last executing test programs:

1m39.167523713s ago: executing program 0 (id=559):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf4f3, @void, @value}, 0x94)
process_vm_writev(0x0, &(0x7f0000000500)=[{0x0}, {0xffffffffffffffff}, {0xfffffffffffffffc}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
socket$unix(0x1, 0x5, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x4b66, &(0x7f0000000040))
close(r1)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b91696473140180ce85656c8f2000000000000000000400"], 0x18)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000000c00078008001300000000000500050002000400a95bd08a81c254b915000300686173683a69702c706f72742c6e657400000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd, 0x30}}, [@filter_kind_options=@f_basic={{0xa}, {0x40, 0x2, [@TCA_BASIC_EMATCHES={0x3c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x1c, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x0, 0x7b}}}, @TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x70}}, 0x0)

1m38.988115355s ago: executing program 0 (id=560):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000005c0)=0x14, 0x80000)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
recvfrom$packet(r0, &(0x7f0000000740)=""/230, 0xe6, 0x100, &(0x7f0000000900)={0x11, 0xa, 0x0, 0x1, 0xc, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x14)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r1}, 0x18)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r3, 0x9}}, 0x10)
close(r2)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r4, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$caif_stream(0x25, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r6, @ANYRESDEC], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18)
sendmmsg$inet(r5, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xb5914438cc5bcb76}}, {{0x0, 0x2, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x4000)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000206050000000000000000000000d8f4e7d527cc793304e6000005000400000000000900020073797a32000000000500010007000018050005000a000000140007800800114000000000050015000000000011000300686173683a698fb1706f727400000000"], 0x60}}, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x8)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x88)
fcntl$notify(r8, 0x402, 0x8000001f)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='cgroup.clone_children\x00', 0x2, 0x0)
r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r9, 0x402, 0x8000003d)
close_range(r8, r9, 0x0)

1m38.744778569s ago: executing program 0 (id=564):
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
open(0x0, 0x40c5, 0x24)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000)
mlock(&(0x7f0000656000/0x3000)=nil, 0x3000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000c00)=0xc, 0x6, 0x2)
mlockall(0x7)
syz_open_procfs(0x0, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x1, {0x43, 0x3, 0x1}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000000)=0x1)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0)=@id={0x1e, 0x3, 0x2, {0x4e23, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40400b0)
close(r0)
r1 = socket(0xa, 0x3, 0x3a)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bond0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001e000100000000000400000002000000", @ANYRES32=0x0, @ANYBLOB="00000f"], 0x24}}, 0x0)
sendmsg$nl_netfilter(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x11, 0xb, 0x401, 0x70bd2a, 0x25dfdbfe, {0x7, 0x0, 0x7}, [@typed={0x4, 0xb8}, @typed={0x8, 0x49, 0x0, 0x0, @ipv4=@broadcast}, @nested={0x8, 0xc5, 0x0, 0x1, [@nested={0x4, 0xe8}]}]}, 0x28}}, 0x40d0)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, 0x0)

1m37.401230899s ago: executing program 0 (id=577):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file1\x00', 0x0, &(0x7f00000003c0), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==")
openat(0xffffffffffffff9c, 0x0, 0x641, 0x1c3) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000008140)={&(0x7f0000008000)=ANY=[@ANYBLOB], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) (async)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r2}, 0x10) (async)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) (async)
shmat(0x0, &(0x7f0000ff7000/0x3000)=nil, 0x400c) (async)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x4aa7482236181973, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="91dae80b5e1ab4eec5b50c859c000000000000000000000093788dcba7a6fcfbb7710f09dd559efd6c2caf9dfe6e9814f33cc1b2f31b00a6dd91a54040c694781160716e2a034d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) (async)
r6 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
write$selinux_access(r6, &(0x7f0000000740)=ANY=[@ANYBLOB="2a797374656d5f753a6f626a6563745f723a6c645f736f5f7420704a122f7362696e2f6468636c69656e742030"], 0x41)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r7=>r3}, './file0\x00'})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r7, 0xb, &(0x7f0000000280)=[@ioring_restriction_sqe_op={0x1, 0x14}, @ioring_restriction_register_op={0x0, 0xb}, @ioring_restriction_sqe_op={0x1, 0x16}], 0x3)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r8}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

1m36.903666967s ago: executing program 0 (id=580):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000700), r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
eventfd2(0xce79, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="10000000040000000400000002000000000000ee5c63aa037286ef02367efca9c9258283e44c9bff9bae9a5a9e6116238933b0a893568ae333ab49fa5998cda1b397ad25c844f47ad0d7f890c0ea24f72a13680e60a0f4b1deaf71a5a932f2d9106f10222eddf0001ce0ce2138fed57090521bfda5e825ca506d851f0bf86792ea57a23ad12d08ac2894cb1923032741b7d6644c96999e19657587877b3418a27dc7e34a26b9c90eb9fe18c28ad9ef4f4b976da877ca6f4ca0ec91a2a8d5c2408f58a775e50260b880d5f6d6a63472a080eda772581b2aca357eb0ef0a4bff3f1ca15f819a", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/15], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r4}, &(0x7f0000000a00), &(0x7f0000000a40)=r0}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000010c0))
openat(r0, &(0x7f0000000100)='./file2\x00', 0x8040, 0x108)
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
listxattr(&(0x7f0000000180)='./file1\x00', 0x0, 0x0)

1m36.466978844s ago: executing program 0 (id=586):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

1m36.411896275s ago: executing program 32 (id=586):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

57.223677998s ago: executing program 5 (id=1149):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000240), &(0x7f00000003c0)}, 0x20)

57.14795708s ago: executing program 5 (id=1152):
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_format(r0, &(0x7f0000000800)='-1\x00', 0x3)
set_mempolicy(0x1, 0x0, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x10, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000440)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1fc0}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0xfffffffe, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080)
bind$packet(r5, &(0x7f0000000040)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r5, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181004000000004000000000000000e000a000d00000002800200121f", 0x2e}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xf}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0)

56.912154514s ago: executing program 5 (id=1158):
inotify_init()

56.859505274s ago: executing program 5 (id=1160):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x30, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048844)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r1=>0xffffffffffffffff]}}], 0x18}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000280)=ANY=[], 0xfdef)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x764, &(0x7f0000000a80)="$eJzs3M9rHGUfAPDvTJOmP/K+mxdeeF89iNBCC6WTpLm0p8aLt0Kh4LWGZBJCJtmQ3dRuLNh6FmpzURBEPXv0KpT6B3iTgoJ3oWiNB/GyMptNamM22TZJV9LPB2b3eZ6Zeb7Pd3d4sgN5JoCX1uvlSxIxGBFXI6LSbk8j4mirdCzi9vpxa49vTZZbEs3mtZ+T8rRYa1Y2+0ra7yejdUr8PyIe9Eece//vcWuNlbmJosiX2vXh+vzicK2xcn52fmImn8kXRscujVwcG7s4MrZrDv8rX/p3z/X0W5eO3/v2zdXV776q332t73wS4628o53b7j08u/XPpD/Gt7QvHESwHkp6PQAAALpS/s4/EhF9rV+plTjSKgEAAACHSXOgCQAAABx6SfR6BAAAAMDB2vg/gI21vQe1DraTR29ExNB28ftaa4gjjrWW9p5YS55amZCsnwZ7cvtORNwf33r9fVFeYbf32PfIlvrTa6SP7rF39sP9cv4Z327+STfnn9hm/unbeHbCHnWe/57EP9Jh/rvaZYyvP32l49MRHt2JeLVvu/jJZvykQ/y3u4x/d/WDe532NT+POLPt35/kqVg7PB9ifHq22PHxAw/+OPtwp/xPdIqf7Jz/Ypf5v7v261ynuaSMf/bUzt//dvHLa+LD9jjSiLjXfi/rq1tinJr//pud8p+KaD7P9/9Zl/n/+OXAzS4PBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IgYjSbPNcppmWcTJiPhvnEiLaq1+brq6vDBV7osYiv50erbIRyKisl5Pyvpoq/ykfmFLfSwi/vPD8fWgs0WeTVaLqV4nDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKaTETEYSZpFRBoRv1XSNMsi+ro4d+AFjA8AAADYJ0O9HgAAAABw4Nz/AwAAwOH3vPf/yT6PAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjUrl65Um7Ntce3Jsv61I3G8lz1xvmpvDaXzS9PZpPVpcVsplqdKfJssjq/W39Ftbo4eimWbw7X81p9uNZYuT5fXV6oX5+dn5jJr+f9LyQrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntVga0vSLCLSVjlNsyziXxExFP3J9GyRj0TEvyPiYaV/oKyP9nrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LtaY2VuoijyJQWFl6ZQXvm9HcZ7EfFP+TT+Uhh40tLrmQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF6oNVbmJooiX6r1eiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0VvpTEhHldqZyenDr3qPJ75XWe0S888m1j25O1OtLo2X7L5vt9Y/b7Rd6MX4AAAB4KVx+loM37tM37uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6VWuszE0URb60t8LlaKw0kw7H9DpHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+fwZAAD//zkLxTE=")
chdir(&(0x7f00000001c0)='./file0\x00')
r3 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
write$binfmt_misc(r3, &(0x7f00000003c0)='(', 0x1)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r5, 0x0, 0x10001}, 0x18)
r6 = shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r6, 0x0)
unlinkat(0xffffffffffffffff, 0x0, 0x200)
socket$packet(0x11, 0x3, 0x300)
syz_usb_ep_write(0xffffffffffffffff, 0x5, 0xa1, &(0x7f00000008c0)="203fa62768903a2de56c148dc71744ff262f0df94daa56b53daa4f40a4944ea0ac11297c72b6f67b5d606801a4f9d34382721d14b08a71015ec91a0cca8cc6114221d40df3538227d01179c8fdb204532358d6ac3662792ad7693cbd99d949bb1a2fdbc7b62ee3d0053607dfc13be98cc40e6d5c6eeddc602e0cad72031660b82399ea2bc6c695f40b8f4e943104888b54133fb0883597ef7ec63cb79984b968da")
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
recvmsg(r7, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x41, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
sendmmsg$sock(r8, &(0x7f0000003bc0)=[{{0x0, 0xfe3d, 0x0}}, {{0x0, 0x0, 0x0}}], 0x4000000000002ca, 0x4040014)
r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents(r9, &(0x7f0000000bc0)=""/116, 0x74)

55.20382408s ago: executing program 5 (id=1187):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r1, &(0x7f0000000000)="0f", 0xfdef, 0x0, 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x4c80, 0x7000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00'}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

55.026724393s ago: executing program 5 (id=1191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0x68e}, 0x18)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f00000001c0)={0x2, 0x4e22, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x10}}], 0x10}, 0x0) (fail_nth: 8)

54.983378053s ago: executing program 33 (id=1191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0x68e}, 0x18)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f00000001c0)={0x2, 0x4e22, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x10}}], 0x10}, 0x0) (fail_nth: 8)

31.362703237s ago: executing program 1 (id=1547):
mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x1, 0x4, 0x3})
syz_io_uring_setup(0x805a75, &(0x7f0000000080)={0x0, 0x2, 0x10100, 0x1, 0xfffffffc}, &(0x7f0000000240), &(0x7f0000000140))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sigaltstack(0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
inotify_init()

30.594831769s ago: executing program 1 (id=1550):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd73, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
unshare(0x2c020400)
fgetxattr(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB='usgr.%%{+\x00'], 0x0, 0x0)

30.52980733s ago: executing program 1 (id=1552):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1)
sendfile(0xffffffffffffffff, r0, 0x0, 0x3ffff)
dup3(r0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x401}, 0x18)
move_mount(r0, &(0x7f0000000100)='./bus\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./bus\x00', 0x14)

30.295451383s ago: executing program 1 (id=1556):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
acct(&(0x7f0000000200)='./file0\x00')
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000300)={[{@jqfmt_vfsv1}, {@dioread_lock}, {@barrier_val}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@errors_continue}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
r1 = syz_clone(0x23802400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r1, 0x0)
sched_setscheduler(r1, 0x5, &(0x7f0000000980)=0x16f)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r3)
mount$bpf(0x0, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000080), 0x400408, &(0x7f0000000cc0)=ANY=[@ANYBLOB="210058a5", @ANYRESHEX=0xee00])
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)=r0}, 0x20)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0x0, 0x6, 0x18}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)=r0}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0xfffffffffffffd32)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r8}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000900)={0x0, r2}, 0x8)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r9}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{0x1, <r10=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%+9llu \x00'}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="18110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b708deff030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000182b0000", @ANYRES32=r5, @ANYBLOB="0000000006000000"], &(0x7f0000000400)='GPL\x00', 0x2, 0x63, &(0x7f0000000540)=""/99, 0x41000, 0x14, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x7, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000780)=[r6, r10, 0xffffffffffffffff], &(0x7f00000007c0)=[{0x2, 0x2, 0xa, 0x1}, {0x1, 0x4, 0x5, 0x1}, {0x2, 0x2, 0xc, 0x3}], 0x10, 0x6, @void, @value}, 0x94)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r11, 0x10001, 0x0)
r12 = open_tree(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x9001)
renameat2(r12, &(0x7f0000000140)='./file0\x00', r12, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)

30.125778286s ago: executing program 1 (id=1558):
unshare(0x26000400)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f00000002c0)={<r0=>0xffffffffffffffff})
vmsplice(r0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000003c0), 0x240900, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f0000000480)=@raw=[@generic={0x3, 0x4, 0x1, 0x3, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}], &(0x7f00000004c0)='GPL\x00', 0x1, 0x69, &(0x7f0000000500)=""/105, 0x41100, 0x12, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000580)={0x7, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000005c0)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f0000000600)=[{0x1, 0x4, 0x4, 0x9}, {0x3, 0x1, 0x6, 0x3}, {0x0, 0x2, 0x6}, {0x3, 0x2, 0x0, 0xc}, {0x3, 0x3, 0x9, 0x3}, {0x5, 0x4, 0xd, 0x7}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000800)='jbd2_update_log_tail\x00', r2, 0x0, 0xb2}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c080003"], 0xd8}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$kcm(0x10, 0x2, 0x0)
truncate(0x0, 0xd105)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
openat$selinux_checkreqprot(0xffffffffffffff9c, 0x0, 0x80402, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
fsetxattr$security_selinux(r7, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:unconfined_execmem_exec_t:s0\x00', 0x2f, 0x2)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000200)={'syztnl1\x00', <r8=>0x0, 0x2f, 0x10, 0x82, 0x34f, 0x1, @mcast2, @dev={0xfe, 0x80, '\x00', 0x41}, 0x80, 0x8000, 0x1, 0x3}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000180)={'syztnl2\x00', r8, 0x4, 0x3, 0x5, 0xfb, 0x40, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0, 0x7800, 0x1, 0x1fe, 0x8}})
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000007c0)={0x2, &(0x7f0000000780)=[{0x8, 0xfb, 0x8a, 0x3}, {0x1002, 0x2, 0x0, 0x6}, {0x0, 0x4, 0xa}]})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x4)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r10, &(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4004, 0x4, {0xa, 0x4e24, 0x3, @empty, 0x2}}}, 0x3a)
openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0xa2800, 0x0)

28.915952935s ago: executing program 1 (id=1567):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10068, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r2}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

28.915620195s ago: executing program 34 (id=1567):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10068, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r2}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

1.884254571s ago: executing program 4 (id=2115):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'sit0\x00', <r2=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r3}, 0x9)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)

1.866145432s ago: executing program 4 (id=2116):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = io_uring_setup(0x7cac, &(0x7f00000000c0)={0x0, 0x753a, 0x8, 0x2, 0x1fd})
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f00000005c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.841696832s ago: executing program 3 (id=2117):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'sit0\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f00000008c0), &(0x7f0000000040)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r5}, 0x9)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)

1.757925803s ago: executing program 3 (id=2119):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0180000000000000000001000000000000000b000000000300"], 0x28}}, 0x40000)

1.684156494s ago: executing program 3 (id=2120):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000006"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x2, 0x0, 0x0)

1.608165355s ago: executing program 4 (id=2121):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000008500"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000508000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000001e0a05010000000000000000070000070900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xc0}}, 0x0)

