last executing test programs:

7.446908368s ago: executing program 0 (id=351):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x5000000, &(0x7f00000009c0)=ANY=[], 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000100000022bf"], 0x48)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000740), &(0x7f0000000840), 0xffffd6c0, r1}, 0x38)
r2 = fspick(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)

6.569450193s ago: executing program 0 (id=359):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[], 0x50)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r1, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f0000000000), 0x0}, 0x20)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0xa, 0x4e23, 0x81, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000000c0)="06", 0x1}], 0x1}, 0x80001)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000540)={0x3, 0x4, 0x202, 0x17558e07, 0x90e, 0x7c26, 0xffffffff, 0x7, r4}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a3000000000e4000000160a01000000000000000000010000010900010073797a30000000000900020073797a3000000000b80003800800014000000000a400038014000100776c616e3000000000000000000000001400010076657468305f746f5f62617461647600120001006d6163766c616e3100000000000000001400010067656e657665310000000000000000000a0001006772653000000000000000000000000014000100776c616e3100000000000000000000001400010076657468315f766972745f77696669001400010076657468305f746f5f626f6e64000000080002400000000604020000180a0101000b000000000000010000000900010073797a3000000000e800038008000140000000000800014000000000cc0003801400010069703665727370616e3000000000000014000100776732000000000000000000000000001400010076657468305f6d61637674617000000014000100626f6e645f736c6176655f310000000014000100626f6e645f736c6176655f300000000014000100636169663000000000000000000000001400010070696d726567300000000000000000001400010070696d726567310000000000000000001400010076657468315f746f5f7465616d0000001400010070696d3672656731000000000000000008000140000000200900020073797a3000000000d80003"], 0x330}}, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={r4, 0x800, 0x9, 0x3}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r9}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
sendmsg$inet(r8, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)

5.684695207s ago: executing program 0 (id=371):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x4f}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ptrace$PTRACE_SETSIGMASK(0x420b, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8], 0x4)

5.49856835s ago: executing program 0 (id=373):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x30000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x1c}, 0x0, 0x0, 0x800020, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYBLOB='\a'], 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304, 0x36}, "1a88ef816c4b42ed", "a5fdeb69a751e94df50ad7e9fb434d1665e9298b01e49419567b443803cf578f", '\x00\t\x00', "066580001e00"}, 0x38)
setsockopt$inet6_tcp_int(r2, 0x11a, 0x4, &(0x7f0000000100), 0x3c)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x20, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x303}, "74b658a7aa0b2d59", "a4918a29c9ea8feb40a19d514e52f36f", "0600abc2", "ff9019438d66c38c"}, 0x28)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r1, 0x0, r4, 0x0, 0x4, 0x0)
recvmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x10301, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r5 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x3, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x310)
syz_genetlink_get_family_id$fou(&(0x7f00000001c0), r3)
r6 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2f, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x20000, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0xfffe, 0x0, @mcast2, 0x80000000}}}, 0x108)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xa4ffffff, @rand_addr=' \x01\x00'}}}, 0x15a)
r7 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r7, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x12e, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf")

3.292513836s ago: executing program 2 (id=398):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20000000, 0x4b}, 0x10, 0x0, 0x0, 0x1, 0x10000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe12)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
r3 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0)
write$binfmt_script(r3, &(0x7f0000000240)={'#! ', './file0'}, 0xb)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3e, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, "ff00f7000000000000000000af88008300"})
r7 = syz_open_pts(r6, 0x141601)
write(r7, &(0x7f0000000000)="d5", 0xfffffedf)
close_range(r6, 0xffffffffffffffff, 0x0)

