last executing test programs:

3m8.531299512s ago: executing program 0 (id=60):
socket$kcm(0x10, 0xb2bc4d50b2277774, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x65, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x5, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x24, 0x2, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x4, "4eb8"}, {0x0, 0xd, "9606053d0006ff00800000"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)

3m8.474887693s ago: executing program 0 (id=61):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00002ca02b86af074fab000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00'}, 0x10)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)={0x118, 0x28, 0x1, 0x40000004, 0x25dfdbfc, "", [@nested={0x106, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @generic="778dc344c7727773fd6f2dd7eaa6bc29c530df", @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb20900000000000000fc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x5, 0xe9, 0x0, 0x0, @str='\x00'}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r3, 0x0, 0x2}, 0x18)
memfd_create(0x0, 0x4)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="00000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000"], 0x5000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000540), &(0x7f0000000580)}, 0x20)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000007c0)='>', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x160)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)

3m8.404125594s ago: executing program 0 (id=62):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000240)={[{@grpjquota}, {@lazytime}, {@barrier}, {@barrier}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@grpquota}], [{@seclabel}]}, 0x3, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_setup(0x8, &(0x7f0000000300)=<r1=>0x0)
io_pgetevents(r1, 0x4, 0x4, &(0x7f00000006c0)=[{}, {}, {}, {}], &(0x7f0000000500)={0x0, 0x989680}, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
dup3(r2, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r3, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)

3m8.092667008s ago: executing program 0 (id=63):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0x14, 0x28, 0x1, 0x4, 0x25dfdbfc, "", [@nested={0x4, 0xf2}]}, 0x14}], 0x1, 0x0, 0x0, 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000040)={[{@jqfmt_vfsv1}, {@dioread_lock}, {@barrier_val}, {@nolazytime}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x400}}, {@delalloc}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@errors_continue}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r1, 0xfffffffffffffffe, r1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000280), 0x9)
r4 = openat$cgroup_procs(r2, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000c40), 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7ff1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x25346c7d6a446d0f, 0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r6)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r6, 0x18000000000002a0, 0xeff, 0x7, &(0x7f0000001240)="b9ff03076804268c989e14f088a8657986dd", 0x0, 0x4068, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd3, 0xd3, 0x5, [@enum={0x3, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x8}]}, @ptr={0xa, 0x0, 0x0, 0x2, 0x1}, @datasec={0xb, 0x5, 0x0, 0xf, 0x2, [{0x4, 0xd0, 0x80}, {0x1, 0x7fff, 0x20000}, {0x4, 0x7fffffff}, {0x4, 0xb, 0x7}, {0x5, 0x6, 0x7}], "8f62"}, @enum={0x4, 0x1, 0x0, 0x6, 0x4, [{0x1, 0x1}]}, @volatile={0xe, 0x0, 0x0, 0x9, 0x1}, @datasec={0x7, 0x5, 0x0, 0xf, 0x1, [{0x3, 0x400, 0x80000001}, {0x1, 0x81, 0x341b}, {0x5, 0x7c1, 0x3}, {0x1, 0x7, 0xfffffff0}, {0x5, 0x8, 0x1}], '2'}]}, {0x0, [0x5f, 0x0, 0x5f]}}, &(0x7f0000000240)=""/51, 0xf1, 0x33, 0x1, 0x200, 0x0, @void, @value}, 0x28)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

3m7.36633988s ago: executing program 0 (id=66):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r5, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

3m5.619917986s ago: executing program 0 (id=79):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000b, 0x13, r0, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x1000)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c00"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f00000007c0)={0x1, 0xfffffffffffffffd, 0x5, 0x2, 0x7, 0xe00000})

3m5.37132913s ago: executing program 32 (id=79):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000b, 0x13, r0, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x1000)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c00"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f00000007c0)={0x1, 0xfffffffffffffffd, 0x5, 0x2, 0x7, 0xe00000})

1m39.030594462s ago: executing program 4 (id=1348):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x1f4)
r2 = dup2(r1, r1)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})

1m39.007415402s ago: executing program 4 (id=1349):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_setup(0x1e1e, 0x0, 0x0, &(0x7f0000000240)=<r0=>0x0)
syz_io_uring_submit(0x0, r0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x40810)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1m37.602313564s ago: executing program 4 (id=1372):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002)

1m37.562474254s ago: executing program 4 (id=1375):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004900)='./file1\x00', 0x4042, 0xf8)
writev(r3, &(0x7f0000000080), 0x100000000000019a)
setresgid(0xee00, 0xee01, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
ioctl$EXT4_IOC_MIGRATE(r5, 0xff09)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f00000005c0)={'ip6_vti0\x00', <r7=>0x0, 0x2f, 0xe, 0x9, 0x8001, 0x18, @rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x11}, 0x20, 0x7a8, 0x5, 0xb72}})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0x1e, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x61}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, @generic={0x6, 0xe, 0x4, 0x6, 0x7}, @map_fd={0x18, 0xb, 0x1, 0x0, r3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xa}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x8}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}}}, &(0x7f0000000240)='GPL\x00', 0x8, 0xb2, &(0x7f0000000500)=""/178, 0x41100, 0xa, '\x00', r7, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000640)={0x2, 0xc, 0x10000, 0x9}, 0x10, 0x1cd7f, r3, 0x0, 0x0, 0x0, 0x10, 0xff, @void, @value}, 0x94)
accept4$unix(r6, &(0x7f00000001c0), &(0x7f00000000c0)=0x6e, 0x800)

1m37.457567466s ago: executing program 4 (id=1377):
r0 = socket(0x2, 0x3, 0x6)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x4000007)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r5}, 0xc)
sendto$inet(r0, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xd40}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8}, @IFLA_HSR_SLAVE1={0x8}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x44010}, 0x8000)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0)

1m37.18216145s ago: executing program 4 (id=1386):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x1f4)
r2 = dup2(r1, r1)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})

1m37.17932754s ago: executing program 33 (id=1386):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x1f4)
r2 = dup2(r1, r1)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})

7.108543122s ago: executing program 2 (id=2677):
r0 = socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
kexec_load(0x0, 0x0, 0x0, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket(0x28, 0x5, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r5}, &(0x7f0000000540), 0x0}, 0x20)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@deltaction={0x2c, 0x18, 0x1, 0x70bd28, 0x25dfdbfe, {0xa}, [@TCA_ACT_TAB={0x18, 0x1, [{0x14, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}]}]}, 0x2c}}, 0x0)
getpeername$l2tp(r3, &(0x7f00000004c0), &(0x7f0000000580)=0x10)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000440)=ANY=[], 0x0)
r7 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000fb0300000800000002"], 0x50)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r8=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x58, r7, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffbfff9}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

5.546255635s ago: executing program 2 (id=2699):
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f0000000380)='./file0\x00', 0x0) (fail_nth: 3)

5.438280977s ago: executing program 2 (id=2701):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="911017000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc904800000b6b8703100000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44014)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008010}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x1000000, 0x0, {0x0, 0x0, 0x74, r4}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000500))
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xc}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x4, 0x4, 0x1, 0xf, 0x0, @empty, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x700, 0x40, 0x8, 0x2}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000680)={'ip6tnl0\x00', &(0x7f0000000600)={'syztnl2\x00', 0x0, 0x4, 0x6, 0x80, 0x2, 0x0, @dev={0xfe, 0x80, '\x00', 0x2f}, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x700, 0x8000, 0x4, 0x2e}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000007c0)={'ip6gre0\x00', &(0x7f0000000740)={'syztnl2\x00', 0x0, 0x2f, 0x69, 0x8, 0x2, 0x75, @remote, @remote, 0x7f60, 0x10, 0x200, 0x8}})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000800), &(0x7f0000000840)=0xc)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000880)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000008c0)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000009c0)={'syztnl2\x00', &(0x7f0000000900)={'gre0\x00', 0x0, 0x700, 0x8000, 0xbf1, 0x0, {{0x19, 0x4, 0x1, 0x2, 0x64, 0x65, 0x0, 0x5, 0x29, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x30}, {[@timestamp_prespec={0x44, 0x2c, 0xa, 0x3, 0x3, [{@remote, 0x8}, {@loopback, 0x80000001}, {@broadcast, 0x6}, {@private=0xa010100, 0x800}, {@multicast1, 0x7}]}, @cipso={0x86, 0x21, 0x3, [{0x0, 0xb, "51815c74bace341e81"}, {0x6, 0x10, "3eb12118462d62d7a5706422c50b"}]}]}}}}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000a00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000a40)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000dc0))
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000e80)={'ip6tnl0\x00', &(0x7f0000000e00)={'syztnl2\x00', 0x0, 0x29, 0x7, 0x5, 0x81, 0x32, @rand_addr=' \x01\x00', @empty, 0x700, 0x700, 0x10, 0x6}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000fc0)={'syztnl2\x00', &(0x7f0000000ec0)={'syztnl2\x00', 0x0, 0x20, 0x8, 0x8715, 0x7, {{0x29, 0x4, 0x0, 0x2, 0xa4, 0x67, 0x0, 0x3, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@lsrr={0x83, 0x7, 0x8e, [@multicast2]}, @timestamp_addr={0x44, 0x4, 0x12, 0x1, 0xe}, @cipso={0x86, 0x61, 0xffffffffffffffff, [{0x6, 0x8, "6de5a8d34acd"}, {0x5, 0xb, "02e7d62625d28c2c50"}, {0x2, 0x10, "c7abb1f003c8e970b10b99d23949"}, {0x7, 0x11, "079acec80f16e504d39eb1ce5a5715"}, {0x6, 0xa, "3e03009a7141c867"}, {0x2, 0x6, "e797ce80"}, {0x6, 0x12, "3e68067946af33dd2e50f12ac7496127"}, {0x0, 0x5, "c43dcb"}]}, @timestamp_addr={0x44, 0x24, 0x16, 0x1, 0x0, [{@multicast1, 0x76}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x48}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@empty, 0xff}]}]}}}}})
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r7}, &(0x7f0000000000), &(0x7f00000005c0)=r8}, 0x20)

4.184006206s ago: executing program 6 (id=2713):
bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0)

4.089977738s ago: executing program 3 (id=2716):
unshare(0x22020600)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0x88, 0x3, [@enum64={0x6, 0x8, 0x0, 0x13, 0x1, 0x0, [{0xa, 0x6b25, 0x69}, {0x10, 0x511c, 0x7fffffff}, {0x6, 0x3}, {0x6, 0x9, 0x2000}, {0x5, 0x9, 0xd9}, {0xc, 0x1ff, 0xffffff7c}, {0xe, 0xcd, 0x3}, {0xd, 0x9, 0x7}]}, @var={0x2, 0x0, 0x0, 0xe, 0x5, 0x1}, @const={0x2, 0x0, 0x0, 0xa, 0x3}]}, {0x0, [0x30]}}, &(0x7f0000000000)=""/38, 0xa3, 0x26, 0x1, 0x2, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\n\x00\x00\x00\v\x00\x00\x00B\x00\x00\x00>\x00\x00\x00B\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="04f4ffffff00fe9e00000057000000000000ff000000000000000000"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2}}}}}}}, 0x0)
writev(r3, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd0000001000010006080800418e00000004fcff", 0x58}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0xfffffffffffffff8}, 0x18)
openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_open_dev$ptys(0xc, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
statx(0xffffffffffffffff, 0x0, 0x6000, 0x4, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x6, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d921106f0b69617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020753ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cf0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000100)={0x2000000, 0x0, 0x13, 0x4, 0x200, 0x0})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
socket(0x2, 0x2, 0x1)

3.787764832s ago: executing program 3 (id=2718):
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180040008003950323030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_tos={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
pipe2(&(0x7f0000001cc0), 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, 0x0)

3.736185643s ago: executing program 3 (id=2720):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000700), 0x101000, 0x0)
socket$key(0xf, 0x3, 0x2)
add_key(0x0, &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb2303289", 0x5b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f00000007c0)={'#! ', '', [], 0xa, "d79a130f5169"}, 0xa)
perf_event_open(&(0x7f00000004c0)={0x8, 0x80, 0x0, 0xc, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000080), 0x9}, 0x18204, 0x0, 0x3, 0x0, 0x0, 0x5338c7af, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x20, &(0x7f00000003c0)={&(0x7f0000000300)=""/167, 0xa7, <r5=>0x0, &(0x7f0000000600)=""/156, 0x9c}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000740)={'ip6tnl0\x00', <r6=>0x0, 0x29, 0xd, 0x99, 0xd5, 0x4, @mcast1, @loopback, 0x20, 0x10, 0x9, 0x9}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r2, @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', r6, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
readlinkat(r2, &(0x7f0000000840)='./file0\x00', &(0x7f0000000880)=""/23, 0x17)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @mcast1, @rand_addr=' \x01\x00', 0x20, 0x0, 0x9}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, @dev, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x0, 0x1000000}})

3.612322415s ago: executing program 6 (id=2721):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x74, &(0x7f00000001c0)=[@in={0x2, 0x0, @private=0xa010101}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x37}}, @in6={0xa, 0x4e23, 0x1, @mcast2, 0x4}, @in6={0xa, 0x4e21, 0x401, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in6={0xa, 0x4e22, 0x800, @mcast2, 0x7}]}, &(0x7f0000000100)=0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x80, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x3}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x10000000}, 0x800, 0xc8, 0xffff, 0x7, 0xf9, 0xfffffffc, 0x2, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe8000000000000010"], 0xfdef)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0xffffffffffffffae}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xfdef)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90)
write$cgroup_type(r6, &(0x7f00000009c0), 0xd4ba0ff)
unlink(&(0x7f0000000100)='./file0/file1\x00')
link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00')
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r7=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x3}, 0x8)

3.28987395s ago: executing program 3 (id=2726):
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan0\x00'})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4004110)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x480d5}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
mount$cgroup(0x0, &(0x7f0000000040)='.\x00', &(0x7f00000001c0), 0x8000, &(0x7f0000000240)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@release_agent={'release_agent', 0x3d, './file0'}}]})
r4 = dup2(0xffffffffffffffff, r1)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c4fc06e19ae454ba8bf48485d4e76c08067c92182451464921b819efc00d9d5049b53672e6e01ad29c5e504e120324d51a2cfca1dd83bd0aa16d2f518222cc881b844b8ec43ec2e5e94d5b48fb979e9675ea596dd0fa859454e7481c56b8e6c366291f4314e7ef0fe1805673beb103e26055695abef38386f331674b3ffb9c4dbf750f3d3c4924088956627574a068c85814738054849de7051b9e7ac29dc87ecdbf9c0f1df52998c4adb37f3c1f4b8325b7a061900e1452651206b7c53ba3eedfa448b64d0ac49e91fd115e9370b87926139cf81d7b64cdb9d47852e4d2e6ff92ce115a0e0b845e8836b527b1c4f70b14e7c676c78"], 0x78}, 0x1, 0x0, 0x0, 0x854}, 0x8014)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f00000003c0)=""/137)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='kfree\x00', r5}, 0x18)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

3.174253972s ago: executing program 6 (id=2730):
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x80512, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x100000000, 0x0, 0x4, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0x2)
socket$netlink(0x10, 0x3, 0x0)
unshare(0x20000400)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d80000001c0081064e81f782db44b9040a1d08040000000000000aa1180002000607002603600e12080b0f0000810401a8001605200001400200000803604e0cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7", 0x6c}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000b800000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x80c0}, 0x8040)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), 0xffffffffffffffff)
r6 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x17ffdb36c0e5187e}, 0xc, &(0x7f0000000480)={&(0x7f00000002c0)={0x30, r5, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x2004c891}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x18)
socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r7}, 0x10)
r8 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r8, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="00020201"], 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0), 0x1, 0x553, &(0x7f0000000800)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")

3.091876693s ago: executing program 6 (id=2733):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = epoll_create1(0x80000)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f00000002c0))
recvmmsg(r3, &(0x7f0000000280), 0x3fffffffffffd17, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005", @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r6}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000b00)=ANY=[@ANYRESHEX=r1, @ANYRES64=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020d00f8ffffff0000000085100000589ad8b6481e149f30e48b5182b5db42a6fe9e26c7fefb3b411a370ec0f1f8da9cce4e55c7524ce3b821d7f0846c0a22b95065f4d1a685756a96efa3934989deead9852b756fb0a0c3cbe3f9dba202121268"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)

