last executing test programs:

714.99694ms ago: executing program 1 (id=2715):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)

681.78671ms ago: executing program 1 (id=2718):
pipe2$9p(&(0x7f00000005c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}, {@nogrpid}, {@delalloc}, {@dioread_nolock}]}, 0x3, 0x50b, &(0x7f00000000c0)="$eJzs3E2IHFUeAPB/dc9Xsslmdjdkd7PZ3clmlx0MziSTaOYgSETBg4IYQT0OM5MQM8lIZgImROmAxKMEvItHrx68qpcgngSv8ShIIEguSRSxpbqr+mu653u6Hef3g55+VdVd7/3rvap+9d50B7BjjaR/kmr6TkTsi4hC6wtGqk8P71+ffnT/+nSUyuUzPySVtz1IlzPZbuIP2cJoIaLwblLf0GDh6rULU3Nzs5ez5fHFi2+OL1y99vj5oWzN5GTSt86g2uSXxvXg4Dvzh/7+/Ou3Xpyu7TnPrTGOzTISI+2KUvG/zc6sx/Y2pNddb3Rd2v7T6uqvnP/7ohjLVV6piyUDtlq5XC4Pdt5cKre6sWQNsG3FUK9LAPRG/kGf3v/mj3YdgYGt6X703L3T1RugNO6H2SPi35WV+ThIf8v97WYaiYjXSj9+mD5ii8YhAAAafX467wm29P+GqzMjP1+5/XT6/MdsDmU4Iv4UEX+OiL9ExP6IKEbEgYj4a0T8rWX/6bbyMvmPtCzX8q9NQhXublKobaX9v6eyua30UZ/7qqWGi9nS3oi8wzx7LDsmo9E/ePb83OzxZfL44tlv3u+0rbH/lz7SMuR9wawcd/taBuhmphan1hftUvduRBzsq8Y/WOv/Jn0RSTYTUKy99uAa9jvckD7/2MeHagv9za9bOf6Kctt5tE2YZyp/FPH/av2XohJ/frDrOSZN85MXp87Nnpu9NDE5efLE8VNPTjwxPhRzs8fG01ZwrG0eX31986VO+a8Y/6fftb7luVOfnWmql41I6393Q/uPfP62Hv9wEpHU5msX1p7HzW/f63hPk8b/0yrbf37ype1/IHmlks7vS9+aWly8fDxiIHlh6fqJ+t7y5fQ5StX4R4/U439Yu/8qVK5x+ZH4R0SkjfifEfGvqN4hpmU/HBH/iYgjy8T/5TP/fWO5+FfR/rdMGv9MNMdfrfmm+q/P13dKJNncYNOmgUgTxQuH7zzqcPFY3fXvZCU1mq1pf/1Lmi4RnUqaf9qla37Z8NEDAACA7aEQEXsaxpL2RKEwNlYdA9ofuwtz8wuLR8/OX7k0k26LGI7+Qj7SVR0P7k/y8c/hhuWJluUT2bjxB8VdleWx6fm5mZ5GDgxUzvmkMBbxarHh/E99vzlDzMBvme9rwc613PmfduIP3OpiYYCuWv3n/+23t7QgQNc1nP+dvuFfWsf/fQHbgPt/oG7lH/pxzYDtr+xchh1tTef/UT8CCL8nffFyLV3oaUmAbtP/hx1pxe/1byhRHmy/aSiWvjiGlt9hMVabe19TXLva5NWTRNqz6knuu9bzrvzXFDq+Jgpr2+FgNK8ZWE2dRiStTfTsBo9G6fLCuQP1xp//3MsGj3M5+1/5za7BT5rP0/zXc7rQbLp6GQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgyvwYAAP//QWvRoQ==") (fail_nth: 1)
creat(0x0, 0x0)

659.72543ms ago: executing program 0 (id=2720):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x3765, 0x0, 0x0, 0x41100, 0x15, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="6bb08f9f4f07eb15df259151159ffbe55638", @ANYRES32=0x0, @ANYBLOB="0800020000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7, 0x0, 0x9}, 0x18)
syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000400001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300009ea10000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x18)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x15, &(0x7f0000000300)=ANY=[], 0x0)
r9 = gettid()
process_vm_writev(r9, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}]}}}}}}}, 0x0)

566.260652ms ago: executing program 1 (id=2721):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x4000, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a0300000000000000000002000000090001"], 0xa0}}, 0x8040)

449.990664ms ago: executing program 0 (id=2722):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0)

418.389184ms ago: executing program 1 (id=2724):
gettid()
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/155, 0x9b}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff0000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10)
munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='pwc_handler_exit\x00'}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000038000511d25a80698c63940d0124fc602f6e35", 0x17}], 0x1, 0x0, 0x0, 0x39c}, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
name_to_handle_at(r2, 0x0, 0x0, 0x0, 0x1200)
r3 = getpgrp(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x0, &(0x7f00000003c0))
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)

376.414225ms ago: executing program 0 (id=2726):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r0 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000d3b420207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0xa, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_SRC={0x14, 0x2, @private0}]}, 0x30}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0xffffffffffffffff}, 0x18)
socket$kcm(0x21, 0x2, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

343.101425ms ago: executing program 1 (id=2729):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)

321.336626ms ago: executing program 4 (id=2730):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4000000002000}, 0x18)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x801, 0x84)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r4=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="d0c6ffff03"], 0x20000600}}, 0x0)

293.927896ms ago: executing program 1 (id=2732):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req3={0x2, 0x4, 0x5, 0x10, 0x5, 0x1, 0x101}, 0x1c)
recvmmsg$unix(r4, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}], 0x1, 0x400122a0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000200)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0xb00, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0xc04, 0x9, 0x0, 0x5, 0xfffffffffffffffc, 0x5, 0x2, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000500), &(0x7f00000005c0)=r4}, 0x9)
close_range(r0, 0xffffffffffffffff, 0x0)

293.486206ms ago: executing program 2 (id=2733):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x3765, 0x0, 0x0, 0x41100, 0x15, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="6bb08f9f4f07eb15df259151159ffbe55638", @ANYRES32=0x0, @ANYBLOB="0800020000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7, 0x0, 0x9}, 0x18)
syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000400001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300009ea10000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x18)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x15, &(0x7f0000000300)=ANY=[], 0x0)
r9 = gettid()
process_vm_writev(r9, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}]}}}}}}}, 0x0)

288.991876ms ago: executing program 0 (id=2734):
r0 = socket(0x10, 0x3, 0x6)
ioprio_set$pid(0x2, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000001680)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f00000016c0)='^*/\xcc\x00', &(0x7f0000001700)='./file0\x00', 0xffffffffffffffff)
sendfile(r1, r1, 0x0, 0x800000009) (async)
sendfile(r1, r1, 0x0, 0x800000009)
r3 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)

242.680736ms ago: executing program 4 (id=2736):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x9, 0x8, 0x20002, 0x1ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mkdir(&(0x7f0000000200)='./file0\x00', 0x50)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB, @ANYRESDEC=0x0])

242.351027ms ago: executing program 0 (id=2737):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xfc, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x14, 0xc, &(0x7f00000014c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=r2, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)='%pi6   \x00'}, 0x20)
syz_open_procfs$pagemap(0x0, &(0x7f00000002c0))
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3, <r4=>0xffffffffffffffff}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xb, 0xfffffffffffffffe}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0)
pipe2$9p(&(0x7f0000000140)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r11 = dup(r10)
write$P9_RLERRORu(r11, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r11, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r11, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x21004a, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB=',cache=fscache,\x00'])
lstat(&(0x7f0000000580)='./file0\x00', 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r12, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r12, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00'}, 0x10)

241.970827ms ago: executing program 3 (id=2738):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x9fc3c531d14a6e27, 0x200001a9, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x12, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r2}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYBLOB=',debug=0x0000007,version=9p20\\++},%{!(6,afid=0x000000003f5689cf,nodevmap,fscache,afid=0x0000000000000f9c,msize=0x00', @ANYRESDEC])
r3 = syz_open_procfs$pagemap(0x0, &(0x7f00000002c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x42, 0x5c})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r7], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
socketpair(0x1e, 0x6, 0x2, &(0x7f00000000c0))
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r8, 0xc0a85320, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x25)

230.696127ms ago: executing program 2 (id=2739):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x18)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x4)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x1, 0x0, 0x0, 0x64}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="01000000300200000400000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x38}}, 0x20000000)

219.589497ms ago: executing program 4 (id=2740):
gettid()
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/155, 0x9b}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff0000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10)
munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='pwc_handler_exit\x00'}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000038000511d25a80698c63940d0124fc602f6e35", 0x17}], 0x1, 0x0, 0x0, 0x39c}, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
name_to_handle_at(r2, 0x0, 0x0, 0x0, 0x1200)
r3 = getpgrp(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x0, &(0x7f00000003c0))
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)

156.654758ms ago: executing program 2 (id=2741):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x40020, &(0x7f0000000840)=ANY=[@ANYBLOB])

156.209578ms ago: executing program 4 (id=2742):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x1e, 0x0, 0x0)

147.063868ms ago: executing program 2 (id=2743):
io_uring_setup(0x36, &(0x7f0000000340)={0x0, 0x94f9, 0x407, 0x0, 0x253})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0x103, 0x84, 0x1}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4}, 0x18)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r4, 0x2, {0x0, 0xff}, 0xfe}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

127.894838ms ago: executing program 3 (id=2744):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4000000002000}, 0x18)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r5=>0x0})
sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="d0c6ffff03"], 0x20000600}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000540)={'vxcan1\x00', <r6=>0x0})
sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x1d, r6, 0x0, 0x4000}, 0x10, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x4044001)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r7, 0x6, 0x24, &(0x7f0000000c00), &(0x7f0000002000)=0x2)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r9}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
sendto$inet6(r3, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

88.876139ms ago: executing program 3 (id=2745):
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES64=0x0, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
unshare(0x20800)
sendmmsg$inet(r1, &(0x7f0000006440)=[{{&(0x7f0000002a40)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x8090)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000a00)={r0, 0x58, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000a40)='/sys/power/freeze_filesystems', 0x100, 0x30)
bpf$PROG_LOAD(0x5, &(0x7f00000020c0)={0x1e, 0x4, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0xffffffff}, [@ldst={0x2, 0x0, 0x2, 0x6, 0x9, 0x80, 0x1}]}, &(0x7f00000006c0)='syzkaller\x00', 0x8, 0x1000, &(0x7f00000010c0)=""/4096, 0x40f00, 0x66, '\x00', r4, @fallback=0x26, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, &(0x7f0000000ac0)=[r0, r0, r0], &(0x7f0000000b00)=[{0x3, 0x4, 0xf, 0x1}, {0x1, 0x1, 0x8, 0x5}, {0x4, 0x1, 0xe, 0x7}, {0x1, 0x1, 0x2, 0x9}, {0x0, 0x5, 0xd, 0x9}], 0x10, 0x9}, 0x94)
r6 = dup(r3)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_enter\x00', r8}, 0x10)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173)
sendmsg$NL80211_CMD_LEAVE_IBSS(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="0000000f", @ANYRES16=r7, @ANYBLOB="010026bd7000fedbdf252c0000000c0099000600000020000000"], 0x20}, 0x1, 0x0, 0x0, 0x15}, 0x20040000)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000600)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r7, @ANYBLOB="010027bd7000fcdbdf2567000000080001000800000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990001000000190000000800c300150000006e00c500c132a0014b6032a4997b88a5bfab124a0224ed7b87f583117c0be57a30ddb3699ad99e08da1c4ad9447ddf547d189d969ed78b22f9c06163dbbb76c428da859155ac596fc4b59412fa6d0a6eaeaf5a24269330403d6a6b24be22b2b9454338738bcef14300e19b0c028000000800c300800200000800c300060000005a00c500777fc576be4726a5f689f559cba51f2549b6321607135e78b77e50060ad5b77f05f91e6989d6312878943c086f4f15393f04ff916f85d84fed821b313202d57065c2bf9a1d9f82a9d18f1558ed891caaba98d072bbe800000500c5001f000000"], 0x11c}, 0x1, 0x0, 0x0, 0x40}, 0x4)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x508, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0xffff8acc}]}}, @common=@hl={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private, 'veth1_macvtap\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x568)

88.245569ms ago: executing program 4 (id=2746):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4000000002000}, 0x18)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x801, 0x84)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r4=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="d0c6ffff03"], 0x20000600}}, 0x0)

68.804659ms ago: executing program 3 (id=2747):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r0 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000d3b420207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0xa, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_SRC={0x14, 0x2, @private0}]}, 0x30}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0xffffffffffffffff}, 0x18)
socket$kcm(0x21, 0x2, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

39.98985ms ago: executing program 2 (id=2748):
prctl$PR_SET_NAME(0xf, &(0x7f0000000440)='\x00\x00\xe9\xde\x903\xea\x86\xd6\xb8\x03M\xb1\xd2\x00\x00?\xf7\x82\xe5\xc1l\x92(\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00i\x00\x00\x00\x00\x1f,\x91\xcf\x04\xa8\b\xdb\xb8@*N\xf1\xc1\\\xed\xff\xee0\xc5\xab\x19OKpDf\xf3\xa2z\xc5b0\xa4\x19{d7\xec\xd8\xa8B\xe9G\xda\xa8\x06\x00P\xd9t\xde\x83]\x12\xad\xd6v^\xf1\x14\xe8\x04\xcb\x918\x90\xbe\xad\x86sd\x82\xdd+\xf5\xd2%\x95\xbd\xed0q\xf1.\x8f3\xed\x8b\x05\x1e\xc6\x98\xc1\x99H+z,_v\xfaD\x01\xf2\x9fn\xef\"\xb0A\xf9\xc7\xd4\xed\x8cXS\xd8\xcb\x03T_\xb4\xd3\x12\xf5V \x86\xc6i\x9daT\x19\xf4v\xf2\xf2hH\xb5\xe9\xb4\x88\xf8')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffff7ffffe9}, 0x18)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x41, 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
mount(&(0x7f00000000c0), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x700, &(0x7f0000000040)='trans=rdma,')

32.52173ms ago: executing program 3 (id=2749):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x10, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.9127ms ago: executing program 4 (id=2750):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)

1.62572ms ago: executing program 2 (id=2751):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x9, 0x8, 0x20002, 0x1ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mkdir(&(0x7f0000000200)='./file0\x00', 0x50)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',acc', @ANYRESDEC=0x0])

1.24095ms ago: executing program 3 (id=2752):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000010000305000000000000000000006dc4", @ANYRES32=0x0, @ANYBLOB="8b18010000000000240012800b0001006d61637365630000140002800500080000000000050007000000000008000500", @ANYRES32=r1], 0x4c}}, 0x4004000)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14)
socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000010000305000000000000000000006dc4", @ANYRES32=0x0, @ANYBLOB="8b18010000000000240012800b0001006d61637365630000140002800500080000000000050007000000000008000500", @ANYRES32=r1], 0x4c}}, 0x4004000) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) (async)

0s ago: executing program 0 (id=2753):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/155, 0x9b}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff0000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r1}, 0x10)
munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='pwc_handler_exit\x00', r0}, 0x18)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000038000511d25a80698c63940d0124fc602f6e35", 0x17}], 0x1, 0x0, 0x0, 0x39c}, 0x0)
r3 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
name_to_handle_at(r3, 0x0, 0x0, 0x0, 0x1200)
r4 = getpgrp(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r4, 0x0, &(0x7f00000003c0))
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)

kernel console output (not intermixed with test programs):

