last executing test programs:

2m51.52955709s ago: executing program 1 (id=562):
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r0, &(0x7f0000000700)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x405, @loopback={0xff00000000000000}, 0xff}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000380)=[{0x0}, {0x0}], 0x2, &(0x7f0000000600)=[@pktinfo={{0x24, 0x29, 0x32, {@dev={0xfe, 0x80, '\x00', 0x42}}}}, @hopopts_2292={{0xd0, 0x29, 0x36, {0x5c, 0x16, '\x00', [@pad1, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x2, [0x0, 0x0]}, @hao={0xc9, 0x10, @local}, @generic={0x9, 0x8c, "c08f3217bbdaabc63864bbefa5b31139ff71089252e2dd467835556c73f24c48ff01d690ce001559969416df2b486e3ceb4b3acb1df9a8cc6c07b9dcfd0d8fe23aaaff1cff7d642261e6cbdd768eef26192db36998877dcdf7b207ac5719c13f4f6eb2a44c3bca3594299dd55c051cfd74e378e7627cae230e45c91c2d9ef2a298314f6d62fc5c19f7afabf7"}]}}}], 0xf8}}], 0x2, 0x8800)

2m51.475858151s ago: executing program 1 (id=553):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x94}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0x25)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000280)=0x5, 0x4)
fcntl$setlease(r1, 0x400, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r3=>0x0})
bind$can_raw(r2, &(0x7f0000000200)={0x1d, r3}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@getqdisc={0x28, 0x26, 0x300, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x7}, {0x2}, {0x0, 0x7}}, [{0x4}]}, 0x28}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x48442, 0x40)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f00000002c0)={'sit0\x00', <r7=>0x0, 0x700, 0x8000, 0x3122, 0x6, {{0x6, 0x4, 0x3, 0x4, 0x18, 0x66, 0x0, 0xaf, 0x2f, 0x0, @loopback, @loopback, {[@noop]}}}}})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r0, r7, 0x25, 0x10, @void}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
ioctl$FS_IOC_FIEMAP(r9, 0xc020660b, &(0x7f0000000240)=ANY=[@ANYBLOB="06000000000000000153d3000000000005"])

2m51.246382814s ago: executing program 1 (id=555):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x7fff}, 0x1c)
sendto$inet6(r2, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

2m51.197264885s ago: executing program 1 (id=557):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r3}, 0x10)
syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000080008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x3000046, &(0x7f0000000180), 0x1, 0x581, &(0x7f0000000d80)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHWy7cDfeyBBEHIj3eu/l8B/wrxjoYOgoeuFN5aQna9Y2bbrGpDafD5zyvjknec+Tc54375uTNAH0rZHsTyHixYj4Mok4GhFJvm4w8pUjK9stPbk5mS1JLC9//HtS3y6rNx6rcb/DeeWFiPj584jThfXtVhcWZ0rlcjqX10drs9dGqwuLZ67MlqbT6fTq+MTEuTcnxt95+62Oxfraxb+++ejB++e+OLn09Y+Pjt1L4nwcydc1x7EDt5srIzGSPydDcX7NhmMdaGw3SXq9AzyXgTzPhyLrA47GQJ71wN53KyKWgT6VbD//Q6cBe0FjHNCY228+D/5/dwYlXfT4vZUJ0Pr4B1feG4kD9bnRoaXkmZlRNt8d7kD7WRs//Xb/XrZE596HANjS7TsRcXZwcH3/l+T93ya2eNPv7MY3H2iurG1D/wfd8yAb/7y+0finUM/NP/J0XTv+ObxB7j6PrfO/8KgDzbSUjf/e3XD8+/Si1fBAXvtffcw3lFy+Uk7P5qPhUzG0P6tvdj3n3NLD5Vbrmsd/2ZK13xgL5vvxaHD/s/eZKtVKO4m52eM7ES+tGf/ua9q3rLtONjj+2fNxsc02TqT3X2m1buv4/13L30e8uuHxX31xSza/PjlaPx9GG2fFen/ePfFLq/Z7HX92/A9tHv9w0ny9trr9Nr478Hfaat0z8Uf75/++5JN6uXGu3ijVanNjEfuSD/OZ7a3V28dX79uoN7bP4j91snX/1+r8PxgRn7YZ/93jP7zcVvw9Ov5T2zr+2y88/OCzb1u1317/90a9dCq/pZ3+r90d3MlzBwAAAAAAALtNISKORFIoPi0XCsXiyuc7jsehQrlSrZ2+XJm/OhX178oOx1ChcaX7aNPnIcbyz8M26uNr6hMRcSwivho4WK8XJyvlqV4HDwAAAAAAAAAAAAAAAAAAALvE4fp3/gee1le+/7/yX9V/HejhjgHdsa2f/NYpwJ6yZf534peegF1pW6//wJ4i/6F/yX/oX/If+pf8h/4l/6F/tZH/hW7sB9B9Xv8BAAAAAAAAAAAAAAAAAAAAAAAAAACgoy5euJAty0tPbk5m9anrC/MzletnptLqTHF2frI4WZm7VpyuVKbLaXGyMrvV45UrlWtj4zF/Y7SWVmuj1YXFS7OV+au1S1dmS9PppXSoK1EBAAAAAAAAAAAAAAAAAADAf0t1YXGmVC6ncwoKLQoHN91mcBfsoULnC73umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg1T8BAAD//142O6U=")
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = syz_io_uring_setup(0x10f, &(0x7f0000000340)={0x0, 0xfad9}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000100)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0x2}, 0x18)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)

2m50.950447799s ago: executing program 1 (id=566):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffc01, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x18)
r0 = socket(0x1e, 0x2, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0xe000202b})
epoll_pwait(r2, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffff3, 0x0, 0x0)
r3 = dup3(r0, r2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000300)={0x200f})

2m49.163963925s ago: executing program 1 (id=608):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030)

2m49.149120705s ago: executing program 32 (id=608):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030)

2.405683605s ago: executing program 5 (id=3841):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001860000000000000e9ff00000400000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000080)={0x0, r1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x35, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040000)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000100)={0xfefd, 0xd15, 0x3925, 0x8, 0x9, "8bdffb70f0ffffff"})
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000006c0)=0x16)

2.352382725s ago: executing program 5 (id=3844):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

2.089429739s ago: executing program 3 (id=3851):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f80)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = dup3(r2, r1, 0x0)
recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)

1.835838073s ago: executing program 5 (id=3856):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x24000800, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
recvmmsg(r5, &(0x7f00000066c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/148, 0x94}, 0x2}], 0x1, 0x2000, 0x0)

1.172262483s ago: executing program 3 (id=3862):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = gettid()
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f00000194c0)={&(0x7f0000019380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000019480)={&(0x7f00000193c0)={0x10, 0x3f5, 0x10, 0x70bd29, 0x25dfdbfd, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x840)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
io_uring_setup(0xd0, &(0x7f0000019240)={0x0, 0x82ad, 0x80, 0x3, 0x3d4})
pread64(r2, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000196c0)=ANY=[@ANYBLOB="1500000065ffff01800000080039503230303087a31c62ac58fe8f3cd0dc9b3e792c34b79941bc9fa724f0a02ffb3a1f08418b0cb59d610efb8566ec004045cf7ddd7c7172db4072183e6a0147e47d6e0cbeb8854f769d3c92ec0b0bf703f87a1a84f78f90afd804ae32183441fbbf67709776af26f528bb80186db28955274bef5fb4ac35cbeecacd341baa4c9e024e83fb71e1cd52d0f85ded080c32fc595e8f077aefe8fdd6f67d8cf3d1893ec413232da4dd59470cd3600e380c82a97e4f487bbe1803"], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009d40", @ANYBLOB="fe4cecb210bc091b10"], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071117300000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs(0x0, &(0x7f0000000640)='uid_map\x00')
r6 = syz_open_dev$loop(&(0x7f0000000140), 0xa, 0xa382)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f00000192c0)={0x0, {}, 0x0, {}, 0x4, 0x1, 0x17, 0x1c, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "6296c8007b0000130000e8ffffff00212d00000000000000000000000900", [0x7, 0x4000000000000007]})
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000019200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
socket(0x10, 0x3, 0x0)

1.171332163s ago: executing program 3 (id=3863):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
sendto$inet(r0, &(0x7f00000005c0)="d6", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

1.112827044s ago: executing program 3 (id=3864):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800030000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001880)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000ad97b43b10e2ff543d5d546438af6c2d82f832f2b3fdc5e63e2c3ea8cbb0acf3d9274962e356372fff63158787ca478eb10b0180d063bde868c8a6e50f97a434900d0a577e9f1b7f43266dcacab4aa07a8c48f9e0f6514b60c6ad24f25293ab8518ae2961397a2007ed213fe8ce5a7e1b326c48168f8deb198ff0a1e124a4bf09308d3b8a4021b7db1b737", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{}, &(0x7f0000000400), 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f00000004c0)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xednux\x02\xc7\x12\xec\xca7\xbc\x1fS\x1c\x05y\x91\xe5\x9aL\xa9u\b\x00\x00\x00\xa0pC\x19\x9b\vY\x186\xa4\xe7\x1eg{`\xfa\xf3n\x8fIj6f\xfb\x13-g\x19(a6\x18\xe24nz\x83w8\xff\xfb\x83\f\x9a\xda\xc5w\x8eo\x02\xa3\xc1\x83\x91\xc6\xfd\x8c\xc4s\x03\x16\xa4+\xce|^\x98K_0\x8a\xb0\xff~\x1e\xd92\xb4r\xd8\xe7', 0x40, 0x110, 0x0)
mq_timedreceive(r2, 0x0, 0xfffffffffffffee3, 0x2000000, 0x0)

937.776657ms ago: executing program 5 (id=3867):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

802.908478ms ago: executing program 5 (id=3869):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000003c0)='highspeed\x00', 0xa)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

767.385969ms ago: executing program 4 (id=3872):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x3, &(0x7f0000000780)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000080)='GPL\x00', 0x8000, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000077000000fb000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0xc6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x0, 0x4c, 0x1a, 0x0, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x110, 0x140, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x6}}, @common=@unspec=@connbytes={{0x38}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0xa}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000240)={r4, 0xfffffffe, 0xff, 0x5, 0x9, 0x2, 0x4, 0x8, {0x0, @in6={{0xa, 0x4e21, 0xffffffff, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x7fff}}, 0xfc0c, 0x34, 0x8, 0x3e, 0xe22}}, &(0x7f0000000140)=0xb0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0xfe, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xa8, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
write$selinux_user(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000980)={{{@in=@dev, @in6}}, {{@in=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x4, 0x7}]})
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f00000000c0)=0xb, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r9 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0xee01, r10, 0xffffffffffffffff)
r11 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r11, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

750.069589ms ago: executing program 2 (id=3873):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
socket$key(0xf, 0x3, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x18)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=ANY=[@ANYBLOB="38010000100013070000080000000000ffffffff000000000002000000000000fe8000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000200040000000000000048000200656362286369706865725f6e756c6c29"], 0x138}, 0x1, 0xe}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xf, &(0x7f0000000e00)=ANY=[@ANYBLOB="1803000000000000000d00000000000011110000482139a1cc656f6e103d7e4d5161470de6f62d41faeb67685f745013181b6ec3705ab9ea2c31f046ea5240ccb656576cd309a13da4e9df4915f809499f4be568a172923fdf7cdf08b79fe52f3c5dcc8902ec5d21f1405e3e4d09f5b387b6f254a0cd5ff588a7c5e175314fcde20e3b19329951097a87aac2496cba650d5a7b7ee14bdb41292b4b45c633901639cb2451b0a1a767709868f58b1e100405d2e4b678b5052cfa5b625dc0906980621c122b4a9d0a92a9fd48584cfb94513d05d0a00f6462fa4617e3a6ca76f8b64a9bfeb3b372a3a22739bdf03ddd55078fe4cf0d29327ae558fca2071cf4e4b2e9e8de4aa7a8d345f9c052a4b07a124d8220956c493f600c94045c7398a5e327b65d2b2b3c929a92a530b53f233b152d7e8d2ebea4c7f94916beafc2192a5fda1f19661737a3e293cb86856f93e529d9788f02668b6a4018e506ba51ec82ec11297fc49979469813546dfa84f5b34ea5f64266f1c9a4d84a67601d72ea5a142ad689a7729e76c034deeb821b421dad503fb877d69be7638a", @ANYRES32, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, @void, @value}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cpuset.effective_mems\x00', 0x26e1, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xfffffd26)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x401c5820, &(0x7f00000001c0)=0x8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)=0x100000000000000)
r6 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r6, 0x29, 0x6, 0x0, 0x2000000)
r7 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000000), 0x1, 0x457, &(0x7f0000000700)="$eJzs3MtvG0UYAPBvbSdt+iChKo8+gECLqHgkTVpKD1xAgDiAhASHcgxOWpW6DWqCRKsKCkLliCpxRxyR+As4wQUBJySucEeVKtRLCyejtXdrx7GTtHHsEv9+0rYzsxPNfJ4de3YnTgADazz9J4nYERF/RMRoPbu0wnj9v1s3LpX/uXGpnES1+vbfSa3ezRuXynnV/Oe255lSROHzJPa1aXfhwsUzM5XK3PksP7l49oPJhQsXnzt9dubU3Km5c9PHjx89MvXCsennsxpb1xVnGtfNvR/P79/z+rtX3yyfuPreL98lefwtcXTJ+Eonn6xWu9xcf+1sSielPnaEO1KsT9MYqs3/0ShGY/BG49XP+to5YENVq9Xqg51PX64Cm1gSbQpLBxtvD8AmlX/Qp/e/+dGLdce94vpL9RugNO5b2VE/U4pCVmeo5f62m8Yj4sTlf79Oj1j9OcSWDeoGADBAfkjXP8+2W/8Vovm50H3ZHspYRNwfEbsi4lhE7I6IByJqdR+KiIfvsP3WTZLl65/CtbsKbI3S9d+L2d7W0vVfvvqLsWKW21mLfyg5eboydzh7TQ7F0JY0P7VCGz++8vuXnc41r//SI20/Xwtm/bhWaln1zc4szqwn5mbXP43YW2oXf3J7JyCJiD0Rsfcu2zj99Lf7O51bPf4VdGGfqfpNxFP18b8cLfHnkpX3Jye3RmXu8GR+VSz3629X3urU/rri74J0/Le1vf5vxz+WNO/XLqRFw3fUxpU/vyg3ptNSd3v9DyfvLCn7aGZx8fxUxHDyRr3TzeXTLfWmG/XT+A8daD//d0XjldgXEelF/EhEPBoRj2V9fzwinoiIAyvE//PLB9/vdO52/CNZQR/Gf7bd+L/WafwbieFoLWmfKJ756fsljY41kmsb/6O11KGsZC3vf2vpV341AwAAwGZXiIgdxaQwkaejUJiYqP8O/+7YVqjMLyw+c3L+w3Oz9e8IjMVQIX/SNdr0PHQqu63P89Mt+SPZc+OviiO1/ER5vjLb7+BhwG2vzfnl8z/1V7HfvQM23Or7aLt60g+g93xfEwaX+Q+Dy/yHwdVm/o/0ox9A77X7/P+kD/0Aeq9l/tv2gwHi/h8Gl/kPg8v8h4G0MBKrf0leQmJZIgr3RDf+z4lqsvY/VNHzRL/fmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrjvwAAAP//n1HZTw==")
ioctl$VFAT_IOCTL_READDIR_SHORT(r7, 0x82307202, &(0x7f0000000bc0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$nci(r8, 0x0, 0xfffffeea)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)

671.733201ms ago: executing program 4 (id=3874):
socket$kcm(0x10, 0xb2bc4d50b2277774, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x44, r2, 0x1, 0x0, 0x0, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x65, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x5, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x24, 0x2, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x4, "4eb8"}, {0x0, 0xd, "9606053d0006ff00800000"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, 0xffffffffffffffff, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000000c0)=0x6, 0x4)

655.55325ms ago: executing program 5 (id=3875):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f80)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = dup3(r2, r1, 0x0)
recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)

635.049341ms ago: executing program 4 (id=3876):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f00000005c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newlink={0x3c, 0x10, 0x437, 0x1, 0x25dfdbf8, {0x0, 0x0, 0x0, r1, 0x40c89}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880)
sendmmsg$inet(r2, &(0x7f0000001100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @local}}}], 0x20}}], 0x1, 0x4000800)

