last executing test programs:

2.171057355s ago: executing program 4 (id=4656):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000b80)='block_plug\x00', r0, 0x0, 0xffffffffffffffff}, 0xb)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ba}, 0x23)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0)
mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9)
rename(&(0x7f00000003c0)='./file1/file3\x00', &(0x7f0000000100)='./file0\x00')
listxattr(&(0x7f0000000840)='./file0\x00', &(0x7f0000002340)=""/4096, 0x1000)

2.074554937s ago: executing program 4 (id=4660):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00"], &(0x7f00000002c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')

2.058619927s ago: executing program 4 (id=4661):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r3, 0x560e, &(0x7f0000000000))
ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0)
pipe2$9p(&(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x21004a, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_fscache}]}})
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1b, 0x200001a8, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r8=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000240)={'wg2\x00', <r9=>0x0})
pipe2(&(0x7f0000000340)={<r10=>0xffffffffffffffff}, 0x800)
io_uring_register$IORING_REGISTER_FILES(r10, 0x2, &(0x7f0000000380)=[r1, r1], 0x2)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000003000128008000100687372002400028008000100", @ANYRES32=r8, @ANYBLOB="08000200", @ANYRES32=r9, @ANYBLOB="05000600000000000500030000000000"], 0x50}}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r11, 0x0, 0x178}, 0x18)
r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000)
close_range(r12, 0xffffffffffffffff, 0x0)

1.386546598s ago: executing program 0 (id=4675):
socket$inet(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000008095"], 0x0, 0x3}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x4}, 0x18)

1.190239831s ago: executing program 4 (id=4681):
r0 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x3, 0x5}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000080), 0x4)
syz_clone3(&(0x7f0000000340)={0x2020000, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4000)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRESOCT=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
write$P9_RVERSION(r4, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.u'}, 0x15)

1.033793754s ago: executing program 4 (id=4688):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r3, 0x560e, &(0x7f0000000000))
ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0)
pipe2$9p(&(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x21004a, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_fscache}]}})
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1b, 0x200001a8, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r8=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000240)={'wg2\x00', <r9=>0x0})
pipe2(&(0x7f0000000340)={<r10=>0xffffffffffffffff}, 0x800)
io_uring_register$IORING_REGISTER_FILES(r10, 0x2, &(0x7f0000000380)=[r1, r1], 0x2)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYBLOB="5000070045e9208cff9d0f52b5", @ANYRES32=0x0, @ANYBLOB="00000000000000003000128008000100687372002400028008000100", @ANYRES32=r8, @ANYBLOB="08000200", @ANYRES32=r9, @ANYBLOB="05000600000000000500030000000000"], 0x50}}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r11, 0x0, 0x178}, 0x18)
r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000)
close_range(r12, 0xffffffffffffffff, 0x0)

964.016615ms ago: executing program 2 (id=4690):
r0 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x3, 0x5}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x4c, &(0x7f0000000080), 0x4)
syz_clone3(&(0x7f0000000340)={0x2020000, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4000)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
write$P9_RVERSION(r3, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.u'}, 0x15)

942.074645ms ago: executing program 0 (id=4692):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')

924.637895ms ago: executing program 0 (id=4693):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0a04000007000000020000000400001b52de1270a672b97dbd81af21f1cd5b4f7fe33cdfd1e5ce2716c9c689e1d4f175afea4600f2fdcd5dd1376b3b570dae862bcda7c1e2f6c991187d374913b5d0197c65ac407f4afe0e1c0679197389eccddc7f208a29563c06bfe992f9cbc48e6791cc12449e305d92411b95e6b26893dca8a2bf4624e35754ef924eefaa002aa57b80e43c272e2838bbca27d562f2acdbb0f7bbe39718a26a57de18b77d8095558d254356ddc0a5455d5ca762af635efaa9afab1c620b9acbcae22a9ad0571eddd04a75064c519bf0e575e267f36e20db31f99a6e6b75f16db5899f52a6957125e6c3839f81e407a981ddedfc30f2f71870be16f73f8f4fa2a207bbb5ffa3889a9637fc0e843e68af95d40eea12e4b6d8ec5a26a0d369ef2205dd64894fb6fe85ef7ccc17e9ca1d388ee8fca78dad46cb2d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])

836.744786ms ago: executing program 2 (id=4695):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x18)
r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000004c0)='sys_enter\x00', r4, 0x0, 0xfffffffffffffffe}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000b40)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x8f00}}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@max_batch_time={'max_batch_time', 0x3d, 0x6000000}}, {@journal_dev={'journal_dev', 0x3d, 0x7fffffff}}, {@noload}]}, 0x3, 0x44a, &(0x7f0000000440)="$eJzs271vG2UYAPDn7CSlXyRU5aMfQKAgylfSpKV0YAGBxFAkJBjKGJK0CnUb1ASJVhEEhMqIKjGxIEYk/gImWBAwIbHCjipVKEsLk9HZd43t2E6dOnGpfz/p3Pe9O/d9nrt77ffujQPoW6PpSxKxKyL+iIjharV+h9HqPzdWlqb/WVmaTqJcfuvvpLLf9ZWl6XzX/H0788pAROGzJA40aXfh4qWzU6XS7IWsPr547v3xhYuXnp87N3Vm9szs+ckTJ44dnXjx+OQLXckzzev6/o/mD+57/Z0rb0yfuvLuL98lef4NeXTJaLuNT5bLXW6ut3bXlJOBHgZCR4rVbhqDlf4/HMVYPXnD8dqnPQ0O2FTlcrn8QOvNy2XgLpZEryMAeiP/ok/vf/Nli4Yed4RrL1dvgNK8b2RLdctAFLJ9Bhvub7tpNCJOLf/7dbrE5jyHAACo80M6/nmu2fivELXPhe7N5lBGIuK+iNgTEccjYm9E3B9R2ffBiHiow/YbJ0nWjn8KV2tr5aTDBtaRjv9eyua26sd/+egvRopZbXcl/8Hk9Fxp9kh2TA7H4La0PtGmjR9f/f2LVttqx3/pkrafjwWzOK4ObKt/z8zU4tTt5Fzr2icR+wca8j8ZlQm8fCYgPeT7ImL/BtuYe+bbg622rZ9/G12YZyp/E/FU9fwvR935X73Qkvbzk+P3RGn2yHh+Vaz162+X32zV/m3l3wXp+d/R9Pq/mf9IUjtfu9DJ//7V0+nr5T8/b3lPs9Hrfyh5u1IeytZ9OLW4eGEiYig5WQ26dv3k6nvzer5/mv/hQ837/55YPRIHIiK9iB+OiEci4tEs9sci4vGIONTmKPz8yhPvbTz/zZXmP9PR+V8tDEXjmuaF4tmfvq9rdKST/NPzf6xSOpytuZXPv1uJq9OrGQAAAP6vChGxK5LC2M1yoTA2Vv0b/r2xo1CaX1h89vT8B+dnqr8RGInBQv6ka7jmeehEdluf1ycb6kez58ZfFrdX6mPT86WZXicPfW5ni/6f+qvY6+iATef3WtC/9H/oX/o/9C/9H/pXk/6/vRdxAFuv2ff/xz2IA9h6Df3ftB/0Eff/0L820v99ZsDdoW1fHtq6OIAttbA91v+RvILCmkIU7ogwFDap0OtPJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO74LwAA///lI+j0")
chmod(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r0)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000d40)=[{{0x0, 0x1, 0x1}, {0x4, 0x0, 0x0, 0x1}}, {{0x0, 0x0, 0x1}, {0x2, 0x1, 0x0, 0x1}}, {{0x1, 0x1}, {0x1, 0x0, 0x1}}, {{0x0, 0x1, 0x1}, {0x3, 0x1, 0x1, 0x1}}, {{0x3, 0x1, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x1}}, {{0x3, 0x1, 0x1}, {0x4, 0x0, 0x1, 0x1}}, {{0x2, 0x0, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}, {{0x1, 0x1, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}}, {{0x1, 0x0, 0x1, 0x1}, {0x4, 0x1, 0x0, 0x1}}], 0x48)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00', <r10=>0x0})
sendmsg$GTP_CMD_NEWPDP(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x38, r8, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, r10}, @GTPA_TID={0xc, 0x3, 0x3}, @GTPA_VERSION={0x8}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000540)={'ip_vti0\x00', <r11=>r5, 0x80, 0x8, 0xf, 0x8, {{0x24, 0x4, 0x0, 0x14, 0x90, 0x66, 0x0, 0xd, 0x2f, 0x0, @remote, @multicast1, {[@noop, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0x1f, 0x8f, [@dev={0xac, 0x14, 0x14, 0x42}, @broadcast, @local, @remote, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @lsrr={0x83, 0x13, 0x4e, [@rand_addr=0x64010101, @local, @multicast2, @dev={0xac, 0x14, 0x14, 0x16}]}, @rr={0x7, 0xf, 0xd3, [@remote, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0xb}]}, @generic={0x94, 0x6, "41bf03a9"}, @noop, @cipso={0x86, 0x2e, 0x0, [{0x0, 0x2}, {0x1, 0xf, "62b9b8e2d6e0c38720f51fd020"}, {0x2, 0x9, "a2ada39ad37a06"}, {0x5, 0xe, "74a7d32864fe60a6fa6c2915"}]}]}}}}})
r12 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
connect$inet6(r0, &(0x7f0000000dc0)={0xa, 0x4e21, 0x5, @remote, 0xf9a}, 0x1c)
r14 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r14, &(0x7f0000000000)={0x1d, r13, 0x2, {0x2, 0xf0, 0x1}, 0x1}, 0x18)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r3, 0x58, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r15=>0x0}}, 0x10)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)={0x604, r6, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x234, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0xa6, 0x5, "9c0da0008c13f2ded3c3c3c402dcda544c305c5ba3beeb45cc092dd610bcb6a213501af1fcd3d3f072ce067757cd9198d95cd59e4995af4374a5c0e8f7b3f24691d0619b48a8b24d5d04fff602196f2589f35a2c3836510107a19bd308d376cf8c81a2ea989c395b596910cd37bb992d916fd102c4199096c517f0c7cfe9b14562af97e60bffc5bc505e50815e55dc1026d74c6b8e099cbc32c6243da563bc19b197"}, @ETHTOOL_A_BITSET_VALUE={0x5b, 0x4, "ef021a22e43d1a089671e1f42080934a51f80d1559a8a6b1324aad04374843b6363d229eb97c2d66792ecb5bbf263c0aaaceba41145f4f7030a84cb93f37b7b6c6cdb6145bfde767666eba4b071f442c72b588dc11ed85"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xf547}, @ETHTOOL_A_BITSET_BITS={0x50, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, 'lo\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, 'syzkaller\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9e57}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0xce, 0x5, "558ee7b51250f681b35b5e23903b8072f6121ba0a02b558e36bea11bc8860081099090a432c14373bf0ebcad25bd0768ad96b8aff06c1e5914b75c85bf27ac9227f4e28233aceb20ecc299968c8523c42ccbd902437fd5115e2e3379746e962d8d114f26750f4b10e5ebfabbc0259948ec35a2db8e46313cdfab8c36a4f8a7a67daa6bb82dbd56d3e6bd1a6e70b879954e5d1b8bfd4e13db41c55e9d191f1eafef47e6d930733be78394c847e14f6a4a32c00bba3cb548d4892659ae2fc01bda16d4ee326dc5d0851a06"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x2c4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xffffffff}, @ETHTOOL_A_BITSET_BITS={0x50, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '+\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffa25}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x12, 0x2, '@[\x05&$@!\\/+:&^\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x3d, 0x5, "ff1802a3cd00353d8eff2cf3a40216f55fc190739483e0c6bfea56994a852339e4234162b6f7f8c4ae9564d944cea95d907a6f857e59dae981"}, @ETHTOOL_A_BITSET_MASK={0x42, 0x5, "6f3a681c71b3a753bd9ab36900e854fc32d81aec19cd41cd7e2993218170e2aa73b8e2ae4db8f2b46e56fd2685e58e2f46cd1540b6c3529422b08ea343e6"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x306}, @ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_MASK={0xce, 0x5, "5b4f39d36e7bffd916beddcbc18ffe1691e6561c770c742ff520588f443e5df2a3f313d2c90d4af84aeebe3c5f6649dee12c57613c2b7a7e3a49ea1a8a269dfad5844955824b243a68ee74eda4f7dae5b16e41343d6d3ad74bc0cf3c827da2068188d7170b92f4bfaf9ab69139367bd28e8d4fc145e9c9bb3d1009bc844834d839d3819e2f41a99ecd2798ed51f97590583d37f9bf3bb7207141bc59bcc6025649b167311e15e5600c45ea9c5e54bcbd454cc74ba42c1cc154c7407b4f0eca0c7ee8ffd7148801f21872"}, @ETHTOOL_A_BITSET_MASK={0xf4, 0x5, "a5f4c25adaee96ad16fd7ad0f09dbced9da1fcfdd032c34c9c45dd015e72a5b148cbbdb9c93ad1da05ce50a5047619d9ddd0c7c18105bc0a1b7f2ed406dbadc91330d9602c1daac0f5f1d4b1b9f4fdc3e717015df75b854b1d723a4ade1c31f27ea7221042a80d6629f5d61fc4f162085257a01a39e55e641b20e08ab072ff27e2b1bfebc00093ee0fb8e13c48473efcf50520d680f37721121f562ef84043700d191ddb8d5cb258cf20807baacb2de98f7cf6e355844e27f08105b70dfde41a8cc4d8110e8737770e21ec4a8300ab7f6d9c203f0b47f9ad991fdb85e97250097a045dd596a2430e1f8c638077048dbb"}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x604}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0x4}, {0xffff, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{0x0, 0x2000000, 0x0, 0x386561e9}, [@TCA_NETEM_DELAY_DIST={0x4, 0xd}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8080)

755.719648ms ago: executing program 2 (id=4698):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r2, 0x0, 0x3904}, 0x18)
io_submit(0x0, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x6, 0xd, r2, &(0x7f0000001b80)="948601e5090c15a532613f4070758b67d1", 0x11, 0x4, 0x0, 0x3}])
r3 = syz_open_pts(0xffffffffffffffff, 0x2200)
ioctl$TCGETS(r3, 0x5401, &(0x7f0000000640))
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
setfsuid(0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x72, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{}, &(0x7f0000000400), &(0x7f00000003c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000080)=[{0x0, 0xf7, 0x4, 0x6}]}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x1, 0x2400c042)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r8 = open(&(0x7f00000001c0)='./file0\x00', 0x2ca68a110c7f0c00, 0x0)
quotactl_fd$Q_QUOTAON(r8, 0xffffffff80000200, 0x0, 0x0)
ioctl$BLKFLSBUF(r8, 0x1261, &(0x7f0000000300)=0x4)
ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0x20f})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r10, 0x0, 0x2}, 0x18)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00'})

737.147118ms ago: executing program 2 (id=4700):
creat(&(0x7f00000001c0)='./file1\x00', 0x2)
acct(&(0x7f0000000080)='./file1\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x286ca06bbee933dc, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
acct(0x0)

695.639849ms ago: executing program 2 (id=4703):
unshare(0xa000200)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000600)={0x1, "da"}, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffb}, [@alu={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0xb, r3, 0x8, 0x0, 0x0, 0x14}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='mm_page_alloc\x00', r4}, 0x18)
ioperm(0x2, 0x401, 0x317c)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6e, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000002c0)=0x1)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), r7)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r8, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20010}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)={0x5c, r9, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x24040000)
semget$private(0x0, 0x4000, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000002020702500000000002020207b1af8fb00000000bfa1000000000000070112f18b72ffffb702000000000000b703000000000000850000002d0000009583b3b1629f3d18df4f7fe6caa3648a485d8e7830b6b18745a19fcf309315e87187fea963e42a63e2c00bc562fc422723d2fcb80bc1a79dab85658f75712c6f7fc4f7567956685aac5fc0eefa0f4e2b9e4a8cb790a14f1cb88bbcfea9cfe4b8"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='mm_page_alloc\x00', r10}, 0x10)

693.905809ms ago: executing program 0 (id=4704):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd63"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

572.187801ms ago: executing program 0 (id=4708):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001300)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x82}, 0x2004400d)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xa, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(r3, 0x900)
r5 = dup3(r4, r3, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r5, &(0x7f0000001d40)=""/4095, 0xfdef)
r6 = socket$inet6(0x10, 0x3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00'}, 0x10)
sendto$inet6(r6, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r9, &(0x7f0000004200)='t', 0x1)
sendfile(r9, r8, 0x0, 0x7ffff000)

