 'queue1\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e000000000000000400"], 0x48) (async)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e000000000000000400"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r8, 0x408c5333, &(0x7f0000000600)={0x0, 0xc, 0x0, 'queue0\x00'})
open(&(0x7f00000000c0)='./file1\x00', 0x1f3c63, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x88802, 0x0) (async)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x88802, 0x0)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, &(0x7f0000000140)) (async)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, &(0x7f0000000140))

326.838793ms ago: executing program 5 (id=1059):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
r3 = syz_io_uring_setup(0x5c2, &(0x7f0000000840)={0x0, 0x0, 0x10, 0x8003}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x13, r3, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r3, 0x6e2, 0x600, 0x65, 0x0, 0x0)

326.164653ms ago: executing program 1 (id=1060):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3, <r6=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000180)=r5}, 0x20)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001300)=@newtfilter={0x478, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x5, 0xd}, {}, {0xa, 0xf}}, [@filter_kind_options=@f_route={{0xa}, {0x448, 0x2, [@TCA_ROUTE4_POLICE={0x444, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000000, 0xffffffffffffffff, 0xff, 0x7fff, 0x0, {0x1, 0x0, 0xb, 0x8, 0xff, 0x4b8b0173}, {0x3, 0x1, 0xf, 0x8, 0x42}, 0x25, 0x9, 0x1}}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0xa28e, 0x6, 0x2, 0x2, 0x13c2, 0x2, 0x7, 0x1ff, 0x8, 0x8, 0x1fe2db56, 0x0, 0x2, 0x3, 0x7f, 0x5, 0x7ff, 0x2, 0x4, 0xa, 0x7, 0x1, 0x4, 0x5, 0x23, 0x7, 0x334, 0x3, 0x200, 0x0, 0x8, 0x4, 0x550a06bc, 0x1000, 0x8, 0x2, 0x101, 0x8000, 0x3, 0x8001, 0xfffffff3, 0x1, 0xfffefffc, 0x5, 0x5, 0x6, 0x5, 0x0, 0x63d, 0x0, 0x5, 0x1, 0x3, 0x9, 0x1ff, 0x7, 0x6, 0xffffffff, 0x7fff, 0x4, 0x1, 0x8, 0x67, 0x9, 0x80000000, 0x4, 0x8, 0x8, 0x8, 0xfffffffa, 0x4, 0x0, 0x2, 0x9, 0xa704, 0x4, 0xe, 0x1, 0x5, 0x6, 0x0, 0xe2, 0x8c5, 0x3, 0x73, 0x8f, 0x0, 0xd, 0x80000001, 0x4, 0x7, 0xfffffc01, 0x4, 0x1d, 0x0, 0x7, 0x6, 0x6, 0xa, 0x81, 0x9, 0x9, 0x4, 0x1, 0x9, 0x8f31, 0x20000007, 0x8, 0x101, 0xb01, 0x80000000, 0x1, 0x8, 0x80000000, 0xfffffff9, 0xfff, 0x10001, 0x9, 0x8, 0xfffffffe, 0x2, 0xffffffff, 0x9, 0x8, 0xffff, 0x7, 0x1, 0x3, 0x2, 0x0, 0x9, 0x8, 0x4, 0x8001, 0x39, 0x568d88d6, 0x4, 0x3, 0x0, 0x1ff, 0x8, 0x1ff, 0x0, 0x7, 0x400, 0x7, 0x3, 0xfffffff7, 0x3f80, 0x1ff, 0x4, 0x1, 0x8, 0x3, 0x8, 0x5, 0x7, 0xa, 0x4c9, 0xe792, 0xb5, 0x7ac, 0xe6, 0x6, 0x2, 0x6, 0x4, 0xcc, 0x6, 0xfffffffe, 0x6, 0xfab, 0x3, 0xf, 0x8, 0x6, 0x8004, 0x8, 0xff, 0x4, 0x8001, 0x1ff, 0x9af9, 0x8, 0x7, 0x2da000, 0x7, 0xc2d, 0x7, 0x8, 0x8, 0xffffff34, 0x2, 0xfffffffa, 0x9, 0x4, 0x8, 0x7, 0x3, 0x10001, 0x8000, 0xfffff14c, 0x5, 0x6, 0xee, 0x9, 0x3, 0x4, 0x7, 0x4, 0xa1d, 0x4, 0xb4cc, 0x0, 0x5, 0x200, 0x5, 0x97c, 0x6, 0x7, 0x8eb7, 0x7, 0x6, 0x8, 0xffffffff, 0x7, 0xff, 0x10000, 0x7, 0xfffffffc, 0x6, 0x7, 0x6, 0x2e150fab, 0x6, 0x8000, 0xc, 0xf2, 0x4f9, 0xe, 0x7, 0x5, 0x278b7678, 0x100, 0x3ff, 0x2, 0x8, 0x5de955bb, 0xf4, 0x1, 0xffffff4c, 0x4, 0x6, 0x8]}]}]}}]}, 0x478}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r10, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x17, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000850000001a93be041811000000000000000000ec730c36", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000850000007c00000018270000", @ANYRES32=r3, @ANYBLOB="00000000f7200000183800000100000000000000000000000442ce8e7f00000018000000564dffff0000000005000000183000000200000000000000000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x4a9, 0xeb, &(0x7f0000000380)=""/235, 0x41000, 0x40, '\x00', r9, 0x25, r10, 0x8, &(0x7f0000000480)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0x1, 0x4, 0xfffffe01}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r3, r3, r3], 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r11 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r12}, 0x10)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0)
shmat(r11, &(0x7f0000000000/0x3000)=nil, 0x7000)

269.223108ms ago: executing program 4 (id=1061):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6}}, 0x20)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r1, r0, 0x4, r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
accept4$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x80800)
sched_setscheduler(0x0, 0x5, &(0x7f0000000480))
ioprio_set$pid(0x2, 0x0, 0x0)
creat(0x0, 0x96)
shmctl$IPC_RMID(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x2c060000)
unshare(0x2c020400)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141042, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0)

234.632161ms ago: executing program 3 (id=1062):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

233.791661ms ago: executing program 4 (id=1063):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x311, &(0x7f00000001c0)="$eJzs3U1oY1UUwPGTj06TapsgKjigHp2NioRJ1sIYhqmIgRGdyOiA8Ma+aOgzKXkhmiJNCoVuXLjxa62CSKEgLgSh1IUraSndu+uuC+tK0eId0rzX99om/aJpF/3/Fsnh3nPuvb03DeUGms2XPvvwP2NMyapLVCISfVnake2IpCUqvrY8/9Hi2pNvvv3Oa/lC4dYbquP5O9mcqo49vXTvk4Vnl+sPvfXT2C/DspJ+d3Mrt7Hy+MoTm//f+aDsatnVSrWulia8wXTiC3cyo/q6Y1uureWKa9c6/fer1bp137G15FSnpppqVSYeHpmq2a6rVqWpk3ZT61Wt15pqvW+VK5rJZHR0RNDT7M5jQmSh8XW+f1rxh3+Mka3678YMt8UY41XhslDvOTj/T/sn3xw9r2XhnITe1BMiznyj2Ch2n7v9+ZKUxRFbrktKtqXzGjHfLJqdl0rn8ePcYmH9hd9+VdW0zDgtr77VKMaCejNsS1ZSkh7yZg3qx18t3Mpq1976IRkJz5+TlDzarekK6nM966/Ic9dC9RlJyfp7UhVHVpee+Xvj9vyXfv1MVvXm7cJOfVT8+qRM+JuUkO//6r196cGfEAAAAAAAAAAAJ5fRXT3v7zOdhLlpVR1Ny4z/mXCnvxt59+uR8OcD++/nr/e8n4/L1fjF/dwAAAAAAFwmbnPOi5rTk5bj2DU36QedlpjXG7SEgmTQEu+XEwoeG9ubY4xp9U0+zyAhA5zi29mjcpLitzw1fviA127EVr0DaQddQ/tP8GyCq8aYsxnw37vhltSpliqJ41bF5XgDerdPh+UkRCS2+5tyxIBJOeG2/HkmxxTx1tc/55V7f/x45DhXDuzPQd1rveVBvRcBAAAAGKzgj/4b0ir93GjdffHzY5aa1IDXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZXGKfzm2+lWvLu0Ej3znt6yFunpOHNnyvyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgQj0IAAD//6sjt+0=")
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000640)={'syztnl2\x00', &(0x7f0000000100)={'syztnl1\x00', <r8=>0x0, 0x8, 0x700, 0x3, 0x6, {{0x15, 0x4, 0x1, 0x5, 0x54, 0x64, 0x0, 0x8, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x30}, @dev={0xac, 0x14, 0x14, 0x23}, {[@noop, @timestamp_addr={0x44, 0x34, 0x87, 0x1, 0x4, [{@private=0xa010101, 0x5}, {@rand_addr=0x64010101, 0xe77}, {@private=0xa010102, 0x9}, {@private=0xa010100, 0x81}, {@loopback, 0x5}, {@dev={0xac, 0x14, 0x14, 0x22}, 0x84133fe3}]}, @end, @generic={0x83, 0x9, "5826e68f16b737"}]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000700)={r0, 0x58, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000740)={<r10=>0x0, @rand_addr, @initdev}, &(0x7f0000000780)=0xc)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000800)={<r11=>0x0, @private, @broadcast}, &(0x7f0000000840)=0xc)
r12 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r12, &(0x7f0000000080), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r12, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r13=>0x0})
sendmsg$can_bcm(r12, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r12, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0)
sendmsg$can_bcm(r12, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r13}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r12], 0x48}}, 0x0)
r14 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r15=>0x0})
sendmsg$nl_route(r14, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r15, 0x480}, [@IFLA_AF_SPEC={0x24, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @empty}]}]}]}, 0x44}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000880)={'batadv_slave_1\x00', <r16=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000009c0)={'sit0\x00', &(0x7f00000008c0)={'syztnl1\x00', <r17=>0x0, 0x80, 0x20, 0xfff, 0xc, {{0x2c, 0x4, 0x3, 0x6, 0xb0, 0x65, 0x0, 0x7, 0x4, 0x0, @rand_addr=0x64010102, @loopback, {[@cipso={0x86, 0xb, 0xffffffffffffffff, [{0x5, 0x5, "91bf67"}]}, @lsrr={0x83, 0x13, 0x29, [@multicast2, @broadcast, @broadcast, @multicast2]}, @timestamp={0x44, 0x8, 0x87, 0x0, 0x5, [0x0]}, @timestamp_addr={0x44, 0x2c, 0x95, 0x1, 0x6, [{@empty, 0x28}, {@private=0xa010100, 0x80000000}, {@empty, 0x80}, {@dev={0xac, 0x14, 0x14, 0x24}, 0x6b9b}, {@rand_addr=0x64010100, 0x2}]}, @timestamp_prespec={0x44, 0x34, 0xe2, 0x3, 0x5, [{@private=0xa0100fc, 0x40}, {@local}, {@dev={0xac, 0x14, 0x14, 0x25}, 0xe}, {@local, 0x200}, {@local, 0x4}, {@remote, 0x2}]}, @timestamp={0x44, 0x14, 0x45, 0x0, 0x6, [0x400, 0x0, 0x7, 0xffff]}, @generic={0x89, 0x2}]}}}}})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r6, &(0x7f0000000bc0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a00)={0x174, r7, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x40884}, 0x50)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)

166.409997ms ago: executing program 2 (id=1064):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e0000000000000005000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)

149.566988ms ago: executing program 4 (id=1065):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x24, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5be}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x3}, 0x18)
pivot_root(&(0x7f00000001c0)='./file0\x00', 0x0)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xb, 0x518, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20007, 0xc8, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000340)={0x2, 0x80, 0xf9, 0x0, 0x9, 0x4, 0x0, 0xfffffffffffffff8, 0x40010, 0x8, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x6, @perf_bp={0x0}, 0x19573892f36b083e, 0x7, 0x8, 0x6, 0x7, 0xf4, 0x4, 0x0, 0x9, 0x0, 0x7})
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x8, [@ptr={0x5, 0x0, 0x0, 0x2, 0x5}, @int={0x4, 0x0, 0x0, 0x1, 0x0, 0x3c, 0x0, 0x69, 0x2}, @int={0x6, 0x0, 0x0, 0x1, 0x0, 0x1a, 0x0, 0xe}]}, {0x0, [0x5f, 0x5f, 0x30, 0x5f, 0x30, 0x2e]}}, &(0x7f0000000700)=""/213, 0x4c, 0xd5, 0x0, 0x39}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x2c, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r4, 0x0, 0x2000}, 0x18)
r5 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x8021, 0x0, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_tid_address(0x0)
r6 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xd, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r9, <r10=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r8}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r9}, &(0x7f0000000080), &(0x7f0000000380)=r7}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r10}, &(0x7f0000000240), &(0x7f0000000280)=r8}, 0x20)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0)

148.962858ms ago: executing program 2 (id=1066):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, 0x0, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b00"/14], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
unshare(0x40000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")

43.782486ms ago: executing program 5 (id=1067):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x20}, @TCA_FQ_PIE_BETA={0x8, 0x6, 0x7}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000300)="9f10b9a84afcf6d62360e6f819419a51fcb18dd00455b8c542819139b629400312cf8a9535e822e24ed9c7bbe0b8dd4354b1dea0f829a76ade67038921d3047b0fdc3a1c131f487e66373bf997885c5a55f5b69e9b5735bf0b5e002c461c34cbcf952f488606b139e1a9e84446a145ce4382a5e67ce2e7464a6983b2c1df275c337d347d1b39d97cb3be8f43197e24f616c069e8bfa86b5056b7a43178b557d14070dda34a18460e96a272d38246a6b96046679cb125dd9fe6000000000000009c94df24356845a86c77bb9d53280c8c774a0a40a21a1c32e7729582698201a285a8ff83ca52dbe7abfea1cac1009f71d82ecfcb96970be7a893f7c53e54c63e919bba47c1a31f6cf1ebfe3483b4b1795a42c72513508cba91d84fc8aab1ff33384fc769ada247b31ed3150d0f1a5c471843aae8c30fb7296935aabd27762a3ea8dc3307636d3d0888e96705dbe14748d0bdbca6a4afcf87f0d6d502d5c3fa9494247d85d8e143d729fc4fd65f4cf7edd78ebc67af3dd4", 0x177, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r3})

0s ago: executing program 5 (id=1068):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000500)={0x0, 0x1, 0x8, 0x0, 0x4401}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b", 0x83}], 0x1}, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000300)={0x2d, 0x0, 0x4001}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})

kernel console output (not intermixed with test programs):

omm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   96.215243][ T5192] 9pnet_virtio: no channels available for device /dev/rnullb0
[   96.339558][   T29] audit: type=1326 audit(1754277162.699:3048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   96.339600][   T29] audit: type=1326 audit(1754277162.699:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   96.339672][   T29] audit: type=1326 audit(1754277162.699:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   96.339703][   T29] audit: type=1326 audit(1754277162.699:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa00207d4d0 code=0x7ffc0000
[   96.339736][   T29] audit: type=1326 audit(1754277162.699:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   96.339837][   T29] audit: type=1326 audit(1754277162.699:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   96.339869][   T29] audit: type=1326 audit(1754277162.699:3054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5195 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[   97.277802][   T29] audit: type=1326 audit(1754277163.739:3055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5207 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[   97.277844][   T29] audit: type=1326 audit(1754277163.739:3056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5207 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[   97.602476][ T5226] FAULT_INJECTION: forcing a failure.