568.699392ms ago: executing program 4 (id=3877):
socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_trace', 0x400, 0x80)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x400)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f00000000c0))
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @u32=0x4}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid}]}]}, 0x28}}, 0x0)
setuid(0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
sendto$inet6(r2, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3}, 0x3}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
shutdown(r2, 0x1)
r6 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0), 0x4)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e24, 0x80000006, @dev={0xfe, 0x80, '\x00', 0x3e}, 0xefce}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x20000600)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x3}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
mq_notify(r1, 0x0)
write$char_usb(r1, &(0x7f0000000140)="ba560bc8aa56975aca7810fbcaee8dab340a8ee8cd40e29a4c72b411a0aaa64d2c9e5a38a6ae48c6790d94cf536a2d5a5a716bf2f2222f08142ba3f2575bb0377048740f5cc02f568c2730b1befd68f48525e3b2c4a534914636c3ebb9e9f2ef44f09b1ca97fc595eafcd73a6a44c67054d75f4d03925e68d04988ba6a817e9125668277d724f2b9b92fddba12433c46d63012fc6711bb96143662e423e062717bb8d0afd6d42b", 0xa7)
rt_tgsigqueueinfo(0x0, 0x0, 0x7, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1e00000009000000030000000b005a0004000000", @ANYRES32=r1, @ANYBLOB="e8b000"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0000000002000000020000000b00"/28], 0x50)

494.034453ms ago: executing program 2 (id=3878):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x5)
r1 = socket(0x28, 0x5, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000340)={0x200000, 0x200000, 0x0, 0x0, 0x5989})
setrlimit(0x40000000000008, &(0x7f0000000000))
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000015c0)=@newtaction={0x14, 0x30, 0x2, 0x70bd2b, 0x25dfdbfb}, 0x14}}, 0x40004)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f00000000c0)={0x1, 0x79e}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)

480.910343ms ago: executing program 4 (id=3879):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000080)={0x0, r1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x35, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040000)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000100)={0xfefd, 0xd15, 0x3925, 0x8, 0x9, "8bdffb70f0ffffff"})
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000006c0)=0x16)

458.414094ms ago: executing program 2 (id=3880):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

454.982964ms ago: executing program 4 (id=3881):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', 0xffffffffffffffff, 0x0, 0x2000000000}, 0xf)
mincore(&(0x7f0000185000/0x3000)=nil, 0x3000, &(0x7f0000000240)=""/68)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002940)=@newtaction={0xeb0, 0x30, 0xb, 0x0, 0x0, {0x0, 0x0, 0x300}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x7ff}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0xfffffffa, 0x3, 0x0, 0x4, 0x5}, 0x40, 0x2}, [{0x80000000, 0xfffff463, 0x10, 0x2, 0x6, 0x1}, {0x9, 0x74c7b271, 0x6, 0x7f, 0x7547, 0x7}, {0x4, 0x6, 0x7, 0xfbb, 0x3, 0x81}, {0x5, 0xd, 0xfff, 0x7fffffff, 0x8, 0xff}, {0x0, 0x4, 0x8, 0x5, 0xffff, 0x400}, {0x400, 0x45a, 0x0, 0x3, 0x0, 0x8}, {0xffffffff, 0x6, 0xa, 0x10, 0x5, 0x9}, {0x9, 0x0, 0x20, 0xfffffff7, 0x7, 0x4}, {0x7fffffff, 0xfffffff8, 0x401, 0x3, 0x8, 0x800}, {0x7, 0xfffffffe, 0x1, 0xa, 0x10, 0x3}, {0x0, 0x6, 0x7fff, 0x8, 0x3, 0x3}, {0x3, 0x1, 0x6, 0x1, 0x8, 0x7}, {0x5, 0x9, 0x0, 0xd, 0x1, 0x8}, {0x1def0a95, 0xe3b, 0xfffffffe, 0x6, 0x5, 0x6c}, {0x8, 0x464, 0x8, 0x2, 0x0, 0x9}, {0x80, 0x8, 0x2, 0x9, 0x6, 0x200}, {0x10001, 0xfffff906, 0x7, 0x0, 0xf76, 0x7}, {0x8, 0xac2, 0x80, 0x8000, 0xb70, 0x1}, {0x3, 0x6, 0x4, 0x4a, 0x3, 0x6}, {0x2, 0x7, 0x5, 0x0, 0x9, 0xf}, {0x1, 0x6, 0x6, 0x8, 0xdbb, 0xbd77}, {0xa, 0x0, 0x100, 0x7, 0x8, 0x2c}, {0x5, 0x2, 0x2, 0x9, 0x5, 0x401}, {0x27, 0x40, 0x81, 0x7, 0x2, 0x10001}, {0x5, 0x9, 0x0, 0x8, 0x7fffffff, 0x5}, {0x7, 0x5, 0xea, 0x2, 0x73c, 0x6}, {0x7, 0x2, 0x5, 0x6, 0x8001, 0x823}, {0x5, 0x8000, 0x8000, 0x4, 0x5}, {0x10001, 0x40, 0x9b97, 0x4, 0x7fffffff, 0xfffffffa}, {0x10000, 0x1, 0x4, 0x7, 0x0, 0x7}, {0x1ff, 0xfffffffd, 0x2, 0x6, 0xb, 0x7}, {0x4, 0x1, 0x6, 0xc3, 0xffffffff, 0x6}, {0xbe, 0x6, 0x8, 0x6, 0x2, 0x4}, {0xfff, 0x0, 0x60b1, 0x1, 0x200, 0x6}, {0x10, 0x6, 0x39, 0x7, 0x1, 0x10001}, {0xc3, 0x0, 0x8, 0x3, 0x10, 0xb}, {0x9, 0x7, 0x2, 0x1, 0x5, 0x92f7}, {0x8, 0x4, 0xc174, 0x7, 0x10000, 0x6e0c}, {0xfffffffa, 0xf, 0x2, 0x8, 0x5, 0x7}, {0x5, 0x7, 0x5, 0x40, 0x6, 0x1ff}, {0x9, 0x61, 0x10, 0x6, 0x401, 0xffff8000}, {0x6, 0xc8c, 0x1b4a000, 0x6, 0x200, 0xf}, {0x9, 0x4, 0xfffff800, 0xb, 0xa82, 0x18f7}, {0x9, 0x2, 0xd725, 0x800, 0x6, 0x78}, {0x3, 0x100, 0x7, 0x4, 0x4, 0x81}, {0x3, 0x8001, 0x3, 0x3, 0x6, 0x1d}, {0xfffff800, 0x6, 0x4, 0x7f, 0x80000001, 0xfa64}, {0x5721, 0x8000, 0x5, 0x3, 0x3, 0x9}, {0x8, 0x7, 0x7, 0x7, 0x2, 0x5}, {0x10000, 0xff, 0x1ac90, 0x25, 0x3, 0x4}, {0x0, 0x3, 0x100, 0x8, 0x195, 0xf49a}, {0x1, 0x8, 0x468, 0x6, 0x9, 0x9}, {0x5f81edad, 0x7, 0x2400, 0x4, 0x6, 0xfffffff8}, {0x5, 0x1, 0x8, 0x2, 0x0, 0x800}, {0x0, 0x3, 0xbb94, 0x80000000, 0x0, 0x80000000}, {0x3, 0x3, 0x1d7b, 0x4, 0x2, 0x81}, {0x7, 0x7, 0x3, 0x101, 0x6, 0x5}, {0x7, 0xd, 0x3, 0x6b89, 0x9, 0x5b}, {0x4, 0xb, 0x80000001, 0x2, 0x3ff, 0x8001}, {0x30b9, 0xf, 0x9, 0x9, 0x4}, {0xc, 0x0, 0x80000000, 0x4, 0x9, 0x4}, {0x7, 0xe30e, 0x9, 0xfffffffe, 0x0, 0x7}, {0x5, 0x3af6, 0x2f, 0x1, 0x0, 0x8}, {0x9, 0x8001, 0x10000, 0xc, 0x5, 0x3}, {0x3, 0x9091, 0x561, 0x9, 0x9, 0x80000000}, {0x6, 0x7, 0x5, 0x8f3, 0xc, 0x8e}, {0xe9a, 0x7, 0x0, 0x100, 0x7, 0x1}, {0x4, 0x7, 0x3, 0x2, 0x10001, 0x2}, {0x9, 0xec09511c, 0x4, 0x0, 0xffffffff, 0x3}, {0x4, 0xd90c, 0x5, 0x7a3, 0x4, 0x7}, {0x6, 0x1, 0x4, 0x1, 0x89b8, 0xfffffff8}, {0x5, 0x6, 0xff, 0xffffffff, 0x3, 0x8}, {0xfa00, 0xce, 0x3, 0xeb9, 0x3, 0x40}, {0x0, 0x2000, 0x81, 0x7, 0x3f8, 0xe}, {0x1, 0x7, 0x1, 0x847, 0x2, 0x5}, {0xbed00000, 0x0, 0x5, 0x566, 0x3879, 0x9}, {0x4, 0x10001, 0x3, 0xb, 0xfffffff8, 0x5}, {0x8001, 0x4, 0x4, 0x1, 0x2, 0x8}, {0x4, 0x3, 0xa3, 0x8000, 0x8, 0x104}, {0x5, 0x6, 0x5, 0xe, 0x2, 0xffff}, {0x455, 0xee37, 0x6, 0x0, 0x410a, 0x7}, {0x8, 0x5, 0x7, 0x9, 0x1, 0x7803}, {0x2, 0x3652, 0x2, 0x2366, 0x1000, 0x59fe}, {0x5a, 0x400, 0x4, 0x94f}, {0x1, 0x5, 0x10000, 0x200, 0x7, 0x81}, {0x7, 0x0, 0x6, 0xced8, 0xffffffff, 0x4}, {0x10, 0x81, 0x3, 0x0, 0x6, 0x2}, {0x1, 0xf70, 0x7, 0x7f, 0x75}, {0x20, 0xe, 0xd3, 0x7, 0x4, 0xa}, {0x2, 0x0, 0x4, 0x8001, 0x5, 0x2}, {0xff, 0x4, 0x3384, 0xb93, 0xd, 0xfffffff9}, {0xfff, 0x3, 0x5, 0x1, 0x39}, {0x8, 0xca2e, 0xfffffff1, 0x1db5, 0x401, 0xccca}, {0xeff, 0x3, 0x49, 0x2, 0xc}, {0x4, 0x2, 0x6a5, 0x35, 0x7fff, 0x6}, {0x20, 0x8, 0x200, 0x4, 0x1, 0x6d71084c}, {0xfff, 0x3, 0x32, 0x1f64, 0x6d6a, 0x4}, {0x2, 0x3, 0x75, 0x1b82, 0xfffffff9, 0x40}, {0x6, 0x7, 0xffffffff, 0x80, 0x23, 0xe}, {0x93b8, 0x0, 0x3ff, 0x1ff72eae, 0xce6b, 0x8}, {0x7fff, 0x7, 0x4, 0x0, 0x1, 0x14}, {0x9, 0x1d1bb27a, 0x4, 0x43, 0xa, 0x8}, {0x8001, 0x0, 0x8, 0x3, 0xfffffff7, 0x6}, {0x1ff, 0x864, 0x3dc, 0x7fffffff, 0x200, 0x5}, {0x2, 0x6, 0xda1, 0x9, 0x7d2, 0x10}, {0xa, 0x7fffffff, 0xfffff06b, 0x0, 0x4, 0x7f}, {0x10001, 0xfffffffa, 0xffff0001, 0x400, 0x1, 0x3}, {0x70000000, 0x5f707df2, 0x7f, 0x7fffffff, 0x9}, {0x0, 0x4, 0x9, 0x0, 0x80000001, 0x401}, {0x9, 0x2, 0x80000001, 0x2, 0x2523, 0x81}, {0x40, 0x8, 0xfff, 0x100, 0x3ff, 0xffffffff}, {0x3, 0x7, 0x56, 0x3, 0x10, 0x6}, {0x7fff, 0x40, 0xe, 0x4, 0xffff, 0xb0}, {0x2, 0xfffffffd, 0x0, 0xb21, 0x7, 0x9510}, {0xe649, 0x6, 0x7fffffff, 0x102, 0xffff, 0x4}, {0x2, 0x4, 0x1, 0x80000001, 0x7, 0x9}, {0xc, 0x200, 0x5, 0xa7e, 0x4, 0x1}, {0x6, 0x9, 0x6, 0x8, 0xd82d, 0x2}, {0x3, 0xffffff78, 0x2, 0x7, 0xfffffffa, 0x1}, {0x4, 0x80000000, 0x2, 0x3, 0x5, 0x10000}, {0x3, 0x7, 0x4, 0x7fff, 0xfff, 0xfa77}, {0x10000, 0xfffffffd, 0x80000001, 0x800, 0x400001, 0x8}, {0xefdf, 0x3, 0x5, 0x6, 0x2, 0xfff}, {0x3, 0x3, 0xffffffff, 0x6, 0x2, 0x13}, {0x1, 0x7f, 0xfffffffc, 0x5, 0x7}, {0xc, 0x3, 0x9, 0x4, 0x0, 0x7}, {0x3, 0x21, 0xad0, 0x2, 0x8, 0xffffffff}, {0x3, 0x7fffffff, 0xc8, 0x9, 0x754, 0x8}], [{0x5, 0x1}, {0x3, 0x1}, {0x3}, {0x2, 0x1}, {0x1}, {0x5, 0x1}, {0x5, 0x1}, {}, {}, {0x5, 0x1}, {}, {0x4, 0xcec72bcc48a97240}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x4}, {0x56ab6f83d6d01e6b, 0x1}, {0x3}, {0x2}, {0x1}, {0x3, 0xca32b325be8497a7}, {0x4, 0x1}, {0x2, 0x1}, {0x5}, {0x2}, {0x5, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x1, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {0x2, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x3}, {0x0, 0x1}, {0x3}, {0x4}, {0x1, 0x1}, {0x3}, {0x0, 0x1}, {0x3}, {0x3}, {0x1, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4}, {0x4, 0x2}, {0x4, 0x1}, {0x5}, {0x4}, {0x5}, {0x5}, {0x1}, {0x3, 0x1}, {}, {0x5, 0x1}, {0x4, 0x1}, {0x7}, {0x2}, {0x4, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {}, {0x0, 0x1}, {0x1}, {0x5}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {0x2}, {0x4, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x2}, {0x4, 0x1}, {}, {0x1, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x1}, {0x5}, {}, {0x5}, {0x2, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x2}, {0x2, 0x1}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x33211dacfbee65e7, 0x1}, {}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x5}, {0x4}, {0x2, 0x1}, {0x2}, {0x2}, {0x4}, {0x1, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="0d00000002000000040000000240000005000000", @ANYRES32, @ANYBLOB='\x00'/17, @ANYRES32], 0x48)
r4 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x2a100, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
finit_module(r4, 0x0, 0x2)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r6)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
sendto$inet6(r0, &(0x7f0000000080)="b1", 0xffec, 0x22000000, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

416.329474ms ago: executing program 2 (id=3882):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000014}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x18000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000380)='kfree\x00', r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000640)={r3}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x9}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {0x0, 0x8000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x0, 0x0, 0x200}, {}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x2, 0x0, 0x20000000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x8}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {0x5, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
syz_open_dev$sg(&(0x7f0000000180), 0x2, 0x10400)

415.705694ms ago: executing program 2 (id=3883):
openat$autofs(0xffffffffffffff9c, 0x0, 0x2800, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000001100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000004c0)='mm_page_free\x00', r3, 0x0, 0x178}, 0x18)
sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x7ffff000}], 0x11}}], 0x2, 0x0) (fail_nth: 1)

189.114588ms ago: executing program 2 (id=3884):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x80, 0x4, 0x3cc}, 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r2 = creat(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, 0x0, 0x4000010)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000f908b92c0000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000680)='kfree\x00', r5}, 0x18)
setreuid(0x0, 0xee00)
request_key(&(0x7f0000000440)='rxrpc_s\x00', &(0x7f0000000480)={'syz', 0x1}, &(0x7f0000000500)='/dev/vcsu#\x00', 0xffffffffffffffff)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = eventfd2(0x0, 0x0)
read$eventfd(r6, &(0x7f0000000040), 0x8)
openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$binfmt_register(r2, &(0x7f0000000340)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x8, 0x3a, 'GPL\x00', 0x3a, ':%.\'-.', 0x3a, './file0', 0x3a, [0x43]}, 0x32)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000001000010400004000fedbdf2501f80000", @ANYRES32=0x0, @ANYBLOB="01020400000000002800128008000100736974001c00028008000200c6120001060008001900000005000a00fd00"], 0x58}}, 0x0)
fcntl$setstatus(r7, 0x4, 0x800)
pipe2$9p(&(0x7f0000000100), 0x840)

188.198737ms ago: executing program 0 (id=3885):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x3, &(0x7f0000000780)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000080)='GPL\x00', 0x8000, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000077000000fb000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0xc6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x0, 0x4c, 0x1a, 0x0, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x110, 0x140, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x6}}, @common=@unspec=@connbytes={{0x38}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0xa}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000240)={r4, 0xfffffffe, 0xff, 0x5, 0x9, 0x2, 0x4, 0x8, {0x0, @in6={{0xa, 0x4e21, 0xffffffff, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x7fff}}, 0xfc0c, 0x34, 0x8, 0x3e, 0xe22}}, &(0x7f0000000140)=0xb0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0xfe, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xa8, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
write$selinux_user(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000980)={{{@in=@dev, @in6}}, {{@in=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x4, 0x7}]})
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f00000000c0)=0xb, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r9 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r10=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0xee01, r10, 0xffffffffffffffff)
r11 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r11, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