1.524865807s ago: executing program 1 (id=2737):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0xf2, 0x2400)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
recvmmsg(r1, &(0x7f0000000b00)=[{{&(0x7f0000001240)=@hci, 0x80, &(0x7f00000013c0)=[{&(0x7f00000012c0)=""/163, 0xa3}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000001380)=""/40, 0x28}], 0x3, &(0x7f0000001400)=""/5, 0x5}, 0x1}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000001440)=""/44, 0x2c}, {&(0x7f0000003440)=""/4096, 0x1000}, {&(0x7f0000001480)=""/140, 0x8c}, {&(0x7f0000000480)=""/70, 0x46}], 0x4, &(0x7f0000001640)=""/196, 0xc4}, 0xe53}, {{&(0x7f0000001740)=@caif=@dbg, 0x80, &(0x7f0000001e00)=[{&(0x7f00000017c0)=""/171, 0xab}, {&(0x7f0000001880)=""/133, 0x85}, {&(0x7f0000001940)=""/102, 0x66}, {&(0x7f00000019c0)=""/81, 0x51}, {&(0x7f0000001a40)=""/245, 0xf5}, {&(0x7f0000000500)=""/155, 0x9b}, {&(0x7f0000004440)=""/4096, 0x1000}, {&(0x7f0000001c00)=""/223, 0xdf}, {&(0x7f0000001d00)=""/217, 0xd9}], 0x9, &(0x7f0000007740)=""/4081, 0xff1}, 0xfffffffa}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000001f40)=""/23, 0x17}, {&(0x7f0000001f80)=""/126, 0x7e}, {&(0x7f0000002000)=""/58, 0x3a}, {&(0x7f0000006440)=""/4096, 0x1000}, {&(0x7f0000002040)=""/23, 0x17}, {&(0x7f00000001c0)=""/52, 0x34}], 0x6, &(0x7f0000002100)}, 0xfffff801}, {{&(0x7f0000002140)=@alg, 0x80, 0x0}, 0x69669a71}], 0x5, 0x2002, &(0x7f00000076c0)={0x0, 0x3938700})
bpf$MAP_CREATE(0x0, &(0x7f0000007700)=ANY=[@ANYRESOCT], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xb, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES16=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa0000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
getresgid(&(0x7f0000000d00), &(0x7f0000000d40), &(0x7f0000000d80))
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x106, 0x40001, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x2, @perf_bp={&(0x7f0000000300), 0xc}, 0x1320, 0x7a, 0x7ff, 0x3, 0x10001, 0x0, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1e000000c165000000010000092a0000800800006110be8a9b50046c8af0694fad1ca9ea8aa14c17cb55d41fc44ecfdf9f8c46", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=<r2=>0x0, @ANYRES32, @ANYBLOB="0000000001000000030000000400"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, 0x0, &(0x7f0000000840)=r3}, 0x20)
syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff020000000000000000000000000001"], 0x0)
ioperm(0x21, 0x1, 0x81)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)

1.455860638s ago: executing program 5 (id=2738):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x414, &(0x7f0000000000)=ANY=[@ANYRES32], 0x1, 0x2a1, &(0x7f0000000f40)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x11a)
r1 = openat(r0, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000016c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00002000bfa1000000ffffffb7020000080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x4}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x1, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xf}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r7 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000e00)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x5}, 0x10, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
keyctl$restrict_keyring(0xa, r7, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000680)='ex\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x001w\xfd')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r9, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00')
connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r11 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r11, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@secondary)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)

1.31315521s ago: executing program 5 (id=2739):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x2, 0x4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = io_uring_setup(0x3e45, &(0x7f00000001c0)={0x0, 0xffffffff, 0x2, 0x0, 0x302})
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = io_uring_setup(0x6280, &(0x7f0000000580)={0x0, 0x90000000, 0x1, 0x0, 0x1d2})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002700)=""/4096, 0x1000}], &(0x7f0000000200), 0x1}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r5=>0xffffffffffffffff, {0x1}}, './file0\x00'})
sendmsg$DEVLINK_CMD_RATE_SET(r5, &(0x7f00000010c0)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x80000001}, 0xc, &(0x7f0000001080)={&(0x7f0000001040)={0x30, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x1000}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008040}, 0xc811)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), r5)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000003c0)='./file0\x00', 0x200c0d2, &(0x7f0000000400)={[{@usrjquota}]}, 0x21, 0x554, &(0x7f00000007c0)="$eJzs3c+PG1cdAPDvzK533TTtJtADVEACFAKKYmedNqp6abmAUFUJUXFAHNJl11ktseMQe0t3icT2bwAJJE7wJ3BA4oDUEwduHJE4IEQ5IBWIQAkSB6MZz27cXZs1tddu1p+PNDs/3sx837Mz856fnXkBzK2LEbEXEUsR8UZErBTbk2KKV3pTtt+D+/fWH96/t55Et/v635M8PdsWfcdknizOWY6Ir38l4tvJ0bjtnd1ba41G/W6xXu0071Tbpbiy1VzbrG/Wb9dq11evX33x2gu1/7tM5SHbLzR/8d6Xt179xq9/9cl3f7f3xe9n2TpbpPWXY5J6RS8dxMksRsSrJxFsBhayP51Z54IPKo2Ij0TEZ/LrfyUW8n+dAMBp1u2uRHelfx0AOO3SvA8sSSsRkaZFI6DS68N7Js6kjVa7c/lma/v2Rq+v7FyU0ptbjfrV88t/+G6+cynJ1lfztDw9X68dWr8WEecj4kfLT+TrlfVWY2M2TR4AmHtP9tf/EfGv5TStVEY6dMC3egDAY2PYD2YAgNNL/Q8A80f9DwDzZ4T6v/iyf+/E8wIATIfP/wAwf9T/ADB/1P8AMFe+9tpr2dR9WDz/euPNne1brTevbNTbtyrN7fXKeuvuncpmq7WZP7Onedz5Gq3WndXnY/utaqfe7lTbO7s3mq3t250b+XO9b9RLUykVAPC/nL/wzu+TiNh76Yl8imIskMhHrQBOs3SCewGPl4VxDtZAgMea0b5gfo1UheeNhN+eeF6A2Rj4MO/ywMX3+0kxH6Uh4XdG8KFy6eOj9/8vTT13wEnSsw/z64P1/7888XwA06f/H+ZXt5scHvN/6SAJADiVxvgJX/cHk2qEADN13GDex37/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHPobER8J5K0ko8FnmZ/00ol4qmIOBel5OZWo341Ip6OCxFRWs7WV2edaQBgTOlfk2L8r0srz509nLqU/Hs5n0fE9376+o/fWut07q5m2/9xsH15f/iw2qPjxhhXEAAY3Z9H2Smvv2vFvO+D/IP799b3pxPM4xHvfelg8NH1h/fv5VMvZTG63W43opy3Jc78M4nF4phyRDwbEQsTiL/3dkR8bFD5k7xv5Fwx8ml//ChiPzXV+On74qd5Wm+evXwfnUBeYN68k91/Xhl0/aVxMZ8Pvv7L+R1qfPn9rxyxf+972Bd/sYi0MCB+ds1fHDXG87/56pGN3ZVe2tsRzy4Oip8cxE+GxH9uxPh//MSnfvjykLTuzyIuxeD4/bGqneadantn98pWc22zvlm/XatdX71+9cVrL9SqeR91db+n+qi/vXT56WF5y8p/Zkj88sDyLx0c+7kRy//z/7zxrU8/Wl0+HP8Lnz0cP8nf/2cGxu/J6sTPjxh/7cwvhw7fncXfGFL+497/yyPGf/cvuxsj7goATEF7Z/fWWqNRvzvWQvYpdBLnObKQZXG0nfebi+MF/VPkCxN6WYYsZI2xUXYundSreuILiwdtxcme+ZvZGadcnHTipRhr4cG0Ys3ungRMx6OLftY5AQAAAAAAAAAAAAAAhpnGf12adRkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4vf4bAAD//36iw1k=")
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0x0, 0x0, 0x1010000}}}}}, 0x0)

978.067225ms ago: executing program 5 (id=2740):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
gettid()
prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
fchdir(r1)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x11247a, 0x0, 0x7fff, 0x0, 0xb48, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800000000002}, 0x0, 0x200000, 0xffffffffffffffff, 0x3)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r4, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r8, &(0x7f0000000080)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x29a83a768e447add)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r9, {0x5, 0x2}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x0, 0x1}}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x2)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, &(0x7f0000000140)={r11}, &(0x7f0000000180)=0x8)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r4, 0x3)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="7472616e733d6664c534000000003d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',\x00'])

661.39978ms ago: executing program 1 (id=2741):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c0017"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)

626.002031ms ago: executing program 1 (id=2742):
ioperm(0x10, 0x6, 0x400)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$cont(0x7, r0, 0x1478, 0x350)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x2, 0xfffffffffffffffe}, 0x100}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r1, &(0x7f0000000180)=""/46, 0x2e)
ioctl$TIOCNXCL(r1, 0x540d)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000c50000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r2}, 0x10)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newsa={0x13c, 0x10, 0x413, 0x0, 0x0, {{@in=@multicast1, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in6=@loopback, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x20000000008}, {0x0, 0x7, 0xcc}, {0xf6}, 0x0, 0x0, 0xa, 0x1, 0x1}, [@algo_aead={0x4c, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0x114, 0x28, 0x1, 0x4, 0x25dfdbf8, "", [@nested={0x101, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
pipe(&(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
clock_adjtime(0x0, &(0x7f0000000280)={0xaa, 0x0, 0x400000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x4, 0x2, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
preadv(r8, &(0x7f00000001c0)=[{&(0x7f00000052c0)=""/4086, 0xff6}], 0x1, 0x4f5, 0x0)
readv(r6, &(0x7f0000002a40)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1)
write$binfmt_script(r7, &(0x7f0000020240), 0x10010)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000000)={0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000017c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c0000000206010200000000000d00000500000905000400020000000500040000000000050005000a000000"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r6}, &(0x7f00000000c0), &(0x7f0000000100)=r6}, 0x20)
iopl(0x2)

478.142043ms ago: executing program 1 (id=2743):
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x80512, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x100000000, 0x0, 0x4, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0x2)
socket$netlink(0x10, 0x3, 0x0)
unshare(0x20000400)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d80000001c0081064e81f782db44b9040a1d08040000000000000aa1180002000607002603600e12080b0f0000810401a8001605200001400200000803604e0cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee422fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63", 0xa2}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000b800000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x80c0}, 0x8040)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), 0xffffffffffffffff)
r6 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x17ffdb36c0e5187e}, 0xc, &(0x7f0000000480)={&(0x7f00000002c0)={0x30, r5, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x2004c891}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x18)
socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r7}, 0x10)
r8 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r8, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="00020201"], 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0), 0x1, 0x553, &(0x7f0000000800)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")

371.607805ms ago: executing program 1 (id=2744):
r0 = socket$inet6(0xa, 0x2, 0x46)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @mcast2, 0x1}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)
writev(r0, &(0x7f0000000240), 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="5d000000ffff3a192b160e0000ff00000080", @ANYRES32=0x0, @ANYBLOB="0000000006100000200012800b00010065727370616e00001000028004001200060010004e200000"], 0x40}}, 0x40080c0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="00000000000c8c0600000000008479b759136182000000002106943bb9a3cf67a1d638dd7b3772187daf558246ba6c624d2f1b9e5f91f7735f7bf2d60e0f2fca4b9175c4263df44fa7c9168cb09c0023808d630de0db6e79822100000000cdb1a5df60bbd16604dde0e702a82751d7acc5038bba91b0b666290a190b2edb26ae01fe69f06cad13ee0a939b6648ed669598ea59b701f3ec07f15d018d43b72a3e4e8847b2048a3936402de7df0b897cebabf3d725d9e061d6a92fd3fa617103c2c0794156bd1f34f35a3c4dca036ea8b57abe5e729fe4", @ANYRES16=r2, @ANYBLOB="f5ffffff00000000000006000009080004000000000008000500e00000020f000700756e636f6e66696e65640000"], 0x34}, 0x2, 0x34005, 0x0, 0x24080040}, 0x0)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r4, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
r5 = socket$inet6(0xa, 0x800, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x800, 0x2, 0x2, 0x23f8014895252c57, 0x0, 0x5}, 0x20)
setsockopt$inet6_int(r5, 0x29, 0x1000000000021, 0x0, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r6)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\"\x00\x00\x00\x00'], 0x20}}, 0x2000c094)
syz_genetlink_get_family_id$nbd(0x0, r6)
sendmsg$inet6(r5, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000380)=0xffff7fff00000041, 0x8)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
connect$802154_dgram(r4, &(0x7f0000000240)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0302}}}, 0x14)
sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f0000000000)={0x2b, {{0xa, 0x0, 0x0, @empty}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108)
getsockopt$inet6_buf(r8, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c00000000006113740000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507faff15300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

231.234327ms ago: executing program 1 (id=2745):
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
recvmmsg(r0, &(0x7f0000000b00)=[{{&(0x7f0000001240)=@hci, 0x80, &(0x7f00000013c0)=[{&(0x7f00000012c0)=""/163, 0xa3}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000001380)=""/40, 0x28}], 0x3, &(0x7f0000001400)=""/5, 0x5}, 0x1}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000001440)=""/44, 0x2c}, {&(0x7f0000003440)=""/4096, 0x1000}, {&(0x7f0000000480)=""/70, 0x46}], 0x3, &(0x7f0000001640)=""/196, 0xc4}, 0xe53}, {{&(0x7f0000001740)=@caif=@dbg, 0x80, &(0x7f0000001e00)=[{&(0x7f00000017c0)=""/171, 0xab}, {&(0x7f0000001880)=""/133, 0x85}, {&(0x7f0000001940)=""/102, 0x66}, {&(0x7f00000019c0)=""/81, 0x51}, {&(0x7f0000001a40)=""/245, 0xf5}, {&(0x7f0000000500)=""/155, 0x9b}, {0x0}, {&(0x7f0000001d00)=""/217, 0xd9}], 0x8, &(0x7f0000007740)=""/4081, 0xff1}, 0xfffffffa}, {{0x0, 0x0, 0x0}, 0x69669a71}], 0x4, 0x2002, &(0x7f00000076c0)={0x0, 0x3938700})

230.726947ms ago: executing program 3 (id=2746):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c0017"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)

228.486887ms ago: executing program 3 (id=2747):
bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0)

143.945548ms ago: executing program 5 (id=2748):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="1c0100003000010004000000fcdbdf250c01f2800400e6001400010000000000000000000000ffffac14142d50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be820c0018000aac0f000000000008002800", @ANYRES32, @ANYBLOB="f5b004214116394bd24b6c4175378bf355264b7fec7bf487ae7ab909c8d1f3d47271828bf3aabfe5ec54c0bb24502d54bbf964befa658409a932783b374bacfebeca7aecce0646ddce7ac01256ba4ab9497a86277de8b1a457fa7925a2f9f7ded2d14db94ad1ee4a10c752e3778d4821f99678ba63dff31dc7cd6c026b32c585ac9d2ff7ee45fd81d24f9f21e19d74373fbfbbe5d92b3ec03cfe9764f3c5d422fce41f0006ebeb689b33e8340b53937d1050a66e3ace879bfd5f00cd286050047c03d6dc082f93f0e7d5d7e13afa3a0f2ddd37dc73"], 0x11c}], 0x1, 0x0, 0x0, 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
epoll_create(0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='/'], 0x20)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000019c0), 0x0, 0x1)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x8, 0x3, 0x140}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000380)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0})
io_uring_enter(r1, 0x40f9, 0x217, 0xa5, 0x0, 0x2000)
close_range(r0, 0xffffffffffffffff, 0x0)

141.414458ms ago: executing program 6 (id=2749):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x414, &(0x7f0000000000)=ANY=[@ANYRES32], 0x1, 0x2a1, &(0x7f0000000f40)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x11a)
r1 = openat(r0, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000016c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00002000bfa1000000ffffffb702000008000000b703000066981699"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x4}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x1, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xf}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r7 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000e00)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x5}, 0x10, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
keyctl$restrict_keyring(0xa, r7, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000680)='ex\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x001w\xfd')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r9, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00')
connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r11 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r11, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@secondary)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)

51.71844ms ago: executing program 2 (id=2750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c0017"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)

51.16254ms ago: executing program 5 (id=2751):
r0 = syz_open_dev$usbfs(&(0x7f00000002c0), 0x73, 0x101301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0xed})