[   97.602476][ T5226] name failslab, interval 1, probability 0, space 0, times 1
[   97.602566][ T5226] CPU: 1 UID: 0 PID: 5226 Comm: syz.4.542 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[   97.602667][ T5226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   97.602678][ T5226] Call Trace:
[   97.602684][ T5226]  <TASK>
[   97.602691][ T5226]  __dump_stack+0x1d/0x30
[   97.602718][ T5226]  dump_stack_lvl+0xe8/0x140
[   97.602742][ T5226]  dump_stack+0x15/0x1b
[   97.602763][ T5226]  should_fail_ex+0x265/0x280
[   97.602884][ T5226]  should_failslab+0x8c/0xb0
[   97.602914][ T5226]  kmem_cache_alloc_node_noprof+0x57/0x320
[   97.603040][ T5226]  ? __alloc_skb+0x101/0x320
[   97.603078][ T5226]  __alloc_skb+0x101/0x320
[   97.603108][ T5226]  netlink_alloc_large_skb+0xba/0xf0
[   97.603158][ T5226]  netlink_sendmsg+0x3cf/0x6b0
[   97.603200][ T5226]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.603294][ T5226]  __sock_sendmsg+0x145/0x180
[   97.603325][ T5226]  ____sys_sendmsg+0x31e/0x4e0
[   97.603359][ T5226]  ___sys_sendmsg+0x17b/0x1d0
[   97.603499][ T5226]  __x64_sys_sendmsg+0xd4/0x160
[   97.603609][ T5226]  x64_sys_call+0x191e/0x2ff0
[   97.603634][ T5226]  do_syscall_64+0xd2/0x200
[   97.603656][ T5226]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   97.603679][ T5226]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   97.603699][ T5226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.603756][ T5226] RIP: 0033:0x7fc2dc14eb69
[   97.603770][ T5226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.603833][ T5226] RSP: 002b:00007fc2da7b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.603851][ T5226] RAX: ffffffffffffffda RBX: 00007fc2dc375fa0 RCX: 00007fc2dc14eb69
[   97.603863][ T5226] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[   97.603877][ T5226] RBP: 00007fc2da7b7090 R08: 0000000000000000 R09: 0000000000000000
[   97.603955][ T5226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.603967][ T5226] R13: 0000000000000000 R14: 00007fc2dc375fa0 R15: 00007ffd12f6eea8
[   97.603984][ T5226]  </TASK>
[   98.008336][ T5241] 9pnet_virtio: no channels available for device /dev/rnullb0
[   98.441308][ T5253] ipvlan2: entered promiscuous mode
[   98.474887][ T5248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.550'.
[   98.481030][ T5253] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1024 sclass=netlink_audit_socket pid=5253 comm=syz.2.553
[   98.640602][ T5263] loop1: detected capacity change from 0 to 512
[   98.665551][ T5257] netlink: 'syz.0.555': attribute type 1 has an invalid length.
[   98.741780][ T5268] netlink: 'syz.3.559': attribute type 10 has an invalid length.
[   98.749685][ T5268] netlink: 40 bytes leftover after parsing attributes in process `syz.3.559'.
[   98.760586][ T5268] team0: Port device geneve1 added
[   98.767727][ T5263] ext2: Bad value for 'min_batch_time'
[   98.869024][ T5272] loop2: detected capacity change from 0 to 512
[   98.875815][ T5272] EXT4-fs: Ignoring removed mblk_io_submit option
[   98.882463][ T5272] EXT4-fs: Ignoring removed bh option
[   98.892319][ T5272] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   98.967457][ T5278] netlink: 'syz.3.561': attribute type 10 has an invalid length.
[   98.975251][ T5278] netlink: 40 bytes leftover after parsing attributes in process `syz.3.561'.
[   99.030071][ T5272] EXT4-fs (loop2): 1 truncate cleaned up
[   99.036614][ T5272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.280960][ T5284] netlink: 8 bytes leftover after parsing attributes in process `syz.3.564'.
[   99.548885][ T5296] 9pnet_virtio: no channels available for device /dev/rnullb0
[   99.623308][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.690406][ T5292] team0: Port device geneve1 removed
[   99.972397][ T5305] loop3: detected capacity change from 0 to 512
[   99.985742][ T5305] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  100.000913][ T5305] EXT4-fs (loop3): mount failed
[  100.914074][ T5308] siw: device registration error -23
[  100.921004][ T5311] siw: device registration error -23
[  100.927818][ T5308] 9pnet_virtio: no channels available for device /dev/rnullb0
[  100.936186][ T5311] 9pnet_virtio: no channels available for device /dev/rnullb0
[  100.972236][ T5305] 9pnet_fd: Insufficient options for proto=fd
[  101.379706][ T5334] macsec1: entered promiscuous mode
[  101.498609][ T5341] loop4: detected capacity change from 0 to 512
[  101.505644][ T5341] EXT4-fs: Ignoring removed mblk_io_submit option
[  101.512186][ T5341] EXT4-fs: Ignoring removed bh option
[  101.530480][ T5341] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  102.359018][   T29] kauditd_printk_skb: 133 callbacks suppressed
[  102.359032][   T29] audit: type=1326 audit(1754277168.009:3189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.416839][   T29] audit: type=1326 audit(1754277168.879:3190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.440281][   T29] audit: type=1326 audit(1754277168.879:3191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.463630][   T29] audit: type=1326 audit(1754277168.879:3192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.487010][   T29] audit: type=1326 audit(1754277168.879:3193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.510396][   T29] audit: type=1326 audit(1754277168.879:3194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.533777][   T29] audit: type=1326 audit(1754277168.879:3195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.557059][   T29] audit: type=1400 audit(1754277168.879:3196): avc:  denied  { write } for  pid=5333 comm="syz.2.584" path="socket:[9983]" dev="sockfs" ino=9983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  102.580196][   T29] audit: type=1326 audit(1754277168.879:3197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5333 comm="syz.2.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a588ceb69 code=0x7ffc0000
[  102.695670][ T5349] 9pnet_virtio: no channels available for device /dev/rnullb0
[  102.762679][ T5341] EXT4-fs (loop4): 1 truncate cleaned up
[  102.769267][ T5341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.858857][ T5361] FAULT_INJECTION: forcing a failure.
[  102.858857][ T5361] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  102.872042][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.2.589 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  102.872093][ T5361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  102.872109][ T5361] Call Trace:
[  102.872117][ T5361]  <TASK>
[  102.872127][ T5361]  __dump_stack+0x1d/0x30
[  102.872174][ T5361]  dump_stack_lvl+0xe8/0x140
[  102.872199][ T5361]  dump_stack+0x15/0x1b
[  102.872220][ T5361]  should_fail_ex+0x265/0x280
[  102.872262][ T5361]  should_fail+0xb/0x20
[  102.872313][ T5361]  should_fail_usercopy+0x1a/0x20
[  102.872338][ T5361]  _copy_from_user+0x1c/0xb0
[  102.872364][ T5361]  kstrtouint_from_user+0x69/0xf0
[  102.872451][ T5361]  ? 0xffffffff81000000
[  102.872466][ T5361]  ? selinux_file_permission+0x1e4/0x320
[  102.872563][ T5361]  proc_fail_nth_write+0x50/0x160
[  102.872604][ T5361]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  102.872635][ T5361]  vfs_write+0x269/0x8e0
[  102.872660][ T5361]  ? vfs_read+0x47f/0x6f0
[  102.872681][ T5361]  ? __rcu_read_unlock+0x4f/0x70
[  102.872781][ T5361]  ? __fget_files+0x184/0x1c0
[  102.872815][ T5361]  ksys_write+0xda/0x1a0
[  102.872862][ T5361]  __x64_sys_write+0x40/0x50
[  102.872882][ T5361]  x64_sys_call+0x27fe/0x2ff0
[  102.872903][ T5361]  do_syscall_64+0xd2/0x200
[  102.873000][ T5361]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  102.873062][ T5361]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  102.873082][ T5361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.873110][ T5361] RIP: 0033:0x7f1a588cd61f
[  102.873126][ T5361] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  102.873209][ T5361] RSP: 002b:00007f1a56f37030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  102.873228][ T5361] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1a588cd61f
[  102.873240][ T5361] RDX: 0000000000000001 RSI: 00007f1a56f370a0 RDI: 0000000000000003
[  102.873251][ T5361] RBP: 00007f1a56f37090 R08: 0000000000000000 R09: 0000000000000000
[  102.873263][ T5361] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  102.873277][ T5361] R13: 0000000000000000 R14: 00007f1a58af5fa0 R15: 00007ffd55d2a368
[  102.873326][ T5361]  </TASK>
[  103.151437][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.173719][   T29] audit: type=1326 audit(1754277169.619:3198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5362 comm="syz.3.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f13170a5b27 code=0x7ffc0000
[  103.217054][ T5374] team0: Port device geneve1 removed
[  103.234351][ T4030] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.254689][ T4030] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.245135][ T5381] 9pnet_virtio: no channels available for device /dev/rnullb0
[  104.256312][ T4030] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.268214][ T3894] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.419411][ T5393] loop4: detected capacity change from 0 to 1024
[  104.430496][ T5395] syz.1.605 uses obsolete (PF_INET,SOCK_PACKET)
[  104.436323][ T5393] EXT4-fs: Ignoring removed orlov option
[  104.551088][ T5393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.569153][ T5397] lo speed is unknown, defaulting to 1000
[  104.593084][ T5402] loop3: detected capacity change from 0 to 512
[  104.600172][ T5402] EXT4-fs: Ignoring removed mblk_io_submit option
[  104.606643][ T5402] EXT4-fs: Ignoring removed bh option
[  104.652854][ T5405] siw: device registration error -23
[  104.714020][ T5405] 9pnet_virtio: no channels available for device /dev/rnullb0
[  105.051182][ T5407] loop0: detected capacity change from 0 to 512
[  105.058475][ T5407] EXT4-fs: Ignoring removed mblk_io_submit option
[  105.064952][ T5407] EXT4-fs: Ignoring removed bh option
[  105.071145][ T5402] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  105.083256][ T5407] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  105.103890][ T5402] EXT4-fs (loop3): 1 truncate cleaned up
[  105.111071][ T5402] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.141124][ T5407] EXT4-fs (loop0): 1 truncate cleaned up
[  105.147762][ T5407] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.376641][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.480284][ T5419] syzkaller1: entered promiscuous mode
[  105.486104][ T5419] syzkaller1: entered allmulticast mode
[  105.503684][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.505705][ T5420] FAULT_INJECTION: forcing a failure.
[  105.505705][ T5420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.525774][ T5420] CPU: 1 UID: 0 PID: 5420 Comm: syz.3.607 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  105.525818][ T5420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  105.525899][ T5420] Call Trace:
[  105.525908][ T5420]  <TASK>
[  105.525918][ T5420]  __dump_stack+0x1d/0x30
[  105.525944][ T5420]  dump_stack_lvl+0xe8/0x140
[  105.525968][ T5420]  dump_stack+0x15/0x1b
[  105.525986][ T5420]  should_fail_ex+0x265/0x280
[  105.526037][ T5420]  should_fail+0xb/0x20
[  105.526066][ T5420]  should_fail_usercopy+0x1a/0x20
[  105.526088][ T5420]  _copy_from_iter+0xcf/0xe40
[  105.526173][ T5420]  ? mntput_no_expire+0x6f/0x460
[  105.526210][ T5420]  ? mntput+0x4b/0x80
[  105.526259][ T5420]  tun_get_user+0x14d/0x2680
[  105.526301][ T5420]  ? path_openat+0x1bf8/0x2170
[  105.526433][ T5420]  ? _parse_integer_limit+0x170/0x190
[  105.526480][ T5420]  ? ref_tracker_alloc+0x1f2/0x2f0
[  105.526524][ T5420]  ? selinux_file_permission+0x1e4/0x320
[  105.526649][ T5420]  tun_chr_write_iter+0x15e/0x210
[  105.526680][ T5420]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  105.526714][ T5420]  vfs_write+0x4a0/0x8e0
[  105.526744][ T5420]  ksys_write+0xda/0x1a0
[  105.526837][ T5420]  __x64_sys_write+0x40/0x50
[  105.526866][ T5420]  x64_sys_call+0x27fe/0x2ff0
[  105.526892][ T5420]  do_syscall_64+0xd2/0x200
[  105.526974][ T5420]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  105.527026][ T5420]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  105.527054][ T5420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.527082][ T5420] RIP: 0033:0x7f13170aeb69
[  105.527101][ T5420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.527183][ T5420] RSP: 002b:00007f1315717038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  105.527205][ T5420] RAX: ffffffffffffffda RBX: 00007f13172d5fa0 RCX: 00007f13170aeb69
[  105.527221][ T5420] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000006
[  105.527236][ T5420] RBP: 00007f1315717090 R08: 0000000000000000 R09: 0000000000000000
[  105.527252][ T5420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.527274][ T5420] R13: 0000000000000000 R14: 00007f13172d5fa0 R15: 00007fff6a1b6978
[  105.527292][ T5420]  </TASK>
[  105.528745][ T5410] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.604: bg 0: block 88: padding at end of block bitmap is not set
[  105.933746][ T5433] loop1: detected capacity change from 0 to 1024
[  105.940917][ T5433] EXT4-fs: Ignoring removed mblk_io_submit option
[  105.949062][ T5433] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  105.986682][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.071780][ T5436] netlink: 'syz.3.616': attribute type 10 has an invalid length.