186.180437ms ago: executing program 3 (id=3886):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000003c0)='highspeed\x00', 0xa)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

96.062349ms ago: executing program 0 (id=3887):
socket$kcm(0x10, 0xb2bc4d50b2277774, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x44, r1, 0x1, 0x0, 0x0, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
syz_emit_ethernet(0x7e, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x65, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x5, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x24, 0x2, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x4, "4eb8"}, {0x0, 0xd, "9606053d0006ff00800000"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, 0xffffffffffffffff, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000000c0)=0x6, 0x4)

68.86394ms ago: executing program 0 (id=3888):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f00000005c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newlink={0x3c, 0x10, 0x437, 0x1, 0x25dfdbf8, {0x0, 0x0, 0x0, r1, 0x40c89}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880)
sendmmsg$inet(r2, &(0x7f0000001100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @local}}}], 0x20}}], 0x1, 0x4000800)

44.44134ms ago: executing program 0 (id=3889):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = gettid()
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f00000194c0)={&(0x7f0000019380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000019480)={&(0x7f00000193c0)={0x10, 0x3f5, 0x10, 0x70bd29, 0x25dfdbfd, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x840)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
io_uring_setup(0xd0, &(0x7f0000019240)={0x0, 0x82ad, 0x80, 0x3, 0x3d4})
pread64(r2, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000196c0)=ANY=[@ANYBLOB="1500000065ffff01800000080039503230303087a31c62ac58fe8f3cd0dc9b3e792c34b79941bc9fa724f0a02ffb3a1f08418b0cb59d610efb8566ec004045cf7ddd7c7172db4072183e6a0147e47d6e0cbeb8854f769d3c92ec0b0bf703f87a1a84f78f90afd804ae32183441fbbf67709776af26f528bb80186db28955274bef5fb4ac35cbeecacd341baa4c9e024e83fb71e1cd52d0f85ded080c32fc595e8f077aefe8fdd6f67d8cf3d1893ec413232da4dd59470cd3600e380c82a97e4f487bbe1803"], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009d40", @ANYBLOB="fe4cecb210bc091b10"], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071117300000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
syz_open_procfs(0x0, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0xa, 0xa382)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f00000192c0)={0x0, {}, 0x0, {}, 0x4, 0x1, 0x17, 0x1c, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "6296c8007b0000130000e8ffffff00212d00000000000000000000000900", [0x7, 0x4000000000000007]})
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000019200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
socket(0x10, 0x3, 0x0)

43.28918ms ago: executing program 3 (id=3890):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) (async)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe9b)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
fsmount(0xffffffffffffffff, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000080)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") (async)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000080)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

26.58849ms ago: executing program 0 (id=3891):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x5)
r1 = socket(0x28, 0x5, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000340)={0x200000, 0x200000, 0x0, 0x0, 0x5989})
setrlimit(0x40000000000008, &(0x7f0000000000))
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000015c0)=@newtaction={0x14, 0x30, 0x2, 0x70bd2b, 0x25dfdbfb}, 0x14}}, 0x40004)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f00000000c0)={0x1, 0x79e}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)

0s ago: executing program 0 (id=3892):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f80)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x9200000000000000)
r3 = dup3(r2, r1, 0x0)
recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)

kernel console output (not intermixed with test programs):