1.541327207s ago: executing program 4 (id=2123):
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000400)=@generic={&(0x7f0000000080)='./file0\x00', r0}, 0x18)
r1 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
r2 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0xd53, 0x2000, 0x1}, &(0x7f0000000100), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0x54bd, &(0x7f0000000280)={0x0, 0x9779, 0x8000, 0x0, 0x0, 0x0, r2}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x25f615bca80db750, 0x0, @fd_index=0x6, 0xfffffffffffffff7, 0x0, 0x8, 0x6, 0x1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001080)={&(0x7f0000001100)=ANY=[], 0xf0}, 0x1, 0x0, 0x0, 0xa4048cdbe3e66fbf}, 0x40004)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xb, &(0x7f00000012c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000002c0), 0xfe, 0x50e, &(0x7f0000001900)="$eJzs3c9vI1cdAPDvOOvYu802S+kBENClFBa0WifxtlHVA5QTQqgSokeQtiHxRlHsOIqd0oRIpP8DEpU4wZEjB849ceeC4MalHJD4EYGaShyMZjxJvY7deEk2XuzPRxrNvPcm830v8bxnP8d+AUyt2xFxGBGzEfFWRMzn+Um+xevdLT3vw6OD1eOjg9UkOp03/5Fk5Wle9PxM6pn8muWI+P63I36UnI3b2tvfXKnXazt5eqHd2F5o7e3f22isrNfWa1vV6vLS8uKr91+pXlpbX2jM5kdf+OD3h1//SVqtuTyntx2Xqdv04mmcyH/n330SwcZgJiKu5Y+f3M1x1ofHU4iI5yLixez+n4+Z7K8JAEyyTmc+OvO9aQBg0hWyObCkUMnnAuaiUKhUunN4z8eNQr3Zat992NzdWuvOld2KYuHhRr22mM8V3opikqaXsuOP09W+9P2IKEXEz0rXs3RltVlfG+cTHwCYYs/0jf//LnXHfwBgwpXHXQEA4MoZ/wFg+hj/AWD6GP8BYPoY/wFg+hj/AWD6GP8BYKp874030q1znH//9drbe7ubzbfvrdVam5XG7mpltbmzXVlvNtez7+xpnHe9erO5vfRy7L5z6xvbrfZCa2//QaO5u9V+kH2v94Na8UpaBQB8kk+98P6fkog4fO16tkXPWg7GaphshZHP1BvApJkZdwWAsbHaF0yvCzyr94IAJsSAJXofUY6I6/2ZnU6n8+SqBDxhdz5r/h+mVc/8v/8Chikz89Nx1wAYl6Hz/2de7AOTptNJRl3zP0Y9EQB4upnjB4a8//9cvv91/ubAD9f6z3ivP2P0TxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/7uZfF/JV+6Yi0KhUom4GRG3opg83KjXFiPi2Yj4Y6lYStNLY64zAHBRhb8m+fpfd+ZfmusvnU0+KmX7iPjxL978+Tsr7fbOH9L8f57mt9/L86vjqD8AcJ6TcTrb97yQ//DoYPVku8r6/O1bEVHuxj8+mo3j0/jX4lq2L0cxIm78K8nTXUnP3MVFHL4bEZ8Z1P4k5rI5kO7Kp/3x09g3rzR+4ZH4haysu09/F5++hLrAtHk/7X9eH3T/FeJ2th98/5ezHuri8v4vvdTqcdYHfhz/pP+bGdL/3R41xsu/+0736PrZsncjPnctohQHffGT0/jJkPgvnb3cQH/+/BdfHFbW+WXEnYg4id0bvzfWQruxvdDa27+30VhZr63XtqrV5aXlxVfvv1JdyOaoF4aPBn9/7e6zw8rS9t8YEr98Tvu/Mlrz41f/eesHXxpcVErjf+3Lg+IX4vlPiJ+OiV8dMf7Kjd+Wh5Wl8deGtP+8v//dEeN/8Jf9M8uGAwDj09rb31yp12s7V31wUoHxRHdw4YPiOIKmj5inoO35wW8eefR+86qiz8Zj/VSn8z/FGtZjXMasG/A0OL3pI+KjcVcGAAAAAAAAAAAAAAAY6Co+sTTuNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADC5/hsAAP//bQHM+A==")
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYRESOCT=0x0, @ANYRESDEC, @ANYRES16=r1], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_read_part_table(0x1049, &(0x7f0000000000)="$eJzsz9EJwjAUBdBbURvBIRzAQVyg+/TDaZzKRSTSpNIJRIRz/u7jvoQXfuqaXbL/pFOSV61jknOf1JqlkedxScO22ErNXA/ppf5EyZhhXuPtkkxtr6yTe9k+nB7fvQ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/sM7AAD//8NpC6s=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r6}, 0x10)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='devfreq_monitor\x00', r8}, 0x18)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r9, 0x84, 0x6b, &(0x7f0000001280)=[@in6={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7f}], 0x1c)
mlock2(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlock2(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x1)

1.502126387s ago: executing program 3 (id=2125):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="659daff4fd3e75a937cc70749df7eb0c71091ccd6cbb9223ed0c8809261f4f5492756af0e3577c7c7c45e81e344d7a94bce7c107756b8c412363304aa59a491c3ce80381050c4a1887966dd0bbe34d948938f7fbd1edf29eb89e6f3485c4777fb94b9e8ba760959a88d37f0cc1a28dba360a186a97e0db095c0364f2f3123f9c7bcfb0244cfc16b213c4d995f9d53159387c55d2d7764d3dd3e8ff2eb2b3431b6ae3187f5e29de2dd6b04a2b11aaa388fe60db7ff055", @ANYRES8=r1, @ANYBLOB="48a52316668b128f4882546de20a3302186e84d707a2bb88972f52bb8117ca8be356b650e7e1cb5483a30d979d7683e3a3f6e5b04b2a1d0731ff3fea8dcc19037f2937c8344ddcd13d49c8c7ba392a11eca5f7031157c91b1b4358048976c622ef11a56fc04d65cc652f1b4fdb3123a75727"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000004000000450000008814"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r4, 0x0, 0x5}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSKBSENT(r6, 0x4b49, &(0x7f0000000840)={0x8, "404773c192a4927b0c5e7b4d3452afe2673687456b2d562700f1405853719fb93e009173471eddf543afcea732b8c762783f696eeb68c66198ae7ef97c9dc892a64d08d67aaab4aa1a45e4db186d3ac5bf9d413f05cebf9a03c9a85d5b76a74085c1e82b1d3333c9389a24467d7cb952b93c55c1901c359140ad0b205a51e14fad381c40998ae5816e1c86ebb7b6939f88932c108687806842deb1eb522e093e18273d93894e4f0c5e95176e413458ad027d287bfee36ff4572c4d6b0a345636134f4c359b504fb597ab2e4cbf2dc11192e5a450d1b9055bf70362dd3f4d7fa5986e56027e525a551f439478fd921f495e2c87703123858b49744ce2dd4e746ade776ae0cd1d5204e8ec2983ae6e027321eef214c543f5989b67a4ddf68fffc859ac6a168202113781f8d76cc19ae308a698eb3f1f3adbb4064344778fae5c78c867a1e89f2634af76f0a30782e3f8f8863b18e4332cf326448c1787c90700c21f3d7a8adb1117defe215f51e00584813e0f32b61f455034839607e47feea5dce2685e424bacdd225da845f5e6f2a2166593254ee4d17ff90cb7935143e169ea37043506af8a10be2527a3fd8ffe37184714f6291305a9626075e25858d84838044318fe1c29a552d70c961e8f89bcdabc1479a0fe178eb286603237905cae3509b5fa826f4ac57f92cd54f0eb72652eb94d7d86aed6b706fa5f438fea07bc18"})
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000940))
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r8, 0x400, 0x0)
chmod(&(0x7f0000000080)='./file0\x00', 0xa5)
sendmsg$NFT_BATCH(r5, 0x0, 0x20050800)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r8, 0x84, 0x6c, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f00000008c0)={0x0, 0x8}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x10, &(0x7f0000000240)=ANY=[], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r9}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, 0x0, 0x40a0)
ioctl$sock_SIOCGPGRP(r10, 0x8904, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.474256477s ago: executing program 7 (id=2126):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="8b3329bd70000000000005000000080003"], 0x2c}}, 0x0)

1.373771359s ago: executing program 7 (id=2128):
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) (fail_nth: 1)

1.223553532s ago: executing program 7 (id=2130):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
dup3(r0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x401}, 0x18)
move_mount(r0, &(0x7f0000000100)='./bus\x00', r1, &(0x7f00000000c0)='./bus\x00', 0x14)

1.116485903s ago: executing program 2 (id=2131):
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_format(r0, &(0x7f0000000800)='-1\x00', 0x3)
set_mempolicy(0x1, 0x0, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x10, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000440)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
bind$packet(r4, &(0x7f0000000040)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xf}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)

938.996526ms ago: executing program 2 (id=2132):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000280))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kmem_cache_free\x00', r2, 0x0, 0x800}, 0x18)
getgroups(0x0, 0x0)
r3 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x1c)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f00000001c0)={0x0, '\x00', {0x4}, 0x7f})
r4 = syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000280)={[{@jqfmt_vfsold}, {@grpid}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@mblk_io_submit}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN")
fstat(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
lchown(&(0x7f0000000000)='./file0\x00', 0xee01, r6)
r7 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000003400)={0x0, <r8=>0x0, <r9=>0x0}, &(0x7f0000003440)=0xc)
mount$bpf(0x0, &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x400008, &(0x7f0000000c00)={[{@gid={'gid', 0x3d, r9}}], [{@uid_eq={'uid', 0x3d, r8}}, {@fowner_lt={'fowner<', r5}}]})
r10 = getgid()
fstat(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r12=>0xffffffffffffffff})
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r13}, 0x18)
r14 = syz_open_dev$tty1(0xc, 0x4, 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}}, {{@in6=@empty}, 0x0, @in=@remote}}, &(0x7f00000001c0)=0xe8)
lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0})
fsetxattr$system_posix_acl(r14, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000010001000000000002000700", @ANYRES32=r15, @ANYBLOB="040000000000000008ed0700", @ANYRES32=r16, @ANYBLOB='\b\x00\x00\x00', @ANYRES16=r4, @ANYRESOCT=r12], 0x3c, 0x2)
fsetxattr$system_posix_acl(r12, &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="02000000010000000000000002000500", @ANYRES32=0x0, @ANYBLOB="02000600", @ANYRES32=0x0, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="02000100", @ANYRES32=0x0, @ANYBLOB="02000100", @ANYRES32=0x0, @ANYBLOB="04002d000000000008045547146b45e157ef5ab7000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000600", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000600", @ANYRES32=0xee01, @ANYBLOB="08000500", @ANYRES32, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r16, @ANYBLOB="10000300000000002000010000000000"], 0xa4, 0x0)
getgroups(0x5, &(0x7f0000000340)=[r6, r9, r10, r11, r16])

871.894386ms ago: executing program 6 (id=2133):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b7"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]})
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000001640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x14)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b81000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

818.122127ms ago: executing program 6 (id=2134):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000008500"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000508000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000001e0a05010000000000000000070000070900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xc0}}, 0x0)

782.363068ms ago: executing program 2 (id=2135):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
syncfs(0xffffffffffffffff)

750.829878ms ago: executing program 6 (id=2136):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f0000fcb000)=0xfffffffc, 0x4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x5}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, <r1=>0xffffffffffffffff}, './file0\x00'})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000000)=[r0, r2], 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x1000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x0, 0x6}, {0xfff3}}}, 0x24}}, 0x0)

750.239948ms ago: executing program 2 (id=2137):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
lsm_get_self_attr(0x69, &(0x7f0000000580)={0x0, 0x0, 0xad, 0x8d, ""/141}, &(0x7f0000000080)=0xad, 0x0) (fail_nth: 3)

478.327263ms ago: executing program 2 (id=2138):
syz_io_uring_setup(0x805a75, &(0x7f0000000080)={0x0, 0x2, 0x10100, 0x1, 0xfffffffc}, &(0x7f0000000240), &(0x7f0000000140))
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sigaltstack(0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
inotify_init()

476.770013ms ago: executing program 7 (id=2139):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000005c0)=0x14, 0x80000)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000008c0)={'syztnl2\x00', &(0x7f0000000940)={'sit0\x00', <r1=>0x0, 0x7800, 0x8, 0xbb, 0xef, {{0x5, 0x4, 0x2, 0x26, 0x14, 0x68, 0x0, 0x6, 0x2f, 0x0, @broadcast, @multicast1}}}})
recvfrom$packet(r0, &(0x7f0000000740)=""/230, 0xe6, 0x100, &(0x7f0000000900)={0x11, 0xa, r1, 0x1, 0xc, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x14)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x18)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r4, 0x9}}, 0x10)
close(r3)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r5, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$caif_stream(0x25, 0x1, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r7, @ANYRESDEC], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
sendmmsg$inet(r6, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xb5914438cc5bcb76}}, {{0x0, 0x2, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x4000)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x60}}, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x8)
r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x88)
fcntl$notify(r9, 0x402, 0x8000001f)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='cgroup.clone_children\x00', 0x2, 0x0)
r10 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r10, 0x402, 0x8000003d)
close_range(r9, r10, 0x0)

475.057523ms ago: executing program 3 (id=2140):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
lsm_get_self_attr(0x69, &(0x7f0000000580)={0x0, 0x0, 0xad, 0x8d, ""/141}, &(0x7f0000000080)=0xad, 0x0)

439.891903ms ago: executing program 3 (id=2141):
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x1200, 0x30, 0x3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x2)
r2 = dup(r1)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x40d00, 0x20)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

407.448574ms ago: executing program 4 (id=2142):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001c80)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600020906ffffffffffffffff03003e0000000000000100000000000040000000000000009a010000000000000000000000003800030000000100000051e574640900000087000000000000000e0000000000000000000000000000800500000000000000bf04000000000000ffffffffffffffff0700000003000000ff030000000000000300000000000000050000000000000005000000000000000000000000000010040000000000000003"], 0xe8)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

390.807254ms ago: executing program 7 (id=2143):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000003c0)={0x0, 0xfc00, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80)

389.871724ms ago: executing program 4 (id=2144):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
dup3(r0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0x401}, 0x18)
move_mount(r0, &(0x7f0000000100)='./bus\x00', r1, &(0x7f00000000c0)='./bus\x00', 0x14)
sendfile(r1, r0, 0x0, 0x7ffff000)

354.119955ms ago: executing program 6 (id=2145):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
capget(&(0x7f0000000140)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000200)={0xf, 0x55, 0x0, 0x9, 0x200, 0x9})

353.235804ms ago: executing program 2 (id=2146):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
dup3(r0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0x401}, 0x18)
move_mount(r0, &(0x7f0000000100)='./bus\x00', r1, &(0x7f00000000c0)='./bus\x00', 0x14)
sendfile(r1, r0, 0x0, 0x7ffff000)

291.858145ms ago: executing program 6 (id=2147):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000508000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000001e0a05010000000000000000070000070900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xc0}}, 0x0)