38.58375ms ago: executing program 2 (id=2752):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff000000000000000000000000000000000000000000000000000000f0ffffff00000000000000000000000000ffffffff0000000000000000000000002000000000000000000000000000000000000000000000000000000000000000fcffffff00000000"]}, 0x108)

15.78366ms ago: executing program 5 (id=2753):
ioperm(0x10, 0x6, 0x400)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$cont(0x7, r0, 0x1478, 0x350)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x2, 0xfffffffffffffffe}, 0x100}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r1, &(0x7f0000000180)=""/46, 0x2e)
ioctl$TIOCNXCL(r1, 0x540d)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000c50000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r2}, 0x10)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newsa={0x13c, 0x10, 0x413, 0x0, 0x0, {{@in=@multicast1, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in6=@loopback, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x20000000008}, {0x0, 0x7, 0xcc}, {0xf6}, 0x0, 0x0, 0xa, 0x1, 0x1}, [@algo_aead={0x4c, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0x114, 0x28, 0x1, 0x4, 0x25dfdbf8, "", [@nested={0x101, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
pipe(&(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
clock_adjtime(0x0, &(0x7f0000000280)={0xaa, 0x0, 0x400000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x4, 0x2, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
preadv(r8, &(0x7f00000001c0)=[{&(0x7f00000052c0)=""/4086, 0xff6}], 0x1, 0x4f5, 0x0)
readv(r6, &(0x7f0000002a40)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1)
write$binfmt_script(r7, &(0x7f0000020240), 0x10010)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000000)={0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000017c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c0000000206010200000000000d00000500000905000400020000000500040000000000050005000a000000"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r6}, &(0x7f00000000c0), &(0x7f0000000100)=r6}, 0x20)
iopl(0x2)

526.131Āµs ago: executing program 2 (id=2754):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x2, 0x4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000080000850000002d00000018110000", @ANYRES32=r1], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = io_uring_setup(0x3e45, &(0x7f00000001c0)={0x0, 0xffffffff, 0x2, 0x0, 0x302})
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = io_uring_setup(0x6280, &(0x7f0000000580)={0x0, 0x90000000, 0x1, 0x0, 0x1d2})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002700)=""/4096, 0x1000}], &(0x7f0000000200), 0x1}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0x1}}, './file0\x00'})
sendmsg$DEVLINK_CMD_RATE_SET(r6, &(0x7f00000010c0)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x80000001}, 0xc, &(0x7f0000001080)={&(0x7f0000001040)={0x30, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x1000}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008040}, 0xc811)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), r6)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000003c0)='./file0\x00', 0x200c0d2, &(0x7f0000000400)={[{@usrjquota}]}, 0x21, 0x554, &(0x7f00000007c0)="$eJzs3c+PG1cdAPDvzK533TTtJtADVEACFAKKYmedNqp6abmAUFUJUXFAHNJl11ktseMQe0t3icT2bwAJJE7wJ3BA4oDUEwduHJE4IEQ5IBWIQAkSB6MZz27cXZs1tddu1p+PNDs/3sx837Mz856fnXkBzK2LEbEXEUsR8UZErBTbk2KKV3pTtt+D+/fWH96/t55Et/v635M8PdsWfcdknizOWY6Ir38l4tvJ0bjtnd1ba41G/W6xXu0071Tbpbiy1VzbrG/Wb9dq11evX33x2gu1/7tM5SHbLzR/8d6Xt179xq9/9cl3f7f3xe9n2TpbpPWXY5J6RS8dxMksRsSrJxFsBhayP51Z54IPKo2Ij0TEZ/LrfyUW8n+dAMBp1u2uRHelfx0AOO3SvA8sSSsRkaZFI6DS68N7Js6kjVa7c/lma/v2Rq+v7FyU0ptbjfrV88t/+G6+cynJ1lfztDw9X68dWr8WEecj4kfLT+TrlfVWY2M2TR4AmHtP9tf/EfGv5TStVEY6dMC3egDAY2PYD2YAgNNL/Q8A80f9DwDzZ4T6v/iyf+/E8wIATIfP/wAwf9T/ADB/1P8AMFe+9tpr2dR9WDz/euPNne1brTevbNTbtyrN7fXKeuvuncpmq7WZP7Onedz5Gq3WndXnY/utaqfe7lTbO7s3mq3t250b+XO9b9RLUykVAPC/nL/wzu+TiNh76Yl8imIskMhHrQBOs3SCewGPl4VxDtZAgMea0b5gfo1UheeNhN+eeF6A2Rj4MO/ywMX3+0kxH6Uh4XdG8KFy6eOj9/8vTT13wEnSsw/z64P1/7888XwA06f/H+ZXt5scHvN/6SAJADiVxvgJX/cHk2qEADN13GDex37/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHPobER8J5K0ko8FnmZ/00ol4qmIOBel5OZWo341Ip6OCxFRWs7WV2edaQBgTOlfk2L8r0srz509nLqU/Hs5n0fE9376+o/fWut07q5m2/9xsH15f/iw2qPjxhhXEAAY3Z9H2Smvv2vFvO+D/IP799b3pxPM4xHvfelg8NH1h/fv5VMvZTG63W43opy3Jc78M4nF4phyRDwbEQsTiL/3dkR8bFD5k7xv5Fwx8ml//ChiPzXV+On74qd5Wm+evXwfnUBeYN68k91/Xhl0/aVxMZ8Pvv7L+R1qfPn9rxyxf+972Bd/sYi0MCB+ds1fHDXG87/56pGN3ZVe2tsRzy4Oip8cxE+GxH9uxPh//MSnfvjykLTuzyIuxeD4/bGqneadantn98pWc22zvlm/XatdX71+9cVrL9SqeR91db+n+qi/vXT56WF5y8p/Zkj88sDyLx0c+7kRy//z/7zxrU8/Wl0+HP8Lnz0cP8nf/2cGxu/J6sTPjxh/7cwvhw7fncXfGFL+497/yyPGf/cvuxsj7goATEF7Z/fWWqNRvzvWQvYpdBLnObKQZXG0nfebi+MF/VPkCxN6WYYsZI2xUXYundSreuILiwdtxcme+ZvZGadcnHTipRhr4cG0Ys3ungRMx6OLftY5AQAAAAAAAAAAAAAAhpnGf12adRkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4vf4bAAD//36iw1k=")
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0x0, 0x0, 0x1010000}}}}}, 0x0)

0s ago: executing program 6 (id=2755):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={0x0}}, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
pipe(&(0x7f0000000200))
openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
futex(0x0, 0x3, 0x0, &(0x7f0000fd7ff0), 0x0, 0xfffffffd)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3f, 0x600, 0x0)

kernel console output (not intermixed with test programs):