   96.072127][ T8756]  x64_sys_call+0x2bd5/0x2fb0
[   96.072144][ T8756]  do_syscall_64+0xd2/0x200
[   96.072158][ T8756]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   96.072178][ T8756]  ? clear_bhb_loop+0x40/0x90
[   96.072195][ T8756]  ? clear_bhb_loop+0x40/0x90
[   96.072271][ T8756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.072287][ T8756] RIP: 0033:0x7f7d9f41e929
[   96.072300][ T8756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.072314][ T8756] RSP: 002b:00007f7d9da87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   96.072332][ T8756] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41e929
[   96.072343][ T8756] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[   96.072353][ T8756] RBP: 00007f7d9f4a0b39 R08: 0000000000000004 R09: 0000000000000000
[   96.072363][ T8756] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[   96.072373][ T8756] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68
[   96.072388][ T8756]  </TASK>
[   96.072395][ T8756] Mem-Info:
[   96.073994][ T6246] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 0
[   96.084800][ T8756] active_anon:9716 inactive_anon:3 isolated_anon:0
[   96.084800][ T8756]  active_file:6794 inactive_file:2231 isolated_file:0
[   96.084800][ T8756]  unevictable:0 dirty:277 writeback:0
[   96.084800][ T8756]  slab_reclaimable:3037 slab_unreclaimable:14986
[   96.084800][ T8756]  mapped:32671 shmem:3169 pagetables:1406
[   96.084800][ T8756]  sec_pagetables:0 bounce:0
[   96.084800][ T8756]  kernel_misc_reclaimable:0
[   96.084800][ T8756]  free:1607616 free_pcp:23613 free_cma:0
[   96.084892][ T8756] Node 0 active_anon:38864kB inactive_anon:12kB active_file:27176kB inactive_file:8924kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:130684kB dirty:1108kB writeback:0kB shmem:12676kB writeback_tmp:0kB kernel_stack:3696kB pagetables:5624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   96.084942][ T8756] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   96.140509][ T8746] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.145275][ T8756] lowmem_reserve[]: 0 2882 7860 7860
[   96.145307][ T8756] Node 0 DMA32 free:2947824kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951352kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB
[   96.150374][ T8746] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2144: Invalid inode table block 1 in block_group 0
[   96.154536][ T8756] lowmem_reserve[]: 0 0 4978 4978
[   96.154568][ T8756] Node 0 
[   96.160519][ T8746] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   96.163952][ T8756] Normal free:3467280kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39096kB inactive_anon:12kB active_file:27176kB inactive_file:8924kB unevictable:0kB writepending:1108kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:90364kB local_pcp:19744kB free_cma:0kB
[   96.168337][ T8746] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2144: mark_inode_dirty error
[   96.172830][ T8756] lowmem_reserve[]: 0 0 0
[   96.212884][ T8746] loop4: detected capacity change from 0 to 512
[   96.217245][ T8756]  0
[   96.217258][ T8756] Node 0 DMA: 0*4kB 0*8kB 
[   96.228976][ T8746] EXT4-fs: Ignoring removed orlov option
[   96.247172][ T8756] 0*16kB 0*32kB 0*64kB 
[   96.295386][ T8746] EXT4-fs (loop4): bad block size 65536
[   96.566108][ T8756] 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   96.574887][ T8756] Node 0 DMA32: 4*4kB (M) 4*8kB (M) 4*16kB (M) 2*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947824kB
[   96.591062][ T8756] Node 0 Normal: 0*4kB 2*8kB (ME) 2*16kB (ME) 0*32kB 2*64kB (ME) 1*128kB (M) 44*256kB (UME) 37*512kB (ME) 22*1024kB (ME) 9*2048kB (UM) 828*4096kB (UM) = 3462960kB
[   96.607551][ T8756] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   96.616838][ T8756] 12043 total pagecache pages
[   96.621498][ T8756] 1 pages in swap cache
[   96.625663][ T8756] Free swap  = 123580kB
[   96.629816][ T8756] Total swap = 124996kB
[   96.634053][ T8756] 2097051 pages RAM
[   96.637859][ T8756] 0 pages HighMem/MovableOnly
[   96.642660][ T8756] 80813 pages reserved
[   96.842098][ T8806] all: renamed from lo (while UP)
[   96.865515][ T8811] 9pnet_fd: Insufficient options for proto=fd
[   96.875324][ T8811] futex_wake_op: syz.2.2169 tries to shift op by -1; fix this program
[   96.907923][ T8812] bridge_slave_0: left allmulticast mode
[   96.913651][ T8812] bridge_slave_0: left promiscuous mode
[   96.919403][ T8812] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.924173][ T8815] 9pnet_fd: Insufficient options for proto=fd
[   96.934560][ T8812] bridge_slave_1: left allmulticast mode
[   96.940212][ T8812] bridge_slave_1: left promiscuous mode
[   96.941416][ T8815] futex_wake_op: syz.0.2170 tries to shift op by -1; fix this program
[   96.945966][ T8812] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.968241][ T8812] bond0: (slave bond_slave_0): Releasing backup interface
[   96.978169][ T8812] bond0: (slave bond_slave_1): Releasing backup interface
[   96.990671][ T8812] team0: Port device team_slave_0 removed
[   96.998822][ T8812] team0: Port device team_slave_1 removed
[   97.021178][   T10] srz1: Port: 1 Link DOWN
[   97.030060][ T3381] syz!: Port: 1 Link DOWN
[   97.065223][ T8818] loop4: detected capacity change from 0 to 1024
[   97.075189][ T8818] EXT4-fs: inline encryption not supported
[   97.081046][ T8818] EXT4-fs: Ignoring removed i_version option
[   97.087906][ T8818] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   97.100628][ T8818] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2171: lblock 2 mapped to illegal pblock 2 (length 1)
[   97.114924][ T8818] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2171: lblock 0 mapped to illegal pblock 48 (length 1)
[   97.118055][ T8823] all: renamed from lo
[   97.130269][ T8818] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2171: Failed to acquire dquot type 0
[   97.144641][ T8818] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   97.161325][ T8818] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2171: mark_inode_dirty error
[   97.172823][ T8818] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   97.183148][ T8818] EXT4-fs (loop4): 1 orphan inode deleted
[   97.189235][ T8818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.201502][ T1947] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1)
[   97.216803][ T1947] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[   97.235057][ T8818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.249335][ T8818] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2171: Invalid inode table block 1 in block_group 0
[   97.262267][ T8818] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   97.271852][ T8818] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2171: mark_inode_dirty error
[   97.319367][ T8840] FAULT_INJECTION: forcing a failure.
[   97.319367][ T8840] name failslab, interval 1, probability 0, space 0, times 0
[   97.332404][ T8840] CPU: 1 UID: 0 PID: 8840 Comm: syz.0.2181 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[   97.332432][ T8840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   97.332442][ T8840] Call Trace:
[   97.332487][ T8840]  <TASK>
[   97.332492][ T8840]  __dump_stack+0x1d/0x30
[   97.332510][ T8840]  dump_stack_lvl+0xe8/0x140
[   97.332526][ T8840]  dump_stack+0x15/0x1b
[   97.332539][ T8840]  should_fail_ex+0x265/0x280
[   97.332623][ T8840]  should_failslab+0x8c/0xb0
[   97.332643][ T8840]  kmem_cache_alloc_lru_noprof+0x55/0x310
[   97.332665][ T8840]  ? shmem_alloc_inode+0x34/0x50
[   97.332681][ T8840]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   97.332717][ T8840]  shmem_alloc_inode+0x34/0x50
[   97.332736][ T8840]  alloc_inode+0x40/0x170
[   97.332767][ T8840]  new_inode+0x1d/0xe0
[   97.332786][ T8840]  shmem_get_inode+0x244/0x750
[   97.332806][ T8840]  __shmem_file_setup+0x113/0x210
[   97.332862][ T8840]  shmem_file_setup+0x3b/0x50
[   97.332951][ T8840]  __se_sys_memfd_create+0x2c3/0x590
[   97.332980][ T8840]  __x64_sys_memfd_create+0x31/0x40
[   97.333113][ T8840]  x64_sys_call+0x122f/0x2fb0
[   97.333133][ T8840]  do_syscall_64+0xd2/0x200
[   97.333148][ T8840]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   97.333173][ T8840]  ? clear_bhb_loop+0x40/0x90
[   97.333201][ T8840]  ? clear_bhb_loop+0x40/0x90
[   97.333219][ T8840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.333235][ T8840] RIP: 0033:0x7f7d9f41e929
[   97.333318][ T8840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.333334][ T8840] RSP: 002b:00007f7d9da86e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   97.333390][ T8840] RAX: ffffffffffffffda RBX: 000000000000043d RCX: 00007f7d9f41e929
[   97.333402][ T8840] RDX: 00007f7d9da86ef0 RSI: 0000000000000000 RDI: 00007f7d9f4a14cc
[   97.333415][ T8840] RBP: 0000200000000900 R08: 00007f7d9da86bb7 R09: 00007f7d9da86e40
[   97.333426][ T8840] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[   97.333436][ T8840] R13: 00007f7d9da86ef0 R14: 00007f7d9da86eb0 R15: 00002000000003c0
[   97.333453][ T8840]  </TASK>
[   97.870772][ T8873] lo speed is unknown, defaulting to 1000
[   98.014640][ T8874] vlan0: entered allmulticast mode
[   98.019936][ T8874] veth1: entered allmulticast mode
[   98.057080][ T8877] loop4: detected capacity change from 0 to 512
[   98.130944][ T8868] lo speed is unknown, defaulting to 1000
[   98.526384][ T8877] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   98.623733][ T8877] EXT4-fs (loop4): 1 truncate cleaned up
[   98.630142][ T8877] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.659281][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.676743][   T29] kauditd_printk_skb: 312 callbacks suppressed
[   98.676754][   T29] audit: type=1326 audit(1751499073.414:4583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.706377][   T29] audit: type=1326 audit(1751499073.414:4584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.729784][   T29] audit: type=1326 audit(1751499073.414:4585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.872801][   T29] audit: type=1326 audit(1751499073.489:4586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.896273][   T29] audit: type=1326 audit(1751499073.489:4587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.919682][   T29] audit: type=1326 audit(1751499073.489:4588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.943087][   T29] audit: type=1326 audit(1751499073.489:4589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.966500][   T29] audit: type=1326 audit(1751499073.489:4590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   98.989894][   T29] audit: type=1326 audit(1751499073.489:4591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   99.013383][   T29] audit: type=1326 audit(1751499073.489:4592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8889 comm="syz.0.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[   99.067990][ T8895] Cannot find add_set index 0 as target
[   99.171317][ T8920] loop3: detected capacity change from 0 to 1024
[   99.181099][ T8920] EXT4-fs: inline encryption not supported
[   99.187014][ T8920] EXT4-fs: Ignoring removed i_version option
[   99.194106][ T8920] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   99.214162][ T8920] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2216: lblock 2 mapped to illegal pblock 2 (length 1)
[   99.229435][ T8920] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2216: lblock 0 mapped to illegal pblock 48 (length 1)
[   99.243920][ T8920] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2216: Failed to acquire dquot type 0
[   99.255399][ T8920] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   99.265359][ T8920] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2216: mark_inode_dirty error
[   99.276960][ T8920] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   99.287838][ T8920] EXT4-fs (loop3): 1 orphan inode deleted
[   99.294103][ T8920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.307420][ T1947] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1)
[   99.321751][ T1947] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 0
[   99.333991][ T8920] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.343502][ T8920] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2216: Invalid inode table block 1 in block_group 0
[   99.356985][ T8920] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   99.366495][ T8920] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2216: mark_inode_dirty error
[   99.591922][ T8944] futex_wake_op: syz.0.2226 tries to shift op by -1; fix this program
[   99.601434][ T8944] __nla_validate_parse: 21 callbacks suppressed
[   99.601443][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2226'.
[   99.893061][ T3381] page_pool_release_retry() stalled pool shutdown: id 27, 1 inflight 60 sec
[  100.103678][ T8955] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  100.113736][ T8954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2230'.
[  100.187020][ T8957] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2231'.
[  100.466916][ T8974] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=8974 comm=syz.1.2237
[  100.479827][ T8967] loop3: detected capacity change from 0 to 1024
[  100.519181][ T8967] EXT4-fs: inline encryption not supported
[  100.525060][ T8967] EXT4-fs: Ignoring removed i_version option
[  100.565222][ T8974] netlink: 'syz.1.2237': attribute type 83 has an invalid length.
[  100.586394][ T8967] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  100.643336][ T8967] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2236: lblock 2 mapped to illegal pblock 2 (length 1)
[  100.657745][ T8982] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  100.683741][ T8967] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2236: lblock 0 mapped to illegal pblock 48 (length 1)
[  100.706026][ T8980] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2241'.
[  100.724659][ T8967] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2236: Failed to acquire dquot type 0
[  100.756007][ T8967] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  100.774642][ T8967] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2236: mark_inode_dirty error
[  100.787047][ T8967] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  100.797810][ T8967] EXT4-fs (loop3): 1 orphan inode deleted
[  100.804671][ T8967] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.817200][ T2329] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  100.836511][ T2329] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 0
[  100.849113][ T8989] FAULT_INJECTION: forcing a failure.
[  100.849113][ T8989] name failslab, interval 1, probability 0, space 0, times 0
[  100.861817][ T8989] CPU: 0 UID: 0 PID: 8989 Comm: syz.1.2243 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  100.861924][ T8989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  100.861934][ T8989] Call Trace:
[  100.861940][ T8989]  <TASK>
[  100.861946][ T8989]  __dump_stack+0x1d/0x30
[  100.861965][ T8989]  dump_stack_lvl+0xe8/0x140
[  100.861995][ T8989]  dump_stack+0x15/0x1b
[  100.862013][ T8989]  should_fail_ex+0x265/0x280
[  100.862069][ T8989]  should_failslab+0x8c/0xb0
[  100.862149][ T8989]  __kmalloc_node_noprof+0xa9/0x410
[  100.862177][ T8989]  ? alloc_slab_obj_exts+0x31/0x80
[  100.862205][ T8989]  alloc_slab_obj_exts+0x31/0x80
[  100.862226][ T8989]  __memcg_slab_post_alloc_hook+0x23f/0x580
[  100.862333][ T8989]  kmem_cache_alloc_node_noprof+0x22c/0x320
[  100.862356][ T8989]  ? __alloc_skb+0x101/0x320
[  100.862402][ T8989]  __alloc_skb+0x101/0x320
[  100.862427][ T8989]  alloc_skb_with_frags+0x7d/0x470