2.372387081s ago: executing program 3 (id=405):
bpf$PROG_LOAD(0x5, 0x0, 0x39)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="48d0253af373269312daaddfcea45b2e2a92574f47c100cdec8da90a6e4f961bec3f11b2f8641fcd87a1f32726d78f6dd17c283ba326c4b7cc573a87140b7cabc0cb1efd0000", @ANYRES16=0x0, @ANYBLOB="01012cbd7000fddbdf25020000000800060000010000080005008000000008000600010000003c000180080008000000000014000300ac1414bb00000000000000000000000008000b0073697000140003000000000000000000000000000000000160000380080003000300000008000500640101020800030002000000140002006873723000000000000000000000000014000600fc01000000000000000000000000000005000800080000001400020076657468305f746f5f62726964676500"], 0xc8}, 0x1, 0x0, 0x0, 0x80}, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
sendmsg$key(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x800)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000240)={'syztnl0\x00', <r5=>0x0, 0x4, 0x80, 0x8, 0x9eea, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, 0x80, 0x17fc8, 0x3, 0x10}})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0xc)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r7}, 0x18)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000240)=ANY=[@ANYBLOB="9645000008"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x6, '\x00', r5, 0xffffffffffffffff, 0x3, 0x4, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x16, &(0x7f0000000580)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], &(0x7f0000000100)='GPL\x00', 0x2, 0xeb, &(0x7f0000000640)=""/235, 0x41100, 0x2, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000400)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0x9, 0x2, 0x4}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000940)=[r0, 0xffffffffffffffff, r8, r4, r0, r1, 0xffffffffffffffff, r4, r4, r0], &(0x7f0000000980)=[{0x4, 0x4, 0xf, 0xc}, {0x5, 0x2, 0x1, 0x3}, {0x5, 0x1, 0xc, 0x2}], 0x10, 0xff}, 0x94)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000300)=0x2)
ioctl$PPPIOCSACTIVE(r9, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(r9, 0x0, 0x0)

2.333855831s ago: executing program 2 (id=406):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@ipv6_newrule={0x30, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008081}, 0x4000000)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)

2.236112974s ago: executing program 1 (id=407):
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')

2.167475255s ago: executing program 2 (id=408):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r1)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$keyring(&(0x7f0000000000), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000))
msgget$private(0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x20000023896)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000180)={0x80, 0x2a, 0x3})
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r6, &(0x7f0000004200)='t', 0x1)
socket$pppoe(0x18, 0x1, 0x0)
sendfile(r6, r5, 0x0, 0x3ffff)
sendfile(r6, r5, 0x0, 0x7ffff000)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000040)={0x80, 0x18, 0x2, 0xfffffff7, 0x0, 0x9})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
unshare(0x62040200)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50)

2.166857225s ago: executing program 1 (id=409):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70223000200f100850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
r3 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd78c, 0x8, 0x3, 0xbffffffa}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000340)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000})
io_uring_enter(r3, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
r7 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x1, &(0x7f0000000040)=<r8=>0x0)
io_submit(r8, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f0000000000), 0x1a00001a}])
syz_io_uring_setup(0x20ad, &(0x7f0000000180)={0x0, 0xe7b3, 0x100, 0x1, 0x163}, &(0x7f0000000200), &(0x7f0000000280))
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r11}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r10}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r12}, 0x38)

2.024580277s ago: executing program 4 (id=410):
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRESHEX, @ANYRES32], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="00000500000000000000c689", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0500"/24, @ANYRES32, @ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000001}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000200)='syzkaller\x00', 0xfffffffc, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='svc_xprt_accept\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

1.87078938s ago: executing program 4 (id=411):
r0 = open(&(0x7f0000000300)='.\x00', 0x8100, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000380)={'tunl0\x00', &(0x7f0000000c80)={'sit0\x00', 0x0, 0x0, 0x80, 0x6, 0x3073, {{0xd, 0x4, 0x1, 0x2d, 0x34, 0x64, 0x0, 0x3, 0x2f, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x2b}, {[@noop, @rr={0x7, 0x3, 0x41}, @generic={0x82, 0x9, "599c0c20d96270"}, @cipso={0x86, 0x11, 0x3, [{0x5, 0x5, "e36caa"}, {0x5, 0x2}, {0x7, 0x4, "e7ba"}]}, @generic={0x94, 0x2}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000400)={'ip_vti0\x00', &(0x7f0000000600)={'gre0\x00', 0x0, 0x8, 0x80, 0x0, 0x8, {{0xf, 0x4, 0x2, 0x4, 0x3c, 0x68, 0x0, 0x7, 0x2f, 0x0, @remote, @rand_addr=0x64010102, {[@cipso={0x86, 0x25, 0x1, [{0x2, 0x10, "793af4e1317c2313d1386a1e2598"}, {0x7, 0x4, "dcdb"}, {0x5, 0xb, "fcff4e94f7d2a1f8fa"}]}]}}}}})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000540)={'pim6reg0\x00'})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x48801}, 0x0)

