last executing test programs:

3.854686542s ago: executing program 2 (id=1021):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, 0x0, 0x0)
connect$inet(r1, 0x0, 0x0)
sendmmsg(r1, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
io_uring_setup(0x4663, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, 0x0, 0x0)
listen(r5, 0x802)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000140)={'ip6_vti0\x00', <r6=>0x0, 0x4, 0xc2, 0x40, 0xb, 0x1e, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, 0x80, 0x7, 0x2, 0x24000}})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
pwrite64(r7, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0400000004000000040000000500000000800000", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="05000000040000000300"/20, @ANYRES32, @ANYBLOB="77c48e74a9d228f005491dc81eb0d7ca8e9730f9ff09b8cb00005e6229dfa8fa6d4480e1145c568df8a680951d7d971e4cc43093c7ee72f3f4b691d305df806b6426dfa8fabb0ca61ebe4e9ef9c105c1ac926e0ba342fe5602000000b3f1efb057cd71ebba9a830a8f85e212a3144bd206e10d98a24d356635be3dd1b11d8e0557d06157532ae6c44d6116a47274db2af188f5fb459a48509c0c289c5f75f6835fa66a2cf3795c858cca20"], 0x50)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x1, &(0x7f00000001c0)={[{@jqfmt_vfsv0}, {}, {@mb_optimize_scan}, {@bsdgroups}, {@orlov}, {@grpjquota, 0x2e}, {@jqfmt_vfsv0}, {@debug}, {@nomblk_io_submit}, {@orlov}], [], 0x2c}, 0x0, 0x4c0, &(0x7f0000000600)="$eJzs3M1vG0UbAPBnN3H63aR9+74v/YAaCqKikDRpgR44FARSL0hIcCjHkIaqNG1REyRaVTQgVI6IvwA4IiFx4sIJJISAEx9XuCOkCvXSwgEFrb2bbBLHdRwnafHvJ9mZ2Z3NzLO74x3v2A6ga1WzpyRia0T8EhH99ez8AtX6n1s3roz9eePKWBIzMy/+kdTK3bxxZawoWmy3Ja1nfrockb6bxN4G9U5eunx2dGJi/GKeH5o69/rQ5KXLj505N3p6/PT4+ZFjx44eGX7yiZHHOxJnFtfNPW9d2Lf7xMsfPD82E69892nW3q35+nIcdQMrrrMa1ZjJzS3tqz0/tOL/fmfZVkonvevYEJalJyKyw1Wp9f/+6Im5g9cfz70zm/l6nRoIrJrs2rRj0dKe/G86e/0C/o0SfRy6VHHFz97/Fo+1HH+st+tPZ8/jtfhv5Y/6mt6o3cYYqL9j71li++MrrH9rRJyc/uvD7BEN70MAAHTWl9n459FG4780/lcqtz2fQxmIiEMRsTMi/hMRuyLivxG1sv+PiHuWWX91QX7x+OfHTW0F1qJs/PdUPrc1f/yX5iWS2dy2WvyV5NUzE+OH831yMCobsvxwkzq+evbn95daVy2N/7JHVn8xFszb8XvvhvnbnBqdGl1ByPNcfztiT2+j+JPZmYBsD+yOiD1t/P9sn5155JN9WXr7lsXrbx9/Ex2YZ5r5OOLh+vGfjgXxF5J6TUvNTw5tjInxw0PFWbHY9z9ce6Gcr5TS8+Lf2FpMG9sNtoHs+G9ueP7n8RfdoJivnVx+Hdd+fW/J9zSLj38SJ6fLJfLzv/QqkJ3/fclLtXRfvuzN0ampi8MRffmCectH5rYt8kX5LP6DBxr3/50Rf3+Ub7c3IrKT+N6IuC8i9udtvz8iHoiIA03i//aZB19rvofaPP87IIv/VLPjHzGQlOfr20j0nP3mi6Xqb+3172gtdTBf0srrX6sNXMm+AwAAgLtFWpuDTtLBqNTTpZtTu2JzOnFhcupQNd44f6o+Vz0QlbS409Vfuh86nN8bLvIjC/JHImJH7ZNGm2r5wbELE9vWM3Agtsz2/+K1IE0HB+vrfit/6KWTN52BO8ey5tHK3w787PPONwZYU76vCd1L/4fupf9D99L/oXs16v9XI26tQ1OANeb6D92rxf7ft9rtANae6z90L/0futLir8QXP7TQzjf95xI7T6xo81VPzPQvWNL6TwY0S0wvf6ueVYo0yj/asWQiiYj2qoi0eZm+Fmpft0R62zLH29wty0jszxMbIqLVra4226uViOjo+QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3+ycAAP//rynbqw==")

2.758545059s ago: executing program 2 (id=1033):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x286ca06bbee933dc, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000000300), 0x80)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setscheduler(r2, 0x2, &(0x7f0000000380)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCFLSH(r5, 0x5608, 0x0)

1.860084612s ago: executing program 2 (id=1046):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='kfree\x00', r1, 0x0, 0x4}, 0x18)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
io_uring_setup(0x5a38, &(0x7f0000000240)={0x0, 0x8fa1, 0x20, 0x0, 0x183})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xe)
ioctl$TCSETSF2(r3, 0x402c542d, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x89e5, &(0x7f0000000040)={'gre0\x00', @link_local})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_open_dev$mouse(&(0x7f0000000180), 0x8, 0x2)
setsockopt$packet_int(r5, 0x107, 0xb, &(0x7f00000002c0)=0xd42, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x0)

1.640262786s ago: executing program 1 (id=1049):
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x10500, 0x800000, 0x0, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32=r1], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

1.603111236s ago: executing program 1 (id=1052):
sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000380)="1b56528f1463b431e7c45cb69f6d641fdf7f7f88287c2338", 0x18}], 0x2, &(0x7f0000000500)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_retopts={{0x40, 0x0, 0x7, {[@rr={0x7, 0x1f, 0x71, [@remote, @rand_addr=0x64010100, @multicast1, @multicast1, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote]}, @lsrr={0x83, 0xb, 0x20, [@empty, @multicast1]}, @ra={0x94, 0x4}]}}}, @ip_retopts={{0x10}}, @ip_ttl={{0x14, 0x0, 0x2, 0xfffc0000}}], 0x80}, 0x88000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000340)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x2, {0x1, 0x0, 0x3}, 0xfd}, 0x18)
sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}], 0x206c, 0x0)

1.269293631s ago: executing program 3 (id=1058):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86"], 0x0)

1.269012981s ago: executing program 3 (id=1059):
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0800000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080000000000000057e8fcb900000000000000000000000000000043dd3ad3676a1dfb8a590def342991bccd41ef80e2b2411f0a4ab058319738fd303cd4fd5e1eed2f1c79a70faf7b8a003ef6b032e48d9c016f1440e81f91da744b8eee81effdd3"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000002000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)

1.007197995s ago: executing program 2 (id=1063):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0xc2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f00000000c0), 0x0, 0x4f7, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBre9LAekBVagDRIHo/GPbHZjJ2HXsVX785FGM2/eeL7vrTXveb9J/AIYW1cj4iAirkTEexEx1z6ftLd4q7Vl1z24f3v16P7t1SQajXf/kTTrs3Nx4jWZZ9v3nI6I738n4kfJ6bi1vf3NlXK5tNMuF+qV7UJtb//GRmVlvbRe2ioWlxaXFt64+Xqxb319ufKbe9/eePsHH//uS3f/dPDNn2TNmm3XnexHP7W6njuOk5mMiLcvI9gQTLT7c2XYDeGJpBHxmYh4pfn8z8VE8928mC6PNQDwKdBozEVj7mQZABh1aTMHlqT5di5gNtI0n2/l8F6MmbRcrdWv36rubq21cmXzkUtvbZRLC+1c4Xzkkqy8+GF2/LBcjEfLNyPihYj46dQzzXJ+9eJ5BgCgv559bP7/91Rr/gcARtz0eRcsD6YdAMDgnDv/AwAjx/wPAOPH/A8A48f8DwDjx/wPAOPmTmf+nxh2SwCAgfjeO+9kW+Oo/f3Xa+/v7W5W37+xVqpt5iu7q/nV6s52fr1aXS+X8qvVynn3K1er24uvxe4HhXqpVi/U9vaXK9Xdrfpy83u9l0u5gfQKADjLCy9/8pckIg7efKa5xYm1HMzVMNrSYTcAGBo5fxhfvoUbxpf/4wPnreXZ81eEP3qCYI0Pn+BFQL9d+7z8P4wr+X8YX/L/ML7k/2F8NRpJrzX/0+NLAICRIscPDPTn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiZpvb/IlymubzEc9FxHzkklsb5dJCRDwfEX+eyk1l5cWhthgAeHrp35L2+l/X5l6dfbz2SvKfqeY+In7883d/9sFKvb6zmJ3/5/H5+kft88VhtB8AOE9nnu7M4x0P7t9e7WyDbM+9b7UWF83iHrW3Vs1kTGa7P05HLiJm/pW0ym3Z55WJPsQ/OIyIz3Xrf9LMjcy3Vz59PH4W+7mBxk8fiZ8261r77N/is6fuPNUz5nlrvcK4+CQbf97q9vylcbW5n+66+PF0c4R6ep3x7+jU+Nd53qebY0238e/qRWO89vvv9qw7jPjCZLf4yXH8pEf8Vy8Y/84Xv/xKr7rGLyOuRff4J2MV6pXtQm1v/8ZGZWW9tF7aKhaXFpcW3rj5erHQzFEXOpnq0/7+5vXne/b/1xEzPeJPn9P/r53Z68bxAPyr/773w6/0in8Y8Y2vdn//XzwjfjYnfv3M+A+tzPy25/LdWfy1Vv8P/9/3//oF49/96/7aBS8FAAagtre/uVIul3b6epCLPt/wxEFySW12MOIH2efxp73PS+2UWddr/vCLj1/KKofe074cDHlgAi7dw4d+2C0BAAAAAAAAAAAAAAB6ufQ/J0qH3UMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG2f8CAAD//zwQyy8=")
pwritev2(r1, &(0x7f0000000d40)=[{&(0x7f0000000200)="15d0a1974350a7b0a604da4eff241442c991b9075c516b82dcf2c294db3ca23e040b30fbf7446d636e83bfa6d6a82f640830b04fe61ce6668fc3cdf1c2e85cf4ab4a7f68bd6cb21ae39365306f9fc6e57fd4309dc843861f4feec3d384116cc667a7b7ee5a3d17537cd763df002d736385b1d8b7d18bba5a0080f29c0605e0ff085ec558d7481d0fad6e08f3858889f11114e11ff492fb9b4eb896c5b6ac1bb2fc5f84bebc1371106ffe48010041acf0bd58ccbbe69faa7e955ddcb9e42a2dc9a503d25026720359593b1820e0feb8256b764651f365794ef6e030784e30dcd9da58c2c3cef1d2859f0d67581b016c3ad97ba317e285988f", 0xf8}, {&(0x7f00000003c0)="5cf95237b1e1cfc557c78bf0aa1a67c41ff3232a8153144a0b6e176b37fc15a5ebc625130528c465e3cebd0dc28d6d9c8e42ca349d4939c825c11ff3bbe3c95280fcc8d2eb3a7e390346f9f2cda267cb48ced02d41f47897b337f1739e0ec140383fbdc68a67d5a9e10f9e806c0a531d62d574be9e271a166ed87873c6669f0aca7e9a29d245253756690046633676ce24ac5fbab18badde7c7be3", 0x9b}, {&(0x7f00000026c0)="c13463d8e98893c5bc07c482760e38babf98d17f61ef725955d9eb2cf842fde7eb2828632d2a3a5042f190fdcd55f11f0ea2be9cefda368f71992596401064135a2bcd6adfbf399d42cac541cb8fca33eebf0353f482b7fd8b9c2c379eb402695312a53e7e7e9003f4eaf3380741c6426817fbfb6feee7078d35eb98d1a6428fb83c275dc8a6b9facb90064691a8ad15ec6f50ed751a04ade40f8f794fb0bc1a2de3da73670cc5a4274bd4bcea277ecaac757a007f9b8d515374aae58e2f13e74f8bf9d319c943119610da03dfa219a3e8103f5d53ff901c21dd05337a205d5ecce7f99e78b2c3a958150db346dbe24a2546e173aefe3203f5741e735067d5270368910d095466fc0b169be92dfd737380f2a3039fce0868f55ad00808965e267e931ce3eb28561a10443328434cbed44aca2855d691afeb28fac21bb828557212aaa9c47defe29455c9706eb34fbed31c4eb156f4d0d04d7e62bf573c66dd82cab476b06ea67e1782495840a8ae2401b25512e7ea6e3be9d0b0d193e285d7231e21fc26293894ead9dd5c5d9c2b007ea8d81d2615ed112f401d846cc0e09f8e4665bd81ca4ff45c6fa8de804cd450ca8286fedbdfa1e640483e2e5a557abed865086fcd38317d5d16ab3c35d538497aab6e7e1cfd9b1c585ca17ef26f169e2f48d4d665715828548104abc2403daecbfa5b29c3d316fbfd727dd72da602beac9da542aa469a39b13df8ba18661d093df24c36623a4a48de93be4d8d5dcc0b35b3b93160c92935dd12d7696e8874a0b144e06890a28a5071317f1dac9c0ab25edf1549c27fa9d6d4237f63c3611c5ecc403657087f2f7a9073d24553fe936a80077f269adf87958d5542e4356675219c1a9c33d79fe1ffd3f16d755082a6961029dab8401124bf7eda60ad9fe8d3a5e6c5ddbdeb005fc80584fe739c6d013f5aa97642fce54f8a54f9055e4ffb8a148d4e4ab8b203824d7ff89cdf7c354f3ea4dc27c47c5a70a5db2b3c77359b1bbc26f06104debc1f380b9302440edc18c801b7d3cc46c3b695e8e862e8109a1d2c8a9e99c14c7f75060d64117dfa73fd58dbaed5ce91d098ba2249463ac15425cc6b2218a6c245d3eb8c25e7de48477a0459c9eb1f502b7e5cdeef6dc22d30776ff445f31684605a4556ba170ae48fe5d26c983e7fe1436534a8873f3363887f54d8a4c088f8c1b1adcb4941f3b32a37436134d244605ce52b85a60ebb72517107eb72aa83c568e7f08be8254aeccbc49ca02f377f1e00f6fc10172596b99d417be1da51308fd2c010e8789d7c66c73e45b7916ea23adae3f31dcff56c27ec2cd45ba95bcc36cdb69d09b6b95d9bb6d90dde41c4fa26598199cfc951dc872b5950f0f9ef0eafeb9559768bfccf59bb733eda48ec872d16510a11e8ef5fe139dc9670dad5fae234d5e5d6066dcfa8f039ab73ef5c1a8b9b73d275b54392cacfc4c7da61acb1ae33b7d9036177a0903b13fe317491e6def3c2310238621db38090f5b0c848081deb48d7b8806e603244cea6b8c91b5887dd89aec75b65da4b223db0cdc8c20252f73f63a6265e6cda65462bf27de76ace92fa62eac403595ad1347536ad6b347eaba5c4be44f49c193e5ca6baa4a30b4def9ec503635294d3616c76e08198c721a950682d9034d132c34fa05af62414af39a8953368db60de82250a86eee876216a547366ef14496bba56acdbdbd0f5acbe6344f24b9beec310d875287a749c9a0858558b3c3fa15e2ec2697acab23020d4ab1334d6399bb72d605903b806d8888cde568e105c8ccde2793740e61cd2df32bf29dfdb65bdcb3304c7f9bea80e1e0de8f3cb1195c0c7190d68a30225290b1fd993043fd8ad3cabf73aee92796fa2fe2ccdc4047c70f9cc4892ad84948eccd38031c01a697efb4f705944528a67d7fde39613d9d9604e487a185ea39654d3ebb262acec611fc1ff31b24d0a24a9b0a27d8688d1a24ca0d4d68d3e21cdbb60fd0784b42c0621cc90ad51ebaebb286ca735f5801b6e3624b833d80f1f007a0b87ddf9ef6cc3985ab11827441b7e1dd561e674df755c8f8b16c5873f593249d30795da1a75ab879adcc1411f865e965d93afef2c189687ba88ad79a55ff9939c9104696cb0d3f83e9fa9a344ccfb4102e1e4948cd1539f62f67318ea715a40b26b80fc26847d8378f9b7d4e19bb3539f95cfc9e098390073a440e308beb9ce679fa7b7bc1ced1dec216afd629311d415a1784f1f000e3269afe9d282db1aa686f3083db6b3645daad662b96d827e77c3a1b956372dea116f34fae448a16d16024bcf594c566ba32f120f557a0b5445888ac4b5c4248df15bd4fd6327def0039c73d380beeaef56cd31ca8755862aeaa7a8d4bf04228d38659a36661a07074206f556fd50e6f5b959616801a0d12152714aea83204ed89dfda0dc0aa52c854dafcfc4d139e2ceb660bf8cfb35aa8db1f478cc541e0f12c4c5f7837ce6c392ab85fb59b2527eac69e826ff8dfa3e271b3cedf931f9a18205bb8e3f039969e0ab7aaa7617fc683132228800fa06d2e87cab07dfe7ec3bcde83ecea693b0b1905f1202dac2147b87fd114c1a685d7d5b54d7c0f432f4fbbe4c4bae8be5c814c331a8c0b5ac26599cc65fc909ed8a88b3a233654a974e133f3140230da29f8a545ea983cb99329ceab54474fcf4a2f0b08b24ea3e9a6ae11632bd3d7ab3589f355f65611ec8f49cd1c99c530eecf6a04d9301c94198853b5be82216c4770bea15f7be28d994da6da18888d6f47bb8a56edf3fe98b69d62a464301d47ac7a43726f43d24ad9770816d999d2f532a15cad536ef2d564ca2dc2f6f8b364dcb1d0266edaefbfc80812530de5473486f2ba1ebfe53bbf1d9cdc0b5d0221cff0eadfab832a21ae6e99dbd39dcb7d4b6841e1886b50c611f558d59f7bd48e7104053381cbc8340e2f95c97c268c50010c6190f47eef3c1f106dbab034186bec5bfc75710f8e5db2a61e3c7f3fdecf451d0b1c356c5128d54417e7af9ffbcd3e1f35fe5c9650eb361711bcb96b72bf7f8ef3e53ddf4f4794cac326c9d5e59855704b35bbf182acca2fab658fe0354273adc4669744a00ddb13dc803cf3a79862591c71046d4870a06f84ce99905be85cf31f98a61d998787e11c2c47f10bd82bb3c1c25bc712a0e42d7c041ce76551129f4d3f97dae7f01d971bbfd73c96d9b937a0806cd72a9c3ad15379133fda155bda35148ed0e9683bb01a20e5e96798bd9627632e3f2f3a9b841bfc37a0e328b1ea0e0ce4d2a7d8c9d0737765b377d93de5cb0a4663685d03258385b10587cd5e345ebe0e910354f9500086e5b885f487df789abbbcdea4c7444848815ec68854cc0feef724de5df0c240366cdaf8b2cf8eb3a926ed07089a451a9afac1b87bdcde8c64862746ded9b4dade9b3d586d28ba8a0ceb2eff7ce3b6127b969afab73edb5810fb096d91fff97f574a549b1df0c03f1099b1d0ab68ad79765c92f048373b0197ab37a39d1a1550b8b1ad928cc286fbb4ee90b5c6411b1adac7ac484b9775e2dccb0e15c68a9adb9d7748bb3d0c481940858e20f9ecace0e8dc7101c7c87891a5699cf3bea5b3250927a561466ccc98d673fab366f18956f4397e66d6d069108e51123db7f128f6c06077ce2ad52c2d706c38b4f2a230d89a50ff967d1bdf32686db5663db1dd53568cb9b8ecaa0014851ce980c32d01626394db0fba7b8a89875a90e88db2641053a5937096793f9bbb7221567ccc8aae13c43848342b11703c0487b328fdf32aaa16cf50398fd2020e204e5b54fe7f7e5705179d59798a4b8e8bda5b1e9d4170d2bfbef6e7033b50c920795720381e35ee971913d02b0bec647cfaeaa5ff7095190648602e676d396e2e0c22e9a43bc20a14346d120bb66c29942dd84a910441d4b0bd349dcbd2bb9ede4dbadfe635f06b7dac8b2eead0aeb085259c0c1dc93d2ddc84197410d4f9a612a20d942e2a71ce99839dbe497c654ef41d824b480da5aee54546928aa22b7c4563c321e57d3d03a7c5c8d0ca226bb55b4428d299cdf0bfc6e7d94fa4bc6f9f3f8841911f0546768666df14c6df24a365f641bc833722585d0c73bd40a2fdb7c679db7411de6057f488bc2270773c808e29fa105d3ff213d74c117619e61bc6af7cd4b64e8188dbbf9e9cae7dde8010af339354a50f06641f8b0c2538e225073b5a7f2252d599f22176475ba3131a57fdfed757e2784492b98fdbd35eeea5135183f374fb1a1b8feabeb43d0ce3d1bf8574eafc9e8f0a6d477ca185cc95c3575893aacc00a38fd87fab64737913f3a6984bdfaad9559d4ab018ba8bff19e1486265d0f4b9873f89c0cccc40bf227c94edb63f27a97ed3337c3c006045353153efa9e3c36662e86d4b3d90ee186d8ef67a5b3a5dbcb10ab45c5302d518d362e1437c4e157f7aa6cd30d8afa1c84661c93c3336f754440e7e1be7ad3be16fb5989e295d3335da3b6bc6b3d3441661215eda0431ccad089ec0cfc2b3915eadf798b9431cac5135da53136db92d555c4e897c05aa869391e81595688b36ae8263ad0a2ff6c06607729b4f1f3587afc2797f9823e8218673393f85920cb08b4ece9c79447ba3d2909c18daf1c3f6e4df2ab99b04acf17815c4225f3af8341f0ef2020de0c9e96c0cd60f74d4d62b1018244f31a3a2381d71863f97769267aed9ed141fff6c17b90f442463c3f8e597db7e5e334d0bc0754ea035c220fb33bde8809aa1009fe3537b88f777d95e1c16a16ec571b7e474c7a847a91a8fdb5cc0c40c5d44253b1083bd2c8850e781eda5c793f816ef885bdebca883415a4cc076b1fc747b39c76521d602a7f1b9a5e6a846bea9b61064a540db8910b11d565df641dd76c2ad261739ea1c369698937db3ba6352ece225a67a51e5913aecbd6de9c4fb8e01bda6b99bea086e7c648d4215c325c9a34bec79f7985fcf97b2dc863aad7a3ff973a7fa0fe6db3dc841c47d37c7cf4cb66364c8e3d4a47354ec77eddd0095ca267fcaeb7300f173b0fbd96612af2f913591456ee87270e58a80fa0f1d351f6f99a0d6051db763a7a5dec2357ac921eb12f7475e900da20db43fa747c43ceedfe226c1f6ea80de8af4866df8178f98161f8bfd2e625dd8d074296f2ab1da08b7592c83f5284770b7547ef35470b47aa4a923d0047610f7dc911b7370f7970ff65de7e431e30e3669401d9afbf2f346da3aaa6160e405197ee40219eb2bd99a9e5399e3cb183948d45e41fb7ecb753857c1fcfae2d8449e7899996dbc5126abb6df2af7a521111f2669da9e75b44b9e37b148b4fb0daa58245619a06eb1cb6bc3e3008f225422f426837af6f2f75bfc54342b3055029eb79af07bd3132b3f60889fd31fc5febe27b7d11e19dd3a2b8a01cfc0f65e8d5b1686dc3c3287e8864c29c13c61ab666b0db004c008a9c186b4b78381d26c8846f6f949b29f5d8449559b3f9e9b29ef3c167cff78368c26eee689d48f184a0caea33dc5ecca7d07199195f6d965693b385d5db54a448f32d6293a6b0b549166ae77183de6e6922e6dd88aa4053b9903ba355ba08a010b5c75f5434359b869809333f89a4b4158e4738df7daca8db4ec6d0c8158422e209c8aaf1c56481eab635fd2635429aebc32c7d28c8cfd0d7eaff4ccff501b771383e51eb2965786c651c9946070b6ab1527a0c0097178bde6d1005259ddfbf048b5607511e457a5d00ded43b533e9d8fd34c4d2bef16a427a3f2ed54e2383f996dd8e824d6ab5898a17e44f62a49e7bf3a235b99", 0x1000}, {&(0x7f0000000300)="a923885c982fb598e485b1e5fef65bdb66933c62aa562d15633474bb6be2b3b8bd2535374bf3b0e3fd71553861c0ea4577f0e93af6b697756039cbcb91cf9af7a9b4afe126429af42ed2c26aad7373c385ddbbc2de7debf5961c45235c2eb41006248ca562ce6f01", 0x68}, {&(0x7f0000000ac0)="058fb81fb53cb96a5b7e99b47d1d5484b45d76a055092ea5f1e387ef83368e87c89ad73d7f8f002b53d70bab77ce00aa5420838da3d46f2e41726e2577e2f70bd7c7ba06d01839fa7d16e0ad39c7eaa93db6caa8a9979d48832e47e1bb29e087e7afab3d2e991ebea7f366be7e71c22400ed8bbc812ce0946b1a1f73f5894627d2ca4bbec4d2acedd976ee791404abd79355178625aaaab371ab94d4304203f306d6ae47461883c90ba1f9c9bc84013b6d242fff4d", 0xb5}, {&(0x7f0000000b80)="7ecbe2069c44d9f43affae96b808e710aee653b1e215b0675dc25ff2e6a562d365b80797354903f26be78edfffdf7f65184fea06c273b6368507c03a8d7aeb8e96c22b7d7592ae88919c944bdad98b93fc39fdf865da0aac0eb888a1d1542f7ad22b761c1d3f8c42ec52a56825f5d419d8cd41539754a727a128076d94124286002e2cb0f46afb633dfbd039d7b93e579fc450dd8f9ac8d59481080dbf6053dd50371e80bdee8f49fd72ec662e41a0d1870cd2fcf649711966655b54187c5fef87bc78", 0xc3}, {&(0x7f0000000c80)="3a6d16c5510ca63861ddbba15cba5eb9b6c44f9b9a1c96afd2f8bccf77a6ea4c42fdc2bdbb90f38ac744f978b7fe8583bd0ff39dee3926b32988efa981b8ce47da098d8b69a95c4ddf7dfed2097f95709126202a1552be5cfad465911f924a4fed998c346db78b8824a7ca8f01ef566f6c5e8b27def7882368dcfd480582eb47249c357c629ca0", 0x87}], 0x7, 0x4, 0x8, 0x12)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffff7}, 0x94)
r2 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
preadv2(r2, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000019c0)={'ip6gre0\x00', &(0x7f0000002640)={'syztnl0\x00', 0x0, 0x29, 0x5, 0x3e, 0x5, 0x5121e59afcdff86d, @empty, @mcast2, 0x7800, 0x96602ec4e0b44a1e}})
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
gettid()
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r5, 0x545c, 0x3000000)