[  100.862457][ T8989]  sock_alloc_send_pskb+0x43a/0x4f0
[  100.862499][ T8989]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  100.862523][ T8989]  unix_stream_sendmsg+0x5ca/0x8e0
[  100.862549][ T8989]  ? selinux_socket_sendmsg+0x175/0x1b0
[  100.862586][ T8989]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  100.862610][ T8989]  __sock_sendmsg+0x145/0x180
[  100.862661][ T8989]  sock_sendmsg+0xc1/0x130
[  100.862687][ T8989]  splice_to_socket+0x5fe/0x9a0
[  100.862735][ T8989]  ? rw_verify_area+0x8d/0x160
[  100.862824][ T8989]  ? __pfx_splice_to_socket+0x10/0x10
[  100.862852][ T8989]  do_splice+0x974/0x10b0
[  100.862884][ T8989]  ? proc_fail_nth_write+0x12d/0x160
[  100.862962][ T8989]  ? __rcu_read_unlock+0x4f/0x70
[  100.863015][ T8989]  ? __fget_files+0x184/0x1c0
[  100.863033][ T8989]  __se_sys_splice+0x26c/0x3a0
[  100.863064][ T8989]  __x64_sys_splice+0x78/0x90
[  100.863159][ T8989]  x64_sys_call+0xb0a/0x2fb0
[  100.863175][ T8989]  do_syscall_64+0xd2/0x200
[  100.863191][ T8989]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  100.863237][ T8989]  ? clear_bhb_loop+0x40/0x90
[  100.863259][ T8989]  ? clear_bhb_loop+0x40/0x90
[  100.863279][ T8989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.863296][ T8989] RIP: 0033:0x7f94c0f8e929
[  100.863360][ T8989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.863379][ T8989] RSP: 002b:00007f94bf5d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  100.863398][ T8989] RAX: ffffffffffffffda RBX: 00007f94c11b6080 RCX: 00007f94c0f8e929
[  100.863409][ T8989] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000006
[  100.863421][ T8989] RBP: 00007f94bf5d6090 R08: 00000000000408c8 R09: 000000000000000e
[  100.863431][ T8989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.863441][ T8989] R13: 0000000000000001 R14: 00007f94c11b6080 R15: 00007fff70e06188
[  100.863476][ T8989]  </TASK>
[  101.152320][ T8967] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.161694][ T8967] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2236: Invalid inode table block 1 in block_group 0
[  101.175803][ T8967] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  101.185460][ T8967] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2236: mark_inode_dirty error
[  101.205032][ T8993] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2245'.
[  101.209330][ T8967] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2236'.
[  101.230989][ T8967] loop3: detected capacity change from 0 to 512
[  101.238759][ T8967] EXT4-fs: Ignoring removed orlov option
[  101.246402][ T8967] EXT4-fs (loop3): bad block size 65536
[  101.295574][ T8997] lo speed is unknown, defaulting to 1000
[  101.319100][ T9001] 9pnet_fd: Insufficient options for proto=fd
[  101.335252][ T9001] futex_wake_op: syz.3.2249 tries to shift op by -1; fix this program
[  101.345913][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2249'.
[  101.390722][ T9007] netlink: 'syz.3.2251': attribute type 1 has an invalid length.
[  101.403950][ T9007] 8021q: adding VLAN 0 to HW filter on device bond1
[  101.443562][ T9012] loop3: detected capacity change from 0 to 1024
[  101.466206][ T9012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.487865][ T9018] pimreg: entered allmulticast mode
[  101.493541][ T9018] pimreg: left allmulticast mode
[  101.562997][ T9021] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2255'.
[  101.575503][ T9021] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  101.587066][ T9021] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.594195][ T9021] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.625799][ T9025] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  101.730934][ T9040] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2262'.
[  101.746330][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2261'.
[  101.800291][ T9048] siw: device registration error -23
[  102.272650][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.377165][ T9099] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  102.386268][ T9099] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  102.395169][ T9099] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  102.404009][ T9099] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  102.412941][ T9099] geneve2: entered allmulticast mode
[  102.426039][ T9099] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  102.492445][ T9111] FAULT_INJECTION: forcing a failure.
[  102.492445][ T9111] name failslab, interval 1, probability 0, space 0, times 0
[  102.505142][ T9111] CPU: 1 UID: 0 PID: 9111 Comm: syz.3.2292 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  102.505170][ T9111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  102.505196][ T9111] Call Trace:
[  102.505202][ T9111]  <TASK>
[  102.505207][ T9111]  __dump_stack+0x1d/0x30
[  102.505225][ T9111]  dump_stack_lvl+0xe8/0x140
[  102.505310][ T9111]  dump_stack+0x15/0x1b
[  102.505324][ T9111]  should_fail_ex+0x265/0x280
[  102.505350][ T9111]  ? selinux_bpf_prog_load+0x36/0xf0
[  102.505433][ T9111]  should_failslab+0x8c/0xb0
[  102.505457][ T9111]  __kmalloc_cache_noprof+0x4c/0x320
[  102.505504][ T9111]  selinux_bpf_prog_load+0x36/0xf0
[  102.505528][ T9111]  security_bpf_prog_load+0x54/0xa0
[  102.505563][ T9111]  bpf_prog_load+0xe6b/0x1070
[  102.505651][ T9111]  ? security_bpf+0x2b/0x90
[  102.505666][ T9111]  __sys_bpf+0x51d/0x790
[  102.505775][ T9111]  __x64_sys_bpf+0x41/0x50
[  102.505797][ T9111]  x64_sys_call+0x2478/0x2fb0
[  102.505819][ T9111]  do_syscall_64+0xd2/0x200
[  102.505870][ T9111]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  102.505951][ T9111]  ? clear_bhb_loop+0x40/0x90
[  102.505970][ T9111]  ? clear_bhb_loop+0x40/0x90
[  102.505987][ T9111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.506003][ T9111] RIP: 0033:0x7fbff436e929
[  102.506063][ T9111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.506078][ T9111] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  102.506095][ T9111] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929
[  102.506105][ T9111] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[  102.506115][ T9111] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000
[  102.506126][ T9111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.506138][ T9111] R13: 0000000000000001 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  102.506154][ T9111]  </TASK>
[  102.878916][ T9143] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.886182][ T9143] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.914316][ T9141] loop4: detected capacity change from 0 to 1024
[  102.992660][ T9141] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  103.003662][ T9141] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  103.016185][ T9154] lo speed is unknown, defaulting to 1000
[  103.050775][ T9141] JBD2: no valid journal superblock found
[  103.056542][ T9141] EXT4-fs (loop4): Could not load journal inode
[  103.076118][ T9166] loop3: detected capacity change from 0 to 1024
[  103.089899][ T9166] EXT4-fs: inline encryption not supported
[  103.095842][ T9166] EXT4-fs: Ignoring removed i_version option
[  103.118475][ T9166] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  103.139461][ T9166] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2313: lblock 2 mapped to illegal pblock 2 (length 1)
[  103.169316][ T9166] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2313: lblock 0 mapped to illegal pblock 48 (length 1)
[  103.233225][ T9166] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2313: Failed to acquire dquot type 0
[  103.320372][ T9166] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  103.335744][ T9166] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2313: mark_inode_dirty error
[  103.357115][ T9184] 9pnet_fd: Insufficient options for proto=fd
[  103.370606][ T9166] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  103.383204][ T9184] futex_wake_op: syz.2.2319 tries to shift op by -1; fix this program
[  103.391912][ T9166] EXT4-fs (loop3): 1 orphan inode deleted
[  103.399384][ T9166] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.411906][ T2329] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  103.430975][ T2329] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 0
[  103.453138][ T9185] syzkaller1: entered promiscuous mode
[  103.458792][ T9185] syzkaller1: entered allmulticast mode
[  103.499764][ T9166] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.526619][ T9166] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2313: Invalid inode table block 1 in block_group 0
[  103.554065][ T9166] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  103.566137][ T9187] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  103.574950][ T9187] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  103.583667][ T9187] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  103.592491][ T9187] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  103.603881][ T9166] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2313: mark_inode_dirty error
[  103.620199][ T9187] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.629155][ T9187] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.638123][ T9187] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.647059][ T9187] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.661457][ T9166] loop3: detected capacity change from 0 to 512
[  103.674748][ T9166] EXT4-fs: Ignoring removed orlov option
[  103.689853][ T3309] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  103.700774][ T3309] CPU: 1 UID: 0 PID: 3309 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  103.700802][ T3309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  103.700814][ T3309] Call Trace:
[  103.700889][ T3309]  <TASK>
[  103.700895][ T3309]  __dump_stack+0x1d/0x30
[  103.700917][ T3309]  dump_stack_lvl+0xe8/0x140
[  103.700937][ T3309]  dump_stack+0x15/0x1b
[  103.700955][ T3309]  dump_header+0x81/0x220
[  103.701028][ T3309]  oom_kill_process+0x334/0x3f0
[  103.701053][ T3309]  out_of_memory+0x979/0xb80
[  103.701083][ T3309]  try_charge_memcg+0x5e6/0x9e0
[  103.701110][ T3309]  charge_memcg+0x51/0xc0
[  103.701152][ T3309]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  103.701182][ T3309]  __read_swap_cache_async+0x1df/0x350
[  103.701269][ T3309]  swap_cluster_readahead+0x376/0x3e0
[  103.701310][ T3309]  swapin_readahead+0xde/0x6f0
[  103.701338][ T3309]  ? __filemap_get_folio+0x4f7/0x6b0
[  103.701405][ T3309]  ? next_uptodate_folio+0x81c/0x890
[  103.701433][ T3309]  ? kvm_sched_clock_read+0x11/0x20
[  103.701463][ T3309]  ? swap_cache_get_folio+0x77/0x200
[  103.701594][ T3309]  do_swap_page+0x301/0x2430
[  103.701614][ T3309]  ? __set_next_task_fair+0x5b/0x150
[  103.701635][ T3309]  ? tracing_record_taskinfo_sched_switch+0x71/0x260
[  103.701709][ T3309]  ? finish_task_switch+0xad/0x2b0
[  103.701733][ T3309]  ? __pfx_default_wake_function+0x10/0x10
[  103.701808][ T3309]  handle_mm_fault+0x9a5/0x2be0
[  103.701830][ T3309]  ? mas_walk+0xf2/0x120
[  103.701864][ T3309]  do_user_addr_fault+0x636/0x1090
[  103.701945][ T3309]  ? fpregs_restore_userregs+0xe2/0x1d0
[  103.702034][ T3309]  ? switch_fpu_return+0xe/0x20
[  103.702056][ T3309]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  103.702077][ T3309]  exc_page_fault+0x62/0xa0
[  103.702139][ T3309]  asm_exc_page_fault+0x26/0x30
[  103.702159][ T3309] RIP: 0033:0x7f960c4b11a5
[  103.702171][ T3309] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 43 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  103.702228][ T3309] RSP: 002b:00007fff5731d558 EFLAGS: 00010246
[  103.702243][ T3309] RAX: 0000000000000000 RBX: 000000000000039c RCX: 00007f960c4b11a3
[  103.702255][ T3309] RDX: 00007fff5731d570 RSI: 0000000000000000 RDI: 0000000000000000
[  103.702266][ T3309] RBP: 00007fff5731d5dc R08: 00000000028eed8d R09: 0000000000000000
[  103.702278][ T3309] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  103.702323][ T3309] R13: 00000000000927c0 R14: 0000000000018c66 R15: 00007fff5731d630
[  103.702339][ T3309]  </TASK>
[  103.949709][ T3309] memory: usage 307200kB, limit 307200kB, failcnt 1220
[  103.956594][ T3309] memory+swap: usage 307588kB, limit 9007199254740988kB, failcnt 0
[  103.964726][ T3309] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  103.972167][ T3309] Memory cgroup stats for /syz4:
[  103.976844][ T9166] EXT4-fs (loop3): bad block size 65536
[  103.979952][   T29] kauditd_printk_skb: 361 callbacks suppressed
[  103.979964][   T29] audit: type=1326 audit(1751499846.659:4945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  103.990783][ T3309] cache 0
[  103.997491][   T29] audit: type=1326 audit(1751499846.670:4946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.017113][ T3309] rss 0
[  104.024980][   T29] audit: type=1326 audit(1751499846.701:4947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.043419][ T3309] shmem 0
[  104.046059][   T29] audit: type=1326 audit(1751499846.701:4948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.046211][   T29] audit: type=1326 audit(1751499846.701:4949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.069474][ T3309] mapped_file 53248
[  104.069483][ T3309] dirty 0
[  104.069489][ T3309] writeback 0
[  104.072484][   T29] audit: type=1326 audit(1751499846.701:4950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.095955][ T3309] workingset_refault_anon 340
[  104.119183][   T29] audit: type=1326 audit(1751499846.701:4951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.122959][ T3309] workingset_refault_file 609
[  104.125876][   T29] audit: type=1326 audit(1751499846.701:4952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.129179][ T3309] swap 397312
[  104.152489][   T29] audit: type=1326 audit(1751499846.701:4953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.157148][ T3309] swapcached 0
[  104.180474][   T29] audit: type=1326 audit(1751499846.701:4954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.1.2322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c0f8e929 code=0x7ffc0000
[  104.185142][ T3309] pgpgin 72552
[  104.185150][ T3309] pgpgout 72552
[  104.269081][ T3309] pgfault 114530
[  104.272654][ T3309] pgmajfault 215
[  104.276253][ T3309] inactive_anon 0
[  104.279924][ T3309] active_anon 0
[  104.283374][ T3309] inactive_file 0
[  104.287073][ T3309] active_file 0
[  104.290690][ T3309] unevictable 0
[  104.294363][ T3309] hierarchical_memory_limit 314572800
[  104.299776][ T3309] hierarchical_memsw_limit 9223372036854771712
[  104.306154][ T3309] total_cache 0
[  104.309636][ T3309] total_rss 0
[  104.312953][ T3309] total_shmem 0
[  104.316447][ T3309] total_mapped_file 53248
[  104.320840][ T3309] total_dirty 0
[  104.324358][ T3309] total_writeback 0
[  104.328198][ T3309] total_workingset_refault_anon 340
[  104.333393][ T3309] total_workingset_refault_file 609
[  104.338665][ T3309] total_swap 397312
[  104.342470][ T3309] total_swapcached 0
[  104.346386][ T3309] total_pgpgin 72552
[  104.350281][ T3309] total_pgpgout 72552
[  104.354285][ T3309] total_pgfault 114530
[  104.358391][ T3309] total_pgmajfault 215
[  104.362569][ T3309] total_inactive_anon 0
[  104.366741][ T3309] total_active_anon 0
[  104.370786][ T3309] total_inactive_file 0
[  104.374967][ T3309] total_active_file 0
[  104.378936][ T3309] total_unevictable 0
[  104.382895][ T3309] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.2300,pid=9125,uid=0
[  104.397480][ T3309] Memory cgroup out of memory: Killed process 9125 (syz.4.2300) total-vm:95800kB, anon-rss:936kB, file-rss:22472kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  104.515532][ T9215] 9pnet_fd: Insufficient options for proto=fd