1.784420071s ago: executing program 4 (id=412):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a52406e3427cef8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850010000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030003220000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400070c0000000005000500000000000a000000000000000000000000000000000000000000000107000000000000001200080008"], 0x110}, 0x1, 0x7}, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x2d02)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x4, &(0x7f00000002c0)=[{0x7, 0xb, 0x7, 0x3ff}, {0x2, 0x4, 0x0, 0x10004}, {0x5, 0x15, 0x5, 0x9}, {0x1000, 0x6, 0x7, 0x1}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc000, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x10)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
r7 = syz_open_dev$mouse(&(0x7f0000000440), 0x400, 0x2800)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x0, &(0x7f00000002c0), &(0x7f0000000340)='GPL\x00', 0x5, 0x63, &(0x7f0000000380)=""/99, 0x41100, 0x70, '\x00', 0x0, @fallback=0x12, r6, 0x8, &(0x7f0000000400)={0x7, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0x0, &(0x7f0000000480)=[r6, r6, r7, r6, r6], 0x0, 0x10, 0xd}, 0x94)
getpid()
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r8}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1}, 0x6e)
r9 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r9, &(0x7f0000000080)=@file={0x1}, 0x6e)
close(0xffffffffffffffff)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB='+cp \x00'], 0x5)

1.648377933s ago: executing program 4 (id=413):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x20, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000002000a38000000030a03000000000000000000020000050c00024000000000000002010900010073797a30000000000900030073797a3000000000140000001100010000000000000000000a00000a31d89f1a84b27c3a6444180ae4364053c696e817f8ee463fa71685429fc586cf137f784b80c43d3fb0262892022af32141d3954040d613650e7df27fb129fccd33c9ce662dce8397aabf49889411c44938b31affd4e41e042423c7e885032176f0ae"], 0x60}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
io_pgetevents(0x0, 0x2, 0x1, &(0x7f0000000080)=[{}], 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e00000040000000001000000400000004000000", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000300000000004749ffffffffff2201000000008000000000"], 0x50)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000280), r1)
socket$can_raw(0x1d, 0x3, 0x1)
read(r7, &(0x7f0000000400)=""/87, 0x57)
r8 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r8)
getsockname$packet(r8, &(0x7f00000002c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x6488, &(0x7f0000000240)={&(0x7f00000006c0)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x400, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008051}, 0x4000)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="540000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="04820000180001002c0012800b00010069703667726500001c0002800400120014000700fe88000000000000000000000000000108000a00", @ANYRES32=r9, @ANYBLOB="a1dcf0cddbba9cf1ce0800e2440c447b80b8f9"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8000)

1.479451626s ago: executing program 3 (id=414):
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r0=>0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x14c58, 0x5, 0x0, 0x1, 0x6, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r5, 0x0, r7, 0x0, 0x88000cc, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1e0000000500000010000000f215000028290000", @ANYRES32=r7, @ANYBLOB="008000"/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0500000001000000010000000a00"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc90}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sync()
sync()
write$eventfd(r6, &(0x7f0000000240), 0xffffff14)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x4000000, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff}, 0x0, 0x1}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1ff, 0x0, 0xfffffc80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x0, 0xffffffff, 0x2, 0xafd, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0xfffffffd, 0x400000, 0x3, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb484, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7fffffff, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x4, 0xfffffffd, 0x0, 0x0, 0x3ff, 0xfffffffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, 0xfffffffd, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0xfffffffd]}]}}]}, 0x45c}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000001180)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@min_batch_time={'min_batch_time', 0x3d, 0x2}}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=")
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.391260587s ago: executing program 0 (id=415):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x48)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000800)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000800)={0x114, 0x28, 0x1, 0x4, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x8000)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\xac\xed\x00\x00')
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1c, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad80168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000000)='syzkaller\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r4, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000000300)="b9faffffffffffffff9ec6ff02e360bc8551", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=")