163.363047ms ago: executing program 6 (id=2148):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat(r2, &(0x7f0000000080)='./mnt\x00', r2, &(0x7f0000000100)='./mnt\x00')
unlinkat(r2, &(0x7f00000000c0)='./mnt\x00', 0x200)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="0000229ac9d99901d7d8b38bfa2abd7000fedbc9250200000002ade7c550b604dd93ab69a1fb7c852d795258aab01ee15cc329cc07030d507ee56a68f8a8c4cb8e5c46"], 0x1c}, 0x1, 0x0, 0x0, 0x10d0}, 0x20010)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x6, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x8100, @remote, 0xa8c9}}}, 0x108)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="7c010000190001000000000003000000ac141425000000000000000000000000fe8000000000000000000000000000aa00000000fffd00060a00008000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000c4000500fe880000000000000000000000000101000004d62b000000020000000a0101020000000000000000000000000000000004030700080000000400000001000000fe80000000000000000000000000004c000004d66c00000002000000fc0000000000000000000000000000010135000002007300018000000400000006000000ff010000000000000000000000000001000004d43200000002000000fe8000000000000000000000000000bb02350000b90107000500000003000000050000006d56df5e3f5c6b848d497e41e5fa7f4e0d7be989dc8754d4cd4ec9c45a688850c36d8edbb9bc7e822de0ef16ed673b6f2be3122d8f3cf65f9beffdd036c169a4c40aa604ef87d676dcd93aafd28442e1429ab347f2f947b3aa6d57fb319d13307bc877f74079d3e981eedd66d3d3a9a30fc70725b87d8f9f6e8c4fc545b8ce7659952af76292eec3922c297f0b8e5543373320d5f12ab2cfb1ca81ad71bb4d3799871d3a983dd6ebcc89dcc1f9165066829f6bfacf014bfc9234680eccf64eb5c32bbf0380ff4c6bc15a35e092a7c44bec49dd38fd652bffb5ec764f3fc0d2ba3f279a159677a5ab919812eb2ea9f752b44ebe4eb7d8102ebd2106e5716c613015926645ad19215f9bb663810b3e3e1e7d8acac32894585aab7cc0e201be02824b8b98548f0002d4c82a9349f051698d531ecb33639f926325b900f68700f04a51f229d840800c02011287121db64f"], 0x17c}}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000259400"], 0x118}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r9, &(0x7f0000001240)=ANY=[@ANYBLOB="0000001907000100000014000000452000280068000003069078e0000002e00000014e204e23", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="084031ef65134008"], 0x36)

0s ago: executing program 7 (id=2149):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x180, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x600, {}, [{0x16c, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0xfffffdd6}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xd4, 0x3, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0xea3, 0x7}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0xd8, 0x0, 0x9, 0x100000e0}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0x1, 0x8, {0x2, 0x2}}}}]}]}, 0x180}}, 0x0)

kernel console output (not intermixed with test programs):