549.424621ms ago: executing program 2 (id=4709):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r2, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x10020, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x44000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

475.242692ms ago: executing program 1 (id=4711):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x18)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{0x0, 0x0, 0x0, 0x386561e9}, [@TCA_NETEM_DELAY_DIST={0x4, 0xd}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8080)

443.898523ms ago: executing program 1 (id=4713):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={0x0, r1}, 0x18)
time(0x0)

405.205644ms ago: executing program 1 (id=4714):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x4, 0x6, 0x4, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000740)=@framed={{}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000780)='GPL\x00', 0x10000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000070000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x80000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {0x6, 0xb}, {0xd, 0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xff, 0x5}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r6, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0)

404.216453ms ago: executing program 3 (id=4715):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0a04000007000000020000000400001b52de1270a672b97dbd81af21f1cd5b4f7fe33cdfd1e5ce2716c9c689e1d4f175afea4600f2fdcd5dd1376b3b570dae862bcda7c1e2f6c991187d374913b5d0197c65ac407f4afe0e1c0679197389eccddc7f208a29563c06bfe992f9cbc48e6791cc12449e305d92411b95e6b26893dca8a2bf4624e35754ef924eefaa002aa57b80e43c272e2838bbca27d562f2acdbb0f7bbe39718a26a57de18b77d8095558d254356ddc0a5455d5ca762af635efaa9afab1c620b9acbcae22a9ad0571eddd04a75064c519bf0e575e267f36e20db31f99a6e6b75f16db5899f52a6957125e6c3839f81e407a981ddedfc30f2f71870be16f73f8f4fa2a207bbb5ffa3889a9637fc0e843e68af95d40eea12e4b6d8ec5a26a0d369ef2205dd64894fb6fe85ef7ccc17e9ca1d388ee8fca78dad46cb2d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])

270.996336ms ago: executing program 1 (id=4716):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="10031400e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

269.997766ms ago: executing program 1 (id=4717):
r0 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x3, 0x5}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000080), 0x4)
syz_clone3(&(0x7f0000000340)={0x2020000, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4000)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRESOCT=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
write$P9_RVERSION(r4, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.u'}, 0x15)

181.716057ms ago: executing program 4 (id=4718):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000018150000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x2008c014)

174.185527ms ago: executing program 1 (id=4719):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001300)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x82}, 0x2004400d)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[], 0xff2e)
dup3(0xffffffffffffffff, r3, 0x80000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r5, &(0x7f0000004200)='t', 0x1)
sendfile(r5, r4, 0x0, 0x3ffff)
sendfile(r5, r4, 0x0, 0x7ffff000)

144.305648ms ago: executing program 3 (id=4720):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ba}, 0x23)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0)
mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9)
rename(&(0x7f00000003c0)='./file1/file3\x00', &(0x7f0000000100)='./file0\x00')
listxattr(&(0x7f0000000840)='./file0\x00', &(0x7f0000002340)=""/4096, 0x1000)

121.516028ms ago: executing program 0 (id=4721):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r0, &(0x7f0000001340), 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
socket$pptp(0x18, 0x1, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xf01424fae2b05261}, 0x0)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4040000)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000080)={0x0})
ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x6)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x6})
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000280)={0x0, 0x0, 0x1})
syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@mcast2, @in=@initdev}}, {{@in6=@private2}, 0x0, @in6=@local}}, &(0x7f0000000040)=0xe8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000240), 0x4)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/11], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0xe, 0x4, 0x25, &(0x7f0000000640)="8e53577a845797565db226ae26982f590560be5f1681c8c3e54c308811b14014a7e7cf1aa1cabaadd1b72f781bd1983fc601ec05f884a6dd0099fc8980ebc4b3e17d19ffdc0c0da46e914bb093b42f48d32f8f22cdb012d6e4849f9fc07993834a7e5e2311d280c2a3628c14d8cdf9f3e1801b4f09b912c7ac4d0953a65048fe54dc07caae0e6930b5e46ea7bab4c731e018a3b03a2a285f07c96b9c9254d4d4ca69296ac40596b7ff4b8957e8dba6442c2ba55b955c2e278ca8438331951758c29884d59382f7e7d0a6a094f810b22cfc70cee5b7efc5f103c9b98b05bde3134ca579ec5d390e23c30c67ebd8003ad7869ebadb6f9fd282d5a657202962ea1ad0f93a8173e2efadcc88c8ce3f9f16ac5f0623038dbfcbea6a15506ffd4990cfbed35d1064f33ccb80e0e84bfe7d2bdc437dfd482d9b049cf52fefc0b133d539c842f8cd0d8d47061c6328f104bb561cdd60c8afd4bf7a645327cff7071a9892abf743434ade8c41b5621b240dd467b9d653ec52b021f08c0d2c33c1ec48574b796a04b2fc2b733442bd99a489cc382442605e8a60ec0ce93d61fcd24af92c2b43fcaeb30ecf57850a264140f0e7b021d16571da2d71e03ce778746053f9e771a034e1e34acbf73df045e43f602ef9fa541f0d464db5ae5bcbeb01fbea4c98af8b3b83952e9b1f15f03deaff418eae539683e5d721966a07f44e28660504762b29eb504c1435956592c8d0f4cc291f869a56ff434ed5f95a98614fcfac37ad4b5a190292f5b74e167c5c340416847163bfed037c7d7cd35d4542d575e8cc38fdc9fbf3cf333487acc441e7f96768b7d676e8062c9c22ffb1118af1b2900b4ce47034db4d076c15d71779d6f69037739ef369575ac412a2718de5ea2cd54ee90ea0a66e8d1c6acec2433da54f9284881e4c666ffd37a20873ce3f4719904d7f1aa25b5f3a966d917a7b89118f867941005bd31f7b6320a53c0aa9c501b9836bfaa0308882adad33839e738c4d2d4decc8f2bc84ea9c5c93a38afa998a90a82c4dd65beabc55b7e563403993bbb0b27e78c72eebbec057fb27df5bda7c53156378bdc0edaadcb74d69537da51041ab49a357ce46e5a9435d220ed64c0189e381e21f1f2b93c646bcca0038f648df5f64aabc28feba81baa852e036e83ac2f998be0839d961b68ca0966aad2ead7623a4be9b83d7636e06b75d521c62115c518388d0b069790e8ccfcc3ad9583151a7b7abea9337680cd3577fed67e9d340210632715179bb4d00de23527531e9a9012a2c8c9eee9b282107c4f132fd578268bd506044337d8a7ea925d7f7304bd5e6695d7a6b0b34fa10d2e5a24b8019a91f0cecf79e16695af0615b9e25cdd2d5213c424e8c8239a49d3940b0d235789685986633f76f80160f91d561249e2257c8cd6eae34e54aa861a023c53c0bddb4dddec1"})
socket$nl_generic(0x10, 0x3, 0x10)

90.811959ms ago: executing program 3 (id=4722):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d000000"], &(0x7f00000002c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')

65.941319ms ago: executing program 3 (id=4723):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x48, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)

11.03126ms ago: executing program 3 (id=4724):
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r3}, 0x18)
r4 = dup(r1)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r6}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})

0s ago: executing program 3 (id=4725):
r0 = socket(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
recvfrom$inet_nvme(r0, &(0x7f0000000380)=""/165, 0xa5, 0x40000000, &(0x7f0000000500)=@generic={0x56, "28a9b66462ca64b4c2d640d33a6183cabc218178eb707f513318637a799e6af381c56cc819082f780463fdf58c3af6f890663fee56ccbca03a2447e9e268b4ef36435af36dc3d816a70f1351fd2438293afd60c2e473ac307cdace201433f4980675f33a35a67f06c6540d9d593176b105dbb642a5de6c3f347c08cf7fd0"}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r3 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000940)={&(0x7f00000005c0)="5c8846e571755f8f347a8a3b938d344f5895969df0b93b686a46fbc767fb54dcebc878c821f8a44fe6043c21dcde88af93cdeab13d6fe5f451983de10f7ad5449a29bd42c6cfd475139290a534a62252c06f4bf6cfd8e2368310c0c63eca9690f074", &(0x7f0000000700)=""/91, &(0x7f0000000780)="ac41671e98829069547af577bd49240bbcaeed0d6b03aa48e2ddd8174e3646f53777bc2c4d74b123edb25cda278ee612cbde215ac3625f5d7a2fca310617c10b705b59210d6246d2375da99123ebdc9712f8891a03b9bb3d166a571eec379e8231c8f6682f3d45227096648560b96336d3f2ad853d24ee17e4c09e61c60bd008a4d61e3a155ecdc66dceaae8284ee9", &(0x7f0000000880)="701f3141add67c287054ae16979204590c8d2e64251dda4c5ea0c3cb58f7e190c5e3c57bf935d865d0ce1933b96a6b4d0663702e3ad1eba47a0760e1a705a80e0a59bc211f22004cfd7e99ec82af6822f0f3580a1df0146e7ea29cf76c639cd7489366d339a64feaa3d0f17175cf3bf59b7293c463bfe8f3a6589acc4a8fff4902e1cd012f0f7c940d0ca378a8a6b743793c081dc161f2f9ec", 0x1, r4, 0x4}, 0x38)
getdents(r4, 0x0, 0x30)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000440)=@chain)
r5 = geteuid()
r6 = socket(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r7=>0x0}, 0x0)
chown(&(0x7f0000000100)='./file0\x00', 0x0, r7)
keyctl$chown(0x4, r3, r5, r7)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r3)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c00000010d0b8fa9ebbb46b5c6a6767f9188f47e22a1172655992020001000000080000b5c1149e00e1000a00f31a7c6ac118d3ec6caa92e2e3e06bb5efd4"], 0x28}}, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x30, r8, 0x20, 0x70bd2d, 0x25dfdbfe, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0)

kernel console output (not intermixed with test programs):