1.20779212s ago: executing program 0 (id=416):
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r0=>0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x14c58, 0x5, 0x0, 0x1, 0x6, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r5, 0x0, r7, 0x0, 0x88000cc, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1e0000000500000010000000f215000028290000", @ANYRES32=r7, @ANYBLOB="008000"/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0500000001000000010000000a00"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc90}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sync()
sync()
write$eventfd(r6, &(0x7f0000000240), 0xffffff14)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x4000000, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff}, 0x0, 0x1}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1ff, 0x0, 0xfffffc80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x0, 0xffffffff, 0x2, 0xafd, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0xfffffffd, 0x400000, 0x3, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb484, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7fffffff, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x4, 0xfffffffd, 0x0, 0x0, 0x3ff, 0xfffffffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, 0xfffffffd, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0xfffffffd]}]}}]}, 0x45c}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000001180)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@min_batch_time={'min_batch_time', 0x3d, 0x2}}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=")
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.201482491s ago: executing program 2 (id=417):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x5}, 0x18)
socket$unix(0x1, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x18)
bpf$MAP_CREATE(0x200000000000000, &(0x7f0000000380)=@base={0xa, 0x101, 0x7ffc, 0xcc}, 0x50)

1.1932311s ago: executing program 1 (id=418):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@ipv6_newrule={0x30, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008081}, 0x4000000)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)

1.063250563s ago: executing program 2 (id=419):
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')

1.062521753s ago: executing program 1 (id=420):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000180)={0x0, &(0x7f0000000040)=""/12, &(0x7f0000000240), &(0x7f00000005c0), 0x4, r0}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES64=r0], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)

1.037313423s ago: executing program 2 (id=421):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20000000, 0x4b}, 0x10, 0x0, 0x0, 0x1, 0x10000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe12)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
r3 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0)
write$binfmt_script(r3, &(0x7f0000000240)={'#! ', './file0'}, 0xb)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3e, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, "ff00f7000000000000000000af88008300"})
syz_open_pts(r6, 0x141601)
close_range(r6, 0xffffffffffffffff, 0x0)

972.536674ms ago: executing program 1 (id=422):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x20025, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
socketpair(0x1e, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f00000000c0)='\x00')
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x3, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100), &(0x7f00000002c0))
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x10001]}, 0x8, 0x0)
ppoll(&(0x7f00000000c0)=[{r2, 0x10}, {r2, 0x1a084}], 0x2, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000600)='kfree\x00', r3}, 0x18)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x5, 0x5}, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)

790.285857ms ago: executing program 4 (id=423):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x50)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r1, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f0000000000), 0x0}, 0x20)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0xa, 0x4e23, 0x81, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000000c0)="06", 0x1}], 0x1}, 0x80001)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000540)={0x3, 0x4, 0x202, 0x17558e07, 0x90e, 0x7c26, 0xffffffff, 0x7, r4}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a3000000000e4000000160a01000000000000000000010000010900010073797a30000000000900020073797a3000000000b80003800800014000000000a400038014000100776c616e3000000000000000000000001400010076657468305f746f5f62617461647600120001006d6163766c616e3100000000000000001400010067656e657665310000000000000000000a0001006772653000000000000000000000000014000100776c616e3100000000000000000000001400010076657468315f766972745f77696669001400010076657468305f746f5f626f6e64000000080002400000000604020000180a0101000b000000000000010000000900010073797a3000000000e800038008000140000000000800014000000000cc0003801400010069703665727370616e3000000000000014000100776732000000000000000000000000001400010076657468305f6d61637674617000000014000100626f6e645f736c6176655f310000000014000100626f6e645f736c6176655f300000000014000100636169663000000000000000000000001400010070696d726567300000000000000000001400010070696d726567310000000000000000001400010076657468315f746f5f7465616d0000001400010070696d3672656731000000000000000008000140000000200900020073797a3000000000d80003"], 0x330}}, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={r4, 0x800, 0x9, 0x3}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r9}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
sendmsg$inet(r8, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)