[  104.535366][ T9215] futex_wake_op: syz.0.2330 tries to shift op by -1; fix this program
[  104.560914][ T9219] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (133)
[  104.744739][ T9241] 9pnet_fd: Insufficient options for proto=fd
[  104.753137][ T9232] __nla_validate_parse: 24 callbacks suppressed
[  104.753190][ T9232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2338'.
[  104.787682][ T9244] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2340'.
[  104.789838][ T9246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2342'.
[  104.860767][ T9254] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2344'.
[  104.922821][ T9267] FAULT_INJECTION: forcing a failure.
[  104.922821][ T9267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.936025][ T9267] CPU: 1 UID: 0 PID: 9267 Comm: syz.0.2350 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  104.936048][ T9267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.936058][ T9267] Call Trace:
[  104.936113][ T9267]  <TASK>
[  104.936120][ T9267]  __dump_stack+0x1d/0x30
[  104.936140][ T9267]  dump_stack_lvl+0xe8/0x140
[  104.936156][ T9267]  dump_stack+0x15/0x1b
[  104.936178][ T9267]  should_fail_ex+0x265/0x280
[  104.936208][ T9267]  should_fail+0xb/0x20
[  104.936307][ T9267]  should_fail_usercopy+0x1a/0x20
[  104.936327][ T9267]  _copy_from_iter+0xcf/0xe40
[  104.936345][ T9267]  ? alloc_pages_mpol+0x201/0x250
[  104.936363][ T9267]  copy_page_from_iter+0x178/0x2a0
[  104.936448][ T9267]  tun_get_user+0x5f0/0x2500
[  104.936539][ T9267]  ? ref_tracker_alloc+0x1f2/0x2f0
[  104.936595][ T9267]  tun_chr_write_iter+0x15e/0x210
[  104.936609][ T9267]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  104.936634][ T9267]  vfs_write+0x4a0/0x8e0
[  104.936671][ T9267]  ksys_write+0xda/0x1a0
[  104.936695][ T9267]  __x64_sys_write+0x40/0x50
[  104.936717][ T9267]  x64_sys_call+0x2cdd/0x2fb0
[  104.936737][ T9267]  do_syscall_64+0xd2/0x200
[  104.936765][ T9267]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  104.936824][ T9267]  ? clear_bhb_loop+0x40/0x90
[  104.936837][ T9267]  ? clear_bhb_loop+0x40/0x90
[  104.936848][ T9267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.936860][ T9267] RIP: 0033:0x7f7d9f41d3df
[  104.936869][ T9267] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  104.936999][ T9267] RSP: 002b:00007f7d9da87000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  104.937010][ T9267] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41d3df
[  104.937038][ T9267] RDX: 0000000000000033 RSI: 00002000000000c0 RDI: 00000000000000c8
[  104.937045][ T9267] RBP: 00007f7d9da87090 R08: 0000000000000000 R09: 0000000000000000
[  104.937052][ T9267] R10: 0000000000000033 R11: 0000000000000293 R12: 0000000000000001
[  104.937058][ T9267] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68
[  104.937069][ T9267]  </TASK>
[  105.162845][ T9271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2349'.
[  105.167203][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2344'.
[  105.201786][ T9270] bridge0: entered promiscuous mode
[  105.208290][ T9276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2353'.
[  105.217086][ T9270] bridge0: port 1(macvlan2) entered blocking state
[  105.223807][ T9270] bridge0: port 1(macvlan2) entered disabled state
[  105.234886][ T9270] macvlan2: entered allmulticast mode
[  105.240297][ T9270] bridge0: entered allmulticast mode
[  105.250210][ T9278] 9pnet_fd: Insufficient options for proto=fd
[  105.256763][ T9270] macvlan2: left allmulticast mode
[  105.261962][ T9270] bridge0: left allmulticast mode
[  105.267617][ T9270] bridge0: left promiscuous mode
[  105.429395][ T9302] FAULT_INJECTION: forcing a failure.
[  105.429395][ T9302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.442491][ T9302] CPU: 1 UID: 0 PID: 9302 Comm: syz.1.2364 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  105.442515][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.442525][ T9302] Call Trace:
[  105.442530][ T9302]  <TASK>
[  105.442601][ T9302]  __dump_stack+0x1d/0x30
[  105.442619][ T9302]  dump_stack_lvl+0xe8/0x140
[  105.442637][ T9302]  dump_stack+0x15/0x1b
[  105.442705][ T9302]  should_fail_ex+0x265/0x280
[  105.442735][ T9302]  should_fail+0xb/0x20
[  105.442834][ T9302]  should_fail_usercopy+0x1a/0x20
[  105.442864][ T9302]  _copy_from_iter+0xcf/0xe40
[  105.442931][ T9302]  ? __build_skb_around+0x1a0/0x200
[  105.443012][ T9302]  ? __alloc_skb+0x223/0x320
[  105.443039][ T9302]  netlink_sendmsg+0x471/0x6b0
[  105.443075][ T9302]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.443093][ T9302]  __sock_sendmsg+0x145/0x180
[  105.443118][ T9302]  ____sys_sendmsg+0x31e/0x4e0
[  105.443153][ T9302]  ___sys_sendmsg+0x17b/0x1d0
[  105.443279][ T9302]  __x64_sys_sendmsg+0xd4/0x160
[  105.443308][ T9302]  x64_sys_call+0x2999/0x2fb0
[  105.443329][ T9302]  do_syscall_64+0xd2/0x200
[  105.443348][ T9302]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  105.443435][ T9302]  ? clear_bhb_loop+0x40/0x90
[  105.443456][ T9302]  ? clear_bhb_loop+0x40/0x90
[  105.443547][ T9302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.443568][ T9302] RIP: 0033:0x7f94c0f8e929
[  105.443584][ T9302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.443661][ T9302] RSP: 002b:00007f94bf5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.443677][ T9302] RAX: ffffffffffffffda RBX: 00007f94c11b5fa0 RCX: 00007f94c0f8e929
[  105.443688][ T9302] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000006
[  105.443698][ T9302] RBP: 00007f94bf5f7090 R08: 0000000000000000 R09: 0000000000000000
[  105.443708][ T9302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.443740][ T9302] R13: 0000000000000000 R14: 00007f94c11b5fa0 R15: 00007fff70e06188
[  105.443760][ T9302]  </TASK>
[  105.470728][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'.
[  105.756641][ T9314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2369'.
[  105.867937][ T9332] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  105.968624][ T9341] loop4: detected capacity change from 0 to 1024
[  105.975567][ T9341] EXT4-fs: inline encryption not supported
[  105.981451][ T9341] EXT4-fs: Ignoring removed i_version option
[  105.994337][ T9344] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2380'.
[  106.009263][ T9341] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  106.034358][ T9341] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2379: lblock 2 mapped to illegal pblock 2 (length 1)
[  106.051807][ T9341] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2379: lblock 0 mapped to illegal pblock 48 (length 1)
[  106.066226][ T9341] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2379: Failed to acquire dquot type 0
[  106.088293][ T9341] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  106.098964][ T9341] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2379: mark_inode_dirty error
[  106.110929][ T9341] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  106.121474][ T9341] EXT4-fs (loop4): 1 orphan inode deleted
[  106.128514][ T9341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.149448][ T6246] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:17: lblock 1 mapped to illegal pblock 1 (length 1)
[  106.219425][ T6246] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 0
[  106.225533][ T9355] lo speed is unknown, defaulting to 1000
[  106.237624][ T9341] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.248229][ T9341] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2379: Invalid inode table block 1 in block_group 0
[  106.262095][ T9341] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  106.294232][ T9341] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2379: mark_inode_dirty error
[  106.356144][ T9341] loop4: detected capacity change from 0 to 512
[  106.363978][ T9341] EXT4-fs: Ignoring removed orlov option
[  106.374703][ T9341] EXT4-fs (loop4): bad block size 65536
[  106.415801][ T9371] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  106.435961][ T9373] syzkaller1: entered promiscuous mode
[  106.441475][ T9373] syzkaller1: entered allmulticast mode
[  106.449276][ T9373] FAULT_INJECTION: forcing a failure.
[  106.449276][ T9373] name failslab, interval 1, probability 0, space 0, times 0
[  106.461922][ T9373] CPU: 1 UID: 0 PID: 9373 Comm: syz.4.2387 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  106.461999][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  106.462010][ T9373] Call Trace:
[  106.462015][ T9373]  <TASK>
[  106.462022][ T9373]  __dump_stack+0x1d/0x30
[  106.462044][ T9373]  dump_stack_lvl+0xe8/0x140
[  106.462064][ T9373]  dump_stack+0x15/0x1b
[  106.462081][ T9373]  should_fail_ex+0x265/0x280
[  106.462166][ T9373]  should_failslab+0x8c/0xb0
[  106.462186][ T9373]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  106.462217][ T9373]  ? sidtab_sid2str_get+0xa0/0x130
[  106.462238][ T9373]  kmemdup_noprof+0x2b/0x70
[  106.462338][ T9373]  sidtab_sid2str_get+0xa0/0x130
[  106.462362][ T9373]  security_sid_to_context_core+0x1eb/0x2e0
[  106.462388][ T9373]  security_sid_to_context+0x27/0x40
[  106.462406][ T9373]  selinux_lsmprop_to_secctx+0x67/0xf0
[  106.462425][ T9373]  security_lsmprop_to_secctx+0x43/0x80
[  106.462487][ T9373]  audit_log_task_context+0x77/0x190
[  106.462579][ T9373]  audit_log_task+0xf4/0x250
[  106.462608][ T9373]  audit_seccomp+0x61/0x100
[  106.462634][ T9373]  ? __seccomp_filter+0x68c/0x10d0
[  106.462687][ T9373]  __seccomp_filter+0x69d/0x10d0
[  106.462780][ T9373]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  106.462809][ T9373]  ? vfs_write+0x75e/0x8e0
[  106.462858][ T9373]  __secure_computing+0x82/0x150
[  106.462881][ T9373]  syscall_trace_enter+0xcf/0x1e0
[  106.462973][ T9373]  do_syscall_64+0xac/0x200
[  106.462988][ T9373]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  106.463013][ T9373]  ? clear_bhb_loop+0x40/0x90
[  106.463034][ T9373]  ? clear_bhb_loop+0x40/0x90
[  106.463112][ T9373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.463163][ T9373] RIP: 0033:0x7f960c47e929
[  106.463178][ T9373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.463277][ T9373] RSP: 002b:00007f960aae7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.463294][ T9373] RAX: ffffffffffffffda RBX: 00007f960c6a5fa0 RCX: 00007f960c47e929
[  106.463305][ T9373] RDX: 00000000000000ca RSI: 0000200000000480 RDI: 0000000000000004
[  106.463315][ T9373] RBP: 00007f960aae7090 R08: 0000000000000000 R09: 0000000000000000
[  106.463327][ T9373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.463336][ T9373] R13: 0000000000000000 R14: 00007f960c6a5fa0 R15: 00007fff5731d218
[  106.463353][ T9373]  </TASK>
[  106.834988][ T9384] 9pnet_fd: Insufficient options for proto=fd
[  106.857937][ T9384] futex_wake_op: syz.4.2393 tries to shift op by -1; fix this program
[  106.942257][ T9399] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  106.990601][ T9404] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  107.029373][ T9404] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.036691][ T9404] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.114102][ T9417] loop4: detected capacity change from 0 to 512
[  107.117170][ T9419] vlan0: entered allmulticast mode
[  107.129258][ T9414] FAULT_INJECTION: forcing a failure.
[  107.129258][ T9414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.142346][ T9414] CPU: 0 UID: 0 PID: 9414 Comm: syz.3.2408 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  107.142372][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  107.142384][ T9414] Call Trace:
[  107.142390][ T9414]  <TASK>
[  107.142396][ T9414]  __dump_stack+0x1d/0x30
[  107.142416][ T9414]  dump_stack_lvl+0xe8/0x140
[  107.142473][ T9414]  dump_stack+0x15/0x1b
[  107.142535][ T9414]  should_fail_ex+0x265/0x280
[  107.142580][ T9414]  should_fail+0xb/0x20
[  107.142604][ T9414]  should_fail_usercopy+0x1a/0x20
[  107.142726][ T9414]  _copy_from_user+0x1c/0xb0
[  107.142744][ T9414]  do_sock_getsockopt+0xf1/0x240
[  107.142771][ T9414]  __x64_sys_getsockopt+0x11e/0x1a0
[  107.142877][ T9414]  x64_sys_call+0x12aa/0x2fb0
[  107.142966][ T9414]  do_syscall_64+0xd2/0x200
[  107.142982][ T9414]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  107.143003][ T9414]  ? clear_bhb_loop+0x40/0x90
[  107.143045][ T9414]  ? clear_bhb_loop+0x40/0x90
[  107.143068][ T9414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.143097][ T9414] RIP: 0033:0x7fbff436e929
[  107.143163][ T9414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.143178][ T9414] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  107.143194][ T9414] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929
[  107.143205][ T9414] RDX: 000000000000001f RSI: 0000000000000001 RDI: 0000000000000007
[  107.143218][ T9414] RBP: 00007fbff29d7090 R08: 00002000000003c0 R09: 0000000000000000
[  107.143229][ T9414] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  107.143239][ T9414] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  107.143277][ T9414]  </TASK>
[  107.345223][ T9417] EXT4-fs (loop4): 1 orphan inode deleted
[  107.354918][ T9417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.367589][   T51] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[  107.379992][ T9417] ext4 filesystem being mounted at /434/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  107.426324][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.463738][ T9432] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  107.668890][ T9443] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  107.827756][ T9449] FAULT_INJECTION: forcing a failure.
[  107.827756][ T9449] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.840844][ T9449] CPU: 0 UID: 0 PID: 9449 Comm: syz.2.2421 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  107.840868][ T9449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  107.840961][ T9449] Call Trace:
[  107.840967][ T9449]  <TASK>
[  107.840975][ T9449]  __dump_stack+0x1d/0x30
[  107.840997][ T9449]  dump_stack_lvl+0xe8/0x140
[  107.841016][ T9449]  dump_stack+0x15/0x1b
[  107.841031][ T9449]  should_fail_ex+0x265/0x280
[  107.841088][ T9449]  should_fail+0xb/0x20
[  107.841110][ T9449]  should_fail_usercopy+0x1a/0x20
[  107.841139][ T9449]  _copy_from_user+0x1c/0xb0
[  107.841160][ T9449]  rtc_dev_ioctl+0x7ce/0xb60
[  107.841328][ T9449]  ? __pfx_rtc_dev_ioctl+0x10/0x10
[  107.841355][ T9449]  __se_sys_ioctl+0xce/0x140
[  107.841384][ T9449]  __x64_sys_ioctl+0x43/0x50
[  107.841410][ T9449]  x64_sys_call+0x19a8/0x2fb0
[  107.841445][ T9449]  do_syscall_64+0xd2/0x200
[  107.841461][ T9449]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  107.841518][ T9449]  ? clear_bhb_loop+0x40/0x90
[  107.841535][ T9449]  ? clear_bhb_loop+0x40/0x90
[  107.841555][ T9449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.841576][ T9449] RIP: 0033:0x7fcded5ae929
[  107.841658][ T9449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.841674][ T9449] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  107.841690][ T9449] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929
[  107.841700][ T9449] RDX: 0000200000000040 RSI: 0000000040187013 RDI: 0000000000000003
[  107.841710][ T9449] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000
[  107.841720][ T9449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.841731][ T9449] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88
[  107.841799][ T9449]  </TASK>
[  108.087402][ T9457] debugfs: Bad value for 'mode'
[  108.120038][ T9458] loop4: detected capacity change from 0 to 1024