780.099178ms ago: executing program 4 (id=1070):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000380), 0x8000000000000, 0x200000)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f0000000440)={0xf9dc, 0x1c, [{0xf, 0x1}, {0x8}, {0x4}, {0x6}, {0xa}, {0x5}, {0x9}, {0x6}, {0xe}, {0xb, 0x1}, {0x3}, {0x5, 0x1}, {0x5, 0x1}, {0x1}, {0xe, 0x1}, {0x2}, {0x2}, {0x0, 0x1}, {0xe, 0x1}, {0xc}, {0xa}, {0x9}, {0x4}, {0x2, 0x1}, {0x8, 0x1}, {0x6}, {0x0, 0x1}, {0x3, 0x1}]})
syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300), 0x1042, 0x0)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r4, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0xc800)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x2000000000000130, &(0x7f00000009c0)=ANY=[@ANYRES32=r6], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0xff, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
fsopen(&(0x7f00000004c0)='adfs\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x18)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)

679.7378ms ago: executing program 0 (id=1072):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc000900b80006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97", 0xbd}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

676.0293ms ago: executing program 4 (id=1073):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000050000001812"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00'}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10)
r7 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x9}, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f00000001c0)='cpu<20\t&|')
bind$qrtr(r4, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020071797a32000000000800410073697700140033006c6f00000000000000000000000000000c86995b550a047b38a9e4568fdfac2398efd05456378117623df080a154ad2b85a9fc0462f4db356ae1f268df978851807d6ab5d7005cb2c0e1e409571a7e09435083cb63b05bb09fdc5daed63604888e5481dcdf6b3164a895d5732cecc46e961b7af311e517a885cf528022495382f9e072540d086d7edb60bba8e7"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x130)

661.33232ms ago: executing program 0 (id=1074):
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x10500, 0x800000, 0x0, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000", @ANYRES32=r1], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

630.841871ms ago: executing program 4 (id=1075):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x401, 0x0)
ioctl$TCSBRKP(r0, 0x5425, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TCSETSW2(r1, 0x5432, &(0x7f0000000040)={0x300, 0x0, 0x0, 0xfffffffe, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x2})
ioctl$TIOCGPGRP(r1, 0x5437, 0x0)

586.518851ms ago: executing program 0 (id=1076):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

586.034801ms ago: executing program 1 (id=1077):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') (fail_nth: 3)

531.708212ms ago: executing program 0 (id=1078):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x18) (async)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x89a3, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000400)={'tunl0\x00', &(0x7f0000000580)={'gre0\x00', 0x0, 0x20, 0x40, 0x3, 0x10000, {{0x2e, 0x4, 0x0, 0x15, 0xb8, 0x66, 0x0, 0x2, 0x2f, 0x0, @rand_addr=0x64010101, @multicast1, {[@timestamp_prespec={0x44, 0x3c, 0x3c, 0x3, 0x0, [{@multicast1, 0xfef3}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x4}, {@empty, 0x10001}, {@multicast1, 0x3}, {@loopback, 0x5}, {@private=0xa010100, 0x66}, {@empty, 0x4}]}, @ssrr={0x89, 0x13, 0x39, [@multicast1, @multicast2, @empty, @private=0xa010100]}, @timestamp_addr={0x44, 0x1c, 0x8b, 0x1, 0x6, [{@rand_addr=0x64010102, 0xf}, {@local, 0x80000000}, {@multicast1, 0x1}]}, @cipso={0x86, 0x37, 0xffffffffffffffff, [{0x2, 0x5, '\a[z'}, {0x6, 0x9, "afde6e2c218365"}, {0x5, 0x3, 'i'}, {0x6, 0xf, "d0764eb5c98ad8973565f28816"}, {0x2, 0x11, "07ecca7ff31f4256406e7b3b6269f4"}]}]}}}}}) (async)
r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000540)=@generic={&(0x7f0000000500)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESDEC=r0], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3e0000a7", @ANYRES16=r5, @ANYBLOB="01000000000000000000010000000500050001000000080004000000000005000600000000000800030001000000"], 0x34}}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x66)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xdbd76c996685eb82, 0x41071, 0xffffffffffffffff, 0x0) (async)
r7 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r7, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async)
listen(r7, 0x8) (async)
r8 = accept4(r7, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r8, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x9, 0x10, 0xffffffffffff3bc4, 0xdf}, &(0x7f00000000c0)=0x18) (async)
r9 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r9, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f00005ed000/0x4000)=nil, 0x0, 0x0, 0x0, 0xbff, 0x0, 0x0, 0x0, 0x20}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10) (async)
r10 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r10)
r11 = inotify_init1(0x0)
inotify_add_watch(r11, &(0x7f0000000440)='.\x00', 0x12000021)

531.432052ms ago: executing program 0 (id=1079):
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="000202"], 0x18)

531.103842ms ago: executing program 0 (id=1080):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[], 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='objagg_obj_create\x00', r0}, 0x18)
socket$netlink(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xf)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="efdcd0ae67a4c25b807cceee3a5cb84cae2764135d03b64fa0d198ed560d1e77a62e56d415e2c3cc8440bddc816bbd9d25512a3dbb9be0b17a294c8eb6d566f5956975e955e29872ac694ce09f703e5701a0a0552371fe4b1f4dbfd958b8605f13d0ceecda6ecab709e64d9f7c4a68b7898e281634837bbf38c0b346b56a3190fc0b93d5f32f91779dfa6635275cea60ab8d46e0", @ANYRESHEX=r1, @ANYRESHEX=0x0, @ANYRESDEC=r1], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x14, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000010000b70800000000e7057b8af87c1aa1b1ff00000000bfa200000000000007020000f8ffffffb703000008000000b704510000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x0, 0x80000000000}, 0x18)
mknod$loop(&(0x7f0000000340)='./file1\x00', 0x6000, 0x1)
r3 = gettid()
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
bpf$PROG_LOAD(0x5, &(0x7f0000003380)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000006cfa0000181200", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