1
[  252.595945][T15578] R13: 0000000000000000 R14: 00007f6badde5fa0 R15: 00007ffd73a4a8d8
[  252.596013][T15578]  </TASK>
[  252.857441][T15581] loop2: detected capacity change from 0 to 128
[  252.871174][T15581] syz.2.3904: attempt to access beyond end of device
[  252.871174][T15581] loop2: rw=0, sector=2071, nr_sectors = 1 limit=128
[  252.910659][T15583] loop1: detected capacity change from 0 to 128
[  253.201906][T15575] vhci_hcd: connection closed
[  253.202146][ T7234] vhci_hcd: stop threads
[  253.211148][ T7234] vhci_hcd: release socket
[  253.215567][ T7234] vhci_hcd: disconnect device
[  253.216994][T15593] loop4: detected capacity change from 0 to 1024
[  253.226916][T15593] ext2: Unknown parameter 'appraise'
[  253.278133][T15601] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3911'.
[  253.287824][T15602] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3911'.
[  253.543828][T15615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.552320][T15615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.611229][   T23] vhci_hcd: vhci_device speed not set
[  253.644853][T15621] loop4: detected capacity change from 0 to 128
[  254.146566][T15627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3919'.
[  254.155804][    C0] vcan0: j1939_session_tx_dat: 0xffff888103f3b400: queue data error: -100
[  254.169033][    C0] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found
[  254.176606][    C0] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found
[  254.184172][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.191992][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.199819][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.207622][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.215443][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.223293][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.231116][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.238918][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.246754][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.254598][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.262432][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.270252][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.278082][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.285897][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.293724][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.301552][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.309382][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.317207][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.325037][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.332851][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.340692][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.348491][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.356331][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.364155][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.371979][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.379813][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.387624][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.395445][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.403283][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.411115][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.418930][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.421183][T15635] FAULT_INJECTION: forcing a failure.
[  254.421183][T15635] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  254.426754][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.426784][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.426797][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.426813][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.426825][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.441798][T15635] CPU: 1 UID: 0 PID: 15635 Comm: syz.3.3920 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  254.441843][T15635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  254.441920][T15635] Call Trace:
[  254.441927][T15635]  <TASK>
[  254.441935][T15635]  __dump_stack+0x1d/0x30
[  254.441956][T15635]  dump_stack_lvl+0xe8/0x140
[  254.441974][T15635]  dump_stack+0x15/0x1b
[  254.441990][T15635]  should_fail_ex+0x265/0x280
[  254.442018][T15635]  should_fail+0xb/0x20
[  254.442057][T15635]  should_fail_usercopy+0x1a/0x20
[  254.442085][T15635]  _copy_from_user+0x1c/0xb0
[  254.442104][T15635]  ___sys_sendmsg+0xc1/0x1d0
[  254.442147][T15635]  __x64_sys_sendmsg+0xd4/0x160
[  254.442315][T15635]  x64_sys_call+0x2999/0x2fb0
[  254.442341][T15635]  do_syscall_64+0xd2/0x200
[  254.442359][T15635]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  254.442406][T15635]  ? clear_bhb_loop+0x40/0x90
[  254.442426][T15635]  ? clear_bhb_loop+0x40/0x90
[  254.442452][T15635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.442472][T15635] RIP: 0033:0x7f54f44de9a9
[  254.442506][T15635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.442523][T15635] RSP: 002b:00007f54f2b26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  254.442542][T15635] RAX: ffffffffffffffda RBX: 00007f54f4706080 RCX: 00007f54f44de9a9
[  254.442555][T15635] RDX: 00000000000000c4 RSI: 0000200000000100 RDI: 000000000000000b
[  254.442568][T15635] RBP: 00007f54f2b26090 R08: 0000000000000000 R09: 0000000000000000
[  254.442583][T15635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  254.442595][T15635] R13: 0000000000000001 R14: 00007f54f4706080 R15: 00007ffced733c48
[  254.442614][T15635]  </TASK>
[  254.652141][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.659939][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.667740][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.675547][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.683343][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.691152][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.698944][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.706756][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.714553][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.722342][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.730143][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.737951][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.745755][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.753555][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.761379][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.769184][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.777005][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.784808][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.792603][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.800411][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.808202][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.816010][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.823827][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.831634][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.839512][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.847322][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.855147][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.862956][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.870771][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.878554][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.886359][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.894153][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.901959][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.909754][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.917548][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.925355][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.933189][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.940983][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.948787][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.956584][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.964400][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.972202][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.980044][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  254.987829][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  254.995652][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.003445][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.011246][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.019061][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.026855][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.034659][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.042488][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.050300][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.058099][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.065896][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.073709][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.081507][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.089311][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.097118][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.104920][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.112712][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.120540][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.128328][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.136163][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.143957][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.151759][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.159553][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.167356][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.175158][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.182966][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.190759][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.198551][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.201192][    C1] vcan0: j1939_tp_rxtimer: 0xffff88814fd60600: rx timeout, send abort
[  255.206340][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.206362][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.206386][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.214550][    C1] vcan0: j1939_tp_rxtimer: 0xffff88814fd60400: rx timeout, send abort
[  255.222313][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.230185][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88814fd60600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  255.237871][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.237892][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.246040][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88814fd60400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  255.253802][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.253825][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.313442][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.321244][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.329054][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.336874][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.344674][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.352486][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.360278][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.368079][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.375872][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.383682][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  255.391475][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  255.617694][T15646] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3923'.
[  255.659452][T15655] loop1: detected capacity change from 0 to 1024
[  255.666188][T15655] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  255.680758][T15655] syzkaller0: entered promiscuous mode
[  255.686264][T15655] syzkaller0: entered allmulticast mode
[  255.764055][T15664] loop1: detected capacity change from 0 to 1024
[  255.781680][T15664] ext2: Unknown parameter 'appraise'
[  255.871768][T15668] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  255.878387][T15668] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  255.886117][T15668] vhci_hcd vhci_hcd.0: Device attached
[  255.919483][ T3365] usb 1-1: enqueue for inactive port 0
[  255.925155][ T3365] usb 1-1: enqueue for inactive port 0
[  256.013698][ T3365] vhci_hcd: vhci_device speed not set
[  256.099340][T15693] loop3: detected capacity change from 0 to 128
[  256.110850][T15693] bio_check_eod: 18 callbacks suppressed
[  256.110860][T15693] syz.3.3941: attempt to access beyond end of device
[  256.110860][T15693] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128
[  256.130334][T15693] syz.3.3941: attempt to access beyond end of device
[  256.130334][T15693] loop3: rw=2049, sector=169, nr_sectors = 16 limit=128
[  256.144047][ T3386] usb 9-1: new low-speed USB device number 3 using vhci_hcd
[  256.144264][T15693] syz.3.3941: attempt to access beyond end of device
[  256.144264][T15693] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128
[  256.165090][T15693] syz.3.3941: attempt to access beyond end of device
[  256.165090][T15693] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128
[  256.178586][T15693] syz.3.3941: attempt to access beyond end of device
[  256.178586][T15693] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128
[  256.192197][T15693] syz.3.3941: attempt to access beyond end of device
[  256.192197][T15693] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128
[  256.205699][ T7249] kworker/u8:58: attempt to access beyond end of device
[  256.205699][ T7249] loop3: rw=1, sector=273, nr_sectors = 8 limit=128
[  256.219157][T15693] syz.3.3941: attempt to access beyond end of device
[  256.219157][T15693] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128
[  256.232625][T15693] syz.3.3941: attempt to access beyond end of device
[  256.232625][T15693] loop3: rw=2049, sector=297, nr_sectors = 1 limit=128
[  256.232704][ T7249] kworker/u8:58: attempt to access beyond end of device
[  256.232704][ T7249] loop3: rw=1, sector=289, nr_sectors = 8 limit=128
[  256.291077][T15701] lo speed is unknown, defaulting to 1000
[  256.499636][T15712] FAULT_INJECTION: forcing a failure.
[  256.499636][T15712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  256.512770][T15712] CPU: 0 UID: 0 PID: 15712 Comm: syz.0.3947 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  256.512795][T15712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.512857][T15712] Call Trace:
[  256.512864][T15712]  <TASK>
[  256.512873][T15712]  __dump_stack+0x1d/0x30
[  256.512894][T15712]  dump_stack_lvl+0xe8/0x140
[  256.512918][T15712]  dump_stack+0x15/0x1b
[  256.512935][T15712]  should_fail_ex+0x265/0x280
[  256.513009][T15712]  should_fail+0xb/0x20
[  256.513034][T15712]  should_fail_usercopy+0x1a/0x20
[  256.513110][T15712]  _copy_to_user+0x20/0xa0
[  256.513140][T15712]  simple_read_from_buffer+0xb5/0x130
[  256.513169][T15712]  proc_fail_nth_read+0x100/0x140
[  256.513194][T15712]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  256.513264][T15712]  vfs_read+0x19d/0x6f0
[  256.513290][T15712]  ? __rcu_read_unlock+0x4f/0x70
[  256.513312][T15712]  ? __fget_files+0x184/0x1c0
[  256.513332][T15712]  ksys_read+0xda/0x1a0
[  256.513419][T15712]  __x64_sys_read+0x40/0x50
[  256.513447][T15712]  x64_sys_call+0x2d77/0x2fb0
[  256.513469][T15712]  do_syscall_64+0xd2/0x200
[  256.513525][T15712]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  256.513549][T15712]  ? clear_bhb_loop+0x40/0x90
[  256.513567][T15712]  ? clear_bhb_loop+0x40/0x90
[  256.513588][T15712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.513609][T15712] RIP: 0033:0x7f5be542d3bc
[  256.513675][T15712] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  256.513756][T15712] RSP: 002b:00007f5be3a97030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  256.513772][T15712] RAX: ffffffffffffffda RBX: 00007f5be5655fa0 RCX: 00007f5be542d3bc
[  256.513783][T15712] RDX: 000000000000000f RSI: 00007f5be3a970a0 RDI: 0000000000000004
[  256.513858][T15712] RBP: 00007f5be3a97090 R08: 0000000000000000 R09: 0000000000000000
[  256.513871][T15712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.513884][T15712] R13: 0000000000000000 R14: 00007f5be5655fa0 R15: 00007ffc2da103a8
[  256.513901][T15712]  </TASK>
[  256.749544][T15669] vhci_hcd: connection reset by peer
[  256.783879][ T7234] vhci_hcd: stop threads
[  256.788154][ T7234] vhci_hcd: release socket
[  256.792616][ T7234] vhci_hcd: disconnect device
[  257.354262][T15753] lo speed is unknown, defaulting to 1000
[  257.396989][T15755] lo speed is unknown, defaulting to 1000
[  257.600898][T15774] netlink: 'syz.0.3971': attribute type 1 has an invalid length.
[  257.730783][T15782] lo speed is unknown, defaulting to 1000
[  257.747803][T15784] loop3: detected capacity change from 0 to 512
[  257.755586][T15784] ext4: Unknown parameter 'smackfsdef'
[  257.770433][T15788] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  257.776973][T15788] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  257.784688][T15788] vhci_hcd vhci_hcd.0: Device attached
[  257.824886][T15792] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  258.051723][T15783] syz.3.3974 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  258.062728][ T3365] usb 1-1: new low-speed USB device number 11 using vhci_hcd
[  258.070210][T15783] CPU: 0 UID: 0 PID: 15783 Comm: syz.3.3974 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  258.070236][T15783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  258.070306][T15783] Call Trace:
[  258.070313][T15783]  <TASK>
[  258.070321][T15783]  __dump_stack+0x1d/0x30
[  258.070339][T15783]  dump_stack_lvl+0xe8/0x140
[  258.070356][T15783]  dump_stack+0x15/0x1b
[  258.070420][T15783]  dump_header+0x81/0x220
[  258.070449][T15783]  oom_kill_process+0x334/0x3f0
[  258.070478][T15783]  out_of_memory+0x979/0xb80
[  258.070528][T15783]  try_charge_memcg+0x5e6/0x9e0
[  258.070566][T15783]  charge_memcg+0x51/0xc0
[  258.070593][T15783]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  258.070620][T15783]  __read_swap_cache_async+0x1df/0x350
[  258.070663][T15783]  swap_cluster_readahead+0x277/0x3e0
[  258.070695][T15783]  swapin_readahead+0xde/0x6f0
[  258.070723][T15783]  ? __filemap_get_folio+0x4f7/0x6b0
[  258.070793][T15783]  ? __rcu_read_unlock+0x34/0x70
[  258.070812][T15783]  ? swap_cache_get_folio+0x77/0x200
[  258.070908][T15783]  do_swap_page+0x301/0x2430
[  258.070928][T15783]  ? css_rstat_updated+0xcd/0x5b0