[  106.079685][ T5436] netlink: 40 bytes leftover after parsing attributes in process `syz.3.616'.
[  106.094559][ T5436] team0: Port device geneve1 added
[  106.270521][ T5438] loop3: detected capacity change from 0 to 1024
[  106.278038][ T5438] EXT4-fs: Ignoring removed orlov option
[  106.301901][ T5438] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.309271][ T5442] loop4: detected capacity change from 0 to 512
[  106.528169][ T5452] loop2: detected capacity change from 0 to 512
[  106.534764][ T5452] EXT4-fs: Ignoring removed mblk_io_submit option
[  106.541232][ T5452] EXT4-fs: Ignoring removed bh option
[  106.547449][ T5452] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  106.566495][   T31] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  106.577452][ T5452] EXT4-fs (loop2): 1 truncate cleaned up
[  106.578297][ T5450] lo speed is unknown, defaulting to 1000
[  106.583645][ T5452] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.620953][   T31] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  106.636680][   T31] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  106.645963][   T31] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  106.664720][ T5438] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.617: bg 0: block 88: padding at end of block bitmap is not set
[  106.793354][ T5460] lo speed is unknown, defaulting to 1000
[  106.853387][ T5468] loop4: detected capacity change from 0 to 512
[  106.885713][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.184824][ T5480] lo speed is unknown, defaulting to 1000
[  107.232212][ T5480] loop4: detected capacity change from 0 to 512
[  107.238982][ T5480] EXT4-fs: Ignoring removed mblk_io_submit option
[  107.241291][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.245543][ T5480] EXT4-fs: Ignoring removed bh option
[  107.354590][ T5480] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  107.433664][ T5480] EXT4-fs (loop4): 1 truncate cleaned up
[  107.440625][ T5480] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.616655][   T29] kauditd_printk_skb: 471 callbacks suppressed
[  107.616670][   T29] audit: type=1400 audit(1754277174.099:3670): avc:  denied  { read } for  pid=5493 comm="syz.3.634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  107.647357][ T5495] netlink: 56 bytes leftover after parsing attributes in process `syz.2.633'.
[  107.668801][   T29] audit: type=1400 audit(1754277174.149:3671): avc:  denied  { write } for  pid=5493 comm="syz.3.634" path="socket:[11335]" dev="sockfs" ino=11335 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  107.974424][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.992851][   T29] audit: type=1326 audit(1754277174.469:3672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.016291][   T29] audit: type=1326 audit(1754277174.469:3673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.039716][   T29] audit: type=1326 audit(1754277174.469:3674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.063131][   T29] audit: type=1326 audit(1754277174.469:3675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.086612][   T29] audit: type=1326 audit(1754277174.469:3676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.110072][   T29] audit: type=1326 audit(1754277174.469:3677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.133559][   T29] audit: type=1326 audit(1754277174.469:3678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.156994][   T29] audit: type=1326 audit(1754277174.469:3679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  108.196211][ T5509] loop4: detected capacity change from 0 to 512
[  108.203364][ T5509] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  108.231619][ T5509] EXT4-fs (loop4): failed to open journal device unknown-block(11,131) -6
[  108.259232][ T5503] team0: Port device geneve1 removed
[  108.394787][ T5521] loop3: detected capacity change from 0 to 1024
[  108.419239][ T5521] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.446761][ T5521] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.486168][ T5529] siw: device registration error -23
[  108.495450][ T5529] 9pnet_virtio: no channels available for device /dev/rnullb0
[  108.828768][ T5521] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 13)
[  108.847555][ T5521] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  108.860013][ T5521] EXT4-fs (loop3): This should not happen!! Data will be lost
[  108.860013][ T5521] 
[  108.876492][ T5521] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  108.892681][ T5521] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  108.947228][ T5520] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  108.962853][ T5520] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  108.971663][ T5540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.648'.
[  108.978425][ T5521] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  109.001553][ T5520] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  109.034610][ T5521] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  109.052274][ T5520] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  109.293516][ T5521] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.642: lblock 3 mapped to illegal pblock 3 (length 1)
[  109.473696][ T5537] lo speed is unknown, defaulting to 1000
[  109.492404][ T5554] loop0: detected capacity change from 0 to 512
[  109.696117][ T5564] bridge_slave_0: left allmulticast mode
[  109.701818][ T5564] bridge_slave_0: left promiscuous mode
[  109.707702][ T5564] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.715889][ T5564] bridge_slave_1: left allmulticast mode
[  109.721642][ T5564] bridge_slave_1: left promiscuous mode
[  109.727604][ T5564] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.770936][ T5564] bond0: (slave bond_slave_0): Releasing backup interface
[  109.780972][ T5564] bond0: (slave bond_slave_1): Releasing backup interface
[  109.790728][ T5564] team0: Port device team_slave_0 removed
[  109.801212][ T5564] team0: Port device team_slave_1 removed
[  109.808046][ T5564] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.816786][ T5564] batman_adv: batadv0: Removing interface: batadv_slave_1
[  109.825432][ T5564] team0: Port device geneve1 removed
[  109.833778][ T3894] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 4 with error 28
[  109.846551][ T3894] EXT4-fs (loop3): This should not happen!! Data will be lost
[  109.846551][ T3894] 
[  109.856420][ T3894] EXT4-fs (loop3): Total free blocks count 0
[  109.862617][ T3894] EXT4-fs (loop3): Free/Dirty block details
[  109.868593][ T3894] EXT4-fs (loop3): free_blocks=4293918720
[  109.874449][ T3894] EXT4-fs (loop3): dirty_blocks=16
[  109.879584][ T3894] EXT4-fs (loop3): Block reservation details
[  109.931115][ T5576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.660'.
[  109.940029][ T5576] netlink: 660 bytes leftover after parsing attributes in process `syz.3.660'.
[  109.996971][ T5581] 9pnet_fd: Insufficient options for proto=fd
[  110.292104][ T5600] loop4: detected capacity change from 0 to 764
[  110.300123][ T5600] rock: directory entry would overflow storage
[  110.306388][ T5600] rock: sig=0x5245, size=8, remaining=5
[  110.313289][ T5600] netlink: 'syz.4.669': attribute type 21 has an invalid length.
[  110.321550][ T5600] netlink: 156 bytes leftover after parsing attributes in process `syz.4.669'.
[  110.330584][ T5600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.669'.
[  110.980330][ T5621] siw: device registration error -23
[  110.990342][ T5621] 9pnet_virtio: no channels available for device /dev/rnullb0
[  111.192828][ T5641] loop2: detected capacity change from 0 to 512
[  111.200064][ T5641] EXT4-fs: Ignoring removed oldalloc option
[  111.210531][ T5637] vhci_hcd: invalid port number 96
[  111.215714][ T5637] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  111.243928][ T5641] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.685: Parent and EA inode have the same ino 15
[  111.311795][ T5647] siw: device registration error -23
[  111.322206][ T5647] 9pnet_virtio: no channels available for device /dev/rnullb0
[  111.351977][ T5641] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.685: Parent and EA inode have the same ino 15
[  111.458764][ T5641] EXT4-fs (loop2): 1 orphan inode deleted
[  111.483358][ T5641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.607949][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.078828][ T5676] siw: device registration error -23
[  112.085488][ T5676] 9pnet_virtio: no channels available for device /dev/rnullb0
[  112.918929][   T29] kauditd_printk_skb: 640 callbacks suppressed
[  112.918948][   T29] audit: type=1326 audit(1754277179.399:4320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f13170a5b27 code=0x7ffc0000
[  112.949637][   T29] audit: type=1326 audit(1754277179.409:4321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f131704ad69 code=0x7ffc0000
[  112.949675][   T29] audit: type=1326 audit(1754277179.409:4322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f13170a5b27 code=0x7ffc0000
[  112.949757][   T29] audit: type=1326 audit(1754277179.409:4323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f131704ad69 code=0x7ffc0000
[  112.949787][   T29] audit: type=1326 audit(1754277179.409:4324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  112.949866][   T29] audit: type=1326 audit(1754277179.409:4325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  112.949890][   T29] audit: type=1326 audit(1754277179.409:4326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f13170a5b27 code=0x7ffc0000
[  112.949977][   T29] audit: type=1326 audit(1754277179.409:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f131704ad69 code=0x7ffc0000
[  112.950001][   T29] audit: type=1326 audit(1754277179.409:4328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13170aeb69 code=0x7ffc0000
[  112.996902][   T29] audit: type=1326 audit(1754277179.449:4329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.3.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f13170a5b27 code=0x7ffc0000
[  113.052444][ T5686] FAULT_INJECTION: forcing a failure.
[  113.052444][ T5686] name failslab, interval 1, probability 0, space 0, times 0
[  113.052470][ T5686] CPU: 0 UID: 0 PID: 5686 Comm: syz.1.699 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  113.052544][ T5686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  113.052560][ T5686] Call Trace:
[  113.052568][ T5686]  <TASK>
[  113.052576][ T5686]  __dump_stack+0x1d/0x30
[  113.052602][ T5686]  dump_stack_lvl+0xe8/0x140
[  113.052625][ T5686]  dump_stack+0x15/0x1b
[  113.052640][ T5686]  should_fail_ex+0x265/0x280
[  113.052745][ T5686]  should_failslab+0x8c/0xb0
[  113.052822][ T5686]  kmem_cache_alloc_noprof+0x50/0x310
[  113.052849][ T5686]  ? audit_log_start+0x365/0x6c0
[  113.052885][ T5686]  audit_log_start+0x365/0x6c0
[  113.053001][ T5686]  audit_seccomp+0x48/0x100
[  113.053025][ T5686]  ? __seccomp_filter+0x68c/0x10d0
[  113.053048][ T5686]  __seccomp_filter+0x69d/0x10d0
[  113.053135][ T5686]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  113.053169][ T5686]  ? vfs_write+0x75e/0x8e0
[  113.053254][ T5686]  ? __rcu_read_unlock+0x4f/0x70
[  113.053280][ T5686]  ? __fget_files+0x184/0x1c0
[  113.053314][ T5686]  __secure_computing+0x82/0x150
[  113.053335][ T5686]  syscall_trace_enter+0xcf/0x1e0
[  113.053371][ T5686]  do_syscall_64+0xac/0x200
[  113.053400][ T5686]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  113.053438][ T5686]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  113.053465][ T5686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.053577][ T5686] RIP: 0033:0x7fa00207eb69
[  113.053592][ T5686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.053609][ T5686] RSP: 002b:00007fa0006e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
[  113.053627][ T5686] RAX: ffffffffffffffda RBX: 00007fa0022a5fa0 RCX: 00007fa00207eb69
[  113.053638][ T5686] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  113.053652][ T5686] RBP: 00007fa0006e7090 R08: 0000000000000000 R09: 0000000000000000
[  113.053664][ T5686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.053725][ T5686] R13: 0000000000000000 R14: 00007fa0022a5fa0 R15: 00007ffcbb8f8c98
[  113.053742][ T5686]  </TASK>
[  113.169111][ T5689] netlink: 'syz.0.697': attribute type 10 has an invalid length.
[  113.169128][ T5689] netlink: 40 bytes leftover after parsing attributes in process `syz.0.697'.
[  113.170306][ T5689] team0: Port device geneve1 added
[  113.172327][ T3898] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.172406][ T3898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.172467][ T3898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.172513][ T3898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.216967][ T5691] siw: device registration error -23
[  113.218849][ T5691] 9pnet_virtio: no channels available for device /dev/rnullb0
[  113.223596][ T5694] loop2: detected capacity change from 0 to 1024
[  113.223943][ T5694] EXT4-fs: Ignoring removed orlov option
[  113.255666][ T5694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.431331][ T5702] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.703: bg 0: block 88: padding at end of block bitmap is not set
[  113.796431][ T5712] loop0: detected capacity change from 0 to 512
[  113.803438][ T5712] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.809962][ T5712] EXT4-fs: Ignoring removed bh option
[  113.883904][ T5712] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  113.955439][ T5712] EXT4-fs (loop0): 1 truncate cleaned up
[  113.962075][ T5712] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.197595][ T5718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.706'.
[  114.280008][ T5720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.706'.
[  114.292155][ T5721] siw: device registration error -23
[  114.300232][ T5721] 9pnet_virtio: no channels available for device /dev/rnullb0
[  115.166112][ T5726] 9pnet_virtio: no channels available for device /dev/rnullb0
[  115.194992][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.216964][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.398987][ T5744] netlink: 156 bytes leftover after parsing attributes in process `syz.2.712'.
[  115.408344][ T5744] netlink: 24 bytes leftover after parsing attributes in process `syz.2.712'.