761.094397ms ago: executing program 4 (id=424):
bpf$PROG_LOAD(0x5, 0x0, 0x39)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="48d0253af373269312daaddfcea45b2e2a92574f47c100cdec8da90a6e4f961bec3f11b2f8641fcd87a1f32726d78f6dd17c283ba326c4b7cc573a87140b7cabc0cb1efd0000", @ANYRES16=0x0, @ANYBLOB="01012cbd7000fddbdf25020000000800060000010000080005008000000008000600010000003c000180080008000000000014000300ac1414bb00000000000000000000000008000b0073697000140003000000000000000000000000000000000160000380080003000300000008000500640101020800030002000000140002006873723000000000000000000000000014000600fc01000000000000000000000000000005000800080000001400020076657468305f746f5f62726964676500"], 0xc8}, 0x1, 0x0, 0x0, 0x80}, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
sendmsg$key(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x800)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000240)={'syztnl0\x00', <r5=>0x0, 0x4, 0x80, 0x8, 0x9eea, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, 0x80, 0x17fc8, 0x3, 0x10}})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0xc)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r7}, 0x18)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000240)=ANY=[@ANYBLOB="9645000008"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x6, '\x00', r5, 0xffffffffffffffff, 0x3, 0x4, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x16, &(0x7f0000000580)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], &(0x7f0000000100)='GPL\x00', 0x2, 0xeb, &(0x7f0000000640)=""/235, 0x41100, 0x2, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000400)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0x9, 0x2, 0x4}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000940)=[r0, 0xffffffffffffffff, r8, r4, r0, r1, 0xffffffffffffffff, r4, r4, r0], &(0x7f0000000980)=[{0x4, 0x4, 0xf, 0xc}, {0x5, 0x2, 0x1, 0x3}, {0x5, 0x1, 0xc, 0x2}], 0x10, 0xff}, 0x94)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000300)=0x2)
ioctl$PPPIOCSACTIVE(r9, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(r9, 0x0, 0x0)

569.65712ms ago: executing program 3 (id=425):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="08000000040000"], 0x50)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r1, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f0000000000), 0x0}, 0x20)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0xa, 0x4e23, 0x81, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000000c0)="06", 0x1}], 0x1}, 0x80001)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000540)={0x3, 0x4, 0x202, 0x17558e07, 0x90e, 0x7c26, 0xffffffff, 0x7, r4}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a3000000000e4000000160a01000000000000000000010000010900010073797a30000000000900020073797a3000000000b80003800800014000000000a400038014000100776c616e3000000000000000000000001400010076657468305f746f5f62617461647600120001006d6163766c616e3100000000000000001400010067656e657665310000000000000000000a0001006772653000000000000000000000000014000100776c616e3100000000000000000000001400010076657468315f766972745f77696669001400010076657468305f746f5f626f6e64000000080002400000000604020000180a0101000b000000000000010000000900010073797a3000000000e800038008000140000000000800014000000000cc0003801400010069703665727370616e3000000000000014000100776732000000000000000000000000001400010076657468305f6d61637674617000000014000100626f6e645f736c6176655f310000000014000100626f6e645f736c6176655f300000000014000100636169663000000000000000000000001400010070696d726567300000000000000000001400010070696d726567310000000000000000001400010076657468315f746f5f7465616d0000001400010070696d3672656731000000000000000008000140000000200900020073797a3000000000d80003"], 0x330}}, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={r4, 0x800, 0x9, 0x3}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r9}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
sendmsg$inet(r8, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)

543.911151ms ago: executing program 3 (id=426):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f6", 0x5a}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)

513.465932ms ago: executing program 3 (id=427):
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x8000000, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