[  258.070956][T15783]  ? __pfx_default_wake_function+0x10/0x10
[  258.070977][T15783]  handle_mm_fault+0x9a5/0x2be0
[  258.071008][T15783]  ? mas_walk+0xf2/0x120
[  258.071036][T15783]  do_user_addr_fault+0x636/0x1090
[  258.071068][T15783]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  258.071174][T15783]  exc_page_fault+0x62/0xa0
[  258.071202][T15783]  asm_exc_page_fault+0x26/0x30
[  258.071285][T15783] RIP: 0033:0x7f54f43b542e
[  258.071301][T15783] Code: 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00 00 e8 18 c4 ff ff 48 39 eb 75 df 0f 1f 00 8b 05 86 27 35 00 85 c0 0f 8e a3 fd ff ff <e8> 3d 9f fe ff 49 39 c4 73 a0 48 8d 1d 61 0b 35 00 83 3d 66 27 35
[  258.071318][T15783] RSP: 002b:00007ffced733db0 EFLAGS: 00010202
[  258.071372][T15783] RAX: 0000000000000001 RBX: 00007f54f4707ba0 RCX: 0000000000000000
[  258.071412][T15783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055558f821808
[  258.071423][T15783] RBP: 00007f54f4707ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  258.071434][T15783] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000003f1fe
[  258.071445][T15783] R13: 00007f54f4706080 R14: ffffffffffffffff R15: 00007ffced733ec0
[  258.071510][T15783]  </TASK>
[  258.071517][T15783] memory: usage 284320kB, limit 307200kB, failcnt 1696
[  258.297489][T15783] memory+swap: usage 1104kB, limit 9007199254740988kB, failcnt 0
[  258.297504][T15783] kmem: usage 536kB, limit 9007199254740988kB, failcnt 0
[  258.297517][T15783] Memory cgroup stats for /syz3:
[  258.297835][T15783] cache 131072
[  258.320742][T15783] rss 32768
[  258.323894][T15783] shmem 0
[  258.326828][T15783] mapped_file 65536
[  258.330650][T15783] dirty 0
[  258.333580][T15783] writeback 0
[  258.336886][T15783] workingset_refault_anon 360
[  258.341581][T15783] workingset_refault_file 863
[  258.346476][T15783] swap 188416
[  258.349958][T15783] swapcached 20480
[  258.353739][T15783] pgpgin 274854
[  258.357203][T15783] pgpgout 274813
[  258.360767][T15783] pgfault 293556
[  258.364480][T15783] pgmajfault 235
[  258.368174][T15783] inactive_anon 0
[  258.371873][T15783] active_anon 36864
[  258.375668][T15783] inactive_file 0
[  258.379298][T15783] active_file 131072
[  258.383273][T15783] unevictable 0
[  258.386783][T15783] hierarchical_memory_limit 314572800
[  258.392217][T15783] hierarchical_memsw_limit 9223372036854771712
[  258.398342][T15783] total_cache 131072
[  258.402305][T15783] total_rss 32768
[  258.405939][T15783] total_shmem 0
[  258.409414][T15783] total_mapped_file 65536
[  258.413647][T15803] lo speed is unknown, defaulting to 1000
[  258.413780][T15783] total_dirty 0
[  258.413788][T15783] total_writeback 0
[  258.413794][T15783] total_workingset_refault_anon 360
[  258.413801][T15783] total_workingset_refault_file 863
[  258.413815][T15783] total_swap 188416
[  258.413821][T15783] total_swapcached 20480
[  258.413827][T15783] total_pgpgin 274854
[  258.413834][T15783] total_pgpgout 274813
[  258.413840][T15783] total_pgfault 293556
[  258.413846][T15783] total_pgmajfault 235
[  258.461466][T15783] total_inactive_anon 0
[  258.465623][T15783] total_active_anon 36864
[  258.469980][T15783] total_inactive_file 0
[  258.474276][T15783] total_active_file 131072
[  258.478762][T15783] total_unevictable 0
[  258.482782][T15783] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.3974,pid=15783,uid=0
[  258.491879][T15789] vhci_hcd: connection reset by peer
[  258.497452][T15783] Memory cgroup out of memory: Killed process 15783 (syz.3.3974) total-vm:95808kB, anon-rss:944kB, file-rss:22564kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  258.509292][ T7239] vhci_hcd: stop threads
[  258.524074][ T7239] vhci_hcd: release socket
[  258.528483][ T7239] vhci_hcd: disconnect device
[  258.534498][T15802] loop1: detected capacity change from 0 to 128
[  258.600142][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  258.600157][   T29] audit: type=1107 audit(1753126726.113:8193): pid=15799 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  258.630520][T15807] lo speed is unknown, defaulting to 1000
[  258.855284][T15821] lo speed is unknown, defaulting to 1000
[  259.084820][   T29] audit: type=1326 audit(1753126726.593:8194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.0.3990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.168021][   T29] audit: type=1326 audit(1753126726.593:8195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.0.3990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.191619][   T29] audit: type=1326 audit(1753126726.623:8196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.0.3990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.215081][   T29] audit: type=1326 audit(1753126726.623:8197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15842 comm="syz.0.3990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.316154][T15854] lo speed is unknown, defaulting to 1000
[  259.502953][T15867] FAULT_INJECTION: forcing a failure.
[  259.502953][T15867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.516034][T15867] CPU: 1 UID: 0 PID: 15867 Comm: syz.3.4000 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  259.516058][T15867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.516083][T15867] Call Trace:
[  259.516089][T15867]  <TASK>
[  259.516095][T15867]  __dump_stack+0x1d/0x30
[  259.516113][T15867]  dump_stack_lvl+0xe8/0x140
[  259.516131][T15867]  dump_stack+0x15/0x1b
[  259.516152][T15867]  should_fail_ex+0x265/0x280
[  259.516179][T15867]  should_fail+0xb/0x20
[  259.516199][T15867]  should_fail_usercopy+0x1a/0x20
[  259.516298][T15867]  _copy_from_user+0x1c/0xb0
[  259.516333][T15867]  kstrtouint_from_user+0x69/0xf0
[  259.516358][T15867]  ? 0xffffffff81000000
[  259.516371][T15867]  ? selinux_file_permission+0x1e4/0x320
[  259.516396][T15867]  proc_fail_nth_write+0x50/0x160
[  259.516461][T15867]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  259.516602][T15867]  vfs_write+0x269/0x8e0
[  259.516627][T15867]  ? vfs_read+0x47f/0x6f0
[  259.516728][T15867]  ? __rcu_read_unlock+0x4f/0x70
[  259.516749][T15867]  ? __fget_files+0x184/0x1c0
[  259.516798][T15867]  ? __pfx_vlan_ioctl_handler+0x10/0x10
[  259.516865][T15867]  ksys_write+0xda/0x1a0
[  259.516893][T15867]  __x64_sys_write+0x40/0x50
[  259.516917][T15867]  x64_sys_call+0x2cdd/0x2fb0
[  259.516946][T15867]  do_syscall_64+0xd2/0x200
[  259.516962][T15867]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  259.516988][T15867]  ? clear_bhb_loop+0x40/0x90
[  259.517009][T15867]  ? clear_bhb_loop+0x40/0x90
[  259.517068][T15867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.517087][T15867] RIP: 0033:0x7f54f44dd45f
[  259.517102][T15867] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  259.517120][T15867] RSP: 002b:00007f54f2b47030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  259.517190][T15867] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54f44dd45f
[  259.517201][T15867] RDX: 0000000000000001 RSI: 00007f54f2b470a0 RDI: 0000000000000007
[  259.517211][T15867] RBP: 00007f54f2b47090 R08: 0000000000000000 R09: 0000000000000000
[  259.517224][T15867] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  259.517238][T15867] R13: 0000000000000000 R14: 00007f54f4705fa0 R15: 00007ffced733c48
[  259.517257][T15867]  </TASK>
[  259.530748][   T29] audit: type=1326 audit(1753126727.043:8198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15868 comm="syz.0.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.737626][T15878] loop1: detected capacity change from 0 to 2048
[  259.739269][   T29] audit: type=1326 audit(1753126727.043:8199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15868 comm="syz.0.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.741665][   T29] audit: type=1326 audit(1753126727.093:8200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15868 comm="syz.0.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.819225][   T29] audit: type=1326 audit(1753126727.093:8201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15868 comm="syz.0.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.842727][   T29] audit: type=1326 audit(1753126727.093:8202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15868 comm="syz.0.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  259.900931][T15878] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  260.295917][T15903] lo speed is unknown, defaulting to 1000
[  260.360124][T15910] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  260.610587][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.626980][T15933] loop2: detected capacity change from 0 to 164
[  261.104567][T15994] loop2: detected capacity change from 0 to 1024
[  261.126497][T15994] ext2: Unknown parameter 'appraise'
[  261.199730][ T3386] usb 9-1: enqueue for inactive port 0
[  261.205289][ T3386] usb 9-1: enqueue for inactive port 0
[  261.333568][ T3386] vhci_hcd: vhci_device speed not set
[  261.349355][T16016] Falling back ldisc for ttyS3.
[  261.386559][T16023] lo speed is unknown, defaulting to 1000
[  261.792490][T16028] loop4: detected capacity change from 0 to 512
[  261.839037][   T10] page_pool_release_retry() stalled pool shutdown: id 43, 1 inflight 60 sec
[  262.012630][T16042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4037'.
[  262.099196][T16045] Falling back ldisc for ttyS3.
[  262.275727][T16058] IPv6: Can't replace route, no match found
[  262.283703][T16058] netlink: '+}[@': attribute type 13 has an invalid length.
[  262.337694][T16058] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  262.403499][T16069] loop2: detected capacity change from 0 to 512
[  262.421303][T16074] loop1: detected capacity change from 0 to 128
[  262.430342][T16069] ext4: Unknown parameter 'smackfsdef'
[  262.453425][T16074] bio_check_eod: 11 callbacks suppressed
[  262.453440][T16074] syz.1.4049: attempt to access beyond end of device
[  262.453440][T16074] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[  262.529029][T16074] syz.1.4049: attempt to access beyond end of device
[  262.529029][T16074] loop1: rw=2049, sector=169, nr_sectors = 16 limit=128
[  262.556035][T16078] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  262.624515][T16074] syz.1.4049: attempt to access beyond end of device
[  262.624515][T16074] loop1: rw=2049, sector=193, nr_sectors = 8 limit=128
[  262.719015][T16074] syz.1.4049: attempt to access beyond end of device
[  262.719015][T16074] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128
[  262.735320][T16074] syz.1.4049: attempt to access beyond end of device
[  262.735320][T16074] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128
[  262.787906][T16074] syz.1.4049: attempt to access beyond end of device
[  262.787906][T16074] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128
[  262.819024][T16074] syz.1.4049: attempt to access beyond end of device
[  262.819024][T16074] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128
[  262.852865][T16074] syz.1.4049: attempt to access beyond end of device
[  262.852865][T16074] loop1: rw=2049, sector=273, nr_sectors = 8 limit=128
[  262.886783][T16074] syz.1.4049: attempt to access beyond end of device
[  262.886783][T16074] loop1: rw=2049, sector=289, nr_sectors = 9 limit=128
[  263.041520][T16067] syz.2.4046 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  263.052559][T16067] CPU: 0 UID: 0 PID: 16067 Comm: syz.2.4046 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  263.052618][T16067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.052633][T16067] Call Trace:
[  263.052639][T16067]  <TASK>
[  263.052646][T16067]  __dump_stack+0x1d/0x30
[  263.052739][T16067]  dump_stack_lvl+0xe8/0x140
[  263.052759][T16067]  dump_stack+0x15/0x1b
[  263.052776][T16067]  dump_header+0x81/0x220
[  263.052804][T16067]  oom_kill_process+0x334/0x3f0
[  263.052848][T16067]  out_of_memory+0x979/0xb80
[  263.052877][T16067]  try_charge_memcg+0x5e6/0x9e0
[  263.052923][T16067]  charge_memcg+0x51/0xc0
[  263.053027][T16067]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  263.053058][T16067]  __read_swap_cache_async+0x1df/0x350
[  263.053106][T16067]  swap_cluster_readahead+0x277/0x3e0
[  263.053138][T16067]  swapin_readahead+0xde/0x6f0
[  263.053202][T16067]  ? __filemap_get_folio+0x4f7/0x6b0
[  263.053238][T16067]  ? __rcu_read_unlock+0x34/0x70
[  263.053260][T16067]  ? swap_cache_get_folio+0x77/0x200
[  263.053362][T16067]  do_swap_page+0x301/0x2430
[  263.053380][T16067]  ? css_rstat_updated+0xcd/0x5b0
[  263.053424][T16067]  ? __pfx_default_wake_function+0x10/0x10
[  263.053449][T16067]  handle_mm_fault+0x9a5/0x2be0
[  263.053472][T16067]  ? mas_walk+0xf2/0x120
[  263.053609][T16067]  do_user_addr_fault+0x636/0x1090
[  263.053645][T16067]  exc_page_fault+0x62/0xa0
[  263.053673][T16067]  asm_exc_page_fault+0x26/0x30
[  263.053744][T16067] RIP: 0033:0x7f6bada953fc
[  263.053758][T16067] Code: 66 0f 1f 44 00 00 69 3d b6 02 e8 00 e8 03 00 00 48 8d 1d b7 0b 35 00 e8 12 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00
[  263.053776][T16067] RSP: 002b:00007ffd73a4aa40 EFLAGS: 00010283
[  263.053793][T16067] RAX: 0000000000000000 RBX: 00007f6badde6080 RCX: 0000000000000000
[  263.053818][T16067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555594cfb808
[  263.053831][T16067] RBP: 00007f6badde7ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  263.053845][T16067] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000040427
[  263.053857][T16067] R13: 00007f6badde6080 R14: ffffffffffffffff R15: 00007ffd73a4ab50
[  263.053876][T16067]  </TASK>
[  263.053883][T16067] memory: usage 302780kB, limit 307200kB, failcnt 12185
[  263.134137][ T3365] usb 1-1: enqueue for inactive port 0
[  263.138861][T16067] memory+swap: usage 86660kB, limit 9007199254740988kB, failcnt 0
[  263.159049][ T3365] usb 1-1: enqueue for inactive port 0
[  263.163962][T16067] kmem: usage 76608kB, limit 9007199254740988kB, failcnt 0
[  263.249015][ T3365] vhci_hcd: vhci_device speed not set
[  263.255671][T16067] Memory cgroup stats for 
[  263.285891][T16091] loop4: detected capacity change from 0 to 8192
[  263.286927][T16067] /syz2
[  263.293507][T16091] FAT-fs (loop4): bogus number of reserved sectors
[  263.299472][T16067] :
[  263.300159][T16067] cache 4096
[  263.304891][T16091] FAT-fs (loop4): Can't find a valid FAT filesystem
[  263.309298][T16067] rss 8192
[  263.309307][T16067] shmem 0
[  263.343438][T16067] mapped_file 4096
[  263.347208][T16067] dirty 0
[  263.350193][T16067] writeback 0
[  263.353469][T16067] workingset_refault_anon 1292
[  263.358304][T16067] workingset_refault_file 503
[  263.363118][T16067] swap 196608
[  263.366575][T16067] swapcached 8192
[  263.370493][T16067] pgpgin 338364
[  263.374128][T16067] pgpgout 338359
[  263.376617][T16096] loop4: detected capacity change from 0 to 512
[  263.377656][T16067] pgfault 370044
[  263.377664][T16067] pgmajfault 305
[  263.377672][T16067] inactive_anon 0
[  263.384878][T16096] journal_path: Lookup failure for './file0/../file0'
[  263.387430][T16067] active_anon 12288
[  263.387439][T16067] inactive_file 0
[  263.387446][T16067] active_file 8192
[  263.391001][T16096] EXT4-fs: error: could not find journal device path
[  263.394607][T16067] unevictable 0
[  263.394616][T16067] hierarchical_memory_limit 314572800
[  263.394624][T16067] hierarchical_memsw_limit 9223372036854771712
[  263.394633][T16067] total_cache 4096
[  263.438915][T16067] total_rss 8192
[  263.438923][T16100] FAULT_INJECTION: forcing a failure.
[  263.438923][T16100] name failslab, interval 1, probability 0, space 0, times 0
[  263.438945][T16100] CPU: 1 UID: 0 PID: 16100 Comm: syz.4.4059 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  263.438994][T16100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.439006][T16100] Call Trace:
[  263.439013][T16100]  <TASK>
[  263.439019][T16100]  __dump_stack+0x1d/0x30
[  263.439060][T16100]  dump_stack_lvl+0xe8/0x140
[  263.439078][T16100]  dump_stack+0x15/0x1b
[  263.439094][T16100]  should_fail_ex+0x265/0x280
[  263.439121][T16100]  should_failslab+0x8c/0xb0
[  263.439141][T16100]  __kvmalloc_node_noprof+0x123/0x4e0
[  263.439185][T16100]  ? xt_alloc_table_info+0x3b/0x80
[  263.439212][T16100]  ? should_fail_ex+0xdb/0x280
[  263.439239][T16100]  xt_alloc_table_info+0x3b/0x80
[  263.439328][T16100]  do_ip6t_set_ctl+0x5a5/0x840
[  263.439352][T16100]  ? kstrtoull+0x111/0x140
[  263.439376][T16100]  ? __rcu_read_unlock+0x4f/0x70
[  263.439461][T16100]  nf_setsockopt+0x196/0x1b0
[  263.439482][T16100]  ipv6_setsockopt+0x11a/0x130
[  263.439504][T16100]  tcp_setsockopt+0x95/0xb0
[  263.439533][T16100]  sock_common_setsockopt+0x69/0x80
[  263.439558][T16100]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  263.439657][T16100]  __sys_setsockopt+0x184/0x200
[  263.439686][T16100]  __x64_sys_setsockopt+0x64/0x80
[  263.439776][T16100]  x64_sys_call+0x2bd5/0x2fb0
[  263.439797][T16100]  do_syscall_64+0xd2/0x200
[  263.439815][T16100]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  263.439839][T16100]  ? clear_bhb_loop+0x40/0x90
[  263.439895][T16100]  ? clear_bhb_loop+0x40/0x90
[  263.439949][T16100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.439969][T16100] RIP: 0033:0x7fc2c05ee9a9
[  263.440064][T16100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.440159][T16100] RSP: 002b:00007fc2bec57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  263.440177][T16100] RAX: ffffffffffffffda RBX: 00007fc2c0815fa0 RCX: 00007fc2c05ee9a9
[  263.440190][T16100] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006
[  263.440202][T16100] RBP: 00007fc2bec57090 R08: 0000000000000518 R09: 0000000000000000
[  263.440214][T16100] R10: 0000200000000b40 R11: 0000000000000246 R12: 0000000000000001
[  263.440226][T16100] R13: 0000000000000000 R14: 00007fc2c0815fa0 R15: 00007fffe53acd98
[  263.440243][T16100]  </TASK>
[  263.567990][T16104] loop3: detected capacity change from 0 to 512
[  263.569279][T16067] total_shmem 0
[  263.575275][T16104] ext4: Unknown parameter 'smackfsdef'
[  263.578880][T16067] total_mapped_file 4096
[  263.578889][T16067] total_dirty 0
[  263.646513][T16105] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  263.653379][T16067] total_writeback 0
[  263.653388][T16067] total_workingset_refault_anon 1292
[  263.653396][T16067] total_workingset_refault_file 503
[  263.653403][T16067] total_swap 196608
[  263.653410][T16067] total_swapcached 8192
[  263.653417][T16067] total_pgpgin 338364
[  263.653424][T16067] total_pgpgout 338359
[  263.653431][T16067] total_pgfault 370044
[  263.653439][T16067] total_pgmajfault 305
[  263.748821][T16067] total_inactive_anon 0