[  115.746226][ T5769] loop0: detected capacity change from 0 to 512
[  115.753149][ T5769] EXT4-fs: Ignoring removed mblk_io_submit option
[  115.759608][ T5769] EXT4-fs: Ignoring removed bh option
[  115.769606][ T5769] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  115.781607][ T5769] EXT4-fs (loop0): 1 truncate cleaned up
[  115.788079][ T5769] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.857668][ T5771] siw: device registration error -23
[  115.866075][ T5771] 9pnet_virtio: no channels available for device /dev/rnullb0
[  116.672601][ T5785] netlink: 56 bytes leftover after parsing attributes in process `syz.4.727'.
[  116.709018][ T5787] loop3: detected capacity change from 0 to 512
[  116.718831][ T5783] loop1: detected capacity change from 0 to 512
[  116.727766][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.739010][ T5783] EXT4-fs (loop1): orphan cleanup on readonly fs
[  116.748742][ T5787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.762099][ T5783] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.724: bg 0: block 248: padding at end of block bitmap is not set
[  116.783596][ T5787] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.831509][ T5780] loop4: detected capacity change from 0 to 164
[  116.899651][ T5783] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.724: Failed to acquire dquot type 1
[  116.918884][ T5794] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  116.925525][ T5794] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  116.932968][ T5794] vhci_hcd vhci_hcd.0: Device attached
[  116.943748][ T5787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5787 comm=syz.3.729
[  116.956879][ T5795] vhci_hcd: connection closed
[  116.957489][ T5783] EXT4-fs (loop1): 1 truncate cleaned up
[  116.957837][ T3898] vhci_hcd: stop threads
[  116.968766][ T5783] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  116.972171][ T3898] vhci_hcd: release socket
[  116.988968][ T3898] vhci_hcd: disconnect device
[  116.994912][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.037508][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.228039][ T5808] lo speed is unknown, defaulting to 1000
[  117.316584][ T5817] 9pnet_virtio: no channels available for device /dev/rnullb0
[  117.487038][ T5821] loop4: detected capacity change from 0 to 512
[  117.493779][ T5821] EXT4-fs: Ignoring removed oldalloc option
[  117.503268][ T5821] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.741: Parent and EA inode have the same ino 15
[  117.517034][ T5821] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.741: Parent and EA inode have the same ino 15
[  117.529849][ T5821] EXT4-fs (loop4): 1 orphan inode deleted
[  117.537137][ T5821] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.570357][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.637775][ T5837] FAULT_INJECTION: forcing a failure.
[  117.637775][ T5837] name failslab, interval 1, probability 0, space 0, times 0
[  117.650621][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz.4.747 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  117.650655][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  117.650668][ T5837] Call Trace:
[  117.650675][ T5837]  <TASK>
[  117.650761][ T5837]  __dump_stack+0x1d/0x30
[  117.650785][ T5837]  dump_stack_lvl+0xe8/0x140
[  117.650803][ T5837]  dump_stack+0x15/0x1b
[  117.650824][ T5837]  should_fail_ex+0x265/0x280
[  117.650924][ T5837]  should_failslab+0x8c/0xb0
[  117.650953][ T5837]  kmem_cache_alloc_node_noprof+0x57/0x320
[  117.651069][ T5837]  ? __alloc_skb+0x101/0x320
[  117.651099][ T5837]  __alloc_skb+0x101/0x320
[  117.651137][ T5837]  netlink_alloc_large_skb+0xba/0xf0
[  117.651243][ T5837]  netlink_sendmsg+0x3cf/0x6b0
[  117.651299][ T5837]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.651406][ T5837]  __sock_sendmsg+0x145/0x180
[  117.651483][ T5837]  ____sys_sendmsg+0x31e/0x4e0
[  117.651529][ T5837]  ___sys_sendmsg+0x17b/0x1d0
[  117.651591][ T5837]  __x64_sys_sendmsg+0xd4/0x160
[  117.651626][ T5837]  x64_sys_call+0x191e/0x2ff0
[  117.651728][ T5837]  do_syscall_64+0xd2/0x200
[  117.651759][ T5837]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  117.651784][ T5837]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  117.651809][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.651890][ T5837] RIP: 0033:0x7fc2dc14eb69
[  117.651930][ T5837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.651953][ T5837] RSP: 002b:00007fc2da7b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.652031][ T5837] RAX: ffffffffffffffda RBX: 00007fc2dc375fa0 RCX: 00007fc2dc14eb69
[  117.652043][ T5837] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[  117.652055][ T5837] RBP: 00007fc2da7b7090 R08: 0000000000000000 R09: 0000000000000000
[  117.652066][ T5837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.652146][ T5837] R13: 0000000000000000 R14: 00007fc2dc375fa0 R15: 00007ffd12f6eea8
[  117.652169][ T5837]  </TASK>
[  117.939333][ T5843] loop4: detected capacity change from 0 to 512
[  117.948935][ T5843] EXT4-fs: Ignoring removed oldalloc option
[  117.964840][ T5854] loop3: detected capacity change from 0 to 512
[  117.976925][ T5843] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.750: Parent and EA inode have the same ino 15
[  117.994531][ T5843] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.750: Parent and EA inode have the same ino 15
[  118.007605][ T5856] loop2: detected capacity change from 0 to 512
[  118.015845][ T5843] EXT4-fs (loop4): 1 orphan inode deleted
[  118.022116][ T5843] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.028247][ T5857] netlink: 56 bytes leftover after parsing attributes in process `syz.0.752'.
[  118.054025][   T29] kauditd_printk_skb: 270 callbacks suppressed
[  118.054041][   T29] audit: type=1326 audit(1754277184.509:4596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.083772][   T29] audit: type=1326 audit(1754277184.509:4597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.107295][   T29] audit: type=1326 audit(1754277184.509:4598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.130624][   T29] audit: type=1326 audit(1754277184.509:4599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.154053][   T29] audit: type=1326 audit(1754277184.509:4600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.177429][   T29] audit: type=1326 audit(1754277184.509:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.200877][   T29] audit: type=1326 audit(1754277184.509:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.224315][   T29] audit: type=1326 audit(1754277184.509:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.235803][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.247521][   T29] audit: type=1326 audit(1754277184.509:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.280335][   T29] audit: type=1326 audit(1754277184.509:4605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5841 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  118.347353][ T5874] FAULT_INJECTION: forcing a failure.
[  118.347353][ T5874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.354737][ T5866] netlink: 'syz.2.759': attribute type 1 has an invalid length.
[  118.360465][ T5874] CPU: 0 UID: 0 PID: 5874 Comm: syz.1.762 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  118.360505][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.360524][ T5874] Call Trace:
[  118.360533][ T5874]  <TASK>
[  118.360543][ T5874]  __dump_stack+0x1d/0x30
[  118.360593][ T5874]  dump_stack_lvl+0xe8/0x140
[  118.360621][ T5874]  dump_stack+0x15/0x1b
[  118.360684][ T5874]  should_fail_ex+0x265/0x280
[  118.360730][ T5874]  should_fail+0xb/0x20
[  118.360770][ T5874]  should_fail_usercopy+0x1a/0x20
[  118.360843][ T5874]  _copy_from_user+0x1c/0xb0
[  118.360878][ T5874]  wants_mount_setattr+0x128/0x640
[  118.360924][ T5874]  __se_sys_mount_setattr+0x10f/0x240
[  118.361041][ T5874]  __x64_sys_mount_setattr+0x67/0x80
[  118.361088][ T5874]  x64_sys_call+0x19ab/0x2ff0
[  118.361182][ T5874]  do_syscall_64+0xd2/0x200
[  118.361214][ T5874]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  118.361248][ T5874]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  118.361314][ T5874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.361345][ T5874] RIP: 0033:0x7fa00207eb69
[  118.361365][ T5874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.361436][ T5874] RSP: 002b:00007fa0006e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[  118.361462][ T5874] RAX: ffffffffffffffda RBX: 00007fa0022a5fa0 RCX: 00007fa00207eb69
[  118.361479][ T5874] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  118.361497][ T5874] RBP: 00007fa0006e7090 R08: 0000000000000020 R09: 0000000000000000
[  118.361513][ T5874] R10: 0000200000001dc0 R11: 0000000000000246 R12: 0000000000000001
[  118.361529][ T5874] R13: 0000000000000000 R14: 00007fa0022a5fa0 R15: 00007ffcbb8f8c98
[  118.361554][ T5874]  </TASK>
[  118.413077][ T5876] netlink: 'syz.3.760': attribute type 10 has an invalid length.
[  118.414352][ T5866] netlink: 224 bytes leftover after parsing attributes in process `syz.2.759'.
[  118.418482][ T5876] netlink: 40 bytes leftover after parsing attributes in process `syz.3.760'.
[  118.459678][ T5857] loop0: detected capacity change from 0 to 164
[  118.498936][ T5876] team0: Port device geneve1 added
[  118.652802][ T5881] netlink: 'syz.1.764': attribute type 10 has an invalid length.
[  118.660622][ T5881] netlink: 40 bytes leftover after parsing attributes in process `syz.1.764'.
[  118.671229][ T5881] team0: Port device geneve1 added
[  118.676848][ T3894] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.686094][ T3894] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.695574][ T3894] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.705866][ T3894] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.804596][ T5891] netlink: 'syz.1.766': attribute type 10 has an invalid length.
[  118.826010][ T5891] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  118.848916][ T5891] loop1: detected capacity change from 0 to 1024
[  118.861166][ T5897] loop0: detected capacity change from 0 to 512
[  118.865491][ T5891] EXT4-fs: Ignoring removed orlov option
[  118.883506][ T5891] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.904766][ T5891] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.928720][ T5904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.768'.
[  119.134172][ T5921] 9pnet_virtio: no channels available for device /dev/rnullb0
[  119.265654][ T5943] lo speed is unknown, defaulting to 1000
[  119.307460][ T5945] siw: device registration error -23
[  119.340059][ T5947] futex_wake_op: syz.4.773 tries to shift op by -1; fix this program
[  119.361438][ T5948] loop2: detected capacity change from 0 to 1024
[  119.378647][ T5948] EXT4-fs: Ignoring removed mblk_io_submit option
[  119.408061][ T5948] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  119.610106][ T5954] process 'syz.4.775' launched './file0' with NULL argv: empty string added
[  119.823185][ T5963] siw: device registration error -23
[  119.830222][ T5963] 9pnet_virtio: no channels available for device /dev/rnullb0
[  119.919782][ T5967] loop0: detected capacity change from 0 to 512
[  119.988374][ T5969] loop3: detected capacity change from 0 to 512
[  120.003717][ T5969] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  120.015422][ T5969] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e11c, mo2=0002]
[  120.023471][ T5969] System zones: 1-12
[  120.028619][ T5969] EXT4-fs (loop3): orphan cleanup on readonly fs
[  120.035680][ T5969] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.780: bg 0: block 361: padding at end of block bitmap is not set
[  120.051467][ T5969] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  120.065214][ T5969] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.780: invalid indirect mapped block 12 (level 1)
[  120.079007][ T5969] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.780: invalid indirect mapped block 2 (level 2)
[  120.093370][ T5969] EXT4-fs (loop3): 1 truncate cleaned up
[  120.099762][ T5969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  120.124167][ T5969] EXT4-fs (loop3): ext4_remount: Checksum for group 0 failed (17031!=33349)
[  120.137932][ T5969] FAULT_INJECTION: forcing a failure.
[  120.137932][ T5969] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.151342][ T5969] CPU: 0 UID: 0 PID: 5969 Comm: syz.3.780 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  120.151379][ T5969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.151396][ T5969] Call Trace:
[  120.151404][ T5969]  <TASK>
[  120.151412][ T5969]  __dump_stack+0x1d/0x30
[  120.151433][ T5969]  dump_stack_lvl+0xe8/0x140
[  120.151460][ T5969]  dump_stack+0x15/0x1b
[  120.151526][ T5969]  should_fail_ex+0x265/0x280
[  120.151632][ T5969]  should_fail+0xb/0x20
[  120.151720][ T5969]  should_fail_usercopy+0x1a/0x20
[  120.151788][ T5969]  _copy_to_user+0x20/0xa0
[  120.151820][ T5969]  simple_read_from_buffer+0xb5/0x130
[  120.151907][ T5969]  proc_fail_nth_read+0x10e/0x150
[  120.151934][ T5969]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.152018][ T5969]  vfs_read+0x1a0/0x6f0
[  120.152043][ T5969]  ? __rcu_read_unlock+0x4f/0x70
[  120.152064][ T5969]  ? __fget_files+0x184/0x1c0
[  120.152090][ T5969]  ksys_read+0xda/0x1a0
[  120.152116][ T5969]  __x64_sys_read+0x40/0x50
[  120.152144][ T5969]  x64_sys_call+0x27bc/0x2ff0
[  120.152273][ T5969]  do_syscall_64+0xd2/0x200
[  120.152297][ T5969]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  120.152388][ T5969]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  120.152416][ T5969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.152443][ T5969] RIP: 0033:0x7f13170ad57c
[  120.152458][ T5969] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  120.152536][ T5969] RSP: 002b:00007f1315717030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  120.152560][ T5969] RAX: ffffffffffffffda RBX: 00007f13172d5fa0 RCX: 00007f13170ad57c
[  120.152576][ T5969] RDX: 000000000000000f RSI: 00007f13157170a0 RDI: 0000000000000007
[  120.152592][ T5969] RBP: 00007f1315717090 R08: 0000000000000000 R09: 0000000000000000
[  120.152604][ T5969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.152616][ T5969] R13: 0000000000000000 R14: 00007f13172d5fa0 R15: 00007fff6a1b6978
[  120.152698][ T5969]  </TASK>
[  120.361403][ T5965] loop1: detected capacity change from 0 to 512
[  120.371884][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  120.381735][ T5965] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.388371][ T5965] EXT4-fs: Ignoring removed bh option
[  120.404177][ T5965] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  120.437291][ T5965] EXT4-fs (loop1): 1 truncate cleaned up
[  120.471106][ T5965] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.567716][ T5986] loop4: detected capacity change from 0 to 1024
[  120.576402][ T5986] EXT4-fs: Ignoring removed bh option
[  120.597440][ T5986] EXT4-fs: inline encryption not supported
[  120.610725][ T5986] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  120.646385][ T5986] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.785: lblock 2 mapped to illegal pblock 2 (length 1)
[  120.666980][ T5986] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.785: lblock 0 mapped to illegal pblock 48 (length 1)
[  120.740944][ T5986] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.785: Failed to acquire dquot type 0
[  120.810586][ T5995] loop0: detected capacity change from 0 to 512
[  120.816047][ T5986] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  120.824767][ T5995] EXT4-fs: Ignoring removed nobh option
[  120.838728][ T5986] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.785: mark_inode_dirty error
[  120.843694][ T5995] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.787: iget: bad i_size value: 38620345925642
[  120.865113][ T5995] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.787: couldn't read orphan inode 15 (err -117)
[  120.888213][ T5995] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.905310][ T5986] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  120.935485][ T5986] EXT4-fs (loop4): 1 orphan inode deleted
[  120.956549][ T3701] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:11: lblock 1 mapped to illegal pblock 1 (length 1)
[  120.990716][ T3701] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:11: Failed to release dquot type 0
[  121.004119][ T5986] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.031838][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.075861][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.085765][ T3301] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0
[  121.167248][ T3301] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  121.199277][ T3301] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error
[  121.253747][ T6004] siw: device registration error -23
[  121.379008][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.608122][ T6015] loop4: detected capacity change from 0 to 512
[  121.633769][ T6003] 9pnet_virtio: no channels available for device /dev/rnullb0
[  122.281051][ T6024] lo speed is unknown, defaulting to 1000
[  122.324948][ T6024] loop4: detected capacity change from 0 to 512
[  122.331686][ T6024] EXT4-fs: Ignoring removed mblk_io_submit option
[  122.338460][ T6024] EXT4-fs: Ignoring removed bh option
[  122.355520][ T6024] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  122.372598][ T6024] EXT4-fs (loop4): 1 truncate cleaned up
[  122.379444][ T6024] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.787174][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.116335][   T29] kauditd_printk_skb: 152 callbacks suppressed
[  123.116404][   T29] audit: type=1400 audit(1754277189.599:4755): avc:  denied  { mount } for  pid=6044 comm="syz.0.803" name="/" dev="ramfs" ino=12980 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  123.228202][ T6050] netlink: 8 bytes leftover after parsing attributes in process `syz.1.805'.