ile permissive=1
[  138.577571][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.587318][   T29] audit: type=1400 audit(1750049325.594:7850): avc:  denied  { mounton } for  pid=8378 comm="syz.2.1365" path="/279/file0" dev="tmpfs" ino=1512 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  138.610497][   T29] audit: type=1400 audit(1750049325.604:7851): avc:  denied  { mount } for  pid=8378 comm="syz.2.1365" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  138.638466][ T8388] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1365'.
[  138.654483][ T8388] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  138.680632][ T8380] lo speed is unknown, defaulting to 1000
[  138.687124][   T29] audit: type=1400 audit(1750049325.684:7852): avc:  denied  { write } for  pid=8378 comm="syz.2.1365" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  138.708184][   T29] audit: type=1400 audit(1750049325.684:7853): avc:  denied  { open } for  pid=8378 comm="syz.2.1365" path="/279/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  138.731769][   T29] audit: type=1326 audit(1750049325.744:7854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8389 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  138.755271][   T29] audit: type=1326 audit(1750049325.744:7855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8389 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  138.776693][ T8397] loop1: detected capacity change from 0 to 128
[  138.779099][   T29] audit: type=1326 audit(1750049325.744:7856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8389 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  138.808927][   T29] audit: type=1326 audit(1750049325.744:7857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8389 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  138.832563][   T29] audit: type=1326 audit(1750049325.744:7858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8389 comm="syz.4.1368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  138.868571][ T8400] loop6: detected capacity change from 0 to 512
[  138.876865][ T8390] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  138.878184][ T8400] EXT4-fs: Ignoring removed nobh option
[  138.894397][ T8397] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  138.911575][ T8397] ext4 filesystem being mounted at /262/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.925318][ T8400] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13
[  138.940661][ T8400] EXT4-fs error (device loop6): ext4_clear_blocks:876: inode #13: comm syz.6.1370: attempt to clear invalid blocks 2 len 1
[  138.961005][ T8400] EXT4-fs (loop6): Remounting filesystem read-only
[  139.010674][ T8400] EXT4-fs (loop6): 1 truncate cleaned up
[  139.017152][ T8400] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.068756][ T8415] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1371'.
[  139.105245][ T3307] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  139.106194][ T8419] loop2: detected capacity change from 0 to 1024
[  139.119685][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.161866][ T8419] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.190538][ T8419] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.219923][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.249711][ T8434] IPv6: Can't replace route, no match found
[  139.311689][ T8439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.334085][ T8439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.373183][ T8445] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1383'.
[  139.436607][ T8447] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1385'.
[  139.447523][ T8445] netlink: 'syz.1.1383': attribute type 10 has an invalid length.
[  139.599261][ T8459] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  139.680920][ T8467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1395'.
[  139.716170][ T8472] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1397'.
[  139.742406][ T8467] netlink: 'syz.3.1395': attribute type 10 has an invalid length.
[  140.025888][ T8519] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1405'.
[  140.320911][ T8535] loop2: detected capacity change from 0 to 1024
[  140.327803][ T8535] EXT4-fs: Ignoring removed orlov option
[  140.359500][ T8535] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.591196][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.674209][ T8542] $Hÿ: renamed from bond0 (while UP)
[  140.683748][ T8542] $Hÿ: entered promiscuous mode
[  140.688848][ T8542] bond_slave_0: entered promiscuous mode
[  140.694727][ T8542] bond_slave_1: entered promiscuous mode
[  140.710399][ T8544] loop2: detected capacity change from 0 to 512
[  140.721046][ T8544] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  140.753548][ T8544] EXT4-fs (loop2): 1 truncate cleaned up
[  140.785646][ T8544] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.808515][ T8552] loop4: detected capacity change from 0 to 512
[  140.847655][ T8552] EXT4-fs: Ignoring removed nobh option
[  140.862316][ T8554] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  140.885955][ T8556] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  140.901107][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.917598][ T8552] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  140.975646][ T8552] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.1415: attempt to clear invalid blocks 2 len 1
[  140.997977][ T8564] loop6: detected capacity change from 0 to 1024
[  141.012316][ T8564] EXT4-fs: Ignoring removed orlov option
[  141.054879][ T8567] loop3: detected capacity change from 0 to 512
[  141.094864][ T8564] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.110927][ T8552] EXT4-fs (loop4): Remounting filesystem read-only
[  141.128612][ T8567] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  141.139217][ T8552] EXT4-fs (loop4): 1 truncate cleaned up
[  141.157584][ T8552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.192171][ T8567] EXT4-fs (loop3): 1 truncate cleaned up
[  141.220981][ T8567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.248221][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.273878][ T8575] loop1: detected capacity change from 0 to 512
[  141.324820][ T8572] lo speed is unknown, defaulting to 1000
[  141.331225][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.396038][ T8576] macsec1: entered allmulticast mode
[  141.401491][ T8576] bond0: entered allmulticast mode
[  141.406659][ T8576] bond_slave_0: entered allmulticast mode
[  141.412463][ T8576] bond_slave_1: entered allmulticast mode
[  141.434641][ T8576] bond0: left allmulticast mode
[  141.439565][ T8576] bond_slave_0: left allmulticast mode
[  141.445279][ T8576] bond_slave_1: left allmulticast mode
[  141.906275][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.007585][ T8605] loop3: detected capacity change from 0 to 1024
[  142.165750][ T8607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.175601][ T8607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.205735][ T8611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.213515][ T8605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.215843][ T8611] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.228170][ T8605] ext4 filesystem being mounted at /329/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.276610][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.457631][ T8627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.467938][ T8627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.528733][ T8633] netlink: 'syz.4.1446': attribute type 27 has an invalid length.
[  142.548125][ T8633] batman_adv: batadv0: Interface deactivated: team0
[  142.573846][ T8633] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.582078][ T8633] 8021q: adding VLAN 0 to HW filter on device team0
[  142.588970][ T8633] batman_adv: batadv0: Interface activated: team0
[  142.597436][ T8633] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  142.627635][ T8633] syzkaller1: entered promiscuous mode
[  142.633180][ T8633] syzkaller1: entered allmulticast mode
[  142.886164][ T8635] netlink: 'syz.2.1447': attribute type 27 has an invalid length.
[  142.940980][   T10] lo speed is unknown, defaulting to 1000
[  142.946782][   T10] syz0: Port: 1 Link DOWN
[  142.978677][ T8635] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.986787][ T8635] 8021q: adding VLAN 0 to HW filter on device team0
[  143.007343][ T8635] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  143.017327][ T8643] loop6: detected capacity change from 0 to 1024
[  143.030958][ T8638] lo speed is unknown, defaulting to 1000
[  143.036728][ T8638] syz0: Port: 1 Link ACTIVE
[  143.078388][ T8643] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.124511][ T8643] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.126959][ T8647] __nla_validate_parse: 5 callbacks suppressed
[  143.126977][ T8647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1449'.
[  143.162297][ T8649] syzkaller1: entered promiscuous mode
[  143.166884][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.167823][ T8649] syzkaller1: entered allmulticast mode
[  143.296166][ T8658] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1452'.
[  143.430873][ T8669] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1457'.
[  143.447443][ T8669] netlink: 'syz.3.1457': attribute type 10 has an invalid length.
[  143.478902][ T8672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.487900][ T8672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.079642][ T8674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.088410][ T8674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.098338][   T29] kauditd_printk_skb: 897 callbacks suppressed
[  144.098354][   T29] audit: type=1400 audit(1750049331.134:8756): avc:  denied  { module_request } for  pid=8673 comm="syz.3.1459" kmod="netdev-syzkaller1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  144.127325][   T29] audit: type=1400 audit(1750049331.144:8757): avc:  denied  { sys_module } for  pid=8673 comm="syz.3.1459" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  144.170372][   T29] audit: type=1326 audit(1750049331.194:8758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.6.1460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  144.194993][   T29] audit: type=1326 audit(1750049331.194:8759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.6.1460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  144.218543][   T29] audit: type=1326 audit(1750049331.204:8760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.6.1460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  144.242731][   T29] audit: type=1400 audit(1750049331.204:8761): avc:  denied  { open } for  pid=8677 comm="syz.6.1460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  144.262558][   T29] audit: type=1400 audit(1750049331.204:8762): avc:  denied  { kernel } for  pid=8677 comm="syz.6.1460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  144.282142][   T29] audit: type=1326 audit(1750049331.224:8763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.6.1460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  144.305718][   T29] audit: type=1326 audit(1750049331.224:8764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.6.1460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  144.332973][   T29] audit: type=1326 audit(1750049331.224:8765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.6.1460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  144.509063][ T8686] IPv6: Can't replace route, no match found
[  144.610801][ T8698] IPv6: Can't replace route, no match found
[  144.639379][ T8700] loop1: detected capacity change from 0 to 1024
[  144.690091][ T8702] loop6: detected capacity change from 0 to 512
[  144.717153][ T8702] EXT4-fs: Ignoring removed nobh option
[  144.732911][ T8700] lo speed is unknown, defaulting to 1000
[  144.742004][ T8702] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13
[  144.774220][ T8702] EXT4-fs error (device loop6): ext4_clear_blocks:876: inode #13: comm syz.6.1471: attempt to clear invalid blocks 2 len 1
[  144.787846][ T8702] EXT4-fs (loop6): Remounting filesystem read-only
[  144.796635][ T8702] EXT4-fs (loop6): 1 truncate cleaned up
[  144.816413][ T8709] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1473'.
[  144.826478][ T8702] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.885308][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.965482][ T8723] loop1: detected capacity change from 0 to 1024
[  145.010768][ T8723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.032053][ T8723] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.091783][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.126252][ T8740] loop6: detected capacity change from 0 to 1024
[  145.143351][ T8740] EXT4-fs: Ignoring removed orlov option
[  145.169618][ T8744] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1486'.
[  145.171093][ T8740] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.338436][ T8748] FAULT_INJECTION: forcing a failure.
[  145.338436][ T8748] name failslab, interval 1, probability 0, space 0, times 0
[  145.351166][ T8748] CPU: 1 UID: 0 PID: 8748 Comm: syz.2.1487 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  145.351202][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.351215][ T8748] Call Trace:
[  145.351221][ T8748]  <TASK>
[  145.351229][ T8748]  __dump_stack+0x1d/0x30
[  145.351249][ T8748]  dump_stack_lvl+0xe8/0x140
[  145.351274][ T8748]  dump_stack+0x15/0x1b
[  145.351346][ T8748]  should_fail_ex+0x265/0x280
[  145.351386][ T8748]  should_failslab+0x8c/0xb0
[  145.351415][ T8748]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  145.351451][ T8748]  ? __d_alloc+0x3d/0x350
[  145.351473][ T8748]  ? obj_cgroup_charge_account+0xba/0x1a0
[  145.351539][ T8748]  __d_alloc+0x3d/0x350
[  145.351591][ T8748]  ? should_failslab+0x8c/0xb0
[  145.351649][ T8748]  d_alloc_pseudo+0x1e/0x80
[  145.351672][ T8748]  alloc_file_pseudo+0x71/0x160
[  145.351755][ T8748]  ? security_inode_alloc+0x69/0x100
[  145.351805][ T8748]  sock_alloc_file+0x9c/0x1e0
[  145.351836][ T8748]  do_accept+0x1e4/0x3a0
[  145.351949][ T8748]  __sys_accept4+0xbf/0x140
[  145.351978][ T8748]  __x64_sys_accept+0x42/0x50
[  145.352012][ T8748]  x64_sys_call+0x2f50/0x2fb0
[  145.352040][ T8748]  do_syscall_64+0xd2/0x200
[  145.352084][ T8748]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  145.352113][ T8748]  ? clear_bhb_loop+0x40/0x90
[  145.352139][ T8748]  ? clear_bhb_loop+0x40/0x90
[  145.352164][ T8748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.352258][ T8748] RIP: 0033:0x7f73eaf2e929
[  145.352276][ T8748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.352294][ T8748] RSP: 002b:00007f73e9576038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  145.352311][ T8748] RAX: ffffffffffffffda RBX: 00007f73eb156080 RCX: 00007f73eaf2e929
[  145.352325][ T8748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  145.352337][ T8748] RBP: 00007f73e9576090 R08: 0000000000000000 R09: 0000000000000000
[  145.352352][ T8748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.352367][ T8748] R13: 0000000000000000 R14: 00007f73eb156080 R15: 00007ffd4711ebd8
[  145.352389][ T8748]  </TASK>
[  145.642563][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.705453][   T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  145.715820][ T8758] loop2: detected capacity change from 0 to 512
[  145.727288][   T23] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  145.921658][ T8758] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  145.953210][ T8758] ext4 filesystem being mounted at /303/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.008510][ T8762] lo speed is unknown, defaulting to 1000
[  146.036123][ T8773] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1479'.
[  146.439678][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  146.455265][ T8773] workqueue: Failed to create a rescuer kthread for wq "phy3-mac-cmds": -EINTR
[  146.472373][ T8782] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  146.488574][ T8782] IPv6: NLM_F_CREATE should be set when creating new route
[  146.495822][ T8782] IPv6: NLM_F_CREATE should be set when creating new route
[  146.503077][ T8782] IPv6: NLM_F_CREATE should be set when creating new route
[  146.743405][ T8788] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1498'.
[  146.848535][ T8791] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  146.875707][ T8791] FAULT_INJECTION: forcing a failure.
[  146.875707][ T8791] name failslab, interval 1, probability 0, space 0, times 0
[  146.888468][ T8791] CPU: 0 UID: 0 PID: 8791 Comm: syz.4.1499 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  146.888499][ T8791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.888515][ T8791] Call Trace:
[  146.888523][ T8791]  <TASK>
[  146.888532][ T8791]  __dump_stack+0x1d/0x30
[  146.888558][ T8791]  dump_stack_lvl+0xe8/0x140
[  146.888622][ T8791]  dump_stack+0x15/0x1b
[  146.888680][ T8791]  should_fail_ex+0x265/0x280
[  146.888725][ T8791]  should_failslab+0x8c/0xb0
[  146.888754][ T8791]  kmem_cache_alloc_node_noprof+0x57/0x320
[  146.888876][ T8791]  ? __alloc_skb+0x101/0x320
[  146.888915][ T8791]  __alloc_skb+0x101/0x320
[  146.888952][ T8791]  netlink_ack+0xfd/0x500
[  146.889013][ T8791]  netlink_rcv_skb+0x192/0x220
[  146.889047][ T8791]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  146.889075][ T8791]  rtnetlink_rcv+0x1c/0x30
[  146.889143][ T8791]  netlink_unicast+0x59e/0x670
[  146.889209][ T8791]  netlink_sendmsg+0x58b/0x6b0
[  146.889236][ T8791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  146.889261][ T8791]  __sock_sendmsg+0x142/0x180
[  146.889291][ T8791]  ____sys_sendmsg+0x31e/0x4e0
[  146.889331][ T8791]  ___sys_sendmsg+0x17b/0x1d0
[  146.889372][ T8791]  __x64_sys_sendmsg+0xd4/0x160
[  146.889397][ T8791]  x64_sys_call+0x2999/0x2fb0
[  146.889496][ T8791]  do_syscall_64+0xd2/0x200
[  146.889515][ T8791]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  146.889598][ T8791]  ? clear_bhb_loop+0x40/0x90
[  146.889626][ T8791]  ? clear_bhb_loop+0x40/0x90
[  146.889657][ T8791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.889682][ T8791] RIP: 0033:0x7f2e2b58e929
[  146.889751][ T8791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.889769][ T8791] RSP: 002b:00007f2e29bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  146.889791][ T8791] RAX: ffffffffffffffda RBX: 00007f2e2b7b5fa0 RCX: 00007f2e2b58e929
[  146.889806][ T8791] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  146.889822][ T8791] RBP: 00007f2e29bf7090 R08: 0000000000000000 R09: 0000000000000000
[  146.889836][ T8791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.889848][ T8791] R13: 0000000000000000 R14: 00007f2e2b7b5fa0 R15: 00007ffdcb070b38
[  146.889870][ T8791]  </TASK>
[  147.166822][ T8771] Set syz1 is full, maxelem 65536 reached
[  147.209379][ T8793] loop4: detected capacity change from 0 to 1024
[  147.230834][ T8793] EXT4-fs: Ignoring removed orlov option
[  147.244680][ T8793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.262900][ T8795] loop6: detected capacity change from 0 to 512
[  147.275497][ T8795] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  147.301944][ T8795] EXT4-fs (loop6): 1 truncate cleaned up
[  147.415731][ T8799] loop4: detected capacity change from 0 to 764
[  147.429859][ T8799] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  147.451660][ T8805] loop1: detected capacity change from 0 to 1024
[  147.468937][ T8805] EXT4-fs: Ignoring removed orlov option
[  147.528223][ T8808] FAULT_INJECTION: forcing a failure.
[  147.528223][ T8808] name failslab, interval 1, probability 0, space 0, times 0
[  147.541047][ T8808] CPU: 1 UID: 0 PID: 8808 Comm: syz.4.1506 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  147.541136][ T8808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.541153][ T8808] Call Trace:
[  147.541160][ T8808]  <TASK>
[  147.541169][ T8808]  __dump_stack+0x1d/0x30
[  147.541195][ T8808]  dump_stack_lvl+0xe8/0x140
[  147.541218][ T8808]  dump_stack+0x15/0x1b
[  147.541240][ T8808]  should_fail_ex+0x265/0x280
[  147.541347][ T8808]  should_failslab+0x8c/0xb0
[  147.541432][ T8808]  kmem_cache_alloc_noprof+0x50/0x310
[  147.541466][ T8808]  ? getname_flags+0x80/0x3b0
[  147.541497][ T8808]  getname_flags+0x80/0x3b0
[  147.541527][ T8808]  user_path_at+0x28/0x130
[  147.541606][ T8808]  __se_sys_pivot_root+0xbc/0x720
[  147.541641][ T8808]  ? fput+0x8f/0xc0
[  147.541675][ T8808]  __x64_sys_pivot_root+0x31/0x40
[  147.541694][ T8808]  x64_sys_call+0x2aac/0x2fb0
[  147.541782][ T8808]  do_syscall_64+0xd2/0x200
[  147.541799][ T8808]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  147.541883][ T8808]  ? clear_bhb_loop+0x40/0x90
[  147.541971][ T8808]  ? clear_bhb_loop+0x40/0x90
[  147.541993][ T8808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.542024][ T8808] RIP: 0033:0x7f2e2b58e929
[  147.542042][ T8808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.542065][ T8808] RSP: 002b:00007f2e29bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[  147.542097][ T8808] RAX: ffffffffffffffda RBX: 00007f2e2b7b5fa0 RCX: 00007f2e2b58e929