0] type 2 family 0 port 6081 - 0
[  184.613962][T10443] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.622974][T10444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.632912][T10444] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  184.673659][T10443] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.733299][T10443] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.797501][T10443] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.808239][T10443] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.818945][T10443] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.829771][T10443] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.132056][T10472] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.183057][T10473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.191609][T10473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.202635][T10472] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.262945][T10472] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.312720][T10472] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.248121][T10435] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.275219][T10435] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.295696][T10435] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.308573][T10502] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  186.325867][T10435] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.542407][T10524] loop6: detected capacity change from 0 to 1024
[  186.549036][T10524] EXT4-fs: Ignoring removed i_version option
[  186.555684][T10524] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  186.567940][T10524] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.2376: Invalid block bitmap block 0 in block_group 0
[  186.582612][T10524] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.2376: Failed to acquire dquot type 0
[  186.584256][T10527] 9pnet_fd: Insufficient options for proto=fd
[  186.594545][T10524] EXT4-fs error (device loop6): ext4_free_blocks:6587: comm syz.6.2376: Freeing blocks not in datazone - block = 0, count = 4096
[  186.614498][T10524] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.2376: Invalid inode bitmap blk 0 in block_group 0
[  186.627626][T10524] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  186.637096][T10524] EXT4-fs (loop6): 1 orphan inode deleted
[  186.642990][ T5364] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u8:46: Failed to release dquot type 0
[  186.643223][T10524] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.692365][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.713460][T10531] FAULT_INJECTION: forcing a failure.
[  186.713460][T10531] name failslab, interval 1, probability 0, space 0, times 0
[  186.726181][T10531] CPU: 0 UID: 0 PID: 10531 Comm: syz.6.2379 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  186.726211][T10531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.726222][T10531] Call Trace:
[  186.726229][T10531]  <TASK>
[  186.726271][T10531]  __dump_stack+0x1d/0x30
[  186.726331][T10531]  dump_stack_lvl+0xe8/0x140
[  186.726351][T10531]  dump_stack+0x15/0x1b
[  186.726366][T10531]  should_fail_ex+0x265/0x280
[  186.726392][T10531]  ? audit_log_d_path+0x8d/0x150
[  186.726432][T10531]  should_failslab+0x8c/0xb0
[  186.726451][T10531]  __kmalloc_cache_noprof+0x4c/0x320
[  186.726503][T10531]  audit_log_d_path+0x8d/0x150
[  186.726529][T10531]  audit_log_d_path_exe+0x42/0x70
[  186.726556][T10531]  audit_log_task+0x1e9/0x250
[  186.726591][T10531]  audit_seccomp+0x61/0x100
[  186.726612][T10531]  ? __seccomp_filter+0x68c/0x10d0
[  186.726663][T10531]  __seccomp_filter+0x69d/0x10d0
[  186.726683][T10531]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  186.726738][T10531]  ? vfs_write+0x75e/0x8e0
[  186.726780][T10531]  __secure_computing+0x82/0x150
[  186.726799][T10531]  syscall_trace_enter+0xcf/0x1e0
[  186.726820][T10531]  do_syscall_64+0xac/0x200
[  186.726835][T10531]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  186.726856][T10531]  ? clear_bhb_loop+0x40/0x90
[  186.726891][T10531]  ? clear_bhb_loop+0x40/0x90
[  186.726916][T10531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.726934][T10531] RIP: 0033:0x7f6b52bce929
[  186.726948][T10531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.726963][T10531] RSP: 002b:00007f6b51237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  186.727026][T10531] RAX: ffffffffffffffda RBX: 00007f6b52df5fa0 RCX: 00007f6b52bce929
[  186.727037][T10531] RDX: 0000000000000048 RSI: 00002000000009c0 RDI: 0000000000000000
[  186.727048][T10531] RBP: 00007f6b51237090 R08: 0000000000000000 R09: 0000000000000000
[  186.727058][T10531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.727088][T10531] R13: 0000000000000000 R14: 00007f6b52df5fa0 R15: 00007fffc002d2d8
[  186.727104][T10531]  </TASK>
[  186.949340][T10534] FAULT_INJECTION: forcing a failure.
[  186.949340][T10534] name failslab, interval 1, probability 0, space 0, times 0
[  186.962143][T10534] CPU: 1 UID: 0 PID: 10534 Comm: syz.2.2380 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  186.962283][T10534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.962294][T10534] Call Trace:
[  186.962300][T10534]  <TASK>
[  186.962308][T10534]  __dump_stack+0x1d/0x30
[  186.962329][T10534]  dump_stack_lvl+0xe8/0x140
[  186.962348][T10534]  dump_stack+0x15/0x1b
[  186.962368][T10534]  should_fail_ex+0x265/0x280
[  186.962405][T10534]  should_failslab+0x8c/0xb0
[  186.962427][T10534]  kmem_cache_alloc_node_noprof+0x57/0x320
[  186.962455][T10534]  ? __alloc_skb+0x101/0x320
[  186.962560][T10534]  __alloc_skb+0x101/0x320
[  186.962620][T10534]  kcm_sendmsg+0x1519/0x16c0
[  186.962640][T10534]  ? avc_has_perm+0xd3/0x150
[  186.962670][T10534]  ? __pfx_kcm_sendmsg+0x10/0x10
[  186.962688][T10534]  __sock_sendmsg+0x142/0x180
[  186.962718][T10534]  ____sys_sendmsg+0x345/0x4e0
[  186.962830][T10534]  ___sys_sendmsg+0x17b/0x1d0
[  186.962865][T10534]  __sys_sendmmsg+0x178/0x300
[  186.962897][T10534]  __x64_sys_sendmmsg+0x57/0x70
[  186.962915][T10534]  x64_sys_call+0x2f2f/0x2fb0
[  186.962934][T10534]  do_syscall_64+0xd2/0x200
[  186.962968][T10534]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  186.962992][T10534]  ? clear_bhb_loop+0x40/0x90
[  186.963015][T10534]  ? clear_bhb_loop+0x40/0x90
[  186.963093][T10534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.963117][T10534] RIP: 0033:0x7fb998bfe929
[  186.963136][T10534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.963184][T10534] RSP: 002b:00007fb997267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  186.963204][T10534] RAX: ffffffffffffffda RBX: 00007fb998e25fa0 RCX: 00007fb998bfe929
[  186.963216][T10534] RDX: 0000000000000002 RSI: 0000200000000880 RDI: 0000000000000003
[  186.963228][T10534] RBP: 00007fb997267090 R08: 0000000000000000 R09: 0000000000000000
[  186.963258][T10534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.963296][T10534] R13: 0000000000000000 R14: 00007fb998e25fa0 R15: 00007ffd51de0d88
[  186.963317][T10534]  </TASK>
[  187.045527][ T3382] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  187.201756][T10546] FAULT_INJECTION: forcing a failure.
[  187.201756][T10546] name failslab, interval 1, probability 0, space 0, times 0
[  187.215135][T10546] CPU: 0 UID: 0 PID: 10546 Comm: syz.3.2384 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  187.215174][T10546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.215186][T10546] Call Trace:
[  187.215193][T10546]  <TASK>
[  187.215201][T10546]  __dump_stack+0x1d/0x30
[  187.215221][T10546]  dump_stack_lvl+0xe8/0x140
[  187.215321][T10546]  dump_stack+0x15/0x1b
[  187.215347][T10546]  should_fail_ex+0x265/0x280
[  187.215386][T10546]  ? alloc_fdtable+0x74/0x1b0
[  187.215441][T10546]  should_failslab+0x8c/0xb0
[  187.215530][T10546]  __kmalloc_cache_noprof+0x4c/0x320
[  187.215614][T10546]  alloc_fdtable+0x74/0x1b0
[  187.215745][T10546]  dup_fd+0x4c7/0x540
[  187.215779][T10546]  copy_files+0x98/0xf0
[  187.215805][T10546]  copy_process+0xc44/0x1fe0
[  187.215837][T10546]  kernel_clone+0x16c/0x5b0
[  187.215865][T10546]  ? vfs_write+0x75e/0x8e0
[  187.215972][T10546]  __x64_sys_clone+0xe6/0x120
[  187.216056][T10546]  x64_sys_call+0x2c59/0x2fb0
[  187.216080][T10546]  do_syscall_64+0xd2/0x200
[  187.216102][T10546]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  187.216184][T10546]  ? clear_bhb_loop+0x40/0x90
[  187.216216][T10546]  ? clear_bhb_loop+0x40/0x90
[  187.216240][T10546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.216335][T10546] RIP: 0033:0x7efc57f9e929
[  187.216350][T10546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.216367][T10546] RSP: 002b:00007efc56606fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  187.216394][T10546] RAX: ffffffffffffffda RBX: 00007efc581c5fa0 RCX: 00007efc57f9e929
[  187.216408][T10546] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000026801000
[  187.216431][T10546] RBP: 00007efc56607090 R08: 0000000000000000 R09: 0000000000000000
[  187.216472][T10546] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  187.216493][T10546] R13: 0000000000000000 R14: 00007efc581c5fa0 R15: 00007ffdc3c65878
[  187.216514][T10546]  </TASK>
[  187.282824][   T29] kauditd_printk_skb: 503 callbacks suppressed
[  187.282840][   T29] audit: type=1326 audit(1749989076.035:24277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10530 comm="syz.6.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  187.324465][ T3382] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  187.329006][   T29] audit: type=1326 audit(1749989076.035:24278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10530 comm="syz.6.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  187.492800][   T29] audit: type=1326 audit(1749989076.105:24279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10530 comm="syz.6.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b52bcd290 code=0x7ffc0000
[  187.516686][   T29] audit: type=1326 audit(1749989076.105:24280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10530 comm="syz.6.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  187.540486][   T29] audit: type=1326 audit(1749989076.115:24281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10530 comm="syz.6.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  187.564179][   T29] audit: type=1326 audit(1749989076.155:24282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10550 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc57f9e929 code=0x7ffc0000
[  187.587929][   T29] audit: type=1326 audit(1749989076.155:24283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10550 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc57f9e929 code=0x7ffc0000
[  187.611574][   T29] audit: type=1326 audit(1749989076.155:24284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10550 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc57f9e929 code=0x7ffc0000
[  187.611609][   T29] audit: type=1326 audit(1749989076.155:24285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10550 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc57f9e929 code=0x7ffc0000
[  187.611655][   T29] audit: type=1326 audit(1749989076.155:24286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10550 comm="syz.3.2386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc57f9e929 code=0x7ffc0000
[  187.666378][T10472] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.697611][T10472] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.709462][T10472] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.722111][T10472] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.763430][T10556] __nla_validate_parse: 10 callbacks suppressed
[  187.763449][T10556] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2388'.
[  187.787522][T10560] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2390'.
[  187.809942][T10564] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2389'.
[  187.848190][T10562] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2391'.
[  188.006288][T10579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.020541][T10579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.067200][T10588] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2402'.
[  188.284860][T10599] loop1: detected capacity change from 0 to 1024
[  188.291827][T10599] EXT4-fs: Ignoring removed i_version option
[  188.298777][T10603] loop3: detected capacity change from 0 to 128
[  188.301358][T10599] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  188.307414][T10603] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  188.322548][T10599] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.2405: Invalid block bitmap block 0 in block_group 0
[  188.341567][T10603] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.342153][T10599] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.2405: Failed to acquire dquot type 0
[  188.364544][T10599] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.2405: Freeing blocks not in datazone - block = 0, count = 4096
[  188.378134][T10599] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.2405: Invalid inode bitmap blk 0 in block_group 0
[  188.391002][T10599] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[  188.391670][ T5364] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:46: Failed to release dquot type 0
[  188.411479][T10599] EXT4-fs (loop1): 1 orphan inode deleted
[  188.417537][T10599] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.438547][T10603] @: renamed from vlan0 (while UP)
[  188.454349][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.472019][ T9909] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  188.506196][T10613] FAULT_INJECTION: forcing a failure.
[  188.506196][T10613] name failslab, interval 1, probability 0, space 0, times 0
[  188.518918][T10613] CPU: 0 UID: 0 PID: 10613 Comm: syz.1.2410 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  188.518966][T10613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.518978][T10613] Call Trace:
[  188.518986][T10613]  <TASK>
[  188.518994][T10613]  __dump_stack+0x1d/0x30
[  188.519017][T10613]  dump_stack_lvl+0xe8/0x140
[  188.519062][T10613]  dump_stack+0x15/0x1b
[  188.519110][T10613]  should_fail_ex+0x265/0x280
[  188.519194][T10613]  should_failslab+0x8c/0xb0
[  188.519218][T10613]  kmem_cache_alloc_node_noprof+0x57/0x320
[  188.519246][T10613]  ? __alloc_skb+0x101/0x320
[  188.519317][T10613]  __alloc_skb+0x101/0x320
[  188.519346][T10613]  netlink_ack+0xfd/0x500
[  188.519457][T10613]  ? __pfx_smc_pnet_add+0x10/0x10
[  188.519554][T10613]  netlink_rcv_skb+0x192/0x220
[  188.519625][T10613]  ? __pfx_genl_rcv_msg+0x10/0x10
[  188.519656][T10613]  genl_rcv+0x28/0x40
[  188.519677][T10613]  netlink_unicast+0x59e/0x670
[  188.519731][T10613]  netlink_sendmsg+0x58b/0x6b0
[  188.519806][T10613]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.519826][T10613]  __sock_sendmsg+0x142/0x180
[  188.519927][T10613]  ____sys_sendmsg+0x31e/0x4e0
[  188.519963][T10613]  ___sys_sendmsg+0x17b/0x1d0
[  188.520011][T10613]  __x64_sys_sendmsg+0xd4/0x160
[  188.520034][T10613]  x64_sys_call+0x2999/0x2fb0
[  188.520055][T10613]  do_syscall_64+0xd2/0x200
[  188.520076][T10613]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  188.520142][T10613]  ? clear_bhb_loop+0x40/0x90
[  188.520164][T10613]  ? clear_bhb_loop+0x40/0x90
[  188.520187][T10613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.520209][T10613] RIP: 0033:0x7f2c0aace929
[  188.520226][T10613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.520340][T10613] RSP: 002b:00007f2c09137038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  188.520361][T10613] RAX: ffffffffffffffda RBX: 00007f2c0acf5fa0 RCX: 00007f2c0aace929
[  188.520374][T10613] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  188.520389][T10613] RBP: 00007f2c09137090 R08: 0000000000000000 R09: 0000000000000000
[  188.520402][T10613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.520440][T10613] R13: 0000000000000000 R14: 00007f2c0acf5fa0 R15: 00007fff459b2108
[  188.520460][T10613]  </TASK>
[  188.783608][T10619] netlink: 'syz.1.2412': attribute type 1 has an invalid length.
[  188.792189][T10618] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2413'.
[  188.798084][T10619] 8021q: adding VLAN 0 to HW filter on device bond1
[  188.847901][T10619] bond1: (slave gretap1): making interface the new active one
[  188.868354][T10619] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  188.936633][T10638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.945127][T10638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.952662][T10639] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2419'.
[  188.970936][T10637] loop1: detected capacity change from 0 to 1024
[  188.991242][T10644] loop5: detected capacity change from 0 to 128
[  188.997889][T10644] vfat: Unknown parameter '˙˙˙˙'
[  189.005176][T10637] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.029310][T10644] siw: device registration error -23
[  189.059572][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.092434][T10657] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2426'.
[  189.242772][T10675] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2434'.
[  189.272776][T10675] loop5: detected capacity change from 0 to 1024
[  189.283136][T10675] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.296650][T10680] loop3: detected capacity change from 0 to 512
[  189.312899][ T9943] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.380154][T10693] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2440'.
[  189.498488][T10700] FAULT_INJECTION: forcing a failure.
[  189.498488][T10700] name failslab, interval 1, probability 0, space 0, times 0
[  189.511366][T10700] CPU: 0 UID: 0 PID: 10700 Comm: syz.3.2443 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  189.511394][T10700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.511405][T10700] Call Trace:
[  189.511411][T10700]  <TASK>
[  189.511421][T10700]  __dump_stack+0x1d/0x30
[  189.511445][T10700]  dump_stack_lvl+0xe8/0x140
[  189.511611][T10700]  dump_stack+0x15/0x1b
[  189.511710][T10700]  should_fail_ex+0x265/0x280
[  189.511742][T10700]  should_failslab+0x8c/0xb0
[  189.511783][T10700]  kmem_cache_alloc_noprof+0x50/0x310
[  189.511873][T10700]  ? skb_clone+0x151/0x1f0
[  189.511892][T10700]  skb_clone+0x151/0x1f0
[  189.511909][T10700]  __netlink_deliver_tap+0x2c9/0x500
[  189.511932][T10700]  netlink_unicast+0x64c/0x670
[  189.511959][T10700]  netlink_sendmsg+0x58b/0x6b0
[  189.512043][T10700]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.512121][T10700]  __sock_sendmsg+0x142/0x180
[  189.512143][T10700]  sock_write_iter+0x165/0x1b0
[  189.512168][T10700]  do_iter_readv_writev+0x421/0x4c0
[  189.512203][T10700]  vfs_writev+0x2df/0x8b0
[  189.512235][T10700]  do_writev+0xe7/0x210
[  189.512261][T10700]  __x64_sys_writev+0x45/0x50
[  189.512304][T10700]  x64_sys_call+0x2006/0x2fb0
[  189.512328][T10700]  do_syscall_64+0xd2/0x200
[  189.512346][T10700]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  189.512374][T10700]  ? clear_bhb_loop+0x40/0x90
[  189.512396][T10700]  ? clear_bhb_loop+0x40/0x90
[  189.512541][T10700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.512596][T10700] RIP: 0033:0x7efc57f9e929
[  189.512612][T10700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.512708][T10700] RSP: 002b:00007efc56607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  189.512728][T10700] RAX: ffffffffffffffda RBX: 00007efc581c5fa0 RCX: 00007efc57f9e929
[  189.512740][T10700] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000003
[  189.512753][T10700] RBP: 00007efc56607090 R08: 0000000000000000 R09: 0000000000000000
[  189.512767][T10700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.512780][T10700] R13: 0000000000000000 R14: 00007efc581c5fa0 R15: 00007ffdc3c65878
[  189.512798][T10700]  </TASK>
[  189.512816][T10700] netlink: 'syz.3.2443': attribute type 4 has an invalid length.
[  189.976688][T10706] loop6: detected capacity change from 0 to 1024
[  189.993601][T10706] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.035916][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.124837][T10718] loop3: detected capacity change from 0 to 512
[  190.143315][T10718] EXT4-fs: Ignoring removed mblk_io_submit option
[  190.165454][T10718] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  190.190732][T10718] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal
[  190.386474][T10721] loop5: detected capacity change from 0 to 1024
[  190.394198][T10721] EXT4-fs: Ignoring removed i_version option
[  190.400722][T10721] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  190.413810][T10721] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.2450: Invalid block bitmap block 0 in block_group 0
[  190.427665][T10721] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2450: Failed to acquire dquot type 0
[  190.440192][T10721] EXT4-fs error (device loop5): ext4_free_blocks:6587: comm syz.5.2450: Freeing blocks not in datazone - block = 0, count = 4096
[  190.469608][T10721] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.2450: Invalid inode bitmap blk 0 in block_group 0
[  190.483353][ T5340] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:23: Failed to release dquot type 0