[  263.752991][T16067] total_active_anon 12288
[  263.757388][T16067] total_inactive_file 0
[  263.761641][T16067] total_active_file 8192
[  263.766048][T16067] total_unevictable 0
[  263.770038][T16067] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.4046,pid=16067,uid=0
[  263.784750][T16067] Memory cgroup out of memory: Killed process 16067 (syz.2.4046) total-vm:93760kB, anon-rss:944kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  264.214377][T12614] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  264.225402][T12614] CPU: 1 UID: 0 PID: 12614 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  264.225427][T12614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  264.225438][T12614] Call Trace:
[  264.225444][T12614]  <TASK>
[  264.225506][T12614]  __dump_stack+0x1d/0x30
[  264.225527][T12614]  dump_stack_lvl+0xe8/0x140
[  264.225547][T12614]  dump_stack+0x15/0x1b
[  264.225599][T12614]  dump_header+0x81/0x220
[  264.225624][T12614]  oom_kill_process+0x334/0x3f0
[  264.225765][T12614]  out_of_memory+0x979/0xb80
[  264.225791][T12614]  try_charge_memcg+0x5e6/0x9e0
[  264.225829][T12614]  charge_memcg+0x51/0xc0
[  264.225904][T12614]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  264.225933][T12614]  __read_swap_cache_async+0x1df/0x350
[  264.226021][T12614]  swap_cluster_readahead+0x277/0x3e0
[  264.226053][T12614]  swapin_readahead+0xde/0x6f0
[  264.226080][T12614]  ? __filemap_get_folio+0x4f7/0x6b0
[  264.226178][T12614]  ? __rcu_read_unlock+0x34/0x70
[  264.226199][T12614]  ? swap_cache_get_folio+0x77/0x200
[  264.226223][T12614]  do_swap_page+0x301/0x2430
[  264.226250][T12614]  ? css_rstat_updated+0xcd/0x5b0
[  264.226305][T12614]  ? __pfx_default_wake_function+0x10/0x10
[  264.226329][T12614]  handle_mm_fault+0x9a5/0x2be0
[  264.226347][T12614]  ? mas_walk+0xf2/0x120
[  264.226382][T12614]  do_user_addr_fault+0x636/0x1090
[  264.226415][T12614]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  264.226441][T12614]  exc_page_fault+0x62/0xa0
[  264.226472][T12614]  asm_exc_page_fault+0x26/0x30
[  264.226488][T12614] RIP: 0033:0x7f54f5244b91
[  264.226502][T12614] Code: 49 81 f8 00 ca 9a 3b 72 1c 31 d2 49 81 c0 00 36 65 c4 4c 89 45 c0 ff c2 49 81 f8 ff c9 9a 3b 77 ea 89 d2 eb 02 31 d2 48 01 ca <48> 89 16 4c 89 46 08 48 83 c4 48 5b 41 5c 41 5d 41 5e 41 5f 5d c3
[  264.226518][T12614] RSP: 002b:00007ffced733f40 EFLAGS: 00010202
[  264.226615][T12614] RAX: 0000000000000000 RBX: 00007f54f523e038 RCX: 0000000000000108
[  264.226628][T12614] RDX: 0000000000000108 RSI: 00007ffced734060 RDI: 0000000000000001
[  264.226639][T12614] RBP: 00007ffced733fb0 R08: 00000000058fe1e7 R09: 7fffffffffffffff
[  264.226650][T12614] R10: 3fffffffffffffff R11: 0000000000000202 R12: 4000000000000000
[  264.226661][T12614] R13: 0000000000000010 R14: 00007f54f523e000 R15: 000000000000c04c
[  264.226727][T12614]  </TASK>
[  264.226734][T12614] memory: usage 307200kB, limit 307200kB, failcnt 1851
[  264.452462][T12614] memory+swap: usage 840kB, limit 9007199254740988kB, failcnt 0
[  264.460098][T12614] kmem: usage 492kB, limit 9007199254740988kB, failcnt 0
[  264.467190][T12614] Memory cgroup stats for /syz3:
[  264.467924][T12614] cache 0
[  264.475858][T12614] rss 24576
[  264.479038][T12614] shmem 0
[  264.482016][T12614] mapped_file 0
[  264.485514][T12614] dirty 0
[  264.488452][T12614] writeback 24576
[  264.492092][T12614] workingset_refault_anon 379
[  264.496811][T12614] workingset_refault_file 895
[  264.501501][T12614] swap 184320
[  264.504778][T12614] swapcached 36864
[  264.508567][T12614] pgpgin 284017
[  264.512034][T12614] pgpgout 284007
[  264.515569][T12614] pgfault 303413
[  264.519129][T12614] pgmajfault 244
[  264.522663][T12614] inactive_anon 24576
[  264.526634][T12614] active_anon 16384
[  264.530441][T12614] inactive_file 0
[  264.534128][T12614] active_file 0
[  264.537585][T12614] unevictable 0
[  264.541069][T12614] hierarchical_memory_limit 314572800
[  264.546494][T12614] hierarchical_memsw_limit 9223372036854771712
[  264.552789][T12614] total_cache 0
[  264.552796][T12614] total_rss 24576
[  264.552803][T12614] total_shmem 0
[  264.552811][T12614] total_mapped_file 0
[  264.552838][T12614] total_dirty 0
[  264.552845][T12614] total_writeback 24576
[  264.552851][T12614] total_workingset_refault_anon 379
[  264.552858][T12614] total_workingset_refault_file 895
[  264.552865][T12614] total_swap 184320
[  264.552871][T12614] total_swapcached 36864
[  264.552878][T12614] total_pgpgin 284017
[  264.552884][T12614] total_pgpgout 284007
[  264.552891][T12614] total_pgfault 303413
[  264.605919][T12614] total_pgmajfault 244
[  264.610004][T12614] total_inactive_anon 24576
[  264.614609][T12614] total_active_anon 16384
[  264.618994][T12614] total_inactive_file 0
[  264.623173][T12614] total_active_file 0
[  264.627175][T12614] total_unevictable 0
[  264.631233][T12614] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.4061,pid=16103,uid=0
[  264.646837][T12614] Memory cgroup out of memory: Killed process 16103 (syz.3.4061) total-vm:95808kB, anon-rss:1072kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  264.747048][   T29] kauditd_printk_skb: 78 callbacks suppressed
[  264.747064][   T29] audit: type=1326 audit(1753126732.253:8281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.813169][   T29] audit: type=1326 audit(1753126732.253:8282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.836838][   T29] audit: type=1326 audit(1753126732.283:8283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.860364][   T29] audit: type=1326 audit(1753126732.293:8284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.883977][   T29] audit: type=1326 audit(1753126732.293:8285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.900193][T16129] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4072'.
[  264.907458][   T29] audit: type=1326 audit(1753126732.293:8286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.939802][   T29] audit: type=1326 audit(1753126732.293:8287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.963309][   T29] audit: type=1326 audit(1753126732.293:8288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  264.986831][   T29] audit: type=1326 audit(1753126732.293:8289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  265.010301][   T29] audit: type=1326 audit(1753126732.293:8290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16124 comm="syz.3.4068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  265.123439][T16135] loop1: detected capacity change from 0 to 512
[  265.254620][T16152] lo speed is unknown, defaulting to 1000
[  265.286575][T16154] Falling back ldisc for ttyS3.
[  265.410451][T16168] loop3: detected capacity change from 0 to 164
[  265.908223][T16185] loop4: detected capacity change from 0 to 512
[  265.959230][T16183] Falling back ldisc for ttyS3.
[  266.197947][T16198] lo speed is unknown, defaulting to 1000
[  266.217757][T16200] lo speed is unknown, defaulting to 1000
[  266.239272][ T3475] page_pool_release_retry() stalled pool shutdown: id 44, 1 inflight 60 sec
[  266.330369][T16207] loop1: detected capacity change from 0 to 1024
[  266.339276][T16207] EXT4-fs: Ignoring removed orlov option
[  266.348015][T16207] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.428555][T16213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4100'.
[  266.478071][T16214] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4099'.
[  266.562209][T16218] loop2: detected capacity change from 0 to 512
[  266.799088][T16237] Falling back ldisc for ttyS3.
[  266.842200][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.851792][T16239] Falling back ldisc for ttyS3.
[  267.256149][T16287] lo speed is unknown, defaulting to 1000
[  267.281221][T16293] netlink: 'syz.0.4128': attribute type 1 has an invalid length.
[  267.289305][T16283] netlink: 'syz.0.4128': attribute type 1 has an invalid length.
[  267.303311][T16283] 8021q: adding VLAN 0 to HW filter on device bond1
[  267.314747][T16283] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4128'.
[  267.523133][T16316] loop4: detected capacity change from 0 to 164
[  267.756473][T16332] loop1: detected capacity change from 0 to 128
[  267.786319][T16332] syz.1.4145: attempt to access beyond end of device
[  267.786319][T16332] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[  267.801477][T16332] syz.1.4145: attempt to access beyond end of device
[  267.801477][T16332] loop1: rw=2049, sector=169, nr_sectors = 16 limit=128
[  267.815763][T16332] syz.1.4145: attempt to access beyond end of device
[  267.815763][T16332] loop1: rw=2049, sector=193, nr_sectors = 8 limit=128
[  267.830812][T16332] syz.1.4145: attempt to access beyond end of device
[  267.830812][T16332] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128
[  267.857950][T16334] pim6reg1: entered promiscuous mode
[  267.863329][T16334] pim6reg1: entered allmulticast mode
[  267.873572][T16332] syz.1.4145: attempt to access beyond end of device
[  267.873572][T16332] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128
[  267.889554][T16332] syz.1.4145: attempt to access beyond end of device
[  267.889554][T16332] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128
[  267.903707][T16332] syz.1.4145: attempt to access beyond end of device
[  267.903707][T16332] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128
[  267.917448][T16332] syz.1.4145: attempt to access beyond end of device
[  267.917448][T16332] loop1: rw=2049, sector=273, nr_sectors = 8 limit=128
[  267.933509][T16332] syz.1.4145: attempt to access beyond end of device
[  267.933509][T16332] loop1: rw=2049, sector=289, nr_sectors = 9 limit=128
[  268.283513][T16360] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4149'.
[  268.299845][T16349] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  268.386567][T16363] loop3: detected capacity change from 0 to 512
[  268.436107][T16365] loop2: detected capacity change from 0 to 1024
[  268.443559][T16365] EXT4-fs: Ignoring removed orlov option
[  268.453433][T16365] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.587574][T16375] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4159'.
[  268.666589][T16380] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4161'.
[  268.742192][T16386] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  268.934567][T16399] lo speed is unknown, defaulting to 1000
[  268.947134][T16401] loop4: detected capacity change from 0 to 2048
[  268.974445][T11681] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.004678][T16406] loop2: detected capacity change from 0 to 128
[  269.021132][T16401] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  269.023346][T16406] syz.2.4169: attempt to access beyond end of device
[  269.023346][T16406] loop2: rw=2049, sector=145, nr_sectors = 16 limit=128
[  269.074745][T16401] EXT4-fs (loop4): shut down requested (0)
[  269.231071][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.657506][T16426] loop2: detected capacity change from 0 to 512
[  269.690303][T16426] ext4: Unknown parameter 'smackfsdef'
[  269.781081][T16433] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  269.849444][ T3475] Process accounting resumed
[  269.862237][T16435] netlink: 'syz.4.4180': attribute type 16 has an invalid length.
[  269.862722][   T29] kauditd_printk_skb: 352 callbacks suppressed
[  269.862734][   T29] audit: type=1326 audit(1753126737.373:8643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  269.870123][T16435] netlink: 'syz.4.4180': attribute type 17 has an invalid length.
[  269.908007][   T29] audit: type=1326 audit(1753126737.373:8644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  269.931745][   T29] audit: type=1326 audit(1753126737.373:8645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  269.955455][   T29] audit: type=1326 audit(1753126737.373:8646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  269.979124][   T29] audit: type=1326 audit(1753126737.373:8647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  270.002721][   T29] audit: type=1326 audit(1753126737.373:8648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  270.026420][   T29] audit: type=1326 audit(1753126737.373:8649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  270.050142][   T29] audit: type=1326 audit(1753126737.373:8650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  270.073609][   T29] audit: type=1326 audit(1753126737.373:8651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  270.097349][   T29] audit: type=1326 audit(1753126737.373:8652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16434 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc2c05ee9a9 code=0x7ffc0000
[  270.216066][T16443] lo speed is unknown, defaulting to 1000
[  270.249257][T16447] Falling back ldisc for ttyS3.
[  270.332592][T16459] loop4: detected capacity change from 0 to 1024
[  270.435675][T16459] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.469583][T16459] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  270.513619][T16475] loop1: detected capacity change from 0 to 1024
[  270.581510][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.679174][T16487] Falling back ldisc for ttyS3.
[  270.796998][T16501] lo speed is unknown, defaulting to 1000
[  271.778359][T16539] lo speed is unknown, defaulting to 1000
[  271.784241][T16532] Falling back ldisc for ttyS3.
[  271.862282][T16548] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4224'.
[  271.915606][T16555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4226'.
[  272.010554][T16570] lo speed is unknown, defaulting to 1000
[  272.111693][T16580] FAULT_INJECTION: forcing a failure.
[  272.111693][T16580] name failslab, interval 1, probability 0, space 0, times 0
[  272.124447][T16580] CPU: 0 UID: 0 PID: 16580 Comm: syz.4.4221 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  272.124475][T16580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  272.124528][T16580] Call Trace:
[  272.124534][T16580]  <TASK>
[  272.124542][T16580]  __dump_stack+0x1d/0x30
[  272.124577][T16580]  dump_stack_lvl+0xe8/0x140
[  272.124597][T16580]  dump_stack+0x15/0x1b
[  272.124615][T16580]  should_fail_ex+0x265/0x280
[  272.124644][T16580]  should_failslab+0x8c/0xb0
[  272.124700][T16580]  __kmalloc_noprof+0xa5/0x3e0
[  272.124781][T16580]  ? security_prepare_creds+0x52/0x120
[  272.124806][T16580]  security_prepare_creds+0x52/0x120
[  272.124829][T16580]  prepare_creds+0x34a/0x4c0
[  272.124883][T16580]  copy_creds+0x8f/0x3f0
[  272.124901][T16580]  copy_process+0x658/0x1f90
[  272.124923][T16580]  ? kstrtouint+0x76/0xc0
[  272.124951][T16580]  ? __rcu_read_unlock+0x4f/0x70
[  272.124981][T16580]  kernel_clone+0x16c/0x5b0
[  272.125030][T16580]  ? vfs_write+0x75e/0x8e0
[  272.125072][T16580]  __x64_sys_clone+0xe6/0x120
[  272.125175][T16580]  x64_sys_call+0x2c59/0x2fb0
[  272.125192][T16580]  do_syscall_64+0xd2/0x200
[  272.125209][T16580]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  272.125278][T16580]  ? clear_bhb_loop+0x40/0x90
[  272.125295][T16580]  ? clear_bhb_loop+0x40/0x90
[  272.125313][T16580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.125334][T16580] RIP: 0033:0x7fc2c05ee9a9
[  272.125350][T16580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.125368][T16580] RSP: 002b:00007fc2bec14fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  272.125398][T16580] RAX: ffffffffffffffda RBX: 00007fc2c0816160 RCX: 00007fc2c05ee9a9
[  272.125411][T16580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a020000
[  272.125424][T16580] RBP: 00007fc2bec15090 R08: 0000000000000000 R09: 0000000000000000
[  272.125437][T16580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  272.125450][T16580] R13: 0000000000000000 R14: 00007fc2c0816160 R15: 00007fffe53acd98
[  272.125470][T16580]  </TASK>
[  272.341971][T16577] Falling back ldisc for ttyS3.
[  272.373867][T16586] loop3: detected capacity change from 0 to 512
[  272.449568][T16595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4241'.
[  272.527188][T16607] loop3: detected capacity change from 0 to 256
[  272.549313][T16607] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4246'.
[  272.558731][T16607] xt_CONNSECMARK: invalid mode: 0
[  272.629258][T16613] Falling back ldisc for ttyS3.
[  272.680884][T16615] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16615 comm=syz.0.4251
[  272.694972][T16615] netlink: 'syz.0.4251': attribute type 1 has an invalid length.
[  272.723360][T16615] bond2: (slave bridge1): making interface the new active one
[  272.752672][T16615] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  272.775525][T16628] loop1: detected capacity change from 0 to 512
[  272.786696][T16630] loop3: detected capacity change from 0 to 128
[  272.815807][T16634] netlink: 'syz.3.4259': attribute type 10 has an invalid length.
[  272.840387][T16634] team0: Port device dummy0 added
[  272.900130][T16634] netlink: 'syz.3.4259': attribute type 10 has an invalid length.
[  272.921364][T16634] team0: Port device dummy0 removed
[  272.928355][T16634] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  272.989327][T16645] Falling back ldisc for ttyS3.
[  273.025650][T16658] loop4: detected capacity change from 0 to 128
[  273.171827][T16676] loop1: detected capacity change from 0 to 512
[  273.669518][T16698] Falling back ldisc for ttyS3.
[  273.702164][T16702] loop3: detected capacity change from 0 to 128
[  273.992213][T16721] loop1: detected capacity change from 0 to 512
[  274.054168][T16729] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4292'.
[  274.086992][T16733] loop1: detected capacity change from 0 to 128
[  274.156806][T16737] lo speed is unknown, defaulting to 1000
[  274.281723][T16751] loop2: detected capacity change from 0 to 2048
[  274.301127][T16753] lo speed is unknown, defaulting to 1000
[  274.351052][T16751] x_tables: duplicate underflow at hook 1
[  274.403430][T16760] loop2: detected capacity change from 0 to 512
[  274.464425][T16770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4304'.
[  274.734288][T16782] loop4: detected capacity change from 0 to 1024
[  274.739023][T16788] lo speed is unknown, defaulting to 1000
[  274.746617][T16782] EXT4-fs error (device loop4): __ext4_fill_super:5500: comm syz.4.4309: inode #2: comm syz.4.4309: iget: illegal inode #
[  274.769945][T16782] EXT4-fs (loop4): get root inode failed
[  274.775615][T16782] EXT4-fs (loop4): mount failed
[  274.850500][T16782] loop4: detected capacity change from 0 to 512