[  147.542174][ T8808] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0
[  147.542186][ T8808] RBP: 00007f2e29bf7090 R08: 0000000000000000 R09: 0000000000000000
[  147.542197][ T8808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.542211][ T8808] R13: 0000000000000000 R14: 00007f2e2b7b5fa0 R15: 00007ffdcb070b38
[  147.542234][ T8808]  </TASK>
[  147.741517][ T8810] loop2: detected capacity change from 0 to 1024
[  147.765209][ T8810] EXT4-fs: Ignoring removed orlov option
[  147.790652][ T8814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.800402][ T8814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.156871][ T8822] loop1: detected capacity change from 0 to 1024
[  148.167487][ T8822] EXT4-fs: Ignoring removed orlov option
[  148.321258][ T8837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.329995][ T8837] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.392116][ T8840] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1519'.
[  148.522739][ T8846] SELinux: syz.4.1522 (8846) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  148.539569][ T8846] loop4: detected capacity change from 0 to 512
[  148.766623][    C0] vcan0: j1939_tp_rxtimer: 0xffff888119d79400: rx timeout, send abort
[  149.158607][   T29] kauditd_printk_skb: 244 callbacks suppressed
[  149.158718][   T29] audit: type=1326 audit(1750049336.184:9010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.200702][   T29] audit: type=1326 audit(1750049336.224:9011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.224226][   T29] audit: type=1326 audit(1750049336.224:9012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.247766][   T29] audit: type=1326 audit(1750049336.224:9013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.271175][    C0] vcan0: j1939_tp_rxtimer: 0xffff888119d79c00: rx timeout, send abort
[  149.279393][    C0] vcan0: j1939_tp_rxtimer: 0xffff888119d79400: abort rx timeout. Force session deactivation
[  149.289564][   T29] audit: type=1326 audit(1750049336.224:9014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.313039][   T29] audit: type=1326 audit(1750049336.224:9015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.336718][   T29] audit: type=1326 audit(1750049336.224:9016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.360250][   T29] audit: type=1326 audit(1750049336.224:9017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.383763][   T29] audit: type=1326 audit(1750049336.224:9018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.412785][   T29] audit: type=1326 audit(1750049336.234:9019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8860 comm="syz.6.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fe617e929 code=0x7ffc0000
[  149.456398][ T8865] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1529'.
[  149.464682][ T8867] loop3: detected capacity change from 0 to 512
[  149.466094][ T8864] netlink: 'syz.6.1528': attribute type 27 has an invalid length.
[  149.492689][ T8867] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  149.510391][ T8867] EXT4-fs (loop3): 1 truncate cleaned up
[  149.529774][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.537273][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.583046][ T8875] netlink: 'syz.3.1530': attribute type 39 has an invalid length.
[  149.589069][ T8864] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.601834][ T8864] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  149.662862][ T8864] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  149.672053][ T8864] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  149.681218][ T8864] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  149.690122][ T8864] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  149.771235][    C0] vcan0: j1939_tp_rxtimer: 0xffff888119d79c00: abort rx timeout. Force session deactivation
[  149.823345][ T8870] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.854123][ T8870] 8021q: adding VLAN 0 to HW filter on device team0
[  149.873730][ T8870] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  149.886241][ T8887] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1534'.
[  149.941649][ T8877] syzkaller1: entered promiscuous mode
[  149.947211][ T8877] syzkaller1: entered allmulticast mode
[  149.982049][ T8891] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1535'.
[  150.036321][ T8894] loop2: detected capacity change from 0 to 512
[  150.044927][ T8894] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  150.065811][ T8887] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8887 comm=syz.4.1534
[  150.083195][ T8894] EXT4-fs (loop2): 1 truncate cleaned up
[  150.205375][ T8900] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1538'.
[  150.257632][ T8904] loop2: detected capacity change from 0 to 1024
[  150.280006][ T8904] EXT4-fs: Ignoring removed orlov option
[  150.403247][ T8911] loop2: detected capacity change from 0 to 1024
[  150.461418][ T8911] ext4 filesystem being mounted at /323/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.473572][ T8881] syz.3.1530 (8881) used greatest stack depth: 6952 bytes left
[  150.912491][ T8921] lo speed is unknown, defaulting to 1000
[  150.960728][ T8921] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  150.975664][ T8921] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 27 with max blocks 1 with error 28
[  150.987983][ T8921] EXT4-fs (loop2): This should not happen!! Data will be lost
[  150.987983][ T8921] 
[  150.997711][ T8921] EXT4-fs (loop2): Total free blocks count 0
[  151.003760][ T8921] EXT4-fs (loop2): Free/Dirty block details
[  151.009682][ T8921] EXT4-fs (loop2): free_blocks=4293918720
[  151.015468][ T8921] EXT4-fs (loop2): dirty_blocks=16
[  151.020706][ T8921] EXT4-fs (loop2): Block reservation details
[  151.026779][ T8921] EXT4-fs (loop2): i_reserved_data_blocks=1
[  151.265463][ T8927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.286320][ T8927] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.934930][ T8931] loop4: detected capacity change from 0 to 512
[  151.944321][ T8931] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  151.963553][ T8931] EXT4-fs (loop4): 1 truncate cleaned up
[  152.105317][ T8935] loop4: detected capacity change from 0 to 764
[  152.160353][ T8935] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  152.175818][ T8941] loop1: detected capacity change from 0 to 1024
[  152.215231][ T8941] EXT4-fs: Ignoring removed orlov option
[  152.290208][ T8945] loop3: detected capacity change from 0 to 512
[  152.313025][ T8947] loop4: detected capacity change from 0 to 512
[  152.324420][ T8945] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  152.358464][ T8947] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  152.366964][ T8945] ext4 filesystem being mounted at /351/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  152.389296][ T8947] EXT4-fs (loop4): orphan cleanup on readonly fs
[  152.396452][ T8956] loop1: detected capacity change from 0 to 1024
[  152.396867][ T8947] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  152.430604][ T8956] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  152.440823][ T8947] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  152.452107][ T8947] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1555: bg 0: block 40: padding at end of block bitmap is not set
[  152.494793][ T8947] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  152.537502][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.569000][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.571765][ T8947] EXT4-fs (loop4): 1 truncate cleaned up
[  152.597970][ T3307] EXT4-fs error (device loop1): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0
[  152.618671][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  152.640699][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.664320][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.690811][ T3307] EXT4-fs error (device loop1): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0
[  152.854805][ T8947] pimreg3: entered allmulticast mode
[  152.860362][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  152.878268][ T8946] pimreg3: left allmulticast mode
[  152.883766][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.910170][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.933589][ T3307] EXT4-fs error (device loop1): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0
[  152.955693][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  152.970051][ T3307] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /295/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  152.993722][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.019318][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.034730][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.062407][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.092994][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.107968][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.124613][ T3307] EXT4-fs warning (device loop1): empty_inline_dir:1793: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60
[  153.604546][ T8982] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1565'.
[  153.673028][ T4134] bridge_slave_1: left allmulticast mode
[  153.678819][ T4134] bridge_slave_1: left promiscuous mode
[  153.684635][ T4134] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.702864][ T4134] bridge_slave_0: left allmulticast mode
[  153.708659][ T4134] bridge_slave_0: left promiscuous mode
[  153.714402][ T4134] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.740247][ T8985] loop2: detected capacity change from 0 to 1024
[  153.748012][ T8985] EXT4-fs: Ignoring removed orlov option
[  153.978389][ T4134] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.004417][ T4134] bond_slave_0: left promiscuous mode
[  154.013411][ T4134] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.022412][ T4134] bond_slave_1: left promiscuous mode
[  154.028239][ T4134] $Hÿ (unregistering): Released all slaves
[  154.032170][ T9014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1576'.
[  154.068646][ T9016] loop3: detected capacity change from 0 to 1024
[  154.157295][ T9016] ext4 filesystem being mounted at /356/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.182687][ T4134] hsr_slave_0: left promiscuous mode
[  154.192495][   T29] kauditd_printk_skb: 261 callbacks suppressed
[  154.192511][   T29] audit: type=1400 audit(1750049341.224:9280): avc:  denied  { create } for  pid=9031 comm="syz.2.1583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  154.195318][ T9034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.198942][   T29] audit: type=1400 audit(1750049341.224:9281): avc:  denied  { setopt } for  pid=9031 comm="syz.2.1583" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  154.247049][   T29] audit: type=1400 audit(1750049341.224:9282): avc:  denied  { read write } for  pid=9031 comm="syz.2.1583" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.270621][   T29] audit: type=1400 audit(1750049341.224:9283): avc:  denied  { open } for  pid=9031 comm="syz.2.1583" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.272602][ T9034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.294043][   T29] audit: type=1400 audit(1750049341.224:9284): avc:  denied  { ioctl } for  pid=9031 comm="syz.2.1583" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.326786][ T4134] hsr_slave_1: left promiscuous mode
[  154.326784][   T29] audit: type=1326 audit(1750049341.284:9285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f787073d290 code=0x7ffc0000
[  154.355753][   T29] audit: type=1326 audit(1750049341.284:9286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f787073d677 code=0x7ffc0000
[  154.379108][   T29] audit: type=1326 audit(1750049341.284:9287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f787073d290 code=0x7ffc0000
[  154.402643][   T29] audit: type=1326 audit(1750049341.284:9288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787073e929 code=0x7ffc0000
[  154.426225][   T29] audit: type=1326 audit(1750049341.284:9289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f787073e929 code=0x7ffc0000
[  154.536244][ T4134] team0 (unregistering): Port device team_slave_1 removed
[  154.546851][ T4134] team0 (unregistering): Port device team_slave_0 removed
[  154.666363][ T9061] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1592'.
[  154.791153][ T9066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.792389][ T8989] lo speed is unknown, defaulting to 1000
[  154.831410][ T9066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.848532][ T9076] FAULT_INJECTION: forcing a failure.
[  154.848532][ T9076] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.861764][ T9076] CPU: 0 UID: 0 PID: 9076 Comm: syz.6.1599 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  154.861826][ T9076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.861841][ T9076] Call Trace:
[  154.861846][ T9076]  <TASK>
[  154.861853][ T9076]  __dump_stack+0x1d/0x30
[  154.861874][ T9076]  dump_stack_lvl+0xe8/0x140
[  154.861892][ T9076]  dump_stack+0x15/0x1b
[  154.861909][ T9076]  should_fail_ex+0x265/0x280
[  154.861950][ T9076]  should_fail+0xb/0x20
[  154.861984][ T9076]  should_fail_usercopy+0x1a/0x20
[  154.862024][ T9076]  _copy_from_iter+0xcf/0xe40
[  154.862150][ T9076]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  154.862306][ T9076]  copy_page_from_iter+0x178/0x2a0
[  154.862327][ T9076]  ? anon_pipe_write+0x41/0xaa0
[  154.862350][ T9076]  anon_pipe_write+0x514/0xaa0
[  154.862423][ T9076]  ? anon_pipe_write+0x41/0xaa0
[  154.862526][ T9076]  ? __pfx_anon_pipe_write+0x10/0x10
[  154.862547][ T9076]  vfs_write+0x4a0/0x8e0
[  154.862633][ T9076]  ksys_write+0xda/0x1a0
[  154.862688][ T9076]  __x64_sys_write+0x40/0x50
[  154.862709][ T9076]  x64_sys_call+0x2cdd/0x2fb0
[  154.862793][ T9076]  do_syscall_64+0xd2/0x200
[  154.862811][ T9076]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  154.862835][ T9076]  ? clear_bhb_loop+0x40/0x90
[  154.862858][ T9076]  ? clear_bhb_loop+0x40/0x90
[  154.862946][ T9076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.862974][ T9076] RIP: 0033:0x7f2fe617e929
[  154.862989][ T9076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.863009][ T9076] RSP: 002b:00007f2fe47e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  154.863031][ T9076] RAX: ffffffffffffffda RBX: 00007f2fe63a5fa0 RCX: 00007f2fe617e929
[  154.863074][ T9076] RDX: 00000000fffffecc RSI: 0000200000000000 RDI: 0000000000000004
[  154.863089][ T9076] RBP: 00007f2fe47e7090 R08: 0000000000000000 R09: 0000000000000000
[  154.863105][ T9076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.863119][ T9076] R13: 0000000000000000 R14: 00007f2fe63a5fa0 R15: 00007ffeba253b48
[  154.863173][ T9076]  </TASK>
[  154.864456][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=9076 comm=syz.6.1599
[  154.892010][ T9074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.989778][ T9080] FAULT_INJECTION: forcing a failure.
[  154.989778][ T9080] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.990180][ T9074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.994655][ T9080] CPU: 0 UID: 0 PID: 9080 Comm: syz.6.1600 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  154.994702][ T9080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.994726][ T9080] Call Trace:
[  154.994735][ T9080]  <TASK>
[  154.994746][ T9080]  __dump_stack+0x1d/0x30
[  154.994775][ T9080]  dump_stack_lvl+0xe8/0x140
[  154.994802][ T9080]  dump_stack+0x15/0x1b
[  154.994824][ T9080]  should_fail_ex+0x265/0x280
[  154.994909][ T9080]  should_fail+0xb/0x20
[  154.994979][ T9080]  should_fail_usercopy+0x1a/0x20
[  154.995095][ T9080]  _copy_to_user+0x20/0xa0
[  154.995124][ T9080]  simple_read_from_buffer+0xb5/0x130
[  154.995176][ T9080]  proc_fail_nth_read+0x100/0x140
[  154.995264][ T9080]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  154.995307][ T9080]  vfs_read+0x1a0/0x6f0
[  154.995350][ T9080]  ? __rcu_read_unlock+0x4f/0x70
[  154.995465][ T9080]  ? __fget_files+0x184/0x1c0
[  154.995596][ T9080]  ksys_read+0xda/0x1a0
[  154.995642][ T9080]  __x64_sys_read+0x40/0x50
[  154.995775][ T9080]  x64_sys_call+0x2d77/0x2fb0
[  154.995804][ T9080]  do_syscall_64+0xd2/0x200
[  154.995829][ T9080]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  154.995865][ T9080]  ? clear_bhb_loop+0x40/0x90
[  154.996009][ T9080]  ? clear_bhb_loop+0x40/0x90
[  154.996039][ T9080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.996069][ T9080] RIP: 0033:0x7f2fe617d33c
[  154.996092][ T9080] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  154.996123][ T9080] RSP: 002b:00007f2fe47e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  154.996152][ T9080] RAX: ffffffffffffffda RBX: 00007f2fe63a5fa0 RCX: 00007f2fe617d33c
[  154.996170][ T9080] RDX: 000000000000000f RSI: 00007f2fe47e70a0 RDI: 0000000000000003
[  154.996216][ T9080] RBP: 00007f2fe47e7090 R08: 0000000000000000 R09: 0000000000000000
[  154.996233][ T9080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.996250][ T9080] R13: 0000000000000001 R14: 00007f2fe63a5fa0 R15: 00007ffeba253b48
[  154.996276][ T9080]  </TASK>
[  155.331317][ T8989] chnl_net:caif_netlink_parms(): no params data found
[  155.412204][ T9092] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1605'.
[  155.463391][ T8989] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.470912][ T8989] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.493254][ T8989] bridge_slave_0: entered allmulticast mode
[  155.502451][ T8989] bridge_slave_0: entered promiscuous mode
[  155.509668][ T8989] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.516998][ T8989] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.533439][ T8989] bridge_slave_1: entered allmulticast mode
[  155.540059][ T8989] bridge_slave_1: entered promiscuous mode
[  155.568113][ T8989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  155.583126][ T8989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.620830][ T8989] team0: Port device team_slave_0 added
[  155.627799][ T8989] team0: Port device team_slave_1 added
[  155.634404][ T9109] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1613'.
[  155.644508][ T9109] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1613'.
[  155.674452][ T9111] loop6: detected capacity change from 0 to 512
[  155.687784][ T8989] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.694925][ T8989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.719506][ T9111] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  155.721061][ T8989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.746973][ T9111] EXT4-fs (loop6): 1 truncate cleaned up
[  155.786212][ T8989] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.793263][ T8989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.819438][ T8989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.864634][ T8989] hsr_slave_0: entered promiscuous mode
[  155.872919][ T8989] hsr_slave_1: entered promiscuous mode
[  156.045105][ T8989] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  156.092762][ T9118] macsec1: entered allmulticast mode
[  156.098118][ T9118] bond0: entered allmulticast mode
[  156.103468][ T9118] bond_slave_0: entered allmulticast mode
[  156.109239][ T9118] bond_slave_1: entered allmulticast mode
[  156.121547][ T9118] bond0: left allmulticast mode
[  156.126459][ T9118] bond_slave_0: left allmulticast mode
[  156.131987][ T9118] bond_slave_1: left allmulticast mode
[  156.154519][ T8989] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  156.169845][ T8989] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  156.204209][ T8989] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  156.256468][ T9140] loop4: detected capacity change from 0 to 1024
[  156.276192][ T9140] EXT4-fs: Ignoring removed orlov option
[  156.301224][ T9140] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (16), stripe is disabled
[  156.336912][ T8989] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.358568][ T9136] EXT4-fs error (device loop4): ext4_check_all_de:659: inode #12: block 7: comm syz.4.1624: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0
[  156.404453][ T8989] 8021q: adding VLAN 0 to HW filter on device team0
[  156.434731][ T4132] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.441885][ T4132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.524374][ T8989] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  156.534916][ T8989] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  156.612733][ T9156] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  156.625849][ T4132] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.632999][ T4132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.719544][ T9121] macsec1: entered allmulticast mode
[  156.724998][ T9121] bond0: entered allmulticast mode
[  156.730133][ T9121] bond_slave_0: entered allmulticast mode
[  156.736058][ T9121] bond_slave_1: entered allmulticast mode
[  156.772673][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1629'.
[  156.785287][ T9121] bond0: left allmulticast mode
[  156.790261][ T9121] bond_slave_0: left allmulticast mode
[  156.795925][ T9121] bond_slave_1: left allmulticast mode
[  156.830819][ T9159] syzkaller0: entered promiscuous mode