[  190.495313][T10721] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  190.504945][T10721] EXT4-fs (loop5): 1 orphan inode deleted
[  190.511736][T10721] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.585603][ T9943] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.618310][T10726] siw: device registration error -23
[  190.722020][T10732] loop5: detected capacity change from 0 to 512
[  190.728762][T10732] ext4: Unknown parameter 'obj_user'
[  190.902504][T10734] loop1: detected capacity change from 0 to 512
[  190.935360][T10734] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  190.957202][T10734] EXT4-fs (loop1): 1 truncate cleaned up
[  190.967365][T10734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.133244][T10738] SELinux:  Context Ü is not valid (left unmapped).
[  191.167131][T10738] lo speed is unknown, defaulting to 1000
[  191.202416][T10742] loop6: detected capacity change from 0 to 164
[  191.217475][T10747] 9pnet_fd: Insufficient options for proto=fd
[  191.308813][T10742] iso9660: Unknown parameter 'showas–msoc'
[  191.417738][T10742] SELinux: syz.6.2458 (10742) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  191.667793][T10753] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.718479][T10756] IPv6: NLM_F_CREATE should be specified when creating new route
[  191.762360][T10756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.770797][T10756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.808275][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.812102][T10753] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.864375][T10753] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.938928][T10762] siw: device registration error -23
[  191.946861][T10753] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.012275][T10753] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.034334][T10753] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.066246][T10753] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.089862][T10753] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.629644][   T29] kauditd_printk_skb: 592 callbacks suppressed
[  192.629739][   T29] audit: type=1326 audit(1749989081.435:24873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10777 comm="syz.6.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  192.659845][   T29] audit: type=1326 audit(1749989081.435:24874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10777 comm="syz.6.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  192.747830][T10792] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.798300][T10797] IPv6: NLM_F_CREATE should be specified when creating new route
[  192.807050][T10797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.820182][T10792] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.830141][T10797] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.841008][T10800] loop6: detected capacity change from 0 to 128
[  192.847711][T10800] vfat: Unknown parameter '˙˙˙˙'
[  192.862743][T10800] siw: device registration error -23
[  192.872990][T10792] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.941671][T10792] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.968484][T10806] siw: device registration error -23
[  193.096381][T10814] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.123083][T10814] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.145747][T10816] __nla_validate_parse: 8 callbacks suppressed
[  193.145763][T10816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2487'.
[  193.156048][T10817] IPv6: NLM_F_CREATE should be specified when creating new route
[  193.171039][T10817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  193.179862][T10817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  193.180738][T10814] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.200280][   T29] audit: type=1326 audit(1749989082.005:24875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.225698][   T29] audit: type=1326 audit(1749989082.005:24876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.249488][   T29] audit: type=1326 audit(1749989082.005:24877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.273407][   T29] audit: type=1326 audit(1749989082.005:24878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.297019][   T29] audit: type=1326 audit(1749989082.005:24879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.320819][   T29] audit: type=1326 audit(1749989082.015:24880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.344483][   T29] audit: type=1326 audit(1749989082.015:24881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.368148][   T29] audit: type=1326 audit(1749989082.015:24882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10820 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb998bfe929 code=0x7ffc0000
[  193.422146][T10823] loop1: detected capacity change from 0 to 512
[  193.431507][T10823] EXT4-fs: Ignoring removed mblk_io_submit option
[  193.439353][T10814] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.449882][T10823] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  193.458959][T10823] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal
[  193.509942][T10814] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.522217][T10814] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.534167][T10814] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.546088][T10814] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.628435][T10828] loop3: detected capacity change from 0 to 1024
[  193.635339][T10828] EXT4-fs: Ignoring removed orlov option
[  193.641010][T10828] EXT4-fs: Ignoring removed bh option
[  193.667707][T10828] EXT4-fs: Ignoring removed bh option
[  193.692975][T10828] EXT4-fs (loop3): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.715844][T10830] netlink: 'syz.2.2492': attribute type 1 has an invalid length.
[  193.723794][T10830] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2492'.
[  193.734489][ T9909] EXT4-fs (loop3): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[  193.774537][T10837] loop3: detected capacity change from 0 to 1024
[  193.781888][T10837] EXT4-fs: Ignoring removed orlov option
[  193.787976][T10837] EXT4-fs: Ignoring removed bh option
[  193.794264][T10837] EXT4-fs: Ignoring removed bh option
[  193.824376][T10837] EXT4-fs (loop3): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.840521][T10840] siw: device registration error -23
[  193.885890][ T9909] EXT4-fs (loop3): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[  194.243740][T10858] loop6: detected capacity change from 0 to 128
[  194.286230][T10858] vfat: Unknown parameter '˙˙˙˙'
[  194.395780][T10858] siw: device registration error -23
[  195.604597][T10878] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2507'.
[  195.759230][T10887] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.808689][T10896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.817218][T10896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.827407][T10895] loop1: detected capacity change from 0 to 512
[  195.835183][T10895] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  195.836130][T10887] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.870497][T10895] EXT4-fs (loop1): 1 truncate cleaned up
[  195.882930][T10895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.019800][T10887] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.065935][T10887] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.560747][T10906] 9pnet_fd: Insufficient options for proto=fd
[  196.679804][T10887] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.689227][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.693121][T10887] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.710028][T10887] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.758628][T10887] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.784744][T10901] syz.2.2516 (10901) used greatest stack depth: 5904 bytes left
[  197.205038][T10930] loop6: detected capacity change from 0 to 512
[  197.235979][T10930] EXT4-fs: Ignoring removed mblk_io_submit option
[  197.264732][T10930] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  197.300690][T10930] EXT4-fs (loop6): can't mount with data_err=abort, fs mounted w/o journal
[  197.963293][   T29] kauditd_printk_skb: 97 callbacks suppressed
[  197.963311][   T29] audit: type=1326 audit(1749989086.775:24980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.052771][   T29] audit: type=1326 audit(1749989086.805:24981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.076482][   T29] audit: type=1326 audit(1749989086.805:24982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.100118][   T29] audit: type=1326 audit(1749989086.805:24983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.123740][   T29] audit: type=1326 audit(1749989086.805:24984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.147716][   T29] audit: type=1326 audit(1749989086.805:24985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.171930][   T29] audit: type=1326 audit(1749989086.805:24986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.195726][   T29] audit: type=1326 audit(1749989086.805:24987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.219383][   T29] audit: type=1326 audit(1749989086.805:24988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.243677][   T29] audit: type=1326 audit(1749989086.805:24989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10938 comm="syz.1.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0aace929 code=0x7ffc0000
[  198.273605][T10792] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.284939][T10792] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.296710][T10792] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.462005][T10792] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.540021][T10952] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2532'.
[  198.550421][T10946] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2532'.
[  198.618301][T10957] loop3: detected capacity change from 0 to 128
[  198.691502][T10957] vfat: Unknown parameter '˙˙˙˙'
[  198.712228][T10957] siw: device registration error -23
[  198.739094][T10961] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.791508][T10962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.809109][T10962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.826245][T10965] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10965 comm=syz.2.2539
[  198.843632][T10961] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.912854][T10961] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.935600][T10969] netlink: 'syz.2.2541': attribute type 1 has an invalid length.
[  198.943484][T10969] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2541'.
[  199.012669][T10961] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.154635][T10984] loop3: detected capacity change from 0 to 512
[  199.193475][T10984] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.206062][T10984] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  199.327546][T10989] loop1: detected capacity change from 0 to 512
[  199.356397][T10991] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10991 comm=syz.2.2548
[  199.369079][T10991] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10991 comm=syz.2.2548
[  199.398815][T10989] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  199.443793][T10989] EXT4-fs (loop1): 1 truncate cleaned up
[  199.463052][T10989] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.754806][T10998] 9pnet_fd: Insufficient options for proto=fd
[  200.348911][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.437523][T11002] syzkaller1: entered promiscuous mode
[  200.443095][T11002] syzkaller1: entered allmulticast mode
[  200.638526][T11004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2553'.
[  200.807947][T11010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2551'.
[  200.867602][T11010] xt_CT: You must specify a L4 protocol and not use inversions on it
[  200.955393][T11012] FAULT_INJECTION: forcing a failure.
[  200.955393][T11012] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.968786][T11012] CPU: 0 UID: 0 PID: 11012 Comm: syz.1.2556 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  200.968814][T11012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  200.968830][T11012] Call Trace:
[  200.968837][T11012]  <TASK>
[  200.968844][T11012]  __dump_stack+0x1d/0x30
[  200.968908][T11012]  dump_stack_lvl+0xe8/0x140
[  200.968931][T11012]  dump_stack+0x15/0x1b
[  200.968950][T11012]  should_fail_ex+0x265/0x280
[  200.968977][T11012]  should_fail+0xb/0x20
[  200.969066][T11012]  should_fail_usercopy+0x1a/0x20
[  200.969094][T11012]  _copy_to_user+0x20/0xa0
[  200.969138][T11012]  __se_sys_sched_getattr+0x1d0/0x230
[  200.969160][T11012]  x64_sys_call+0x2b7/0x2fb0
[  200.969183][T11012]  do_syscall_64+0xd2/0x200
[  200.969204][T11012]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  200.969247][T11012]  ? clear_bhb_loop+0x40/0x90
[  200.969271][T11012]  ? clear_bhb_loop+0x40/0x90
[  200.969291][T11012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.969366][T11012] RIP: 0033:0x7f2c0aace929
[  200.969384][T11012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.969404][T11012] RSP: 002b:00007f2c09137038 EFLAGS: 00000246 ORIG_RAX: 000000000000013b
[  200.969449][T11012] RAX: ffffffffffffffda RBX: 00007f2c0acf5fa0 RCX: 00007f2c0aace929
[  200.969462][T11012] RDX: 00000000000000be RSI: 00002000000010c0 RDI: 0000000000000000
[  200.969477][T11012] RBP: 00007f2c09137090 R08: 0000000000000000 R09: 0000000000000000
[  200.969491][T11012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.969505][T11012] R13: 0000000000000000 R14: 00007f2c0acf5fa0 R15: 00007fff459b2108
[  200.969525][T11012]  </TASK>
[  201.145190][ T9909] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.219842][T11018] cgroup: release_agent respecified
[  201.537511][T11027] loop3: detected capacity change from 0 to 512
[  201.552050][T11027] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  201.588618][T11027] EXT4-fs (loop3): 1 truncate cleaned up
[  201.594882][T11027] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.698170][T11032] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2564'.
[  201.777704][T11036] loop6: detected capacity change from 0 to 1024
[  201.821568][T11037] 9pnet_fd: Insufficient options for proto=fd
[  202.525806][T11042] lo speed is unknown, defaulting to 1000
[  202.552608][ T9021] syz_tun (unregistering): left allmulticast mode
[  202.626131][ T9909] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.638718][T11036] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.703883][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.742889][T11042] chnl_net:caif_netlink_parms(): no params data found
[  202.792836][T11064] FAULT_INJECTION: forcing a failure.
[  202.792836][T11064] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.806053][T11064] CPU: 0 UID: 0 PID: 11064 Comm: syz.6.2570 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  202.806077][T11064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  202.806092][T11064] Call Trace:
[  202.806096][T11064]  <TASK>
[  202.806101][T11064]  __dump_stack+0x1d/0x30
[  202.806114][T11064]  dump_stack_lvl+0xe8/0x140
[  202.806124][T11064]  dump_stack+0x15/0x1b
[  202.806132][T11064]  should_fail_ex+0x265/0x280
[  202.806218][T11064]  should_fail+0xb/0x20
[  202.806233][T11064]  should_fail_usercopy+0x1a/0x20
[  202.806247][T11064]  _copy_to_user+0x20/0xa0
[  202.806258][T11064]  simple_read_from_buffer+0xb5/0x130
[  202.806286][T11064]  proc_fail_nth_read+0x100/0x140
[  202.806361][T11064]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.806371][T11064]  vfs_read+0x1a0/0x6f0
[  202.806431][T11064]  ? __rcu_read_unlock+0x4f/0x70
[  202.806488][T11064]  ? __fget_files+0x184/0x1c0
[  202.806499][T11064]  ksys_read+0xda/0x1a0
[  202.806513][T11064]  __x64_sys_read+0x40/0x50
[  202.806529][T11064]  x64_sys_call+0x2d77/0x2fb0
[  202.806566][T11064]  do_syscall_64+0xd2/0x200
[  202.806577][T11064]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  202.806589][T11064]  ? clear_bhb_loop+0x40/0x90
[  202.806600][T11064]  ? clear_bhb_loop+0x40/0x90
[  202.806650][T11064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.806731][T11064] RIP: 0033:0x7f6b52bcd33c
[  202.806740][T11064] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  202.806750][T11064] RSP: 002b:00007f6b51237030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  202.806761][T11064] RAX: ffffffffffffffda RBX: 00007f6b52df5fa0 RCX: 00007f6b52bcd33c
[  202.806768][T11064] RDX: 000000000000000f RSI: 00007f6b512370a0 RDI: 0000000000000006
[  202.806774][T11064] RBP: 00007f6b51237090 R08: 0000000000000000 R09: 0000000000000000
[  202.806781][T11064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.806787][T11064] R13: 0000000000000000 R14: 00007f6b52df5fa0 R15: 00007fffc002d2d8
[  202.806865][T11064]  </TASK>
[  203.022719][T11063] loop3: detected capacity change from 0 to 736
[  203.029430][T11063] iso9660: Unknown parameter ''
[  203.053762][T11042] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.053772][T11069] loop6: detected capacity change from 0 to 128
[  203.054055][T11069] vfat: Unknown parameter '˙˙˙˙'
[  203.060890][T11042] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.089554][T11042] bridge_slave_0: entered allmulticast mode
[  203.098029][T11042] bridge_slave_0: entered promiscuous mode
[  203.105418][T11042] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.112549][T11042] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.120014][T11042] bridge_slave_1: entered allmulticast mode
[  203.130205][T11042] bridge_slave_1: entered promiscuous mode
[  203.156319][T11069] siw: device registration error -23
[  203.177900][T11042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.188611][T11042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.225530][T11072] loop6: detected capacity change from 0 to 512
[  203.243096][T11042] team0: Port device team_slave_0 added
[  203.249742][T11042] team0: Port device team_slave_1 added
[  203.261557][T11072] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.275172][T11072] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  203.286550][T11072] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.297794][T11042] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.304830][T11042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.330904][T11042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.369427][T11042] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.376462][T11042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.402950][T11042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.470827][T11078] loop6: detected capacity change from 0 to 512
[  203.491692][T11078] EXT4-fs: Ignoring removed mblk_io_submit option
[  203.501216][T11078] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  203.513945][T11078] EXT4-fs (loop6): can't mount with data_err=abort, fs mounted w/o journal
[  203.534655][T11042] hsr_slave_0: entered promiscuous mode
[  203.540954][T11042] hsr_slave_1: entered promiscuous mode
[  203.546968][T11042] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  203.555734][T11042] Cannot create hsr debugfs directory
[  204.053950][T11042] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  204.075169][T11042] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  204.096140][T11042] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  204.117757][T11042] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  204.273938][T11042] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.292664][T10961] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.304676][T10961] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.320408][T10961] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.334199][T11042] 8021q: adding VLAN 0 to HW filter on device team0
[  204.345101][T10961] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  204.364939][ T5382] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.384373][ T5337] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.391653][ T5337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.415048][T11042] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  204.425640][T11042] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  204.439705][ T5382] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.454576][T11090] loop1: detected capacity change from 0 to 512
[  204.462747][ T5337] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.469937][ T5337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.484635][T11090] EXT4-fs (loop1): 1 orphan inode deleted
[  204.488643][T11094] FAULT_INJECTION: forcing a failure.
[  204.488643][T11094] name failslab, interval 1, probability 0, space 0, times 0
[  204.490981][T11090] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.503296][T11094] CPU: 0 UID: 0 PID: 11094 Comm: syz.5.2578 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  204.503359][T11094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  204.503370][T11094] Call Trace:
[  204.503376][T11094]  <TASK>
[  204.503384][T11094]  __dump_stack+0x1d/0x30
[  204.503407][T11094]  dump_stack_lvl+0xe8/0x140
[  204.503460][T11094]  dump_stack+0x15/0x1b
[  204.503477][T11094]  should_fail_ex+0x265/0x280