[  123.284360][   T29] audit: type=1326 audit(1754277189.739:4756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.307779][   T29] audit: type=1326 audit(1754277189.739:4757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.331589][   T29] audit: type=1326 audit(1754277189.739:4758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.341823][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.1.807'.
[  123.357099][   T29] audit: type=1326 audit(1754277189.739:4759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.357146][   T29] audit: type=1326 audit(1754277189.739:4760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.399201][ T6053] loop4: detected capacity change from 0 to 512
[  123.412706][   T29] audit: type=1326 audit(1754277189.749:4761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.442479][   T29] audit: type=1326 audit(1754277189.749:4762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.466262][   T29] audit: type=1326 audit(1754277189.749:4763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.489635][   T29] audit: type=1326 audit(1754277189.749:4764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6051 comm="syz.1.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00207eb69 code=0x7ffc0000
[  123.517339][ T6053] EXT4-fs: Ignoring removed mblk_io_submit option
[  123.523904][ T6053] EXT4-fs: Ignoring removed bh option
[  123.625419][ T6059] team0: Port device geneve1 removed
[  123.631779][ T6063] loop1: detected capacity change from 0 to 512
[  123.639506][ T6053] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  123.651324][ T3701] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.664944][ T6064] netlink: 'syz.2.810': attribute type 3 has an invalid length.
[  123.720312][ T6065] siw: device registration error -23
[  123.769232][ T6065] 9pnet_virtio: no channels available for device /dev/rnullb0
[  123.922836][ T6053] EXT4-fs (loop4): 1 truncate cleaned up
[  123.989924][ T6064] program syz.2.810 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  124.037404][ T6053] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.058435][ T6070] netlink: 'syz.1.813': attribute type 10 has an invalid length.
[  124.066353][ T6070] netlink: 'syz.1.813': attribute type 19 has an invalid length.
[  124.074141][ T6070] netlink: 156 bytes leftover after parsing attributes in process `syz.1.813'.
[  124.089389][ T3701] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.098305][ T6064] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  124.106879][ T3701] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.126629][ T3701] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.221102][ T6080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.817'.
[  124.391975][ T6090] netlink: 8 bytes leftover after parsing attributes in process `syz.2.821'.
[  124.477436][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.513585][ T6102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.828'.
[  124.607263][ T6115] loop0: detected capacity change from 0 to 512
[  124.613924][ T6115] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  124.627323][ T6115] netlink: 16 bytes leftover after parsing attributes in process `syz.0.831'.
[  124.690030][ T6120] loop4: detected capacity change from 0 to 512
[  124.698345][ T6120] EXT4-fs: Ignoring removed oldalloc option
[  124.708459][ T6120] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.833: Parent and EA inode have the same ino 15
[  124.722868][ T6120] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.833: Parent and EA inode have the same ino 15
[  124.738233][ T6120] EXT4-fs (loop4): 1 orphan inode deleted
[  124.744939][ T6120] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.772901][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.794043][ T6125] netlink: 8 bytes leftover after parsing attributes in process `syz.4.834'.
[  124.823292][ T6127] loop1: detected capacity change from 0 to 512
[  124.832223][ T6127] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  124.869781][ T6130] siw: device registration error -23
[  124.879315][ T6130] 9pnet_virtio: no channels available for device /dev/rnullb0
[  124.976790][ T6127] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e11c, mo2=0002]
[  125.001360][ T6127] System zones: 1-12
[  125.020395][ T6127] EXT4-fs (loop1): orphan cleanup on readonly fs
[  125.051903][ T6127] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.835: bg 0: block 361: padding at end of block bitmap is not set
[  125.114825][ T6127] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  125.153560][ T6127] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.835: invalid indirect mapped block 12 (level 1)
[  125.203725][ T6127] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.835: invalid indirect mapped block 2 (level 2)
[  125.226062][ T6127] EXT4-fs (loop1): 1 truncate cleaned up
[  125.232393][ T6127] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  125.263466][ T6127] EXT4-fs (loop1): ext4_remount: Checksum for group 0 failed (17031!=33349)
[  125.288396][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  125.307616][ T6136] netlink: 8 bytes leftover after parsing attributes in process `syz.3.839'.
[  125.362012][ T6138] loop4: detected capacity change from 0 to 512
[  125.377433][ T6138] EXT4-fs: Ignoring removed mblk_io_submit option
[  125.383950][ T6138] EXT4-fs: Ignoring removed bh option
[  125.409169][ T6138] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  125.436378][ T6146] loop2: detected capacity change from 0 to 512
[  125.448504][ T6148] bond0: (slave dummy0): Releasing backup interface
[  125.460687][ T6148] team0: Port device geneve1 removed
[  125.464426][ T6138] EXT4-fs (loop4): 1 truncate cleaned up
[  125.468116][ T3701] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  125.475374][ T6146] EXT4-fs: Ignoring removed bh option
[  125.491567][ T6138] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.515048][ T4025] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  125.530644][ T4025] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  125.579110][ T4025] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  125.590021][ T6146] EXT4-fs error (device loop2): __ext4_iget:5464: inode #15: block 1803188595: comm syz.2.842: invalid block
[  125.654910][ T6146] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.842: couldn't read orphan inode 15 (err -117)
[  125.672293][ T6162] loop3: detected capacity change from 0 to 1024
[  125.680180][ T6162] EXT4-fs: Ignoring removed mblk_io_submit option
[  125.704189][ T6162] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  125.717888][ T6146] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.764771][ T6146] FAULT_INJECTION: forcing a failure.
[  125.764771][ T6146] name failslab, interval 1, probability 0, space 0, times 0
[  125.777499][ T6146] CPU: 1 UID: 0 PID: 6146 Comm: syz.2.842 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  125.777536][ T6146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  125.777556][ T6146] Call Trace:
[  125.777563][ T6146]  <TASK>
[  125.777571][ T6146]  __dump_stack+0x1d/0x30
[  125.777597][ T6146]  dump_stack_lvl+0xe8/0x140
[  125.777619][ T6146]  dump_stack+0x15/0x1b
[  125.777714][ T6146]  should_fail_ex+0x265/0x280
[  125.777755][ T6146]  should_failslab+0x8c/0xb0
[  125.777779][ T6146]  __kmalloc_noprof+0xa5/0x3e0
[  125.777813][ T6146]  ? ext4_inlinedir_to_tree+0x143/0x710
[  125.777859][ T6146]  ? ext4_get_inode_loc+0xb2/0xe0
[  125.777952][ T6146]  ext4_inlinedir_to_tree+0x143/0x710
[  125.777975][ T6146]  ? should_fail_ex+0x30/0x280
[  125.778028][ T6146]  ext4_htree_fill_tree+0x336/0x9c0
[  125.778083][ T6146]  ? terminate_walk+0x27f/0x2a0
[  125.778115][ T6146]  ? path_openat+0x1bf8/0x2170
[  125.778137][ T6146]  ? kstrtoull+0x111/0x140
[  125.778177][ T6146]  ext4_readdir+0x1729/0x1d40
[  125.778254][ T6146]  ? 0xffffffff81000000
[  125.778272][ T6146]  ? get_pid_task+0x96/0xd0
[  125.778299][ T6146]  ? proc_fail_nth_write+0x13b/0x160
[  125.778328][ T6146]  ? avc_policy_seqno+0x15/0x30
[  125.778350][ T6146]  ? selinux_file_permission+0x1e4/0x320
[  125.778414][ T6146]  iterate_dir+0x114/0x330
[  125.778437][ T6146]  ? mutex_lock+0xd/0x30
[  125.778479][ T6146]  __se_sys_getdents+0x88/0x1b0
[  125.778548][ T6146]  ? __pfx_filldir+0x10/0x10
[  125.778572][ T6146]  __x64_sys_getdents+0x43/0x50
[  125.778604][ T6146]  x64_sys_call+0xee7/0x2ff0
[  125.778631][ T6146]  do_syscall_64+0xd2/0x200
[  125.778680][ T6146]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  125.778704][ T6146]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  125.778732][ T6146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.778759][ T6146] RIP: 0033:0x7f1a588ceb69
[  125.778799][ T6146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.778897][ T6146] RSP: 002b:00007f1a56f37038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  125.778916][ T6146] RAX: ffffffffffffffda RBX: 00007f1a58af5fa0 RCX: 00007f1a588ceb69
[  125.778928][ T6146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  125.778941][ T6146] RBP: 00007f1a56f37090 R08: 0000000000000000 R09: 0000000000000000
[  125.778958][ T6146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.778973][ T6146] R13: 0000000000000000 R14: 00007f1a58af5fa0 R15: 00007ffd55d2a368
[  125.779050][ T6146]  </TASK>
[  126.091113][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.118672][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.160129][ T6171] netlink: 8 bytes leftover after parsing attributes in process `syz.2.850'.
[  126.170194][ T6167] 9pnet_virtio: no channels available for device /dev/rnullb0
[  126.393094][ T6180] FAULT_INJECTION: forcing a failure.
[  126.393094][ T6180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  126.406341][ T6180] CPU: 1 UID: 0 PID: 6180 Comm: syz.0.853 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  126.406374][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  126.406445][ T6180] Call Trace:
[  126.406453][ T6180]  <TASK>
[  126.406472][ T6180]  __dump_stack+0x1d/0x30
[  126.406493][ T6180]  dump_stack_lvl+0xe8/0x140
[  126.406511][ T6180]  dump_stack+0x15/0x1b
[  126.406534][ T6180]  should_fail_ex+0x265/0x280
[  126.406577][ T6180]  should_fail+0xb/0x20
[  126.406614][ T6180]  should_fail_usercopy+0x1a/0x20
[  126.406639][ T6180]  _copy_to_user+0x20/0xa0
[  126.406752][ T6180]  simple_read_from_buffer+0xb5/0x130
[  126.406773][ T6180]  proc_fail_nth_read+0x10e/0x150
[  126.406832][ T6180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  126.406858][ T6180]  vfs_read+0x1a0/0x6f0
[  126.406877][ T6180]  ? __rcu_read_unlock+0x4f/0x70
[  126.406902][ T6180]  ? __fget_files+0x184/0x1c0
[  126.406996][ T6180]  ksys_read+0xda/0x1a0
[  126.407018][ T6180]  __x64_sys_read+0x40/0x50
[  126.407045][ T6180]  x64_sys_call+0x27bc/0x2ff0
[  126.407098][ T6180]  do_syscall_64+0xd2/0x200
[  126.407129][ T6180]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  126.407156][ T6180]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  126.407184][ T6180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.407204][ T6180] RIP: 0033:0x7f6000c5d57c
[  126.407222][ T6180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  126.407245][ T6180] RSP: 002b:00007f5fff2bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  126.407265][ T6180] RAX: ffffffffffffffda RBX: 00007f6000e85fa0 RCX: 00007f6000c5d57c
[  126.407356][ T6180] RDX: 000000000000000f RSI: 00007f5fff2bf0a0 RDI: 0000000000000007
[  126.407372][ T6180] RBP: 00007f5fff2bf090 R08: 0000000000000000 R09: 0000000000000000
[  126.407385][ T6180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  126.407396][ T6180] R13: 0000000000000000 R14: 00007f6000e85fa0 R15: 00007ffca4796c08
[  126.407414][ T6180]  </TASK>
[  127.303208][ T6200] siw: device registration error -23
[  127.312410][ T6200] 9pnet_virtio: no channels available for device /dev/rnullb0
[  127.534042][ T6205] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=248 sclass=netlink_xfrm_socket pid=6205 comm=syz.1.856
[  128.036756][ T6217] loop0: detected capacity change from 0 to 512
[  128.049445][ T6217] EXT4-fs: Ignoring removed oldalloc option
[  128.103322][ T6217] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.860: Parent and EA inode have the same ino 15
[  128.105843][ T6220] vhci_hcd: default hub control req: 230e v0018 i0000 l0
[  128.127139][ T6217] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.860: Parent and EA inode have the same ino 15
[  128.149466][ T6217] EXT4-fs (loop0): 1 orphan inode deleted
[  128.156630][ T6217] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.294088][   T29] kauditd_printk_skb: 886 callbacks suppressed
[  128.294106][   T29] audit: type=1400 audit(1754277194.769:5651): avc:  denied  { create } for  pid=6225 comm="syz.4.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  128.323049][ T6223] team0: Port device geneve1 removed
[  128.341149][   T29] audit: type=1326 audit(1754277194.789:5652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.364881][   T29] audit: type=1326 audit(1754277194.789:5653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.388364][   T29] audit: type=1326 audit(1754277194.789:5654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.411812][   T29] audit: type=1326 audit(1754277194.789:5655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.435329][   T29] audit: type=1326 audit(1754277194.789:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.458695][   T29] audit: type=1326 audit(1754277194.789:5657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.480012][ T6229] loop2: detected capacity change from 0 to 1024
[  128.482104][   T29] audit: type=1326 audit(1754277194.789:5658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.491816][ T6229] EXT4-fs: Ignoring removed orlov option
[  128.512100][   T29] audit: type=1326 audit(1754277194.789:5659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.542680][   T29] audit: type=1326 audit(1754277194.789:5660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6216 comm="syz.0.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6000c5eb69 code=0x7ffc0000
[  128.546950][ T6229] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.582926][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.688201][ T6237] loop4: detected capacity change from 0 to 1024
[  128.731255][ T6237] EXT4-fs: Ignoring removed mblk_io_submit option
[  128.753871][ T6237] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  128.765314][ T6243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.870'.