[  156.836405][ T9159] syzkaller0: entered allmulticast mode
[  156.993161][ T8989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.068399][ T9174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.119780][ T9174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.246486][ T8989] veth0_vlan: entered promiscuous mode
[  157.272313][ T8989] veth1_vlan: entered promiscuous mode
[  157.299704][ T9199] loop2: detected capacity change from 0 to 764
[  157.318443][ T8989] veth0_macvtap: entered promiscuous mode
[  157.326625][ T9199] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  157.335631][ T9201] 9pnet_fd: Insufficient options for proto=fd
[  157.338039][ T8989] veth1_macvtap: entered promiscuous mode
[  157.354121][ T9201] netlink: 'syz.3.1639': attribute type 1 has an invalid length.
[  157.361979][ T9201] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1639'.
[  157.363271][ T8989] batman_adv: batadv0: Interface activated: batadv_slave_0
[  157.404085][ T8989] batman_adv: batadv0: Interface activated: batadv_slave_1
[  157.416190][ T8989] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  157.425322][ T8989] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  157.434203][ T8989] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  157.443125][ T8989] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  157.473786][ T9204] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1640'.
[  157.539463][ T9212] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  157.720152][ T9231] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=9231 comm=syz.3.1650
[  157.745782][ T9228] tipc: Started in network mode
[  157.750820][ T9228] tipc: Node identity 4, cluster identity 4711
[  157.757019][ T9228] tipc: Node number set to 4
[  157.788163][ T9228] loop7: detected capacity change from 0 to 1024
[  157.833476][ T9228] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.1649: Failed to acquire dquot type 0
[  157.835231][ T9243] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1655'.
[  157.875864][ T9228] EXT4-fs (loop7): 1 truncate cleaned up
[  157.967585][ T9252] loop2: detected capacity change from 0 to 1024
[  158.003736][ T9252] ext4 filesystem being mounted at /355/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.054662][ T9264] FAULT_INJECTION: forcing a failure.
[  158.054662][ T9264] name failslab, interval 1, probability 0, space 0, times 0
[  158.067452][ T9264] CPU: 1 UID: 0 PID: 9264 Comm: syz.4.1666 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  158.067529][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.067600][ T9264] Call Trace:
[  158.067606][ T9264]  <TASK>
[  158.067612][ T9264]  __dump_stack+0x1d/0x30
[  158.067633][ T9264]  dump_stack_lvl+0xe8/0x140
[  158.067652][ T9264]  dump_stack+0x15/0x1b
[  158.067667][ T9264]  should_fail_ex+0x265/0x280
[  158.067704][ T9264]  ? audit_log_d_path+0x8d/0x150
[  158.067777][ T9264]  should_failslab+0x8c/0xb0
[  158.067804][ T9264]  __kmalloc_cache_noprof+0x4c/0x320
[  158.067849][ T9264]  audit_log_d_path+0x8d/0x150
[  158.067909][ T9264]  audit_log_d_path_exe+0x42/0x70
[  158.067942][ T9264]  audit_log_task+0x1e9/0x250
[  158.068023][ T9264]  audit_seccomp+0x61/0x100
[  158.068098][ T9264]  ? __seccomp_filter+0x68c/0x10d0
[  158.068128][ T9264]  __seccomp_filter+0x69d/0x10d0
[  158.068160][ T9264]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  158.068185][ T9264]  ? vfs_write+0x75e/0x8e0
[  158.068276][ T9264]  __secure_computing+0x82/0x150
[  158.068305][ T9264]  syscall_trace_enter+0xcf/0x1e0
[  158.068411][ T9264]  do_syscall_64+0xac/0x200
[  158.068434][ T9264]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  158.068466][ T9264]  ? clear_bhb_loop+0x40/0x90
[  158.068486][ T9264]  ? clear_bhb_loop+0x40/0x90
[  158.068507][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.068540][ T9264] RIP: 0033:0x7f2e2b58e929
[  158.068558][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.068580][ T9264] RSP: 002b:00007f2e29bf7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fe
[  158.068603][ T9264] RAX: ffffffffffffffda RBX: 00007f2e2b7b5fa0 RCX: 00007f2e2b58e929
[  158.068617][ T9264] RDX: 00000000000008c7 RSI: 00002000000004c0 RDI: 0000000000000003
[  158.068629][ T9264] RBP: 00007f2e29bf7090 R08: 0000000000000000 R09: 0000000000000000
[  158.068648][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.068660][ T9264] R13: 0000000000000000 R14: 00007f2e2b7b5fa0 R15: 00007ffdcb070b38
[  158.068684][ T9264]  </TASK>
[  158.315357][ T9270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.334230][ T9270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.453354][ T9283] loop3: detected capacity change from 0 to 764
[  158.476449][ T9283] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  158.550648][ T9294] loop7: detected capacity change from 0 to 1024
[  158.596114][ T9294] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.723743][ T9315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.750871][ T9315] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.788234][ T9320] loop3: detected capacity change from 0 to 1024
[  158.807273][ T9320] EXT4-fs: Ignoring removed orlov option
[  158.824444][ T9322] loop6: detected capacity change from 0 to 764
[  158.842895][ T9322] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  159.577849][   T29] kauditd_printk_skb: 772 callbacks suppressed
[  159.577863][   T29] audit: type=1400 audit(1750049346.604:10060): avc:  denied  { module_request } for  pid=9327 comm="syz.6.1692" kmod="block-major-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  159.606375][   T29] audit: type=1400 audit(1750049346.604:10061): avc:  denied  { map_create } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  159.629596][   T29] audit: type=1400 audit(1750049346.654:10062): avc:  denied  { map_read map_write } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  159.640163][ T9414] __nla_validate_parse: 2 callbacks suppressed
[  159.640184][ T9414] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1694'.
[  159.659099][   T29] audit: type=1400 audit(1750049346.654:10063): avc:  denied  { prog_load } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  159.684193][   T29] audit: type=1400 audit(1750049346.664:10064): avc:  denied  { bpf } for  pid=9413 comm="syz.4.1694" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  159.704870][   T29] audit: type=1400 audit(1750049346.664:10065): avc:  denied  { perfmon } for  pid=9413 comm="syz.4.1694" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  159.725914][   T29] audit: type=1400 audit(1750049346.664:10066): avc:  denied  { create } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  159.746597][   T29] audit: type=1400 audit(1750049346.664:10067): avc:  denied  { write } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  159.767262][   T29] audit: type=1400 audit(1750049346.664:10068): avc:  denied  { read } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  159.787685][   T29] audit: type=1400 audit(1750049346.664:10069): avc:  denied  { prog_run } for  pid=9413 comm="syz.4.1694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  159.859928][ T9437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1696'.
[  160.014153][ T9448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.033325][ T9454] netdevsim netdevsim6: Direct firmware load for ..€ failed with error -2
[  160.036355][ T9448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.281592][ T9463] loop6: detected capacity change from 0 to 512
[  160.301456][ T9463] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  160.326832][ T9463] EXT4-fs (loop6): 1 truncate cleaned up
[  160.705531][ T9492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.751284][ T9492] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.951153][ T9512] loop6: detected capacity change from 0 to 1024
[  160.993000][ T9514] loop2: detected capacity change from 0 to 764
[  161.008416][ T9514] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  161.009579][ T9512] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.069860][ T9521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.128271][ T9521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.145197][ T9525] loop2: detected capacity change from 0 to 512
[  161.154558][ T9525] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  161.179433][ T9525] EXT4-fs (loop2): 1 truncate cleaned up
[  161.310176][ T9543] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=9543 comm=syz.6.1740
[  161.345420][ T9544] loop2: detected capacity change from 0 to 764
[  161.363400][ T9544] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  161.486096][ T9557] loop6: detected capacity change from 0 to 764
[  161.521548][ T9557] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  161.598714][ T9566] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  161.700087][ T9574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.725418][ T9574] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.890074][ T9584] loop6: detected capacity change from 0 to 1024
[  161.911680][ T9584] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.114343][ T9603] loop6: detected capacity change from 0 to 764
[  162.138010][ T9603] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  162.260130][ T9615] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1544 sclass=netlink_route_socket pid=9615 comm=syz.2.1771
[  162.358300][ T9622] loop6: detected capacity change from 0 to 1024
[  162.387413][ T9622] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.449879][ T9624] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1776'.
[  162.459534][ T9629] loop4: detected capacity change from 0 to 1024
[  162.501930][ T9629] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.594948][ T9640] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  162.673065][ T9648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.682474][ T9648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.883756][ T9659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.892805][ T9659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.917827][ T9643] macsec1: entered allmulticast mode
[  162.923473][ T9643] bond0: entered allmulticast mode
[  162.928613][ T9643] bond_slave_0: entered allmulticast mode
[  162.934506][ T9643] bond_slave_1: entered allmulticast mode
[  162.941967][ T9643] bond0: left allmulticast mode
[  162.946900][ T9643] bond_slave_0: left allmulticast mode
[  162.952745][ T9643] bond_slave_1: left allmulticast mode
[  163.074655][ T9661] loop4: detected capacity change from 0 to 1024
[  163.081491][ T9661] EXT4-fs: Ignoring removed orlov option
[  163.092018][ T9661] EXT4-fs mount: 55 callbacks suppressed
[  163.092036][ T9661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.132300][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.186266][ T9664] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1791'.
[  163.327453][ T9673] loop7: detected capacity change from 0 to 764
[  163.342032][ T9673] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  163.593825][ T9695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.602366][ T9695] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.638937][ T9700] loop3: detected capacity change from 0 to 1024
[  163.666278][ T9700] EXT4-fs: Ignoring removed orlov option
[  163.698770][ T9700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.757272][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.773001][ T9707] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  163.917433][ T9724] loop3: detected capacity change from 0 to 512
[  163.933889][ T9724] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  163.955956][ T9724] EXT4-fs (loop3): 1 truncate cleaned up
[  163.962593][ T9724] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.991349][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.016675][ T9704] macsec1: entered allmulticast mode
[  164.022093][ T9704] bond0: entered allmulticast mode
[  164.027377][ T9704] bond_slave_0: entered allmulticast mode
[  164.033270][ T9704] bond_slave_1: entered allmulticast mode
[  164.055407][ T9704] bond0: left allmulticast mode
[  164.060356][ T9704] bond_slave_0: left allmulticast mode
[  164.065917][ T9704] bond_slave_1: left allmulticast mode
[  164.263195][ T9757] loop2: detected capacity change from 0 to 764
[  164.266722][ T9762] netdevsim netdevsim6: Direct firmware load for ..€ failed with error -2
[  164.279943][ T9757] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  164.544348][ T9800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.555336][ T9800] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.586253][   T29] kauditd_printk_skb: 758 callbacks suppressed
[  164.586267][   T29] audit: type=1326 audit(1750050377.616:10828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f78707358e7 code=0x7ffc0000
[  164.625728][ T9803] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=9803 comm=syz.6.1825
[  164.651414][   T29] audit: type=1326 audit(1750050377.646:10829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f78706dab19 code=0x7ffc0000
[  164.675163][   T29] audit: type=1326 audit(1750050377.646:10830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f78707358e7 code=0x7ffc0000
[  164.698651][   T29] audit: type=1326 audit(1750050377.646:10831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f78706dab19 code=0x7ffc0000
[  164.722204][   T29] audit: type=1326 audit(1750050377.646:10832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f787073e929 code=0x7ffc0000
[  164.746375][   T29] audit: type=1326 audit(1750050377.656:10833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f78707358e7 code=0x7ffc0000
[  164.770157][   T29] audit: type=1326 audit(1750050377.656:10834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f78706dab19 code=0x7ffc0000
[  164.793865][   T29] audit: type=1326 audit(1750050377.656:10835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f787073e929 code=0x7ffc0000
[  164.817395][   T29] audit: type=1326 audit(1750050377.666:10836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f78707358e7 code=0x7ffc0000
[  164.840865][   T29] audit: type=1326 audit(1750050377.666:10837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.1819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f78706dab19 code=0x7ffc0000
[  164.877245][ T9814] loop7: detected capacity change from 0 to 512
[  164.886830][ T9814] EXT4-fs: Ignoring removed nobh option
[  164.898589][ T9814] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -13
[  164.908906][ T9814] EXT4-fs error (device loop7): ext4_clear_blocks:876: inode #13: comm syz.7.1832: attempt to clear invalid blocks 2 len 1
[  164.922917][ T9814] EXT4-fs (loop7): Remounting filesystem read-only
[  164.923157][ T9812] loop4: detected capacity change from 0 to 764
[  164.930324][ T9814] EXT4-fs (loop7): 1 truncate cleaned up
[  164.942348][ T9814] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.942746][ T9812] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  164.975104][ T8989] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.069488][ T9826] loop4: detected capacity change from 0 to 1024
[  165.087753][ T9826] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.165058][ T9833] loop7: detected capacity change from 0 to 512
[  165.183213][ T9833] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  165.195762][ T9833] EXT4-fs (loop7): 1 truncate cleaned up
[  165.202714][ T9833] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.216053][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.275752][ T9839] loop4: detected capacity change from 0 to 1024
[  165.325891][ T9841] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  165.336193][ T9839] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.349830][ T9839] ext4 filesystem being mounted at /361/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  165.375448][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.459058][ T9850] loop2: detected capacity change from 0 to 1024
[  165.474300][ T9850] EXT4-fs: Ignoring removed orlov option
[  165.494797][ T9852] loop4: detected capacity change from 0 to 512
[  165.502892][ T9850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.517804][ T9852] EXT4-fs: Ignoring removed nobh option
[  165.559834][ T9852] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  165.574294][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.585507][ T9852] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.1846: attempt to clear invalid blocks 2 len 1
[  165.599172][ T9852] EXT4-fs (loop4): Remounting filesystem read-only
[  165.629340][ T9852] EXT4-fs (loop4): 1 truncate cleaned up
[  165.639081][ T9852] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.666024][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.996110][ T8989] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.276399][ T9905] loop6: detected capacity change from 0 to 1024
[  166.307215][ T9905] EXT4-fs: Ignoring removed orlov option
[  166.384079][ T9905] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.537395][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.577647][ T9909] loop3: detected capacity change from 0 to 512
[  166.606144][ T9911] loop2: detected capacity change from 0 to 1024
[  166.617529][ T9909] EXT4-fs: Ignoring removed nobh option
[  166.645662][ T9911] EXT4-fs: Ignoring removed orlov option
[  166.655396][ T9909] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  166.701016][ T9909] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.1858: attempt to clear invalid blocks 2 len 1
[  166.720579][ T9911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.733252][ T9909] EXT4-fs (loop3): Remounting filesystem read-only
[  166.751730][ T9909] EXT4-fs (loop3): 1 truncate cleaned up
[  166.783129][ T9909] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.953204][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.036576][ T9926] loop7: detected capacity change from 0 to 764
[  167.055739][ T9926] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  167.198398][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.215791][ T9934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.234071][ T9934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.296884][ T9929] macsec1: entered allmulticast mode
[  167.302319][ T9929] bond0: entered allmulticast mode
[  167.307518][ T9929] bond_slave_0: entered allmulticast mode
[  167.313363][ T9929] bond_slave_1: entered allmulticast mode
[  167.361922][ T9929] bond0: left allmulticast mode
[  167.366877][ T9929] bond_slave_0: left allmulticast mode
[  167.372606][ T9929] bond_slave_1: left allmulticast mode
[  167.389143][ T9952] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1869'.
[  167.525635][ T9970] netlink: 'syz.6.1870': attribute type 27 has an invalid length.
[  167.605749][ T9970] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.626283][ T9970] 8021q: adding VLAN 0 to HW filter on device team0
[  167.657220][ T9970] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  167.726930][ T9970] syzkaller1: entered promiscuous mode
[  167.732528][ T9970] syzkaller1: entered allmulticast mode
[  167.818402][ T9996] loop4: detected capacity change from 0 to 512
[  167.859928][ T9996] EXT4-fs: Ignoring removed nobh option
[  167.887710][ T9996] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  167.899735][ T9996] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.1873: attempt to clear invalid blocks 2 len 1
[  167.928064][ T9996] EXT4-fs (loop4): Remounting filesystem read-only
[  167.941832][ T9996] EXT4-fs (loop4): 1 truncate cleaned up
[  167.944315][ T9952] loop2: detected capacity change from 0 to 256
[  167.948085][ T9996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.966439][T10011] loop7: detected capacity change from 0 to 1024
[  167.988968][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.996687][T10011] EXT4-fs: Ignoring removed orlov option
[  168.021149][T10011] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.186830][T10028] netlink: 'syz.4.1883': attribute type 13 has an invalid length.
[  168.194895][T10028] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1883'.
[  168.410467][T10039] loop4: detected capacity change from 0 to 512
[  168.421415][T10039] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  168.440680][T10039] EXT4-fs (loop4): 1 truncate cleaned up
[  168.447322][T10039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.490074][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.592510][ T8989] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.711518][T10075] FAULT_INJECTION: forcing a failure.
[  168.711518][T10075] name failslab, interval 1, probability 0, space 0, times 0
[  168.724318][T10075] CPU: 1 UID: 0 PID: 10075 Comm: syz.7.1892 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  168.724352][T10075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  168.724365][T10075] Call Trace:
[  168.724374][T10075]  <TASK>
[  168.724383][T10075]  __dump_stack+0x1d/0x30
[  168.724408][T10075]  dump_stack_lvl+0xe8/0x140
[  168.724573][T10075]  dump_stack+0x15/0x1b
[  168.724602][T10075]  should_fail_ex+0x265/0x280
[  168.724639][T10075]  should_failslab+0x8c/0xb0
[  168.724741][T10075]  kmem_cache_alloc_noprof+0x50/0x310
[  168.724793][T10075]  ? getname_flags+0x80/0x3b0