[  204.503506][T11094]  should_failslab+0x8c/0xb0
[  204.503600][T11094]  __kmalloc_noprof+0xa5/0x3e0
[  204.503686][T11094]  ? br_dev_siocdevprivate+0x6ac/0xce0
[  204.503754][T11094]  br_dev_siocdevprivate+0x6ac/0xce0
[  204.503783][T11094]  ? schedule+0x5f/0xd0
[  204.503807][T11094]  ? full_name_hash+0x92/0xe0
[  204.503832][T11094]  ? netdev_name_node_lookup+0xa4/0xd0
[  204.503926][T11094]  dev_ifsioc+0x8f5/0xaa0
[  204.503946][T11094]  dev_ioctl+0x78d/0x960
[  204.503964][T11094]  sock_ioctl+0x593/0x610
[  204.503985][T11094]  ? __pfx_sock_ioctl+0x10/0x10
[  204.504003][T11094]  __se_sys_ioctl+0xcb/0x140
[  204.504078][T11094]  __x64_sys_ioctl+0x43/0x50
[  204.504126][T11094]  x64_sys_call+0x19a8/0x2fb0
[  204.504222][T11094]  do_syscall_64+0xd2/0x200
[  204.504239][T11094]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  204.504264][T11094]  ? clear_bhb_loop+0x40/0x90
[  204.504351][T11094]  ? clear_bhb_loop+0x40/0x90
[  204.504457][T11094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.504477][T11094] RIP: 0033:0x7f3e587ce929
[  204.504494][T11094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.504511][T11094] RSP: 002b:00007f3e56e37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  204.504567][T11094] RAX: ffffffffffffffda RBX: 00007f3e589f5fa0 RCX: 00007f3e587ce929
[  204.504579][T11094] RDX: 0000200000001440 RSI: 00000000000089f0 RDI: 0000000000000006
[  204.504592][T11094] RBP: 00007f3e56e37090 R08: 0000000000000000 R09: 0000000000000000
[  204.504677][T11094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.504690][T11094] R13: 0000000000000000 R14: 00007f3e589f5fa0 R15: 00007fffa84585d8
[  204.504709][T11094]  </TASK>
[  204.542821][ T5384] __quota_error: 133 callbacks suppressed
[  204.542838][ T5384] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  204.590263][T11090] ext4 filesystem being mounted at /505/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.592656][ T5384] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:66: Failed to release dquot type 1
[  204.771252][ T5382] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.883373][ T5382] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.953258][T11042] 8021q: adding VLAN 0 to HW filter on device batadv0
[  204.998172][ T5382] bridge_slave_1: left allmulticast mode
[  205.003943][ T5382] bridge_slave_1: left promiscuous mode
[  205.009858][ T5382] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.018829][ T5382] bridge_slave_0: left allmulticast mode
[  205.024639][ T5382] bridge_slave_0: left promiscuous mode
[  205.030687][ T5382] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.163773][ T5382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  205.173973][ T5382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  205.184913][ T5382] bond0 (unregistering): Released all slaves
[  205.217249][T11091] lo speed is unknown, defaulting to 1000
[  205.258241][ T5382] hsr_slave_0: left promiscuous mode
[  205.282280][ T5382] hsr_slave_1: left promiscuous mode
[  205.288594][ T5382] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  205.296217][ T5382] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.304238][ T5382] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.311765][ T5382] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.322165][ T5382] veth1_macvtap: left promiscuous mode
[  205.327678][ T5382] veth0_macvtap: left promiscuous mode
[  205.334315][ T5382] veth1_vlan: left promiscuous mode
[  205.339671][ T5382] veth0_vlan: left promiscuous mode
[  205.412737][ T5382] team0 (unregistering): Port device team_slave_1 removed
[  205.426014][ T5382] team0 (unregistering): Port device team_slave_0 removed
[  205.540787][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.571575][T11091] chnl_net:caif_netlink_parms(): no params data found
[  205.613522][T11042] veth0_vlan: entered promiscuous mode
[  205.626661][T11129] loop1: detected capacity change from 0 to 736
[  205.638025][T11042] veth1_vlan: entered promiscuous mode
[  205.670616][T11129] iso9660: Unknown parameter ''
[  205.709801][T11129] cgroup: fork rejected by pids controller in /syz1
[  205.734239][T11042] veth0_macvtap: entered promiscuous mode
[  205.773938][T11042] veth1_macvtap: entered promiscuous mode
[  205.795393][T11091] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.802647][T11091] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.814133][T11091] bridge_slave_0: entered allmulticast mode
[  205.842173][T11091] bridge_slave_0: entered promiscuous mode
[  205.863833][T11091] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.871008][T11091] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.900078][T11091] bridge_slave_1: entered allmulticast mode
[  205.918213][T11091] bridge_slave_1: entered promiscuous mode
[  205.957011][T11091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.970500][T11042] batman_adv: batadv0: Interface activated: batadv_slave_0
[  205.987024][T11091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.000053][T11042] batman_adv: batadv0: Interface activated: batadv_slave_1
[  206.014435][T11042] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  206.023465][T11042] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  206.032367][T11042] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  206.041320][T11042] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  206.071087][T11091] team0: Port device team_slave_0 added
[  206.088704][T11138] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2586'.
[  206.105821][T11091] team0: Port device team_slave_1 added
[  206.131988][T11140] netlink: 'syz.5.2587': attribute type 1 has an invalid length.
[  206.139798][T11140] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2587'.
[  206.151629][T11091] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.158709][T11091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.162502][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.184938][T11091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.192364][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.210367][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.217826][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.225332][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.231943][   T29] audit: type=1400 audit(1749989095.035:25123): avc:  denied  { firmware_load } for  pid=11137 comm="syz.6.2586" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  206.232737][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.259735][T11144] IPv6: NLM_F_CREATE should be specified when creating new route
[  206.265260][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.280440][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.287952][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.295384][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.302867][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.307181][T11144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.310263][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.318882][T11144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.326134][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.341540][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.349210][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.355814][T11091] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.356844][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.363738][T11091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.371325][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.397172][T11091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.415709][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.423252][ T5107] hid-generic 0006:0000:0000.0005: unknown main item tag 0x0
[  206.434332][ T5107] hid-generic 0006:0000:0000.0005: hidraw0: VIRTUAL HID vffffff.02 Device [syz0] on syz1
[  206.474619][ T5348] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.494541][T11149] netlink: 'syz.5.2588': attribute type 1 has an invalid length.
[  206.502404][T11149] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2588'.
[  206.521009][T11091] hsr_slave_0: entered promiscuous mode
[  206.528661][T11091] hsr_slave_1: entered promiscuous mode
[  206.540756][ T5348] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.600661][T11155] netlink: 'syz.5.2590': attribute type 1 has an invalid length.
[  206.620365][T11155] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  206.662884][ T5348] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.745493][ T5348] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.757093][T11172] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2592'.
[  206.770154][T11167] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2592'.
[  206.804366][T11157] lo speed is unknown, defaulting to 1000
[  206.822409][T11167] lo speed is unknown, defaulting to 1000
[  206.840677][ T5348] bridge_slave_1: left allmulticast mode
[  206.846443][ T5348] bridge_slave_1: left promiscuous mode
[  206.852385][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.862087][ T5348] bridge_slave_0: left allmulticast mode
[  206.863498][T11172] loop5: detected capacity change from 0 to 164
[  206.867814][ T5348] bridge_slave_0: left promiscuous mode
[  206.874953][T11172] iso9660: Unknown parameter 'showas–msoc'
[  206.879850][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.888033][T11172] SELinux: syz.5.2592 (11172) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  207.351359][T11180] loop6: detected capacity change from 0 to 512
[  207.361833][   T29] audit: type=1326 audit(1749989096.175:25124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11182 comm="syz.2.2595" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3f0ab3e929 code=0x0
[  207.397370][T11180] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.409990][T11180] ext4 filesystem being mounted at /191/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  207.422572][T11189] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2595'.
[  207.474593][ T5348] bond1 (unregistering): (slave gretap1): Releasing active interface
[  208.105407][ T5348] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  208.116575][ T5348] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  208.126532][ T5348] bond0 (unregistering): Released all slaves
[  208.138454][ T5348] bond1 (unregistering): Released all slaves
[  208.172907][T11183] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.180594][T11183] batadv_slave_0: entered promiscuous mode
[  208.186587][T11183] batadv_slave_0: entered allmulticast mode
[  208.228556][ T5348] hsr_slave_0: left promiscuous mode
[  208.241327][ T5348] hsr_slave_1: left promiscuous mode
[  208.254164][ T5348] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.261694][ T5348] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.269756][ T5348] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.277289][ T5348] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.289476][ T5348] veth1_macvtap: left promiscuous mode
[  208.295154][ T5348] veth0_macvtap: left promiscuous mode
[  208.300706][ T5348] veth1_vlan: left promiscuous mode
[  208.307709][ T5348] veth0_vlan: left promiscuous mode
[  208.392324][T11194] loop2: detected capacity change from 0 to 512
[  208.399081][T11194] EXT4-fs: Ignoring removed mblk_io_submit option
[  208.433437][T11194] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  208.441955][T11194] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal
[  208.574361][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.648665][ T5348] team0 (unregistering): Port device team_slave_1 removed
[  208.661030][ T5348] team0 (unregistering): Port device team_slave_0 removed
[  208.790291][T11091] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  208.804891][T11157] chnl_net:caif_netlink_parms(): no params data found
[  208.815263][T11091] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  208.830099][T11091] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  208.862849][T11091] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  208.890963][T11157] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.898228][T11157] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.906107][T11157] bridge_slave_0: entered allmulticast mode
[  208.913725][T11157] bridge_slave_0: entered promiscuous mode
[  208.941832][T11157] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.949043][T11157] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.956858][T11157] bridge_slave_1: entered allmulticast mode
[  208.963444][T11157] bridge_slave_1: entered promiscuous mode
[  208.975854][T11091] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.989212][T11091] 8021q: adding VLAN 0 to HW filter on device team0
[  209.010761][T11157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.022157][T11157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.034646][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.041759][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.071092][T11211] cgroup: release_agent respecified
[  209.078672][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.085780][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.128486][ T5348] IPVS: stop unused estimator thread 0...
[  209.135102][T11157] team0: Port device team_slave_0 added
[  209.158947][T11157] team0: Port device team_slave_1 added
[  209.179921][T11157] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.186982][T11157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.213008][T11157] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.233254][T11157] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.240328][T11157] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.266470][T11157] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.299137][T11157] hsr_slave_0: entered promiscuous mode
[  209.305634][T11157] hsr_slave_1: entered promiscuous mode
[  209.312753][T11157] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  209.320437][T11157] Cannot create hsr debugfs directory
[  209.368825][T11091] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.474806][T11091] veth0_vlan: entered promiscuous mode
[  209.484072][T11091] veth1_vlan: entered promiscuous mode
[  209.504381][T11091] veth0_macvtap: entered promiscuous mode
[  209.514295][T11091] veth1_macvtap: entered promiscuous mode
[  209.521386][   T29] audit: type=1326 audit(1749989098.335:25125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.552483][   T29] audit: type=1326 audit(1749989098.335:25126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.576238][   T29] audit: type=1326 audit(1749989098.355:25127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.600081][   T29] audit: type=1326 audit(1749989098.355:25128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.624053][   T29] audit: type=1326 audit(1749989098.355:25129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.647819][   T29] audit: type=1326 audit(1749989098.355:25130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.651589][T11091] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.671493][   T29] audit: type=1326 audit(1749989098.355:25131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.686026][T11091] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.702519][   T29] audit: type=1326 audit(1749989098.355:25132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.731371][T11091] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.733203][   T29] audit: type=1326 audit(1749989098.355:25133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.741822][T11091] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.765623][   T29] audit: type=1326 audit(1749989098.355:25134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.774312][T11091] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.798235][   T29] audit: type=1326 audit(1749989098.355:25135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.6.2599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b52bce929 code=0x7ffc0000
[  209.806925][T11091] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.890504][T11157] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  209.900670][T11157] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  209.913671][T11157] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  209.933591][T11157] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  209.965435][T11230] loop3: detected capacity change from 0 to 1024
[  209.985042][T11230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.026353][T11091] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.043969][T11157] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.076119][T11157] 8021q: adding VLAN 0 to HW filter on device team0
[  210.088899][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.096038][ T5348] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.125754][ T5384] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.133050][ T5384] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.248139][T11157] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.294961][T11242] FAULT_INJECTION: forcing a failure.
[  210.294961][T11242] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.308125][T11242] CPU: 0 UID: 0 PID: 11242 Comm: syz.5.2601 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  210.308178][T11242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  210.308190][T11242] Call Trace:
[  210.308196][T11242]  <TASK>
[  210.308204][T11242]  __dump_stack+0x1d/0x30
[  210.308254][T11242]  dump_stack_lvl+0xe8/0x140
[  210.308274][T11242]  dump_stack+0x15/0x1b
[  210.308292][T11242]  should_fail_ex+0x265/0x280
[  210.308321][T11242]  should_fail+0xb/0x20
[  210.308344][T11242]  should_fail_usercopy+0x1a/0x20
[  210.308443][T11242]  _copy_from_user+0x1c/0xb0
[  210.308463][T11242]  ___sys_sendmsg+0xc1/0x1d0
[  210.308502][T11242]  __x64_sys_sendmsg+0xd4/0x160
[  210.308572][T11242]  x64_sys_call+0x2999/0x2fb0
[  210.308596][T11242]  do_syscall_64+0xd2/0x200
[  210.308616][T11242]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  210.308676][T11242]  ? clear_bhb_loop+0x40/0x90
[  210.308799][T11242]  ? clear_bhb_loop+0x40/0x90
[  210.308824][T11242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.308847][T11242] RIP: 0033:0x7f3e587ce929
[  210.308915][T11242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.308936][T11242] RSP: 002b:00007f3e56e37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  210.308955][T11242] RAX: ffffffffffffffda RBX: 00007f3e589f5fa0 RCX: 00007f3e587ce929
[  210.309044][T11242] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  210.309058][T11242] RBP: 00007f3e56e37090 R08: 0000000000000000 R09: 0000000000000000
[  210.309071][T11242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.309084][T11242] R13: 0000000000000000 R14: 00007f3e589f5fa0 R15: 00007fffa84585d8
[  210.309105][T11242]  </TASK>
[  210.514643][T11259] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.563355][T11262] IPv6: NLM_F_CREATE should be specified when creating new route
[  210.572414][T11262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.580960][T11262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.594327][T11157] veth0_vlan: entered promiscuous mode
[  210.616557][T11264] loop6: detected capacity change from 0 to 128
[  210.619588][T11266] loop5: detected capacity change from 0 to 128
[  210.627682][T11157] veth1_vlan: entered promiscuous mode
[  210.642841][T11266] vfat: Unknown parameter '˙˙˙˙'
[  210.741023][T11266] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98
[  210.747927][T11157] veth0_macvtap: entered promiscuous mode
[  210.763037][T11157] veth1_macvtap: entered promiscuous mode
[  210.782531][T11157] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.804109][T11157] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.824534][T11157] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.833364][T11157] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.842273][T11157] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.851143][T11157] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.983539][T11278] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.009642][T11281] loop1: detected capacity change from 0 to 512
[  211.018668][T11283] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.019582][T11281] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  211.035921][T11284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  211.048102][T11284] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  211.061810][T11281] EXT4-fs (loop1): 1 truncate cleaned up
[  211.069247][T11281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.090488][T11278] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.104383][T11286] IPv6: NLM_F_CREATE should be specified when creating new route
[  211.229116][T11286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  211.245055][T11286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  211.245865][T11283] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.315728][T11278] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.384158][T11283] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.434858][T11278] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.484756][T11283] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.512018][T10987] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 256: padding at end of block bitmap is not set