364.366395ms ago: executing program 1 (id=1081):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3014850, &(0x7f0000000000)={[{@nobh}, {@debug}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@usrquota}, {@user_xattr}]}, 0x3, 0x4e1, &(0x7f0000000a00)="$eJzs3U1rW9kZAOD3ynbsJE7ttF2kgaahTXFCG8mOm8R0kbpQ2lWgabp3XVs2xrJlLDmJTSgO/QGF0i/aVVfdFLouhZKfMAwEZvbDMMwQZpLMYhYzo0HS1STjyLKNLSuxngeOde7n+x6Le6Sje7k3gK51PiImI6InIi5FxFA6P5OW2KyX6npPn9yfqZYkKpXbHyaRpPMa+0rS15PpZgMR8atfRPw2eTluaX1jcbpQyK+m07ny0kqutL5xeWFpej4/n1+eHB+7NnF94urE6IG19cbP3vvLH/718xv//+Hdd6Y+uPi7alqD6bIX27Ebm7tcr970vtr/oqE3Ilb3EuwV1pO2p6/TiQAAsCvV7/hfj4jvRsSzv3c6GwAAAKAdKj8ZjE+TiAoAAABwZGVq18AmmWx6LcBgZDLZbP0a3m/GiUyhWCr/YK64tjxbv1Z2OPoycwuF/Gh6rfBw9CXV6bFa/fn0lS3T4xFxOiL+NHS8Np2dKRZmO/3jBwAAAHSJk1vG/x8P1cf/AAAAwBEz3OkEAAAAgLYz/gcAAICj78F2C5Lew00EAAAAaIdf3rxZLZXG869n76yvLRbvXJ7NlxazS2sz2Zni6kp2vlicr92zb2mn/RWKxZUfxfLavVw5XyrnSusbU0vFteXyVO253lN5z4kGAACAw3f6Ow/fTiJi88fHa6XqWLpsF2P1yfZmB7RTZm+rJ+3KAzh8PZ1OAOgYF/hC93I+HthhYP/nLdN7/NkAAAB4FYx8a1/n/50PhNeYgTx0L+f/oXs5/w/dy/l/6HL9O68ysN2CNw44FwAAoG0GayXJZNNzgYORyWSzEadqjwXsS+YWCvnRiPhaRLw11NdfnR7rdNIAAAAAAAAAAAAAAAAAAAAAAAAA8JqpVJKoAAAAAEdaROb9JH2Q/8jQhcGtvw8cSz4Zqr1GxN1/3P7rvelyeXWsOv+jL+eX/5bOv9KYAwAAAHRSY5zeGMcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEF6+uT+TKMcZtzHP42I4Wbxe2Og9jrw36GIOPEsid4XtksioucA4m8+iIgzzeIn1bRiOM1ia/xMRBzvcPyTBxAfutnDav8zWT3++rYcf5k4X3ttfvz1pmW/Hp/frv/LNPq/Wj/XrP871XrXA43K2Uf/yW0b/0HE2d7m/U8jfrLP/vc3v97Y2G5Z5Z8RI43Pn6T5OtXZufLSSq60vnF5YWl6Pj+fXx4fH7s2cX3i6sRobm6hkE//Nt3+j9/+3+et2n+i6edfvf9t1f4LL++uv1mMzx7de/KNFvEvfq/5+3+mRfzq//776edAdflIo75Zr7/o3L/fPNeq/bPbtH+n9//idjvd4tKt37+7y1UBgENQWt9YnC4U8quvRyWi/q38VclHRWU/lZ62h7iVHuh73ryz/RIAAHDwnn/p73QmAAAAAAAAAAAAAAAAAAAA0L1evvtXsvdbhbWq9H/1zgIDnWsqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBLXwQAAP//fM3J3g==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x81000)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file1\x00')
creat(&(0x7f0000000280)='./file0\x00', 0x80)

363.412525ms ago: executing program 3 (id=1082):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000500000018120000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00'}, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000000)={0x2a, 0x2}, 0xc)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
r8 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x9}, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f00000001c0)='cpu<20\t&|')
bind$qrtr(r5, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x810)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x130)

358.287295ms ago: executing program 4 (id=1083):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r1 = socket(0x400000000010, 0x3, 0x0) (async)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x9200}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xffe0, 0xd}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40090}, 0x20000800) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x10, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7a1}, [@call={0x85, 0x0, 0x0, 0xb9}, @jmp={0x5, 0x1, 0x16, 0x0, 0xb, 0xc}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7c7f}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x3}]}, &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x64, &(0x7f00000004c0)=""/100, 0x41000, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x1, 0xb, 0xffffffff, 0x7fff}, 0x10, 0x0, 0x0, 0x9, &(0x7f00000007c0)=[0xffffffffffffffff], &(0x7f0000000980)=[{0x1, 0x4, 0xf, 0x9}, {0x1, 0x1, 0x10, 0x7}, {0x2, 0x5, 0xb, 0xe}, {0x1, 0x2, 0x6, 0x7}, {0x4, 0x4, 0x5, 0xa}, {0x3, 0x1, 0x3, 0x5}, {0x1, 0x4, 0x3, 0xc}, {0x0, 0x1, 0x4, 0xb}, {0x1, 0x1, 0x1, 0xb}], 0x10, 0x3}, 0x94) (async)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0xe, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400600142603600e1208000b0000000401a8001600a400014009000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) (async)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYRES8=r6, @ANYRESHEX=r4, @ANYRESOCT=r4, @ANYBLOB="5e6a6cafc575786e34eb3e3ce7119c3e265d13891e263ea52cbfbf544ac7a44597309212599aa30be9fb866b6a99f9fbf24301ee9223a95787cbe1640230", @ANYRES8, @ANYRESHEX=r6], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000800)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="040000003b"], 0x20) (async)
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180), 0x2400, 0x0)
r10 = io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0xc3dd, 0x201, 0xffffffff, 0xfffffffd, 0x0, r9})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r10, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20)

266.693266ms ago: executing program 4 (id=1084):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000380), 0x8000000000000, 0x200000)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f0000000440)={0xf9dc, 0x1c, [{0xf, 0x1}, {0x8}, {0x4}, {0x6}, {0xa}, {0x5}, {0x9}, {0x6}, {0xe}, {0xb, 0x1}, {0x3}, {0x5, 0x1}, {0x5, 0x1}, {0x1}, {0xe, 0x1}, {0x2}, {0x2}, {0x0, 0x1}, {0xe, 0x1}, {0xc}, {0xa}, {0x9}, {0x4}, {0x2, 0x1}, {0x8, 0x1}, {0x6}, {0x0, 0x1}, {0x3, 0x1}]})
syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300), 0x1042, 0x0)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r4, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0xc800)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x2000000000000130, &(0x7f00000009c0)=ANY=[@ANYRES32=r6], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0xff, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
fsopen(&(0x7f00000004c0)='adfs\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x18)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)

266.009676ms ago: executing program 3 (id=1085):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc000900b80006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb50000000000", 0xcb}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

230.379027ms ago: executing program 3 (id=1086):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000050000001812"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00'}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10)
r7 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x9}, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f00000001c0)='cpu<20\t&|')
bind$qrtr(r4, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020071797a32000000000800410073697700140033006c6f00000000000000000000000000000c86995b550a047b38a9e4568fdfac2398efd05456378117623df080a154ad2b85a9fc0462f4db356ae1f268df978851807d6ab5d7005cb2c0e1e409571a7e09435083cb63b05bb09fdc5daed63604888e5481dcdf6b3164a895d5732cecc46e961b7af311e517a885cf528022495382f9e072540d086d7edb60bba8e7"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x130)

229.096457ms ago: executing program 1 (id=1087):
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x10500, 0x800000, 0x0, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000", @ANYRES32=r1], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

177.124217ms ago: executing program 4 (id=1088):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
getuid()
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="120000000f0000000800000002"], 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r3, 0x0, r5, 0x0, 0x88000cc, 0x0)
fcntl$setpipe(r4, 0x407, 0x100004)
write$eventfd(r4, &(0x7f0000000240), 0xffffff14)

159.940128ms ago: executing program 3 (id=1089):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = memfd_secret(0x80000)
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f0000000000))
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x401, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6"], 0x0}, 0x94)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f00000004c0)='./file2\x00', 0x4000, &(0x7f0000000500)=ANY=[], 0xfd, 0x1e7, &(0x7f0000000280)="$eJzs3UFr02AYB/Cndbapp11EEIWAF09D/QQVqSAGBKWCnhTUyyoDd6leVr+Fn8ZPo3fZqReNzLTLGie4apJNf79Lnubf9+3zFpL20rfPrrzefrGz++rTpQ+RJJ3oDmMY805sRjeWZnFEEgDAGTfP8/iSF1aT9221BADU7Nef/9FbHL+Wpz5+23ncZHcAQB0ePXl6/3aWjR6maRKxP5uOp+PiWOR372WjG+kPm+Wo/el0fO4wv5lWvzsc5OfjQkR8vpiNbhXj09W8F9evFeMPsjsPskrej416lw4AAAAAAAAAAAAAAAAAAAAAAK25GunSsfv7bG1V88EiLx4d2R+osn/PRlxebuBTbg+U7zWxKAAAAAAAAAAAAAAAAAAAADhjdt++234+mbx8Uxb9iFg9c5JiuJh4zeFNF904FW38eTFYvO9/feZOMe+s7QWepEhPRxuTNa+CXkTU1dg8z/P+8Rf+alHeI/qN35UAAAAAAAAAAAAAAAAAAOD/VP7o9+csaaMhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhB+f//axR7EfEbTz58sUGrSwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAf9j0AAP//JPUxLA==")
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x200000, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000040)={@rand_addr, @remote}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
r3 = accept4$bt_l2cap(r2, 0x0, 0x0, 0x80800)
getsockopt$bt_BT_POWER(r3, 0x112, 0x9, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f0000004200)='t', 0x1)
sendfile(r4, r2, 0x0, 0x3ffff)
sendfile(r4, r2, 0x0, 0x7ffff000)
sendmsg$nl_route(r2, 0x0, 0x48014)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc0189374, 0x0)
r5 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$RNDADDENTROPY(r5, 0x40045201, &(0x7f0000000580)=ANY=[])
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r7=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, 0x0, 0x20, 0x70bd26, 0x25d7dbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xc}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xffffffffffffffc0, 0x5, {0xaaaaaaaaaaaa0202}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24044020}, 0x80)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TCSETSW2(r8, 0x5408, &(0x7f0000000040)={0x300, 0x0, 0x0, 0xfffffffe, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x2})
ioctl$TIOCGPGRP(r8, 0x5437, 0x0)

92.836899ms ago: executing program 2 (id=1090):
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="000202"], 0x18)

49.19875ms ago: executing program 1 (id=1091):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
sendto$inet6(r0, &(0x7f0000000180)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000f80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x40080)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x0, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
close_range(r2, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=1092):
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0800000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080000000000000057e8fcb900000000000000000000000000000043dd3ad3676a1dfb8a590def342991bccd41ef80e2b2411f0a4ab058319738fd303cd4fd5e1eed2f1c79a70faf7b8a003ef6b032e48d9c016f1440e81f91da744b8eee81effdd3"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000002000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)

kernel console output (not intermixed with test programs):