[  168.724824][T10075]  getname_flags+0x80/0x3b0
[  168.724853][T10075]  __x64_sys_symlinkat+0x4d/0x70
[  168.724882][T10075]  x64_sys_call+0x1558/0x2fb0
[  168.724903][T10075]  do_syscall_64+0xd2/0x200
[  168.724920][T10075]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  168.724945][T10075]  ? clear_bhb_loop+0x40/0x90
[  168.724971][T10075]  ? clear_bhb_loop+0x40/0x90
[  168.725072][T10075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.725095][T10075] RIP: 0033:0x7fc89d7ae929
[  168.725110][T10075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.725196][T10075] RSP: 002b:00007fc89be17038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[  168.725214][T10075] RAX: ffffffffffffffda RBX: 00007fc89d9d5fa0 RCX: 00007fc89d7ae929
[  168.725225][T10075] RDX: 0000200000000640 RSI: ffffffffffffff9c RDI: 0000200000001040
[  168.725237][T10075] RBP: 00007fc89be17090 R08: 0000000000000000 R09: 0000000000000000
[  168.725249][T10075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.725263][T10075] R13: 0000000000000000 R14: 00007fc89d9d5fa0 R15: 00007ffca0457088
[  168.725287][T10075]  </TASK>
[  168.729091][T10072] loop4: detected capacity change from 0 to 1024
[  168.923828][T10072] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.954743][T10072] ext4 filesystem being mounted at /381/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.990686][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.012414][T10098] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  169.048401][T10097] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1895'.
[  169.075504][T10105] loop4: detected capacity change from 0 to 1024
[  169.088872][T10105] EXT4-fs: Ignoring removed orlov option
[  169.098365][T10105] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.222231][T10119] loop3: detected capacity change from 0 to 764
[  169.234954][T10119] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  169.428505][T10134] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1907'.
[  169.490340][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.532289][T10141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.542403][T10141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.712668][   T29] kauditd_printk_skb: 519 callbacks suppressed
[  169.712685][   T29] audit: type=1400 audit(1750050382.746:11357): avc:  denied  { write } for  pid=10140 comm="syz.4.1909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  169.863382][T10152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.873885][T10152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.909515][   T29] audit: type=1400 audit(1750050382.936:11358): avc:  denied  { allowed } for  pid=10154 comm="syz.7.1916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  169.958542][   T29] audit: type=1400 audit(1750050382.966:11359): avc:  denied  { execute } for  pid=10154 comm="syz.7.1916" path="/50/cpu.stat" dev="tmpfs" ino=277 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  169.991355][T10160] loop7: detected capacity change from 0 to 1024
[  169.998190][T10160] EXT4-fs: Ignoring removed orlov option
[  170.028499][T10160] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.062768][   T29] audit: type=1400 audit(1750050383.086:11360): avc:  denied  { bind } for  pid=10151 comm="syz.6.1914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  170.083483][   T29] audit: type=1400 audit(1750050383.096:11361): avc:  denied  { read } for  pid=10151 comm="syz.6.1914" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  170.107904][   T29] audit: type=1400 audit(1750050383.096:11362): avc:  denied  { open } for  pid=10151 comm="syz.6.1914" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  170.132792][   T29] audit: type=1400 audit(1750050383.096:11363): avc:  denied  { ioctl } for  pid=10151 comm="syz.6.1914" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  170.444460][   T29] audit: type=1400 audit(1750050383.476:11364): avc:  denied  { setopt } for  pid=10164 comm="syz.2.1919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  170.464165][   T29] audit: type=1400 audit(1750050383.476:11365): avc:  denied  { bind } for  pid=10164 comm="syz.2.1919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  170.511934][T10168] loop4: detected capacity change from 0 to 512
[  170.532815][T10168] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.546765][T10168] ext4 filesystem being mounted at /385/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.559667][   T29] audit: type=1400 audit(1750050383.586:11366): avc:  denied  { read write } for  pid=10167 comm="syz.4.1920" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  170.607696][ T8989] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.608947][T10168] netlink: 'syz.4.1920': attribute type 13 has an invalid length.
[  170.626058][T10168] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1920'.
[  170.635462][T10168] erspan0: refused to change device tx_queue_len
[  170.642247][T10168] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  170.685867][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.793991][T10178] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1925'.
[  170.893571][T10192] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  170.907716][T10191] loop6: detected capacity change from 0 to 512
[  170.916544][T10191] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  170.954854][T10191] EXT4-fs (loop6): 1 truncate cleaned up
[  170.961114][T10191] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.988713][T10198] netlink: 'syz.7.1932': attribute type 13 has an invalid length.
[  170.996765][T10198] netlink: 152 bytes leftover after parsing attributes in process `syz.7.1932'.
[  171.030321][T10200] loop4: detected capacity change from 0 to 1024
[  171.050382][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.332996][T10200] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.355931][T10200] ext4 filesystem being mounted at /388/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.396207][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.778490][T10221] loop4: detected capacity change from 0 to 512
[  171.866212][T10221] EXT4-fs: Ignoring removed mblk_io_submit option
[  171.905854][T10221] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  171.918355][T10232] loop2: detected capacity change from 0 to 1024
[  171.962309][T10236] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  172.035442][T10232] EXT4-fs: Ignoring removed orlov option
[  172.286772][T10247] lo speed is unknown, defaulting to 1000
[  172.341821][T10246] loop6: detected capacity change from 0 to 512
[  172.348669][T10246] EXT4-fs: Ignoring removed mblk_io_submit option
[  172.355179][T10246] EXT4-fs: Ignoring removed bh option
[  172.364255][T10246] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  172.394288][T10221] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a04ec11c, mo2=0002]
[  172.404685][T10242] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=10242 comm=syz.3.1947
[  172.456038][T10232] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.468796][T10246] EXT4-fs (loop6): 1 truncate cleaned up
[  172.475520][T10246] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.538402][T10221] System zones: 1-12
[  172.551155][T10221] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.1939: corrupted in-inode xattr: e_value size too large
[  172.577524][T10221] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1939: couldn't read orphan inode 15 (err -117)
[  172.601187][T10221] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.709711][T10259] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1951'.
[  172.800200][ T7709] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.864240][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.894095][T10267] netlink: 'syz.6.1953': attribute type 27 has an invalid length.
[  172.914686][T10264] loop7: detected capacity change from 0 to 512
[  172.944513][T10264] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  172.967036][T10278] netlink: 'syz.3.1957': attribute type 13 has an invalid length.
[  172.975163][T10278] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1957'.
[  172.994892][T10264] EXT4-fs (loop7): 1 truncate cleaned up
[  173.010485][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.026030][T10264] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.052573][ T8989] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.078281][T10284] loop2: detected capacity change from 0 to 512
[  173.096403][T10284] EXT4-fs: Ignoring removed nobh option
[  173.117689][T10276] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.122418][T10284] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  173.134785][T10284] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.1959: attempt to clear invalid blocks 2 len 1
[  173.135033][T10291] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=10291 comm=syz.4.1960
[  173.161970][T10284] EXT4-fs (loop2): Remounting filesystem read-only
[  173.164340][T10276] 8021q: adding VLAN 0 to HW filter on device team0
[  173.181849][T10284] EXT4-fs (loop2): 1 truncate cleaned up
[  173.188017][T10284] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.206615][T10276] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  173.230087][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.378567][T10307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1968'.
[  173.463355][T10318] FAULT_INJECTION: forcing a failure.
[  173.463355][T10318] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.476523][T10318] CPU: 1 UID: 0 PID: 10318 Comm: syz.6.1973 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  173.476558][T10318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.476575][T10318] Call Trace:
[  173.476583][T10318]  <TASK>
[  173.476660][T10318]  __dump_stack+0x1d/0x30
[  173.476686][T10318]  dump_stack_lvl+0xe8/0x140
[  173.476709][T10318]  dump_stack+0x15/0x1b
[  173.476730][T10318]  should_fail_ex+0x265/0x280
[  173.476824][T10318]  should_fail+0xb/0x20
[  173.476860][T10318]  should_fail_usercopy+0x1a/0x20
[  173.476900][T10318]  strncpy_from_user+0x25/0x230
[  173.476948][T10318]  ? kmem_cache_alloc_noprof+0x186/0x310
[  173.476974][T10318]  ? getname_flags+0x80/0x3b0
[  173.476997][T10318]  getname_flags+0xae/0x3b0
[  173.477070][T10318]  __x64_sys_symlink+0x33/0x60
[  173.477090][T10318]  x64_sys_call+0x2d8d/0x2fb0
[  173.477110][T10318]  do_syscall_64+0xd2/0x200
[  173.477127][T10318]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  173.477164][T10318]  ? clear_bhb_loop+0x40/0x90
[  173.477256][T10318]  ? clear_bhb_loop+0x40/0x90
[  173.477283][T10318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.477383][T10318] RIP: 0033:0x7f2fe617e929
[  173.477404][T10318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.477426][T10318] RSP: 002b:00007f2fe47e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  173.477449][T10318] RAX: ffffffffffffffda RBX: 00007f2fe63a5fa0 RCX: 00007f2fe617e929
[  173.477465][T10318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  173.477480][T10318] RBP: 00007f2fe47e7090 R08: 0000000000000000 R09: 0000000000000000
[  173.477496][T10318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.477511][T10318] R13: 0000000000000000 R14: 00007f2fe63a5fa0 R15: 00007ffeba253b48
[  173.477548][T10318]  </TASK>
[  173.699571][T10328] netlink: 'syz.2.1974': attribute type 13 has an invalid length.
[  173.707518][T10328] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1974'.
[  173.803667][T10342] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1979'.
[  173.875063][T10349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.887899][T10347] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1986'.
[  173.906093][T10349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.005196][T10337] macsec1: entered allmulticast mode
[  174.010591][T10337] bond0: entered allmulticast mode
[  174.015760][T10337] bond_slave_0: entered allmulticast mode
[  174.021563][T10337] bond_slave_1: entered allmulticast mode
[  174.033772][T10337] bond0: left allmulticast mode
[  174.038703][T10337] bond_slave_0: left allmulticast mode
[  174.044410][T10337] bond_slave_1: left allmulticast mode
[  174.070634][T10353] loop7: detected capacity change from 0 to 764
[  174.078448][T10353] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  174.302165][T10372] netlink: 'syz.4.1997': attribute type 13 has an invalid length.
[  174.310061][T10372] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1997'.
[  174.338913][T10374] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  174.676546][T10390] hub 1-0:1.0: USB hub found
[  174.681695][T10390] hub 1-0:1.0: 8 ports detected
[  174.730511][   T29] kauditd_printk_skb: 362 callbacks suppressed
[  174.730527][   T29] audit: type=1326 audit(1750050387.696:11729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.760533][   T29] audit: type=1326 audit(1750050387.696:11730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.784160][   T29] audit: type=1326 audit(1750050387.706:11731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.807812][   T29] audit: type=1326 audit(1750050387.706:11732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2e2b58d290 code=0x7ffc0000
[  174.831509][   T29] audit: type=1400 audit(1750050387.706:11733): avc:  denied  { append } for  pid=10389 comm="syz.4.2005" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  174.854648][   T29] audit: type=1326 audit(1750050387.706:11734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.878373][   T29] audit: type=1326 audit(1750050387.706:11735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.902378][   T29] audit: type=1326 audit(1750050387.706:11736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.926137][   T29] audit: type=1326 audit(1750050387.726:11737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.949853][   T29] audit: type=1326 audit(1750050387.726:11738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.4.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2b58e929 code=0x7ffc0000
[  174.965717][T10396] macsec1: entered allmulticast mode
[  174.979085][T10396] bond0: entered allmulticast mode
[  174.979241][T10398] loop4: detected capacity change from 0 to 1024
[  174.984302][T10396] bond_slave_0: entered allmulticast mode
[  174.991249][T10398] EXT4-fs: Ignoring removed orlov option
[  174.996460][T10396] bond_slave_1: entered allmulticast mode
[  175.050679][T10396] bond0: left allmulticast mode
[  175.055667][T10396] bond_slave_0: left allmulticast mode
[  175.061401][T10396] bond_slave_1: left allmulticast mode
[  175.076778][T10398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.141122][T10406] loop3: detected capacity change from 0 to 512
[  175.151093][T10406] EXT4-fs: Ignoring removed nomblk_io_submit option
[  175.176497][T10406] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  175.247760][T10406] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  175.273515][T10406] EXT4-fs (loop3): 1 truncate cleaned up
[  175.279830][T10406] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.384571][T10420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.396216][T10420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.417639][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.003079][T10443] macsec1: entered allmulticast mode
[  176.008551][T10443] bond0: entered allmulticast mode
[  176.013984][T10443] bond_slave_0: entered allmulticast mode
[  176.019790][T10443] bond_slave_1: entered allmulticast mode
[  176.099155][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.203012][T10443] bond0: left allmulticast mode
[  176.208045][T10443] bond_slave_0: left allmulticast mode
[  176.213576][T10443] bond_slave_1: left allmulticast mode
[  176.334709][T10455] loop2: detected capacity change from 0 to 512
[  176.342027][T10455] EXT4-fs: Ignoring removed nobh option
[  176.390171][T10455] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  176.405681][T10455] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.2028: attempt to clear invalid blocks 2 len 1
[  176.461826][T10455] EXT4-fs (loop2): Remounting filesystem read-only
[  176.469412][T10455] EXT4-fs (loop2): 1 truncate cleaned up
[  176.472008][T10458] hub 1-0:1.0: USB hub found
[  176.479959][T10458] hub 1-0:1.0: 8 ports detected
[  176.485575][T10455] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.544186][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.642508][T10471] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  176.716615][T10483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  176.726415][T10483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  176.768106][T10486] loop2: detected capacity change from 0 to 1024
[  176.790803][T10486] EXT4-fs: Ignoring removed orlov option
[  176.822397][T10486] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.152617][T10495] bond_slave_0: entered promiscuous mode
[  177.158408][T10495] bond_slave_1: entered promiscuous mode
[  177.166328][T10495] macsec1: entered allmulticast mode
[  177.171728][T10495] bond0: entered allmulticast mode
[  177.176894][T10495] bond_slave_0: entered allmulticast mode
[  177.182673][T10495] bond_slave_1: entered allmulticast mode
[  177.192392][T10495] bond0: left allmulticast mode
[  177.197382][T10495] bond_slave_0: left allmulticast mode
[  177.202908][T10495] bond_slave_1: left allmulticast mode
[  177.208474][T10495] bond_slave_0: left promiscuous mode
[  177.213957][T10495] bond_slave_1: left promiscuous mode
[  177.257763][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.325493][T10500] loop3: detected capacity change from 0 to 512
[  177.332438][T10500] EXT4-fs: Ignoring removed nobh option
[  177.341856][T10500] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  177.351916][T10500] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.2044: attempt to clear invalid blocks 2 len 1
[  177.365252][T10500] EXT4-fs (loop3): Remounting filesystem read-only
[  177.373375][T10500] EXT4-fs (loop3): 1 truncate cleaned up
[  177.379527][T10500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.406731][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.448836][T10508] FAULT_INJECTION: forcing a failure.
[  177.448836][T10508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.462041][T10508] CPU: 1 UID: 0 PID: 10508 Comm: syz.3.2045 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  177.462082][T10508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  177.462095][T10508] Call Trace:
[  177.462103][T10508]  <TASK>
[  177.462113][T10508]  __dump_stack+0x1d/0x30
[  177.462138][T10508]  dump_stack_lvl+0xe8/0x140
[  177.462164][T10508]  dump_stack+0x15/0x1b
[  177.462181][T10508]  should_fail_ex+0x265/0x280
[  177.462263][T10508]  should_fail+0xb/0x20
[  177.462298][T10508]  should_fail_usercopy+0x1a/0x20
[  177.462373][T10508]  _copy_from_user+0x1c/0xb0
[  177.462399][T10508]  ___sys_sendmsg+0xc1/0x1d0
[  177.462441][T10508]  __x64_sys_sendmsg+0xd4/0x160
[  177.462470][T10508]  x64_sys_call+0x2999/0x2fb0
[  177.462492][T10508]  do_syscall_64+0xd2/0x200
[  177.462520][T10508]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  177.462547][T10508]  ? clear_bhb_loop+0x40/0x90
[  177.462573][T10508]  ? clear_bhb_loop+0x40/0x90
[  177.462601][T10508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.462660][T10508] RIP: 0033:0x7f787073e929
[  177.462675][T10508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.462694][T10508] RSP: 002b:00007f786eda7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  177.462714][T10508] RAX: ffffffffffffffda RBX: 00007f7870965fa0 RCX: 00007f787073e929
[  177.462730][T10508] RDX: 0000000000000060 RSI: 0000200000000080 RDI: 0000000000000003
[  177.462745][T10508] RBP: 00007f786eda7090 R08: 0000000000000000 R09: 0000000000000000
[  177.462760][T10508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.462775][T10508] R13: 0000000000000000 R14: 00007f7870965fa0 R15: 00007ffdd1366fd8
[  177.462854][T10508]  </TASK>
[  177.705508][T10514] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  177.716447][T10514] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.724687][T10514] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.737066][T10514] bridge0: entered allmulticast mode
[  177.749367][T10514] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  177.782350][T10518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2052'.
[  177.784729][T10520] loop4: detected capacity change from 0 to 512
[  177.813259][T10520] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  177.833347][T10520] EXT4-fs (loop4): 1 truncate cleaned up
[  177.839620][T10520] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.869667][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.892643][T10525] loop3: detected capacity change from 0 to 512
[  177.918886][T10525] EXT4-fs: Ignoring removed nobh option
[  177.943049][T10525] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  177.952844][T10525] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.2055: attempt to clear invalid blocks 2 len 1
[  177.981198][T10525] EXT4-fs (loop3): Remounting filesystem read-only
[  177.988043][T10525] EXT4-fs (loop3): 1 truncate cleaned up
[  178.037363][T10529] FAULT_INJECTION: forcing a failure.