[  108.150481][ T9458] EXT4-fs: inline encryption not supported
[  108.156373][ T9458] EXT4-fs: Ignoring removed i_version option
[  108.172440][ T9458] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  108.203310][ T9458] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2425: lblock 2 mapped to illegal pblock 2 (length 1)
[  108.224478][ T9458] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2425: lblock 0 mapped to illegal pblock 48 (length 1)
[  108.255826][ T9458] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2425: Failed to acquire dquot type 0
[  108.273071][ T9458] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  108.290458][ T9458] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2425: mark_inode_dirty error
[  108.311503][ T9458] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  108.351133][ T9458] EXT4-fs (loop4): 1 orphan inode deleted
[  108.367153][ T6246] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:17: lblock 1 mapped to illegal pblock 1 (length 1)
[  108.386520][ T9458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.412871][ T6246] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 0
[  108.515352][ T9458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.524686][ T9458] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2425: Invalid inode table block 1 in block_group 0
[  108.551381][ T9458] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  109.179002][ T9479] loop3: detected capacity change from 0 to 2048
[  109.330927][ T9487] futex_wake_op: syz.2.2437 tries to shift op by -1; fix this program
[  109.408428][ T9489] debugfs: Bad value for 'mode'
[  109.510351][ T9495] __nla_validate_parse: 11 callbacks suppressed
[  109.510367][ T9495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2441'.
[  109.528892][ T9458] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2425: mark_inode_dirty error
[  109.569349][ T9479] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.581990][ T9458] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2425'.
[  109.623708][ T9458] loop4: detected capacity change from 0 to 512
[  109.646825][   T29] kauditd_printk_skb: 267 callbacks suppressed
[  109.646837][   T29] audit: type=1326 audit(1751501388.651:5214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.647224][ T9458] EXT4-fs: Ignoring removed orlov option
[  109.689565][   T29] audit: type=1326 audit(1751501388.693:5215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.713130][   T29] audit: type=1326 audit(1751501388.693:5216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.736373][   T29] audit: type=1326 audit(1751501388.693:5217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.759787][   T29] audit: type=1326 audit(1751501388.693:5218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.783185][   T29] audit: type=1326 audit(1751501388.693:5219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.806512][   T29] audit: type=1326 audit(1751501388.693:5220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.829944][   T29] audit: type=1326 audit(1751501388.693:5221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.853467][   T29] audit: type=1326 audit(1751501388.693:5222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.876906][   T29] audit: type=1326 audit(1751501388.693:5223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9498 comm="syz.2.2442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded5ae929 code=0x7ffc0000
[  109.919135][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.941118][ T9458] EXT4-fs (loop4): bad block size 65536
[  110.065324][ T9506] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2445'.
[  110.121404][ T9520] debugfs: Bad value for 'mode'
[  110.877770][ T9542] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2457'.
[  111.742929][ T9546] FAULT_INJECTION: forcing a failure.
[  111.742929][ T9546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.756083][ T9546] CPU: 1 UID: 0 PID: 9546 Comm: syz.2.2460 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  111.756203][ T9546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  111.756213][ T9546] Call Trace:
[  111.756219][ T9546]  <TASK>
[  111.756225][ T9546]  __dump_stack+0x1d/0x30
[  111.756243][ T9546]  dump_stack_lvl+0xe8/0x140
[  111.756259][ T9546]  dump_stack+0x15/0x1b
[  111.756323][ T9546]  should_fail_ex+0x265/0x280
[  111.756353][ T9546]  should_fail+0xb/0x20
[  111.756380][ T9546]  should_fail_usercopy+0x1a/0x20
[  111.756447][ T9546]  _copy_to_user+0x20/0xa0
[  111.756511][ T9546]  simple_read_from_buffer+0xb5/0x130
[  111.756537][ T9546]  proc_fail_nth_read+0x100/0x140
[  111.756599][ T9546]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  111.756625][ T9546]  vfs_read+0x1a0/0x6f0
[  111.756769][ T9546]  ? kmem_cache_free+0xdf/0x300
[  111.756828][ T9546]  ? putname+0xda/0x100
[  111.756848][ T9546]  ksys_read+0xda/0x1a0
[  111.756874][ T9546]  __x64_sys_read+0x40/0x50
[  111.756925][ T9546]  x64_sys_call+0x2d77/0x2fb0
[  111.756996][ T9546]  do_syscall_64+0xd2/0x200
[  111.757011][ T9546]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  111.757032][ T9546]  ? clear_bhb_loop+0x40/0x90
[  111.757053][ T9546]  ? clear_bhb_loop+0x40/0x90
[  111.757075][ T9546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.757134][ T9546] RIP: 0033:0x7fcded5ad33c
[  111.757147][ T9546] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  111.757163][ T9546] RSP: 002b:00007fcdebc17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  111.757183][ T9546] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ad33c
[  111.757196][ T9546] RDX: 000000000000000f RSI: 00007fcdebc170a0 RDI: 0000000000000003
[  111.757268][ T9546] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000
[  111.757281][ T9546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.757293][ T9546] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88
[  111.757377][ T9546]  </TASK>
[  112.016739][ T9552] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2462'.
[  112.026091][ T9552] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  112.046011][ T9550] loop4: detected capacity change from 0 to 512
[  112.060368][ T9554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2463'.
[  112.074609][ T9550] EXT4-fs (loop4): filesystem is read-only
[  112.088291][ T9550] EXT4-fs (loop4): filesystem is read-only
[  112.094204][ T9550] EXT4-fs (loop4): orphan cleanup on readonly fs
[  112.101731][ T9550] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2461: bad orphan inode 16
[  112.128857][ T9550] ext4_test_bit(bit=15, block=3) = 0
[  112.135324][ T9550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  112.153675][ T9559] loop3: detected capacity change from 0 to 1024
[  112.162437][ T9559] EXT4-fs: inline encryption not supported
[  112.168379][ T9559] EXT4-fs: Ignoring removed i_version option
[  112.184965][ T9550] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2461'.
[  112.199602][ T9559] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  112.224184][ T9559] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2465: lblock 2 mapped to illegal pblock 2 (length 1)
[  112.243342][ T9559] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2465: lblock 0 mapped to illegal pblock 48 (length 1)
[  112.258104][ T9550] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2461'.
[  112.290400][ T9559] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2465: Failed to acquire dquot type 0
[  112.293250][ T9564] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2467'.
[  112.311454][ T9559] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  112.312407][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.332786][ T9559] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2465: mark_inode_dirty error
[  112.347516][ T9564] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  112.358344][ T9559] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  112.384048][ T9559] EXT4-fs (loop3): 1 orphan inode deleted
[  112.403250][   T51] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1)
[  112.422230][ T9559] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.456523][   T51] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0
[  112.479342][ T9559] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.489727][ T9559] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2465: Invalid inode table block 1 in block_group 0
[  112.504592][ T9559] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  112.528055][ T9559] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2465: mark_inode_dirty error
[  112.548717][ T9574] lo speed is unknown, defaulting to 1000
[  112.574701][ T9559] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2465'.
[  112.607123][ T9559] loop3: detected capacity change from 0 to 512
[  112.614439][ T9559] EXT4-fs: Ignoring removed orlov option
[  112.621333][ T9559] EXT4-fs (loop3): bad block size 65536
[  112.730394][ T9576] siw: device registration error -23
[  112.803736][ T9589] futex_wake_op: syz.1.2477 tries to shift op by -1; fix this program
[  112.953558][ T9597] futex_wake_op: syz.1.2480 tries to shift op by -1; fix this program
[  113.098939][ T9614] FAULT_INJECTION: forcing a failure.
[  113.098939][ T9614] name failslab, interval 1, probability 0, space 0, times 0
[  113.111587][ T9614] CPU: 0 UID: 0 PID: 9614 Comm: syz.2.2486 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  113.111614][ T9614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  113.111625][ T9614] Call Trace:
[  113.111631][ T9614]  <TASK>
[  113.111712][ T9614]  __dump_stack+0x1d/0x30
[  113.111731][ T9614]  dump_stack_lvl+0xe8/0x140
[  113.111747][ T9614]  dump_stack+0x15/0x1b
[  113.111762][ T9614]  should_fail_ex+0x265/0x280
[  113.111815][ T9614]  ? alloc_pipe_info+0xae/0x350
[  113.111832][ T9614]  should_failslab+0x8c/0xb0
[  113.111854][ T9614]  __kmalloc_cache_noprof+0x4c/0x320
[  113.111885][ T9614]  alloc_pipe_info+0xae/0x350
[  113.111971][ T9614]  splice_direct_to_actor+0x592/0x680
[  113.112045][ T9614]  ? __pfx_direct_splice_actor+0x10/0x10
[  113.112150][ T9614]  ? selinux_file_permission+0x2f0/0x320
[  113.112175][ T9614]  do_splice_direct+0xda/0x150
[  113.112246][ T9614]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  113.112337][ T9614]  do_sendfile+0x380/0x650
[  113.112363][ T9614]  __x64_sys_sendfile64+0x105/0x150
[  113.112386][ T9614]  x64_sys_call+0xb39/0x2fb0
[  113.112447][ T9614]  do_syscall_64+0xd2/0x200
[  113.112463][ T9614]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  113.112487][ T9614]  ? clear_bhb_loop+0x40/0x90
[  113.112596][ T9614]  ? clear_bhb_loop+0x40/0x90
[  113.112617][ T9614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.112637][ T9614] RIP: 0033:0x7fcded5ae929
[  113.112671][ T9614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.112688][ T9614] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  113.112739][ T9614] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929
[  113.112752][ T9614] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006
[  113.112762][ T9614] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000
[  113.112772][ T9614] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  113.112782][ T9614] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88
[  113.112808][ T9614]  </TASK>
[  113.330388][ T9617] loop4: detected capacity change from 0 to 1024
[  113.338301][ T9617] EXT4-fs: inline encryption not supported
[  113.344233][ T9617] EXT4-fs: Ignoring removed i_version option
[  113.366339][ T9617] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  113.393296][ T9617] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2488: lblock 2 mapped to illegal pblock 2 (length 1)
[  113.408035][ T9617] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2488: lblock 0 mapped to illegal pblock 48 (length 1)
[  113.469433][ T9617] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2488: Failed to acquire dquot type 0
[  113.485063][ T9617] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  113.496638][ T9617] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2488: mark_inode_dirty error
[  113.528372][ T9617] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  113.539928][ T9617] EXT4-fs (loop4): 1 orphan inode deleted
[  113.546086][ T9617] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.559237][ T6248] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:19: lblock 1 mapped to illegal pblock 1 (length 1)
[  113.585218][ T6248] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:19: Failed to release dquot type 0
[  113.628080][ T9617] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.635264][ T9641] futex_wake_op: syz.3.2498 tries to shift op by -1; fix this program
[  113.637478][ T9617] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2488: Invalid inode table block 1 in block_group 0
[  113.660067][ T9617] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  113.684117][ T9617] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2488: mark_inode_dirty error
[  113.729898][ T9617] loop4: detected capacity change from 0 to 512
[  113.738477][ T9617] EXT4-fs: Ignoring removed orlov option
[  113.746947][ T9617] EXT4-fs (loop4): bad block size 65536
[  113.790727][ T9651] 9pnet_fd: Insufficient options for proto=fd
[  113.952461][ T9682] 9pnet_fd: Insufficient options for proto=fd
[  114.593716][ T9704] loop3: detected capacity change from 0 to 512
[  114.602609][ T9704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  114.613212][ T9704] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.2525: invalid block
[  114.625372][ T9704] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2525: invalid indirect mapped block 4294967295 (level 1)
[  114.640720][ T9704] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2525: invalid indirect mapped block 4294967295 (level 1)
[  114.655146][ T9704] EXT4-fs (loop3): 2 truncates cleaned up
[  114.662045][ T9704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.681439][   T29] kauditd_printk_skb: 157 callbacks suppressed
[  114.681452][   T29] audit: type=1326 audit(113.694:5375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000
[  114.753432][   T29] audit: type=1326 audit(113.757:5376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000
[  114.776256][   T29] audit: type=1326 audit(113.757:5377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000
[  114.798948][   T29] audit: type=1326 audit(113.757:5378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000
[  114.821724][   T29] audit: type=1326 audit(113.757:5379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000
[  114.844424][   T29] audit: type=1326 audit(113.757:5380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000
[  114.867117][   T29] audit: type=1326 audit(113.757:5381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000
[  114.889874][   T29] audit: type=1326 audit(113.757:5382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000
[  114.912550][   T29] audit: type=1326 audit(113.757:5383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbff43658e7 code=0x7ffc0000
[  114.935429][   T29] audit: type=1326 audit(113.757:5384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9703 comm="syz.3.2525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbff430ab19 code=0x7ffc0000
[  115.044318][ T9713] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  115.068499][ T9709] 9pnet_fd: Insufficient options for proto=fd
[  115.083374][ T9704] siw: device registration error -23
[  115.213474][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.329067][ T9735] FAULT_INJECTION: forcing a failure.