[  128.794536][ T6248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'.
[  128.805539][ T6238] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.864: bg 0: block 88: padding at end of block bitmap is not set
[  128.896353][ T6233] 9pnet_virtio: no channels available for device /dev/rnullb0
[  128.981167][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.300903][ T6270] lo speed is unknown, defaulting to 1000
[  129.399456][ T6270] loop2: detected capacity change from 0 to 512
[  129.406364][ T6270] EXT4-fs: Ignoring removed mblk_io_submit option
[  129.412864][ T6270] EXT4-fs: Ignoring removed bh option
[  129.634274][ T6270] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  129.646692][ T6270] EXT4-fs (loop2): 1 truncate cleaned up
[  129.652776][ T6270] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.697985][ T6274] FAULT_INJECTION: forcing a failure.
[  129.697985][ T6274] name failslab, interval 1, probability 0, space 0, times 0
[  129.710778][ T6274] CPU: 0 UID: 0 PID: 6274 Comm: syz.3.879 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  129.710821][ T6274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  129.710834][ T6274] Call Trace:
[  129.710841][ T6274]  <TASK>
[  129.710849][ T6274]  __dump_stack+0x1d/0x30
[  129.710870][ T6274]  dump_stack_lvl+0xe8/0x140
[  129.710895][ T6274]  dump_stack+0x15/0x1b
[  129.710912][ T6274]  should_fail_ex+0x265/0x280
[  129.711040][ T6274]  should_failslab+0x8c/0xb0
[  129.711072][ T6274]  kmem_cache_alloc_noprof+0x50/0x310
[  129.711104][ T6274]  ? getname_flags+0x80/0x3b0
[  129.711149][ T6274]  getname_flags+0x80/0x3b0
[  129.711176][ T6274]  user_path_at+0x28/0x130
[  129.711211][ T6274]  __se_sys_pivot_root+0xd0/0x710
[  129.711270][ T6274]  __x64_sys_pivot_root+0x31/0x40
[  129.711305][ T6274]  x64_sys_call+0x144/0x2ff0
[  129.711333][ T6274]  do_syscall_64+0xd2/0x200
[  129.711455][ T6274]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  129.711478][ T6274]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  129.711499][ T6274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.711520][ T6274] RIP: 0033:0x7f13170aeb69
[  129.711534][ T6274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.711604][ T6274] RSP: 002b:00007f1315717038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[  129.711670][ T6274] RAX: ffffffffffffffda RBX: 00007f13172d5fa0 RCX: 00007f13170aeb69
[  129.711687][ T6274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[  129.711703][ T6274] RBP: 00007f1315717090 R08: 0000000000000000 R09: 0000000000000000
[  129.711715][ T6274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.711726][ T6274] R13: 0000000000000000 R14: 00007f13172d5fa0 R15: 00007fff6a1b6978
[  129.711744][ T6274]  </TASK>
[  129.944081][ T6276] netlink: 64 bytes leftover after parsing attributes in process `syz.4.878'.
[  129.997586][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.025611][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.882'.
[  130.047989][ T6282] loop4: detected capacity change from 0 to 512
[  130.139422][ T6288] SELinux: failed to load policy
[  130.157795][ T6288] netlink: 'syz.2.884': attribute type 1 has an invalid length.
[  130.162969][ T6282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.204327][ T6288] 8021q: adding VLAN 0 to HW filter on device bond1
[  130.236310][ T6282] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  130.250234][ T6288] bond1: (slave dummy0): making interface the new active one
[  130.335725][ T6288] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  130.354918][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.539843][ T6307] bond1: (slave dummy0): Releasing active interface
[  130.576065][ T6313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.893'.
[  130.756078][ T6323] 9pnet_virtio: no channels available for device /dev/rnullb0
[  131.201805][ T6349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.905'.
[  131.492153][ T6362] loop2: detected capacity change from 0 to 128
[  131.544265][ T6364] siw: device registration error -23
[  131.552653][ T6364] 9pnet_virtio: no channels available for device /dev/rnullb0
[  131.734651][ T6362] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  131.815302][ T6362] ext4 filesystem being mounted at /185/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  131.831002][ T6370] bond_slave_1: entered promiscuous mode
[  131.836948][ T6369] bond_slave_1: entered promiscuous mode
[  131.873106][ T6369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.911'.
[  131.886459][ T6370] FAULT_INJECTION: forcing a failure.
[  131.886459][ T6370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  131.900116][ T6370] CPU: 0 UID: 0 PID: 6370 Comm: syz.1.912 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  131.900200][ T6370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  131.900216][ T6370] Call Trace:
[  131.900225][ T6370]  <TASK>
[  131.900235][ T6370]  __dump_stack+0x1d/0x30
[  131.900337][ T6370]  dump_stack_lvl+0xe8/0x140
[  131.900362][ T6370]  dump_stack+0x15/0x1b
[  131.900383][ T6370]  should_fail_ex+0x265/0x280
[  131.900421][ T6370]  should_fail+0xb/0x20
[  131.900459][ T6370]  should_fail_usercopy+0x1a/0x20
[  131.900485][ T6370]  _copy_from_user+0x1c/0xb0
[  131.900517][ T6370]  ___sys_sendmsg+0xc1/0x1d0
[  131.900685][ T6370]  __x64_sys_sendmsg+0xd4/0x160
[  131.900731][ T6370]  x64_sys_call+0x191e/0x2ff0
[  131.900759][ T6370]  do_syscall_64+0xd2/0x200
[  131.900853][ T6370]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  131.900877][ T6370]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  131.900898][ T6370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.900920][ T6370] RIP: 0033:0x7fa00207eb69
[  131.900994][ T6370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.901018][ T6370] RSP: 002b:00007fa0006e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  131.901043][ T6370] RAX: ffffffffffffffda RBX: 00007fa0022a5fa0 RCX: 00007fa00207eb69
[  131.901060][ T6370] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  131.901076][ T6370] RBP: 00007fa0006e7090 R08: 0000000000000000 R09: 0000000000000000
[  131.901090][ T6370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.901102][ T6370] R13: 0000000000000000 R14: 00007fa0022a5fa0 R15: 00007ffcbb8f8c98
[  131.901170][ T6370]  </TASK>
[  132.079001][ T6369] bond_slave_1 (unregistering): left promiscuous mode
[  132.090131][ T6368] bond_slave_1: left promiscuous mode
[  132.120490][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  132.283396][ T6386] netlink: 'syz.0.916': attribute type 1 has an invalid length.
[  132.303458][ T6386] 8021q: adding VLAN 0 to HW filter on device bond1
[  132.320322][ T6386] 8021q: adding VLAN 0 to HW filter on device batadv1
[  132.332328][ T6386] bond1: (slave batadv1): making interface the new active one
[  132.342949][ T6386] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  132.359912][ T6393] netlink: 'syz.3.920': attribute type 10 has an invalid length.
[  132.367825][ T6393] netlink: 40 bytes leftover after parsing attributes in process `syz.3.920'.
[  132.643600][ T6393] team0: Port device geneve1 added
[  132.958498][ T6408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.922'.
[  133.206060][ T6412] netlink: 268 bytes leftover after parsing attributes in process `syz.2.925'.
[  133.215198][ T6412] unsupported nla_type 65024
[  133.281858][ T6416] netlink: 8 bytes leftover after parsing attributes in process `syz.4.927'.
[  134.041307][   T29] kauditd_printk_skb: 155 callbacks suppressed
[  134.041324][   T29] audit: type=1326 audit(1754277200.519:5816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.071140][   T29] audit: type=1326 audit(1754277200.519:5817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.094730][   T29] audit: type=1326 audit(1754277200.519:5818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.118095][   T29] audit: type=1326 audit(1754277200.519:5819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.141569][   T29] audit: type=1326 audit(1754277200.519:5820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.164979][   T29] audit: type=1326 audit(1754277200.519:5821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.188707][   T29] audit: type=1326 audit(1754277200.519:5822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.212062][   T29] audit: type=1326 audit(1754277200.519:5823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.235428][   T29] audit: type=1326 audit(1754277200.519:5824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.258785][   T29] audit: type=1326 audit(1754277200.519:5825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6433 comm="syz.4.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  134.301242][ T6434] netlink: 'syz.1.933': attribute type 10 has an invalid length.
[  134.309053][ T6434] netlink: 40 bytes leftover after parsing attributes in process `syz.1.933'.
[  134.343749][ T6434] team0: Port device geneve1 added
[  134.361363][ T4046] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.384280][ T4046] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.486203][ T6443] netlink: 'syz.0.935': attribute type 10 has an invalid length.
[  134.486471][ T4046] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.511547][ T6443] team0: Port device geneve1 added
[  134.522085][ T4046] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.542021][ T4046] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.551230][ T4046] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.560439][ T4046] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.582487][   T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.673747][ T6456] loop3: detected capacity change from 0 to 512
[  134.708186][ T6456] EXT4-fs (loop3): 1 orphan inode deleted
[  134.724475][ T4046] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:59: Failed to release dquot type 1
[  134.742048][ T6456] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.783190][ T6456] ext4 filesystem being mounted at /178/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  134.821211][ T6456] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  134.852975][ T6470] 9pnet: Could not find request transport: 0xffffffffffffffff
[  134.861217][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.911590][ T6480] netlink: 'syz.4.947': attribute type 10 has an invalid length.
[  134.942044][ T6480] team0: Port device geneve1 added
[  134.948525][ T4023] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.958117][ T4023] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.967547][ T4023] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.996518][ T6483] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.013222][ T4023] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.054351][ T6490] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[  135.065890][ T6483] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.091617][ T6494] netlink: 'syz.2.951': attribute type 10 has an invalid length.
[  135.099430][ T6494] __nla_validate_parse: 2 callbacks suppressed
[  135.099499][ T6494] netlink: 40 bytes leftover after parsing attributes in process `syz.2.951'.
[  135.119668][ T6495] tipc: MTU too low for tipc bearer
[  135.137021][ T6494] team0: Port device geneve1 added
[  135.153891][ T4046] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.163453][ T4046] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.183561][ T6495] netlink: 36 bytes leftover after parsing attributes in process `syz.3.946'.
[  135.193046][ T4046] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.225300][ T4046] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.256758][ T6483] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.291277][ T6502] 9pnet_virtio: no channels available for device /dev/rnullb0
[  135.375248][ T6483] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.462028][ T3892] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.475393][ T3892] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.483699][ T3892] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.512178][ T3892] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.837880][ T6512] netlink: 'syz.2.958': attribute type 10 has an invalid length.
[  135.845820][ T6512] netlink: 40 bytes leftover after parsing attributes in process `syz.2.958'.
[  135.858579][ T4046] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.879089][ T4046] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.888885][ T4046] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.898478][ T4046] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  136.547447][ T6535] loop4: detected capacity change from 0 to 128
[  136.562122][ T6535] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002]
[  136.571374][ T6535] System zones: 1-3, 19-19, 35-36
[  136.578079][ T6535] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  136.591890][ T6535] ext4 filesystem being mounted at /189/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  136.735474][ T3301] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  136.788834][ T6553] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'.
[  136.810869][ T6554] loop3: detected capacity change from 0 to 1024
[  136.824812][ T6554] EXT4-fs: Ignoring removed nobh option
[  136.830445][ T6554] EXT4-fs: Ignoring removed bh option
[  136.838807][ T6557] netlink: 56 bytes leftover after parsing attributes in process `syz.4.967'.
[  136.849335][ T6556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.971'.
[  136.858213][ T6556] netlink: 4 bytes leftover after parsing attributes in process `syz.0.971'.
[  136.867097][ T6556] netlink: 'syz.0.971': attribute type 6 has an invalid length.
[  136.879305][ T6554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.879705][ T6556] netlink: 28 bytes leftover after parsing attributes in process `syz.0.971'.