[  211.539573][T10987] EXT4-fs (loop1): Remounting filesystem read-only
[  211.558947][T11278] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.610889][T11283] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.659698][T11278] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.682906][T11278] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.696491][T11283] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.719903][T11278] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.758930][T11283] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.774292][T11283] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.884644][T11157] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.067503][T11302] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2618'.
[  212.100663][T11306] FAULT_INJECTION: forcing a failure.
[  212.100663][T11306] name failslab, interval 1, probability 0, space 0, times 0
[  212.113405][T11306] CPU: 1 UID: 0 PID: 11306 Comm: syz.5.2620 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  212.113427][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.113487][T11306] Call Trace:
[  212.113493][T11306]  <TASK>
[  212.113499][T11306]  __dump_stack+0x1d/0x30
[  212.113554][T11306]  dump_stack_lvl+0xe8/0x140
[  212.113584][T11306]  dump_stack+0x15/0x1b
[  212.113593][T11306]  should_fail_ex+0x265/0x280
[  212.113610][T11306]  should_failslab+0x8c/0xb0
[  212.113622][T11306]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  212.113638][T11306]  ? v9fs_session_init+0x4b/0xde0
[  212.113716][T11306]  kstrdup+0x3e/0xd0
[  212.113727][T11306]  v9fs_session_init+0x4b/0xde0
[  212.113769][T11306]  ? obj_cgroup_charge_account+0x122/0x1a0
[  212.113784][T11306]  ? __rcu_read_unlock+0x4f/0x70
[  212.113823][T11306]  ? should_fail_ex+0xdb/0x280
[  212.113878][T11306]  ? v9fs_mount+0x51/0x590
[  212.113891][T11306]  ? should_failslab+0x8c/0xb0
[  212.113902][T11306]  ? __kmalloc_cache_noprof+0x189/0x320
[  212.113940][T11306]  v9fs_mount+0x67/0x590
[  212.113953][T11306]  ? __pfx_v9fs_mount+0x10/0x10
[  212.113966][T11306]  legacy_get_tree+0x78/0xd0
[  212.114036][T11306]  vfs_get_tree+0x57/0x1d0
[  212.114045][T11306]  do_new_mount+0x207/0x680
[  212.114129][T11306]  path_mount+0x4a4/0xb20
[  212.114143][T11306]  ? user_path_at+0x109/0x130
[  212.114156][T11306]  __se_sys_mount+0x28f/0x2e0
[  212.114165][T11306]  ? fput+0x8f/0xc0
[  212.114196][T11306]  __x64_sys_mount+0x67/0x80
[  212.114205][T11306]  x64_sys_call+0xd36/0x2fb0
[  212.114254][T11306]  do_syscall_64+0xd2/0x200
[  212.114278][T11306]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  212.114290][T11306]  ? clear_bhb_loop+0x40/0x90
[  212.114301][T11306]  ? clear_bhb_loop+0x40/0x90
[  212.114312][T11306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.114323][T11306] RIP: 0033:0x7f3e587ce929
[  212.114392][T11306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.114402][T11306] RSP: 002b:00007f3e56e37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  212.114414][T11306] RAX: ffffffffffffffda RBX: 00007f3e589f5fa0 RCX: 00007f3e587ce929
[  212.114495][T11306] RDX: 0000200000000240 RSI: 0000200000000200 RDI: 0000000000000000
[  212.114502][T11306] RBP: 00007f3e56e37090 R08: 0000200000000400 R09: 0000000000000000
[  212.114508][T11306] R10: 000000000021004a R11: 0000000000000246 R12: 0000000000000002
[  212.114515][T11306] R13: 0000000000000000 R14: 00007f3e589f5fa0 R15: 00007fffa84585d8
[  212.114529][T11306]  </TASK>
[  212.609777][T11318] loop6: detected capacity change from 0 to 164
[  212.620476][T11318] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  212.786954][T11330] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2630'.
[  212.907872][T11340] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2633'.
[  212.917334][T11337] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2633'.
[  212.927032][T11342] FAULT_INJECTION: forcing a failure.
[  212.927032][T11342] name failslab, interval 1, probability 0, space 0, times 0
[  212.939735][T11342] CPU: 1 UID: 0 PID: 11342 Comm: syz.1.2635 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  212.939766][T11342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.939786][T11342] Call Trace:
[  212.939794][T11342]  <TASK>
[  212.939802][T11342]  __dump_stack+0x1d/0x30
[  212.939825][T11342]  dump_stack_lvl+0xe8/0x140
[  212.939895][T11342]  dump_stack+0x15/0x1b
[  212.939912][T11342]  should_fail_ex+0x265/0x280
[  212.939945][T11342]  should_failslab+0x8c/0xb0
[  212.939987][T11342]  kmem_cache_alloc_noprof+0x50/0x310
[  212.940011][T11342]  ? alloc_empty_file+0x76/0x200
[  212.940034][T11342]  alloc_empty_file+0x76/0x200
[  212.940088][T11342]  dentry_open+0x2d/0x90
[  212.940128][T11342]  __se_sys_fsmount+0x455/0x580
[  212.940148][T11342]  __x64_sys_fsmount+0x43/0x50
[  212.940167][T11342]  x64_sys_call+0x2a6a/0x2fb0
[  212.940209][T11342]  do_syscall_64+0xd2/0x200
[  212.940226][T11342]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  212.940252][T11342]  ? clear_bhb_loop+0x40/0x90
[  212.940284][T11342]  ? clear_bhb_loop+0x40/0x90
[  212.940307][T11342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.940329][T11342] RIP: 0033:0x7f2ea307e929
[  212.940344][T11342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.940361][T11342] RSP: 002b:00007f2ea16e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b0
[  212.940452][T11342] RAX: ffffffffffffffda RBX: 00007f2ea32a5fa0 RCX: 00007f2ea307e929
[  212.940466][T11342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  212.940479][T11342] RBP: 00007f2ea16e7090 R08: 0000000000000000 R09: 0000000000000000
[  212.940491][T11342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.940503][T11342] R13: 0000000000000000 R14: 00007f2ea32a5fa0 R15: 00007fff0f669378
[  212.940520][T11342]  </TASK>
[  213.135876][T11259] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.161891][T11348] loop1: detected capacity change from 0 to 736
[  213.168679][T11348] iso9660: Unknown parameter ''
[  213.183528][T11344] SELinux:  Context system_u:object_r:hald_sonypic_exec_t:s0 is not valid (left unmapped).
[  213.350373][T11359] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2641'.
[  213.377661][T11361] netlink: 'syz.6.2642': attribute type 1 has an invalid length.
[  213.385444][T11361] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2642'.
[  213.486792][T11370] loop6: detected capacity change from 0 to 128
[  213.494614][T11370] vfat: Unknown parameter '˙˙˙˙'
[  213.512279][T11370] siw: device registration error -23
[  213.717191][T11384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2652'.
[  213.739105][T11386] loop2: detected capacity change from 0 to 512
[  213.753409][T11386] EXT4-fs (loop2): 1 orphan inode deleted
[  213.760343][T11386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.773371][ T5355] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:37: Failed to release dquot type 1
[  213.773505][T11386] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.798028][T11386] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.2653: iget: bad i_size value: 360287970189639690
[  213.862819][T11390] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.2653: iget: bad i_size value: 360287970189639690
[  214.105207][T11392] netlink: 'syz.5.2654': attribute type 1 has an invalid length.
[  214.113023][T11392] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2654'.
[  214.186932][T11396] FAULT_INJECTION: forcing a failure.
[  214.186932][T11396] name failslab, interval 1, probability 0, space 0, times 0
[  214.199681][T11396] CPU: 0 UID: 0 PID: 11396 Comm: syz.5.2655 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  214.199706][T11396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  214.199840][T11396] Call Trace:
[  214.199844][T11396]  <TASK>
[  214.199909][T11396]  __dump_stack+0x1d/0x30
[  214.199922][T11396]  dump_stack_lvl+0xe8/0x140
[  214.199932][T11396]  dump_stack+0x15/0x1b
[  214.199941][T11396]  should_fail_ex+0x265/0x280
[  214.199956][T11396]  should_failslab+0x8c/0xb0
[  214.200042][T11396]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  214.200064][T11396]  ? __d_alloc+0x3d/0x350
[  214.200076][T11396]  __d_alloc+0x3d/0x350
[  214.200087][T11396]  ? vfs_write+0x75e/0x8e0
[  214.200140][T11396]  d_alloc_pseudo+0x1e/0x80
[  214.200156][T11396]  alloc_file_pseudo+0x71/0x160
[  214.200188][T11396]  anon_inode_getfile+0xa0/0x120
[  214.200264][T11396]  do_epoll_create+0x1d0/0x270
[  214.200276][T11396]  __x64_sys_epoll_create+0x35/0x60
[  214.200300][T11396]  x64_sys_call+0x20e/0x2fb0
[  214.200311][T11396]  do_syscall_64+0xd2/0x200
[  214.200321][T11396]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  214.200334][T11396]  ? clear_bhb_loop+0x40/0x90
[  214.200405][T11396]  ? clear_bhb_loop+0x40/0x90
[  214.200416][T11396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.200456][T11396] RIP: 0033:0x7f3e587ce929
[  214.200466][T11396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.200476][T11396] RSP: 002b:00007f3e56e37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5
[  214.200487][T11396] RAX: ffffffffffffffda RBX: 00007f3e589f5fa0 RCX: 00007f3e587ce929
[  214.200494][T11396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000c8
[  214.200501][T11396] RBP: 00007f3e56e37090 R08: 0000000000000000 R09: 0000000000000000
[  214.200580][T11396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.200592][T11396] R13: 0000000000000000 R14: 00007f3e589f5fa0 R15: 00007fffa84585d8
[  214.200602][T11396]  </TASK>
[  214.449866][T11402] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO
[  214.474995][T11404] netlink: 'syz.6.2659': attribute type 1 has an invalid length.
[  214.534542][T11405] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2659'.
[  214.582529][T11042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.627097][T11413] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2663'.
[  214.678397][T11409] lo speed is unknown, defaulting to 1000
[  214.736180][T11259] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.750348][T11415] lo speed is unknown, defaulting to 1000
[  214.762500][T11409] loop2: detected capacity change from 0 to 164
[  214.769150][   T29] kauditd_printk_skb: 295 callbacks suppressed
[  214.769167][   T29] audit: type=1400 audit(1749989103.575:25426): avc:  denied  { create } for  pid=11408 comm="syz.2.2661" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC
[  214.769335][T11409] iso9660: Unknown parameter 'showas–msoc'
[  214.775510][   T29] audit: type=1400 audit(1749989103.575:25427): avc:  denied  { associate } for  pid=11408 comm="syz.2.2661" name="file0" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=DC
[  214.790629][   T29] audit: type=1400 audit(1749989103.575:25428): avc:  denied  { mounton } for  pid=11408 comm="syz.2.2661" path="/14/file0" dev="tmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC
[  214.803241][T11420] loop6: detected capacity change from 0 to 164
[  214.861012][T11259] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.864530][T11409] SELinux: syz.2.2661 (11409) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  214.886103][T11420] iso9660: Unknown parameter 'showas–msoc'
[  214.906643][T11415] SELinux: syz.6.2664 (11415) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  214.947630][   T29] audit: type=1400 audit(1749989103.755:25429): avc:  denied  { rmdir } for  pid=11042 comm="syz-executor" name="file0" dev="tmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC
[  214.974592][T11259] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  214.986663][T11259] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.004204][ T5333] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.019200][T11259] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.033420][T11259] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.049741][ T5333] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.063540][T11425] lo speed is unknown, defaulting to 1000
[  215.096473][ T5333] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.122970][T11430] lo speed is unknown, defaulting to 1000
[  215.157541][ T5333] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.168614][T11438] loop2: detected capacity change from 0 to 164
[  215.176520][T11438] iso9660: Unknown parameter 'showas–msoc'
[  215.185933][T11425] chnl_net:caif_netlink_parms(): no params data found
[  215.225962][T11430] SELinux: syz.2.2666 (11430) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  215.253508][T11425] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.260794][T11425] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.268583][T11425] bridge_slave_0: entered allmulticast mode
[  215.275385][T11425] bridge_slave_0: entered promiscuous mode
[  215.282617][T11425] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.289722][T11425] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.297018][T11425] bridge_slave_1: entered allmulticast mode
[  215.304010][T11425] bridge_slave_1: entered promiscuous mode
[  215.317208][ T5333] bridge_slave_1: left allmulticast mode
[  215.322965][ T5333] bridge_slave_1: left promiscuous mode
[  215.328774][ T5333] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.336535][ T5333] bridge_slave_0: left allmulticast mode
[  215.342332][ T5333] bridge_slave_0: left promiscuous mode
[  215.348184][ T5333] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.363390][T11455] loop5: detected capacity change from 0 to 1024
[  215.373921][T11455] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.386587][T11455] ext4 filesystem being mounted at /97/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.408703][T11459] loop2: detected capacity change from 0 to 1024
[  215.417946][T11459] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.433200][T11459] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.469449][ T9943] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.484236][ T5333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  215.497073][ T5333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  215.507083][ T5333] bond0 (unregistering): Released all slaves
[  215.544834][T11425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  215.562307][T11425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  215.574774][ T5333] hsr_slave_0: left promiscuous mode
[  215.580683][ T5333] hsr_slave_1: left promiscuous mode
[  215.588015][ T5333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  215.595551][ T5333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  215.603369][ T5333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  215.610853][ T5333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  215.626050][T11477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.634571][T11477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.634681][ T5333] veth1_macvtap: left promiscuous mode
[  215.649165][ T5333] veth0_macvtap: left promiscuous mode
[  215.655287][T11474] loop6: detected capacity change from 0 to 512
[  215.655351][ T5333] veth1_vlan: left promiscuous mode
[  215.667565][ T5333] veth0_vlan: left promiscuous mode
[  215.668106][T11474] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  215.689253][T11475] loop5: detected capacity change from 0 to 1024
[  215.699111][T11474] EXT4-fs error (device loop6): ext4_quota_enable:7120: comm syz.6.2679: Bad quota inum: 29696, type: 1
[  215.712308][T11474] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  215.721042][T11475] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.728693][T11474] EXT4-fs (loop6): mount failed
[  215.771954][ T5333] team0 (unregistering): Port device team_slave_1 removed
[  215.783301][ T5333] team0 (unregistering): Port device team_slave_0 removed
[  215.812135][T11470] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.839759][T11425] team0: Port device team_slave_0 added
[  215.849505][ T9943] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.850686][T11425] team0: Port device team_slave_1 added
[  215.879637][T11425] batman_adv: batadv0: Adding interface: batadv_slave_0
[  215.886714][T11425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.912699][T11425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  215.925648][T11425] batman_adv: batadv0: Adding interface: batadv_slave_1
[  215.932674][T11425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.958904][T11425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  215.972323][T11486] loop6: detected capacity change from 0 to 512
[  215.986505][T11470] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.036141][T11492] loop3: detected capacity change from 0 to 512
[  216.045980][T11425] hsr_slave_0: entered promiscuous mode
[  216.053281][T11425] hsr_slave_1: entered promiscuous mode
[  216.057331][T11494] loop5: detected capacity change from 0 to 736
[  216.059093][T11492] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  216.075661][T11425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  216.075719][T11494] iso9660: Unknown parameter ''
[  216.083366][T11425] Cannot create hsr debugfs directory
[  216.095220][T11470] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.108865][T11492] EXT4-fs (loop3): 1 truncate cleaned up
[  216.115040][T11492] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.142816][T11470] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.210759][T11501] SELinux:  Context system_u:object_r:textrel_shlib_t:s0 is not valid (left unmapped).
[  216.220863][   T29] audit: type=1400 audit(1749989105.025:25430): avc:  denied  { relabelto } for  pid=11485 comm="syz.6.2681" name="220" dev="tmpfs" ino=1192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:textrel_shlib_t:s0"
[  216.254739][   T29] audit: type=1400 audit(1749989105.025:25431): avc:  denied  { associate } for  pid=11485 comm="syz.6.2681" name="220" dev="tmpfs" ino=1192 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:textrel_shlib_t:s0"
[  216.345330][T11470] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.358980][T11470] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.373093][T11470] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.387232][T11470] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.528807][T11516] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.633989][T11516] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.655474][T11520] loop5: detected capacity change from 0 to 1024
[  216.680712][T11520] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.725970][T11516] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.740943][ T9943] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.793117][T11516] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.816965][T11425] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  216.825848][T11425] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  216.834964][T11425] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  216.844099][T11425] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  216.901575][T11516] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.910650][T11091] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.913766][T11516] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.939475][T11425] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.952127][T11425] 8021q: adding VLAN 0 to HW filter on device team0
[  216.961058][ T5333] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.968366][ T5333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.979459][T11516] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.997650][T11516] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.014371][ T5333] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.021542][ T5333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.079896][T11542] __nla_validate_parse: 10 callbacks suppressed
[  217.079993][T11542] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2698'.
[  217.087850][T11539] cgroup: release_agent respecified
[  217.117894][T11545] FAULT_INJECTION: forcing a failure.
[  217.117894][T11545] name failslab, interval 1, probability 0, space 0, times 0
[  217.120511][T11547] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  217.130653][T11545] CPU: 1 UID: 0 PID: 11545 Comm: syz.2.2699 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  217.130701][T11545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  217.130714][T11545] Call Trace:
[  217.130722][T11545]  <TASK>
[  217.130730][T11545]  __dump_stack+0x1d/0x30
[  217.130753][T11545]  dump_stack_lvl+0xe8/0x140
[  217.130772][T11545]  dump_stack+0x15/0x1b
[  217.130789][T11545]  should_fail_ex+0x265/0x280
[  217.130909][T11545]  should_failslab+0x8c/0xb0
[  217.130933][T11545]  kmem_cache_alloc_noprof+0x50/0x310
[  217.130959][T11545]  ? alloc_empty_file+0x76/0x200
[  217.130985][T11545]  alloc_empty_file+0x76/0x200
[  217.131051][T11545]  path_openat+0x68/0x2170
[  217.131078][T11545]  ? _parse_integer_limit+0x170/0x190
[  217.131112][T11545]  ? _parse_integer+0x27/0x40
[  217.131193][T11545]  ? kstrtoull+0x111/0x140
[  217.131258][T11545]  ? kstrtouint+0x76/0xc0
[  217.131285][T11545]  do_filp_open+0x109/0x230
[  217.131318][T11545]  do_sys_openat2+0xa6/0x110
[  217.131413][T11545]  __x64_sys_creat+0x65/0x90
[  217.131440][T11545]  x64_sys_call+0x114d/0x2fb0
[  217.131461][T11545]  do_syscall_64+0xd2/0x200