[  274.900449][T16782] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.914278][T16782] ext4 filesystem being mounted at /184/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  274.926702][T16782] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4309'.
[  274.953917][T16807] loop1: detected capacity change from 0 to 512
[  274.965939][T16782] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.4309: corrupted inode contents
[  274.996842][T16782] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.4309: mark_inode_dirty error
[  275.023073][T16782] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.4309: corrupted inode contents
[  275.036567][T16807] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.4316: casefold flag without casefold feature
[  275.051093][T16807] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.4316: couldn't read orphan inode 15 (err -117)
[  275.063531][T16782] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.4309: mark_inode_dirty error
[  275.077254][T16807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.105778][T16813] loop3: detected capacity change from 0 to 512
[  275.121028][   T29] kauditd_printk_skb: 750 callbacks suppressed
[  275.121041][   T29] audit: type=1400 audit(1753126742.623:9403): avc:  denied  { setopt } for  pid=16806 comm="syz.1.4316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  275.130498][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.170492][   T29] audit: type=1400 audit(1753126742.683:9404): avc:  denied  { name_connect } for  pid=16806 comm="syz.1.4316" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  275.230420][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.388326][   T29] audit: type=1326 audit(1753126742.893:9405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.427144][   T29] audit: type=1326 audit(1753126742.923:9406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.450780][   T29] audit: type=1326 audit(1753126742.923:9407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.474413][   T29] audit: type=1326 audit(1753126742.923:9408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.497931][   T29] audit: type=1326 audit(1753126742.923:9409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.521485][   T29] audit: type=1326 audit(1753126742.923:9410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.545170][   T29] audit: type=1326 audit(1753126742.923:9411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.568702][   T29] audit: type=1326 audit(1753126742.923:9412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16808 comm="syz.2.4317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6badbbe9a9 code=0x7ffc0000
[  275.703531][T16809] loop2: detected capacity change from 0 to 512
[  275.711305][T16809] ext2: Unknown parameter 'discard"errors'
[  275.881465][T16854] loop3: detected capacity change from 0 to 512
[  275.910403][T16852] lo speed is unknown, defaulting to 1000
[  276.033355][T16873] FAULT_INJECTION: forcing a failure.
[  276.033355][T16873] name failslab, interval 1, probability 0, space 0, times 0
[  276.046092][T16873] CPU: 1 UID: 0 PID: 16873 Comm: syz.2.4338 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  276.046116][T16873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  276.046192][T16873] Call Trace:
[  276.046198][T16873]  <TASK>
[  276.046205][T16873]  __dump_stack+0x1d/0x30
[  276.046223][T16873]  dump_stack_lvl+0xe8/0x140
[  276.046239][T16873]  dump_stack+0x15/0x1b
[  276.046254][T16873]  should_fail_ex+0x265/0x280
[  276.046354][T16873]  should_failslab+0x8c/0xb0
[  276.046376][T16873]  kmem_cache_alloc_noprof+0x50/0x310
[  276.046401][T16873]  ? getname_flags+0x80/0x3b0
[  276.046423][T16873]  getname_flags+0x80/0x3b0
[  276.046473][T16873]  user_path_at+0x28/0x130
[  276.046498][T16873]  do_fchownat+0xb0/0x210
[  276.046519][T16873]  __x64_sys_chown+0x47/0x60
[  276.046536][T16873]  x64_sys_call+0x800/0x2fb0
[  276.046556][T16873]  do_syscall_64+0xd2/0x200
[  276.046576][T16873]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  276.046802][T16873]  ? clear_bhb_loop+0x40/0x90
[  276.046820][T16873]  ? clear_bhb_loop+0x40/0x90
[  276.046904][T16873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.046947][T16873] RIP: 0033:0x7f6badbbe9a9
[  276.046960][T16873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.046974][T16873] RSP: 002b:00007f6bac227038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[  276.047056][T16873] RAX: ffffffffffffffda RBX: 00007f6badde5fa0 RCX: 00007f6badbbe9a9
[  276.047068][T16873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  276.047081][T16873] RBP: 00007f6bac227090 R08: 0000000000000000 R09: 0000000000000000
[  276.047095][T16873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.047108][T16873] R13: 0000000000000000 R14: 00007f6badde5fa0 R15: 00007ffd73a4a8d8
[  276.047129][T16873]  </TASK>
[  276.263784][T16876] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4339'.
[  276.296113][T16881] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  276.302743][T16881] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  276.310318][T16881] vhci_hcd vhci_hcd.0: Device attached
[  276.325995][T16886] loop4: detected capacity change from 0 to 1024
[  276.333040][T16886] EXT4-fs: Ignoring removed orlov option
[  276.347593][T16891] loop3: detected capacity change from 0 to 2048
[  276.357353][T16886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.383003][T16891] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  276.397486][T16891] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4345'.
[  276.431028][T12614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  276.467598][T16900] loop3: detected capacity change from 0 to 512
[  276.506254][T16901] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4343'.
[  276.548999][    T9] usb 3-1: new low-speed USB device number 6 using vhci_hcd
[  276.677433][T16926] lo speed is unknown, defaulting to 1000
[  276.702546][T16932] netlink: 'syz.3.4353': attribute type 21 has an invalid length.
[  276.726958][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.747759][T16932] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4353'.
[  276.756883][T16941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4355'.
[  276.860546][T16882] vhci_hcd: connection reset by peer
[  276.866000][T16948] loop2: detected capacity change from 0 to 512
[  276.872455][ T7206] vhci_hcd: stop threads
[  276.874927][T16932] team0 (unregistering): Port device team_slave_0 removed
[  276.876748][ T7206] vhci_hcd: release socket
[  276.876762][ T7206] vhci_hcd: disconnect device
[  276.902327][T16932] team0 (unregistering): Port device team_slave_1 removed
[  277.058607][T16968] loop4: detected capacity change from 0 to 2048
[  277.090258][T16968]  loop4: p1 < > p4
[  277.096483][T16975] lo speed is unknown, defaulting to 1000
[  277.102553][T16968] loop4: p4 size 8388608 extends beyond EOD, truncated
[  277.114037][T16968] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  277.135061][T16976] xt_l2tp: unknown flags: 17
[  277.170335][T16979] lo speed is unknown, defaulting to 1000
[  277.198620][T16985] loop3: detected capacity change from 0 to 512
[  277.617755][T17023] __nla_validate_parse: 2 callbacks suppressed
[  277.617771][T17023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4383'.
[  277.671892][T17025] loop4: detected capacity change from 0 to 512
[  277.703691][T17027] lo speed is unknown, defaulting to 1000
[  278.023604][T17052] loop1: detected capacity change from 0 to 512
[  278.039469][T17052] ext4: Unknown parameter 'smackfsdef'
[  278.042145][T17046] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  278.051546][T17046] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  278.059127][T17046] vhci_hcd vhci_hcd.0: Device attached
[  278.070299][T17055] loop3: detected capacity change from 0 to 128
[  278.133986][T17060] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  278.207168][T17067] loop3: detected capacity change from 0 to 1024
[  278.214689][T17067] EXT4-fs: Ignoring removed mblk_io_submit option
[  278.221330][T17067] EXT4-fs: inline encryption not supported
[  278.227678][T17067] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  278.240016][T17067] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.4400: bad orphan inode 11
[  278.252521][T17067] EXT4-fs (loop3): Remounting filesystem read-only
[  278.259105][T17067] ext4_test_bit(bit=10, block=4) = 1
[  278.264430][T17067] is_bad_inode(inode)=0
[  278.268607][T17067] NEXT_ORPHAN(inode)=3254779904
[  278.273485][T17067] max_ino=32
[  278.276681][T17067] i_nlink=0
[  278.282249][T17067] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.299588][ T3865] usb 9-1: new low-speed USB device number 4 using vhci_hcd
[  278.324072][T17067] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  278.324072][T17067]    program syz.3.4400 not setting count and/or reply_len properly
[  278.347588][T17051] syz.1.4394 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  278.358628][T17051] CPU: 0 UID: 0 PID: 17051 Comm: syz.1.4394 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  278.358691][T17051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  278.358703][T17051] Call Trace:
[  278.358711][T17051]  <TASK>
[  278.358719][T17051]  __dump_stack+0x1d/0x30
[  278.358741][T17051]  dump_stack_lvl+0xe8/0x140
[  278.358762][T17051]  dump_stack+0x15/0x1b
[  278.358779][T17051]  dump_header+0x81/0x220
[  278.358835][T17051]  oom_kill_process+0x334/0x3f0
[  278.358896][T17051]  out_of_memory+0x979/0xb80
[  278.358930][T17051]  try_charge_memcg+0x5e6/0x9e0
[  278.358969][T17051]  charge_memcg+0x51/0xc0
[  278.358992][T17051]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  278.359080][T17051]  __read_swap_cache_async+0x1df/0x350
[  278.359113][T17051]  swap_cluster_readahead+0x277/0x3e0
[  278.359140][T17051]  swapin_readahead+0xde/0x6f0
[  278.359210][T17051]  ? __filemap_get_folio+0x4f7/0x6b0
[  278.359308][T17051]  ? swap_cache_get_folio+0x77/0x200
[  278.359334][T17051]  do_swap_page+0x301/0x2430
[  278.359378][T17051]  ? css_rstat_updated+0xcd/0x5b0
[  278.359409][T17051]  ? __pfx_default_wake_function+0x10/0x10
[  278.359452][T17051]  handle_mm_fault+0x9a5/0x2be0
[  278.359482][T17051]  ? mas_walk+0xf2/0x120
[  278.359513][T17051]  do_user_addr_fault+0x636/0x1090
[  278.359607][T17051]  ? fpregs_restore_userregs+0xe2/0x1d0
[  278.359639][T17051]  ? switch_fpu_return+0xe/0x20
[  278.359660][T17051]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  278.359686][T17051]  exc_page_fault+0x62/0xa0
[  278.359714][T17051]  asm_exc_page_fault+0x26/0x30
[  278.359766][T17051] RIP: 0033:0x7f33d9dc53fc
[  278.359782][T17051] Code: 66 0f 1f 44 00 00 69 3d b6 02 e8 00 e8 03 00 00 48 8d 1d b7 0b 35 00 e8 12 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00
[  278.359797][T17051] RSP: 002b:00007ffc01972f80 EFLAGS: 00010206
[  278.359811][T17051] RAX: 0000000000000000 RBX: 00007f33da115fa0 RCX: 0000000000000000
[  278.359823][T17051] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555567250808
[  278.359909][T17051] RBP: 00007f33da117ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  278.359921][T17051] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000044132
[  278.359943][T17051] R13: 00007f33da116080 R14: ffffffffffffffff R15: 00007ffc01973090
[  278.359959][T17051]  </TASK>
[  278.582877][T17051] memory: usage 114020kB, limit 307200kB, failcnt 6163
[  278.590061][T17051] memory+swap: usage 101216kB, limit 9007199254740988kB, failcnt 0
[  278.598033][T17051] kmem: usage 18896kB, limit 9007199254740988kB, failcnt 0
[  278.605268][T17051] Memory cgroup stats for /syz1:
[  278.607849][T17051] cache 66945024
[  278.616401][T17051] rss 4096
[  278.619525][T17051] shmem 0
[  278.622457][T17051] mapped_file 0
[  278.625941][T17051] dirty 0
[  278.628881][T17051] writeback 12288
[  278.632531][T17051] workingset_refault_anon 325
[  278.637267][T17051] workingset_refault_file 2739
[  278.642056][T17051] swap 184320
[  278.645462][T17051] swapcached 28672
[  278.649393][T17051] pgpgin 427018
[  278.652883][T17051] pgpgout 410667
[  278.656421][T17051] pgfault 441880
[  278.660048][T17051] pgmajfault 181
[  278.663599][T17051] inactive_anon 12288
[  278.667576][T17051] active_anon 16384
[  278.671423][T17051] inactive_file 0
[  278.675045][T17051] active_file 0
[  278.675734][T17076] loop2: detected capacity change from 0 to 256
[  278.678557][T17051] unevictable 66945024
[  278.688853][T17051] hierarchical_memory_limit 314572800
[  278.694442][T17051] hierarchical_memsw_limit 9223372036854771712
[  278.700697][T17051] total_cache 66945024
[  278.700706][T17051] total_rss 4096
[  278.700713][T17051] total_shmem 0
[  278.711806][T17051] total_mapped_file 0
[  278.715782][T17051] total_dirty 0
[  278.719520][T17051] total_writeback 12288
[  278.723976][T17051] total_workingset_refault_anon 325
[  278.727705][T17047] vhci_hcd: connection reset by peer
[  278.729244][T17051] total_workingset_refault_file 2739
[  278.729300][T17051] total_swap 184320
[  278.729307][T17051] total_swapcached 28672
[  278.729313][T17051] total_pgpgin 427018
[  278.729319][T17051] total_pgpgout 410667
[  278.729326][T17051] total_pgfault 441880
[  278.729332][T17051] total_pgmajfault 181
[  278.729338][T17051] total_inactive_anon 12288
[  278.729344][T17051] total_active_anon 16384
[  278.729351][T17051] total_inactive_file 0
[  278.729361][T17051] total_active_file 0
[  278.729368][T17051] total_unevictable 66945024
[  278.729376][T17051] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4394,pid=17051,uid=0
[  278.729444][T17051] Memory cgroup out of memory: Killed process 17051 (syz.1.4394) total-vm:93760kB, anon-rss:944kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  278.731033][T12614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.818222][   T51] vhci_hcd: stop threads
[  278.831319][   T51] vhci_hcd: release socket
[  278.831333][   T51] vhci_hcd: disconnect device
[  278.854165][T17083] loop3: detected capacity change from 0 to 1024
[  278.861421][T17083] EXT4-fs: Ignoring removed orlov option
[  278.877735][T17085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4405'.
[  278.888181][T17083] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.950977][T17090] loop1: detected capacity change from 0 to 1024
[  278.957602][T17090] EXT4-fs: Ignoring removed orlov option
[  278.965751][T17090] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.085740][T17099] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4407'.
[  279.209062][T17102] Falling back ldisc for ttyS3.
[  279.246004][T12614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.343303][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.527049][T17133] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  279.533653][T17133] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  279.541248][T17133] vhci_hcd vhci_hcd.0: Device attached
[  279.728468][T17143] loop1: detected capacity change from 0 to 1024
[  279.736429][T17143] EXT4-fs: Ignoring removed orlov option
[  279.744290][T17143] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.839067][ T3386] page_pool_release_retry() stalled pool shutdown: id 59, 1 inflight 60 sec
[  279.987157][T17159] loop0: detected capacity change from 0 to 512
[  280.022619][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.040987][T17161] loop1: detected capacity change from 0 to 1024
[  280.047626][T17161] EXT4-fs: Ignoring removed orlov option
[  280.055122][T17161] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.125705][T17167] lo speed is unknown, defaulting to 1000
[  280.134076][   T29] kauditd_printk_skb: 297 callbacks suppressed
[  280.134088][   T29] audit: type=1326 audit(1753126747.643:9710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.163964][   T29] audit: type=1326 audit(1753126747.643:9711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.187489][   T29] audit: type=1326 audit(1753126747.643:9712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.211050][   T29] audit: type=1326 audit(1753126747.643:9713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.234595][   T29] audit: type=1326 audit(1753126747.643:9714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.251585][T17134] vhci_hcd: connection closed
[  280.258081][   T29] audit: type=1326 audit(1753126747.643:9715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.258599][ T7206] vhci_hcd: stop threads
[  280.262861][   T29] audit: type=1326 audit(1753126747.643:9716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.286312][ T7206] vhci_hcd: release socket
[  280.286326][ T7206] vhci_hcd: disconnect device
[  280.293045][   T29] audit: type=1326 audit(1753126747.743:9717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.346612][   T29] audit: type=1326 audit(1753126747.743:9718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.370112][   T29] audit: type=1326 audit(1753126747.743:9719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17168 comm="syz.0.4428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  280.407948][T17170] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4426'.
[  280.432463][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.451949][T17176] loop3: detected capacity change from 0 to 1024
[  280.458727][T17176] EXT4-fs: Ignoring removed mblk_io_submit option
[  280.465685][T17176] EXT4-fs: inline encryption not supported
[  280.472084][T17176] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  280.484386][T17176] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.4430: bad orphan inode 11
[  280.495414][T17176] EXT4-fs (loop3): Remounting filesystem read-only
[  280.501980][T17176] ext4_test_bit(bit=10, block=4) = 1
[  280.507280][T17176] is_bad_inode(inode)=0
[  280.511437][T17176] NEXT_ORPHAN(inode)=3254779904
[  280.516282][T17176] max_ino=32
[  280.519500][T17176] i_nlink=0
[  280.523076][T17176] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.550519][T12614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.636544][T17201] loop2: detected capacity change from 0 to 8192
[  280.795210][T17216] loop4: detected capacity change from 0 to 1024
[  280.833766][T17216] EXT4-fs: Ignoring removed orlov option
[  280.860388][T17216] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.889239][T17220] Falling back ldisc for ttyS3.
[  280.979933][T17243] SELinux: syz.1.4448 (17243) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  281.001957][T17244] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4441'.
[  281.016807][T17243] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17243 comm=syz.1.4448
[  281.030296][T17232] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17232 comm=syz.1.4448