lock 2072, async page read
[  205.427685][T12549] Buffer I/O error on dev loop4, logical block 2066, async page read
[  205.752179][T12565] loop2: detected capacity change from 0 to 8192
[  205.762748][T12559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3261'.
[  205.787646][T12559] ipvlan2: entered promiscuous mode
[  205.938773][   T29] kauditd_printk_skb: 106 callbacks suppressed
[  205.938788][   T29] audit: type=1400 audit(2000000650.722:21616): avc:  denied  { bind } for  pid=12572 comm="syz.3.3268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  206.095629][   T29] audit: type=1326 audit(2000000650.872:21617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.119316][   T29] audit: type=1326 audit(2000000650.882:21618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.142935][   T29] audit: type=1326 audit(2000000650.882:21619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.228996][   T29] audit: type=1326 audit(2000000650.882:21620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.252732][   T29] audit: type=1326 audit(2000000650.882:21621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.276525][   T29] audit: type=1326 audit(2000000650.882:21622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.300149][   T29] audit: type=1326 audit(2000000650.882:21623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.556271][   T29] audit: type=1326 audit(2000000651.132:21624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.580018][   T29] audit: type=1326 audit(2000000651.152:21625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12587 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  206.897880][T12617] program syz.4.3285 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  206.940451][T12610] loop3: detected capacity change from 0 to 1024
[  206.985403][T12610] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  206.999594][T12610] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  207.025433][T12619] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3287'.
[  207.046144][T12624] loop0: detected capacity change from 0 to 8192
[  207.065966][T12610] JBD2: no valid journal superblock found
[  207.072536][T12610] EXT4-fs (loop3): Could not load journal inode
[  207.418155][T12650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3296'.
[  207.460849][T12641] loop2: detected capacity change from 0 to 512
[  207.486863][T12641] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  207.523065][T12641] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.3296: iget: bad extended attribute block 512
[  207.539482][T12656] syzkaller0: entered promiscuous mode
[  207.544997][T12656] syzkaller0: entered allmulticast mode
[  207.555582][T12641] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.3296: couldn't read orphan inode 15 (err -117)
[  207.576627][T12641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.724016][T11699] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.740286][T12679] @: renamed from vlan0 (while UP)
[  207.818518][T12674] loop3: detected capacity change from 0 to 1024
[  207.821909][T12665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3301'.
[  207.880195][T12674] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  207.889794][T12665] ipvlan2: entered promiscuous mode
[  207.892952][T12674] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  207.953987][T12674] JBD2: no valid journal superblock found
[  207.964966][T12674] EXT4-fs (loop3): Could not load journal inode
[  208.041220][T12703] netlink: 'syz.0.3315': attribute type 1 has an invalid length.
[  208.049118][T12703] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3315'.
[  208.111236][T12707] loop0: detected capacity change from 0 to 512
[  208.137040][T12707] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  208.158446][T12707] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  208.232988][T12726] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3324'.
[  208.270370][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  208.280481][T12728] loop3: detected capacity change from 0 to 8192
[  208.478706][T12747] loop4: detected capacity change from 0 to 512
[  208.500579][T12742] syzkaller0: entered promiscuous mode
[  208.506370][T12742] syzkaller0: entered allmulticast mode
[  208.603101][T12751] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3335'.
[  208.658568][T12751] loop0: detected capacity change from 0 to 2048
[  208.667240][T12751] ext4: Unknown parameter 'obj_role'
[  208.878819][T12761] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3338'.
[  208.887981][T12761] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3338'.
[  209.055842][T12771] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3341'.
[  209.090502][T12747] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3334: Failed to acquire dquot type 1
[  209.090643][T12771] loop0: detected capacity change from 0 to 2048
[  209.102655][T12747] EXT4-fs (loop4): 1 truncate cleaned up
[  209.116190][T12747] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.129157][T12747] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.147527][T12771] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.161863][T12771] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.196468][T12747] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.3334: deleted inode referenced: 12
[  209.215767][T12747] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.3334: deleted inode referenced: 12
[  209.248571][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.272705][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.359296][T12783] loop0: detected capacity change from 0 to 8192
[  209.367860][T12789] loop3: detected capacity change from 0 to 128
[  209.388787][T12789] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  209.389292][T12795] program syz.4.3349 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  209.412952][T12789] ext4 filesystem being mounted at /57/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  209.498635][T12778] loop2: detected capacity change from 0 to 1024
[  209.572848][T12778] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  209.584472][T12778] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  209.693489][T12808] lo speed is unknown, defaulting to 1000
[  209.699320][T12808] lo speed is unknown, defaulting to 1000
[  209.705390][T12808] lo speed is unknown, defaulting to 1000
[  209.712737][T12808] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  209.724554][T12808] lo speed is unknown, defaulting to 1000
[  209.731057][T12808] lo speed is unknown, defaulting to 1000
[  209.737601][T12808] lo speed is unknown, defaulting to 1000
[  209.744355][T12808] lo speed is unknown, defaulting to 1000
[  209.751055][T12808] lo speed is unknown, defaulting to 1000
[  209.757754][T12808] lo speed is unknown, defaulting to 1000
[  209.780863][T12778] JBD2: no valid journal superblock found
[  209.787922][T12778] EXT4-fs (loop2): Could not load journal inode
[  210.030179][T12807] lo speed is unknown, defaulting to 1000
[  210.036343][T12807] lo speed is unknown, defaulting to 1000
[  210.242970][T11870] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  210.390104][T12809] vhci_hcd: invalid port number 254
[  210.639110][T12834] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  210.690780][T12834] batman_adv: batadv0: Removing interface: batadv_slave_1
[  210.853624][T12841] loop0: detected capacity change from 0 to 164
[  210.909564][T12849] 9pnet_fd: Insufficient options for proto=fd
[  211.001248][T12860] loop3: detected capacity change from 0 to 1024
[  211.038624][T12860] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  211.050234][T12860] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  211.167583][T12860] JBD2: no valid journal superblock found
[  211.173400][T12860] EXT4-fs (loop3): Could not load journal inode
[  211.457580][   T29] kauditd_printk_skb: 103 callbacks suppressed
[  211.457597][   T29] audit: type=1326 audit(2000000656.242:21727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.510362][   T29] audit: type=1326 audit(2000000656.272:21728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.533990][   T29] audit: type=1326 audit(2000000656.272:21729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.557702][   T29] audit: type=1326 audit(2000000656.272:21730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.581270][   T29] audit: type=1326 audit(2000000656.272:21731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.604898][   T29] audit: type=1326 audit(2000000656.272:21732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.628490][   T29] audit: type=1326 audit(2000000656.272:21733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.652111][   T29] audit: type=1326 audit(2000000656.272:21734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.675713][   T29] audit: type=1326 audit(2000000656.272:21735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.699926][   T29] audit: type=1326 audit(2000000656.272:21736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12876 comm="syz.0.3375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dcc80e929 code=0x7ffc0000
[  211.820028][T12888] program syz.0.3379 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  211.866991][T12886] 9pnet_fd: Insufficient options for proto=fd
[  212.093856][T12902] loop4: detected capacity change from 0 to 1024
[  212.131055][T12902] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  212.142955][T12902] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  212.230218][T12902] JBD2: no valid journal superblock found
[  212.237438][T12902] EXT4-fs (loop4): Could not load journal inode
[  212.269958][T12917] loop0: detected capacity change from 0 to 512
[  212.286066][T12917] journal_path: Lookup failure for './file0/../file0'
[  212.292934][T12917] EXT4-fs: error: could not find journal device path
[  212.361491][T12919] loop0: detected capacity change from 0 to 128
[  212.393738][T12919] bio_check_eod: 24 callbacks suppressed
[  212.393758][T12919] syz.0.3391: attempt to access beyond end of device
[  212.393758][T12919] loop0: rw=2049, sector=145, nr_sectors = 8 limit=128
[  212.432856][T12919] syz.0.3391: attempt to access beyond end of device
[  212.432856][T12919] loop0: rw=2049, sector=161, nr_sectors = 8 limit=128
[  212.472536][T12919] syz.0.3391: attempt to access beyond end of device
[  212.472536][T12919] loop0: rw=2049, sector=177, nr_sectors = 24 limit=128
[  212.506941][T12922] __nla_validate_parse: 2 callbacks suppressed
[  212.506962][T12922] netlink: 14 bytes leftover after parsing attributes in process `syz.5.3392'.
[  212.525194][T12919] syz.0.3391: attempt to access beyond end of device
[  212.525194][T12919] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128
[  212.553730][T12924] bridge0: entered promiscuous mode
[  212.559190][T12919] syz.0.3391: attempt to access beyond end of device
[  212.559190][T12919] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128
[  212.561544][T12924] bridge0: port 3(macvlan2) entered blocking state
[  212.579414][T12924] bridge0: port 3(macvlan2) entered disabled state
[  212.586521][T12924] macvlan2: entered allmulticast mode
[  212.591973][T12924] bridge0: entered allmulticast mode
[  212.598498][T12924] macvlan2: left allmulticast mode
[  212.600464][T12919] syz.0.3391: attempt to access beyond end of device
[  212.600464][T12919] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128
[  212.603655][T12924] bridge0: left allmulticast mode
[  212.623044][T12924] bridge0: left promiscuous mode
[  212.631864][T12919] syz.0.3391: attempt to access beyond end of device
[  212.631864][T12919] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128
[  212.648236][T12919] syz.0.3391: attempt to access beyond end of device
[  212.648236][T12919] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128
[  212.662181][T12919] syz.0.3391: attempt to access beyond end of device
[  212.662181][T12919] loop0: rw=2049, sector=289, nr_sectors = 9 limit=128
[  212.678175][T12922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  212.706899][T12922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  212.718534][T12922] bond0 (unregistering): Released all slaves
[  212.742458][T12925] lo speed is unknown, defaulting to 1000
[  212.748790][T12925] lo speed is unknown, defaulting to 1000
[  212.924536][T12937] 9pnet_fd: Insufficient options for proto=fd
[  212.966597][T12939] FAULT_INJECTION: forcing a failure.
[  212.966597][T12939] name failslab, interval 1, probability 0, space 0, times 0
[  212.979416][T12939] CPU: 0 UID: 0 PID: 12939 Comm: syz.3.3398 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  212.979448][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.979510][T12939] Call Trace:
[  212.979518][T12939]  <TASK>
[  212.979528][T12939]  __dump_stack+0x1d/0x30
[  212.979552][T12939]  dump_stack_lvl+0xe8/0x140
[  212.979575][T12939]  dump_stack+0x15/0x1b
[  212.979591][T12939]  should_fail_ex+0x265/0x280
[  212.979664][T12939]  should_failslab+0x8c/0xb0
[  212.979691][T12939]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  212.979802][T12939]  ? sidtab_sid2str_get+0xa0/0x130
[  212.979832][T12939]  kmemdup_noprof+0x2b/0x70
[  212.979857][T12939]  sidtab_sid2str_get+0xa0/0x130
[  212.979955][T12939]  security_sid_to_context_core+0x1eb/0x2e0
[  212.979981][T12939]  security_sid_to_context+0x27/0x40
[  212.980008][T12939]  selinux_lsmprop_to_secctx+0x67/0xf0
[  212.980036][T12939]  security_lsmprop_to_secctx+0x43/0x80
[  212.980121][T12939]  audit_log_task_context+0x77/0x190
[  212.980161][T12939]  audit_log_task+0xf4/0x250
[  212.980198][T12939]  audit_seccomp+0x61/0x100
[  212.980223][T12939]  ? __seccomp_filter+0x68c/0x10d0
[  212.980255][T12939]  __seccomp_filter+0x69d/0x10d0
[  212.980359][T12939]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  212.980416][T12939]  ? vfs_write+0x75e/0x8e0
[  212.980455][T12939]  ? __rcu_read_unlock+0x4f/0x70
[  212.980482][T12939]  ? __fget_files+0x184/0x1c0
[  212.980510][T12939]  __secure_computing+0x82/0x150
[  212.980558][T12939]  syscall_trace_enter+0xcf/0x1e0
[  212.980581][T12939]  do_syscall_64+0xac/0x200
[  212.980602][T12939]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  212.980634][T12939]  ? clear_bhb_loop+0x40/0x90
[  212.980673][T12939]  ? clear_bhb_loop+0x40/0x90
[  212.980700][T12939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.980723][T12939] RIP: 0033:0x7fd3e056e929
[  212.980738][T12939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.980760][T12939] RSP: 002b:00007fd3debd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[  212.980782][T12939] RAX: ffffffffffffffda RBX: 00007fd3e0795fa0 RCX: 00007fd3e056e929
[  212.980816][T12939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  212.980827][T12939] RBP: 00007fd3debd7090 R08: 0000000000000000 R09: 0000000000000000
[  212.980839][T12939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.980851][T12939] R13: 0000000000000000 R14: 00007fd3e0795fa0 R15: 00007ffd78cb40b8
[  212.980869][T12939]  </TASK>
[  213.338688][T12955] FAULT_INJECTION: forcing a failure.
[  213.338688][T12955] name failslab, interval 1, probability 0, space 0, times 0
[  213.351407][T12955] CPU: 1 UID: 0 PID: 12955 Comm: syz.4.3405 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  213.351443][T12955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  213.351457][T12955] Call Trace:
[  213.351464][T12955]  <TASK>
[  213.351533][T12955]  __dump_stack+0x1d/0x30
[  213.351561][T12955]  dump_stack_lvl+0xe8/0x140
[  213.351581][T12955]  dump_stack+0x15/0x1b
[  213.351598][T12955]  should_fail_ex+0x265/0x280
[  213.351643][T12955]  should_failslab+0x8c/0xb0
[  213.351671][T12955]  __kmalloc_node_noprof+0xa9/0x410
[  213.351773][T12955]  ? qdisc_alloc+0x65/0x440
[  213.351814][T12955]  qdisc_alloc+0x65/0x440
[  213.351855][T12955]  qdisc_create_dflt+0x7f/0x2d0
[  213.352011][T12955]  mqprio_init+0x57c/0xc30
[  213.352052][T12955]  ? __pfx_mqprio_init+0x10/0x10
[  213.352165][T12955]  qdisc_create+0x58e/0x9e0
[  213.352201][T12955]  tc_modify_qdisc+0xe2c/0x1380
[  213.352271][T12955]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  213.352373][T12955]  rtnetlink_rcv_msg+0x657/0x6d0
[  213.352416][T12955]  netlink_rcv_skb+0x123/0x220
[  213.352456][T12955]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  213.352490][T12955]  rtnetlink_rcv+0x1c/0x30
[  213.352515][T12955]  netlink_unicast+0x59e/0x670
[  213.352623][T12955]  netlink_sendmsg+0x58b/0x6b0
[  213.352647][T12955]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.352666][T12955]  __sock_sendmsg+0x142/0x180
[  213.352690][T12955]  ____sys_sendmsg+0x31e/0x4e0
[  213.352774][T12955]  ___sys_sendmsg+0x17b/0x1d0
[  213.352815][T12955]  __x64_sys_sendmsg+0xd4/0x160
[  213.352845][T12955]  x64_sys_call+0x2999/0x2fb0
[  213.352873][T12955]  do_syscall_64+0xd2/0x200
[  213.352972][T12955]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  213.352998][T12955]  ? clear_bhb_loop+0x40/0x90
[  213.353056][T12955]  ? clear_bhb_loop+0x40/0x90
[  213.353082][T12955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.353107][T12955] RIP: 0033:0x7f35fb1fe929
[  213.353126][T12955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.353189][T12955] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.353213][T12955] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  213.353227][T12955] RDX: 0000000020000000 RSI: 0000200000000200 RDI: 0000000000000004
[  213.353289][T12955] RBP: 00007f35f9867090 R08: 0000000000000000 R09: 0000000000000000
[  213.353302][T12955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.353314][T12955] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  213.353333][T12955]  </TASK>
[  213.712722][T12959] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3407'.
[  213.742795][T12969] FAULT_INJECTION: forcing a failure.
[  213.742795][T12969] name failslab, interval 1, probability 0, space 0, times 0
[  213.755613][T12969] CPU: 1 UID: 0 PID: 12969 Comm: syz.0.3411 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  213.755660][T12969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  213.755699][T12969] Call Trace:
[  213.755706][T12969]  <TASK>
[  213.755715][T12969]  __dump_stack+0x1d/0x30
[  213.755742][T12969]  dump_stack_lvl+0xe8/0x140
[  213.755766][T12969]  dump_stack+0x15/0x1b
[  213.755785][T12969]  should_fail_ex+0x265/0x280
[  213.755890][T12969]  should_failslab+0x8c/0xb0
[  213.755912][T12969]  kmem_cache_alloc_noprof+0x50/0x310
[  213.755984][T12969]  ? skb_clone+0x151/0x1f0
[  213.756008][T12969]  skb_clone+0x151/0x1f0
[  213.756031][T12969]  __netlink_deliver_tap+0x2c9/0x500
[  213.756063][T12969]  netlink_unicast+0x64c/0x670
[  213.756100][T12969]  netlink_sendmsg+0x58b/0x6b0
[  213.756168][T12969]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.756187][T12969]  __sock_sendmsg+0x142/0x180
[  213.756211][T12969]  ____sys_sendmsg+0x31e/0x4e0
[  213.756309][T12969]  ___sys_sendmsg+0x17b/0x1d0
[  213.756417][T12969]  __x64_sys_sendmsg+0xd4/0x160
[  213.756441][T12969]  x64_sys_call+0x2999/0x2fb0
[  213.756467][T12969]  do_syscall_64+0xd2/0x200
[  213.756490][T12969]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  213.756547][T12969]  ? clear_bhb_loop+0x40/0x90
[  213.756567][T12969]  ? clear_bhb_loop+0x40/0x90
[  213.756594][T12969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.756657][T12969] RIP: 0033:0x7f2dcc80e929
[  213.756676][T12969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.756697][T12969] RSP: 002b:00007f2dcae77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.756715][T12969] RAX: ffffffffffffffda RBX: 00007f2dcca35fa0 RCX: 00007f2dcc80e929
[  213.756727][T12969] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  213.756814][T12969] RBP: 00007f2dcae77090 R08: 0000000000000000 R09: 0000000000000000
[  213.756826][T12969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.756838][T12969] R13: 0000000000000000 R14: 00007f2dcca35fa0 R15: 00007ffcb7a13e28
[  213.756857][T12969]  </TASK>
[  213.977158][T12969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3411'.
[  214.106919][T12989] loop0: detected capacity change from 0 to 2048
[  214.135827][T12989] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.166826][T12989] FAULT_INJECTION: forcing a failure.
[  214.166826][T12989] name failslab, interval 1, probability 0, space 0, times 0
[  214.179557][T12989] CPU: 0 UID: 0 PID: 12989 Comm: syz.0.3419 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  214.179593][T12989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  214.179609][T12989] Call Trace:
[  214.179617][T12989]  <TASK>
[  214.179626][T12989]  __dump_stack+0x1d/0x30
[  214.179648][T12989]  dump_stack_lvl+0xe8/0x140
[  214.179725][T12989]  dump_stack+0x15/0x1b
[  214.179785][T12989]  should_fail_ex+0x265/0x280
[  214.179867][T12989]  should_failslab+0x8c/0xb0
[  214.179897][T12989]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  214.179935][T12989]  ? sidtab_sid2str_get+0xa0/0x130
[  214.179964][T12989]  kmemdup_noprof+0x2b/0x70
[  214.179997][T12989]  sidtab_sid2str_get+0xa0/0x130
[  214.180028][T12989]  security_sid_to_context_core+0x1eb/0x2e0
[  214.180056][T12989]  security_sid_to_context+0x27/0x40
[  214.180130][T12989]  selinux_lsmprop_to_secctx+0x67/0xf0
[  214.180160][T12989]  security_lsmprop_to_secctx+0x43/0x80
[  214.180200][T12989]  audit_log_task_context+0x77/0x190
[  214.180276][T12989]  audit_log_task+0xf4/0x250
[  214.180311][T12989]  audit_seccomp+0x61/0x100