[  217.131480][T11545]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  217.131572][T11545]  ? clear_bhb_loop+0x40/0x90
[  217.131658][T11545]  ? clear_bhb_loop+0x40/0x90
[  217.131678][T11545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.131700][T11545] RIP: 0033:0x7f3f0ab3e929
[  217.131779][T11545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.131797][T11545] RSP: 002b:00007f3f091a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  217.131894][T11545] RAX: ffffffffffffffda RBX: 00007f3f0ad65fa0 RCX: 00007f3f0ab3e929
[  217.131908][T11545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380
[  217.131921][T11545] RBP: 00007f3f091a7090 R08: 0000000000000000 R09: 0000000000000000
[  217.131934][T11545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.131946][T11545] R13: 0000000000000000 R14: 00007f3f0ad65fa0 R15: 00007ffc31157618
[  217.131964][T11545]  </TASK>
[  217.226942][T11425] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.298718][T11551] loop6: detected capacity change from 0 to 512
[  217.381199][T11551] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  217.419185][T11558] netlink: 'syz.2.2701': attribute type 10 has an invalid length.
[  217.427168][T11558] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2701'.
[  217.438367][T11551] EXT4-fs (loop6): 1 truncate cleaned up
[  217.444672][T11551] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.472658][T11558] team0: entered promiscuous mode
[  217.477950][T11558] team_slave_0: entered promiscuous mode
[  217.483874][T11558] team_slave_1: entered promiscuous mode
[  217.489734][T11558] team0: entered allmulticast mode
[  217.496008][T11558] team_slave_0: entered allmulticast mode
[  217.501867][T11558] team_slave_1: entered allmulticast mode
[  217.508504][T11558] bridge0: port 3(team0) entered blocking state
[  217.514854][T11558] bridge0: port 3(team0) entered disabled state
[  217.523378][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.524377][T11558] bridge0: port 3(team0) entered blocking state
[  217.538913][T11558] bridge0: port 3(team0) entered forwarding state
[  217.563172][T11558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2701'.
[  217.572422][T11558] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.583358][T11563] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2702'.
[  217.612050][T11558] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.635930][T11425] veth0_vlan: entered promiscuous mode
[  217.653006][T11565] loop6: detected capacity change from 0 to 1024
[  217.664839][T11425] veth1_vlan: entered promiscuous mode
[  217.695978][T11565] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.716758][T11425] veth0_macvtap: entered promiscuous mode
[  217.728100][T11425] veth1_macvtap: entered promiscuous mode
[  217.739604][T11425] batman_adv: batadv0: Interface activated: batadv_slave_0
[  217.743247][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.758119][T11425] batman_adv: batadv0: Interface activated: batadv_slave_1
[  217.770626][T11425] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  217.779565][T11425] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  217.788790][T11425] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  217.797803][T11425] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.845329][T11584] FAULT_INJECTION: forcing a failure.
[  217.845329][T11584] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  217.849354][   T29] audit: type=1326 audit(1749989106.655:25432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11583 comm="syz.1.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  217.858740][T11584] CPU: 1 UID: 0 PID: 11584 Comm: syz.6.2707 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  217.858835][T11584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  217.858847][T11584] Call Trace:
[  217.858898][T11584]  <TASK>
[  217.858906][T11584]  __dump_stack+0x1d/0x30
[  217.858929][T11584]  dump_stack_lvl+0xe8/0x140
[  217.858948][T11584]  dump_stack+0x15/0x1b
[  217.858965][T11584]  should_fail_ex+0x265/0x280
[  217.858995][T11584]  should_fail+0xb/0x20
[  217.859126][T11584]  should_fail_usercopy+0x1a/0x20
[  217.859166][T11584]  _copy_from_iter+0xcf/0xe40
[  217.859190][T11584]  ? __build_skb_around+0x1a0/0x200
[  217.859223][T11584]  ? __alloc_skb+0x223/0x320
[  217.859319][T11584]  netlink_sendmsg+0x471/0x6b0
[  217.859341][T11584]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.859361][T11584]  __sock_sendmsg+0x142/0x180
[  217.859446][T11584]  ____sys_sendmsg+0x31e/0x4e0
[  217.859494][T11584]  ___sys_sendmsg+0x17b/0x1d0
[  217.859523][T11584]  __x64_sys_sendmsg+0xd4/0x160
[  217.859545][T11584]  x64_sys_call+0x2999/0x2fb0
[  217.859565][T11584]  do_syscall_64+0xd2/0x200
[  217.859584][T11584]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  217.859653][T11584]  ? clear_bhb_loop+0x40/0x90
[  217.859674][T11584]  ? clear_bhb_loop+0x40/0x90
[  217.859738][T11584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.859760][T11584] RIP: 0033:0x7f6b52bce929
[  217.859776][T11584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.859850][T11584] RSP: 002b:00007f6b51237038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.859872][T11584] RAX: ffffffffffffffda RBX: 00007f6b52df5fa0 RCX: 00007f6b52bce929
[  217.859885][T11584] RDX: 0000000000004040 RSI: 0000200000000240 RDI: 0000000000000004
[  217.859898][T11584] RBP: 00007f6b51237090 R08: 0000000000000000 R09: 0000000000000000
[  217.859911][T11584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.859923][T11584] R13: 0000000000000000 R14: 00007f6b52df5fa0 R15: 00007fffc002d2d8
[  217.859942][T11584]  </TASK>
[  217.927466][T11581] loop5: detected capacity change from 0 to 512
[  217.929996][   T29] audit: type=1326 audit(1749989106.655:25433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11583 comm="syz.1.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  218.000660][T11588] loop6: detected capacity change from 0 to 512
[  218.003525][   T29] audit: type=1326 audit(1749989106.655:25434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11583 comm="syz.1.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  218.003564][   T29] audit: type=1326 audit(1749989106.655:25435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11583 comm="syz.1.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  218.015345][T11581] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  218.187469][T11588] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  218.218121][T11588] EXT4-fs error (device loop6): ext4_quota_enable:7120: comm syz.6.2709: Bad quota inum: 29696, type: 1
[  218.246310][T11581] EXT4-fs error (device loop5): ext4_quota_enable:7120: comm syz.5.2708: Bad quota inum: 29696, type: 1
[  218.268549][T11588] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  218.302211][T11581] EXT4-fs warning (device loop5): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  218.322657][T11581] EXT4-fs (loop5): mount failed
[  218.328537][T11588] EXT4-fs (loop6): mount failed
[  218.366621][T11596] blkio.reset_stats is deprecated
[  218.388021][T11599] loop5: detected capacity change from 0 to 128
[  218.395822][T11599] vfat: Unknown parameter '˙˙˙˙'
[  218.569661][T11610] FAULT_INJECTION: forcing a failure.
[  218.569661][T11610] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.582969][T11610] CPU: 1 UID: 0 PID: 11610 Comm: syz.5.2715 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  218.583022][T11610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  218.583033][T11610] Call Trace:
[  218.583040][T11610]  <TASK>
[  218.583048][T11610]  __dump_stack+0x1d/0x30
[  218.583071][T11610]  dump_stack_lvl+0xe8/0x140
[  218.583092][T11610]  dump_stack+0x15/0x1b
[  218.583106][T11610]  should_fail_ex+0x265/0x280
[  218.583198][T11610]  should_fail+0xb/0x20
[  218.583262][T11610]  should_fail_usercopy+0x1a/0x20
[  218.583342][T11610]  _copy_from_iter+0xcf/0xe40
[  218.583357][T11610]  ? __build_skb_around+0x1a0/0x200
[  218.583508][T11610]  ? __alloc_skb+0x223/0x320
[  218.583534][T11610]  netlink_sendmsg+0x471/0x6b0
[  218.583554][T11610]  ? __pfx_netlink_sendmsg+0x10/0x10
[  218.583643][T11610]  __sock_sendmsg+0x142/0x180
[  218.583665][T11610]  ____sys_sendmsg+0x31e/0x4e0
[  218.583694][T11610]  ___sys_sendmsg+0x17b/0x1d0
[  218.583721][T11610]  __x64_sys_sendmsg+0xd4/0x160
[  218.583802][T11610]  x64_sys_call+0x2999/0x2fb0
[  218.583820][T11610]  do_syscall_64+0xd2/0x200
[  218.583836][T11610]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  218.583859][T11610]  ? clear_bhb_loop+0x40/0x90
[  218.583880][T11610]  ? clear_bhb_loop+0x40/0x90
[  218.583898][T11610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.583917][T11610] RIP: 0033:0x7f3e587ce929
[  218.583931][T11610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.584084][T11610] RSP: 002b:00007f3e56e37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  218.584200][T11610] RAX: ffffffffffffffda RBX: 00007f3e589f5fa0 RCX: 00007f3e587ce929
[  218.584211][T11610] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  218.584222][T11610] RBP: 00007f3e56e37090 R08: 0000000000000000 R09: 0000000000000000
[  218.584233][T11610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.584244][T11610] R13: 0000000000000000 R14: 00007f3e589f5fa0 R15: 00007fffa84585d8
[  218.584260][T11610]  </TASK>
[  218.882825][T11613] loop5: detected capacity change from 0 to 1024
[  218.895072][T11613] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.918807][ T9943] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.973109][T11622] FAULT_INJECTION: forcing a failure.
[  218.973109][T11622] name failslab, interval 1, probability 0, space 0, times 0
[  218.986077][T11622] CPU: 1 UID: 0 PID: 11622 Comm: syz.5.2719 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  218.986135][T11622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  218.986148][T11622] Call Trace:
[  218.986155][T11622]  <TASK>
[  218.986164][T11622]  __dump_stack+0x1d/0x30
[  218.986188][T11622]  dump_stack_lvl+0xe8/0x140
[  218.986209][T11622]  dump_stack+0x15/0x1b
[  218.986227][T11622]  should_fail_ex+0x265/0x280
[  218.986271][T11622]  should_failslab+0x8c/0xb0
[  218.986296][T11622]  kmem_cache_alloc_node_noprof+0x57/0x320
[  218.986327][T11622]  ? __alloc_skb+0x101/0x320
[  218.986469][T11622]  __alloc_skb+0x101/0x320
[  218.986495][T11622]  netlink_dump+0x148/0x7f0
[  218.986521][T11622]  ? genl_start+0x117/0x390
[  218.986539][T11622]  ? should_failslab+0x8c/0xb0
[  218.986617][T11622]  __netlink_dump_start+0x43e/0x520
[  218.986644][T11622]  genl_family_rcv_msg_dumpit+0x115/0x180
[  218.986672][T11622]  ? __pfx_genl_start+0x10/0x10
[  218.986749][T11622]  ? __pfx_genl_dumpit+0x10/0x10
[  218.986774][T11622]  ? __pfx_genl_done+0x10/0x10
[  218.986838][T11622]  genl_rcv_msg+0x3f0/0x460
[  218.986864][T11622]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[  218.986927][T11622]  netlink_rcv_skb+0x123/0x220
[  218.987007][T11622]  ? __pfx_genl_rcv_msg+0x10/0x10
[  218.987040][T11622]  genl_rcv+0x28/0x40
[  218.987064][T11622]  netlink_unicast+0x59e/0x670
[  218.987099][T11622]  netlink_sendmsg+0x58b/0x6b0
[  218.987201][T11622]  ? __pfx_netlink_sendmsg+0x10/0x10
[  218.987281][T11622]  __sock_sendmsg+0x142/0x180
[  218.987311][T11622]  ____sys_sendmsg+0x31e/0x4e0
[  218.987351][T11622]  ___sys_sendmsg+0x17b/0x1d0
[  218.987448][T11622]  __x64_sys_sendmsg+0xd4/0x160
[  218.987478][T11622]  x64_sys_call+0x2999/0x2fb0
[  218.987558][T11622]  do_syscall_64+0xd2/0x200
[  218.987578][T11622]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  218.987605][T11622]  ? clear_bhb_loop+0x40/0x90
[  218.987631][T11622]  ? clear_bhb_loop+0x40/0x90
[  218.987651][T11622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.987672][T11622] RIP: 0033:0x7f3e587ce929
[  218.987693][T11622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.987713][T11622] RSP: 002b:00007f3e56e37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  218.987738][T11622] RAX: ffffffffffffffda RBX: 00007f3e589f5fa0 RCX: 00007f3e587ce929
[  218.987785][T11622] RDX: 00000000040000c0 RSI: 0000200000000080 RDI: 0000000000000003
[  218.987877][T11622] RBP: 00007f3e56e37090 R08: 0000000000000000 R09: 0000000000000000
[  218.987891][T11622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.987933][T11622] R13: 0000000000000000 R14: 00007f3e589f5fa0 R15: 00007fffa84585d8
[  218.987954][T11622]  </TASK>
[  218.988787][T11623] IPVS: stopping master sync thread 11624 ...
[  218.993266][T11624] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  219.310655][T11634] loop5: detected capacity change from 0 to 128
[  219.324969][T11636] loop1: detected capacity change from 0 to 736
[  219.331916][T11636] iso9660: Unknown parameter ''
[  219.335330][T11634] vfat: Unknown parameter '˙˙˙˙'
[  219.386381][T11642] cgroup: release_agent respecified
[  219.402760][T11644] loop1: detected capacity change from 0 to 736
[  219.409498][T11644] iso9660: Unknown parameter ''
[  219.481927][T11649] loop1: detected capacity change from 0 to 164
[  219.491554][T11649] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  219.519773][T11653] loop6: detected capacity change from 0 to 1024
[  219.539186][T11653] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  219.563149][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.608771][T11660] loop1: detected capacity change from 0 to 512
[  219.616244][T11660] EXT4-fs: Ignoring removed bh option
[  219.622314][T11660] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  219.631546][T11660] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  219.640697][T11660] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  219.650303][T11660] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  219.725710][T11665] loop6: detected capacity change from 0 to 512
[  219.736377][T11660] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  219.753862][T11665] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.767380][T11665] ext4 filesystem being mounted at /233/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  219.833498][   T29] kauditd_printk_skb: 129 callbacks suppressed
[  219.833519][   T29] audit: type=1326 audit(1749989108.645:25565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa4dca4d290 code=0x7ffc0000
[  219.922564][T11425] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.964253][   T29] audit: type=1326 audit(1749989108.675:25566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fa4dca4d677 code=0x7ffc0000
[  219.987903][   T29] audit: type=1326 audit(1749989108.675:25567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa4dca4d290 code=0x7ffc0000
[  220.011596][   T29] audit: type=1326 audit(1749989108.675:25568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.035621][   T29] audit: type=1326 audit(1749989108.675:25569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.059254][   T29] audit: type=1326 audit(1749989108.705:25570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.083198][   T29] audit: type=1326 audit(1749989108.705:25571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.106969][   T29] audit: type=1326 audit(1749989108.705:25572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.130623][   T29] audit: type=1326 audit(1749989108.705:25573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.154194][   T29] audit: type=1326 audit(1749989108.705:25574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11659 comm="syz.1.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4dca4e929 code=0x7ffc0000
[  220.680621][T11671] FAULT_INJECTION: forcing a failure.
[  220.680621][T11671] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.693805][T11671] CPU: 0 UID: 0 PID: 11671 Comm: syz.1.2734 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  220.693838][T11671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  220.693924][T11671] Call Trace:
[  220.693932][T11671]  <TASK>
[  220.693942][T11671]  __dump_stack+0x1d/0x30
[  220.693966][T11671]  dump_stack_lvl+0xe8/0x140
[  220.693988][T11671]  dump_stack+0x15/0x1b
[  220.694038][T11671]  should_fail_ex+0x265/0x280
[  220.694070][T11671]  should_fail+0xb/0x20
[  220.694094][T11671]  should_fail_usercopy+0x1a/0x20
[  220.694127][T11671]  _copy_from_user+0x1c/0xb0
[  220.694156][T11671]  restore_altstack+0x4b/0x2d0
[  220.694182][T11671]  ? __set_task_blocked+0x23a/0x2a0
[  220.694207][T11671]  __ia32_sys_rt_sigreturn+0xdc/0x350
[  220.694290][T11671]  ? _raw_spin_unlock_irq+0x26/0x50
[  220.694317][T11671]  ? signal_setup_done+0x266/0x290
[  220.694368][T11671]  ? xfd_validate_state+0x45/0xf0
[  220.694422][T11671]  ? fpu__clear_user_states+0x63/0x1e0
[  220.694446][T11671]  ? fpregs_mark_activate+0x66/0x140
[  220.694469][T11671]  ? fpu__clear_user_states+0x63/0x1e0
[  220.694526][T11671]  ? arch_do_signal_or_restart+0x2f3/0x480
[  220.694547][T11671]  ? __rcu_read_unlock+0x4f/0x70
[  220.694573][T11671]  x64_sys_call+0x2e8a/0x2fb0
[  220.694597][T11671]  do_syscall_64+0xd2/0x200
[  220.694694][T11671]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  220.694717][T11671]  ? clear_bhb_loop+0x40/0x90
[  220.694736][T11671]  ? clear_bhb_loop+0x40/0x90
[  220.694755][T11671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.694779][T11671] RIP: 0033:0x7fa4dc9eab19
[  220.694812][T11671] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  220.694830][T11671] RSP: 002b:00007fa4db0b6a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  220.694849][T11671] RAX: ffffffffffffffda RBX: 00007fa4dcc75fa0 RCX: 00007fa4dc9eab19
[  220.694861][T11671] RDX: 00007fa4db0b6a80 RSI: 00007fa4db0b6bb0 RDI: 0000000000000021
[  220.694912][T11671] RBP: 00007fa4db0b7090 R08: 0000000000000000 R09: 0000000000000000
[  220.694926][T11671] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  220.694940][T11671] R13: 0000000000000000 R14: 00007fa4dcc75fa0 R15: 00007ffddf81fb18
[  220.695020][T11671]  </TASK>
[  221.062317][T11674] loop1: detected capacity change from 0 to 736
[  221.080325][T11674] iso9660: Unknown parameter ''
[  221.220671][T11681] loop5: detected capacity change from 0 to 128
[  221.237633][T11681] vfat: Unknown parameter '˙˙˙˙'
[  221.392551][T11683] loop5: detected capacity change from 0 to 512
[  221.420316][T11683] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  221.464900][T11683] EXT4-fs error (device loop5): ext4_quota_enable:7120: comm syz.5.2739: Bad quota inum: 29696, type: 1
[  221.515026][T11683] EXT4-fs warning (device loop5): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  221.580215][T11683] EXT4-fs (loop5): mount failed
[  221.737046][T11689] 9pnet: Could not find request transport: fdÅ4
[  222.062956][T11694] netlink: 'syz.1.2742': attribute type 1 has an invalid length.
[  222.070771][T11694] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2742'.
[  222.220720][T11698] loop1: detected capacity change from 0 to 1024
[  222.244031][T11698] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.283300][T11425] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.513195][ T7669] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.545499][T11718] loop6: detected capacity change from 0 to 128
[  222.553170][T11718] vfat: Unknown parameter '˙˙˙˙'
[  222.586157][T11718] siw: device registration error -23
[  222.672449][T11730] ==================================================================
[  222.680582][T11730] BUG: KCSAN: data-race in getrusage / vms_clear_ptes
[  222.687377][T11730] 
[  222.689713][T11730] write to 0xffff88810a0c79f0 of 8 bytes by task 11728 on cpu 0:
[  222.697444][T11730]  vms_clear_ptes+0x18f/0x2d0
[  222.702143][T11730]  vms_complete_munmap_vmas+0x159/0x440
[  222.707704][T11730]  do_vmi_align_munmap+0x383/0x3d0
[  222.712910][T11730]  do_vmi_munmap+0x1db/0x220
[  222.717511][T11730]  __vm_munmap+0x1a1/0x280
[  222.721946][T11730]  __x64_sys_munmap+0x36/0x50
[  222.726823][T11730]  x64_sys_call+0xa65/0x2fb0
[  222.731447][T11730]  do_syscall_64+0xd2/0x200
[  222.735973][T11730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.741889][T11730] 
[  222.744231][T11730] read to 0xffff88810a0c79f0 of 8 bytes by task 11730 on cpu 1:
[  222.751867][T11730]  getrusage+0xa52/0xbb0
[  222.756124][T11730]  io_sq_thread+0x5dd/0x1180
[  222.760727][T11730]  ret_from_fork+0xda/0x150
[  222.765239][T11730]  ret_from_fork_asm+0x1a/0x30
[  222.770046][T11730] 
[  222.772370][T11730] value changed: 0x00000000000014ea -> 0x00000000000016f4
[  222.779477][T11730] 
[  222.781891][T11730] Reported by Kernel Concurrency Sanitizer on:
[  222.788154][T11730] CPU: 1 UID: 0 PID: 11730 Comm: iou-sqp-11728 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  222.800946][T11730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  222.811012][T11730] ==================================================================
[  222.839279][T11731] netlink: 'syz.5.2753': attribute type 1 has an invalid length.
[  222.847230][T11731] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2753'.
[  222.862303][T11728] loop2: detected capacity change from 0 to 512
[  222.891581][T11728] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  222.929724][T11728] EXT4-fs error (device loop2): ext4_quota_enable:7120: comm syz.2.2754: Bad quota inum: 29696, type: 1
[  222.943548][T11728] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  222.972017][T11728] EXT4-fs (loop2): mount failed