[  281.086184][T17246] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  281.092737][T17246] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  281.100328][T17246] vhci_hcd vhci_hcd.0: Device attached
[  281.164770][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.182808][T17253] loop4: detected capacity change from 0 to 1024
[  281.189719][T17253] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  281.200726][T17253] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  281.210973][T17253] JBD2: no valid journal superblock found
[  281.216687][T17253] EXT4-fs (loop4): Could not load journal inode
[  281.339013][ T3394] usb 5-1: new low-speed USB device number 5 using vhci_hcd
[  281.454940][T17271] loop3: detected capacity change from 0 to 128
[  281.518502][T17281] loop1: detected capacity change from 0 to 1024
[  281.525374][T17281] EXT4-fs: Ignoring removed orlov option
[  281.534543][T17281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.550960][T17283] loop4: detected capacity change from 0 to 1024
[  281.568495][T17283] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  281.579548][T17283] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  281.594431][T17283] JBD2: no valid journal superblock found
[  281.600316][T17283] EXT4-fs (loop4): Could not load journal inode
[  281.617160][    T9] usb 3-1: enqueue for inactive port 0
[  281.623843][    T9] usb 3-1: enqueue for inactive port 0
[  281.654042][T17289] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4465'.
[  281.665399][T17290] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4463'.
[  281.699054][    T9] vhci_hcd: vhci_device speed not set
[  281.751692][T17294] loop4: detected capacity change from 0 to 1024
[  281.770806][T17294] EXT4-fs: Ignoring removed orlov option
[  281.793317][T17294] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.810912][T17247] vhci_hcd: connection reset by peer
[  281.816415][ T7249] vhci_hcd: stop threads
[  281.820728][ T7249] vhci_hcd: release socket
[  281.825161][ T7249] vhci_hcd: disconnect device
[  281.843957][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.963757][T17309] netlink: 'syz.0.4469': attribute type 1 has an invalid length.
[  281.971552][T17309] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4469'.
[  281.992743][T17309] bond3: entered promiscuous mode
[  281.997811][T17309] bond3: entered allmulticast mode
[  282.007787][T17309] 8021q: adding VLAN 0 to HW filter on device bond3
[  282.141457][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.153585][T17309] bond3 (unregistering): Released all slaves
[  282.336351][T17340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4481'.
[  282.465150][T17349] loop1: detected capacity change from 0 to 512
[  282.471811][T17349] ext4: Unknown parameter 'smackfsdef'
[  282.533349][T17350] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  282.665960][T17348] syz.1.4485 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  282.676983][T17348] CPU: 0 UID: 0 PID: 17348 Comm: syz.1.4485 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  282.677020][T17348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  282.677033][T17348] Call Trace:
[  282.677040][T17348]  <TASK>
[  282.677048][T17348]  __dump_stack+0x1d/0x30
[  282.677102][T17348]  dump_stack_lvl+0xe8/0x140
[  282.677125][T17348]  dump_stack+0x15/0x1b
[  282.677139][T17348]  dump_header+0x81/0x220
[  282.677165][T17348]  oom_kill_process+0x334/0x3f0
[  282.677224][T17348]  out_of_memory+0x979/0xb80
[  282.677253][T17348]  try_charge_memcg+0x5e6/0x9e0
[  282.677292][T17348]  charge_memcg+0x51/0xc0
[  282.677337][T17348]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  282.677363][T17348]  __read_swap_cache_async+0x1df/0x350
[  282.677418][T17348]  swap_cluster_readahead+0x277/0x3e0
[  282.677452][T17348]  swapin_readahead+0xde/0x6f0
[  282.677569][T17348]  ? __filemap_get_folio+0x4f7/0x6b0
[  282.677670][T17348]  ? swap_cache_get_folio+0x77/0x200
[  282.677699][T17348]  do_swap_page+0x301/0x2430
[  282.677716][T17348]  ? css_rstat_updated+0xcd/0x5b0
[  282.677818][T17348]  ? __pfx_default_wake_function+0x10/0x10
[  282.677890][T17348]  handle_mm_fault+0x9a5/0x2be0
[  282.677913][T17348]  ? mas_walk+0xf2/0x120
[  282.677941][T17348]  do_user_addr_fault+0x636/0x1090
[  282.677967][T17348]  ? fpregs_restore_userregs+0xe2/0x1d0
[  282.678019][T17348]  ? switch_fpu_return+0xe/0x20
[  282.678044][T17348]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  282.678074][T17348]  exc_page_fault+0x62/0xa0
[  282.678184][T17348]  asm_exc_page_fault+0x26/0x30
[  282.678204][T17348] RIP: 0033:0x7f33d9dc53fc
[  282.678220][T17348] Code: 66 0f 1f 44 00 00 69 3d b6 02 e8 00 e8 03 00 00 48 8d 1d b7 0b 35 00 e8 12 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00
[  282.678263][T17348] RSP: 002b:00007ffc01972f80 EFLAGS: 00010206
[  282.678311][T17348] RAX: 0000000000000000 RBX: 00007f33da115fa0 RCX: 0000000000000000
[  282.678324][T17348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555567250808
[  282.678334][T17348] RBP: 00007f33da117ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  282.678345][T17348] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000004528d
[  282.678356][T17348] R13: 00007f33da116080 R14: ffffffffffffffff R15: 00007ffc01973090
[  282.678372][T17348]  </TASK>
[  282.678400][T17348] memory: usage 307200kB, limit 307200kB, failcnt 6384
[  282.909296][T17348] memory+swap: usage 66360kB, limit 9007199254740988kB, failcnt 0
[  282.917092][T17348] kmem: usage 712kB, limit 9007199254740988kB, failcnt 0
[  282.924164][T17348] Memory cgroup stats for /syz1:
[  282.924918][T17348] cache 66945024
[  282.933420][T17348] rss 16384
[  282.936512][T17348] shmem 0
[  282.939446][T17348] mapped_file 0
[  282.942904][T17348] dirty 0
[  282.945817][T17348] writeback 4096
[  282.949379][T17348] workingset_refault_anon 350
[  282.954097][T17348] workingset_refault_file 2773
[  282.958834][T17348] swap 184320
[  282.962112][T17348] swapcached 16384
[  282.965864][T17348] pgpgin 434540
[  282.969331][T17348] pgpgout 418190
[  282.972859][T17348] pgfault 451031
[  282.976379][T17348] pgmajfault 200
[  282.979948][T17348] inactive_anon 4096
[  282.983817][T17348] active_anon 12288
[  282.987637][T17348] inactive_file 0
[  282.991289][T17348] active_file 0
[  282.994729][T17348] unevictable 66945024
[  282.998781][T17348] hierarchical_memory_limit 314572800
[  283.004193][T17348] hierarchical_memsw_limit 9223372036854771712
[  283.010414][T17348] total_cache 66945024
[  283.014543][T17348] total_rss 16384
[  283.018231][T17348] total_shmem 0
[  283.021701][T17348] total_mapped_file 0
[  283.025754][T17348] total_dirty 0
[  283.029262][T17348] total_writeback 4096
[  283.033322][T17348] total_workingset_refault_anon 350
[  283.038559][T17348] total_workingset_refault_file 2773
[  283.043850][T17348] total_swap 184320
[  283.047755][T17348] total_swapcached 16384
[  283.052010][T17348] total_pgpgin 434540
[  283.052097][T17348] total_pgpgout 418190
[  283.052105][T17348] total_pgfault 451031
[  283.052112][T17348] total_pgmajfault 200
[  283.068297][T17348] total_inactive_anon 4096
[  283.072752][T17348] total_active_anon 12288
[  283.077079][T17348] total_inactive_file 0
[  283.081255][T17348] total_active_file 0
[  283.085226][T17348] total_unevictable 66945024
[  283.089847][T17348] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4485,pid=17348,uid=0
[  283.104888][T17348] Memory cgroup out of memory: Killed process 17348 (syz.1.4485) total-vm:93760kB, anon-rss:944kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  283.214954][T17383] netlink: 100 bytes leftover after parsing attributes in process `syz.2.4495'.
[  283.317666][T17389] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  283.324226][T17389] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  283.331881][T17389] vhci_hcd vhci_hcd.0: Device attached
[  283.390242][T17406] loop1: detected capacity change from 0 to 512
[  283.396839][T17406] ext4: Unknown parameter 'smackfsdef'
[  283.460946][T17408] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  283.569007][ T3386] usb 7-1: new low-speed USB device number 6 using vhci_hcd
[  283.573264][T17405] syz.1.4503 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  283.587413][T17405] CPU: 0 UID: 0 PID: 17405 Comm: syz.1.4503 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  283.587437][T17405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  283.587450][T17405] Call Trace:
[  283.587457][T17405]  <TASK>
[  283.587466][T17405]  __dump_stack+0x1d/0x30
[  283.587488][T17405]  dump_stack_lvl+0xe8/0x140
[  283.587576][T17405]  dump_stack+0x15/0x1b
[  283.587669][T17405]  dump_header+0x81/0x220
[  283.587699][T17405]  oom_kill_process+0x334/0x3f0
[  283.587728][T17405]  out_of_memory+0x979/0xb80
[  283.587753][T17405]  try_charge_memcg+0x5e6/0x9e0
[  283.587840][T17405]  charge_memcg+0x51/0xc0
[  283.587869][T17405]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  283.587939][T17405]  __read_swap_cache_async+0x1df/0x350
[  283.588028][T17405]  swap_cluster_readahead+0x277/0x3e0
[  283.588055][T17405]  swapin_readahead+0xde/0x6f0
[  283.588087][T17405]  ? __filemap_get_folio+0x4f7/0x6b0
[  283.588124][T17405]  ? __rcu_read_unlock+0x34/0x70
[  283.588143][T17405]  ? swap_cache_get_folio+0x77/0x200
[  283.588166][T17405]  do_swap_page+0x301/0x2430
[  283.588201][T17405]  ? css_rstat_updated+0xcd/0x5b0
[  283.588231][T17405]  ? __pfx_default_wake_function+0x10/0x10
[  283.588257][T17405]  handle_mm_fault+0x9a5/0x2be0
[  283.588335][T17405]  ? mas_walk+0xf2/0x120
[  283.588368][T17405]  do_user_addr_fault+0x636/0x1090
[  283.588426][T17405]  exc_page_fault+0x62/0xa0
[  283.588453][T17405]  asm_exc_page_fault+0x26/0x30
[  283.588470][T17405] RIP: 0033:0x7f33d9dc53e9
[  283.588483][T17405] Code: 35 00 00 0f 8e 09 fe ff ff e8 a3 9f fe ff 49 39 c4 72 66 66 0f 1f 44 00 00 69 3d b6 02 e8 00 e8 03 00 00 48 8d 1d b7 0b 35 00 <e8> 12 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 80 7b 20
[  283.588497][T17405] RSP: 002b:00007ffc01972f80 EFLAGS: 00010206
[  283.588514][T17405] RAX: 0000000000045391 RBX: 00007f33da115fa0 RCX: 0000000000045178
[  283.588653][T17405] RDX: 0000000000000219 RSI: 00007ffc01972f60 RDI: 00000000000003e8
[  283.588670][T17405] RBP: 00007f33da117ba0 R08: 00000000201045d8 R09: 7fffffffffffffff
[  283.588681][T17405] R10: 3fffffffffffffff R11: 0000000000000293 R12: 0000000000045629
[  283.588692][T17405] R13: 00007f33da116080 R14: ffffffffffffffff R15: 00007ffc01973090
[  283.588707][T17405]  </TASK>
[  283.588745][T17405] memory: usage 302780kB, limit 307200kB, failcnt 6585
[  283.807542][T17405] memory+swap: usage 66356kB, limit 9007199254740988kB, failcnt 0
[  283.815424][T17405] kmem: usage 728kB, limit 9007199254740988kB, failcnt 0
[  283.822548][T17405] Memory cgroup stats for /syz1:
[  283.822739][T17405] cache 66945024
[  283.822778][ T3865] usb 9-1: enqueue for inactive port 0
[  283.827714][T17405] rss 28672
[  283.831267][ T3865] usb 9-1: enqueue for inactive port 0
[  283.836688][T17405] shmem 0
[  283.836696][T17405] mapped_file 0
[  283.851758][T17405] dirty 0
[  283.854701][T17405] writeback 0
[  283.858006][T17405] workingset_refault_anon 377
[  283.862673][T17405] workingset_refault_file 2790
[  283.867413][T17405] swap 180224
[  283.870747][T17405] swapcached 16384
[  283.874478][T17405] pgpgin 437670
[  283.877944][T17405] pgpgout 421319
[  283.881552][T17405] pgfault 454402
[  283.885085][T17405] pgmajfault 217
[  283.888703][T17405] inactive_anon 0
[  283.892351][T17405] active_anon 28672
[  283.896147][T17405] inactive_file 0
[  283.899771][T17405] active_file 0
[  283.903212][T17405] unevictable 66945024
[  283.907255][T17405] hierarchical_memory_limit 314572800
[  283.912620][T17405] hierarchical_memsw_limit 9223372036854771712
[  283.918765][T17405] total_cache 66945024
[  283.919007][ T3865] vhci_hcd: vhci_device speed not set
[  283.922854][T17405] total_rss 28672
[  283.931839][T17405] total_shmem 0
[  283.935299][T17405] total_mapped_file 0
[  283.939289][T17405] total_dirty 0
[  283.942722][T17405] total_writeback 0
[  283.946576][T17405] total_workingset_refault_anon 377
[  283.951887][T17405] total_workingset_refault_file 2790
[  283.957151][T17405] total_swap 180224
[  283.961014][T17405] total_swapcached 16384
[  283.965240][T17405] total_pgpgin 437670
[  283.965248][T17405] total_pgpgout 421319
[  283.965255][T17405] total_pgfault 454402
[  283.965262][T17405] total_pgmajfault 217
[  283.981480][T17405] total_inactive_anon 0
[  283.983417][T17399] vhci_hcd: connection reset by peer
[  283.985610][T17405] total_active_anon 28672
[  283.985619][T17405] total_inactive_file 0
[  283.985626][T17405] total_active_file 0
[  283.985634][T17405] total_unevictable 66945024
[  283.992201][ T7206] vhci_hcd: stop threads
[  283.995227][T17405] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  283.999452][ T7206] vhci_hcd: release socket
[  283.999465][ T7206] vhci_hcd: disconnect device
[  284.028255][T17405] ,cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4503,pid=17405,uid=0
[  284.038521][T17405] Memory cgroup out of memory: Killed process 17405 (syz.1.4503) total-vm:93760kB, anon-rss:944kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  284.122383][T17423] netlink: 'syz.0.4509': attribute type 10 has an invalid length.
[  284.133117][T17423] team0: Port device dummy0 added
[  284.195207][T17436] netlink: 100 bytes leftover after parsing attributes in process `syz.0.4514'.
[  284.248904][T17442] loop2: detected capacity change from 0 to 512
[  284.256154][T17442] ext4: Unknown parameter 'smackfsdef'
[  284.318201][T17446] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  284.859270][T17456] Falling back ldisc for ttyS3.
[  285.028401][T17466] loop2: detected capacity change from 0 to 1024
[  285.035431][T17466] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  285.046395][T17466] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  285.060795][T17466] JBD2: no valid journal superblock found
[  285.066548][T17466] EXT4-fs (loop2): Could not load journal inode
[  285.178688][T17471] lo speed is unknown, defaulting to 1000
[  286.399037][ T3394] usb 5-1: enqueue for inactive port 0
[  286.404577][ T3394] usb 5-1: enqueue for inactive port 0
[  286.479296][ T3394] vhci_hcd: vhci_device speed not set
[  287.228792][T17534] loop2: detected capacity change from 0 to 8192
[  288.639053][ T3386] usb 7-1: enqueue for inactive port 0
[  288.644629][ T3386] usb 7-1: enqueue for inactive port 0
[  288.719018][ T3386] vhci_hcd: vhci_device speed not set
[  289.110685][T17548] SELinux: syz.2.4544 (17548) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  289.125939][T17548] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17548 comm=syz.2.4544
[  289.139190][T17547] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17547 comm=syz.2.4544
[  289.388032][T17554] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17554 comm=syz.2.4546
[  289.401609][T17553] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17553 comm=syz.2.4546
[  289.414652][T17553] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=17553 comm=syz.2.4546
[  289.464041][T17558] loop2: detected capacity change from 0 to 1024
[  289.482357][T17558] EXT4-fs: Ignoring removed orlov option
[  289.488066][T17557] loop4: detected capacity change from 0 to 1024
[  289.496161][T17557] EXT4-fs: Ignoring removed mblk_io_submit option
[  289.510789][T17557] EXT4-fs: inline encryption not supported
[  289.517775][T17558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.531551][   T29] kauditd_printk_skb: 235 callbacks suppressed
[  289.531596][   T29] audit: type=1326 audit(1753126757.043:9955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.565175][T17557] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  289.575867][   T29] audit: type=1326 audit(1753126757.073:9956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.599471][   T29] audit: type=1326 audit(1753126757.073:9957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.622992][   T29] audit: type=1326 audit(1753126757.073:9958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.646580][   T29] audit: type=1326 audit(1753126757.073:9959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.647416][T17557] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.4548: bad orphan inode 11
[  289.670270][   T29] audit: type=1326 audit(1753126757.073:9960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.670298][   T29] audit: type=1326 audit(1753126757.073:9961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.682317][T17557] EXT4-fs (loop4): Remounting filesystem read-only
[  289.733739][T17557] ext4_test_bit(bit=10, block=4) = 1
[  289.739080][T17557] is_bad_inode(inode)=0
[  289.743222][T17557] NEXT_ORPHAN(inode)=3254779904
[  289.748196][T17557] max_ino=32
[  289.751418][T17557] i_nlink=0
[  289.755388][T17557] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.881014][   T29] audit: type=1326 audit(1753126757.113:9962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.904639][   T29] audit: type=1326 audit(1753126757.113:9963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  289.928166][   T29] audit: type=1326 audit(1753126757.113:9964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17567 comm="syz.0.4552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5be542e9a9 code=0x7ffc0000
[  290.084034][T13947] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.120150][T17585] loop0: detected capacity change from 0 to 1024
[  290.127351][T17585] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  290.138257][T17585] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  290.155165][T17585] JBD2: no valid journal superblock found
[  290.160961][T17585] EXT4-fs (loop0): Could not load journal inode
[  290.194174][T11681] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.252654][T17600] loop3: detected capacity change from 0 to 1024
[  290.269352][T17600] EXT4-fs: Ignoring removed orlov option
[  290.280437][T17603] SELinux: syz.4.4561 (17603) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  290.281741][T17602] loop2: detected capacity change from 0 to 8192
[  290.304141][T17603] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17603 comm=syz.4.4561
[  290.305293][T17600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.320291][T17596] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17596 comm=syz.4.4561
[  290.354629][T17598] loop1: detected capacity change from 0 to 8192