[  214.180406][T12989]  ? __seccomp_filter+0x68c/0x10d0
[  214.180437][T12989]  __seccomp_filter+0x69d/0x10d0
[  214.180469][T12989]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  214.180567][T12989]  ? vfs_write+0x75e/0x8e0
[  214.180607][T12989]  ? __rcu_read_unlock+0x4f/0x70
[  214.180643][T12989]  ? __fget_files+0x184/0x1c0
[  214.180677][T12989]  __secure_computing+0x82/0x150
[  214.180777][T12989]  syscall_trace_enter+0xcf/0x1e0
[  214.180809][T12989]  do_syscall_64+0xac/0x200
[  214.180911][T12989]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  214.180949][T12989]  ? clear_bhb_loop+0x40/0x90
[  214.180977][T12989]  ? clear_bhb_loop+0x40/0x90
[  214.181020][T12989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.181047][T12989] RIP: 0033:0x7f2dcc80e929
[  214.181066][T12989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.181159][T12989] RSP: 002b:00007f2dcae77038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  214.181240][T12989] RAX: ffffffffffffffda RBX: 00007f2dcca35fa0 RCX: 00007f2dcc80e929
[  214.181257][T12989] RDX: 0000200000000380 RSI: 00000000355e939d RDI: 000000000000001d
[  214.181273][T12989] RBP: 00007f2dcae77090 R08: 0000000000000000 R09: 0000000000000000
[  214.181288][T12989] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  214.181304][T12989] R13: 0000000000000000 R14: 00007f2dcca35fa0 R15: 00007ffcb7a13e28
[  214.181326][T12989]  </TASK>
[  214.290758][T12982] loop2: detected capacity change from 0 to 1024
[  214.488120][T12982] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  214.489742][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.499585][T12982] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  214.563672][T12982] JBD2: no valid journal superblock found
[  214.570657][T12982] EXT4-fs (loop2): Could not load journal inode
[  214.678451][T13008] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  214.678451][T13008]    program wÞ£ÿ not setting count and/or reply_len properly
[  214.791575][T13010] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3426'.
[  215.051342][T13034] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3437'.
[  215.243918][T13055] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3439'.
[  215.307376][T13055] loop3: detected capacity change from 0 to 512
[  215.336555][T13055] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  215.364429][T13055] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.3439: iget: bad extended attribute block 512
[  215.383177][T13055] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.3439: couldn't read orphan inode 15 (err -117)
[  215.408342][T13055] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.741248][T11870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.151002][T13107] loop2: detected capacity change from 0 to 1024
[  216.157796][T13107] EXT4-fs: Ignoring removed orlov option
[  216.163857][T13107] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  216.213824][T13107] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.332026][T13123] syz.2.3465 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  216.369290][T13127] loop3: detected capacity change from 0 to 512
[  216.405993][T13127] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  216.446447][T13131] infiniband syz!: set active
[  216.451263][T13131] infiniband syz!: added team_slave_0
[  216.484180][   T29] kauditd_printk_skb: 70 callbacks suppressed
[  216.484194][   T29] audit: type=1400 audit(2000000661.262:21805): avc:  denied  { read write } for  pid=13138 comm="syz.2.3469" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  216.513974][   T29] audit: type=1400 audit(2000000661.262:21806): avc:  denied  { open } for  pid=13138 comm="syz.2.3469" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  216.537976][T13131] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  216.538199][T13131] infiniband syz!: Couldn't open port 1
[  216.553330][   T29] audit: type=1400 audit(2000000661.332:21807): avc:  denied  { connect } for  pid=13138 comm="syz.2.3469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  216.573735][T13127] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.3462: iget: bad extended attribute block 512
[  216.609745][T13143] SELinux:  policydb table sizes (10000000,0) do not match mine (6,7)
[  216.611726][T13127] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.3462: couldn't read orphan inode 15 (err -117)
[  216.618277][T13143] SELinux: failed to load policy
[  216.631435][T13131] RDS/IB: syz!: added
[  216.639102][T13131] smc: adding ib device syz! with port count 1
[  216.647882][T13131] smc:    ib device syz! port 1 has pnetid 
[  216.668043][T13145] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  216.895343][   T29] audit: type=1400 audit(2000000661.672:21808): avc:  denied  { create } for  pid=13155 comm="syz.5.3473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  216.915121][   T29] audit: type=1400 audit(2000000661.672:21809): avc:  denied  { setopt } for  pid=13155 comm="syz.5.3473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  217.018479][T13167] loop0: detected capacity change from 0 to 1024
[  217.036795][T13167] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  217.047828][T13167] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  217.077105][T13167] JBD2: no valid journal superblock found
[  217.083123][T13167] EXT4-fs (loop0): Could not load journal inode
[  217.134669][   T29] audit: type=1400 audit(2000000661.912:21810): avc:  denied  { accept } for  pid=13171 comm="syz.0.3478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  217.157058][T13172] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=13172 comm=syz.0.3478
[  217.177042][T13161] loop3: detected capacity change from 0 to 1024
[  217.192049][T13161] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  217.201031][T13170] netlink: 180 bytes leftover after parsing attributes in process `syz.5.3477'.
[  217.203384][T13161] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  217.239186][T13161] JBD2: no valid journal superblock found
[  217.246443][T13161] EXT4-fs (loop3): Could not load journal inode
[  217.288518][   T29] audit: type=1400 audit(2000000661.972:21811): avc:  denied  { create } for  pid=13169 comm="syz.5.3477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  217.518380][T13194] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3485'.
[  217.549187][T13178] lo speed is unknown, defaulting to 1000
[  217.555629][T13178] lo speed is unknown, defaulting to 1000
[  217.689771][T13201] FAULT_INJECTION: forcing a failure.
[  217.689771][T13201] name failslab, interval 1, probability 0, space 0, times 0
[  217.702488][T13201] CPU: 1 UID: 0 PID: 13201 Comm: syz.0.3488 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  217.702599][T13201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  217.702615][T13201] Call Trace:
[  217.702627][T13201]  <TASK>
[  217.702637][T13201]  __dump_stack+0x1d/0x30
[  217.702666][T13201]  dump_stack_lvl+0xe8/0x140
[  217.702690][T13201]  dump_stack+0x15/0x1b
[  217.702711][T13201]  should_fail_ex+0x265/0x280
[  217.702783][T13201]  should_failslab+0x8c/0xb0
[  217.702813][T13201]  kmem_cache_alloc_noprof+0x50/0x310
[  217.702846][T13201]  ? skb_clone+0x151/0x1f0
[  217.702949][T13201]  skb_clone+0x151/0x1f0
[  217.702968][T13201]  __netlink_deliver_tap+0x2c9/0x500
[  217.702999][T13201]  netlink_unicast+0x64c/0x670
[  217.703053][T13201]  netlink_sendmsg+0x58b/0x6b0
[  217.703078][T13201]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.703102][T13201]  __sock_sendmsg+0x142/0x180
[  217.703130][T13201]  ____sys_sendmsg+0x31e/0x4e0
[  217.703274][T13201]  ___sys_sendmsg+0x17b/0x1d0
[  217.703315][T13201]  __x64_sys_sendmsg+0xd4/0x160
[  217.703345][T13201]  x64_sys_call+0x2999/0x2fb0
[  217.703371][T13201]  do_syscall_64+0xd2/0x200
[  217.703393][T13201]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  217.703463][T13201]  ? clear_bhb_loop+0x40/0x90
[  217.703557][T13201]  ? clear_bhb_loop+0x40/0x90
[  217.703594][T13201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.703622][T13201] RIP: 0033:0x7f2dcc80e929
[  217.703641][T13201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.703666][T13201] RSP: 002b:00007f2dcae77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.703689][T13201] RAX: ffffffffffffffda RBX: 00007f2dcca35fa0 RCX: 00007f2dcc80e929
[  217.703705][T13201] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000007
[  217.703721][T13201] RBP: 00007f2dcae77090 R08: 0000000000000000 R09: 0000000000000000
[  217.703734][T13201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.703748][T13201] R13: 0000000000000000 R14: 00007f2dcca35fa0 R15: 00007ffcb7a13e28
[  217.703771][T13201]  </TASK>
[  217.715455][T13201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3488'.
[  217.797701][T13178] chnl_net:caif_netlink_parms(): no params data found
[  217.944595][T13201] 8021q: adding VLAN 0 to HW filter on device team1
[  218.004915][T13222] loop0: detected capacity change from 0 to 164
[  218.013928][T13222] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  218.027830][T13211] loop4: detected capacity change from 0 to 512
[  218.041411][   T29] audit: type=1400 audit(2000000662.812:21812): avc:  denied  { mount } for  pid=13221 comm="syz.0.3494" name="/" dev="loop0" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  218.042465][T13211] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  218.076774][T13178] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.083920][T13178] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.092144][   T29] audit: type=1400 audit(2000000662.882:21813): avc:  denied  { unmount } for  pid=11271 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  218.112913][T13178] bridge_slave_0: entered allmulticast mode
[  218.119573][T13178] bridge_slave_0: entered promiscuous mode
[  218.133082][T13178] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.140584][T13178] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.148149][T13178] bridge_slave_1: entered allmulticast mode
[  218.154377][T13211] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.3491: iget: bad extended attribute block 512
[  218.170297][T13178] bridge_slave_1: entered promiscuous mode
[  218.182715][T13211] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.3491: couldn't read orphan inode 15 (err -117)
[  218.197060][T13178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.210061][T13178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.243656][T13178] team0: Port device team_slave_0 added
[  218.252945][   T29] audit: type=1400 audit(2000000663.032:21814): avc:  denied  { map } for  pid=13239 comm="syz.3.3498" path="socket:[37674]" dev="sockfs" ino=37674 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  218.262386][T13238] loop0: detected capacity change from 0 to 1024
[  218.283431][T13178] team0: Port device team_slave_1 added
[  218.305465][T13238] EXT4-fs: Ignoring removed bh option
[  218.314941][T13238] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  218.333435][T13238] EXT4-fs error (device loop0): ext4_quota_enable:7124: comm syz.0.3497: inode #2304: comm syz.0.3497: iget: illegal inode #
[  218.348975][T13238] EXT4-fs (loop0): Remounting filesystem read-only
[  218.351962][T13178] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.355539][T13238] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  218.358948][T13238] EXT4-fs (loop0): mount failed
[  218.362557][T13178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.408334][T13178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.421048][T13178] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.428092][T13178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.454053][T13178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.511754][T13178] hsr_slave_0: entered promiscuous mode
[  218.526354][T13178] hsr_slave_1: entered promiscuous mode
[  218.542793][T13178] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.550997][T13178] Cannot create hsr debugfs directory
[  218.674477][T13178] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.751670][T13178] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.799927][T13268] 9pnet_fd: Insufficient options for proto=fd
[  218.848182][T13178] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.876610][T13256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3503'.
[  218.903734][T13256] ipvlan2: entered promiscuous mode
[  218.948030][T13178] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.024323][T13178] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  219.033310][T13178] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  219.044163][T13178] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  219.056008][T13178] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  219.103528][T13178] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.122867][T13178] 8021q: adding VLAN 0 to HW filter on device team0
[  219.137715][ T3576] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.144945][ T3576] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.160729][ T3576] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.167879][ T3576] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.203957][T13291] loop3: detected capacity change from 0 to 512
[  219.211976][T13291] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  219.229798][T13291] EXT4-fs error (device loop3): ext4_quota_enable:7120: comm syz.3.3514: Bad quota inum: 29696, type: 1
[  219.241561][T13291] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[  219.259009][T13291] EXT4-fs (loop3): mount failed
[  219.279798][T13178] 8021q: adding VLAN 0 to HW filter on device batadv0
[  219.474815][T13178] veth0_vlan: entered promiscuous mode
[  219.490957][T13178] veth1_vlan: entered promiscuous mode
[  219.523994][T13178] veth0_macvtap: entered promiscuous mode
[  219.532959][T13178] veth1_macvtap: entered promiscuous mode
[  219.566917][T13178] batman_adv: batadv0: Interface activated: batadv_slave_0
[  219.586565][T13178] batman_adv: batadv0: Interface activated: batadv_slave_1
[  219.597992][T13178] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.607048][T13178] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.615963][T13178] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  219.624867][T13178] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.710411][T13333] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3480'.
[  219.724705][T13333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.738974][T13333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.891983][T13326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3520'.
[  219.903990][T13326] ipvlan2: entered promiscuous mode
[  220.283142][T13343] loop0: detected capacity change from 0 to 1024
[  220.294137][T13343] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  220.306078][T13343] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  220.326981][T13343] JBD2: no valid journal superblock found
[  220.333907][T13343] EXT4-fs (loop0): Could not load journal inode
[  220.352230][T13355] 9pnet_fd: Insufficient options for proto=fd
[  220.864522][T13378] lo speed is unknown, defaulting to 1000
[  220.872855][T13378] lo speed is unknown, defaulting to 1000
[  221.028760][T13388] loop4: detected capacity change from 0 to 512
[  221.035832][T13388] EXT4-fs: Ignoring removed nobh option
[  221.041530][T13388] EXT4-fs: test_dummy_encryption option not supported
[  221.053476][T13388] FAULT_INJECTION: forcing a failure.
[  221.053476][T13388] name failslab, interval 1, probability 0, space 0, times 0
[  221.066257][T13388] CPU: 1 UID: 0 PID: 13388 Comm: syz.4.3544 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  221.066321][T13388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  221.066356][T13388] Call Trace:
[  221.066363][T13388]  <TASK>
[  221.066372][T13388]  __dump_stack+0x1d/0x30
[  221.066397][T13388]  dump_stack_lvl+0xe8/0x140
[  221.066421][T13388]  dump_stack+0x15/0x1b
[  221.066468][T13388]  should_fail_ex+0x265/0x280
[  221.066583][T13388]  should_failslab+0x8c/0xb0
[  221.066613][T13388]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  221.066651][T13388]  ? sidtab_sid2str_get+0xa0/0x130
[  221.066700][T13388]  kmemdup_noprof+0x2b/0x70
[  221.066728][T13388]  sidtab_sid2str_get+0xa0/0x130
[  221.066770][T13388]  security_sid_to_context_core+0x1eb/0x2e0
[  221.066804][T13388]  security_sid_to_context+0x27/0x40
[  221.066832][T13388]  selinux_lsmprop_to_secctx+0x67/0xf0
[  221.066862][T13388]  security_lsmprop_to_secctx+0x43/0x80
[  221.066892][T13388]  audit_log_task_context+0x77/0x190
[  221.066993][T13388]  audit_log_task+0xf4/0x250
[  221.067027][T13388]  audit_seccomp+0x61/0x100
[  221.067103][T13388]  ? __seccomp_filter+0x68c/0x10d0
[  221.067126][T13388]  __seccomp_filter+0x69d/0x10d0
[  221.067148][T13388]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  221.067168][T13388]  ? vfs_write+0x75e/0x8e0
[  221.067247][T13388]  __secure_computing+0x82/0x150
[  221.067277][T13388]  syscall_trace_enter+0xcf/0x1e0
[  221.067375][T13388]  do_syscall_64+0xac/0x200
[  221.067398][T13388]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  221.067491][T13388]  ? clear_bhb_loop+0x40/0x90
[  221.067521][T13388]  ? clear_bhb_loop+0x40/0x90
[  221.067549][T13388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.067632][T13388] RIP: 0033:0x7f35fb1fe929
[  221.067646][T13388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.067731][T13388] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  221.067754][T13388] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  221.067770][T13388] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000006
[  221.067786][T13388] RBP: 00007f35f9867090 R08: 0000000008000f28 R09: 0000000000000000
[  221.067801][T13388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  221.067813][T13388] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  221.067831][T13388]  </TASK>
[  221.388351][T13396] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3544'.
[  221.621036][T13407] loop3: detected capacity change from 0 to 512
[  221.637449][   T29] kauditd_printk_skb: 72 callbacks suppressed
[  221.637482][   T29] audit: type=1326 audit(2000000666.412:21886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.638641][T13410] tmpfs: Unknown parameter 'defcontextC'
[  221.643743][   T29] audit: type=1326 audit(2000000666.412:21887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.672364][T13410] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3553'.
[  221.672526][   T29] audit: type=1326 audit(2000000666.412:21888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.672554][   T29] audit: type=1326 audit(2000000666.412:21889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.750910][   T29] audit: type=1326 audit(2000000666.412:21890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.774104][   T29] audit: type=1326 audit(2000000666.412:21891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.797223][   T29] audit: type=1326 audit(2000000666.412:21892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.820333][   T29] audit: type=1326 audit(2000000666.412:21893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.843433][   T29] audit: type=1326 audit(2000000666.412:21894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13405 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd3e056e929 code=0x7ffc0000
[  221.866466][   T29] audit: type=1400 audit(2000000666.412:21895): avc:  denied  { setopt } for  pid=13405 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  221.948310][T13419] loop4: detected capacity change from 0 to 512
[  221.977124][T13419] EXT4-fs: Ignoring removed nobh option
[  221.982798][T13419] EXT4-fs: test_dummy_encryption option not supported
[  222.161081][T13424] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3557'.
[  222.252906][T13430] loop2: detected capacity change from 0 to 512
[  222.311042][T13430] lo speed is unknown, defaulting to 1000
[  222.328639][T13430] lo speed is unknown, defaulting to 1000
[  222.377308][T13428] loop0: detected capacity change from 0 to 1024
[  222.396816][T13435] loop2: detected capacity change from 0 to 128
[  222.425898][T13428] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  222.438636][T13428] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  222.477520][T13435] EXT4-fs mount: 5 callbacks suppressed
[  222.477540][T13435] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  222.501517][T13439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3563'.
[  222.512699][T13435] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  222.543673][T13439] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  222.559875][T13428] JBD2: no valid journal superblock found
[  222.569314][T13428] EXT4-fs (loop0): Could not load journal inode
[  222.591873][T13439] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.602842][T11699] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  222.660241][ T3591] bridge_slave_1: left allmulticast mode
[  222.666136][ T3591] bridge_slave_1: left promiscuous mode
[  222.671952][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.687812][ T3591] bridge_slave_0: left allmulticast mode
[  222.693558][ T3591] bridge_slave_0: left promiscuous mode
[  222.699393][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.742827][T13458] 9pnet_fd: Insufficient options for proto=fd
[  222.811761][T13460] loop3: detected capacity change from 0 to 8192