[  115.329067][ T9735] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.342146][ T9735] CPU: 0 UID: 0 PID: 9735 Comm: syz.1.2537 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  115.342176][ T9735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  115.342186][ T9735] Call Trace:
[  115.342192][ T9735]  <TASK>
[  115.342199][ T9735]  __dump_stack+0x1d/0x30
[  115.342291][ T9735]  dump_stack_lvl+0xe8/0x140
[  115.342309][ T9735]  dump_stack+0x15/0x1b
[  115.342323][ T9735]  should_fail_ex+0x265/0x280
[  115.342354][ T9735]  should_fail+0xb/0x20
[  115.342378][ T9735]  should_fail_usercopy+0x1a/0x20
[  115.342437][ T9735]  _copy_to_user+0x20/0xa0
[  115.342523][ T9735]  simple_read_from_buffer+0xb5/0x130
[  115.342549][ T9735]  proc_fail_nth_read+0x100/0x140
[  115.342580][ T9735]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  115.342686][ T9735]  vfs_read+0x1a0/0x6f0
[  115.342774][ T9735]  ? __rcu_read_unlock+0x4f/0x70
[  115.342795][ T9735]  ? __fget_files+0x184/0x1c0
[  115.342813][ T9735]  ksys_read+0xda/0x1a0
[  115.342859][ T9735]  __x64_sys_read+0x40/0x50
[  115.342916][ T9735]  x64_sys_call+0x2d77/0x2fb0
[  115.342935][ T9735]  do_syscall_64+0xd2/0x200
[  115.342950][ T9735]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  115.342972][ T9735]  ? clear_bhb_loop+0x40/0x90
[  115.342992][ T9735]  ? clear_bhb_loop+0x40/0x90
[  115.343010][ T9735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.343027][ T9735] RIP: 0033:0x7f94c0f8d33c
[  115.343043][ T9735] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  115.343061][ T9735] RSP: 002b:00007f94bf5f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  115.343134][ T9735] RAX: ffffffffffffffda RBX: 00007f94c11b5fa0 RCX: 00007f94c0f8d33c
[  115.343207][ T9735] RDX: 000000000000000f RSI: 00007f94bf5f70a0 RDI: 0000000000000005
[  115.343220][ T9735] RBP: 00007f94bf5f7090 R08: 0000000000000000 R09: 0000000000000000
[  115.343233][ T9735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.343244][ T9735] R13: 0000000000000000 R14: 00007f94c11b5fa0 R15: 00007fff70e06188
[  115.343260][ T9735]  </TASK>
[  115.585108][ T9740] 9pnet_fd: Insufficient options for proto=fd
[  115.626138][ T9746] loop3: detected capacity change from 0 to 1024
[  115.637795][ T9746] EXT4-fs: inline encryption not supported
[  115.643692][ T9746] EXT4-fs: Ignoring removed i_version option
[  115.653905][ T9746] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  115.667920][ T9746] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.2542: lblock 2 mapped to illegal pblock 2 (length 1)
[  115.682634][ T9746] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.2542: lblock 0 mapped to illegal pblock 48 (length 1)
[  115.702290][ T9746] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2542: Failed to acquire dquot type 0
[  115.715707][ T9746] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  115.735318][ T9746] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2542: mark_inode_dirty error
[  115.748395][ T9746] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  115.759935][ T9746] EXT4-fs (loop3): 1 orphan inode deleted
[  115.766724][ T9746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.781125][ T9766] FAULT_INJECTION: forcing a failure.
[  115.781125][ T9766] name failslab, interval 1, probability 0, space 0, times 0
[  115.781257][ T6248] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:19: lblock 1 mapped to illegal pblock 1 (length 1)
[  115.793748][ T9766] CPU: 0 UID: 0 PID: 9766 Comm: syz.0.2549 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  115.793846][ T9766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  115.793859][ T9766] Call Trace:
[  115.793908][ T9766]  <TASK>
[  115.793915][ T9766]  __dump_stack+0x1d/0x30
[  115.793953][ T9766]  dump_stack_lvl+0xe8/0x140
[  115.793971][ T9766]  dump_stack+0x15/0x1b
[  115.793987][ T9766]  should_fail_ex+0x265/0x280
[  115.794040][ T9766]  should_failslab+0x8c/0xb0
[  115.794062][ T9766]  __kvmalloc_node_noprof+0x123/0x4e0
[  115.794088][ T9766]  ? nf_tables_newset+0xdde/0x14e0
[  115.794134][ T9766]  nf_tables_newset+0xdde/0x14e0
[  115.794240][ T9766]  nfnetlink_rcv+0xb96/0x1690
[  115.794287][ T9766]  netlink_unicast+0x59e/0x670
[  115.794317][ T9766]  netlink_sendmsg+0x58b/0x6b0
[  115.794410][ T9766]  ? __pfx_netlink_sendmsg+0x10/0x10
[  115.794429][ T9766]  __sock_sendmsg+0x145/0x180
[  115.794452][ T9766]  ____sys_sendmsg+0x31e/0x4e0
[  115.794564][ T9766]  ___sys_sendmsg+0x17b/0x1d0
[  115.794677][ T9766]  __x64_sys_sendmsg+0xd4/0x160
[  115.794710][ T9766]  x64_sys_call+0x2999/0x2fb0
[  115.794738][ T9766]  do_syscall_64+0xd2/0x200
[  115.794755][ T9766]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  115.794808][ T9766]  ? clear_bhb_loop+0x40/0x90
[  115.794829][ T9766]  ? clear_bhb_loop+0x40/0x90
[  115.794868][ T9766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.794888][ T9766] RIP: 0033:0x7f7d9f41e929
[  115.794902][ T9766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.794919][ T9766] RSP: 002b:00007f7d9da87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  115.794938][ T9766] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41e929
[  115.794975][ T9766] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  115.794987][ T9766] RBP: 00007f7d9da87090 R08: 0000000000000000 R09: 0000000000000000
[  115.795046][ T9766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  115.795058][ T9766] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68
[  115.795074][ T9766]  </TASK>
[  115.812608][ T9771] SELinux: security_context_str_to_sid (staf) failed with errno=-22
[  115.826065][ T9772] 9pnet_fd: Insufficient options for proto=fd
[  115.831217][ T6248] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:19: Failed to release dquot type 0
[  115.969444][ T9778] lo speed is unknown, defaulting to 1000
[  115.986447][ T9746] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.071528][ T9746] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.2542: Invalid inode table block 1 in block_group 0
[  116.084718][ T9746] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  116.094866][ T9746] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.2542: mark_inode_dirty error
[  116.109851][ T9783] blktrace: Concurrent blktraces are not allowed on loop8
[  116.140501][ T9746] __nla_validate_parse: 8 callbacks suppressed
[  116.140581][ T9746] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2542'.
[  116.155302][ T9793] FAULT_INJECTION: forcing a failure.
[  116.155302][ T9793] name failslab, interval 1, probability 0, space 0, times 0
[  116.168413][ T9793] CPU: 1 UID: 0 PID: 9793 Comm: syz.0.2560 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  116.168436][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  116.168493][ T9793] Call Trace:
[  116.168499][ T9793]  <TASK>
[  116.168506][ T9793]  __dump_stack+0x1d/0x30
[  116.168528][ T9793]  dump_stack_lvl+0xe8/0x140
[  116.168547][ T9793]  dump_stack+0x15/0x1b
[  116.168606][ T9793]  should_fail_ex+0x265/0x280
[  116.168637][ T9793]  ? tcp_sendmsg_fastopen+0x172/0x520
[  116.168738][ T9793]  should_failslab+0x8c/0xb0
[  116.168902][ T9793]  __kmalloc_cache_noprof+0x4c/0x320
[  116.168931][ T9793]  tcp_sendmsg_fastopen+0x172/0x520
[  116.168959][ T9793]  tcp_sendmsg_locked+0x27be/0x2cc0
[  116.168983][ T9793]  ? mntput_no_expire+0x6f/0x3c0
[  116.169010][ T9793]  ? mntput+0x4b/0x80
[  116.169063][ T9793]  ? __rcu_read_unlock+0x4f/0x70
[  116.169086][ T9793]  ? avc_has_perm_noaudit+0x1b1/0x200
[  116.169114][ T9793]  ? avc_has_perm+0xd3/0x150
[  116.169136][ T9793]  ? _raw_spin_unlock_bh+0x36/0x40
[  116.169157][ T9793]  ? __pfx_tcp_sendmsg+0x10/0x10
[  116.169225][ T9793]  tcp_sendmsg+0x2f/0x50
[  116.169261][ T9793]  inet6_sendmsg+0x76/0xd0
[  116.169277][ T9793]  __sock_sendmsg+0x8b/0x180
[  116.169307][ T9793]  __sys_sendto+0x268/0x330
[  116.169344][ T9793]  __x64_sys_sendto+0x76/0x90
[  116.169373][ T9793]  x64_sys_call+0x2eb6/0x2fb0
[  116.169477][ T9793]  do_syscall_64+0xd2/0x200
[  116.169492][ T9793]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  116.169554][ T9793]  ? clear_bhb_loop+0x40/0x90
[  116.169575][ T9793]  ? clear_bhb_loop+0x40/0x90
[  116.169597][ T9793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.169673][ T9793] RIP: 0033:0x7f7d9f41e929
[  116.169689][ T9793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.169708][ T9793] RSP: 002b:00007f7d9da87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  116.169725][ T9793] RAX: ffffffffffffffda RBX: 00007f7d9f645fa0 RCX: 00007f7d9f41e929
[  116.169739][ T9793] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  116.169752][ T9793] RBP: 00007f7d9da87090 R08: 00002000000001c0 R09: 000000000000001c
[  116.169765][ T9793] R10: 0000000020000045 R11: 0000000000000246 R12: 0000000000000001
[  116.169814][ T9793] R13: 0000000000000000 R14: 00007f7d9f645fa0 R15: 00007ffe48813a68
[  116.169830][ T9793]  </TASK>
[  116.410783][ T9746] loop3: detected capacity change from 0 to 512
[  116.420053][ T9746] EXT4-fs: Ignoring removed orlov option
[  116.427255][ T9746] EXT4-fs (loop3): bad block size 65536
[  116.444215][ T9799] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2562'.
[  116.461793][ T9803] SELinux: security_context_str_to_sid (sta) failed with errno=-22
[  116.501411][ T9807] loop4: detected capacity change from 0 to 512
[  116.516725][ T9807] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  116.544726][ T9807] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.2566: invalid block
[  116.560749][ T9810] infiniband syz2: set active
[  116.565567][ T9810] infiniband syz2: added veth0_to_bond
[  116.584758][ T9807] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2566: invalid indirect mapped block 4294967295 (level 1)
[  116.598861][ T9810] RDS/IB: syz2: added
[  116.609914][ T9810] smc: adding ib device syz2 with port count 1
[  116.616202][ T9810] smc:    ib device syz2 port 1 has pnetid 
[  116.630814][ T9807] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2566: invalid indirect mapped block 4294967295 (level 1)
[  116.655756][ T9807] EXT4-fs (loop4): 2 truncates cleaned up
[  116.665372][ T9807] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.686435][ T9820] netlink: 27 bytes leftover after parsing attributes in process `syz.0.2568'.
[  116.791622][ T9807] siw: device registration error -23
[  116.797196][ T9833] lo speed is unknown, defaulting to 1000
[  116.855594][ T9838] SELinux: security_context_str_to_sid (sta) failed with errno=-22
[  116.879637][ T9840] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2576'.
[  116.895045][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.928048][ T9844] FAULT_INJECTION: forcing a failure.
[  116.928048][ T9844] name failslab, interval 1, probability 0, space 0, times 0
[  116.929603][ T9847] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2578'.
[  116.940797][ T9844] CPU: 0 UID: 0 PID: 9844 Comm: syz.2.2579 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  116.940893][ T9844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  116.940905][ T9844] Call Trace:
[  116.940910][ T9844]  <TASK>
[  116.940917][ T9844]  __dump_stack+0x1d/0x30
[  116.940938][ T9844]  dump_stack_lvl+0xe8/0x140
[  116.940957][ T9844]  dump_stack+0x15/0x1b
[  116.940973][ T9844]  should_fail_ex+0x265/0x280
[  116.941021][ T9844]  should_failslab+0x8c/0xb0
[  116.941043][ T9844]  kmem_cache_alloc_noprof+0x50/0x310
[  116.941067][ T9844]  ? audit_log_start+0x365/0x6c0
[  116.941130][ T9844]  audit_log_start+0x365/0x6c0
[  116.941192][ T9844]  audit_seccomp+0x48/0x100
[  116.941228][ T9844]  ? __seccomp_filter+0x68c/0x10d0
[  116.941257][ T9844]  __seccomp_filter+0x69d/0x10d0
[  116.941286][ T9844]  __secure_computing+0x82/0x150
[  116.941308][ T9844]  syscall_trace_enter+0xcf/0x1e0
[  116.941405][ T9844]  do_syscall_64+0xac/0x200
[  116.941422][ T9844]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  116.941444][ T9844]  ? clear_bhb_loop+0x40/0x90
[  116.941519][ T9844]  ? clear_bhb_loop+0x40/0x90
[  116.941539][ T9844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.941559][ T9844] RIP: 0033:0x7fcded5ad33c
[  116.941573][ T9844] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  116.941628][ T9844] RSP: 002b:00007fcdebc17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.941667][ T9844] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ad33c
[  116.941679][ T9844] RDX: 000000000000000f RSI: 00007fcdebc170a0 RDI: 0000000000000005
[  116.941691][ T9844] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000
[  116.941703][ T9844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.941715][ T9844] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88
[  116.941733][ T9844]  </TASK>
[  117.192947][ T9860] FAULT_INJECTION: forcing a failure.
[  117.192947][ T9860] name failslab, interval 1, probability 0, space 0, times 0
[  117.205683][ T9860] CPU: 1 UID: 0 PID: 9860 Comm: syz.3.2584 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  117.205713][ T9860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.205725][ T9860] Call Trace:
[  117.205732][ T9860]  <TASK>
[  117.205740][ T9860]  __dump_stack+0x1d/0x30
[  117.205761][ T9860]  dump_stack_lvl+0xe8/0x140
[  117.205820][ T9860]  dump_stack+0x15/0x1b
[  117.205837][ T9860]  should_fail_ex+0x265/0x280
[  117.205863][ T9860]  should_failslab+0x8c/0xb0
[  117.205882][ T9860]  kmem_cache_alloc_noprof+0x50/0x310
[  117.205974][ T9860]  ? dst_alloc+0xbd/0x100
[  117.206067][ T9860]  dst_alloc+0xbd/0x100
[  117.206091][ T9860]  ? ip_vs_sip_hashkey_raw+0xd2/0x330
[  117.206144][ T9860]  ip_route_output_key_hash_rcu+0xf16/0x1440
[  117.206171][ T9860]  ? ip_route_output_key_hash_rcu+0x12d1/0x1440
[  117.206199][ T9860]  ip_route_output_key_hash+0x7a/0xb0
[  117.206222][ T9860]  __ip4_datagram_connect+0x4cc/0x7b0
[  117.206328][ T9860]  __ip6_datagram_connect+0xe7/0x7e0
[  117.206358][ T9860]  ? _raw_spin_unlock_bh+0x36/0x40
[  117.206384][ T9860]  ip6_datagram_connect_v6_only+0x52/0x80
[  117.206410][ T9860]  inet_dgram_connect+0x122/0x1c0
[  117.206511][ T9860]  ? __pfx_inet_dgram_connect+0x10/0x10
[  117.206547][ T9860]  __sys_connect+0x1ef/0x2b0
[  117.206619][ T9860]  __x64_sys_connect+0x3f/0x50
[  117.206665][ T9860]  x64_sys_call+0x1daa/0x2fb0
[  117.206722][ T9860]  do_syscall_64+0xd2/0x200
[  117.206740][ T9860]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  117.206763][ T9860]  ? clear_bhb_loop+0x40/0x90
[  117.206780][ T9860]  ? clear_bhb_loop+0x40/0x90
[  117.206830][ T9860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.206851][ T9860] RIP: 0033:0x7fbff436e929
[  117.206867][ T9860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.206884][ T9860] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  117.206904][ T9860] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929
[  117.207065][ T9860] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003
[  117.207077][ T9860] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000
[  117.207089][ T9860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.207175][ T9860] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  117.207197][ T9860]  </TASK>
[  117.219914][ T9862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  117.372109][ T9869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2586'.
[  117.375324][ T9862] IPv6: NLM_F_CREATE should be set when creating new route
[  117.380392][ T9870] loop3: detected capacity change from 0 to 512
[  117.523577][ T9878] futex_wake_op: syz.0.2589 tries to shift op by -1; fix this program
[  117.532918][ T9878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2589'.