[  178.037363][T10529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.050676][T10529] CPU: 0 UID: 0 PID: 10529 Comm: syz.7.2054 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  178.050711][T10529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.050728][T10529] Call Trace:
[  178.050771][T10529]  <TASK>
[  178.050780][T10529]  __dump_stack+0x1d/0x30
[  178.050807][T10529]  dump_stack_lvl+0xe8/0x140
[  178.050832][T10529]  dump_stack+0x15/0x1b
[  178.050879][T10529]  should_fail_ex+0x265/0x280
[  178.050991][T10529]  should_fail+0xb/0x20
[  178.051027][T10529]  should_fail_usercopy+0x1a/0x20
[  178.051064][T10529]  _copy_to_user+0x20/0xa0
[  178.051097][T10529]  simple_read_from_buffer+0xb5/0x130
[  178.051140][T10529]  proc_fail_nth_read+0x100/0x140
[  178.051166][T10529]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  178.051190][T10529]  vfs_read+0x1a0/0x6f0
[  178.051286][T10529]  ? __rcu_read_unlock+0x4f/0x70
[  178.051313][T10529]  ? __fget_files+0x184/0x1c0
[  178.051393][T10529]  ksys_read+0xda/0x1a0
[  178.051536][T10529]  __x64_sys_read+0x40/0x50
[  178.051575][T10529]  x64_sys_call+0x2d77/0x2fb0
[  178.051621][T10529]  do_syscall_64+0xd2/0x200
[  178.051645][T10529]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  178.051678][T10529]  ? clear_bhb_loop+0x40/0x90
[  178.051702][T10529]  ? clear_bhb_loop+0x40/0x90
[  178.051723][T10529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.051803][T10529] RIP: 0033:0x7fc89d7ad33c
[  178.051821][T10529] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  178.051841][T10529] RSP: 002b:00007fc89bdf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  178.051864][T10529] RAX: ffffffffffffffda RBX: 00007fc89d9d6080 RCX: 00007fc89d7ad33c
[  178.051881][T10529] RDX: 000000000000000f RSI: 00007fc89bdf60a0 RDI: 0000000000000008
[  178.051893][T10529] RBP: 00007fc89bdf6090 R08: 0000000000000000 R09: 0000000000000000
[  178.051908][T10529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.051939][T10529] R13: 0000000000000000 R14: 00007fc89d9d6080 R15: 00007ffca0457088
[  178.051959][T10529]  </TASK>
[  178.414827][T10551] loop2: detected capacity change from 0 to 1024
[  178.429183][T10551] EXT4-fs: Ignoring removed bh option
[  178.435846][T10551] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  178.468781][ T3412] IPVS: starting estimator thread 0...
[  178.479234][T10551] EXT4-fs error (device loop2): ext4_check_all_de:659: inode #12: block 7: comm syz.2.2066: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0
[  178.501034][T10551] EXT4-fs (loop2): Remounting filesystem read-only
[  178.517300][T10562] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  178.577156][T10568] loop3: detected capacity change from 0 to 512
[  178.607166][T10568] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  178.617260][T10563] IPVS: using max 2352 ests per chain, 117600 per kthread
[  178.641548][T10572] loop2: detected capacity change from 0 to 1024
[  178.648309][T10572] EXT4-fs: Ignoring removed orlov option
[  178.658721][T10568] EXT4-fs (loop3): 1 truncate cleaned up
[  178.860918][T10596] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  179.085687][T10615] FAULT_INJECTION: forcing a failure.
[  179.085687][T10615] name failslab, interval 1, probability 0, space 0, times 0
[  179.098610][T10615] CPU: 0 UID: 0 PID: 10615 Comm: syz.2.2090 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  179.098764][T10615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.098781][T10615] Call Trace:
[  179.098790][T10615]  <TASK>
[  179.098800][T10615]  __dump_stack+0x1d/0x30
[  179.098828][T10615]  dump_stack_lvl+0xe8/0x140
[  179.098853][T10615]  dump_stack+0x15/0x1b
[  179.098875][T10615]  should_fail_ex+0x265/0x280
[  179.098941][T10615]  should_failslab+0x8c/0xb0
[  179.098965][T10615]  kmem_cache_alloc_node_noprof+0x57/0x320
[  179.098995][T10615]  ? __alloc_skb+0x101/0x320
[  179.099083][T10615]  __alloc_skb+0x101/0x320
[  179.099111][T10615]  ? audit_log_start+0x365/0x6c0
[  179.099153][T10615]  audit_log_start+0x380/0x6c0
[  179.099207][T10615]  audit_seccomp+0x48/0x100
[  179.099232][T10615]  ? __seccomp_filter+0x68c/0x10d0
[  179.099258][T10615]  __seccomp_filter+0x69d/0x10d0
[  179.099346][T10615]  ? save_fpregs_to_fpstate+0x100/0x160
[  179.099452][T10615]  ? _raw_spin_unlock+0x26/0x50
[  179.099477][T10615]  __secure_computing+0x82/0x150
[  179.099499][T10615]  syscall_trace_enter+0xcf/0x1e0
[  179.099532][T10615]  do_syscall_64+0xac/0x200
[  179.099555][T10615]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  179.099667][T10615]  ? clear_bhb_loop+0x40/0x90
[  179.099703][T10615]  ? clear_bhb_loop+0x40/0x90
[  179.099733][T10615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.099760][T10615] RIP: 0033:0x7f73eaf2d33c
[  179.099781][T10615] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  179.099798][T10615] RSP: 002b:00007f73e9597030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  179.099856][T10615] RAX: ffffffffffffffda RBX: 00007f73eb155fa0 RCX: 00007f73eaf2d33c
[  179.099868][T10615] RDX: 000000000000000f RSI: 00007f73e95970a0 RDI: 0000000000000006
[  179.099879][T10615] RBP: 00007f73e9597090 R08: 0000000000000000 R09: 0000000000000000
[  179.099891][T10615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.099903][T10615] R13: 0000000000000000 R14: 00007f73eb155fa0 R15: 00007ffd4711ebd8
[  179.099922][T10615]  </TASK>
[  179.580897][T10642] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2101'.
[  179.641001][T10644] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=10644 comm=syz.4.2102
[  179.896767][   T29] kauditd_printk_skb: 1103 callbacks suppressed
[  179.896853][   T29] audit: type=1400 audit(1750050392.926:12840): avc:  denied  { bind } for  pid=10648 comm="syz.4.2104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  179.957899][T10651] loop3: detected capacity change from 0 to 512
[  180.024844][T10651] EXT4-fs: Ignoring removed nobh option
[  180.032444][T10652] loop4: detected capacity change from 0 to 1024
[  180.037342][   T29] audit: type=1400 audit(1750050392.966:12841): avc:  denied  { setopt } for  pid=10648 comm="syz.4.2104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  180.059469][   T29] audit: type=1400 audit(1750050393.046:12842): avc:  denied  { execute } for  pid=10653 comm="syz.6.2106" name="file1" dev="tmpfs" ino=888 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  180.082092][   T29] audit: type=1400 audit(1750050393.046:12843): avc:  denied  { execute_no_trans } for  pid=10653 comm="syz.6.2106" path="/165/file1" dev="tmpfs" ino=888 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  180.093706][T10652] EXT4-fs: Ignoring removed bh option
[  180.105689][   T29] audit: type=1400 audit(1750050393.056:12844): avc:  denied  { mounton } for  pid=10649 comm="syz.3.2105" path="/473/file0" dev="tmpfs" ino=2539 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  180.137038][T10652] EXT4-fs: inline encryption not supported
[  180.146309][T10651] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  180.155002][T10652] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  180.162771][T10651] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.2105: attempt to clear invalid blocks 2 len 1
[  180.166367][   T29] audit: type=1400 audit(1750050393.186:12845): avc:  denied  { create } for  pid=10657 comm="syz.6.2107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  180.188443][T10658] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  180.206689][T10651] EXT4-fs (loop3): Remounting filesystem read-only
[  180.208310][T10652] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  180.214253][T10651] EXT4-fs (loop3): 1 truncate cleaned up
[  180.223657][T10652] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2104: lblock 2 mapped to illegal pblock 2 (length 1)
[  180.228560][   T29] audit: type=1400 audit(1750050393.256:12846): avc:  denied  { mount } for  pid=10649 comm="syz.3.2105" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  180.264126][   T29] audit: type=1400 audit(1750050393.296:12847): avc:  denied  { setopt } for  pid=10649 comm="syz.3.2105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  180.267432][T10652] Quota error (device loop4): qtree_write_dquot: dquota write failed
[  180.292371][T10652] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2104: lblock 0 mapped to illegal pblock 48 (length 1)
[  180.307364][T10652] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  180.316265][T10652] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2104: Failed to acquire dquot type 0
[  180.329775][T10652] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  180.343571][T10652] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2104: mark_inode_dirty error
[  180.356283][T10652] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  180.367098][T10652] EXT4-fs (loop4): 1 orphan inode deleted
[  180.380593][ T4137] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:29: lblock 1 mapped to illegal pblock 1 (length 1)
[  180.397035][T10652] FAULT_INJECTION: forcing a failure.
[  180.397035][T10652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.410268][T10652] CPU: 0 UID: 0 PID: 10652 Comm: syz.4.2104 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  180.410298][T10652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.410310][T10652] Call Trace:
[  180.410316][T10652]  <TASK>
[  180.410322][T10652]  __dump_stack+0x1d/0x30
[  180.410374][T10652]  dump_stack_lvl+0xe8/0x140
[  180.410402][T10652]  dump_stack+0x15/0x1b
[  180.410423][T10652]  should_fail_ex+0x265/0x280
[  180.410474][T10652]  should_fail+0xb/0x20
[  180.410506][T10652]  should_fail_usercopy+0x1a/0x20
[  180.410541][T10652]  _copy_from_user+0x1c/0xb0
[  180.410567][T10652]  __se_sys_mount+0x10d/0x2e0
[  180.410606][T10652]  ? do_mkdirat+0x3ac/0x3f0
[  180.410646][T10652]  __x64_sys_mount+0x67/0x80
[  180.410669][T10652]  x64_sys_call+0xd36/0x2fb0
[  180.410695][T10652]  do_syscall_64+0xd2/0x200
[  180.410718][T10652]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  180.410837][T10652]  ? clear_bhb_loop+0x40/0x90
[  180.410859][T10652]  ? clear_bhb_loop+0x40/0x90
[  180.410887][T10652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.410911][T10652] RIP: 0033:0x7f2e2b5900ca
[  180.410925][T10652] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.411010][T10652] RSP: 002b:00007f2e29bd5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  180.411033][T10652] RAX: ffffffffffffffda RBX: 00007f2e29bd5ef0 RCX: 00007f2e2b5900ca
[  180.411050][T10652] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  180.411061][T10652] RBP: 0000200000000f40 R08: 00007f2e29bd5ef0 R09: 0000000001aca421
[  180.411073][T10652] R10: 0000000001aca421 R11: 0000000000000246 R12: 0000200000000f00
[  180.411084][T10652] R13: 00007f2e29bd5eb0 R14: 0000000000000000 R15: 00002000000008c0
[  180.411102][T10652]  </TASK>
[  180.614933][ T4137] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:29: Failed to release dquot type 0
[  180.634895][T10666] loop7: detected capacity change from 0 to 1024
[  180.645531][T10652] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2104: lblock 0 mapped to illegal pblock 48 (length 1)
[  180.660156][T10666] EXT4-fs: Ignoring removed orlov option
[  180.682725][T10652] netlink: 'syz.4.2104': attribute type 6 has an invalid length.
[  180.720234][T10674] SELinux: failed to load policy
[  180.882127][T10696] loop6: detected capacity change from 0 to 512
[  180.889886][T10687] random: crng reseeded on system resumption
[  180.892853][T10696] EXT4-fs: Ignoring removed oldalloc option
[  180.931297][T10696] EXT4-fs (loop6): 1 truncate cleaned up
[  181.160597][T10719] loop4: detected capacity change from 0 to 512
[  181.197975][T10719] EXT4-fs (loop4): too many log groups per flexible block group
[  181.205814][T10719] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  181.216668][T10719] EXT4-fs (loop4): mount failed
[  181.258951][T10719] loop4: detected capacity change from 0 to 8192
[  181.301239][ T3300]  loop4: p3
[  181.308389][T10738] FAULT_INJECTION: forcing a failure.
[  181.308389][T10738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  181.321622][T10738] CPU: 1 UID: 0 PID: 10738 Comm: syz.7.2128 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  181.321652][T10738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  181.321668][T10738] Call Trace:
[  181.321677][T10738]  <TASK>
[  181.321687][T10738]  __dump_stack+0x1d/0x30
[  181.321714][T10738]  dump_stack_lvl+0xe8/0x140
[  181.321742][T10738]  dump_stack+0x15/0x1b
[  181.321764][T10738]  should_fail_ex+0x265/0x280
[  181.321832][T10738]  should_fail+0xb/0x20
[  181.321918][T10738]  should_fail_usercopy+0x1a/0x20
[  181.321960][T10738]  _copy_to_user+0x20/0xa0
[  181.321984][T10738]  simple_read_from_buffer+0xb5/0x130
[  181.322097][T10738]  proc_fail_nth_read+0x100/0x140
[  181.322125][T10738]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  181.322149][T10738]  vfs_read+0x1a0/0x6f0
[  181.322216][T10738]  ? __rcu_read_unlock+0x4f/0x70
[  181.322238][T10738]  ? __fget_files+0x184/0x1c0
[  181.322325][T10738]  ksys_read+0xda/0x1a0
[  181.322404][T10738]  __x64_sys_read+0x40/0x50
[  181.322454][T10738]  x64_sys_call+0x2d77/0x2fb0
[  181.322482][T10738]  do_syscall_64+0xd2/0x200
[  181.322553][T10738]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  181.322589][T10738]  ? clear_bhb_loop+0x40/0x90
[  181.322616][T10738]  ? clear_bhb_loop+0x40/0x90
[  181.322681][T10738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.322784][T10738] RIP: 0033:0x7fc89d7ad33c
[  181.322804][T10738] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  181.322828][T10738] RSP: 002b:00007fc89be17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  181.322852][T10738] RAX: ffffffffffffffda RBX: 00007fc89d9d5fa0 RCX: 00007fc89d7ad33c
[  181.322868][T10738] RDX: 000000000000000f RSI: 00007fc89be170a0 RDI: 0000000000000004
[  181.322884][T10738] RBP: 00007fc89be17090 R08: 0000000000000000 R09: 0000000000000000
[  181.322915][T10738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.322930][T10738] R13: 0000000000000000 R14: 00007fc89d9d5fa0 R15: 00007ffca0457088
[  181.322961][T10738]  </TASK>
[  181.327691][T10719]  loop4: p3
[  181.444817][T10747] loop7: detected capacity change from 0 to 1024
[  181.465192][T10743] bridge0: entered promiscuous mode
[  181.488136][T10747] EXT4-fs: Ignoring removed orlov option
[  181.555851][T10743] macvlan2: entered promiscuous mode
[  181.564245][T10743] bridge0: port 3(macvlan2) entered blocking state
[  181.570973][T10743] bridge0: port 3(macvlan2) entered disabled state
[  181.595205][T10743] macvlan2: entered allmulticast mode
[  181.600785][T10743] bridge0: entered allmulticast mode
[  181.614007][T10753] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2131'.
[  181.635465][T10743] macvlan2: left allmulticast mode
[  181.640839][T10743] bridge0: left allmulticast mode
[  181.652394][T10743] bridge0: left promiscuous mode
[  181.762398][T10757] loop2: detected capacity change from 0 to 512
[  181.771462][T10757] EXT4-fs: Ignoring removed mblk_io_submit option
[  181.778320][T10757] EXT4-fs: Ignoring removed mblk_io_submit option
[  181.785440][T10757] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  181.795554][T10757] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c11c, mo2=0002]
[  181.806017][T10757] System zones: 1-12
[  181.810900][T10757] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.2132: corrupted in-inode xattr: e_value size too large
[  181.825513][T10757] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.2132: couldn't read orphan inode 15 (err -117)
[  181.853783][T10757] bpf: Bad value for 'gid'
[  181.925096][T10766] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2136'.
[  181.937008][T10768] FAULT_INJECTION: forcing a failure.
[  181.937008][T10768] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  181.950315][T10768] CPU: 1 UID: 0 PID: 10768 Comm: syz.2.2137 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  181.950381][T10768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  181.950401][T10768] Call Trace:
[  181.950473][T10768]  <TASK>
[  181.950545][T10768]  __dump_stack+0x1d/0x30
[  181.950572][T10768]  dump_stack_lvl+0xe8/0x140
[  181.950632][T10768]  dump_stack+0x15/0x1b
[  181.950649][T10768]  should_fail_ex+0x265/0x280
[  181.950693][T10768]  should_fail+0xb/0x20
[  181.950795][T10768]  should_fail_usercopy+0x1a/0x20
[  181.950829][T10768]  _copy_to_user+0x20/0xa0
[  181.950906][T10768]  simple_read_from_buffer+0xb5/0x130
[  181.950942][T10768]  proc_fail_nth_read+0x100/0x140
[  181.950964][T10768]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  181.950983][T10768]  vfs_read+0x1a0/0x6f0
[  181.951051][T10768]  ? __rcu_read_unlock+0x4f/0x70
[  181.951075][T10768]  ? __fget_files+0x184/0x1c0
[  181.951094][T10768]  ? selinux_getselfattr+0x9a/0xd0
[  181.951179][T10768]  ksys_read+0xda/0x1a0
[  181.951213][T10768]  __x64_sys_read+0x40/0x50
[  181.951390][T10768]  x64_sys_call+0x2d77/0x2fb0
[  181.951473][T10768]  do_syscall_64+0xd2/0x200
[  181.951493][T10768]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  181.951579][T10768]  ? clear_bhb_loop+0x40/0x90
[  181.951601][T10768]  ? clear_bhb_loop+0x40/0x90
[  181.951632][T10768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.951680][T10768] RIP: 0033:0x7f73eaf2d33c
[  181.951736][T10768] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  181.951757][T10768] RSP: 002b:00007f73e9597030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  181.951778][T10768] RAX: ffffffffffffffda RBX: 00007f73eb155fa0 RCX: 00007f73eaf2d33c
[  181.951796][T10768] RDX: 000000000000000f RSI: 00007f73e95970a0 RDI: 0000000000000003
[  181.951809][T10768] RBP: 00007f73e9597090 R08: 0000000000000000 R09: 0000000000000000
[  181.951821][T10768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.951834][T10768] R13: 0000000000000000 R14: 00007f73eb155fa0 R15: 00007ffd4711ebd8
[  181.951855][T10768]  </TASK>
[  182.287047][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  182.290112][T10781] loop7: detected capacity change from 0 to 2048
[  182.326759][T10789] loop2: detected capacity change from 0 to 1024
[  182.335841][T10783] loop4: detected capacity change from 0 to 1024
[  182.350509][T10789] EXT4-fs: Ignoring removed orlov option
[  182.359221][T10783] EXT4-fs: Ignoring removed orlov option
[  182.523999][T10801] netlink: 'syz.6.2148': attribute type 27 has an invalid length.
[  182.619881][T10801] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.642168][T10801] 8021q: adding VLAN 0 to HW filter on device team0
[  182.681483][T10783] ==================================================================
[  182.689624][T10783] BUG: KCSAN: data-race in filemap_read / filemap_read
[  182.696538][T10783] 
[  182.698913][T10783] read to 0xffff8881042bc468 of 8 bytes by task 10802 on cpu 1:
[  182.706640][T10783]  filemap_read+0x6f/0xa00
[  182.711084][T10783]  generic_file_read_iter+0x79/0x330
[  182.716399][T10783]  ext4_file_read_iter+0x1cc/0x290
[  182.721613][T10783]  copy_splice_read+0x3c4/0x5f0
[  182.726488][T10783]  splice_direct_to_actor+0x290/0x680
[  182.731899][T10783]  do_splice_direct+0xda/0x150
[  182.736684][T10783]  do_sendfile+0x380/0x650
[  182.741140][T10783]  __x64_sys_sendfile64+0x105/0x150
[  182.746364][T10783]  x64_sys_call+0xb39/0x2fb0
[  182.750967][T10783]  do_syscall_64+0xd2/0x200
[  182.755501][T10783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.761423][T10783] 
[  182.763757][T10783] write to 0xffff8881042bc468 of 8 bytes by task 10783 on cpu 0:
[  182.771489][T10783]  filemap_read+0x974/0xa00
[  182.776071][T10783]  generic_file_read_iter+0x79/0x330
[  182.781388][T10783]  ext4_file_read_iter+0x1cc/0x290
[  182.786516][T10783]  copy_splice_read+0x3c4/0x5f0
[  182.791394][T10783]  splice_direct_to_actor+0x290/0x680
[  182.796798][T10783]  do_splice_direct+0xda/0x150
[  182.801583][T10783]  do_sendfile+0x380/0x650
[  182.806018][T10783]  __x64_sys_sendfile64+0x105/0x150
[  182.811235][T10783]  x64_sys_call+0xb39/0x2fb0
[  182.815842][T10783]  do_syscall_64+0xd2/0x200
[  182.820358][T10783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.826265][T10783] 
[  182.828597][T10783] value changed: 0x00000000000001c0 -> 0x00000000000001c1
[  182.835796][T10783] 
[  182.838123][T10783] Reported by Kernel Concurrency Sanitizer on:
[  182.844290][T10783] CPU: 0 UID: 0 PID: 10783 Comm: syz.4.2144 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[  182.856803][T10783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.866878][T10783] ==================================================================
[  182.875612][T10801] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  182.892826][T10810] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2149'.
[  182.902163][T10810] netlink: 108 bytes leftover after parsing attributes in process `syz.7.2149'.
[  182.944303][T10810] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2149'.
[  182.953813][T10810] netlink: 108 bytes leftover after parsing attributes in process `syz.7.2149'.
[  182.962947][T10810] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2149'.
[  183.039605][T10801] syzkaller1: entered promiscuous mode
[  183.045258][T10801] syzkaller1: entered allmulticast mode