[  222.819813][T13467] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3572'.
[  222.958872][ T3591] bond1 (unregistering): Released all slaves
[  222.974267][T13473] netlink: 'syz.4.3572': attribute type 5 has an invalid length.
[  223.284930][T13478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3574'.
[  223.310123][T13478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3574'.
[  223.438839][ T3591] hsr_slave_0: left promiscuous mode
[  223.449212][ T3591] hsr_slave_1: left promiscuous mode
[  223.454989][ T3591] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.462499][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.476620][ T3591] veth1_macvtap: left promiscuous mode
[  223.482459][ T3591] veth0_macvtap: left promiscuous mode
[  223.496073][ T3591] veth1_vlan: left promiscuous mode
[  223.501430][ T3591] veth0_vlan: left promiscuous mode
[  223.607923][ T3591] team0 (unregistering): Port device team_slave_1 removed
[  223.630060][ T3591] team0 (unregistering): Port device team_slave_0 removed
[  223.640778][ T3576] smc: removing ib device syz!
[  223.730149][T13489] loop4: detected capacity change from 0 to 1024
[  223.740291][ T3419] lo speed is unknown, defaulting to 1000
[  223.740406][T13489] EXT4-fs: test_dummy_encryption option not supported
[  223.746150][ T3419] syz0: Port: 1 Link DOWN
[  223.763940][T13493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3578'.
[  223.794583][T13487] loop5: detected capacity change from 0 to 512
[  223.842715][T13487] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  223.864625][T13498] loop0: detected capacity change from 0 to 512
[  223.871800][T13498] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  223.882927][T13487] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.3576: iget: bad extended attribute block 512
[  223.908063][T13498] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.3578: invalid block
[  223.921409][T13487] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.3576: couldn't read orphan inode 15 (err -117)
[  223.936729][T13498] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.3578: invalid indirect mapped block 4294967295 (level 1)
[  223.952605][T13498] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.3578: invalid indirect mapped block 4294967295 (level 1)
[  223.954647][T13487] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  223.980096][T13503] netlink: 'syz.4.3581': attribute type 10 has an invalid length.
[  223.990647][T13503] team0: Device dummy0 is up. Set it down before adding it as a team port
[  224.000749][T13509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3582'.
[  224.019680][T13498] EXT4-fs (loop0): 2 truncates cleaned up
[  224.043201][T13498] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.088379][T13520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.104071][T13493] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  224.129155][T13520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.129170][T13498] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3578'.
[  224.162305][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.174045][T13178] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.208949][ T3591] IPVS: stop unused estimator thread 0...
[  224.240166][T13530] 9pnet_fd: Insufficient options for proto=fd
[  224.351019][T13529] loop5: detected capacity change from 0 to 8192
[  224.897667][T13548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13548 comm=syz.3.3592
[  224.912975][T13548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13548 comm=syz.3.3592
[  224.929425][T13548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13548 comm=syz.3.3592
[  225.019641][T13552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3594'.
[  225.056186][T13552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  225.077219][T13560] FAULT_INJECTION: forcing a failure.
[  225.077219][T13560] name failslab, interval 1, probability 0, space 0, times 0
[  225.090002][T13560] CPU: 0 UID: 0 PID: 13560 Comm: syz.3.3598 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  225.090044][T13560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  225.090062][T13560] Call Trace:
[  225.090070][T13560]  <TASK>
[  225.090081][T13560]  __dump_stack+0x1d/0x30
[  225.090111][T13560]  dump_stack_lvl+0xe8/0x140
[  225.090139][T13560]  dump_stack+0x15/0x1b
[  225.090184][T13560]  should_fail_ex+0x265/0x280
[  225.090231][T13560]  should_failslab+0x8c/0xb0
[  225.090263][T13560]  kmem_cache_alloc_noprof+0x50/0x310
[  225.090342][T13560]  ? alloc_empty_file+0x76/0x200
[  225.090378][T13560]  alloc_empty_file+0x76/0x200
[  225.090411][T13560]  alloc_file_pseudo+0xc6/0x160
[  225.090450][T13560]  __shmem_file_setup+0x1de/0x210
[  225.090557][T13560]  shmem_file_setup+0x3b/0x50
[  225.090596][T13560]  __se_sys_memfd_create+0x2c3/0x590
[  225.090663][T13560]  __x64_sys_memfd_create+0x31/0x40
[  225.090704][T13560]  x64_sys_call+0x122f/0x2fb0
[  225.090733][T13560]  do_syscall_64+0xd2/0x200
[  225.090834][T13560]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  225.090910][T13560]  ? clear_bhb_loop+0x40/0x90
[  225.090944][T13560]  ? clear_bhb_loop+0x40/0x90
[  225.090973][T13560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.091075][T13560] RIP: 0033:0x7fd3e056e929
[  225.091095][T13560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.091121][T13560] RSP: 002b:00007fd3debd6d68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  225.091147][T13560] RAX: ffffffffffffffda RBX: 00000000000005d1 RCX: 00007fd3e056e929
[  225.091164][T13560] RDX: 00007fd3debd6dec RSI: 0000000000000000 RDI: 00007fd3e05f14cc
[  225.091181][T13560] RBP: 0000200000001340 R08: 00007fd3debd6b07 R09: 0000000000000000
[  225.091229][T13560] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[  225.091245][T13560] R13: 00007fd3debd6dec R14: 00007fd3debd6df0 R15: 00007ffd78cb40b8
[  225.091271][T13560]  </TASK>
[  225.094499][T13552] batman_adv: batadv0: Removing interface: batadv_slave_1
[  225.200660][T13565] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3600'.
[  225.322042][T13562] loop3: detected capacity change from 0 to 512
[  225.359250][T13568] loop3: detected capacity change from 0 to 1024
[  225.377798][T13573] loop4: detected capacity change from 0 to 512
[  225.384595][T13568] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  225.392527][T13573] EXT4-fs: Ignoring removed bh option
[  225.403519][T13573] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  225.412879][T13573] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  225.447585][T13573] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  225.458299][T13573] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  225.489451][T13573] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.528753][T13583] 9pnet_fd: Insufficient options for proto=fd
[  225.572053][T13573] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3603'.
[  225.599739][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.744130][T13589] loop5: detected capacity change from 0 to 512
[  225.763647][T13589] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  225.857458][T13589] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.3610: iget: bad extended attribute block 512
[  225.893987][T13589] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.3610: couldn't read orphan inode 15 (err -117)
[  225.911757][T13589] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.062632][T13622] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13622 comm=syz.2.3618
[  226.104852][T13178] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.122622][T13622] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13622 comm=syz.2.3618
[  226.148909][T13622] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13622 comm=syz.2.3618
[  226.628216][T13650] FAULT_INJECTION: forcing a failure.
[  226.628216][T13650] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.641332][T13650] CPU: 1 UID: 0 PID: 13650 Comm: syz.2.3626 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  226.641366][T13650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  226.641379][T13650] Call Trace:
[  226.641385][T13650]  <TASK>
[  226.641392][T13650]  __dump_stack+0x1d/0x30
[  226.641427][T13650]  dump_stack_lvl+0xe8/0x140
[  226.641513][T13650]  dump_stack+0x15/0x1b
[  226.641528][T13650]  should_fail_ex+0x265/0x280
[  226.641566][T13650]  should_fail+0xb/0x20
[  226.641601][T13650]  should_fail_usercopy+0x1a/0x20
[  226.641699][T13650]  _copy_from_user+0x1c/0xb0
[  226.641726][T13650]  ___sys_sendmsg+0xc1/0x1d0
[  226.641839][T13650]  __x64_sys_sendmsg+0xd4/0x160
[  226.641860][T13650]  x64_sys_call+0x2999/0x2fb0
[  226.641941][T13650]  do_syscall_64+0xd2/0x200
[  226.641961][T13650]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  226.641991][T13650]  ? clear_bhb_loop+0x40/0x90
[  226.642011][T13650]  ? clear_bhb_loop+0x40/0x90
[  226.642063][T13650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.642082][T13650] RIP: 0033:0x7f94c890e929
[  226.642097][T13650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.642115][T13650] RSP: 002b:00007f94c6f35038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  226.642133][T13650] RAX: ffffffffffffffda RBX: 00007f94c8b36160 RCX: 00007f94c890e929
[  226.642147][T13650] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000008
[  226.642180][T13650] RBP: 00007f94c6f35090 R08: 0000000000000000 R09: 0000000000000000
[  226.642195][T13650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.642211][T13650] R13: 0000000000000000 R14: 00007f94c8b36160 R15: 00007ffc2fe696c8
[  226.642240][T13650]  </TASK>
[  226.924822][T13653] loop4: detected capacity change from 0 to 512
[  226.955767][T13653] EXT4-fs: Ignoring removed mblk_io_submit option
[  226.988855][T13653] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  227.016385][T13653] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002]
[  227.031488][T13653] System zones: 1-12
[  227.042804][T13653] EXT4-fs (loop4): 1 truncate cleaned up
[  227.065767][T13653] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.083555][T13664] loop5: detected capacity change from 0 to 2048
[  227.096720][T13649] loop0: detected capacity change from 0 to 1024
[  227.118759][T13667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13667 comm=syz.3.3634
[  227.119695][T13649] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  227.144731][T13649] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  227.155776][T13665] 9pnet_fd: Insufficient options for proto=fd
[  227.168029][T13649] JBD2: no valid journal superblock found
[  227.168367][T13667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13667 comm=syz.3.3634
[  227.174323][T13649] EXT4-fs (loop0): Could not load journal inode
[  227.188487][T13667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13667 comm=syz.3.3634
[  227.211936][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.713306][T13699] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=13699 comm=syz.3.3647
[  227.999595][   T29] kauditd_printk_skb: 104 callbacks suppressed
[  227.999690][   T29] audit: type=1400 audit(2000000672.782:22000): avc:  denied  { name_connect } for  pid=13709 comm="syz.3.3652" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  228.140526][T13722] __nla_validate_parse: 2 callbacks suppressed
[  228.140545][T13722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3655'.
[  228.166593][T13708] loop2: detected capacity change from 0 to 1024
[  228.215051][T13708] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  228.229373][T13708] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  228.258561][T13728] loop5: detected capacity change from 0 to 512
[  228.304412][T13734] loop3: detected capacity change from 0 to 1024
[  228.310969][T13729] loop0: detected capacity change from 0 to 8192
[  228.311232][T13708] JBD2: no valid journal superblock found
[  228.324877][T13734] EXT4-fs: Ignoring removed i_version option
[  228.324913][T13734] EXT4-fs: Ignoring removed mblk_io_submit option
[  228.324977][T13734] EXT4-fs: Ignoring removed nobh option
[  228.325002][T13734] EXT4-fs: Ignoring removed bh option
[  228.333595][T13729] net_ratelimit: 1455 callbacks suppressed
[  228.333615][T13729] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  228.337553][T13708] EXT4-fs (loop2): Could not load journal inode
[  228.374358][T13736] FAULT_INJECTION: forcing a failure.
[  228.374358][T13736] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  228.374394][T13736] CPU: 1 UID: 0 PID: 13736 Comm: +}[@ Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  228.374504][T13736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  228.374520][T13736] Call Trace:
[  228.374528][T13736]  <TASK>
[  228.374535][T13736]  __dump_stack+0x1d/0x30
[  228.374559][T13736]  dump_stack_lvl+0xe8/0x140
[  228.374614][T13736]  dump_stack+0x15/0x1b
[  228.374636][T13736]  should_fail_ex+0x265/0x280
[  228.374676][T13736]  should_fail_alloc_page+0xf2/0x100
[  228.374708][T13736]  __alloc_frozen_pages_noprof+0xff/0x360
[  228.374816][T13736]  alloc_pages_mpol+0xb3/0x250
[  228.374884][T13736]  folio_alloc_mpol_noprof+0x39/0x80
[  228.374925][T13736]  shmem_get_folio_gfp+0x3cf/0xd60
[  228.375028][T13736]  shmem_fault+0xf6/0x250
[  228.375070][T13736]  __do_fault+0xbc/0x200
[  228.375099][T13736]  handle_mm_fault+0xd69/0x2be0
[  228.375180][T13736]  ? __rcu_read_lock+0x37/0x50
[  228.375218][T13736]  __get_user_pages+0x1036/0x1fb0
[  228.375258][T13736]  __gup_longterm_locked+0xd16/0x1010
[  228.375321][T13736]  ? exc_page_fault+0x62/0xa0
[  228.375388][T13736]  ? should_fail_ex+0xdb/0x280
[  228.375428][T13736]  pin_user_pages_remote+0x7e/0xb0
[  228.375452][T13736]  process_vm_rw+0x484/0x950
[  228.375599][T13736]  __x64_sys_process_vm_writev+0x78/0x90
[  228.375640][T13736]  x64_sys_call+0xe80/0x2fb0
[  228.375669][T13736]  do_syscall_64+0xd2/0x200
[  228.375707][T13736]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  228.375743][T13736]  ? clear_bhb_loop+0x40/0x90
[  228.375771][T13736]  ? clear_bhb_loop+0x40/0x90
[  228.375800][T13736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.375889][T13736] RIP: 0033:0x7f35fb1fe929
[  228.375909][T13736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.375934][T13736] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[  228.375959][T13736] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  228.375977][T13736] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 00000000000000e6
[  228.375994][T13736] RBP: 00007f35f9867090 R08: 000000000000023a R09: 0000000000000000
[  228.376051][T13736] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001
[  228.376067][T13736] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  228.376093][T13736]  </TASK>
[  228.517543][T13734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.642273][T13749] 9pnet_fd: Insufficient options for proto=fd
[  228.705220][   T29] audit: type=1400 audit(2000000673.482:22001): avc:  denied  { write } for  pid=13733 comm="syz.3.3660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  228.749156][T11870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.793945][T13754] loop4: detected capacity change from 0 to 1024
[  228.819225][T13754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.839572][   T29] audit: type=1326 audit(2000000673.622:22002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  228.839904][T13756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3667'.
[  228.863280][   T29] audit: type=1326 audit(2000000673.622:22003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  228.863316][   T29] audit: type=1326 audit(2000000673.622:22004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  228.919941][   T29] audit: type=1326 audit(2000000673.662:22005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  228.943674][   T29] audit: type=1326 audit(2000000673.662:22006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  228.967299][   T29] audit: type=1326 audit(2000000673.662:22007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  228.991494][   T29] audit: type=1326 audit(2000000673.662:22008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  229.015519][   T29] audit: type=1326 audit(2000000673.662:22009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13753 comm="syz.4.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35fb1fe929 code=0x7ffc0000
[  229.141013][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.188009][T13775] loop4: detected capacity change from 0 to 512
[  229.194732][T13775] EXT4-fs: Ignoring removed orlov option
[  229.200867][T13775] ext4: Unknown parameter 'uid>00000000000000000000'
[  229.210811][T13775] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3676'.
[  229.233033][T13775] loop4: detected capacity change from 0 to 2048
[  229.242632][T13779] loop5: detected capacity change from 0 to 128
[  229.251095][T13779] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  229.258761][T13779] FAT-fs (loop5): Filesystem has been set read-only
[  229.267529][T13779] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3678'.
[  229.285417][T13775] Alternate GPT is invalid, using primary GPT.
[  229.291999][T13775]  loop4: p1 p2 p3
[  229.306974][T13784] loop3: detected capacity change from 0 to 128
[  229.454267][T13782] loop2: detected capacity change from 0 to 1024
[  229.471220][T13782] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  229.483879][T13782] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  229.503442][T13775] loop4: detected capacity change from 0 to 1024
[  229.530954][T13782] JBD2: no valid journal superblock found
[  229.538510][T13782] EXT4-fs (loop2): Could not load journal inode
[  229.853538][T13797] team_slave_0: entered promiscuous mode
[  229.859284][T13797] team_slave_1: entered promiscuous mode
[  229.883801][T13797] vlan2: entered promiscuous mode
[  229.889040][T13797] team0: entered promiscuous mode
[  229.910809][T13801] bond_slave_0: entered promiscuous mode
[  229.916692][T13801] bond_slave_1: entered promiscuous mode
[  229.929052][T13801] vlan2: entered promiscuous mode
[  229.934287][T13801] bond0: entered promiscuous mode
[  230.030436][T13808] nfs: Unknown parameter 'GPL'
[  230.073319][T13814] loop0: detected capacity change from 0 to 512
[  230.074479][T13812] loop4: detected capacity change from 0 to 512
[  230.097254][T13814] EXT4-fs: Ignoring removed mblk_io_submit option
[  230.103370][T13812] EXT4-fs: Ignoring removed mblk_io_submit option
[  230.125464][T13812] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  230.180477][T13814] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  230.205815][T13812] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002]
[  230.238469][T13814] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002]
[  230.355401][T13812] System zones: 1-12
[  230.362696][T13814] System zones: 1-12
[  230.368321][T13812] EXT4-fs (loop4): 1 truncate cleaned up
[  230.380904][T13812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.396056][T13814] EXT4-fs (loop0): 1 truncate cleaned up
[  230.402230][T13814] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.418848][T13812] FAULT_INJECTION: forcing a failure.
[  230.418848][T13812] name failslab, interval 1, probability 0, space 0, times 0
[  230.431634][T13812] CPU: 0 UID: 0 PID: 13812 Comm: syz.4.3689 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  230.431667][T13812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  230.431680][T13812] Call Trace:
[  230.431686][T13812]  <TASK>
[  230.431694][T13812]  __dump_stack+0x1d/0x30
[  230.431734][T13812]  dump_stack_lvl+0xe8/0x140
[  230.431829][T13812]  dump_stack+0x15/0x1b
[  230.431850][T13812]  should_fail_ex+0x265/0x280
[  230.431886][T13812]  should_failslab+0x8c/0xb0
[  230.431994][T13812]  kmem_cache_alloc_noprof+0x50/0x310
[  230.432079][T13812]  ? ext4_mb_new_blocks+0x2ce/0x2050
[  230.432115][T13812]  ? __mark_inode_dirty+0x1ac/0x760
[  230.432142][T13812]  ext4_mb_new_blocks+0x2ce/0x2050
[  230.432173][T13812]  ? ext4_new_meta_blocks+0xff/0x1b0
[  230.432208][T13812]  ext4_ind_map_blocks+0xb4c/0x14f0
[  230.432267][T13812]  ext4_map_blocks+0x5d2/0xd70
[  230.432288][T13812]  ? kernel_text_address+0x94/0xb0
[  230.432326][T13812]  ext4_iomap_begin+0x93a/0xe00
[  230.432352][T13812]  ? __pfx_ext4_iomap_begin+0x10/0x10
[  230.432428][T13812]  iomap_iter+0x338/0x730
[  230.432452][T13812]  ? should_failslab+0x8c/0xb0
[  230.432477][T13812]  __iomap_dio_rw+0x708/0x1250
[  230.432508][T13812]  ? ext4_xattr_security_get+0x32/0x40
[  230.432600][T13812]  ? __pfx_ext4_xattr_security_get+0x10/0x10
[  230.432653][T13812]  ? ext4_journal_check_start+0x11a/0x1b0
[  230.432691][T13812]  iomap_dio_rw+0x40/0x90
[  230.432734][T13812]  ext4_file_write_iter+0xad9/0xf00
[  230.432790][T13812]  do_iter_readv_writev+0x421/0x4c0
[  230.432816][T13812]  vfs_writev+0x2df/0x8b0
[  230.432850][T13812]  __se_sys_pwritev2+0xfc/0x1c0
[  230.432873][T13812]  __x64_sys_pwritev2+0x67/0x80
[  230.432982][T13812]  x64_sys_call+0x1cea/0x2fb0
[  230.433040][T13812]  do_syscall_64+0xd2/0x200
[  230.433057][T13812]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  230.433089][T13812]  ? clear_bhb_loop+0x40/0x90
[  230.433116][T13812]  ? clear_bhb_loop+0x40/0x90
[  230.433144][T13812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.433242][T13812] RIP: 0033:0x7f35fb1fe929
[  230.433261][T13812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.433295][T13812] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  230.433313][T13812] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  230.433347][T13812] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000006