ock 234: padding at end of block bitmap is not set
[   63.987709][ T4932] EXT4-fs (loop0): Remounting filesystem read-only
[   64.071627][ T4941] loop4: detected capacity change from 0 to 1024
[   64.080780][ T4941] ext4: Bad value for 'mb_optimize_scan'
[   64.121882][ T4940] syzkaller1: entered promiscuous mode
[   64.127489][ T4940] syzkaller1: entered allmulticast mode
[   64.204026][ T4949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.469'.
[   64.213372][ T4949] netlink: 'syz.0.469': attribute type 13 has an invalid length.
[   64.233146][ T4949] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   64.356028][ T4956] lo speed is unknown, defaulting to 1000
[   64.735535][ T4972] netlink: 96 bytes leftover after parsing attributes in process `syz.1.474'.
[   64.760930][ T4971] syzkaller1: entered promiscuous mode
[   64.766493][ T4971] syzkaller1: entered allmulticast mode
[   64.815573][ T4976] loop1: detected capacity change from 0 to 512
[   64.831976][ T4976] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.927713][ T4980] lo speed is unknown, defaulting to 1000
[   65.252930][ T4985] program syz.4.479 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   65.278937][ T4987] loop1: detected capacity change from 0 to 1024
[   65.296212][ T4987] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   65.307305][ T4987] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   65.331414][ T4987] JBD2: no valid journal superblock found
[   65.337193][ T4987] EXT4-fs (loop1): Could not load journal inode
[   65.349511][ T4987] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   65.456599][ T5000] netlink: 128 bytes leftover after parsing attributes in process `syz.1.485'.
[   65.495038][ T5002] lo speed is unknown, defaulting to 1000
[   65.635157][ T5006] loop3: detected capacity change from 0 to 512
[   65.642081][ T5006] EXT4-fs: Ignoring removed orlov option
[   65.659401][ T5006] EXT4-fs: Ignoring removed nomblk_io_submit option
[   65.666096][ T5006] EXT4-fs: Ignoring removed orlov option
[   65.673429][ T5006] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846c01c, mo2=0002]
[   65.689197][ T5006] System zones: 1-12
[   65.698675][ T5009] loop2: detected capacity change from 0 to 512
[   65.699826][ T5006] EXT4-fs error (device loop3): ext4_init_orphan_info:585: comm syz.3.487: inode #0: comm syz.3.487: iget: illegal inode #
[   65.728572][ T5009] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   65.745802][ T5006] EXT4-fs (loop3): get orphan inode failed
[   65.766954][ T5012] SELinux: syz.1.489 (5012) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   65.774455][ T5009] EXT4-fs (loop2): 1 truncate cleaned up
[   65.791915][ T5006] EXT4-fs (loop3): mount failed
[   65.803401][ T5009] EXT4-fs mount: 33 callbacks suppressed
[   65.803416][ T5009] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   65.970123][ T5013] loop1: detected capacity change from 0 to 4096
[   65.980208][ T5013] ext4: Unknown parameter 'subj_role'
[   66.123415][ T5018] loop1: detected capacity change from 0 to 2048
[   66.154787][ T5020] loop4: detected capacity change from 0 to 256
[   66.193940][ T5020] FAT-fs (loop4): Directory bread(block 64) failed
[   66.200658][ T5020] FAT-fs (loop4): Directory bread(block 65) failed
[   66.201680][ T5018] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   66.207378][ T5020] FAT-fs (loop4): Directory bread(block 66) failed
[   66.226044][ T5020] FAT-fs (loop4): Directory bread(block 67) failed
[   66.232642][ T5020] FAT-fs (loop4): Directory bread(block 68) failed
[   66.239208][ T5020] FAT-fs (loop4): Directory bread(block 69) failed
[   66.245843][ T5020] FAT-fs (loop4): Directory bread(block 70) failed
[   66.252465][ T5020] FAT-fs (loop4): Directory bread(block 71) failed
[   66.259012][ T5020] FAT-fs (loop4): Directory bread(block 72) failed
[   66.265645][ T5020] FAT-fs (loop4): Directory bread(block 73) failed
[   66.406905][ T5016] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   66.441190][ T5016] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 420 with error 28
[   66.453669][ T5016] EXT4-fs (loop1): This should not happen!! Data will be lost
[   66.453669][ T5016] 
[   66.463395][ T5016] EXT4-fs (loop1): Total free blocks count 0
[   66.469384][ T5016] EXT4-fs (loop1): Free/Dirty block details
[   66.475365][ T5016] EXT4-fs (loop1): free_blocks=2415919104
[   66.481130][ T5016] EXT4-fs (loop1): dirty_blocks=432
[   66.486332][ T5016] EXT4-fs (loop1): Block reservation details
[   66.492331][ T5016] EXT4-fs (loop1): i_reserved_data_blocks=27
[   66.545435][ T5029] loop4: detected capacity change from 0 to 1024
[   66.570824][ T5029] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   66.581925][ T5029] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   66.600623][ T5029] JBD2: no valid journal superblock found
[   66.606413][ T5029] EXT4-fs (loop4): Could not load journal inode
[   66.623402][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   66.641994][ T5029] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   66.733434][ T5034] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   66.765685][ T5034] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   66.872387][ T3381] hid-generic 000B:0004:0000.0009: unknown main item tag 0x0
[   66.879943][ T3381] hid-generic 000B:0004:0000.0009: unknown main item tag 0x0
[   66.887413][ T3381] hid-generic 000B:0004:0000.0009: unknown main item tag 0x0
[   66.906641][ T3381] hid-generic 000B:0004:0000.0009: hidraw0: <UNKNOWN> HID vffffff.ff Device [syz0] on syz1
[   66.943755][   T29] kauditd_printk_skb: 264 callbacks suppressed
[   66.943824][   T29] audit: type=1326 audit(1751172198.419:3753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   66.951231][ T5051] fido_id[5051]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   66.988064][   T29] audit: type=1326 audit(1751172198.459:3754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.011572][   T29] audit: type=1326 audit(1751172198.459:3755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.034995][   T29] audit: type=1326 audit(1751172198.459:3756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.059861][   T29] audit: type=1326 audit(1751172198.459:3757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.083233][   T29] audit: type=1326 audit(1751172198.459:3758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.106622][   T29] audit: type=1326 audit(1751172198.459:3759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.129965][   T29] audit: type=1326 audit(1751172198.459:3760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.153275][   T29] audit: type=1326 audit(1751172198.459:3761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.176597][   T29] audit: type=1326 audit(1751172198.459:3762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   67.200949][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.285662][ T5061] loop2: detected capacity change from 0 to 512
[   67.305076][ T5061] EXT4-fs: Ignoring removed orlov option
[   67.325889][ T5061] EXT4-fs: Ignoring removed nomblk_io_submit option
[   67.332644][ T5061] EXT4-fs: Ignoring removed orlov option
[   67.510068][ T5061] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846c01c, mo2=0002]
[   67.548339][ T5068] lo speed is unknown, defaulting to 1000
[   67.873289][ T5061] System zones: 1-12
[   67.914736][ T5074] loop1: detected capacity change from 0 to 128
[   67.930249][ T5061] EXT4-fs error (device loop2): ext4_init_orphan_info:585: comm syz.2.504: inode #0: comm syz.2.504: iget: illegal inode #
[   67.995906][ T5061] EXT4-fs (loop2): get orphan inode failed
[   68.017150][ T5061] EXT4-fs (loop2): mount failed
[   68.053661][ T5078] siw: device registration error -23
[   68.073198][ T5078] loop3: detected capacity change from 0 to 128
[   68.114853][ T5084] loop1: detected capacity change from 0 to 512
[   68.122343][ T5084] EXT4-fs: Ignoring removed nobh option
[   68.199865][ T5084] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   68.210489][ T5084] System zones: 0-2, 18-18, 34-34
[   68.239604][ T5084] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.262161][ T5084] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.314459][ T5084] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   68.330266][ T5089] siw: device registration error -23
[   68.338165][ T5089] loop0: detected capacity change from 0 to 128
[   68.387790][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.446699][ T5106] loop1: detected capacity change from 0 to 1024
[   68.458120][ T5101] loop2: detected capacity change from 0 to 2048
[   68.489084][ T5104] loop0: detected capacity change from 0 to 512
[   68.496800][ T5101] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   68.511447][ T5104] EXT4-fs: Ignoring removed nobh option
[   68.532500][ T5106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.561942][ T5104] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   68.573163][ T5104] System zones: 0-2, 18-18, 34-34
[   68.579121][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.591976][ T5104] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.607123][ T5104] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   68.637453][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.682008][ T5101] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   68.698469][ T5118] loop0: detected capacity change from 0 to 1024
[   68.699674][ T5101] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1086 with error 28
[   68.717328][ T5101] EXT4-fs (loop2): This should not happen!! Data will be lost
[   68.717328][ T5101] 
[   68.727039][ T5101] EXT4-fs (loop2): Total free blocks count 0
[   68.733134][ T5101] EXT4-fs (loop2): Free/Dirty block details
[   68.739034][ T5101] EXT4-fs (loop2): free_blocks=2415919104
[   68.744809][ T5101] EXT4-fs (loop2): dirty_blocks=1088
[   68.750159][ T5101] EXT4-fs (loop2): Block reservation details
[   68.756172][ T5101] EXT4-fs (loop2): i_reserved_data_blocks=68
[   68.770612][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.804871][ T5121] lo speed is unknown, defaulting to 1000
[   69.034460][ T5128] lo speed is unknown, defaulting to 1000
[   69.180603][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   69.228196][ T5135] SELinux: syz.3.526 (5135) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   69.242272][ T5133] loop2: detected capacity change from 0 to 1024
[   69.262279][ T5133] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   69.273336][ T5133] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   69.295057][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.305352][ T5133] JBD2: no valid journal superblock found
[   69.311189][ T5133] EXT4-fs (loop2): Could not load journal inode
[   69.335224][ T5136] loop3: detected capacity change from 0 to 4096
[   69.342143][ T5136] ext4: Unknown parameter 'subj_role'
[   69.360662][ T5133] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   69.434187][ T5142] siw: device registration error -23
[   69.475111][ T5147] loop4: detected capacity change from 0 to 512
[   69.490936][ T5142] loop3: detected capacity change from 0 to 128
[   69.522762][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.535405][ T5147] EXT4-fs: Ignoring removed nobh option
[   69.573236][ T5147] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   69.581408][ T5152] loop1: detected capacity change from 0 to 2048
[   69.611561][ T5147] System zones: 0-2, 18-18, 34-34
[   69.618428][ T5147] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.631271][ T5147] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.643808][ T5158] loop0: detected capacity change from 0 to 128
[   69.657825][ T5152] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   69.672237][ T5147] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   69.713560][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.738332][ T5168] loop0: detected capacity change from 0 to 1024
[   69.747470][ T5168] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   69.758509][ T5168] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   69.789798][ T5168] JBD2: no valid journal superblock found
[   69.795638][ T5168] EXT4-fs (loop0): Could not load journal inode
[   69.813462][ T5168] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   69.831235][ T5152] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   69.846321][ T5152] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1954 with error 28
[   69.858860][ T5152] EXT4-fs (loop1): This should not happen!! Data will be lost
[   69.858860][ T5152] 
[   69.868561][ T5152] EXT4-fs (loop1): Total free blocks count 0
[   69.874586][ T5152] EXT4-fs (loop1): Free/Dirty block details
[   69.880572][ T5152] EXT4-fs (loop1): free_blocks=2415919104
[   69.886305][ T5152] EXT4-fs (loop1): dirty_blocks=1968
[   69.891635][ T5152] EXT4-fs (loop1): Block reservation details
[   69.897618][ T5152] EXT4-fs (loop1): i_reserved_data_blocks=123
[   69.923022][ T5173] siw: device registration error -23
[   69.938100][ T5173] loop0: detected capacity change from 0 to 128
[   70.030636][ T5177] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.541' sets config #1
[   70.340504][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   70.362213][ T5182] IPv6: Can't replace route, no match found
[   70.461706][ T5185] siw: device registration error -23
[   70.467441][ T5186] lo speed is unknown, defaulting to 1000
[   70.511292][ T5185] loop1: detected capacity change from 0 to 128
[   70.617436][ T5193] loop4: detected capacity change from 0 to 512
[   70.625429][ T5193] EXT4-fs: Ignoring removed nobh option
[   70.640993][ T5193] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   70.649391][ T5193] System zones: 0-2, 18-18, 34-34
[   70.655973][ T5193] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.696958][ T5193] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.719511][ T5193] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   70.764844][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.782928][ T5206] netlink: 'syz.2.552': attribute type 1 has an invalid length.
[   70.790711][ T5206] netlink: 224 bytes leftover after parsing attributes in process `syz.2.552'.
[   70.861682][ T5210] loop4: detected capacity change from 0 to 512
[   70.891325][ T5210] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.905225][ T5210] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.933149][ T5216] SELinux: syz.0.555 (5216) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   71.012983][ T5217] loop0: detected capacity change from 0 to 4096
[   71.019912][ T5217] ext4: Unknown parameter 'subj_role'
[   71.464845][ T5222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.557'.
[   71.474287][ T5222] netlink: 'syz.3.557': attribute type 13 has an invalid length.
[   71.506097][ T5222] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   71.568363][ T5229] syzkaller1: entered promiscuous mode
[   71.574005][ T5229] syzkaller1: entered allmulticast mode
[   71.693073][ T5233] loop2: detected capacity change from 0 to 128
[   71.693300][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.701728][ T5231] lo speed is unknown, defaulting to 1000
[   71.729417][ T5235] 9pnet: p9_errstr2errno: server reported unknown error �Çpî‘AçÁ›
¬ž;
KZì44§/@®qæž
[   71.801234][ T5241] loop4: detected capacity change from 0 to 512
[   71.821503][ T5241] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.834228][ T5241] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.907971][ T5247] loop0: detected capacity change from 0 to 128
[   71.949748][   T29] kauditd_printk_skb: 538 callbacks suppressed
[   71.949760][   T29] audit: type=1326 audit(1751172203.429:4301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f14b64b58e7 code=0x7ffc0000
[   71.979218][   T29] audit: type=1326 audit(1751172203.429:4302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f14b645ab19 code=0x7ffc0000
[   72.002572][   T29] audit: type=1326 audit(1751172203.429:4303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   72.026413][   T29] audit: type=1326 audit(1751172203.429:4304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd1e3e929 code=0x7ffc0000
[   72.049813][   T29] audit: type=1326 audit(1751172203.429:4305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd1e3e929 code=0x7ffc0000
[   72.073268][   T29] audit: type=1326 audit(1751172203.459:4306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f14b64b58e7 code=0x7ffc0000
[   72.096537][   T29] audit: type=1326 audit(1751172203.459:4307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f14b645ab19 code=0x7ffc0000
[   72.119802][   T29] audit: type=1326 audit(1751172203.459:4308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f14b64be929 code=0x7ffc0000
[   72.143094][   T29] audit: type=1326 audit(1751172203.459:4309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f14b64b58e7 code=0x7ffc0000
[   72.166333][   T29] audit: type=1326 audit(1751172203.459:4310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5240 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f14b645ab19 code=0x7ffc0000
[   72.194141][ T5254] FAULT_INJECTION: forcing a failure.
[   72.194141][ T5254] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.207273][ T5254] CPU: 1 UID: 0 PID: 5254 Comm: syz.0.568 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[   72.207303][ T5254] Tainted: [W]=WARN
[   72.207308][ T5254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.207318][ T5254] Call Trace:
[   72.207324][ T5254]  <TASK>
[   72.207331][ T5254]  __dump_stack+0x1d/0x30
[   72.207352][ T5254]  dump_stack_lvl+0xe8/0x140
[   72.207433][ T5254]  dump_stack+0x15/0x1b
[   72.207447][ T5254]  should_fail_ex+0x265/0x280
[   72.207471][ T5254]  should_fail+0xb/0x20
[   72.207527][ T5254]  should_fail_usercopy+0x1a/0x20
[   72.207587][ T5254]  _copy_from_user+0x1c/0xb0
[   72.207603][ T5254]  bpf_test_init+0xdf/0x160
[   72.207628][ T5254]  bpf_prog_test_run_flow_dissector+0x12c/0x340
[   72.207684][ T5254]  ? kstrtouint+0x76/0xc0
[   72.207713][ T5254]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[   72.207780][ T5254]  bpf_prog_test_run+0x227/0x390
[   72.207802][ T5254]  __sys_bpf+0x3dc/0x790
[   72.207833][ T5254]  __x64_sys_bpf+0x41/0x50
[   72.207863][ T5254]  x64_sys_call+0x2478/0x2fb0
[   72.207880][ T5254]  do_syscall_64+0xd2/0x200
[   72.207956][ T5254]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   72.207981][ T5254]  ? clear_bhb_loop+0x40/0x90
[   72.207998][ T5254]  ? clear_bhb_loop+0x40/0x90
[   72.208016][ T5254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.208086][ T5254] RIP: 0033:0x7f080a67e929
[   72.208102][ T5254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.208135][ T5254] RSP: 002b:00007f0808ce7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   72.208154][ T5254] RAX: ffffffffffffffda RBX: 00007f080a8a5fa0 RCX: 00007f080a67e929
[   72.208166][ T5254] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[   72.208190][ T5254] RBP: 00007f0808ce7090 R08: 0000000000000000 R09: 0000000000000000
[   72.208246][ T5254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.208259][ T5254] R13: 0000000000000000 R14: 00007f080a8a5fa0 R15: 00007ffe67e70d88
[   72.208277][ T5254]  </TASK>
[   72.539963][ T5261] syzkaller1: entered promiscuous mode
[   72.545494][ T5261] syzkaller1: entered allmulticast mode
[   72.665841][ T5266] FAULT_INJECTION: forcing a failure.
[   72.665841][ T5266] name failslab, interval 1, probability 0, space 0, times 0
[   72.678559][ T5266] CPU: 1 UID: 0 PID: 5266 Comm: syz.1.574 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[   72.678629][ T5266] Tainted: [W]=WARN
[   72.678635][ T5266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.678647][ T5266] Call Trace:
[   72.678654][ T5266]  <TASK>
[   72.678661][ T5266]  __dump_stack+0x1d/0x30
[   72.678735][ T5266]  dump_stack_lvl+0xe8/0x140
[   72.678755][ T5266]  dump_stack+0x15/0x1b
[   72.678772][ T5266]  should_fail_ex+0x265/0x280
[   72.678854][ T5266]  should_failslab+0x8c/0xb0
[   72.678877][ T5266]  kmem_cache_alloc_node_noprof+0x57/0x320
[   72.678980][ T5266]  ? __alloc_skb+0x101/0x320
[   72.679007][ T5266]  ? dst_alloc+0xe0/0x100
[   72.679037][ T5266]  __alloc_skb+0x101/0x320
[   72.679127][ T5266]  ? __sock_sendmsg+0x8b/0x180
[   72.679206][ T5266]  alloc_skb_with_frags+0x7d/0x470
[   72.679238][ T5266]  ? ip6_rt_copy_init+0x4d8/0x540
[   72.679265][ T5266]  sock_alloc_send_pskb+0x43a/0x4f0
[   72.679300][ T5266]  __ip6_append_data+0x18d2/0x23d0