[  117.615424][ T9870] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  117.647225][ T9875] syzkaller0: entered promiscuous mode
[  117.652800][ T9875] syzkaller0: entered allmulticast mode
[  117.668637][ T9870] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.2588: invalid block
[  117.683168][ T9890] netlink: 'syz.0.2590': attribute type 10 has an invalid length.
[  117.731539][ T9884] lo speed is unknown, defaulting to 1000
[  117.740821][ T9870] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2588: invalid indirect mapped block 4294967295 (level 1)
[  117.792217][ T9901] FAULT_INJECTION: forcing a failure.
[  117.792217][ T9901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.805332][ T9901] CPU: 1 UID: 0 PID: 9901 Comm: syz.1.2594 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  117.805358][ T9901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.805369][ T9901] Call Trace:
[  117.805373][ T9901]  <TASK>
[  117.805379][ T9901]  __dump_stack+0x1d/0x30
[  117.805501][ T9901]  dump_stack_lvl+0xe8/0x140
[  117.805516][ T9901]  dump_stack+0x15/0x1b
[  117.805528][ T9901]  should_fail_ex+0x265/0x280
[  117.805551][ T9901]  should_fail+0xb/0x20
[  117.805571][ T9901]  should_fail_usercopy+0x1a/0x20
[  117.805599][ T9901]  _copy_from_iter+0xcf/0xe40
[  117.805622][ T9901]  ? __build_skb_around+0x1a0/0x200
[  117.805704][ T9901]  ? __alloc_skb+0x223/0x320
[  117.805727][ T9901]  netlink_sendmsg+0x471/0x6b0
[  117.805743][ T9901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.805757][ T9901]  __sock_sendmsg+0x145/0x180
[  117.805776][ T9901]  ____sys_sendmsg+0x31e/0x4e0
[  117.805841][ T9901]  ___sys_sendmsg+0x17b/0x1d0
[  117.805874][ T9901]  __x64_sys_sendmsg+0xd4/0x160
[  117.805930][ T9901]  x64_sys_call+0x2999/0x2fb0
[  117.805945][ T9901]  do_syscall_64+0xd2/0x200
[  117.805959][ T9901]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  117.806013][ T9901]  ? clear_bhb_loop+0x40/0x90
[  117.806102][ T9901]  ? clear_bhb_loop+0x40/0x90
[  117.806118][ T9901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.806214][ T9901] RIP: 0033:0x7f94c0f8e929
[  117.806225][ T9901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.806239][ T9901] RSP: 002b:00007f94bf5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.806275][ T9901] RAX: ffffffffffffffda RBX: 00007f94c11b5fa0 RCX: 00007f94c0f8e929
[  117.806285][ T9901] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  117.806294][ T9901] RBP: 00007f94bf5f7090 R08: 0000000000000000 R09: 0000000000000000
[  117.806304][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.806313][ T9901] R13: 0000000000000000 R14: 00007f94c11b5fa0 R15: 00007fff70e06188
[  117.806328][ T9901]  </TASK>
[  118.017903][ T9870] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2588: invalid indirect mapped block 4294967295 (level 1)
[  118.071077][ T9870] EXT4-fs (loop3): 2 truncates cleaned up
[  118.085018][ T9870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.100480][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'.
[  118.109411][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'.
[  118.118461][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'.
[  118.169142][ T9870] siw: device registration error -23
[  118.190220][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.229470][ T9917] debugfs: Bad value for 'mode'
[  118.261830][ T9921] loop4: detected capacity change from 0 to 1024
[  118.271818][ T9921] EXT4-fs: inline encryption not supported
[  118.277806][ T9921] EXT4-fs: Ignoring removed i_version option
[  118.291321][ T9921] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  118.304002][ T9921] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2600: lblock 2 mapped to illegal pblock 2 (length 1)
[  118.321031][ T9921] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2600: lblock 0 mapped to illegal pblock 48 (length 1)
[  118.336675][ T9921] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2600: Failed to acquire dquot type 0
[  118.370551][ T9932] FAULT_INJECTION: forcing a failure.
[  118.370551][ T9932] name failslab, interval 1, probability 0, space 0, times 0
[  118.374324][ T9921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  118.383191][ T9932] CPU: 1 UID: 0 PID: 9932 Comm: syz.3.2604 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  118.383217][ T9932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  118.383229][ T9932] Call Trace:
[  118.383235][ T9932]  <TASK>
[  118.383242][ T9932]  __dump_stack+0x1d/0x30
[  118.383293][ T9932]  dump_stack_lvl+0xe8/0x140
[  118.383311][ T9932]  dump_stack+0x15/0x1b
[  118.383327][ T9932]  should_fail_ex+0x265/0x280
[  118.383357][ T9932]  should_failslab+0x8c/0xb0
[  118.383423][ T9932]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  118.383448][ T9932]  ? shmem_alloc_inode+0x34/0x50
[  118.383465][ T9932]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  118.383480][ T9932]  shmem_alloc_inode+0x34/0x50
[  118.383528][ T9932]  alloc_inode+0x40/0x170
[  118.383557][ T9932]  new_inode+0x1d/0xe0
[  118.383575][ T9932]  shmem_get_inode+0x244/0x750
[  118.383595][ T9932]  __shmem_file_setup+0x113/0x210
[  118.383645][ T9932]  shmem_file_setup+0x3b/0x50
[  118.383671][ T9932]  __se_sys_memfd_create+0x2c3/0x590
[  118.383701][ T9932]  __x64_sys_memfd_create+0x31/0x40
[  118.383804][ T9932]  x64_sys_call+0x122f/0x2fb0
[  118.383824][ T9932]  do_syscall_64+0xd2/0x200
[  118.383841][ T9932]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  118.383865][ T9932]  ? clear_bhb_loop+0x40/0x90
[  118.383934][ T9932]  ? clear_bhb_loop+0x40/0x90
[  118.384002][ T9932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.384022][ T9932] RIP: 0033:0x7fbff436e929
[  118.384037][ T9932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.384054][ T9932] RSP: 002b:00007fbff29d6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  118.384118][ T9932] RAX: ffffffffffffffda RBX: 00000000000002f0 RCX: 00007fbff436e929
[  118.384130][ T9932] RDX: 00007fbff29d6ef0 RSI: 0000000000000000 RDI: 00007fbff43f14cc
[  118.384142][ T9932] RBP: 0000200000000f80 R08: 00007fbff29d6bb7 R09: 00007fbff29d6e40
[  118.384154][ T9932] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  118.384166][ T9932] R13: 00007fbff29d6ef0 R14: 00007fbff29d6eb0 R15: 0000200000000040
[  118.384185][ T9932]  </TASK>
[  118.603970][ T9921] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2600: mark_inode_dirty error
[  118.615537][ T9921] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  118.627528][ T9921] EXT4-fs (loop4): 1 orphan inode deleted
[  118.633678][ T9921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.646389][   T31] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1)
[  118.675713][   T31] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 0
[  118.710738][ T9921] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.721788][ T9958] debugfs: Bad value for 'mode'
[  118.733393][ T9957] FAULT_INJECTION: forcing a failure.
[  118.733393][ T9957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.746540][ T9957] CPU: 1 UID: 0 PID: 9957 Comm: syz.3.2612 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  118.746567][ T9957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  118.746601][ T9957] Call Trace:
[  118.746606][ T9957]  <TASK>
[  118.746612][ T9957]  __dump_stack+0x1d/0x30
[  118.746631][ T9957]  dump_stack_lvl+0xe8/0x140
[  118.746651][ T9957]  dump_stack+0x15/0x1b
[  118.746669][ T9957]  should_fail_ex+0x265/0x280
[  118.746733][ T9957]  should_fail+0xb/0x20
[  118.746826][ T9957]  should_fail_usercopy+0x1a/0x20
[  118.746856][ T9957]  _copy_to_user+0x20/0xa0
[  118.746873][ T9957]  simple_read_from_buffer+0xb5/0x130
[  118.746898][ T9957]  proc_fail_nth_read+0x100/0x140
[  118.747008][ T9957]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  118.747032][ T9957]  vfs_read+0x1a0/0x6f0
[  118.747118][ T9957]  ? __rcu_read_unlock+0x4f/0x70
[  118.747136][ T9957]  ? __fget_files+0x184/0x1c0
[  118.747156][ T9957]  ksys_read+0xda/0x1a0
[  118.747215][ T9957]  __x64_sys_read+0x40/0x50
[  118.747243][ T9957]  x64_sys_call+0x2d77/0x2fb0
[  118.747306][ T9957]  do_syscall_64+0xd2/0x200
[  118.747324][ T9957]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  118.747356][ T9957]  ? clear_bhb_loop+0x40/0x90
[  118.747378][ T9957]  ? clear_bhb_loop+0x40/0x90
[  118.747471][ T9957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.747488][ T9957] RIP: 0033:0x7fbff436d33c
[  118.747500][ T9957] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  118.747515][ T9957] RSP: 002b:00007fbff29d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  118.747532][ T9957] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436d33c
[  118.747546][ T9957] RDX: 000000000000000f RSI: 00007fbff29d70a0 RDI: 0000000000000004
[  118.747559][ T9957] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000
[  118.747626][ T9957] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  118.747639][ T9957] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  118.747659][ T9957]  </TASK>
[  118.747917][ T9921] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.2600: Invalid inode table block 1 in block_group 0
[  118.965610][ T9921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[  118.976189][ T9921] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.2600: mark_inode_dirty error
[  119.021254][ T9921] loop4: detected capacity change from 0 to 512
[  119.027980][ T9921] EXT4-fs: Ignoring removed orlov option
[  119.044757][ T9921] EXT4-fs (loop4): bad block size 65536
[  119.057993][ T9975] netem: change failed
[  119.084350][ T9979] FAULT_INJECTION: forcing a failure.
[  119.084350][ T9979] name failslab, interval 1, probability 0, space 0, times 0
[  119.097014][ T9979] CPU: 1 UID: 0 PID: 9979 Comm: syz.2.2623 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  119.097036][ T9979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.097045][ T9979] Call Trace:
[  119.097051][ T9979]  <TASK>
[  119.097056][ T9979]  __dump_stack+0x1d/0x30
[  119.097108][ T9979]  dump_stack_lvl+0xe8/0x140
[  119.097172][ T9979]  dump_stack+0x15/0x1b
[  119.097185][ T9979]  should_fail_ex+0x265/0x280
[  119.097210][ T9979]  should_failslab+0x8c/0xb0
[  119.097291][ T9979]  __kmalloc_noprof+0xa5/0x3e0
[  119.097311][ T9979]  ? pfkey_add+0xf28/0x12e0
[  119.097346][ T9979]  pfkey_add+0xf28/0x12e0
[  119.097374][ T9979]  pfkey_sendmsg+0x715/0x900
[  119.097539][ T9979]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  119.097562][ T9979]  __sock_sendmsg+0x145/0x180
[  119.097582][ T9979]  ____sys_sendmsg+0x31e/0x4e0
[  119.097616][ T9979]  ___sys_sendmsg+0x17b/0x1d0
[  119.097649][ T9979]  __x64_sys_sendmsg+0xd4/0x160
[  119.097697][ T9979]  x64_sys_call+0x2999/0x2fb0
[  119.097713][ T9979]  do_syscall_64+0xd2/0x200
[  119.097728][ T9979]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  119.097748][ T9979]  ? clear_bhb_loop+0x40/0x90
[  119.097785][ T9979]  ? clear_bhb_loop+0x40/0x90
[  119.097802][ T9979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.097853][ T9979] RIP: 0033:0x7fcded5ae929
[  119.097866][ T9979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.097879][ T9979] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.097893][ T9979] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929
[  119.097902][ T9979] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  119.097911][ T9979] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000
[  119.097920][ T9979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.097929][ T9979] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88
[  119.098024][ T9979]  </TASK>
[  119.315722][ T9981] siw: device registration error -23
[  119.354375][ T9982] FAULT_INJECTION: forcing a failure.
[  119.354375][ T9982] name failslab, interval 1, probability 0, space 0, times 0
[  119.367051][ T9982] CPU: 0 UID: 0 PID: 9982 Comm: syz.3.2620 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  119.367073][ T9982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.367082][ T9982] Call Trace:
[  119.367088][ T9982]  <TASK>
[  119.367095][ T9982]  __dump_stack+0x1d/0x30
[  119.367114][ T9982]  dump_stack_lvl+0xe8/0x140
[  119.367128][ T9982]  dump_stack+0x15/0x1b
[  119.367141][ T9982]  should_fail_ex+0x265/0x280
[  119.367169][ T9982]  should_failslab+0x8c/0xb0
[  119.367189][ T9982]  __kmalloc_noprof+0xa5/0x3e0
[  119.367210][ T9982]  ? memcg_list_lru_alloc+0x195/0x490
[  119.367237][ T9982]  memcg_list_lru_alloc+0x195/0x490
[  119.367266][ T9982]  __memcg_slab_post_alloc_hook+0x1a7/0x580
[  119.367293][ T9982]  kmem_cache_alloc_lru_noprof+0x229/0x310
[  119.367313][ T9982]  ? shmem_alloc_inode+0x34/0x50
[  119.367329][ T9982]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  119.367345][ T9982]  shmem_alloc_inode+0x34/0x50
[  119.367359][ T9982]  alloc_inode+0x40/0x170
[  119.367383][ T9982]  new_inode+0x1d/0xe0
[  119.367397][ T9982]  shmem_get_inode+0x244/0x750
[  119.367412][ T9982]  __shmem_file_setup+0x158/0x210
[  119.367435][ T9982]  shmem_zero_setup+0x63/0xd0
[  119.367458][ T9982]  mmap_region+0xee5/0x1580
[  119.367490][ T9982]  do_mmap+0x9b3/0xbe0
[  119.367516][ T9982]  vm_mmap_pgoff+0x17a/0x2e0
[  119.367538][ T9982]  ksys_mmap_pgoff+0xc2/0x310
[  119.367560][ T9982]  ? __x64_sys_mmap+0x49/0x70
[  119.367577][ T9982]  x64_sys_call+0x1602/0x2fb0
[  119.367594][ T9982]  do_syscall_64+0xd2/0x200
[  119.367608][ T9982]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  119.367628][ T9982]  ? clear_bhb_loop+0x40/0x90
[  119.367646][ T9982]  ? clear_bhb_loop+0x40/0x90
[  119.367663][ T9982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.367680][ T9982] RIP: 0033:0x7fbff436e929
[  119.367694][ T9982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.367708][ T9982] RSP: 002b:00007fbff29b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  119.367723][ T9982] RAX: ffffffffffffffda RBX: 00007fbff4596080 RCX: 00007fbff436e929
[  119.367732][ T9982] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  119.367741][ T9982] RBP: 00007fbff29b6090 R08: ffffffffffffffff R09: 0000000000001000
[  119.367750][ T9982] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000001
[  119.367758][ T9982] R13: 0000000000000000 R14: 00007fbff4596080 R15: 00007ffd178c7fe8
[  119.367772][ T9982]  </TASK>
[  119.639829][ T9993] debugfs: Bad value for 'mode'
[  119.661953][ T9995] loop4: detected capacity change from 0 to 512
[  119.672862][ T9995] ext4: Unknown parameter 'euid'
[  119.686955][ T9995] netlink: 'syz.4.2631': attribute type 39 has an invalid length.
[  119.794592][T10007] futex_wake_op: syz.0.2636 tries to shift op by -1; fix this program
[  119.841287][T10009] 9pnet_fd: Insufficient options for proto=fd
[  119.904242][   T29] kauditd_printk_skb: 548 callbacks suppressed
[  119.904257][   T29] audit: type=1400 audit(119.177:5925): avc:  denied  { connect } for  pid=10010 comm="syz.1.2638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  120.139898][   T29] audit: type=1400 audit(119.429:5926): avc:  denied  { create } for  pid=10042 comm="syz.2.2653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  120.159033][   T29] audit: type=1400 audit(119.429:5927): avc:  denied  { write } for  pid=10042 comm="syz.2.2653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  120.424894][T10060] FAULT_INJECTION: forcing a failure.
[  120.424894][T10060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.438190][T10060] CPU: 1 UID: 0 PID: 10060 Comm: syz.3.2659 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  120.438216][T10060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  120.438307][T10060] Call Trace:
[  120.438313][T10060]  <TASK>
[  120.438319][T10060]  __dump_stack+0x1d/0x30