[  230.433362][T13812] RBP: 00007f35f9867090 R08: 0000000000003000 R09: 0000000000000003
[  230.433378][T13812] R10: 0000000000007c00 R11: 0000000000000246 R12: 0000000000000001
[  230.433391][T13812] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  230.433436][T13812]  </TASK>
[  230.434528][T13822] loop5: detected capacity change from 0 to 128
[  230.438421][T13823] loop3: detected capacity change from 0 to 2048
[  230.718403][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.754645][T13823] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.775835][T13833] loop4: detected capacity change from 0 to 128
[  230.783629][T13823] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.791076][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.810687][T13829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3695'.
[  230.834657][T13829] bridge_slave_1: left allmulticast mode
[  230.840392][T13829] bridge_slave_1: left promiscuous mode
[  230.846127][T13829] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.905855][T13829] bridge_slave_0: left allmulticast mode
[  230.911643][T13829] bridge_slave_0: left promiscuous mode
[  230.917411][T13829] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.925055][T11870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.132684][T13841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3696'.
[  231.173177][T13841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3696'.
[  231.211058][T13841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3696'.
[  231.848779][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.848779][ T3610] loop5: rw=1, sector=145, nr_sectors = 8 limit=128
[  231.875999][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.875999][ T3610] loop5: rw=1, sector=161, nr_sectors = 8 limit=128
[  231.905822][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.905822][ T3610] loop5: rw=1, sector=177, nr_sectors = 8 limit=128
[  231.925856][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.925856][ T3610] loop5: rw=1, sector=193, nr_sectors = 8 limit=128
[  231.945830][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.945830][ T3610] loop5: rw=1, sector=209, nr_sectors = 8 limit=128
[  231.959500][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.959500][ T3610] loop5: rw=1, sector=225, nr_sectors = 8 limit=128
[  231.979965][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.979965][ T3610] loop5: rw=1, sector=241, nr_sectors = 8 limit=128
[  231.994650][ T3610] kworker/u8:61: attempt to access beyond end of device
[  231.994650][ T3610] loop5: rw=1, sector=257, nr_sectors = 8 limit=128
[  232.014984][ T3610] kworker/u8:61: attempt to access beyond end of device
[  232.014984][ T3610] loop5: rw=1, sector=273, nr_sectors = 8 limit=128
[  232.030551][ T3610] kworker/u8:61: attempt to access beyond end of device
[  232.030551][ T3610] loop5: rw=1, sector=289, nr_sectors = 8 limit=128
[  232.040758][T13860] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3706'.
[  232.066078][T13864] FAULT_INJECTION: forcing a failure.
[  232.066078][T13864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.079365][T13864] CPU: 0 UID: 0 PID: 13864 Comm: syz.5.3704 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  232.079443][T13864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.079460][T13864] Call Trace:
[  232.079468][T13864]  <TASK>
[  232.079475][T13864]  __dump_stack+0x1d/0x30
[  232.079566][T13864]  dump_stack_lvl+0xe8/0x140
[  232.079586][T13864]  dump_stack+0x15/0x1b
[  232.079602][T13864]  should_fail_ex+0x265/0x280
[  232.079638][T13864]  should_fail+0xb/0x20
[  232.079686][T13864]  should_fail_usercopy+0x1a/0x20
[  232.079791][T13864]  _copy_from_user+0x1c/0xb0
[  232.079812][T13864]  __sys_bpf+0x178/0x790
[  232.079895][T13864]  __x64_sys_bpf+0x41/0x50
[  232.079924][T13864]  x64_sys_call+0x2478/0x2fb0
[  232.079960][T13864]  do_syscall_64+0xd2/0x200
[  232.079982][T13864]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  232.080113][T13864]  ? clear_bhb_loop+0x40/0x90
[  232.080167][T13864]  ? clear_bhb_loop+0x40/0x90
[  232.080196][T13864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.080275][T13864] RIP: 0033:0x7f9631aee929
[  232.080290][T13864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.080308][T13864] RSP: 002b:00007f9630157038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  232.080332][T13864] RAX: ffffffffffffffda RBX: 00007f9631d15fa0 RCX: 00007f9631aee929
[  232.080348][T13864] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  232.080364][T13864] RBP: 00007f9630157090 R08: 0000000000000000 R09: 0000000000000000
[  232.080379][T13864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.080429][T13864] R13: 0000000000000000 R14: 00007f9631d15fa0 R15: 00007fff26ba3148
[  232.080452][T13864]  </TASK>
[  232.081848][T13862] FAULT_INJECTION: forcing a failure.
[  232.081848][T13862] name failslab, interval 1, probability 0, space 0, times 0
[  232.110624][T13860] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  232.111059][T13862] CPU: 0 UID: 0 PID: 13862 Comm: syz.3.3707 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  232.111101][T13862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.111120][T13862] Call Trace:
[  232.111128][T13862]  <TASK>
[  232.111136][T13862]  __dump_stack+0x1d/0x30
[  232.111244][T13862]  dump_stack_lvl+0xe8/0x140
[  232.111272][T13862]  dump_stack+0x15/0x1b
[  232.111296][T13862]  should_fail_ex+0x265/0x280
[  232.111341][T13862]  should_failslab+0x8c/0xb0
[  232.111387][T13862]  kmem_cache_alloc_noprof+0x50/0x310
[  232.111424][T13862]  ? audit_log_start+0x365/0x6c0
[  232.111516][T13862]  audit_log_start+0x365/0x6c0
[  232.111563][T13862]  audit_seccomp+0x48/0x100
[  232.111650][T13862]  ? __seccomp_filter+0x68c/0x10d0
[  232.111738][T13862]  __seccomp_filter+0x69d/0x10d0
[  232.111772][T13862]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  232.111800][T13862]  ? vfs_write+0x75e/0x8e0
[  232.111871][T13862]  ? __rcu_read_unlock+0x4f/0x70
[  232.111904][T13862]  ? __fget_files+0x184/0x1c0
[  232.112010][T13862]  __secure_computing+0x82/0x150
[  232.112042][T13862]  syscall_trace_enter+0xcf/0x1e0
[  232.112076][T13862]  do_syscall_64+0xac/0x200
[  232.112139][T13862]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  232.112175][T13862]  ? clear_bhb_loop+0x40/0x90
[  232.112204][T13862]  ? clear_bhb_loop+0x40/0x90
[  232.112234][T13862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.112341][T13862] RIP: 0033:0x7fd3e056e929
[  232.112410][T13862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.112437][T13862] RSP: 002b:00007fd3debd7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  232.112463][T13862] RAX: ffffffffffffffda RBX: 00007fd3e0795fa0 RCX: 00007fd3e056e929
[  232.112483][T13862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  232.112501][T13862] RBP: 00007fd3debd7090 R08: fffffffffffffffb R09: 0000000000000000
[  232.112519][T13862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.112543][T13862] R13: 0000000000000000 R14: 00007fd3e0795fa0 R15: 00007ffd78cb40b8
[  232.112571][T13862]  </TASK>
[  232.491212][T13860] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.590444][T13878] program syz.0.3713 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  232.679075][T13872] loop5: detected capacity change from 0 to 512
[  232.686202][T13872] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  232.697370][T13878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.707804][T13878] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.718821][T13872] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.3710: iget: bad extended attribute block 512
[  232.740501][T13894] loop4: detected capacity change from 0 to 512
[  232.765557][T13872] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.3710: couldn't read orphan inode 15 (err -117)
[  232.781255][T13872] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.798960][T13894] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.812934][T13894] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.851915][T13894] syzkaller1: entered promiscuous mode
[  232.857484][T13894] syzkaller1: entered allmulticast mode
[  232.882307][T13894] FAULT_INJECTION: forcing a failure.
[  232.882307][T13894] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.895644][T13894] CPU: 0 UID: 0 PID: 13894 Comm: syz.4.3716 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  232.895681][T13894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.895697][T13894] Call Trace:
[  232.895705][T13894]  <TASK>
[  232.895715][T13894]  __dump_stack+0x1d/0x30
[  232.895740][T13894]  dump_stack_lvl+0xe8/0x140
[  232.895759][T13894]  dump_stack+0x15/0x1b
[  232.895838][T13894]  should_fail_ex+0x265/0x280
[  232.895880][T13894]  should_fail+0xb/0x20
[  232.895909][T13894]  should_fail_usercopy+0x1a/0x20
[  232.895997][T13894]  _copy_from_iter+0xcf/0xe40
[  232.896022][T13894]  ? mntput+0x4b/0x80
[  232.896130][T13894]  ? terminate_walk+0x27f/0x2a0
[  232.896153][T13894]  tun_get_user+0x144/0x2500
[  232.896195][T13894]  ? ref_tracker_alloc+0x1f2/0x2f0
[  232.896238][T13894]  ? selinux_file_permission+0x1e4/0x320
[  232.896270][T13894]  tun_chr_write_iter+0x15e/0x210
[  232.896300][T13894]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  232.896376][T13894]  vfs_write+0x4a0/0x8e0
[  232.896425][T13894]  ksys_write+0xda/0x1a0
[  232.896449][T13894]  __x64_sys_write+0x40/0x50
[  232.896519][T13894]  x64_sys_call+0x2cdd/0x2fb0
[  232.896547][T13894]  do_syscall_64+0xd2/0x200
[  232.896569][T13894]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  232.896623][T13894]  ? clear_bhb_loop+0x40/0x90
[  232.896643][T13894]  ? clear_bhb_loop+0x40/0x90
[  232.896662][T13894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.896724][T13894] RIP: 0033:0x7f35fb1fe929
[  232.896738][T13894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.896755][T13894] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  232.896772][T13894] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  232.896822][T13894] RDX: 00000000000000dc RSI: 00002000000003c0 RDI: 0000000000000006
[  232.896833][T13894] RBP: 00007f35f9867090 R08: 0000000000000000 R09: 0000000000000000
[  232.896844][T13894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.896854][T13894] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  232.896933][T13894]  </TASK>
[  232.901754][T13178] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.130943][T13914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3720'.
[  233.143340][T13914] ipvlan2: entered promiscuous mode
[  233.176882][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.322363][T13924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3723'.
[  233.373173][T13924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3723'.
[  233.468099][T13924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3723'.
[  233.646002][T13931] loop2: detected capacity change from 0 to 8192
[  233.656260][T13932] 9pnet_fd: Insufficient options for proto=fd
[  233.663659][   T29] kauditd_printk_skb: 328 callbacks suppressed
[  233.663675][   T29] audit: type=1400 audit(2000000678.442:22334): avc:  denied  { validate_trans } for  pid=13934 comm="syz.4.3727" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  233.785070][T13944] loop3: detected capacity change from 0 to 2048
[  233.817127][   T29] audit: type=1326 audit(2000000678.602:22335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13946 comm="syz.2.3731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c890e929 code=0x7ffc0000
[  233.840837][   T29] audit: type=1326 audit(2000000678.602:22336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13946 comm="syz.2.3731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c890e929 code=0x7ffc0000
[  233.843411][T13944] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.884666][T13944] futex_wake_op: syz.3.3730 tries to shift op by -1; fix this program
[  233.983952][   T29] audit: type=1400 audit(2000000678.762:22337): avc:  denied  { create } for  pid=13960 comm="syz.4.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.017987][T13965] unsupported nla_type 52263
[  234.030648][T13962] loop2: detected capacity change from 0 to 512
[  234.034384][   T29] audit: type=1400 audit(2000000678.762:22338): avc:  denied  { bind } for  pid=13960 comm="syz.4.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.056713][   T29] audit: type=1400 audit(2000000678.762:22339): avc:  denied  { listen } for  pid=13960 comm="syz.4.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.061747][T13962] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  234.076479][   T29] audit: type=1400 audit(2000000678.762:22340): avc:  denied  { connect } for  pid=13960 comm="syz.4.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.076538][   T29] audit: type=1400 audit(2000000678.762:22341): avc:  denied  { write } for  pid=13960 comm="syz.4.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.126150][   T29] audit: type=1400 audit(2000000678.772:22342): avc:  denied  { setopt } for  pid=13960 comm="syz.4.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  234.150754][T13962] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.3732: iget: bad extended attribute block 512
[  234.163968][T13962] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.3732: couldn't read orphan inode 15 (err -117)
[  234.177553][T13962] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  234.182184][T13971] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3736'.
[  234.203087][T13971] macvlan2: entered promiscuous mode
[  234.209382][T13971] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  234.219862][T13971] FAULT_INJECTION: forcing a failure.
[  234.219862][T13971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.233008][T13971] CPU: 1 UID: 0 PID: 13971 Comm: syz.4.3736 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  234.233079][T13971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  234.233095][T13971] Call Trace:
[  234.233103][T13971]  <TASK>
[  234.233113][T13971]  __dump_stack+0x1d/0x30
[  234.233138][T13971]  dump_stack_lvl+0xe8/0x140
[  234.233169][T13971]  dump_stack+0x15/0x1b
[  234.233189][T13971]  should_fail_ex+0x265/0x280
[  234.233234][T13971]  should_fail+0xb/0x20
[  234.233261][T13971]  should_fail_usercopy+0x1a/0x20
[  234.233294][T13971]  _copy_from_user+0x1c/0xb0
[  234.233373][T13971]  sock_do_ioctl+0xe6/0x220
[  234.233407][T13971]  sock_ioctl+0x41b/0x610
[  234.233437][T13971]  ? __pfx_sock_ioctl+0x10/0x10
[  234.233464][T13971]  __se_sys_ioctl+0xcb/0x140
[  234.233569][T13971]  __x64_sys_ioctl+0x43/0x50
[  234.233686][T13971]  x64_sys_call+0x19a8/0x2fb0
[  234.233714][T13971]  do_syscall_64+0xd2/0x200
[  234.233739][T13971]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  234.233771][T13971]  ? clear_bhb_loop+0x40/0x90
[  234.233825][T13971]  ? clear_bhb_loop+0x40/0x90
[  234.233915][T13971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.233951][T13971] RIP: 0033:0x7f35fb1fe929
[  234.233970][T13971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.233993][T13971] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  234.234017][T13971] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  234.234044][T13971] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003
[  234.234061][T13971] RBP: 00007f35f9867090 R08: 0000000000000000 R09: 0000000000000000
[  234.234077][T13971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.234093][T13971] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  234.234120][T13971]  </TASK>
[  234.445529][   T29] audit: type=1400 audit(2000000679.022:22343): avc:  denied  { write } for  pid=13975 comm="syz.5.3737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  234.470474][T13978] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3737'.
[  234.483108][T13978] bond_slave_0: entered promiscuous mode
[  234.488869][T13978] bond_slave_1: entered promiscuous mode
[  234.496394][T13978] macvlan2: entered promiscuous mode
[  234.501801][T13978] bond0: entered promiscuous mode
[  234.507949][T13981] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3738'.
[  234.518969][T13978] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  234.526701][T11699] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.676537][T13992] netlink: '+}[@': attribute type 10 has an invalid length.
[  234.690888][T13996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3741'.
[  234.695038][T13992] team0: Device veth0_macvtap failed to register rx_handler
[  234.747642][T11870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.846097][T14002] loop0: detected capacity change from 0 to 128
[  234.892510][T14002] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  234.906122][T14002] ext4 filesystem being mounted at /188/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  234.968493][T14007] FAULT_INJECTION: forcing a failure.
[  234.968493][T14007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.981792][T14007] CPU: 1 UID: 0 PID: 14007 Comm: syz.5.3748 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  234.981904][T14007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  234.981918][T14007] Call Trace:
[  234.981927][T14007]  <TASK>
[  234.981936][T14007]  __dump_stack+0x1d/0x30
[  234.981958][T14007]  dump_stack_lvl+0xe8/0x140
[  234.981976][T14007]  dump_stack+0x15/0x1b
[  234.982001][T14007]  should_fail_ex+0x265/0x280
[  234.982038][T14007]  should_fail+0xb/0x20
[  234.982120][T14007]  should_fail_usercopy+0x1a/0x20
[  234.982173][T14007]  _copy_from_user+0x1c/0xb0
[  234.982201][T14007]  ___sys_sendmsg+0xc1/0x1d0
[  234.982305][T14007]  __x64_sys_sendmsg+0xd4/0x160
[  234.982402][T14007]  x64_sys_call+0x2999/0x2fb0
[  234.982426][T14007]  do_syscall_64+0xd2/0x200
[  234.982450][T14007]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  234.982484][T14007]  ? clear_bhb_loop+0x40/0x90
[  234.982511][T14007]  ? clear_bhb_loop+0x40/0x90
[  234.982598][T14007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.982618][T14007] RIP: 0033:0x7f9631aee929
[  234.982636][T14007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.982725][T14007] RSP: 002b:00007f9630157038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  234.982746][T14007] RAX: ffffffffffffffda RBX: 00007f9631d15fa0 RCX: 00007f9631aee929
[  234.982763][T14007] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[  234.982780][T14007] RBP: 00007f9630157090 R08: 0000000000000000 R09: 0000000000000000
[  234.982797][T14007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.982813][T14007] R13: 0000000000000000 R14: 00007f9631d15fa0 R15: 00007fff26ba3148
[  234.982879][T14007]  </TASK>
[  235.213100][T14009] lo speed is unknown, defaulting to 1000
[  235.227232][T11271] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  235.244632][T14009] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3749'.
[  235.320700][T14015] selinux_netlink_send: 2 callbacks suppressed
[  235.320722][T14015] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14015 comm=syz.5.3752
[  235.345371][T14017] 9pnet_fd: Insufficient options for proto=fd
[  235.362833][T14015] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3752'.
[  235.396731][T14026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3753'.
[  235.410434][T14013] loop0: detected capacity change from 0 to 512
[  235.418893][T14013] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  235.440108][T14013] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.3750: iget: bad extended attribute block 512
[  235.454199][T14013] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.3750: couldn't read orphan inode 15 (err -117)
[  235.471975][T14013] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.538452][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.633047][T14048] FAULT_INJECTION: forcing a failure.
[  235.633047][T14048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.646284][T14048] CPU: 0 UID: 0 PID: 14048 Comm: syz.3.3760 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  235.646318][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  235.646334][T14048] Call Trace:
[  235.646342][T14048]  <TASK>
[  235.646427][T14048]  __dump_stack+0x1d/0x30
[  235.646449][T14048]  dump_stack_lvl+0xe8/0x140
[  235.646473][T14048]  dump_stack+0x15/0x1b
[  235.646512][T14048]  should_fail_ex+0x265/0x280
[  235.646553][T14048]  should_fail+0xb/0x20
[  235.646649][T14048]  should_fail_usercopy+0x1a/0x20
[  235.646681][T14048]  _copy_from_user+0x1c/0xb0
[  235.646707][T14048]  ___sys_sendmsg+0xc1/0x1d0
[  235.646765][T14048]  __x64_sys_sendmsg+0xd4/0x160
[  235.646793][T14048]  x64_sys_call+0x2999/0x2fb0
[  235.646813][T14048]  do_syscall_64+0xd2/0x200
[  235.646830][T14048]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  235.646929][T14048]  ? clear_bhb_loop+0x40/0x90
[  235.646949][T14048]  ? clear_bhb_loop+0x40/0x90
[  235.646973][T14048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.647000][T14048] RIP: 0033:0x7fd3e056e929
[  235.647017][T14048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.647035][T14048] RSP: 002b:00007fd3debd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  235.647149][T14048] RAX: ffffffffffffffda RBX: 00007fd3e0795fa0 RCX: 00007fd3e056e929
[  235.647161][T14048] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006
[  235.647175][T14048] RBP: 00007fd3debd7090 R08: 0000000000000000 R09: 0000000000000000