[   72.679326][ T5266]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   72.679351][ T5266]  ? xfrm_lookup_with_ifid+0x10c2/0x1360
[   72.679377][ T5266]  ? __rcu_read_unlock+0x4f/0x70
[   72.679448][ T5266]  ? __pfx_ip6_mtu+0x10/0x10
[   72.679470][ T5266]  ? ip6_mtu+0xf5/0x120
[   72.679500][ T5266]  ip6_make_skb+0x1da/0x4a0
[   72.679526][ T5266]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   72.679553][ T5266]  udpv6_sendmsg+0x136a/0x1580
[   72.679646][ T5266]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   72.679729][ T5266]  ? _raw_spin_unlock_bh+0x36/0x40
[   72.679763][ T5266]  ? __pfx_udpv6_sendmsg+0x10/0x10
[   72.679801][ T5266]  inet6_sendmsg+0xac/0xd0
[   72.679816][ T5266]  __sock_sendmsg+0x8b/0x180
[   72.679836][ T5266]  ____sys_sendmsg+0x345/0x4e0
[   72.679872][ T5266]  ___sys_sendmsg+0x17b/0x1d0
[   72.679915][ T5266]  __sys_sendmmsg+0x178/0x300
[   72.679965][ T5266]  __x64_sys_sendmmsg+0x57/0x70
[   72.679981][ T5266]  x64_sys_call+0x2f2f/0x2fb0
[   72.680061][ T5266]  do_syscall_64+0xd2/0x200
[   72.680078][ T5266]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   72.680134][ T5266]  ? clear_bhb_loop+0x40/0x90
[   72.680150][ T5266]  ? clear_bhb_loop+0x40/0x90
[   72.680172][ T5266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.680313][ T5266] RIP: 0033:0x7f9a152ee929
[   72.680329][ T5266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.680345][ T5266] RSP: 002b:00007f9a13957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   72.680363][ T5266] RAX: ffffffffffffffda RBX: 00007f9a15515fa0 RCX: 00007f9a152ee929
[   72.680381][ T5266] RDX: 0000000000000002 RSI: 0000200000006b80 RDI: 0000000000000003
[   72.680418][ T5266] RBP: 00007f9a13957090 R08: 0000000000000000 R09: 0000000000000000
[   72.680428][ T5266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.680437][ T5266] R13: 0000000000000000 R14: 00007f9a15515fa0 R15: 00007fff05dff318
[   72.680454][ T5266]  </TASK>
[   72.980057][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.277572][ T5279] lo speed is unknown, defaulting to 1000
[   73.655813][ T5284] loop3: detected capacity change from 0 to 1024
[   73.663798][ T5284] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   73.674798][ T5284] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   73.685668][ T5284] JBD2: no valid journal superblock found
[   73.691493][ T5284] EXT4-fs (loop3): Could not load journal inode
[   73.719985][ T5284] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   73.764110][ T5288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.580'.
[   73.784339][ T5288] netlink: 'syz.0.580': attribute type 13 has an invalid length.
[   73.808263][ T5288] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   73.896566][ T5298] loop1: detected capacity change from 0 to 512
[   73.962716][ T5298] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   73.979015][ T5302] loop0: detected capacity change from 0 to 1024
[   73.991841][ T5302] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   74.002808][ T5302] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   74.012813][ T5298] EXT4-fs (loop1): 1 truncate cleaned up
[   74.018998][ T5298] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.033020][ T5302] JBD2: no valid journal superblock found
[   74.038763][ T5302] EXT4-fs (loop0): Could not load journal inode
[   74.144077][ T5302] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   74.156034][ T5306] loop2: detected capacity change from 0 to 512
[   74.164808][ T5306] EXT4-fs: Ignoring removed orlov option
[   74.170608][ T5306] EXT4-fs: Ignoring removed nomblk_io_submit option
[   74.177233][ T5306] EXT4-fs: Ignoring removed orlov option
[   74.190561][ T5306] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846c01c, mo2=0002]
[   74.218975][ T5306] System zones: 1-12
[   74.231879][ T5306] EXT4-fs error (device loop2): ext4_init_orphan_info:585: comm syz.2.586: inode #0: comm syz.2.586: iget: illegal inode #
[   74.249133][ T5306] EXT4-fs (loop2): get orphan inode failed
[   74.265354][ T5306] EXT4-fs (loop2): mount failed
[   74.278505][ T5312] loop3: detected capacity change from 0 to 128
[   74.596822][ T5323] loop0: detected capacity change from 0 to 1024
[   74.632574][ T5323] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   74.643620][ T5323] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   74.690814][ T5323] JBD2: no valid journal superblock found
[   74.696595][ T5323] EXT4-fs (loop0): Could not load journal inode
[   74.722167][ T5329] IPv6: Can't replace route, no match found
[   74.805069][ T5323] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   74.958928][ T5335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.596'.
[   74.977450][ T5335] netlink: 'syz.0.596': attribute type 13 has an invalid length.
[   75.000269][ T5335] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   75.043891][ T3408] hid-generic 000B:0004:0000.000A: unknown main item tag 0x0
[   75.051482][ T3408] hid-generic 000B:0004:0000.000A: unknown main item tag 0x0
[   75.058912][ T3408] hid-generic 000B:0004:0000.000A: unknown main item tag 0x0
[   75.067850][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.072031][ T3408] hid-generic 000B:0004:0000.000A: hidraw0: <UNKNOWN> HID vffffff.ff Device [syz0] on syz1
[   75.116822][ T5342] fido_id[5342]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   75.140079][ T5344] netlink: 20 bytes leftover after parsing attributes in process `syz.1.599'.
[   75.154648][ T5346] loop2: detected capacity change from 0 to 512
[   75.193225][ T5346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.230229][ T5346] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.406976][ T5362] FAULT_INJECTION: forcing a failure.
[   75.406976][ T5362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   75.420217][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.4.605 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[   75.420288][ T5362] Tainted: [W]=WARN
[   75.420294][ T5362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   75.420306][ T5362] Call Trace:
[   75.420391][ T5362]  <TASK>
[   75.420398][ T5362]  __dump_stack+0x1d/0x30
[   75.420419][ T5362]  dump_stack_lvl+0xe8/0x140
[   75.420440][ T5362]  dump_stack+0x15/0x1b
[   75.420457][ T5362]  should_fail_ex+0x265/0x280
[   75.420539][ T5362]  should_fail+0xb/0x20
[   75.420561][ T5362]  should_fail_usercopy+0x1a/0x20
[   75.420586][ T5362]  _copy_from_iter+0xcf/0xe40
[   75.420618][ T5362]  ? __build_skb_around+0x1a0/0x200
[   75.420693][ T5362]  ? __alloc_skb+0x223/0x320
[   75.420718][ T5362]  netlink_sendmsg+0x471/0x6b0
[   75.420739][ T5362]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.420820][ T5362]  __sock_sendmsg+0x145/0x180
[   75.420885][ T5362]  ____sys_sendmsg+0x31e/0x4e0
[   75.420913][ T5362]  ___sys_sendmsg+0x17b/0x1d0
[   75.421071][ T5362]  __x64_sys_sendmsg+0xd4/0x160
[   75.421128][ T5362]  x64_sys_call+0x2999/0x2fb0
[   75.421146][ T5362]  do_syscall_64+0xd2/0x200
[   75.421162][ T5362]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   75.421186][ T5362]  ? clear_bhb_loop+0x40/0x90
[   75.421210][ T5362]  ? clear_bhb_loop+0x40/0x90
[   75.421232][ T5362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.421253][ T5362] RIP: 0033:0x7f14b64be929
[   75.421268][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.421282][ T5362] RSP: 002b:00007f14b4b27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.421365][ T5362] RAX: ffffffffffffffda RBX: 00007f14b66e5fa0 RCX: 00007f14b64be929
[   75.421378][ T5362] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000003
[   75.421389][ T5362] RBP: 00007f14b4b27090 R08: 0000000000000000 R09: 0000000000000000
[   75.421431][ T5362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.421441][ T5362] R13: 0000000000000000 R14: 00007f14b66e5fa0 R15: 00007fff68179bf8
[   75.421457][ T5362]  </TASK>
[   75.930408][ T5367] SELinux: syz.4.607 (5367) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   76.002771][ T5369] loop3: detected capacity change from 0 to 1024
[   76.013709][ T5369] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   76.024660][ T5369] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   76.035422][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.059494][ T5369] JBD2: no valid journal superblock found
[   76.065292][ T5369] EXT4-fs (loop3): Could not load journal inode
[   76.133146][ T5369] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   76.204285][ T5383] loop0: detected capacity change from 0 to 512
[   76.223777][ T5381] loop4: detected capacity change from 0 to 128
[   76.250910][ T5381] FAT-fs (loop4): bogus number of FAT structure
[   76.257447][ T5381] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[   76.266835][ T5381] FAT-fs (loop4): Can't find a valid FAT filesystem
[   76.269660][ T5383] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   76.282279][ T5383] EXT4-fs (loop0): orphan cleanup on readonly fs
[   76.291983][ T5383] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #16: comm syz.0.610: corrupted inode contents
[   76.309024][ T5383] EXT4-fs (loop0): Remounting filesystem read-only
[   76.316484][ T5383] EXT4-fs (loop0): 1 truncate cleaned up
[   76.322491][ T3632] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   76.333138][ T3632] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   76.337162][ T5390] netlink: 'syz.4.616': attribute type 21 has an invalid length.
[   76.349158][ T3632] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   76.351904][ T5390] netlink: 8 bytes leftover after parsing attributes in process `syz.4.616'.
[   76.372073][ T5383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.413136][ T5391] lo speed is unknown, defaulting to 1000
[   76.641385][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.745864][ T5390] loop4: detected capacity change from 0 to 512
[   76.754360][ T5390] EXT4-fs (loop4): orphan cleanup on readonly fs
[   76.761107][ T5390] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.616: Failed to acquire dquot type 1
[   76.773749][ T5390] EXT4-fs (loop4): 1 truncate cleaned up
[   76.779871][ T5390] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.793802][ T5390] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.837328][ T5403] netlink: 4 bytes leftover after parsing attributes in process `syz.4.618'.
[   76.846582][ T5403] netlink: 'syz.4.618': attribute type 13 has an invalid length.
[   76.862573][ T5403] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   76.908231][ T5406] loop1: detected capacity change from 0 to 512
[   76.921673][ T5406] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.939563][ T5406] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.954144][ T2996] udevd[2996]: worker [3626] terminated by signal 33 (Unknown signal 33)
[   76.964036][   T29] kauditd_printk_skb: 515 callbacks suppressed
[   76.964050][   T29] audit: type=1326 audit(1751172208.429:4818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a152e58e7 code=0x7ffc0000
[   76.993522][   T29] audit: type=1326 audit(1751172208.429:4819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1528ab19 code=0x7ffc0000
[   77.016958][   T29] audit: type=1326 audit(1751172208.429:4820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a152e58e7 code=0x7ffc0000
[   77.040232][   T29] audit: type=1326 audit(1751172208.429:4821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1528ab19 code=0x7ffc0000
[   77.063492][   T29] audit: type=1326 audit(1751172208.429:4822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a152e58e7 code=0x7ffc0000
[   77.086863][   T29] audit: type=1326 audit(1751172208.429:4823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1528ab19 code=0x7ffc0000
[   77.110144][   T29] audit: type=1326 audit(1751172208.429:4824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a152e58e7 code=0x7ffc0000
[   77.133485][   T29] audit: type=1326 audit(1751172208.429:4825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1528ab19 code=0x7ffc0000
[   77.156742][   T29] audit: type=1326 audit(1751172208.429:4826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a152e58e7 code=0x7ffc0000
[   77.180065][   T29] audit: type=1326 audit(1751172208.429:4827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5405 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a1528ab19 code=0x7ffc0000
[   77.295277][ T5417] SELinux: syz.4.623 (5417) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   77.334474][ T5425] SELinux:  Context Ü is not valid (left unmapped).
[   77.366275][ T5429] loop2: detected capacity change from 0 to 128
[   77.397507][ T5434] loop4: detected capacity change from 0 to 512
[   77.405115][ T5434] EXT4-fs: Ignoring removed nobh option
[   77.420504][ T5434] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   77.428615][ T5434] System zones: 0-2, 18-18, 34-34
[   77.435034][ T5434] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.447691][ T5434] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.460094][ T5434] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   77.484052][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.500664][ T5441] IPv6: Can't replace route, no match found
[   77.603070][ T5446] loop0: detected capacity change from 0 to 1024
[   77.620946][ T5446] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.717990][ T5450] lo speed is unknown, defaulting to 1000
[   77.911986][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.397194][ T5474] loop4: detected capacity change from 0 to 128
[   78.443818][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.461069][ T5479] netlink: 4 bytes leftover after parsing attributes in process `syz.4.645'.
[   78.470933][ T5479] netlink: 'syz.4.645': attribute type 13 has an invalid length.
[   78.474641][ T5481] loop0: detected capacity change from 0 to 512
[   78.485877][ T5481] EXT4-fs: Ignoring removed nobh option
[   78.492432][ T5479] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   78.509136][ T5481] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   78.517184][ T5481] System zones: 0-2, 18-18, 34-34
[   78.523306][ T5481] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.535907][ T5481] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   78.549246][ T5481] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   78.579346][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.584872][ T5486] loop4: detected capacity change from 0 to 1024
[   78.595852][ T5486] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   78.606898][ T5486] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   78.617331][ T5486] JBD2: no valid journal superblock found
[   78.623105][ T5486] EXT4-fs (loop4): Could not load journal inode
[   78.635305][ T5490] loop0: detected capacity change from 0 to 256
[   78.644602][ T5486] Cannot find add_set index 0 as target
[   78.650641][ T5486] SELinux: security_context_str_to_sid (ùÿ) failed with errno=-22
[   78.688457][ T5496] siw: device registration error -23
[   78.695698][ T5496] loop4: detected capacity change from 0 to 128
[   78.780801][ T5504] loop0: detected capacity change from 0 to 128
[   78.867009][ T5510] netlink: 4 bytes leftover after parsing attributes in process `syz.0.656'.
[   78.880131][ T5510] netlink: 'syz.0.656': attribute type 13 has an invalid length.
[   78.917398][ T5512] loop1: detected capacity change from 0 to 512
[   78.926858][ T5510] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   78.942189][ T5512] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   78.942272][ T5512] EXT4-fs (loop1): orphan cleanup on readonly fs
[   78.943568][ T5512] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.657: corrupted inode contents
[   78.943844][ T5512] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #16: comm syz.1.657: mark_inode_dirty error
[   78.944518][ T5512] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.657: corrupted inode contents
[   78.944946][ T5512] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.657: mark_inode_dirty error
[   78.945383][ T5512] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.657: corrupted inode contents
[   78.945868][ T5512] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   78.945995][ T5512] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.657: corrupted inode contents
[   78.946119][ T5512] EXT4-fs error (device loop1): ext4_truncate:4597: inode #16: comm syz.1.657: mark_inode_dirty error
[   78.946240][ T5512] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   78.947945][ T5512] EXT4-fs (loop1): 1 truncate cleaned up
[   78.948084][ T3632] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 1
[   78.951537][ T5512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   79.187764][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.263296][ T5518] syzkaller1: entered promiscuous mode
[   79.306453][ T5518] syzkaller1: entered allmulticast mode
[   79.318828][ T5520] netlink: 16 bytes leftover after parsing attributes in process `syz.2.660'.
[   79.496252][ T5536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.504991][ T5536] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.564629][ T5539] loop3: detected capacity change from 0 to 128
[   79.767475][ T5547] netlink: 16 bytes leftover after parsing attributes in process `syz.3.669'.
[   79.776423][ T5547] netlink: 20 bytes leftover after parsing attributes in process `syz.3.669'.
[   79.790415][ T5547] loop3: detected capacity change from 0 to 764
[   79.799258][ T5547] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   79.839999][ T5549] Cannot find del_set index 2 as target
[   80.076197][ T5557] syzkaller1: entered promiscuous mode
[   80.081962][ T5557] syzkaller1: entered allmulticast mode
[   80.152359][ T5559] SELinux: syz.2.675 (5559) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   80.213428][ T5559] loop2: detected capacity change from 0 to 4096
[   80.220627][ T5559] ext4: Unknown parameter 'subj_role'
[   80.261163][ T5565] loop2: detected capacity change from 0 to 128
[   80.269400][ T5567] siw: device registration error -23
[   80.276307][ T5567] loop1: detected capacity change from 0 to 128
[   80.341452][ T5578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.351331][ T5578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.353704][ T5575] loop2: detected capacity change from 0 to 128
[   80.418274][ T5582] syzkaller1: entered promiscuous mode
[   80.423811][ T5582] syzkaller1: entered allmulticast mode
[   80.752737][ T5601] siw: device registration error -23
[   80.883450][ T5605] siw: device registration error -23
[   80.900264][ T5605] loop1: detected capacity change from 0 to 128
[   81.060045][ T5609] syzkaller1: entered promiscuous mode
[   81.065541][ T5609] syzkaller1: entered allmulticast mode
[   81.260989][   T10] hid-generic 000B:0004:0000.000B: unknown main item tag 0x0
[   81.268469][   T10] hid-generic 000B:0004:0000.000B: unknown main item tag 0x0
[   81.275979][   T10] hid-generic 000B:0004:0000.000B: unknown main item tag 0x0
[   81.283975][   T10] hid-generic 000B:0004:0000.000B: hidraw0: <UNKNOWN> HID vffffff.ff Device [syz0] on syz1
[   81.334803][ T5620] lo speed is unknown, defaulting to 1000
[   81.489559][ T5627] loop2: detected capacity change from 0 to 1024
[   81.496596][ T5627] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   81.507647][ T5629] loop1: detected capacity change from 0 to 128
[   81.507679][ T5627] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   81.525875][ T5627] JBD2: no valid journal superblock found
[   81.531817][ T5627] EXT4-fs (loop2): Could not load journal inode
[   81.588188][ T5627] Cannot find del_set index 2 as target
[   81.644173][ T5633] loop1: detected capacity change from 0 to 2048
[   81.704392][ T5633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   81.705596][ T5638] syzkaller1: entered promiscuous mode
[   81.722071][ T5638] syzkaller1: entered allmulticast mode
[   81.729667][ T5640] netlink: 4 bytes leftover after parsing attributes in process `syz.2.709'.
[   81.743383][ T5640] veth1_macvtap: left promiscuous mode
[   81.855533][ T5633] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   81.871513][ T5633] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   81.884043][ T5633] EXT4-fs (loop1): This should not happen!! Data will be lost
[   81.884043][ T5633] 
[   81.893785][ T5633] EXT4-fs (loop1): Total free blocks count 0
[   81.899808][ T5633] EXT4-fs (loop1): Free/Dirty block details
[   81.905715][ T5633] EXT4-fs (loop1): free_blocks=2415919104
[   81.911537][ T5633] EXT4-fs (loop1): dirty_blocks=2528
[   81.916827][ T5633] EXT4-fs (loop1): Block reservation details