[  120.438337][T10060]  dump_stack_lvl+0xe8/0x140
[  120.438355][T10060]  dump_stack+0x15/0x1b
[  120.438399][T10060]  should_fail_ex+0x265/0x280
[  120.438430][T10060]  should_fail+0xb/0x20
[  120.438455][T10060]  should_fail_usercopy+0x1a/0x20
[  120.438530][T10060]  _copy_from_user+0x1c/0xb0
[  120.438548][T10060]  ___sys_sendmsg+0xc1/0x1d0
[  120.438628][T10060]  __x64_sys_sendmsg+0xd4/0x160
[  120.438656][T10060]  x64_sys_call+0x2999/0x2fb0
[  120.438715][T10060]  do_syscall_64+0xd2/0x200
[  120.438730][T10060]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  120.438825][T10060]  ? clear_bhb_loop+0x40/0x90
[  120.438842][T10060]  ? clear_bhb_loop+0x40/0x90
[  120.438883][T10060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.438904][T10060] RIP: 0033:0x7fbff436e929
[  120.438939][T10060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.438956][T10060] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  120.438973][T10060] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929
[  120.438984][T10060] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  120.438994][T10060] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000
[  120.439024][T10060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.439037][T10060] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  120.439056][T10060]  </TASK>
[  121.227039][T10086] __nla_validate_parse: 12 callbacks suppressed
[  121.227055][T10086] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2669'.
[  121.276120][T10091] FAULT_INJECTION: forcing a failure.
[  121.276120][T10091] name failslab, interval 1, probability 0, space 0, times 0
[  121.279947][T10084] syzkaller0: entered promiscuous mode
[  121.288938][T10091] CPU: 1 UID: 0 PID: 10091 Comm: syz.2.2671 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  121.288965][T10091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  121.288977][T10091] Call Trace:
[  121.288983][T10091]  <TASK>
[  121.288990][T10091]  __dump_stack+0x1d/0x30
[  121.289011][T10091]  dump_stack_lvl+0xe8/0x140
[  121.289103][T10091]  dump_stack+0x15/0x1b
[  121.289119][T10091]  should_fail_ex+0x265/0x280
[  121.289148][T10091]  should_failslab+0x8c/0xb0
[  121.289169][T10091]  kmem_cache_alloc_node_noprof+0x57/0x320
[  121.289201][T10091]  ? __alloc_skb+0x101/0x320
[  121.289228][T10091]  __alloc_skb+0x101/0x320
[  121.289254][T10091]  netlink_alloc_large_skb+0xba/0xf0
[  121.289336][T10091]  netlink_sendmsg+0x3cf/0x6b0
[  121.289374][T10091]  ? __pfx_netlink_sendmsg+0x10/0x10
[  121.289392][T10091]  __sock_sendmsg+0x145/0x180
[  121.289416][T10091]  ____sys_sendmsg+0x31e/0x4e0
[  121.289513][T10091]  ___sys_sendmsg+0x17b/0x1d0
[  121.289554][T10091]  __x64_sys_sendmsg+0xd4/0x160
[  121.289633][T10091]  x64_sys_call+0x2999/0x2fb0
[  121.289730][T10091]  do_syscall_64+0xd2/0x200
[  121.289746][T10091]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  121.289771][T10091]  ? clear_bhb_loop+0x40/0x90
[  121.289791][T10091]  ? clear_bhb_loop+0x40/0x90
[  121.289882][T10091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.289902][T10091] RIP: 0033:0x7fcded5ae929
[  121.289973][T10091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.289990][T10091] RSP: 002b:00007fcdebc17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  121.290008][T10091] RAX: ffffffffffffffda RBX: 00007fcded7d5fa0 RCX: 00007fcded5ae929
[  121.290020][T10091] RDX: 0000000004008800 RSI: 0000200000000840 RDI: 0000000000000005
[  121.290031][T10091] RBP: 00007fcdebc17090 R08: 0000000000000000 R09: 0000000000000000
[  121.290043][T10091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.290064][T10091] R13: 0000000000000000 R14: 00007fcded7d5fa0 R15: 00007ffccbb75b88
[  121.290088][T10091]  </TASK>
[  121.336754][T10089] loop4: detected capacity change from 0 to 2048
[  121.341093][T10084] syzkaller0: entered allmulticast mode
[  121.345184][   T29] audit: type=1326 audit(120.689:5928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.353480][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2672'.
[  121.356094][   T29] audit: type=1326 audit(120.689:5929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.356121][   T29] audit: type=1326 audit(120.689:5930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.356228][   T29] audit: type=1326 audit(120.689:5931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.360663][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2672'.
[  121.365858][   T29] audit: type=1326 audit(120.689:5932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.370622][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2672'.
[  121.375961][   T29] audit: type=1326 audit(120.689:5933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.431207][T10101] netlink: 'syz.2.2673': attribute type 21 has an invalid length.
[  121.449537][   T29] audit: type=1326 audit(120.689:5934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9f41e929 code=0x7ffc0000
[  121.477434][T10089] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.502317][T10101] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2673'.
[  121.649654][T10106] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2673'.
[  121.739383][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.767231][T10101] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5134 sclass=netlink_route_socket pid=10101 comm=syz.2.2673
[  121.790823][T10112] lo speed is unknown, defaulting to 1000
[  122.074897][T10139] 9pnet_fd: Insufficient options for proto=fd
[  122.187486][T10151] loop4: detected capacity change from 0 to 512
[  122.194978][T10151] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.204746][T10151] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2694: bad orphan inode 11
[  122.221166][T10151] ext4_test_bit(bit=10, block=4) = 1
[  122.226475][T10151] is_bad_inode(inode)=0
[  122.230652][T10151] NEXT_ORPHAN(inode)=2080374784
[  122.235499][T10151] max_ino=32
[  122.238707][T10151] i_nlink=0
[  122.249698][T10151] EXT4-fs (loop4): 1 truncate cleaned up
[  122.255845][T10151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.309333][T10158] sctp: [Deprecated]: syz.1.2695 (pid 10158) Use of int in maxseg socket option.
[  122.309333][T10158] Use struct sctp_assoc_value instead
[  122.338767][T10159] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2694: bg 0: block 393: padding at end of block bitmap is not set
[  122.345698][T10161] 9pnet_fd: Insufficient options for proto=fd
[  122.377894][T10163] futex_wake_op: syz.1.2698 tries to shift op by -1; fix this program
[  122.467657][T10168] lo speed is unknown, defaulting to 1000
[  122.612692][T10188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.622232][T10188] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.725989][T10190] FAULT_INJECTION: forcing a failure.
[  122.725989][T10190] name failslab, interval 1, probability 0, space 0, times 0
[  122.738690][T10190] CPU: 0 UID: 0 PID: 10190 Comm: syz.3.2705 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  122.738728][T10190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  122.738740][T10190] Call Trace:
[  122.738746][T10190]  <TASK>
[  122.738814][T10190]  __dump_stack+0x1d/0x30
[  122.738828][T10190]  dump_stack_lvl+0xe8/0x140
[  122.738839][T10190]  dump_stack+0x15/0x1b
[  122.738867][T10190]  should_fail_ex+0x265/0x280
[  122.738884][T10190]  should_failslab+0x8c/0xb0
[  122.738897][T10190]  kmem_cache_alloc_noprof+0x50/0x310
[  122.738911][T10190]  ? getname_flags+0x80/0x3b0
[  122.738949][T10190]  getname_flags+0x80/0x3b0
[  122.738961][T10190]  do_sys_openat2+0x60/0x110
[  122.739040][T10190]  __x64_sys_openat+0xf2/0x120
[  122.739114][T10190]  x64_sys_call+0x1af/0x2fb0
[  122.739135][T10190]  do_syscall_64+0xd2/0x200
[  122.739145][T10190]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  122.739159][T10190]  ? clear_bhb_loop+0x40/0x90
[  122.739182][T10190]  ? clear_bhb_loop+0x40/0x90
[  122.739193][T10190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.739205][T10190] RIP: 0033:0x7fbff436e929
[  122.739247][T10190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.739257][T10190] RSP: 002b:00007fbff29d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  122.739268][T10190] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436e929
[  122.739275][T10190] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  122.739282][T10190] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000
[  122.739289][T10190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.739295][T10190] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  122.739306][T10190]  </TASK>
[  122.954746][T10194] FAULT_INJECTION: forcing a failure.
[  122.954746][T10194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.967957][T10194] CPU: 1 UID: 0 PID: 10194 Comm: syz.3.2707 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  122.968008][T10194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  122.968020][T10194] Call Trace:
[  122.968026][T10194]  <TASK>
[  122.968033][T10194]  __dump_stack+0x1d/0x30
[  122.968124][T10194]  dump_stack_lvl+0xe8/0x140
[  122.968140][T10194]  dump_stack+0x15/0x1b
[  122.968156][T10194]  should_fail_ex+0x265/0x280
[  122.968233][T10194]  should_fail+0xb/0x20
[  122.968259][T10194]  should_fail_usercopy+0x1a/0x20
[  122.968334][T10194]  _copy_to_user+0x20/0xa0
[  122.968353][T10194]  simple_read_from_buffer+0xb5/0x130
[  122.968383][T10194]  proc_fail_nth_read+0x100/0x140
[  122.968455][T10194]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  122.968538][T10194]  vfs_read+0x1a0/0x6f0
[  122.968636][T10194]  ? __get_user_nocheck_8+0x20/0x20
[  122.968663][T10194]  ? ppp_ioctl+0x10c6/0x11c0
[  122.968707][T10194]  ksys_read+0xda/0x1a0
[  122.968773][T10194]  __x64_sys_read+0x40/0x50
[  122.968818][T10194]  x64_sys_call+0x2d77/0x2fb0
[  122.968837][T10194]  do_syscall_64+0xd2/0x200
[  122.968855][T10194]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  122.968929][T10194]  ? clear_bhb_loop+0x40/0x90
[  122.968949][T10194]  ? clear_bhb_loop+0x40/0x90
[  122.969049][T10194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.969112][T10194] RIP: 0033:0x7fbff436d33c
[  122.969201][T10194] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  122.969271][T10194] RSP: 002b:00007fbff29d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  122.969289][T10194] RAX: ffffffffffffffda RBX: 00007fbff4595fa0 RCX: 00007fbff436d33c
[  122.969303][T10194] RDX: 000000000000000f RSI: 00007fbff29d70a0 RDI: 0000000000000004
[  122.969316][T10194] RBP: 00007fbff29d7090 R08: 0000000000000000 R09: 0000000000000000
[  122.969328][T10194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.969340][T10194] R13: 0000000000000000 R14: 00007fbff4595fa0 R15: 00007ffd178c7fe8
[  122.969430][T10194]  </TASK>
[  123.197078][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.305989][T10217] FAULT_INJECTION: forcing a failure.
[  123.305989][T10217] name failslab, interval 1, probability 0, space 0, times 0
[  123.318706][T10217] CPU: 1 UID: 0 PID: 10217 Comm: syz.1.2718 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  123.318730][T10217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  123.318739][T10217] Call Trace:
[  123.318744][T10217]  <TASK>
[  123.318751][T10217]  __dump_stack+0x1d/0x30
[  123.318818][T10217]  dump_stack_lvl+0xe8/0x140
[  123.318904][T10217]  dump_stack+0x15/0x1b
[  123.318917][T10217]  should_fail_ex+0x265/0x280
[  123.318946][T10217]  ? __se_sys_memfd_create+0x1cc/0x590
[  123.319030][T10217]  should_failslab+0x8c/0xb0
[  123.319049][T10217]  __kmalloc_cache_noprof+0x4c/0x320
[  123.319208][T10217]  ? fput+0x8f/0xc0
[  123.319227][T10217]  __se_sys_memfd_create+0x1cc/0x590
[  123.319253][T10217]  __x64_sys_memfd_create+0x31/0x40
[  123.319307][T10217]  x64_sys_call+0x122f/0x2fb0
[  123.319328][T10217]  do_syscall_64+0xd2/0x200
[  123.319344][T10217]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  123.319420][T10217]  ? clear_bhb_loop+0x40/0x90
[  123.319441][T10217]  ? clear_bhb_loop+0x40/0x90
[  123.319517][T10217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.319534][T10217] RIP: 0033:0x7f94c0f8e929
[  123.319547][T10217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.319640][T10217] RSP: 002b:00007f94bf5f6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  123.319656][T10217] RAX: ffffffffffffffda RBX: 000000000000050b RCX: 00007f94c0f8e929
[  123.319669][T10217] RDX: 00007f94bf5f6ef0 RSI: 0000000000000000 RDI: 00007f94c10114cc
[  123.319681][T10217] RBP: 00002000000000c0 R08: 00007f94bf5f6bb7 R09: 00007f94bf5f6e40
[  123.319692][T10217] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080
[  123.319702][T10217] R13: 00007f94bf5f6ef0 R14: 00007f94bf5f6eb0 R15: 0000200000000000
[  123.319717][T10217]  </TASK>
[  123.322433][T10218] 9pnet_fd: Insufficient options for proto=fd
[  123.382200][T10223] netlink: 26 bytes leftover after parsing attributes in process `syz.1.2721'.
[  123.487928][T10214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2717'.
[  123.536303][T10226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2722'.
[  123.545423][T10226] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2722'.
[  123.555590][T10226] netlink: 'syz.0.2722': attribute type 6 has an invalid length.
[  123.618287][T10236] netlink: 'syz.2.2727': attribute type 6 has an invalid length.
[  123.722952][T10262] 9pnet_fd: Insufficient options for proto=fd
[  123.776991][T10273] loop4: detected capacity change from 0 to 2048
[  123.791317][T10273] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.804547][T10279] 9pnet: Unknown protocol version 9p20\++}
[  123.814358][T10266] netlink: 'syz.3.2738': attribute type 1 has an invalid length.
[  123.833360][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.991090][T10320] ==================================================================
[  123.999199][T10320] BUG: KCSAN: data-race in call_rcu / mas_state_walk
[  124.005877][T10320] 
[  124.008189][T10320] write to 0xffff88810455da08 of 8 bytes by task 10318 on cpu 1:
[  124.015887][T10320]  call_rcu+0x51/0x3f0
[  124.019952][T10320]  mas_wmb_replace+0xc6a/0x14a0
[  124.024788][T10320]  mas_wr_store_entry+0x1773/0x2b50
[  124.030066][T10320]  mas_store_prealloc+0x74d/0x9e0
[  124.035085][T10320]  vma_iter_store_new+0x1c5/0x200
[  124.040097][T10320]  vma_complete+0x125/0x580
[  124.044584][T10320]  __split_vma+0x5d9/0x650
[  124.048990][T10320]  vma_modify+0x3f2/0xc80
[  124.053305][T10320]  vma_modify_flags+0x101/0x130
[  124.058140][T10320]  mprotect_fixup+0x2cc/0x570
[  124.062803][T10320]  do_mprotect_pkey+0x6d6/0x980
[  124.067644][T10320]  __x64_sys_mprotect+0x48/0x60
[  124.072480][T10320]  x64_sys_call+0x2794/0x2fb0
[  124.077144][T10320]  do_syscall_64+0xd2/0x200
[  124.081634][T10320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.087512][T10320] 
[  124.089818][T10320] read to 0xffff88810455da08 of 8 bytes by task 10320 on cpu 0:
[  124.097431][T10320]  mas_state_walk+0x3e9/0x650
[  124.102099][T10320]  mas_walk+0x30/0x120
[  124.106160][T10320]  lock_vma_under_rcu+0xa2/0x2f0
[  124.111096][T10320]  do_user_addr_fault+0x233/0x1090
[  124.116206][T10320]  exc_page_fault+0x62/0xa0
[  124.120724][T10320]  asm_exc_page_fault+0x26/0x30
[  124.125567][T10320] 
[  124.127876][T10320] value changed: 0x000055558f952fff -> 0xffff88810455d908
[  124.134963][T10320] 
[  124.137268][T10320] Reported by Kernel Concurrency Sanitizer on:
[  124.143402][T10320] CPU: 0 UID: 0 PID: 10320 Comm: syz.3.2752 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  124.155888][T10320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  124.165932][T10320] ==================================================================