[  235.647189][T14048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.647205][T14048] R13: 0000000000000000 R14: 00007fd3e0795fa0 R15: 00007ffd78cb40b8
[  235.647230][T14048]  </TASK>
[  235.665761][T14050] lo speed is unknown, defaulting to 1000
[  235.744120][T14054] 9pnet_fd: Insufficient options for proto=fd
[  235.882698][T14060] FAULT_INJECTION: forcing a failure.
[  235.882698][T14060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.895871][T14060] CPU: 0 UID: 0 PID: 14060 Comm: syz.3.3765 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  235.895965][T14060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  235.895978][T14060] Call Trace:
[  235.895985][T14060]  <TASK>
[  235.895993][T14060]  __dump_stack+0x1d/0x30
[  235.896014][T14060]  dump_stack_lvl+0xe8/0x140
[  235.896048][T14060]  dump_stack+0x15/0x1b
[  235.896078][T14060]  should_fail_ex+0x265/0x280
[  235.896120][T14060]  should_fail+0xb/0x20
[  235.896156][T14060]  should_fail_usercopy+0x1a/0x20
[  235.896269][T14060]  _copy_from_user+0x1c/0xb0
[  235.896300][T14060]  ___sys_sendmsg+0xc1/0x1d0
[  235.896362][T14060]  __x64_sys_sendmsg+0xd4/0x160
[  235.896393][T14060]  x64_sys_call+0x2999/0x2fb0
[  235.896422][T14060]  do_syscall_64+0xd2/0x200
[  235.896444][T14060]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  235.896469][T14060]  ? clear_bhb_loop+0x40/0x90
[  235.896526][T14060]  ? clear_bhb_loop+0x40/0x90
[  235.896554][T14060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.896582][T14060] RIP: 0033:0x7fd3e056e929
[  235.896602][T14060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.896701][T14060] RSP: 002b:00007fd3debd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  235.896764][T14060] RAX: ffffffffffffffda RBX: 00007fd3e0795fa0 RCX: 00007fd3e056e929
[  235.896779][T14060] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006
[  235.896791][T14060] RBP: 00007fd3debd7090 R08: 0000000000000000 R09: 0000000000000000
[  235.896827][T14060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.896838][T14060] R13: 0000000000000000 R14: 00007fd3e0795fa0 R15: 00007ffd78cb40b8
[  235.896870][T14060]  </TASK>
[  236.097638][T14066] loop4: detected capacity change from 0 to 512
[  236.104609][T14066] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  236.116883][T14066] EXT4-fs (loop4): 1 truncate cleaned up
[  236.123082][T14066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.185345][T14071] loop0: detected capacity change from 0 to 512
[  236.222949][T14071] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  236.471606][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.488325][T14071] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.3768: iget: bad extended attribute block 512
[  236.580009][T14071] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.3768: couldn't read orphan inode 15 (err -117)
[  236.600422][T14071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.635573][T14085] loop4: detected capacity change from 0 to 1024
[  236.700183][T14085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.713770][T14085] FAULT_INJECTION: forcing a failure.
[  236.713770][T14085] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  236.727196][T14085] CPU: 1 UID: 0 PID: 14085 Comm: gtp Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  236.727285][T14085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  236.727306][T14085] Call Trace:
[  236.727314][T14085]  <TASK>
[  236.727324][T14085]  __dump_stack+0x1d/0x30
[  236.727351][T14085]  dump_stack_lvl+0xe8/0x140
[  236.727376][T14085]  dump_stack+0x15/0x1b
[  236.727394][T14085]  should_fail_ex+0x265/0x280
[  236.727479][T14085]  should_fail_alloc_page+0xf2/0x100
[  236.727518][T14085]  __alloc_frozen_pages_noprof+0xff/0x360
[  236.727600][T14085]  alloc_pages_mpol+0xb3/0x250
[  236.727641][T14085]  folio_alloc_noprof+0x97/0x150
[  236.727702][T14085]  filemap_alloc_folio_noprof+0x66/0x210
[  236.727741][T14085]  __filemap_get_folio+0x28f/0x6b0
[  236.727857][T14085]  ? ext4_try_to_write_inline_data+0x54/0x90
[  236.727900][T14085]  ext4_write_begin+0x234/0xd30
[  236.727934][T14085]  ? avc_has_perm+0xd3/0x150
[  236.727971][T14085]  ? __vfs_getxattr+0x2aa/0x2c0
[  236.728073][T14085]  ext4_da_write_begin+0x1e0/0x670
[  236.728103][T14085]  ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0
[  236.728138][T14085]  generic_perform_write+0x184/0x490
[  236.728203][T14085]  ext4_buffered_write_iter+0x1ee/0x3c0
[  236.728226][T14085]  ? ext4_file_write_iter+0xfe/0xf00
[  236.728310][T14085]  ext4_file_write_iter+0x383/0xf00
[  236.728342][T14085]  ? avc_policy_seqno+0x15/0x30
[  236.728373][T14085]  ? selinux_file_permission+0x1e4/0x320
[  236.728405][T14085]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  236.728464][T14085]  vfs_write+0x4a0/0x8e0
[  236.728505][T14085]  ksys_write+0xda/0x1a0
[  236.728544][T14085]  __x64_sys_write+0x40/0x50
[  236.728566][T14085]  x64_sys_call+0x2cdd/0x2fb0
[  236.728587][T14085]  do_syscall_64+0xd2/0x200
[  236.728609][T14085]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  236.728639][T14085]  ? clear_bhb_loop+0x40/0x90
[  236.728676][T14085]  ? clear_bhb_loop+0x40/0x90
[  236.728760][T14085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.728788][T14085] RIP: 0033:0x7f35fb1fe929
[  236.728807][T14085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.728818][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.728830][T14085] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  236.728853][T14085] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  236.728894][T14085] RDX: 000000000208e24b RSI: 0000200000000000 RDI: 0000000000000006
[  236.728909][T14085] RBP: 00007f35f9867090 R08: 0000000000000000 R09: 0000000000000000
[  236.728927][T14085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  236.728943][T14085] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  236.728971][T14085]  </TASK>
[  236.847078][T14098] FAULT_INJECTION: forcing a failure.
[  236.847078][T14098] name failslab, interval 1, probability 0, space 0, times 0
[  237.019083][T14098] CPU: 1 UID: 0 PID: 14098 Comm: syz.2.3779 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  237.019110][T14098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  237.019122][T14098] Call Trace:
[  237.019128][T14098]  <TASK>
[  237.019136][T14098]  __dump_stack+0x1d/0x30
[  237.019155][T14098]  dump_stack_lvl+0xe8/0x140
[  237.019224][T14098]  dump_stack+0x15/0x1b
[  237.019282][T14098]  should_fail_ex+0x265/0x280
[  237.019359][T14098]  ? do_epoll_create+0x57/0x270
[  237.019380][T14098]  should_failslab+0x8c/0xb0
[  237.019401][T14098]  __kmalloc_cache_noprof+0x4c/0x320
[  237.019499][T14098]  do_epoll_create+0x57/0x270
[  237.019519][T14098]  __x64_sys_epoll_create+0x35/0x60
[  237.019537][T14098]  x64_sys_call+0x20e/0x2fb0
[  237.019556][T14098]  do_syscall_64+0xd2/0x200
[  237.019617][T14098]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  237.019641][T14098]  ? clear_bhb_loop+0x40/0x90
[  237.019659][T14098]  ? clear_bhb_loop+0x40/0x90
[  237.019679][T14098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.019750][T14098] RIP: 0033:0x7f94c890e929
[  237.019763][T14098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.019787][T14098] RSP: 002b:00007f94c6f77038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5
[  237.019819][T14098] RAX: ffffffffffffffda RBX: 00007f94c8b35fa0 RCX: 00007f94c890e929
[  237.019835][T14098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000802
[  237.019897][T14098] RBP: 00007f94c6f77090 R08: 0000000000000000 R09: 0000000000000000
[  237.019909][T14098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.019920][T14098] R13: 0000000000000000 R14: 00007f94c8b35fa0 R15: 00007ffc2fe696c8
[  237.019938][T14098]  </TASK>
[  237.022524][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.072016][T14096] loop3: detected capacity change from 0 to 1024
[  237.101469][T14103] loop0: detected capacity change from 0 to 1024
[  237.204081][T14096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.239964][T14103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.265959][T14116] 9pnet_fd: Insufficient options for proto=fd
[  237.342858][T11870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.368083][T14120] loop4: detected capacity change from 0 to 2048
[  237.401422][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.421782][T14120] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.438131][T14120] EXT4-fs error (device loop4): ext4_find_extent:939: inode #2: comm syz.4.3784: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  237.457048][T14120] EXT4-fs (loop4): Remounting filesystem read-only
[  237.536923][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.966332][T14144] xt_connbytes: Forcing CT accounting to be enabled
[  238.007768][T14140] 9pnet_fd: Insufficient options for proto=fd
[  238.105204][T14144] SELinux: syz.5.3792 (14144) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  238.306404][T14155] SELinux: syz.5.3795 (14155) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  238.374930][T14158] __nla_validate_parse: 3 callbacks suppressed
[  238.374950][T14158] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3796'.
[  238.646604][T14182] 9pnet_fd: Insufficient options for proto=fd
[  238.719908][T14169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3801'.
[  238.742850][T14169] ipvlan2: entered promiscuous mode
[  238.864636][T14188] netlink: 'syz.2.3807': attribute type 1 has an invalid length.
[  238.872554][T14188] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3807'.
[  238.894846][T14188] loop2: detected capacity change from 0 to 512
[  238.909192][T14188] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  238.923560][T14188] ext4 filesystem being mounted at /138/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  238.959430][   T29] kauditd_printk_skb: 74 callbacks suppressed
[  238.959444][   T29] audit: type=1400 audit(2000000683.742:22418): avc:  denied  { write } for  pid=14187 comm="syz.2.3807" path="/138/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  239.014204][   T29] audit: type=1400 audit(2000000683.792:22419): avc:  denied  { mounton } for  pid=14187 comm="syz.2.3807" path="/138/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  239.075323][   T29] audit: type=1400 audit(2000000683.852:22420): avc:  denied  { remove_name } for  pid=11699 comm="syz-executor" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  239.077676][T11699] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  239.098810][   T29] audit: type=1400 audit(2000000683.852:22421): avc:  denied  { rmdir } for  pid=11699 comm="syz-executor" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  239.098853][   T29] audit: type=1400 audit(2000000683.852:22422): avc:  denied  { unlink } for  pid=11699 comm="syz-executor" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  239.153553][   T29] audit: type=1400 audit(2000000683.852:22423): avc:  denied  { unlink } for  pid=11699 comm="syz-executor" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  239.176718][   T29] audit: type=1400 audit(2000000683.852:22424): avc:  denied  { unmount } for  pid=11699 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  239.196990][   T29] audit: type=1400 audit(2000000683.852:22425): avc:  denied  { unlink } for  pid=11699 comm="syz-executor" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  239.227810][T14196] loop2: detected capacity change from 0 to 128
[  239.236458][T14196] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  239.249087][T14196] ext4 filesystem being mounted at /139/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  239.301210][   T29] audit: type=1400 audit(2000000684.082:22426): avc:  denied  { ioctl } for  pid=14195 comm="syz.2.3808" path="/139/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop2" ino=12 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  239.379321][T11699] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  239.434179][T14206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3812'.
[  239.675712][T14218] xt_connbytes: Forcing CT accounting to be enabled
[  239.774644][T14223] FAULT_INJECTION: forcing a failure.
[  239.774644][T14223] name failslab, interval 1, probability 0, space 0, times 0
[  239.787374][T14223] CPU: 0 UID: 0 PID: 14223 Comm: syz.4.3817 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  239.787410][T14223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  239.787491][T14223] Call Trace:
[  239.787500][T14223]  <TASK>
[  239.787510][T14223]  __dump_stack+0x1d/0x30
[  239.787537][T14223]  dump_stack_lvl+0xe8/0x140
[  239.787562][T14223]  dump_stack+0x15/0x1b
[  239.787580][T14223]  should_fail_ex+0x265/0x280
[  239.787610][T14223]  should_failslab+0x8c/0xb0
[  239.787651][T14223]  kmem_cache_alloc_noprof+0x50/0x310
[  239.787729][T14223]  ? skb_clone+0x151/0x1f0
[  239.787812][T14223]  skb_clone+0x151/0x1f0
[  239.787836][T14223]  __netlink_deliver_tap+0x2c9/0x500
[  239.787866][T14223]  netlink_unicast+0x64c/0x670
[  239.787922][T14223]  netlink_sendmsg+0x58b/0x6b0
[  239.787943][T14223]  ? __pfx_netlink_sendmsg+0x10/0x10
[  239.788003][T14223]  __sock_sendmsg+0x142/0x180
[  239.788028][T14223]  ____sys_sendmsg+0x31e/0x4e0
[  239.788068][T14223]  ___sys_sendmsg+0x17b/0x1d0
[  239.788173][T14223]  __x64_sys_sendmsg+0xd4/0x160
[  239.788196][T14223]  x64_sys_call+0x2999/0x2fb0
[  239.788216][T14223]  do_syscall_64+0xd2/0x200
[  239.788236][T14223]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  239.788335][T14223]  ? clear_bhb_loop+0x40/0x90
[  239.788356][T14223]  ? clear_bhb_loop+0x40/0x90
[  239.788445][T14223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.788472][T14223] RIP: 0033:0x7f35fb1fe929
[  239.788492][T14223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.788514][T14223] RSP: 002b:00007f35f9867038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  239.788576][T14223] RAX: ffffffffffffffda RBX: 00007f35fb425fa0 RCX: 00007f35fb1fe929
[  239.788588][T14223] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000010
[  239.788674][T14223] RBP: 00007f35f9867090 R08: 0000000000000000 R09: 0000000000000000
[  239.788686][T14223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.788698][T14223] R13: 0000000000000000 R14: 00007f35fb425fa0 R15: 00007ffd2a94a2a8
[  239.788782][T14223]  </TASK>
[  240.016672][T14223] vlan2: entered promiscuous mode
[  240.021550][T14211] 9pnet_fd: Insufficient options for proto=fd
[  240.032009][T14218] SELinux: syz.2.3816 (14218) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  240.181640][T14233] loop3: detected capacity change from 0 to 128
[  240.191282][T14233] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  240.203599][T14233] ext4 filesystem being mounted at /164/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  240.291249][T14236] 9pnet_fd: Insufficient options for proto=fd
[  240.320022][T11870] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  240.508769][   T29] audit: type=1400 audit(2000000685.292:22427): avc:  denied  { relabelfrom } for  pid=14254 comm="syz.3.3831" name="UDP" dev="sockfs" ino=41631 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  240.508814][T14255] SELinux:  Context system_u:object_r:unconfined_execmem_exec_t:s0 is not valid (left unmapped).
[  241.051582][T14263] xt_connbytes: Forcing CT accounting to be enabled
[  241.153791][T14263] SELinux: syz.4.3834 (14263) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  241.227260][T14265] 9pnet_fd: Insufficient options for proto=fd
[  241.244870][T14273] loop4: detected capacity change from 0 to 1024
[  241.262789][T14273] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.282400][T14273] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.311147][T14273] netlink: 'syz.4.3837': attribute type 1 has an invalid length.
[  241.319077][T14273] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3837'.
[  241.442347][T14291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3845'.
[  241.563118][T14301] SELinux: syz.0.3848 (14301) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  241.724400][T12109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.792843][T14316] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3854'.
[  241.802070][T14316] bond0: invalid ARP target 0.0.0.0 specified for addition
[  241.809400][T14316] bond0: option arp_ip_target: invalid value (0)
[  241.953930][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3859'.
[  241.986176][T14329] loop0: detected capacity change from 0 to 2048
[  242.017459][T14329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.567288][T11271] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.588938][T14347] loop0: detected capacity change from 0 to 256
[  242.771740][T14352] 9pnet_fd: Insufficient options for proto=fd
[  242.994057][T14364] SELinux: syz.4.3872 (14364) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  243.121410][T14383] loop2: detected capacity change from 0 to 512
[  243.134367][T14383] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  243.146575][T14383] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.3873: iget: bad extended attribute block 512
[  243.160811][T14383] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.3873: couldn't read orphan inode 15 (err -117)
[  243.173234][T14383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.209932][T11699] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.293194][T14402] FAULT_INJECTION: forcing a failure.
[  243.293194][T14402] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  243.306431][T14402] CPU: 0 UID: 0 PID: 14402 Comm: syz.2.3883 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  243.306459][T14402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  243.306471][T14402] Call Trace:
[  243.306476][T14402]  <TASK>
[  243.306483][T14402]  __dump_stack+0x1d/0x30
[  243.306503][T14402]  dump_stack_lvl+0xe8/0x140
[  243.306543][T14402]  dump_stack+0x15/0x1b
[  243.306558][T14402]  should_fail_ex+0x265/0x280
[  243.306663][T14402]  should_fail+0xb/0x20
[  243.306707][T14402]  should_fail_usercopy+0x1a/0x20
[  243.306737][T14402]  _copy_from_user+0x1c/0xb0
[  243.306755][T14402]  ___sys_sendmsg+0xc1/0x1d0
[  243.306892][T14402]  __sys_sendmmsg+0x178/0x300
[  243.306920][T14402]  __x64_sys_sendmmsg+0x57/0x70
[  243.306936][T14402]  x64_sys_call+0x2f2f/0x2fb0
[  243.307068][T14402]  do_syscall_64+0xd2/0x200
[  243.307156][T14402]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  243.307192][T14402]  ? clear_bhb_loop+0x40/0x90
[  243.307221][T14402]  ? clear_bhb_loop+0x40/0x90
[  243.307240][T14402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.307314][T14402] RIP: 0033:0x7f94c890e929
[  243.307327][T14402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.307372][T14402] RSP: 002b:00007f94c6f77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  243.307389][T14402] RAX: ffffffffffffffda RBX: 00007f94c8b35fa0 RCX: 00007f94c890e929
[  243.307400][T14402] RDX: 0000000000000002 RSI: 0000200000000b00 RDI: 0000000000000003
[  243.307411][T14402] RBP: 00007f94c6f77090 R08: 0000000000000000 R09: 0000000000000000
[  243.307421][T14402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.307432][T14402] R13: 0000000000000000 R14: 00007f94c8b35fa0 R15: 00007ffc2fe696c8
[  243.307451][T14402]  </TASK>
[  243.554361][T14406] SELinux: syz.0.3885 (14406) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  243.569241][T14410] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3884'.
[  243.580502][T14410] IPv6: sit1: Disabled Multicast RS
[  243.586927][T14410] sit1: entered allmulticast mode
[  243.768661][T14425] ==================================================================
[  243.776836][T14425] BUG: KCSAN: data-race in call_rcu / mas_state_walk
[  243.783556][T14425] 
[  243.785899][T14425] write to 0xffff8881062a9c08 of 8 bytes by task 14418 on cpu 1:
[  243.793634][T14425]  call_rcu+0x48/0x3e0
[  243.797730][T14425]  mas_wmb_replace+0xf7a/0x14a0
[  243.802599][T14425]  mas_wr_store_entry+0x1773/0x2b50
[  243.807827][T14425]  mas_store_prealloc+0x74d/0x9e0
[  243.812880][T14425]  vma_iter_store_new+0x1c5/0x200
[  243.817926][T14425]  vma_complete+0x125/0x580
[  243.822444][T14425]  __split_vma+0x591/0x650
[  243.826887][T14425]  vma_modify+0x21e/0xc80
[  243.831236][T14425]  vma_modify_flags+0x101/0x130
[  243.836104][T14425]  mprotect_fixup+0x2cc/0x570
[  243.840800][T14425]  do_mprotect_pkey+0x6d6/0x980
[  243.845670][T14425]  __x64_sys_mprotect+0x48/0x60
[  243.850542][T14425]  x64_sys_call+0x2794/0x2fb0
[  243.855243][T14425]  do_syscall_64+0xd2/0x200
[  243.859762][T14425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.865677][T14425] 
[  243.868009][T14425] read to 0xffff8881062a9c08 of 8 bytes by task 14425 on cpu 0:
[  243.875653][T14425]  mas_state_walk+0x28f/0x650
[  243.880360][T14425]  mas_walk+0x30/0x120
[  243.884457][T14425]  lock_vma_under_rcu+0xa2/0x2f0
[  243.889422][T14425]  do_user_addr_fault+0x233/0x1090
[  243.894573][T14425]  exc_page_fault+0x62/0xa0
[  243.899103][T14425]  asm_exc_page_fault+0x26/0x30
[  243.903972][T14425] 
[  243.906309][T14425] value changed: 0x000000110c22ffff -> 0xffff8881062a9d08
[  243.913424][T14425] 
[  243.915756][T14425] Reported by Kernel Concurrency Sanitizer on:
[  243.921917][T14425] CPU: 0 UID: 0 PID: 14425 Comm: syz.3.3890 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[  243.934434][T14425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  243.944515][T14425] ==================================================================