[   81.922936][ T5633] EXT4-fs (loop1): i_reserved_data_blocks=158
[   82.008024][   T29] kauditd_printk_skb: 3165 callbacks suppressed
[   82.008048][   T29] audit: type=1326 audit(1751172213.479:7992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.043841][   T29] audit: type=1326 audit(1751172213.479:7993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.128589][   T29] audit: type=1326 audit(1751172213.599:7994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.152031][   T29] audit: type=1326 audit(1751172213.599:7995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.175418][   T29] audit: type=1326 audit(1751172213.599:7996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.198790][   T29] audit: type=1326 audit(1751172213.599:7997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.255680][   T29] audit: type=1326 audit(1751172213.729:7998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.279182][   T29] audit: type=1326 audit(1751172213.749:7999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5644 comm="syz.3.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   82.403433][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   82.419181][ T5663] loop4: detected capacity change from 0 to 1024
[   82.440979][ T5665] siw: device registration error -23
[   82.441160][ T5663] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.467785][ T5665] loop1: detected capacity change from 0 to 128
[   82.513189][ T5670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.718'.
[   82.522356][ T5670] netlink: 'syz.1.718': attribute type 13 has an invalid length.
[   82.538157][ T5670] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   82.591436][ T5675] syzkaller1: entered promiscuous mode
[   82.596978][ T5675] syzkaller1: entered allmulticast mode
[   82.664195][ T5679] FAULT_INJECTION: forcing a failure.
[   82.664195][ T5679] name failslab, interval 1, probability 0, space 0, times 0
[   82.676962][ T5679] CPU: 0 UID: 0 PID: 5679 Comm: syz.1.722 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[   82.676996][ T5679] Tainted: [W]=WARN
[   82.677003][ T5679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   82.677015][ T5679] Call Trace:
[   82.677023][ T5679]  <TASK>
[   82.677037][ T5679]  __dump_stack+0x1d/0x30
[   82.677108][ T5679]  dump_stack_lvl+0xe8/0x140
[   82.677128][ T5679]  dump_stack+0x15/0x1b
[   82.677145][ T5679]  should_fail_ex+0x265/0x280
[   82.677182][ T5679]  should_failslab+0x8c/0xb0
[   82.677205][ T5679]  kmem_cache_alloc_noprof+0x50/0x310
[   82.677261][ T5679]  ? __anon_vma_prepare+0xcd/0x2f0
[   82.677293][ T5679]  __anon_vma_prepare+0xcd/0x2f0
[   82.677326][ T5679]  do_wp_page+0x1838/0x2400
[   82.677348][ T5679]  ? __rcu_read_lock+0x37/0x50
[   82.677432][ T5679]  handle_mm_fault+0x77d/0x2be0
[   82.677454][ T5679]  ? mas_walk+0xf2/0x120
[   82.677489][ T5679]  do_user_addr_fault+0x636/0x1090
[   82.677520][ T5679]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   82.677567][ T5679]  exc_page_fault+0x62/0xa0
[   82.677632][ T5679]  asm_exc_page_fault+0x26/0x30
[   82.677728][ T5679] RIP: 0033:0x7f9a151b0ca3
[   82.677743][ T5679] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   82.677760][ T5679] RSP: 002b:00007f9a139564a0 EFLAGS: 00010202
[   82.677783][ T5679] RAX: 0000000000000400 RBX: 00007f9a13956540 RCX: 00007f9a0b537000
[   82.677796][ T5679] RDX: 00007f9a139566e0 RSI: 0000000000000011 RDI: 00007f9a139565e0
[   82.677809][ T5679] RBP: 00000000000000f9 R08: 000000000000000a R09: 00000000000003be
[   82.677822][ T5679] R10: 00000000000003cc R11: 00007f9a13956540 R12: 0000000000000001
[   82.677834][ T5679] R13: 00007f9a1538c200 R14: 0000000000000020 R15: 00007f9a139565e0
[   82.677853][ T5679]  </TASK>
[   82.677867][ T5679] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   82.872820][ T5679] loop1: detected capacity change from 0 to 512
[   82.919328][ T5679] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   82.934066][ T5679] EXT4-fs (loop1): orphan cleanup on readonly fs
[   82.950616][ T5679] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.722: corrupted inode contents
[   82.962834][ T5679] EXT4-fs (loop1): Remounting filesystem read-only
[   82.969567][ T5679] EXT4-fs (loop1): 1 truncate cleaned up
[   82.975514][   T52] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   82.986336][   T52] Quota error (device loop1): write_blk: dquota write failed
[   82.993743][   T52] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[   83.003760][   T52] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   83.015949][   T52] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[   83.027110][ T5679] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   83.100109][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.102388][ T5696] SELinux: syz.3.727 (5696) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   83.151674][ T5698] siw: device registration error -23
[   83.188334][ T5698] loop1: detected capacity change from 0 to 128
[   83.219338][ T5701] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[   83.225852][ T5701] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   83.233531][ T5701] vhci_hcd vhci_hcd.0: Device attached
[   83.241818][ T5702] vhci_hcd: connection closed
[   83.261626][   T52] vhci_hcd: stop threads
[   83.270611][   T52] vhci_hcd: release socket
[   83.275030][   T52] vhci_hcd: disconnect device
[   83.280453][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.552943][ T5711] lo speed is unknown, defaulting to 1000
[   83.734505][ T5715] syzkaller1: entered promiscuous mode
[   83.740160][ T5715] syzkaller1: entered allmulticast mode
[   83.851390][ T5717] loop0: detected capacity change from 0 to 1024
[   83.858451][ T5717] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   83.869381][ T5717] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   83.885304][ T5717] JBD2: no valid journal superblock found
[   83.891113][ T5717] EXT4-fs (loop0): Could not load journal inode
[   83.914542][ T5717] Cannot find add_set index 0 as target
[   83.922691][ T5721] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.947742][ T5722] loop2: detected capacity change from 0 to 2048
[   83.960941][ T5722] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   83.975829][ T5721] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.000953][ T5729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.737'.
[   84.010136][ T5729] netlink: 'syz.0.737': attribute type 13 has an invalid length.
[   84.026058][ T5729] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   84.043323][ T5721] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.084925][ T5732] loop0: detected capacity change from 0 to 512
[   84.091667][ T5732] EXT4-fs: Ignoring removed nobh option
[   84.098333][ T5721] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.114731][ T5722] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   84.130797][ T5722] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   84.135507][ T5732] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   84.143356][ T5722] EXT4-fs (loop2): This should not happen!! Data will be lost
[   84.143356][ T5722] 
[   84.151902][ T5732] System zones: 0-2, 18-18, 34-34
[   84.161133][ T5722] EXT4-fs (loop2): Total free blocks count 0
[   84.169215][ T5732] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.172160][ T5722] EXT4-fs (loop2): Free/Dirty block details
[   84.184572][ T5732] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.190411][ T5722] EXT4-fs (loop2): free_blocks=2415919104
[   84.206704][ T5722] EXT4-fs (loop2): dirty_blocks=2736
[   84.208329][ T5732] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   84.212053][ T5722] EXT4-fs (loop2): Block reservation details
[   84.212063][ T5722] EXT4-fs (loop2): i_reserved_data_blocks=171
[   84.253262][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.276997][ T5721] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.293130][ T5738] SELinux: syz.1.740 (5738) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   84.307748][ T5721] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.319133][ T1397] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   84.319723][ T5721] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.350491][ T5721] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.395397][ T5742] loop1: detected capacity change from 0 to 4096
[   84.412864][ T5744] siw: device registration error -23
[   84.427965][ T5744] loop0: detected capacity change from 0 to 128
[   84.437528][ T5750] syzkaller1: entered promiscuous mode
[   84.438284][ T5742] ext4: Unknown parameter 'subj_role'
[   84.443106][ T5750] syzkaller1: entered allmulticast mode
[   84.464526][ T5746] loop2: detected capacity change from 0 to 128
[   84.530008][ T5754] Cannot find del_set index 2 as target
[   84.530284][ T5758] IPv6: Can't replace route, no match found
[   84.582678][ T5765] loop2: detected capacity change from 0 to 512
[   84.589298][ T5765] EXT4-fs: Ignoring removed nobh option
[   84.640763][ T5765] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   84.687202][ T5765] System zones: 0-2, 18-18, 34-34
[   84.694509][ T5765] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.708852][ T5765] ext4 filesystem being mounted at /142/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.722345][ T5765] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   84.738811][ T5775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.758557][ T5775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.821387][ T3358] hid-generic 000B:0004:0000.000C: unknown main item tag 0x0
[   84.821435][ T3358] hid-generic 000B:0004:0000.000C: unknown main item tag 0x0
[   84.821454][ T3358] hid-generic 000B:0004:0000.000C: unknown main item tag 0x0
[   84.832118][ T3358] hid-generic 000B:0004:0000.000C: hidraw0: <UNKNOWN> HID vffffff.ff Device [syz0] on syz1
[   84.872948][ T5779] loop0: detected capacity change from 0 to 128
[   84.900464][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.140714][ T5792] syzkaller1: entered promiscuous mode
[   85.146266][ T5792] syzkaller1: entered allmulticast mode
[   85.307658][ T5794] loop2: detected capacity change from 0 to 128
[   85.496663][ T5807] IPv6: Can't replace route, no match found
[   85.527826][ T5809] loop2: detected capacity change from 0 to 512
[   85.544325][ T5809] EXT4-fs: Ignoring removed nobh option
[   85.641197][ T5809] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   85.649701][ T5809] System zones: 0-2, 18-18, 34-34
[   85.655712][ T5809] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.669191][ T5809] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.682210][ T5809] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   85.711279][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.796332][ T5819] loop2: detected capacity change from 0 to 1024
[   85.842217][ T5819] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869)
[   85.853223][ T5819] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002]
[   85.862406][ T5819] System zones: 0-1, 3-36
[   85.867135][ T5819] EXT4-fs (loop2): orphan cleanup on readonly fs
[   85.874746][ T5819] EXT4-fs (loop2): 1 orphan inode deleted
[   85.881991][ T5819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   85.897788][ T5819] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5819 comm=+}[@
[   85.919097][ T5828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   85.938110][ T5828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.213319][ T5833] lo speed is unknown, defaulting to 1000
[   86.366750][ T5836] loop4: detected capacity change from 0 to 512
[   86.373651][ T5836] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   86.384732][ T5836] EXT4-fs error (device loop4): xattr_find_entry:333: inode #15: comm syz.4.775: corrupted xattr entries
[   86.396523][ T5836] EXT4-fs (loop4): Remounting filesystem read-only
[   86.403166][ T5836] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   86.416187][ T5836] EXT4-fs (loop4): 1 truncate cleaned up
[   86.422193][ T5836] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.435125][ T5836] FAULT_INJECTION: forcing a failure.
[   86.435125][ T5836] name failslab, interval 1, probability 0, space 0, times 0
[   86.447838][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz.4.775 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[   86.447873][ T5836] Tainted: [W]=WARN
[   86.447880][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   86.447893][ T5836] Call Trace:
[   86.447900][ T5836]  <TASK>
[   86.447909][ T5836]  __dump_stack+0x1d/0x30
[   86.447931][ T5836]  dump_stack_lvl+0xe8/0x140
[   86.447987][ T5836]  dump_stack+0x15/0x1b
[   86.448004][ T5836]  should_fail_ex+0x265/0x280
[   86.448034][ T5836]  should_failslab+0x8c/0xb0
[   86.448123][ T5836]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   86.448152][ T5836]  ? security_context_to_sid_core+0x69/0x3b0
[   86.448178][ T5836]  kmemdup_nul+0x36/0xc0
[   86.448250][ T5836]  security_context_to_sid_core+0x69/0x3b0
[   86.448339][ T5836]  security_context_str_to_sid+0x33/0x40
[   86.448363][ T5836]  selinux_add_opt+0x1de/0x270
[   86.448432][ T5836]  selinux_sb_eat_lsm_opts+0x682/0x750
[   86.448457][ T5836]  security_sb_eat_lsm_opts+0x40/0x80
[   86.448485][ T5836]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[   86.448515][ T5836]  vfs_parse_monolithic_sep+0x4a/0x200
[   86.448621][ T5836]  generic_parse_monolithic+0x24/0x30
[   86.448649][ T5836]  parse_monolithic_mount_data+0x46/0x60
[   86.448736][ T5836]  do_new_mount+0x1da/0x680
[   86.448768][ T5836]  path_mount+0x4a4/0xb20
[   86.448798][ T5836]  ? user_path_at+0x109/0x130
[   86.448824][ T5836]  __se_sys_mount+0x28f/0x2e0
[   86.448917][ T5836]  ? fput+0x8f/0xc0
[   86.448945][ T5836]  __x64_sys_mount+0x67/0x80
[   86.448964][ T5836]  x64_sys_call+0xd36/0x2fb0
[   86.448985][ T5836]  do_syscall_64+0xd2/0x200
[   86.449084][ T5836]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   86.449109][ T5836]  ? clear_bhb_loop+0x40/0x90
[   86.449130][ T5836]  ? clear_bhb_loop+0x40/0x90
[   86.449151][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.449172][ T5836] RIP: 0033:0x7f14b64be929
[   86.449234][ T5836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.449252][ T5836] RSP: 002b:00007f14b4b27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   86.449272][ T5836] RAX: ffffffffffffffda RBX: 00007f14b66e5fa0 RCX: 00007f14b64be929
[   86.449285][ T5836] RDX: 0000200000000640 RSI: 0000200000000600 RDI: 0000000000000000
[   86.449374][ T5836] RBP: 00007f14b4b27090 R08: 0000200000000840 R09: 0000000000000000
[   86.449387][ T5836] R10: 0000000002008000 R11: 0000000000000246 R12: 0000000000000002
[   86.449400][ T5836] R13: 0000000000000000 R14: 00007f14b66e5fa0 R15: 00007fff68179bf8
[   86.449468][ T5836]  </TASK>
[   86.702933][ T5836] SELinux: security_context_str_to_sid (staff_u) failed with errno=-12
[   86.729950][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.760373][ T5836] netlink: 28 bytes leftover after parsing attributes in process `syz.4.775'.
[   86.772969][ T5842] SELinux: syz.0.778 (5842) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   86.797528][ T5836] IPVS: stopping master sync thread 5845 ...
[   86.803802][ T5845] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   86.838761][ T5836] netlink: 'syz.4.775': attribute type 27 has an invalid length.
[   86.851262][ T5849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.780'.
[   86.866670][ T5844] loop2: detected capacity change from 0 to 512
[   86.901641][ T5844] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   86.914037][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.921259][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.923739][ T5852] SELinux: syz.3.779 (5852) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   86.942098][ T5853] netlink: 'syz.0.780': attribute type 13 has an invalid length.
[   86.954945][ T5844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.969071][ T5844] ext4 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.982941][ T5844] IPv6: Can't replace route, no match found
[   87.001153][ T5836] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.021548][ T5836] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.072622][ T5836] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.081228][ T5836] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.089673][ T5836] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.098069][ T5836] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.124861][ T5853] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   87.151383][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.168523][   T29] kauditd_printk_skb: 116 callbacks suppressed
[   87.168536][   T29] audit: type=1400 audit(1751172218.639:8112): avc:  denied  { write } for  pid=5843 comm="syz.2.776" path="socket:[11970]" dev="sockfs" ino=11970 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   87.223877][ T5870] siw: device registration error -23
[   87.232279][ T5870] loop4: detected capacity change from 0 to 128
[   87.241647][   T29] audit: type=1326 audit(1751172218.709:8113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.264991][   T29] audit: type=1326 audit(1751172218.709:8114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.288597][   T29] audit: type=1326 audit(1751172218.719:8115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.311865][   T29] audit: type=1326 audit(1751172218.719:8116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.335516][   T29] audit: type=1326 audit(1751172218.719:8117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.359124][   T29] audit: type=1326 audit(1751172218.719:8118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.382504][   T29] audit: type=1326 audit(1751172218.719:8119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.385732][ T5872] lo speed is unknown, defaulting to 1000
[   87.406096][   T29] audit: type=1326 audit(1751172218.719:8120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.435118][   T29] audit: type=1326 audit(1751172218.719:8121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5871 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   87.443240][ T5872] lo speed is unknown, defaulting to 1000
[   87.469846][ T5877] SELinux: syz.0.787 (5877) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   87.501207][ T5872] lo speed is unknown, defaulting to 1000
[   87.507905][ T5872] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   87.520581][ T5875] netlink: 24 bytes leftover after parsing attributes in process `syz.3.786'.
[   87.555562][ T5872] lo speed is unknown, defaulting to 1000
[   87.564568][ T5872] lo speed is unknown, defaulting to 1000
[   87.571956][ T5872] lo speed is unknown, defaulting to 1000
[   87.612481][ T5877] loop0: detected capacity change from 0 to 4096
[   87.619335][ T5877] ext4: Unknown parameter 'subj_role'
[   87.643844][ T5872] lo speed is unknown, defaulting to 1000
[   87.650900][ T5872] lo speed is unknown, defaulting to 1000
[   87.658051][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.712781][ T5890] loop0: detected capacity change from 0 to 512
[   87.719394][ T5890] EXT4-fs: Ignoring removed nobh option
[   87.740356][ T5890] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   87.748589][ T5890] System zones: 0-2, 18-18, 34-34
[   87.757694][ T5890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.772328][ T5890] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.785605][ T5895] loop2: detected capacity change from 0 to 128
[   87.794350][ T5890] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   87.907536][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.931530][ T5903] loop0: detected capacity change from 0 to 1024
[   87.955155][ T5903] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   87.966111][ T5903] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   87.977495][ T5903] JBD2: no valid journal superblock found
[   87.983351][ T5903] EXT4-fs (loop0): Could not load journal inode
[   88.042486][ T5903] Cannot find add_set index 0 as target
[   88.137291][ T5914] loop2: detected capacity change from 0 to 2048
[   88.270680][ T5914] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   88.285700][ T5914] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   88.298236][ T5914] EXT4-fs (loop2): This should not happen!! Data will be lost
[   88.298236][ T5914] 
[   88.307893][ T5914] EXT4-fs (loop2): Total free blocks count 0
[   88.313887][ T5914] EXT4-fs (loop2): Free/Dirty block details