[  290.555412][T17624] loop0: detected capacity change from 0 to 1024
[  290.573240][T17624] EXT4-fs: Ignoring removed orlov option
[  290.591140][T17624] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.658642][T17629] loop4: detected capacity change from 0 to 1024
[  290.665891][T17629] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  290.676796][T17629] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  290.716196][T17629] JBD2: no valid journal superblock found
[  290.721985][T17629] EXT4-fs (loop4): Could not load journal inode
[  290.789205][T17636] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4570'.
[  290.885243][T12614] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.996352][T17644] SELinux: syz.3.4576 (17644) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  291.020989][T17644] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17644 comm=syz.3.4576
[  291.034409][T17644] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17644 comm=syz.3.4576
[  291.091960][T13779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.104263][T17650] loop4: detected capacity change from 0 to 8192
[  291.266144][T17665] loop4: detected capacity change from 0 to 1024
[  291.275696][T17665] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  291.286669][T17665] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  291.320905][T17665] JBD2: no valid journal superblock found
[  291.326732][T17665] EXT4-fs (loop4): Could not load journal inode
[  291.396609][T17678] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17678 comm=syz.3.4586
[  292.137664][T17690] netlink: zone id is out of range
[  292.142909][T17690] netlink: zone id is out of range
[  292.148015][T17690] netlink: zone id is out of range
[  292.153150][T17690] netlink: zone id is out of range
[  292.158252][T17690] netlink: zone id is out of range
[  292.163364][T17690] netlink: zone id is out of range
[  292.168528][T17690] netlink: zone id is out of range
[  292.173713][T17690] netlink: zone id is out of range
[  292.178809][T17690] netlink: zone id is out of range
[  292.183937][T17690] netlink: zone id is out of range
[  292.483874][T17702] loop3: detected capacity change from 0 to 1024
[  292.491101][T17702] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  292.502023][T17702] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  292.512930][T17702] JBD2: no valid journal superblock found
[  292.518722][T17702] EXT4-fs (loop3): Could not load journal inode
[  292.555914][T17711] SELinux: syz.1.4599 (17711) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  292.589645][T17713] random: crng reseeded on system resumption
[  292.639797][T17717] netlink: 76 bytes leftover after parsing attributes in process `syz.1.4603'.
[  293.071257][T17734] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4607'.
[  293.117366][T17742] loop0: detected capacity change from 0 to 1024
[  293.124947][T17742] EXT4-fs: Ignoring removed orlov option
[  293.132929][T17742] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.462727][T17753] loop4: detected capacity change from 0 to 1024
[  293.470242][T17753] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  293.481254][T17753] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  293.508806][T17753] JBD2: no valid journal superblock found
[  293.514644][T17753] EXT4-fs (loop4): Could not load journal inode
[  293.670704][T17767] loop3: detected capacity change from 0 to 512
[  293.677220][T17767] ext4: Unknown parameter 'smackfsdef'
[  293.811157][T17770] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  293.817700][T17770] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  293.825228][T17770] vhci_hcd vhci_hcd.0: Device attached
[  293.912362][T17778] netlink: 76 bytes leftover after parsing attributes in process `syz.1.4621'.
[  293.923197][T13779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.069066][ T3413] usb 9-1: new low-speed USB device number 5 using vhci_hcd
[  294.416063][T17772] vhci_hcd: connection reset by peer
[  294.422307][ T7206] vhci_hcd: stop threads
[  294.426624][ T7206] vhci_hcd: release socket
[  294.431079][ T7206] vhci_hcd: disconnect device
[  294.633099][T17797] loop3: detected capacity change from 0 to 8192
[  294.769753][T17806] loop3: detected capacity change from 0 to 512
[  294.776208][T17806] ext4: Unknown parameter 'smackfsdef'
[  295.083793][T17805] syz.3.4632 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  295.094857][T17805] CPU: 1 UID: 0 PID: 17805 Comm: syz.3.4632 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  295.094881][T17805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.094892][T17805] Call Trace:
[  295.094954][T17805]  <TASK>
[  295.094961][T17805]  __dump_stack+0x1d/0x30
[  295.094979][T17805]  dump_stack_lvl+0xe8/0x140
[  295.094995][T17805]  dump_stack+0x15/0x1b
[  295.095011][T17805]  dump_header+0x81/0x220
[  295.095059][T17805]  oom_kill_process+0x334/0x3f0
[  295.095082][T17805]  out_of_memory+0x979/0xb80
[  295.095159][T17805]  try_charge_memcg+0x5e6/0x9e0
[  295.095277][T17805]  charge_memcg+0x51/0xc0
[  295.095378][T17805]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  295.095404][T17805]  __read_swap_cache_async+0x1df/0x350
[  295.095509][T17805]  swap_cluster_readahead+0x277/0x3e0
[  295.095549][T17805]  swapin_readahead+0xde/0x6f0
[  295.095571][T17805]  ? __filemap_get_folio+0x4f7/0x6b0
[  295.095617][T17805]  ? __rcu_read_unlock+0x34/0x70
[  295.095638][T17805]  ? swap_cache_get_folio+0x77/0x200
[  295.095666][T17805]  do_swap_page+0x301/0x2430
[  295.095686][T17805]  ? css_rstat_updated+0xcd/0x5b0
[  295.095736][T17805]  ? __pfx_default_wake_function+0x10/0x10
[  295.095758][T17805]  handle_mm_fault+0x9a5/0x2be0
[  295.095780][T17805]  ? mas_walk+0xf2/0x120
[  295.095844][T17805]  do_user_addr_fault+0x636/0x1090
[  295.095875][T17805]  exc_page_fault+0x62/0xa0
[  295.095901][T17805]  asm_exc_page_fault+0x26/0x30
[  295.095985][T17805] RIP: 0033:0x7f54f43b53fc
[  295.096002][T17805] Code: 66 0f 1f 44 00 00 69 3d b6 02 e8 00 e8 03 00 00 48 8d 1d b7 0b 35 00 e8 12 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00
[  295.096019][T17805] RSP: 002b:00007ffced733db0 EFLAGS: 00010283
[  295.096036][T17805] RAX: 0000000000000000 RBX: 00007f54f4706080 RCX: 0000000000000000
[  295.096049][T17805] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055558f821808
[  295.096060][T17805] RBP: 00007f54f4707ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  295.096134][T17805] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000004829d
[  295.096147][T17805] R13: 00007f54f4706080 R14: ffffffffffffffff R15: 00007ffced733ec0
[  295.096211][T17805]  </TASK>
[  295.096217][T17805] memory: usage 307200kB, limit 307200kB, failcnt 2665
[  295.315290][T17805] memory+swap: usage 164856kB, limit 9007199254740988kB, failcnt 0
[  295.323270][T17805] kmem: usage 162184kB, limit 9007199254740988kB, failcnt 0
[  295.330574][T17805] Memory cgroup stats for /syz3:
[  295.330972][T17805] cache 0
[  295.338848][T17805] rss 0
[  295.341636][T17805] shmem 0
[  295.344574][T17805] mapped_file 0
[  295.348120][T17805] dirty 0
[  295.351116][T17805] writeback 8192
[  295.354658][T17805] workingset_refault_anon 512
[  295.359609][T17805] workingset_refault_file 1072
[  295.364368][T17805] swap 405504
[  295.367937][T17805] swapcached 8192
[  295.371589][T17805] pgpgin 309706
[  295.375059][T17805] pgpgout 309704
[  295.378610][T17805] pgfault 331641
[  295.382178][T17805] pgmajfault 334
[  295.385715][T17805] inactive_anon 8192
[  295.389623][T17805] active_anon 0
[  295.393219][T17805] inactive_file 0
[  295.396850][T17805] active_file 0
[  295.400328][T17805] unevictable 0
[  295.403796][T17805] hierarchical_memory_limit 314572800
[  295.409180][T17805] hierarchical_memsw_limit 9223372036854771712
[  295.415378][T17805] total_cache 0
[  295.418831][T17805] total_rss 0
[  295.422174][T17805] total_shmem 0
[  295.425624][T17805] total_mapped_file 0
[  295.429709][T17805] total_dirty 0
[  295.433166][T17805] total_writeback 8192
[  295.437224][T17805] total_workingset_refault_anon 512
[  295.442595][T17805] total_workingset_refault_file 1072
[  295.447874][T17805] total_swap 405504
[  295.451685][T17805] total_swapcached 8192
[  295.455831][T17805] total_pgpgin 309706
[  295.459891][T17805] total_pgpgout 309704
[  295.463952][T17805] total_pgfault 331641
[  295.468123][T17805] total_pgmajfault 334
[  295.472236][T17805] total_inactive_anon 8192
[  295.476655][T17805] total_active_anon 0
[  295.480702][T17805] total_inactive_file 0
[  295.484856][T17805] total_active_file 0
[  295.488825][T17805] total_unevictable 0
[  295.492817][T17805] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.4632,pid=17805,uid=0
[  295.507683][T17805] Memory cgroup out of memory: Killed process 17805 (syz.3.4632) total-vm:95808kB, anon-rss:1072kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  295.608364][   T29] kauditd_printk_skb: 96 callbacks suppressed
[  295.608377][   T29] audit: type=1326 audit(1753126763.113:10061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.639312][   T29] audit: type=1326 audit(1753126763.153:10062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.662934][   T29] audit: type=1326 audit(1753126763.153:10063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.663091][   T29] audit: type=1326 audit(1753126763.153:10064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.671274][   T29] audit: type=1326 audit(1753126763.153:10065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.735151][   T29] audit: type=1326 audit(1753126763.153:10066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.758758][   T29] audit: type=1326 audit(1753126763.153:10067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.782435][   T29] audit: type=1326 audit(1753126763.153:10068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.782461][   T29] audit: type=1326 audit(1753126763.153:10069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.817138][T17836] SELinux: syz.2.4642 (17836) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  295.829610][   T29] audit: type=1326 audit(1753126763.153:10070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17824 comm="syz.3.4640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f44de9a9 code=0x7ffc0000
[  295.877842][T17836] selinux_netlink_send: 10 callbacks suppressed
[  295.877855][T17836] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17836 comm=syz.2.4642
[  295.897539][T17830] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17830 comm=syz.2.4642
[  295.991963][T17852] program syz.0.4650 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  296.008747][T17849] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4646'.
[  296.040518][T17852] loop0: detected capacity change from 0 to 128
[  296.079082][T17856] Falling back ldisc for ttyS3.
[  296.084432][T17848] loop3: detected capacity change from 0 to 8192
[  296.200652][T17871] SELinux: syz.3.4655 (17871) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  296.216740][T17871] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17871 comm=syz.3.4655
[  296.230555][T17864] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17864 comm=syz.3.4655
[  296.314932][T17891] ip6gre2: entered allmulticast mode
[  296.340872][T17897] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4663'.
[  296.349916][T17897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4663'.
[  296.358846][T17897] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4663'.
[  296.763923][T17915] Invalid ELF header type: 3 != 1
[  296.772175][T17915] vcan0: entered allmulticast mode
[  296.777578][T17915] vcan0: left allmulticast mode
[  297.024695][T17938] SELinux: syz.1.4670 (17938) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  297.041668][T17938] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17938 comm=syz.1.4670
[  297.060534][T17937] loop3: detected capacity change from 0 to 1024
[  297.064591][T17933] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17933 comm=syz.1.4670
[  297.067447][T17937] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  297.090396][T17937] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  297.101003][T17937] JBD2: no valid journal superblock found
[  297.106744][T17937] EXT4-fs (loop3): Could not load journal inode
[  297.152547][T17945] netlink: 76 bytes leftover after parsing attributes in process `syz.1.4680'.
[  297.176637][T17949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4682'.
[  297.213894][T17948] loop4: detected capacity change from 0 to 1024
[  297.229473][T17948] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  297.240413][T17948] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  297.279829][T17948] JBD2: no valid journal superblock found
[  297.285597][T17948] EXT4-fs (loop4): Could not load journal inode
[  297.329858][T17949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4682'.
[  297.339444][T17949] netlink: 'syz.2.4682': attribute type 21 has an invalid length.
[  297.347454][T17949] IPv6: NLM_F_CREATE should be specified when creating new route
[  297.406505][T17975] loop2: detected capacity change from 0 to 1024
[  297.414372][T17975] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  297.425290][T17975] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  297.436407][T17975] JBD2: no valid journal superblock found
[  297.442222][T17975] EXT4-fs (loop2): Could not load journal inode
[  297.449790][T17982] SELinux: syz.1.4691 (17982) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  297.469801][T17982] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17982 comm=syz.1.4691
[  297.482878][T17978] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17978 comm=syz.1.4691
[  297.529295][T17988] loop2: detected capacity change from 0 to 512
[  297.536027][T17988] EXT4-fs: Invalid journal IO priority (must be 0-7)
[  297.545533][T17988] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17988 comm=syz.2.4695
[  297.558213][T17985] loop0: detected capacity change from 0 to 8192
[  297.567564][T17993] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=53264 sclass=netlink_audit_socket pid=17993 comm=syz.3.4694
[  297.635779][    T9] Process accounting resumed
[  297.680184][    T9] page_pool_release_retry() stalled pool shutdown: id 64, 1 inflight 60 sec
[  297.696946][T18009] loop3: detected capacity change from 0 to 1024
[  297.704885][T18009] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  297.715843][T18009] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  297.726762][T18009] JBD2: no valid journal superblock found
[  297.732559][T18009] EXT4-fs (loop3): Could not load journal inode
[  297.779611][T18007] Falling back ldisc for ttyS3.
[  297.790866][T18020] loop0: detected capacity change from 0 to 1024
[  297.799367][T18020] EXT4-fs: Ignoring removed orlov option
[  297.807035][T18020] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.831801][T18026] SELinux: syz.3.4707 (18026) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  297.892772][T18032] netem: change failed
[  297.925761][T18040] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4708'.
[  298.051390][T18043] loop3: detected capacity change from 0 to 8192
[  298.114538][T18047] loop1: detected capacity change from 0 to 1024
[  298.122147][T18047] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  298.133759][T18047] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  298.144734][T18047] JBD2: no valid journal superblock found
[  298.150513][T18047] EXT4-fs (loop1): Could not load journal inode
[  298.183303][T18050] loop1: detected capacity change from 0 to 1024
[  298.189987][T18050] EXT4-fs: Ignoring removed orlov option
[  298.209431][T18050] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.229865][T13779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.367219][T18070] ==================================================================
[  298.375333][T18070] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / writeback_single_inode
[  298.384540][T18070] 
[  298.386859][T18070] write to 0xffff888106ff85f8 of 4 bytes by task 18065 on cpu 0:
[  298.394577][T18070]  writeback_single_inode+0x14a/0x3e0
[  298.399959][T18070]  sync_inode_metadata+0x5b/0x90
[  298.404895][T18070]  generic_buffers_fsync_noflush+0xd9/0x120
[  298.410798][T18070]  ext4_sync_file+0x1ab/0x690
[  298.415478][T18070]  vfs_fsync_range+0x10d/0x130
[  298.420256][T18070]  ext4_buffered_write_iter+0x34f/0x3c0
[  298.425811][T18070]  ext4_file_write_iter+0x383/0xf00
[  298.431016][T18070]  iter_file_splice_write+0x5f2/0x970
[  298.436416][T18070]  direct_splice_actor+0x156/0x2a0
[  298.441534][T18070]  splice_direct_to_actor+0x312/0x680
[  298.446918][T18070]  do_splice_direct+0xda/0x150
[  298.451692][T18070]  do_sendfile+0x380/0x650
[  298.456104][T18070]  __x64_sys_sendfile64+0x105/0x150
[  298.461310][T18070]  x64_sys_call+0xb39/0x2fb0
[  298.465884][T18070]  do_syscall_64+0xd2/0x200
[  298.470367][T18070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.476244][T18070] 
[  298.478562][T18070] read to 0xffff888106ff85f8 of 4 bytes by task 18070 on cpu 1:
[  298.486169][T18070]  generic_buffers_fsync_noflush+0x80/0x120
[  298.492052][T18070]  ext4_sync_file+0x1ab/0x690
[  298.496710][T18070]  vfs_fsync_range+0x10d/0x130
[  298.501895][T18070]  ext4_buffered_write_iter+0x34f/0x3c0
[  298.507421][T18070]  ext4_file_write_iter+0x383/0xf00
[  298.512599][T18070]  iter_file_splice_write+0x5f2/0x970
[  298.517958][T18070]  direct_splice_actor+0x156/0x2a0
[  298.523056][T18070]  splice_direct_to_actor+0x312/0x680
[  298.528428][T18070]  do_splice_direct+0xda/0x150
[  298.533174][T18070]  do_sendfile+0x380/0x650
[  298.537569][T18070]  __x64_sys_sendfile64+0x105/0x150
[  298.542749][T18070]  x64_sys_call+0xb39/0x2fb0
[  298.547318][T18070]  do_syscall_64+0xd2/0x200
[  298.551803][T18070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.557680][T18070] 
[  298.559996][T18070] value changed: 0x00000038 -> 0x00000002
[  298.565726][T18070] 
[  298.568029][T18070] Reported by Kernel Concurrency Sanitizer on:
[  298.574163][T18070] CPU: 1 UID: 0 PID: 18070 Comm: syz.1.4719 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  298.584904][T18070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.594940][T18070] ==================================================================
[  299.020449][T11148] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.129232][ T3413] usb 9-1: enqueue for inactive port 0
[  299.134744][ T3413] usb 9-1: enqueue for inactive port 0
[  299.209020][ T3413] vhci_hcd: vhci_device speed not set