[  136.901962][ T6556] netem: change failed
[  136.909482][ T6560] loop4: detected capacity change from 0 to 164
[  137.008303][ T4050] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.076063][ T4050] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.125538][ T4050] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.167097][ T4050] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.180574][ T6564] lo speed is unknown, defaulting to 1000
[  137.184073][ T6575] debugfs: 'ttyS3' already exists in 'caif_serial'
[  137.253365][ T4050] team0: Port device geneve1 removed
[  137.296384][ T4050] bond0 (unregistering): Released all slaves
[  137.305699][ T4050] bond1 (unregistering): (slave batadv1): Releasing active interface
[  137.314734][ T4050] bond1 (unregistering): Released all slaves
[  137.348359][ T6564] chnl_net:caif_netlink_parms(): no params data found
[  137.361940][ T4050] hsr_slave_0: left promiscuous mode
[  137.368755][ T4050] hsr_slave_1: left promiscuous mode
[  137.376235][ T4050] pim6reg (unregistering): left allmulticast mode
[  137.458575][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.465815][ T6564] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.473088][ T6564] bridge_slave_0: entered allmulticast mode
[  137.480321][ T6564] bridge_slave_0: entered promiscuous mode
[  137.487391][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.494587][ T6564] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.501776][ T6564] bridge_slave_1: entered allmulticast mode
[  137.508331][ T6564] bridge_slave_1: entered promiscuous mode
[  137.525977][ T6564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.536757][ T6564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.556464][ T6564] team0: Port device team_slave_0 added
[  137.562985][ T6564] team0: Port device team_slave_1 added
[  137.579551][ T6564] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.586682][ T6564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.612664][ T6564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.633941][ T6564] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.641022][ T6564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.667346][ T6564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.678741][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.700649][ T6587] loop4: detected capacity change from 0 to 128
[  137.710708][ T6564] hsr_slave_0: entered promiscuous mode
[  137.717539][ T6564] hsr_slave_1: entered promiscuous mode
[  137.720703][ T6587] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  137.731020][ T6587] FAT-fs (loop4): Filesystem has been set read-only
[  137.738683][ T6589] loop3: detected capacity change from 0 to 512
[  137.739582][ T6587] syz.4.978: attempt to access beyond end of device
[  137.739582][ T6587] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  137.745547][ T6589] EXT4-fs: Ignoring removed bh option
[  137.764368][ T6587] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  137.772258][ T6587] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  137.781658][ T6587] syz.4.978: attempt to access beyond end of device
[  137.781658][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.795891][ T6587] syz.4.978: attempt to access beyond end of device
[  137.795891][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.796961][ T6589] EXT4-fs error (device loop3): __ext4_iget:5464: inode #15: block 1803188595: comm syz.3.977: invalid block
[  137.809211][ T6587] syz.4.978: attempt to access beyond end of device
[  137.809211][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.809257][ T6587] syz.4.978: attempt to access beyond end of device
[  137.809257][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.835444][ T6589] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.977: couldn't read orphan inode 15 (err -117)
[  137.858942][ T6587] syz.4.978: attempt to access beyond end of device
[  137.858942][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.872745][ T6587] syz.4.978: attempt to access beyond end of device
[  137.872745][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.877300][ T6593] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  137.886447][ T6587] syz.4.978: attempt to access beyond end of device
[  137.886447][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.911338][ T6587] syz.4.978: attempt to access beyond end of device
[  137.911338][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.913038][ T6589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.925057][ T6587] syz.4.978: attempt to access beyond end of device
[  137.925057][ T6587] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  137.967055][ T6591] Buffer I/O error on dev loop4, logical block 2065, async page read
[  137.975323][ T6591] Buffer I/O error on dev loop4, logical block 2066, async page read
[  137.984025][ T6591] Buffer I/O error on dev loop4, logical block 2067, async page read
[  137.992835][ T6591] Buffer I/O error on dev loop4, logical block 2068, async page read
[  138.002025][ T6591] Buffer I/O error on dev loop4, logical block 2069, async page read
[  138.011014][ T6591] Buffer I/O error on dev loop4, logical block 2070, async page read
[  138.019777][ T6596] loop1: detected capacity change from 0 to 1024
[  138.021549][ T6591] Buffer I/O error on dev loop4, logical block 2071, async page read
[  138.035700][ T6564] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  138.042829][ T6596] EXT4-fs: Ignoring removed mblk_io_submit option
[  138.052683][ T6564] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  138.059955][ T6591] Buffer I/O error on dev loop4, logical block 2072, async page read
[  138.060000][ T6596] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  138.076554][ T6594] Buffer I/O error on dev loop4, logical block 2065, async page read
[  138.095501][ T6564] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  138.103556][ T6594] Buffer I/O error on dev loop4, logical block 2066, async page read
[  138.116736][ T6564] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  138.146703][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.527329][ T6620] siw: device registration error -23
[  138.538307][ T6620] 9pnet_virtio: no channels available for device /dev/rnullb0
[  138.751965][ T6564] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.846624][ T6564] 8021q: adding VLAN 0 to HW filter on device team0
[  138.886548][ T3701] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.893742][ T3701] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.920660][ T3701] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.927867][ T3701] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.937554][ T6622] netlink: 'syz.1.982': attribute type 10 has an invalid length.
[  138.945364][ T6622] netlink: 40 bytes leftover after parsing attributes in process `syz.1.982'.
[  138.957730][ T3701] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  138.967124][ T3701] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  138.978567][ T3701] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  139.011246][ T3701] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  139.048820][ T6629] loop2: detected capacity change from 0 to 1024
[  139.080973][ T6629] EXT4-fs: Ignoring removed mblk_io_submit option
[  139.155208][ T6629] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  139.177425][ T6638] FAULT_INJECTION: forcing a failure.
[  139.177425][ T6638] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.190827][ T6638] CPU: 1 UID: 0 PID: 6638 Comm: syz.3.987 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  139.190872][ T6638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  139.190888][ T6638] Call Trace:
[  139.190896][ T6638]  <TASK>
[  139.190904][ T6638]  __dump_stack+0x1d/0x30
[  139.190986][ T6638]  dump_stack_lvl+0xe8/0x140
[  139.191009][ T6638]  dump_stack+0x15/0x1b
[  139.191030][ T6638]  should_fail_ex+0x265/0x280
[  139.191076][ T6638]  should_fail+0xb/0x20
[  139.191116][ T6638]  should_fail_usercopy+0x1a/0x20
[  139.191137][ T6638]  _copy_from_user+0x1c/0xb0
[  139.191164][ T6638]  ___sys_sendmsg+0xc1/0x1d0
[  139.191274][ T6638]  __x64_sys_sendmsg+0xd4/0x160
[  139.191313][ T6638]  x64_sys_call+0x191e/0x2ff0
[  139.191342][ T6638]  do_syscall_64+0xd2/0x200
[  139.191371][ T6638]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  139.191421][ T6638]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  139.191482][ T6638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.191510][ T6638] RIP: 0033:0x7f13170aeb69
[  139.191530][ T6638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.191632][ T6638] RSP: 002b:00007f1315717038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.191657][ T6638] RAX: ffffffffffffffda RBX: 00007f13172d5fa0 RCX: 00007f13170aeb69
[  139.191701][ T6638] RDX: 000000002008c014 RSI: 0000200000000580 RDI: 0000000000000004
[  139.191717][ T6638] RBP: 00007f1315717090 R08: 0000000000000000 R09: 0000000000000000
[  139.191806][ T6638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.191819][ T6638] R13: 0000000000000000 R14: 00007f13172d5fa0 R15: 00007fff6a1b6978
[  139.191842][ T6638]  </TASK>
[  139.416189][ T6564] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.707032][ T6660] loop1: detected capacity change from 0 to 1024
[  139.715932][ T6564] veth0_vlan: entered promiscuous mode
[  139.736643][ T6564] veth1_vlan: entered promiscuous mode
[  139.745897][ T6660] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  139.760832][ T6564] veth0_macvtap: entered promiscuous mode
[  139.780046][ T6564] veth1_macvtap: entered promiscuous mode
[  139.796188][ T6564] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.807706][ T6660] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  139.819352][ T6564] batman_adv: batadv0: Interface activated: batadv_slave_1
[  139.836305][ T6665] netlink: 36 bytes leftover after parsing attributes in process `syz.3.990'.
[  139.846700][ T3892] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.856443][ T3892] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  139.858753][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  139.858771][   T29] audit: type=1400 audit(1754277206.339:5950): avc:  denied  { read } for  pid=6656 comm="+}[@" dev="sockfs" ino=15634 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  139.892278][ T3892] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  139.938260][ T3892] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  139.951927][ T6667] loop2: detected capacity change from 0 to 512
[  139.977580][   T29] audit: type=1400 audit(1754277206.419:5951): avc:  denied  { write } for  pid=6664 comm="syz.3.990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  139.997176][   T29] audit: type=1400 audit(1754277206.449:5952): avc:  denied  { mount } for  pid=6564 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  140.019436][   T29] audit: type=1400 audit(1754277206.449:5953): avc:  denied  { mounton } for  pid=6564 comm="syz-executor" path="/root/syzkaller.SbPpQ0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  140.219917][ T6672] loop3: detected capacity change from 0 to 1024
[  140.228611][ T6672] EXT4-fs: Ignoring removed mblk_io_submit option
[  140.253472][ T6672] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  140.306611][ T6667] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  140.317359][   T29] audit: type=1326 audit(1754277206.799:5954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.5.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b58dbeb69 code=0x7ffc0000
[  140.352638][ T6678] bridge_slave_0: left allmulticast mode
[  140.358457][ T6678] bridge_slave_0: left promiscuous mode
[  140.359216][   T29] audit: type=1326 audit(1754277206.799:5955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.5.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b58dbeb69 code=0x7ffc0000
[  140.364266][ T6678] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.387678][   T29] audit: type=1326 audit(1754277206.799:5956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.5.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b58dbeb69 code=0x7ffc0000
[  140.417998][   T29] audit: type=1326 audit(1754277206.799:5957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.5.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b58dbeb69 code=0x7ffc0000
[  140.441322][   T29] audit: type=1326 audit(1754277206.799:5958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.5.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b58dbeb69 code=0x7ffc0000
[  140.446747][ T6667] EXT4-fs (loop2): orphan cleanup on readonly fs
[  140.464884][   T29] audit: type=1326 audit(1754277206.799:5959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.5.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b58dbeb69 code=0x7ffc0000
[  140.513566][ T6678] bridge_slave_1: left allmulticast mode
[  140.519441][ T6678] bridge_slave_1: left promiscuous mode
[  140.525355][ T6678] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.566860][ T6678] bond0: (slave bond_slave_0): Releasing backup interface
[  140.578032][ T6678] bond0: (slave bond_slave_1): Releasing backup interface
[  140.588946][ T6667] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.991: corrupted inode contents
[  140.605687][ T6678] team0: Port device team_slave_0 removed
[  140.615926][ T6678] team0: Port device team_slave_1 removed
[  140.622978][ T6678] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.630443][ T6678] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.645498][ T6678] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.653047][ T6678] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.677038][ T6667] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #16: comm syz.2.991: mark_inode_dirty error
[  140.750603][ T6667] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.991: corrupted inode contents
[  140.803061][ T6667] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.991: mark_inode_dirty error
[  140.836473][ T6667] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.991: corrupted inode contents
[  140.863753][ T6667] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  140.907363][ T6685] netlink: 'syz.4.995': attribute type 1 has an invalid length.
[  140.921443][ T6685] 8021q: adding VLAN 0 to HW filter on device bond1
[  140.935482][ T6685] __nla_validate_parse: 1 callbacks suppressed
[  140.935497][ T6685] netlink: 16 bytes leftover after parsing attributes in process `syz.4.995'.
[  140.950753][ T6685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.995'.
[  140.970719][ T6667] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.991: corrupted inode contents
[  141.181725][ T6667] EXT4-fs error (device loop2): ext4_truncate:4666: inode #16: comm syz.2.991: mark_inode_dirty error
[  141.247439][ T6667] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  141.265444][ T6698] siw: device registration error -23
[  141.277581][ T6698] 9pnet_virtio: no channels available for device /dev/rnullb0
[  141.307825][ T6696] loop1: detected capacity change from 0 to 512
[  141.355960][ T6696] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  141.389603][ T6667] EXT4-fs (loop2): 1 truncate cleaned up
[  141.440351][ T6696] EXT4-fs (loop1): 1 orphan inode deleted
[  141.446243][ T6696] EXT4-fs (loop1): 1 truncate cleaned up
[  141.554850][ T6696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.654898][   T51] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[  141.684025][ T6706] loop5: detected capacity change from 0 to 512
[  141.707417][ T6667] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  141.748067][ T6696] EXT4-fs error (device loop1): ext4_search_dir:1474: inode #12: block 7: comm syz.1.997: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  141.795428][ T6667] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.805396][ T6696] EXT4-fs (loop1): Remounting filesystem read-only
[  141.844504][ T6708] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  141.905387][ T6713] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1002'.
[  141.914412][ T6713] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1002'.
[  141.923298][ T6713] netlink: 'syz.5.1002': attribute type 6 has an invalid length.
[  141.958153][ T6667] loop2: detected capacity change from 0 to 512
[  141.981163][ T6717] loop3: detected capacity change from 0 to 1024
[  141.990942][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.017992][ T6717] EXT4-fs: Ignoring removed i_version option
[  142.029507][ T6667] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  142.061305][ T6717] EXT4-fs: Ignoring removed nobh option
[  142.067017][ T6717] EXT4-fs: inline encryption not supported
[  142.105618][ T6717] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.128480][ T6667] EXT4-fs (loop2): mount failed
[  142.149794][ T6722] 8021q: VLANs not supported on tunl0
[  142.166270][ T6667] 9pnet_fd: Insufficient options for proto=fd
[  142.234450][ T6717] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1004: Allocating blocks 497-513 which overlap fs metadata
[  142.290936][ T6717] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  142.303314][ T6717] EXT4-fs (loop3): This should not happen!! Data will be lost
[  142.303314][ T6717] 
[  142.349078][ T6732] team0: Port device geneve1 removed
[  142.417654][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.433417][ T6738] lo speed is unknown, defaulting to 1000
[  142.656016][ T6761] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1013'.