[   88.319829][ T5914] EXT4-fs (loop2): free_blocks=2415919104
[   88.325610][ T5914] EXT4-fs (loop2): dirty_blocks=2784
[   88.328024][ T5916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.330903][ T5914] EXT4-fs (loop2): Block reservation details
[   88.330920][ T5914] EXT4-fs (loop2): i_reserved_data_blocks=174
[   88.339567][ T5916] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.373175][ T5916] netlink: 28 bytes leftover after parsing attributes in process `syz.0.800'.
[   88.382146][ T5916] netlink: 28 bytes leftover after parsing attributes in process `syz.0.800'.
[   88.503955][ T1397] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   88.516370][ T1397] EXT4-fs (loop2): This should not happen!! Data will be lost
[   88.516370][ T1397] 
[   88.532137][ T5925] loop4: detected capacity change from 0 to 512
[   88.538995][ T5925] EXT4-fs: Ignoring removed nobh option
[   88.562237][ T5925] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   88.570446][ T5925] System zones: 0-2, 18-18, 34-34
[   88.576129][ T5925] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.588766][ T5925] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   88.621452][ T5934] loop4: detected capacity change from 0 to 128
[   88.821041][ T5948] SELinux: syz.2.811 (5948) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   89.000260][ T5955] lo speed is unknown, defaulting to 1000
[   89.026937][ T5955] lo speed is unknown, defaulting to 1000
[   89.393181][ T5961] loop1: detected capacity change from 0 to 512
[   89.400642][ T5961] EXT4-fs: Ignoring removed nobh option
[   89.410586][ T5961] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   89.418899][ T5961] System zones: 0-2, 18-18, 34-34
[   89.430701][ T5961] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.445752][ T5961] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   89.661710][ T5972] SELinux: syz.4.821 (5972) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   89.698150][ T5978] SELinux: syz.2.823 (5978) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   89.741167][ T5972] loop4: detected capacity change from 0 to 4096
[   89.748093][ T5972] ext4: Unknown parameter 'subj_role'
[   89.782313][ T5989] siw: device registration error -23
[   89.788656][ T5989] loop4: detected capacity change from 0 to 128
[   89.905589][ T5998] syzkaller1: entered promiscuous mode
[   89.911666][ T5998] syzkaller1: entered allmulticast mode
[   90.132836][ T6014] syzkaller1: entered promiscuous mode
[   90.138399][ T6014] syzkaller1: entered allmulticast mode
[   90.221712][ T6016] SELinux: syz.0.836 (6016) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   90.278746][ T6016] loop0: detected capacity change from 0 to 4096
[   90.285481][ T6016] ext4: Unknown parameter 'subj_role'
[   90.327498][ T6020] siw: device registration error -23
[   90.334177][ T6020] loop0: detected capacity change from 0 to 128
[   90.473899][ T6027] syzkaller1: entered promiscuous mode
[   90.479408][ T6027] syzkaller1: entered allmulticast mode
[   90.583020][ T6035] netlink: 4 bytes leftover after parsing attributes in process `syz.1.845'.
[   90.599382][ T6035] netlink: 'syz.1.845': attribute type 13 has an invalid length.
[   90.622260][ T6038] loop0: detected capacity change from 0 to 2048
[   90.622955][ T6040] SELinux: syz.3.846 (6040) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   90.643656][ T6035] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   90.811535][ T6038] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   90.831042][ T6054] siw: device registration error -23
[   90.845591][ T6054] loop1: detected capacity change from 0 to 128
[   90.854280][ T6038] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1968 with error 28
[   90.866871][ T6038] EXT4-fs (loop0): This should not happen!! Data will be lost
[   90.866871][ T6038] 
[   90.876579][ T6038] EXT4-fs (loop0): Total free blocks count 0
[   90.882643][ T6038] EXT4-fs (loop0): Free/Dirty block details
[   90.888546][ T6038] EXT4-fs (loop0): free_blocks=2415919104
[   90.894439][ T6038] EXT4-fs (loop0): dirty_blocks=1984
[   90.899788][ T6038] EXT4-fs (loop0): Block reservation details
[   90.905766][ T6038] EXT4-fs (loop0): i_reserved_data_blocks=124
[   90.940777][ T6061] syzkaller1: entered promiscuous mode
[   90.946271][ T6061] syzkaller1: entered allmulticast mode
[   91.027143][   T52] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   91.039559][   T52] EXT4-fs (loop0): This should not happen!! Data will be lost
[   91.039559][   T52] 
[   91.111807][ T6070] loop2: detected capacity change from 0 to 512
[   91.120000][ T6070] EXT4-fs: Ignoring removed nobh option
[   91.142406][ T6070] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   91.155739][ T6074] loop4: detected capacity change from 0 to 512
[   91.159515][ T6070] System zones: 0-2, 18-18, 34-34
[   91.168118][ T6070] ext4 filesystem being mounted at /173/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   91.182441][ T6070] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   91.225886][ T6074] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   91.234483][ T6074] EXT4-fs (loop4): orphan cleanup on readonly fs
[   91.251467][ T6074] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.857: corrupted inode contents
[   91.276478][ T6074] EXT4-fs (loop4): Remounting filesystem read-only
[   91.284227][ T6087] SELinux: syz.2.860 (6087) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   91.299147][ T6074] EXT4-fs (loop4): 1 truncate cleaned up
[   91.304938][   T41] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   91.315586][   T41] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   91.372548][   T41] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   91.449521][ T6089] loop2: detected capacity change from 0 to 4096
[   91.457135][ T6089] ext4: Unknown parameter 'subj_role'
[   91.474344][ T6092] siw: device registration error -23
[   91.482278][ T6092] netlink: 24 bytes leftover after parsing attributes in process `syz.4.861'.
[   91.592118][ T6095] loop2: detected capacity change from 0 to 128
[   91.771229][ T6097] siw: device registration error -23
[   91.809311][ T6097] loop4: detected capacity change from 0 to 128
[   91.827539][ T6101] loop1: detected capacity change from 0 to 128
[   91.920048][ T6111] SELinux: syz.1.869 (6111) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   91.978759][ T6111] loop1: detected capacity change from 0 to 4096
[   91.989869][ T6111] ext4: Unknown parameter 'subj_role'
[   91.998804][ T6117] netlink: 4 bytes leftover after parsing attributes in process `syz.3.871'.
[   92.007999][ T6117] netlink: 'syz.3.871': attribute type 13 has an invalid length.
[   92.025495][ T6119] SELinux: syz.4.872 (6119) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   92.055466][ T6117] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   92.071816][   T36] lo speed is unknown, defaulting to 1000
[   92.104024][ T6119] loop4: detected capacity change from 0 to 4096
[   92.126036][ T6119] ext4: Unknown parameter 'subj_role'
[   92.135919][ T6125] loop1: detected capacity change from 0 to 512
[   92.143001][ T6127] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   92.148166][ T6125] EXT4-fs: Ignoring removed nobh option
[   92.189866][   T29] kauditd_printk_skb: 407 callbacks suppressed
[   92.189880][   T29] audit: type=1326 audit(1751172223.669:8521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6126 comm="syz.3.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[   92.230547][ T6125] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   92.239001][ T6131] siw: device registration error -23
[   92.243479][ T6134] loop0: detected capacity change from 0 to 2048
[   92.246573][ T6125] System zones: 0-2, 18-18, 34-34
[   92.257252][   T29] audit: type=1400 audit(1751172223.729:8522): avc:  denied  { mount } for  pid=6124 comm="syz.1.875" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   92.279074][ T6125] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   92.284980][ T6131] loop4: detected capacity change from 0 to 128
[   92.305744][ T6125] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   92.309540][   T29] audit: type=1400 audit(1751172223.759:8523): avc:  denied  { create } for  pid=6132 comm="syz.3.878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   92.339595][   T29] audit: type=1400 audit(1751172223.759:8524): avc:  denied  { setopt } for  pid=6132 comm="syz.3.878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   92.359012][   T29] audit: type=1400 audit(1751172223.779:8525): avc:  denied  { remove_name } for  pid=6124 comm="syz.1.875" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   92.381738][   T29] audit: type=1400 audit(1751172223.779:8526): avc:  denied  { rename } for  pid=6124 comm="syz.1.875" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   92.407246][   T29] audit: type=1400 audit(1751172223.779:8527): avc:  denied  { add_name } for  pid=6124 comm="syz.1.875" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   92.429606][   T29] audit: type=1400 audit(1751172223.779:8528): avc:  denied  { unlink } for  pid=6124 comm="syz.1.875" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   92.451985][   T29] audit: type=1400 audit(1751172223.799:8529): avc:  denied  { create } for  pid=6124 comm="syz.1.875" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   92.472599][   T29] audit: type=1400 audit(1751172223.859:8530): avc:  denied  { unmount } for  pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   92.477092][ T6134] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   92.507546][ T6134] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   92.520192][ T6134] EXT4-fs (loop0): This should not happen!! Data will be lost
[   92.520192][ T6134] 
[   92.530010][ T6134] EXT4-fs (loop0): Total free blocks count 0
[   92.536005][ T6134] EXT4-fs (loop0): Free/Dirty block details
[   92.541971][ T6134] EXT4-fs (loop0): free_blocks=2415919104
[   92.547807][ T6134] EXT4-fs (loop0): dirty_blocks=2192
[   92.553123][ T6134] EXT4-fs (loop0): Block reservation details
[   92.559094][ T6134] EXT4-fs (loop0): i_reserved_data_blocks=137
[   92.658594][ T6150] loop1: detected capacity change from 0 to 2048
[   92.760378][ T6164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.886'.
[   92.769769][ T6164] netlink: 'syz.0.886': attribute type 13 has an invalid length.
[   92.771429][ T6166] SELinux: syz.4.887 (6166) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   92.791455][ T6164] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   92.813513][ T6166] loop4: detected capacity change from 0 to 4096
[   92.820673][ T6166] ext4: Unknown parameter 'subj_role'
[   92.870565][ T6150] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   92.886008][ T6150] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1890 with error 28
[   92.898506][ T6150] EXT4-fs (loop1): This should not happen!! Data will be lost
[   92.898506][ T6150] 
[   92.908256][ T6150] EXT4-fs (loop1): Total free blocks count 0
[   92.914284][ T6150] EXT4-fs (loop1): Free/Dirty block details
[   92.920208][ T6150] EXT4-fs (loop1): free_blocks=2415919104
[   92.925954][ T6150] EXT4-fs (loop1): dirty_blocks=1904
[   92.931304][ T6150] EXT4-fs (loop1): Block reservation details
[   92.937303][ T6150] EXT4-fs (loop1): i_reserved_data_blocks=119
[   92.993405][ T6180] loop4: detected capacity change from 0 to 1024
[   93.083514][ T6186] siw: device registration error -23
[   93.108782][  T272] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   93.114718][ T6186] loop4: detected capacity change from 0 to 128
[   93.121441][  T272] EXT4-fs (loop1): This should not happen!! Data will be lost
[   93.121441][  T272] 
[   93.262893][ T6207] SELinux: syz.1.899 (6207) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   93.296036][ T6207] loop1: detected capacity change from 0 to 4096
[   93.303129][ T6207] ext4: Unknown parameter 'subj_role'
[   93.312201][ T6208] netlink: 'syz.3.894': attribute type 7 has an invalid length.
[   93.348428][ T6211] syzkaller1: entered promiscuous mode
[   93.354044][ T6211] syzkaller1: entered allmulticast mode
[   93.539924][ T6216] loop1: detected capacity change from 0 to 2048
[   93.708107][ T6219] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   93.735891][ T6219] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 656 with error 28
[   93.748569][ T6219] EXT4-fs (loop1): This should not happen!! Data will be lost
[   93.748569][ T6219] 
[   93.758596][ T6219] EXT4-fs (loop1): Total free blocks count 0
[   93.764831][ T6219] EXT4-fs (loop1): Free/Dirty block details
[   93.770744][ T6219] EXT4-fs (loop1): free_blocks=2415919104
[   93.776486][ T6219] EXT4-fs (loop1): dirty_blocks=672
[   93.781714][ T6219] EXT4-fs (loop1): Block reservation details
[   93.787701][ T6219] EXT4-fs (loop1): i_reserved_data_blocks=42
[   93.834055][ T3632] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   93.846445][ T3632] EXT4-fs (loop1): This should not happen!! Data will be lost
[   93.846445][ T3632] 
[   93.846484][ T6231] loop0: detected capacity change from 0 to 2048
[   93.895586][ T6240] siw: device registration error -23
[   93.909753][ T6240] loop1: detected capacity change from 0 to 128
[   93.975911][ T6244] SELinux: syz.1.910 (6244) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   93.993381][ T6246] syzkaller1: entered promiscuous mode
[   93.998870][ T6246] syzkaller1: entered allmulticast mode
[   94.030555][ T6244] loop1: detected capacity change from 0 to 4096
[   94.037374][ T6244] ext4: Unknown parameter 'subj_role'
[   94.042532][ T6242] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   94.077273][ T6242] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   94.089966][ T6242] EXT4-fs (loop0): This should not happen!! Data will be lost
[   94.089966][ T6242] 
[   94.099707][ T6242] EXT4-fs (loop0): Total free blocks count 0
[   94.105699][ T6242] EXT4-fs (loop0): Free/Dirty block details
[   94.111666][ T6242] EXT4-fs (loop0): free_blocks=2415919104
[   94.117389][ T6242] EXT4-fs (loop0): dirty_blocks=2160
[   94.122836][ T6242] EXT4-fs (loop0): Block reservation details
[   94.128878][ T6242] EXT4-fs (loop0): i_reserved_data_blocks=135
[   94.208270][ T6261] loop4: detected capacity change from 0 to 2048
[   94.242051][   T41] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   94.254479][   T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[   94.254479][   T41] 
[   94.303069][ T6269] siw: device registration error -23
[   94.323593][ T6269] loop0: detected capacity change from 0 to 128
[   94.340636][ T6268] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   94.355712][ T6268] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1936 with error 28
[   94.368195][ T6268] EXT4-fs (loop4): This should not happen!! Data will be lost
[   94.368195][ T6268] 
[   94.377859][ T6268] EXT4-fs (loop4): Total free blocks count 0
[   94.383879][ T6268] EXT4-fs (loop4): Free/Dirty block details
[   94.390054][ T6268] EXT4-fs (loop4): free_blocks=2415919104
[   94.395825][ T6268] EXT4-fs (loop4): dirty_blocks=1952
[   94.401266][ T6268] EXT4-fs (loop4): Block reservation details
[   94.407244][ T6268] EXT4-fs (loop4): i_reserved_data_blocks=122
[   94.457278][   T41] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   94.473377][   T41] EXT4-fs (loop4): This should not happen!! Data will be lost
[   94.473377][   T41] 
[   94.652974][ T6284] netlink: 'syz.4.922': attribute type 7 has an invalid length.
[   94.661914][ T6283] loop1: detected capacity change from 0 to 1024
[   94.670840][ T6283] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.739641][ T3632] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm kworker/u8:8: bg 0: block 393: padding at end of block bitmap is not set
[   94.754541][ T3632] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[   94.767232][ T3632] EXT4-fs (loop1): This should not happen!! Data will be lost
[   94.767232][ T3632] 
[   94.974819][ T6299] netlink: 60 bytes leftover after parsing attributes in process `syz.2.931'.
[   94.986666][ T6299] loop2: detected capacity change from 0 to 512
[   95.017957][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.932'.
[   95.026930][ T6303] bridge_slave_1: left allmulticast mode
[   95.033008][ T6303] bridge_slave_1: left promiscuous mode
[   95.038762][ T6303] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.049904][ T6299] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   95.058114][ T6299] EXT4-fs (loop2): orphan cleanup on readonly fs
[   95.066279][ T6303] bridge_slave_0: left allmulticast mode
[   95.072033][ T6303] bridge_slave_0: left promiscuous mode
[   95.077760][ T6303] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.086391][ T6299] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.931: Failed to acquire dquot type 1
[   95.098187][ T6299] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.931: bg 0: block 40: padding at end of block bitmap is not set
[   95.118654][ T6299] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   95.127902][ T6299] EXT4-fs (loop2): 1 truncate cleaned up
[   95.226887][ T6308] syzkaller1: entered promiscuous mode
[   95.232460][ T6308] syzkaller1: entered allmulticast mode
[   95.349560][ T6320] SELinux: syz.4.939 (6320) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   95.377134][ T6322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.940'.
[   95.386724][ T6322] netlink: 'syz.3.940': attribute type 13 has an invalid length.
[   95.402305][ T6322] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   95.438020][ T6320] loop4: detected capacity change from 0 to 4096
[   95.446283][ T6320] ext4: Unknown parameter 'subj_role'
[   95.499015][ T6332] loop0: detected capacity change from 0 to 512
[   95.506279][ T6332] EXT4-fs: dax option not supported
[   95.516629][ T6332] loop0: detected capacity change from 0 to 128
[   95.696784][ T6348] syzkaller1: entered promiscuous mode
[   95.702460][ T6348] syzkaller1: entered allmulticast mode
[   95.901766][ T6356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.951'.
[   95.910966][ T6356] netlink: 'syz.0.951': attribute type 13 has an invalid length.
[   95.925993][ T6356] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.286040][ T6372] loop2: detected capacity change from 0 to 512
[   96.301267][ T6372] EXT4-fs mount: 30 callbacks suppressed
[   96.301282][ T6372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.320934][ T6372] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.410751][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.476305][ T6381] loop4: detected capacity change from 0 to 2048
[   96.557484][ T6381] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   96.703430][ T6387] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   96.738613][ T6392] loop2: detected capacity change from 0 to 512
[   96.758712][ T6387] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 816 with error 28
[   96.771150][ T6387] EXT4-fs (loop4): This should not happen!! Data will be lost
[   96.771150][ T6387] 
[   96.780803][ T6387] EXT4-fs (loop4): Total free blocks count 0
[   96.786792][ T6387] EXT4-fs (loop4): Free/Dirty block details
[   96.792729][ T6387] EXT4-fs (loop4): free_blocks=2415919104
[   96.798444][ T6387] EXT4-fs (loop4): dirty_blocks=832
[   96.803667][ T6387] EXT4-fs (loop4): Block reservation details
[   96.807365][ T6392] EXT4-fs: Ignoring removed nobh option
[   96.809670][ T6387] EXT4-fs (loop4): i_reserved_data_blocks=52
[   96.839276][ T6392] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[   96.850188][ T6396] siw: device registration error -23
[   96.855073][ T6392] System zones: 0-2, 18-18, 34-34
[   96.871196][ T6396] loop1: detected capacity change from 0 to 128
[   96.874759][ T6392] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.890684][ T6392] ext4 filesystem being mounted at /199/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.905298][ T3632] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   96.919225][ T6392] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   96.947607][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.962704][ T6403] FAULT_INJECTION: forcing a failure.
[   96.962704][ T6403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.975895][ T6403] CPU: 1 UID: 0 PID: 6403 Comm: syz.4.969 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[   96.975947][ T6403] Tainted: [W]=WARN
[   96.976012][ T6403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   96.976023][ T6403] Call Trace:
[   96.976029][ T6403]  <TASK>
[   96.976036][ T6403]  __dump_stack+0x1d/0x30
[   96.976058][ T6403]  dump_stack_lvl+0xe8/0x140
[   96.976077][ T6403]  dump_stack+0x15/0x1b
[   96.976092][ T6403]  should_fail_ex+0x265/0x280
[   96.976195][ T6403]  should_fail+0xb/0x20
[   96.976222][ T6403]  should_fail_usercopy+0x1a/0x20
[   96.976282][ T6403]  _copy_from_iter+0xcf/0xe40
[   96.976364][ T6403]  ? __build_skb_around+0x1a0/0x200
[   96.976433][ T6403]  ? __alloc_skb+0x223/0x320
[   96.976462][ T6403]  netlink_sendmsg+0x471/0x6b0
[   96.976485][ T6403]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.976504][ T6403]  __sock_sendmsg+0x145/0x180
[   96.976629][ T6403]  ____sys_sendmsg+0x31e/0x4e0
[   96.976660][ T6403]  ___sys_sendmsg+0x17b/0x1d0
[   96.976729][ T6403]  __x64_sys_sendmsg+0xd4/0x160
[   96.976762][ T6403]  x64_sys_call+0x2999/0x2fb0
[   96.976783][ T6403]  do_syscall_64+0xd2/0x200
[   96.976802][ T6403]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   96.976824][ T6403]  ? clear_bhb_loop+0x40/0x90
[   96.976915][ T6403]  ? clear_bhb_loop+0x40/0x90
[   96.976935][ T6403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.976952][ T6403] RIP: 0033:0x7f14b64be929
[   96.977045][ T6403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.977062][ T6403] RSP: 002b:00007f14b4b27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   96.977080][ T6403] RAX: ffffffffffffffda RBX: 00007f14b66e5fa0 RCX: 00007f14b64be929
[   96.977096][ T6403] RDX: 0000000000020000 RSI: 0000200000000500 RDI: 0000000000000005
[   96.977108][ T6403] RBP: 00007f14b4b27090 R08: 0000000000000000 R09: 0000000000000000
[   96.977119][ T6403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.977130][ T6403] R13: 0000000000000000 R14: 00007f14b66e5fa0 R15: 00007fff68179bf8
[   96.977147][ T6403]  </TASK>
[   97.242745][ T6413] netlink: 4 bytes leftover after parsing attributes in process `syz.3.973'.
[   97.267499][ T6413] netlink: 'syz.3.973': attribute type 13 has an invalid length.
[   97.287610][ T6413] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   97.324022][   T29] kauditd_printk_skb: 222 callbacks suppressed
[   97.324099][   T29] audit: type=1326 audit(1751172228.799:8751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.353714][   T29] audit: type=1326 audit(1751172228.799:8752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.377190][   T29] audit: type=1400 audit(1751172228.809:8753): avc:  denied  { name_connect } for  pid=6419 comm="syz.3.975" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[   97.399362][   T29] audit: type=1326 audit(1751172228.809:8754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.422732][   T29] audit: type=1326 audit(1751172228.809:8755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.446143][   T29] audit: type=1326 audit(1751172228.809:8756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.469513][   T29] audit: type=1326 audit(1751172228.809:8757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.493010][   T29] audit: type=1326 audit(1751172228.809:8758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.516447][   T29] audit: type=1326 audit(1751172228.809:8759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.539706][   T29] audit: type=1326 audit(1751172228.809:8760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6406 comm="syz.1.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a152ee929 code=0x7ffc0000
[   97.568895][ T6425] syzkaller1: entered promiscuous mode
[   97.574483][ T6425] syzkaller1: entered allmulticast mode
[   97.717999][ T6427] loop2: detected capacity change from 0 to 2048
[   97.730783][ T6427] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   97.849759][ T6430] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   97.865082][ T6430] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   97.877593][ T6430] EXT4-fs (loop2): This should not happen!! Data will be lost
[   97.877593][ T6430] 
[   97.887352][ T6430] EXT4-fs (loop2): Total free blocks count 0
[   97.893420][ T6430] EXT4-fs (loop2): Free/Dirty block details
[   97.899314][ T6430] EXT4-fs (loop2): free_blocks=2415919104
[   97.905061][ T6430] EXT4-fs (loop2): dirty_blocks=2800
[   97.910396][ T6430] EXT4-fs (loop2): Block reservation details
[   97.916390][ T6430] EXT4-fs (loop2): i_reserved_data_blocks=175
[   97.970749][   T41] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[   98.001344][ T6434] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.053625][ T6434] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.103439][ T6434] bond0: (slave netdevsim1): Releasing backup interface
[   98.121996][ T6434] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.149365][ T6442] loop1: detected capacity change from 0 to 1024
[   98.156832][ T6438] siw: device registration error -23
[   98.167197][ T6442] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   98.178221][ T6442] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   98.198263][ T6434] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.208932][ T6442] JBD2: no valid journal superblock found
[   98.214693][ T6442] EXT4-fs (loop1): Could not load journal inode
[   98.215931][ T6438] loop0: detected capacity change from 0 to 128
[   98.251561][ T6442] Cannot find add_set index 0 as target
[   98.269994][ T6434] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.281516][ T6434] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.293464][ T6434] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.305084][ T6434] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.360305][ T6453] loop2: detected capacity change from 0 to 512
[   98.399017][ T6453] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.417365][ T6453] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   98.494737][ T6462] syzkaller1: entered promiscuous mode
[   98.500291][ T6462] syzkaller1: entered allmulticast mode
[   98.521966][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.534245][ T6463] netlink: 'syz.1.985': attribute type 7 has an invalid length.
[   99.438916][ T6482] SELinux: syz.4.994 (6482) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   99.517138][ T6483] loop4: detected capacity change from 0 to 4096
[   99.523837][ T6483] ext4: Unknown parameter 'subj_role'
[   99.826138][ T6499] netlink: 'syz.2.999': attribute type 7 has an invalid length.
[  100.041087][ T6501] loop0: detected capacity change from 0 to 512
[  100.047700][ T6501] EXT4-fs: Ignoring removed nobh option
[  100.070467][ T6501] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  100.078612][ T6501] System zones: 0-2, 18-18, 34-34
[  100.084681][ T6501] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.097429][ T6501] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.121720][ T6501] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  100.154746][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.575570][ T6517] loop2: detected capacity change from 0 to 1024
[  100.583709][ T6517] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  100.594736][ T6517] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  100.606219][ T6517] JBD2: no valid journal superblock found
[  100.612087][ T6517] EXT4-fs (loop2): Could not load journal inode
[  100.739576][ T6519] lo speed is unknown, defaulting to 1000
[  100.787847][ T6519] lo speed is unknown, defaulting to 1000
[  101.067839][ T6517] Cannot find del_set index 2 as target
[  101.200778][ T6525] SELinux: syz.0.1008 (6525) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  101.286504][ T6532] loop0: detected capacity change from 0 to 4096
[  101.295694][ T6534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1012'.
[  101.305668][ T6534] netlink: 'syz.2.1012': attribute type 13 has an invalid length.
[  101.324215][ T6532] ext4: Unknown parameter 'subj_role'
[  101.329839][ T6534] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  101.387933][ T6538] loop4: detected capacity change from 0 to 1024
[  101.401753][ T6536] loop0: detected capacity change from 0 to 512
[  101.420429][ T6538] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  101.431482][ T6538] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  101.444063][ T6536] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.456870][ T6536] ext4 filesystem being mounted at /224/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.460010][ T6538] JBD2: no valid journal superblock found
[  101.473233][ T6538] EXT4-fs (loop4): Could not load journal inode
[  101.496982][ T6546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.518320][ T6546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.541502][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.596269][ T6538] Cannot find add_set index 0 as target
[  101.633621][ T6548] loop2: detected capacity change from 0 to 2048
[  101.657992][ T6548] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  101.798675][ T6559] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  101.814812][ T6559] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1320 with error 28
[  101.827376][ T6559] EXT4-fs (loop2): This should not happen!! Data will be lost
[  101.827376][ T6559] 
[  101.837125][ T6559] EXT4-fs (loop2): Total free blocks count 0
[  101.843213][ T6559] EXT4-fs (loop2): Free/Dirty block details
[  101.849146][ T6559] EXT4-fs (loop2): free_blocks=2415919104
[  101.854934][ T6559] EXT4-fs (loop2): dirty_blocks=1328
[  101.860260][ T6559] EXT4-fs (loop2): Block reservation details
[  101.866253][ T6559] EXT4-fs (loop2): i_reserved_data_blocks=83
[  101.954418][ T3632] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  102.052550][ T6564] loop2: detected capacity change from 0 to 512
[  102.059222][ T6564] EXT4-fs: Ignoring removed orlov option
[  102.099707][ T6566] SELinux: syz.3.1023 (6566) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  102.122563][ T6564] EXT4-fs: Ignoring removed nomblk_io_submit option
[  102.129261][ T6564] EXT4-fs: Ignoring removed orlov option
[  102.154065][ T6564] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846c01c, mo2=0002]
[  102.170038][ T6564] System zones: 1-12
[  102.178885][ T6564] EXT4-fs error (device loop2): ext4_init_orphan_info:585: comm syz.2.1021: inode #0: comm syz.2.1021: iget: illegal inode #
[  102.229504][ T6564] EXT4-fs (loop2): get orphan inode failed
[  102.235404][ T6564] EXT4-fs (loop2): mount failed
[  102.566187][ T6583] loop4: detected capacity change from 0 to 512
[  102.583625][ T6583] EXT4-fs: Ignoring removed nobh option
[  102.612881][ T6583] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  102.637380][ T6583] System zones: 0-2, 18-18, 34-34
[  102.654086][ T6583] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.670608][ T6583] ext4 filesystem being mounted at /171/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.689335][ T6583] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  102.735453][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.993658][   T29] kauditd_printk_skb: 235 callbacks suppressed
[  102.993684][   T29] audit: type=1400 audit(1751172234.469:8996): avc:  denied  { read } for  pid=6590 comm="syz.4.1032" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  103.023078][   T29] audit: type=1400 audit(1751172234.469:8997): avc:  denied  { open } for  pid=6590 comm="syz.4.1032" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  103.053926][   T29] audit: type=1400 audit(1751172234.519:8998): avc:  denied  { ioctl } for  pid=6590 comm="syz.4.1032" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  103.086425][ T6596] loop4: detected capacity change from 0 to 1024
[  103.093599][ T6596] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  103.104503][ T6596] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  103.117810][ T6596] JBD2: no valid journal superblock found
[  103.123592][ T6596] EXT4-fs (loop4): Could not load journal inode
[  103.146596][ T6596] Cannot find add_set index 0 as target
[  103.154424][ T6598] SELinux: syz.3.1035 (6598) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  103.405977][ T6619] loop4: detected capacity change from 0 to 2048
[  103.425784][ T6622] loop0: detected capacity change from 0 to 512
[  103.743051][ T6622] EXT4-fs: Ignoring removed orlov option
[  103.754974][ T6622] EXT4-fs: Ignoring removed nomblk_io_submit option
[  103.761660][ T6622] EXT4-fs: Ignoring removed orlov option
[  103.771119][ T6619] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  103.795831][ T6622] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846c01c, mo2=0002]
[  103.804156][ T6622] System zones: 1-12
[  103.812605][ T6622] EXT4-fs error (device loop0): ext4_init_orphan_info:585: comm syz.0.1044: inode #0: comm syz.0.1044: iget: illegal inode #
[  103.826296][ T6622] EXT4-fs (loop0): get orphan inode failed
[  103.833092][ T6622] EXT4-fs (loop0): mount failed
[  103.924255][ T6619] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  103.960354][ T6619] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  103.973177][ T6619] EXT4-fs (loop4): This should not happen!! Data will be lost
[  103.973177][ T6619] 
[  103.982890][ T6619] EXT4-fs (loop4): Total free blocks count 0
[  103.988881][ T6619] EXT4-fs (loop4): Free/Dirty block details
[  103.994869][ T6619] EXT4-fs (loop4): free_blocks=2415919104
[  104.000787][ T6619] EXT4-fs (loop4): dirty_blocks=2736
[  104.006080][ T6619] EXT4-fs (loop4): Block reservation details
[  104.012088][ T6619] EXT4-fs (loop4): i_reserved_data_blocks=171
[  104.062532][  T272] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  104.281213][ T6649] SELinux: syz.0.1053 (6649) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  104.327512][   T29] audit: type=1326 audit(1751172235.799:8999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.351041][   T29] audit: type=1326 audit(1751172235.799:9000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.352331][ T6649] loop0: detected capacity change from 0 to 4096
[  104.374316][   T29] audit: type=1326 audit(1751172235.799:9001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.374356][   T29] audit: type=1326 audit(1751172235.799:9002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.382453][ T6649] ext4: Unknown parameter 'subj_role'
[  104.404115][   T29] audit: type=1326 audit(1751172235.799:9003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.456320][   T29] audit: type=1326 audit(1751172235.799:9004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.456366][   T29] audit: type=1326 audit(1751172235.799:9005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966372e929 code=0x7ffc0000
[  104.552822][ T6661] loop0: detected capacity change from 0 to 128
[  104.713924][ T6669] loop0: detected capacity change from 0 to 128
[  104.812529][ T6673] loop2: detected capacity change from 0 to 512
[  104.831923][ T6673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.846413][ T6673] ext4 filesystem being mounted at /215/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.873895][ T3381] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  104.881928][ T3381] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  104.963853][ T6687] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1069'.
[  104.972888][ T6687] netlink: 'syz.0.1069': attribute type 11 has an invalid length.
[  105.035424][ T6692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1070'.
[  105.044830][ T6692] netlink: 'syz.4.1070': attribute type 13 has an invalid length.
[  105.066421][ T6692] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.074916][ T6692] 8021q: adding VLAN 0 to HW filter on device team0
[  105.077586][ T6694] loop0: detected capacity change from 0 to 128
[  105.091571][ T6692] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  105.142199][ T6700] loop4: detected capacity change from 0 to 128
[  105.229155][ T6708] FAULT_INJECTION: forcing a failure.
[  105.229155][ T6708] name failslab, interval 1, probability 0, space 0, times 0
[  105.241996][ T6708] CPU: 1 UID: 0 PID: 6708 Comm: syz.1.1077 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[  105.242025][ T6708] Tainted: [W]=WARN
[  105.242031][ T6708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.242092][ T6708] Call Trace:
[  105.242099][ T6708]  <TASK>
[  105.242107][ T6708]  __dump_stack+0x1d/0x30
[  105.242129][ T6708]  dump_stack_lvl+0xe8/0x140
[  105.242149][ T6708]  dump_stack+0x15/0x1b
[  105.242197][ T6708]  should_fail_ex+0x265/0x280
[  105.242272][ T6708]  should_failslab+0x8c/0xb0
[  105.242294][ T6708]  kmem_cache_alloc_noprof+0x50/0x310
[  105.242317][ T6708]  ? getname_flags+0x80/0x3b0
[  105.242338][ T6708]  getname_flags+0x80/0x3b0
[  105.242371][ T6708]  __x64_sys_symlinkat+0x4d/0x70
[  105.242472][ T6708]  x64_sys_call+0x1558/0x2fb0
[  105.242490][ T6708]  do_syscall_64+0xd2/0x200
[  105.242512][ T6708]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  105.242533][ T6708]  ? clear_bhb_loop+0x40/0x90
[  105.242576][ T6708]  ? clear_bhb_loop+0x40/0x90
[  105.242641][ T6708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.242663][ T6708] RIP: 0033:0x7f9a152ee929
[  105.242680][ T6708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.242697][ T6708] RSP: 002b:00007f9a13957038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[  105.242781][ T6708] RAX: ffffffffffffffda RBX: 00007f9a15515fa0 RCX: 00007f9a152ee929
[  105.242856][ T6708] RDX: 0000200000000000 RSI: ffffffffffffff9c RDI: 0000000000000000
[  105.242868][ T6708] RBP: 00007f9a13957090 R08: 0000000000000000 R09: 0000000000000000
[  105.242880][ T6708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.242891][ T6708] R13: 0000000000000000 R14: 00007f9a15515fa0 R15: 00007fff05dff318
[  105.242935][ T6708]  </TASK>
[  105.468121][ T6726] loop1: detected capacity change from 0 to 512
[  105.476403][ T6726] EXT4-fs: Ignoring removed nobh option
[  105.490698][ T6726] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  105.498872][ T6726] System zones: 0-2, 18-18, 34-34
[  105.505081][ T6726] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.519048][ T6726] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.533471][ T6732] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1084'.
[  105.544129][ T6726] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  105.558719][ T6732] netlink: 'syz.4.1084': attribute type 13 has an invalid length.
[  105.580508][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.590541][ T6732] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  105.716097][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.919575][ T6745] ==================================================================
[  105.927695][ T6745] BUG: KCSAN: data-race in atime_needs_update / touch_atime
[  105.934985][ T6745] 
[  105.937308][ T6745] read to 0xffff8881198f1548 of 4 bytes by task 6743 on cpu 1:
[  105.944849][ T6745]  atime_needs_update+0x25f/0x3e0
[  105.949884][ T6745]  touch_atime+0x4a/0x340
[  105.954216][ T6745]  shmem_file_read_iter+0x477/0x540
[  105.959417][ T6745]  copy_splice_read+0x3c4/0x5f0
[  105.964269][ T6745]  splice_direct_to_actor+0x290/0x680
[  105.969654][ T6745]  do_splice_direct+0xda/0x150
[  105.974428][ T6745]  do_sendfile+0x380/0x650
[  105.978855][ T6745]  __x64_sys_sendfile64+0x105/0x150
[  105.984060][ T6745]  x64_sys_call+0xb39/0x2fb0
[  105.988687][ T6745]  do_syscall_64+0xd2/0x200
[  105.993217][ T6745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.999113][ T6745] 
[  106.001429][ T6745] write to 0xffff8881198f1548 of 4 bytes by task 6745 on cpu 0:
[  106.009056][ T6745]  touch_atime+0x1e8/0x340
[  106.013478][ T6745]  shmem_file_read_iter+0x477/0x540
[  106.018685][ T6745]  copy_splice_read+0x3c4/0x5f0
[  106.023552][ T6745]  splice_direct_to_actor+0x290/0x680
[  106.028937][ T6745]  do_splice_direct+0xda/0x150
[  106.033709][ T6745]  do_sendfile+0x380/0x650
[  106.038132][ T6745]  __x64_sys_sendfile64+0x105/0x150
[  106.043332][ T6745]  x64_sys_call+0xb39/0x2fb0
[  106.047927][ T6745]  do_syscall_64+0xd2/0x200
[  106.052437][ T6745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.058339][ T6745] 
[  106.060658][ T6745] value changed: 0x173bed92 -> 0x17d48412
[  106.066370][ T6745] 
[  106.068691][ T6745] Reported by Kernel Concurrency Sanitizer on:
[  106.074840][ T6745] CPU: 0 UID: 0 PID: 6745 Comm: syz.3.1089 Tainted: G        W           6.16.0-rc3-syzkaller-00319-gded779017ad7 #0 PREEMPT(voluntary) 
[  106.088820][ T6745] Tainted: [W]=WARN
[  106.092616][ T6745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  106.102670][ T6745] ==================================================================
[  106.114933][ T6756] netlink: 'syz.1.1091': attribute type 7 has an invalid length.