[  142.696150][ T6761] loop1: detected capacity change from 0 to 164
[  142.847719][ T6767] netlink: 'syz.1.1020': attribute type 10 has an invalid length.
[  142.855669][ T6767] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1020'.
[  142.866280][ T6767] team0: Port device geneve1 added
[  142.874091][ T3905] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.959745][ T6768] lo speed is unknown, defaulting to 1000
[  143.067190][ T6768] loop3: detected capacity change from 0 to 512
[  143.074028][ T6768] EXT4-fs: Ignoring removed mblk_io_submit option
[  143.080506][ T6768] EXT4-fs: Ignoring removed bh option
[  143.156187][ T3905] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.165427][ T6768] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  143.260683][   T51] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.284526][ T6768] EXT4-fs (loop3): 1 truncate cleaned up
[  143.291614][ T6768] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.367545][   T51] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.395301][ T6781] SELinux: security_context_str_to_sid (01777777777777777777777) failed with errno=-22
[  143.519153][ T6794] netlink: 'syz.2.1028': attribute type 7 has an invalid length.
[  143.536195][ T6796] netlink: 'syz.4.1030': attribute type 10 has an invalid length.
[  143.544090][ T6796] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1030'.
[  143.631724][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.660407][ T4050] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.677411][ T4050] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.688835][ T4050] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.698202][ T4050] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  143.726899][ T6800] loop2: detected capacity change from 0 to 2048
[  143.729167][ T6802] lo speed is unknown, defaulting to 1000
[  143.800551][ T6800]  loop2: p1 < > p4
[  143.806655][ T6800] loop2: p4 size 8388608 extends beyond EOD, truncated
[  143.859542][ T6802] SELinux: security_context_str_to_sid (÷ÿ) failed with errno=-22
[  143.990186][ T6819] FAULT_INJECTION: forcing a failure.
[  143.990186][ T6819] name failslab, interval 1, probability 0, space 0, times 0
[  144.003169][ T6819] CPU: 0 UID: 0 PID: 6819 Comm: syz.2.1037 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  144.003207][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  144.003224][ T6819] Call Trace:
[  144.003232][ T6819]  <TASK>
[  144.003242][ T6819]  __dump_stack+0x1d/0x30
[  144.003282][ T6819]  dump_stack_lvl+0xe8/0x140
[  144.003308][ T6819]  dump_stack+0x15/0x1b
[  144.003328][ T6819]  should_fail_ex+0x265/0x280
[  144.003370][ T6819]  should_failslab+0x8c/0xb0
[  144.003402][ T6819]  kmem_cache_alloc_node_noprof+0x57/0x320
[  144.003450][ T6819]  ? __alloc_skb+0x101/0x320
[  144.003487][ T6819]  __alloc_skb+0x101/0x320
[  144.003596][ T6819]  netlink_alloc_large_skb+0xba/0xf0
[  144.003683][ T6819]  netlink_sendmsg+0x3cf/0x6b0
[  144.003786][ T6819]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.003829][ T6819]  __sock_sendmsg+0x145/0x180
[  144.003860][ T6819]  ____sys_sendmsg+0x31e/0x4e0
[  144.003940][ T6819]  ___sys_sendmsg+0x17b/0x1d0
[  144.004017][ T6819]  __x64_sys_sendmsg+0xd4/0x160
[  144.004063][ T6819]  x64_sys_call+0x191e/0x2ff0
[  144.004090][ T6819]  do_syscall_64+0xd2/0x200
[  144.004131][ T6819]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  144.004154][ T6819]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  144.004254][ T6819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.004280][ T6819] RIP: 0033:0x7f1a588ceb69
[  144.004298][ T6819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.004318][ T6819] RSP: 002b:00007f1a56f37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  144.004339][ T6819] RAX: ffffffffffffffda RBX: 00007f1a58af5fa0 RCX: 00007f1a588ceb69
[  144.004354][ T6819] RDX: 0000000000040000 RSI: 00002000000001c0 RDI: 0000000000000005
[  144.004369][ T6819] RBP: 00007f1a56f37090 R08: 0000000000000000 R09: 0000000000000000
[  144.004395][ T6819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.004409][ T6819] R13: 0000000000000000 R14: 00007f1a58af5fa0 R15: 00007ffd55d2a368
[  144.004431][ T6819]  </TASK>
[  144.349866][ T6844] loop2: detected capacity change from 0 to 764
[  144.358876][ T6844] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  144.394138][ T6848] SELinux: security_context_str_to_sid (01777777777777777777777) failed with errno=-22
[  144.425341][ T6850] loop2: detected capacity change from 0 to 1024
[  144.440807][ T6850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.479358][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.607315][ T6858] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1049'.
[  144.698483][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1049'.
[  144.774528][ T6807] 9pnet_fd: p9_fd_create_tcp (6807): problem connecting socket to 127.0.0.1
[  144.864263][   T29] kauditd_printk_skb: 356 callbacks suppressed
[  144.864281][   T29] audit: type=1326 audit(1754277211.339:6314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  144.917617][ T6867] loop1: detected capacity change from 0 to 512
[  144.924201][ T6867] EXT4-fs: Ignoring removed mblk_io_submit option
[  144.930742][ T6867] EXT4-fs: Ignoring removed bh option
[  144.937041][ T6867] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  144.972043][   T29] audit: type=1326 audit(1754277211.389:6315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  144.995583][   T29] audit: type=1326 audit(1754277211.429:6316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.019135][   T29] audit: type=1326 audit(1754277211.429:6317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.042865][   T29] audit: type=1326 audit(1754277211.429:6318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.066400][   T29] audit: type=1326 audit(1754277211.429:6319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.090328][   T29] audit: type=1326 audit(1754277211.429:6320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.113764][   T29] audit: type=1326 audit(1754277211.429:6321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.137229][   T29] audit: type=1326 audit(1754277211.429:6322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.160642][   T29] audit: type=1326 audit(1754277211.429:6323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.4.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2dc14eb69 code=0x7ffc0000
[  145.195948][ T6870] team0: Port device geneve1 removed
[  145.228447][ T6869] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1053'.
[  145.238786][ T6867] EXT4-fs (loop1): 1 truncate cleaned up
[  145.245067][ T6867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.279129][ T6873] FAULT_INJECTION: forcing a failure.
[  145.279129][ T6873] name failslab, interval 1, probability 0, space 0, times 0
[  145.291989][ T6873] CPU: 0 UID: 0 PID: 6873 Comm: syz.4.1054 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  145.292021][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  145.292036][ T6873] Call Trace:
[  145.292095][ T6873]  <TASK>
[  145.292184][ T6873]  __dump_stack+0x1d/0x30
[  145.292204][ T6873]  dump_stack_lvl+0xe8/0x140
[  145.292226][ T6873]  dump_stack+0x15/0x1b
[  145.292244][ T6873]  should_fail_ex+0x265/0x280
[  145.292306][ T6873]  ? __pfx_ppp_ioctl+0x10/0x10
[  145.292335][ T6873]  ? slhc_init+0x57/0x390
[  145.292394][ T6873]  should_failslab+0x8c/0xb0
[  145.292422][ T6873]  __kmalloc_cache_noprof+0x4c/0x320
[  145.292516][ T6873]  ? __pfx_ppp_ioctl+0x10/0x10
[  145.292557][ T6873]  slhc_init+0x57/0x390
[  145.292592][ T6873]  ? __pfx_ppp_ioctl+0x10/0x10
[  145.292661][ T6873]  ppp_ioctl+0xe9c/0x11c0
[  145.292692][ T6873]  ? __fget_files+0x184/0x1c0
[  145.292777][ T6873]  ? __pfx_ppp_ioctl+0x10/0x10
[  145.292809][ T6873]  __se_sys_ioctl+0xcb/0x140
[  145.292852][ T6873]  __x64_sys_ioctl+0x43/0x50
[  145.292923][ T6873]  x64_sys_call+0x1816/0x2ff0
[  145.293025][ T6873]  do_syscall_64+0xd2/0x200
[  145.293061][ T6873]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  145.293087][ T6873]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  145.293110][ T6873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.293135][ T6873] RIP: 0033:0x7fc2dc14eb69
[  145.293213][ T6873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.293235][ T6873] RSP: 002b:00007fc2da7b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  145.293265][ T6873] RAX: ffffffffffffffda RBX: 00007fc2dc375fa0 RCX: 00007fc2dc14eb69
[  145.293280][ T6873] RDX: 00002000000002c0 RSI: 0000000040047451 RDI: 0000000000000006
[  145.293294][ T6873] RBP: 00007fc2da7b7090 R08: 0000000000000000 R09: 0000000000000000
[  145.293308][ T6873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.293322][ T6873] R13: 0000000000000000 R14: 00007fc2dc375fa0 R15: 00007ffd12f6eea8
[  145.293344][ T6873]  </TASK>
[  145.586044][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.688101][ T6896] loop4: detected capacity change from 0 to 128
[  145.696683][ T6896] FAT-fs (loop4): bogus sectors per cluster 0
[  145.702798][ T6896] FAT-fs (loop4): Can't find a valid FAT filesystem
[  145.713308][ T6896] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  145.874653][ T6908] netlink: 'syz.5.1067': attribute type 6 has an invalid length.
[  145.907462][ T6910] pim6reg: entered allmulticast mode
[  145.924910][    C1] ==================================================================
[  145.933045][    C1] BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick
[  145.940274][    C1] 
[  145.942614][    C1] read-write to 0xffff8881001b24b8 of 8 bytes by interrupt on cpu 0:
[  145.950684][    C1]  wq_worker_tick+0x60/0x230
[  145.955296][    C1]  sched_tick+0x11a/0x270
[  145.959683][    C1]  update_process_times+0x15f/0x190
[  145.964898][    C1]  tick_nohz_handler+0x249/0x2d0
[  145.970030][    C1]  __hrtimer_run_queues+0x20c/0x5a0
[  145.975371][    C1]  hrtimer_interrupt+0x21a/0x460
[  145.980329][    C1]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  145.986243][    C1]  sysvec_apic_timer_interrupt+0x6f/0x80
[  145.991899][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  145.997895][    C1]  _raw_spin_unlock_irqrestore+0x3c/0x60
[  146.003610][    C1]  free_frozen_page_commit+0x1f9/0x2a0
[  146.009104][    C1]  free_unref_folios+0x69d/0x750
[  146.014082][    C1]  folios_put_refs+0x276/0x2d0
[  146.018864][    C1]  release_pages+0x2a8/0x2f0
[  146.023470][    C1]  io_free_region+0x7b/0x160
[  146.028073][    C1]  io_ring_ctx_free+0x1de/0x3a0
[  146.032947][    C1]  io_ring_exit_work+0x529/0x560
[  146.037905][    C1]  process_scheduled_works+0x4ce/0x9d0
[  146.043400][    C1]  worker_thread+0x582/0x770
[  146.048020][    C1]  kthread+0x489/0x510
[  146.052100][    C1]  ret_from_fork+0xdd/0x150
[  146.056613][    C1]  ret_from_fork_asm+0x1a/0x30
[  146.061559][    C1] 
[  146.063914][    C1] read-write to 0xffff8881001b24b8 of 8 bytes by interrupt on cpu 1:
[  146.071995][    C1]  wq_worker_tick+0x60/0x230
[  146.076598][    C1]  sched_tick+0x11a/0x270
[  146.080936][    C1]  update_process_times+0x15f/0x190
[  146.086156][    C1]  tick_nohz_handler+0x249/0x2d0
[  146.091105][    C1]  __hrtimer_run_queues+0x20c/0x5a0
[  146.096314][    C1]  hrtimer_interrupt+0x21a/0x460
[  146.101260][    C1]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  146.107171][    C1]  sysvec_apic_timer_interrupt+0x6f/0x80
[  146.112827][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  146.118820][    C1]  _raw_spin_unlock_irqrestore+0x3c/0x60
[  146.124484][    C1]  free_frozen_page_commit+0x1f9/0x2a0
[  146.129973][    C1]  free_unref_folios+0x69d/0x750
[  146.134946][    C1]  folios_put_refs+0x276/0x2d0
[  146.139717][    C1]  release_pages+0x2a8/0x2f0
[  146.144401][    C1]  io_free_region+0x7b/0x160
[  146.149005][    C1]  io_ring_ctx_free+0x1ed/0x3a0
[  146.153873][    C1]  io_ring_exit_work+0x529/0x560
[  146.158822][    C1]  process_scheduled_works+0x4ce/0x9d0
[  146.164299][    C1]  worker_thread+0x582/0x770
[  146.168906][    C1]  kthread+0x489/0x510
[  146.172987][    C1]  ret_from_fork+0xdd/0x150
[  146.177501][    C1]  ret_from_fork_asm+0x1a/0x30
[  146.182284][    C1] 
[  146.184607][    C1] value changed: 0x0000000000075300 -> 0x0000000000077a10
[  146.191718][    C1] 
[  146.194045][    C1] Reported by Kernel Concurrency Sanitizer on:
[  146.200239][    C1] CPU: 1 UID: 0 PID: 4041 Comm: kworker/u8:55 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  146.212572][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  146.222638][    C1] Workqueue: iou_exit io_ring_exit_work
[  146.228198][    C1] ==================================================================
[  146.303876][ T6912] lo speed is unknown, defaulting to 1000
[  146.413049][ T6912] loop2: detected capacity change from 0 to 512
[  146.419879][ T6912] EXT4-fs: Ignoring removed mblk_io_submit option
[  146.426333][ T6912] EXT4-fs: Ignoring removed bh option
[  146.443763][ T6912] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  146.584852][ T6912] EXT4-fs (loop2): 1 truncate cleaned up
[  146.591162][ T6912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.775397][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.