495.960542ms ago: executing program 3 (id=428):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x44, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20000000, 0x4b}, 0x10, 0x0, 0x0, 0x1, 0x10000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe12)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
r3 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0)
write$binfmt_script(r3, &(0x7f0000000240)={'#! ', './file0'}, 0xb)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3e, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, "ff00f7000000000000000000af88008300"})
syz_open_pts(r6, 0x141601)
close_range(r6, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=429):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70223000200f100850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
r3 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd78c, 0x8, 0x3, 0xbffffffa}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000340)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000})
io_uring_enter(r3, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
r7 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x1, &(0x7f0000000040)=<r8=>0x0)
io_submit(r8, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f0000000000), 0x1a00001a}])
syz_io_uring_setup(0x20ad, &(0x7f0000000180)={0x0, 0xe7b3, 0x100, 0x1, 0x163}, &(0x7f0000000200), &(0x7f0000000280))
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r11}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r10}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

eric 0000:0000:0000.0002: unknown main item tag 0x0
[   43.896356][   T10] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   43.903887][   T10] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   43.912582][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.922016][   T10] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   43.922949][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.969545][   T29] kauditd_printk_skb: 169 callbacks suppressed
[   43.969560][   T29] audit: type=1400 audit(1753534321.974:276): avc:  denied  { name_bind } for  pid=3741 comm="syz.1.63" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   44.004178][ T3738] fido_id[3738]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   44.018997][ T3745] loop0: detected capacity change from 0 to 1024
[   44.023233][   T29] audit: type=1400 audit(1753534322.014:277): avc:  denied  { read } for  pid=3741 comm="syz.1.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   44.111816][ T3745] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.121831][ T3756] loop4: detected capacity change from 0 to 764
[   44.139281][ T3756] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   44.156233][   T29] audit: type=1400 audit(1753534322.164:278): avc:  denied  { mount } for  pid=3755 comm="syz.4.64" name="/" dev="loop4" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   44.188346][   T29] audit: type=1400 audit(1753534322.164:279): avc:  denied  { unmount } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   44.189343][ T3761] netlink: 'syz.1.65': attribute type 10 has an invalid length.
[   44.263610][ T3769] loop2: detected capacity change from 0 to 128
[   44.283265][ T3761] 8021q: adding VLAN 0 to HW filter on device batadv0
[   44.290303][ T3770] loop3: detected capacity change from 0 to 512
[   44.306405][   T29] audit: type=1400 audit(1753534322.314:280): avc:  denied  { mount } for  pid=3768 comm="syz.2.68" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   44.323778][ T3761] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   44.342917][ T3769] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   44.350818][ T3769] FAT-fs (loop2): Filesystem has been set read-only
[   44.363311][ T3771] loop4: detected capacity change from 0 to 512
[   44.375142][ T3770] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.388752][ T3771] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.397780][ T3769] syz.2.68: attempt to access beyond end of device
[   44.397780][ T3769] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   44.411790][ T3770] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   44.443003][ T3769] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   44.447773][ T3771] ext4 filesystem being mounted at /13/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   44.450876][ T3769] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   44.484552][ T3776] syz.2.68: attempt to access beyond end of device
[   44.484552][ T3776] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[   44.489225][ T3770] ext4: Unknown parameter '00000010'
[   44.497727][ T3776] Buffer I/O error on dev loop2, logical block 2065, async page read
[   44.514755][ T3776] syz.2.68: attempt to access beyond end of device
[   44.514755][ T3776] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[   44.527967][ T3776] Buffer I/O error on dev loop2, logical block 2066, async page read
[   44.539622][ T3778] netlink: 'syz.2.68': attribute type 10 has an invalid length.
[   44.547009][ T3771] ext4: Unknown parameter '00000010'
[   44.557724][ T3778] 8021q: adding VLAN 0 to HW filter on device batadv0
[   44.575502][ T3778] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   44.589671][ T3776] syz.2.68: attempt to access beyond end of device
[   44.589671][ T3776] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[   44.602817][ T3776] Buffer I/O error on dev loop2, logical block 2067, async page read
[   44.607008][ T3781] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pid=3781 comm=syz.1.70
[   44.628182][ T3776] syz.2.68: attempt to access beyond end of device
[   44.628182][ T3776] loop2: rw=0, sector=2068, nr_sectors = 1 limit=128
[   44.641403][ T3776] Buffer I/O error on dev loop2, logical block 2068, async page read
[   44.655497][   T29] audit: type=1400 audit(1753534322.664:281): avc:  denied  { mounton } for  pid=3780 comm="syz.1.70" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   44.678751][ T3776] syz.2.68: attempt to access beyond end of device
[   44.678751][ T3776] loop2: rw=0, sector=2069, nr_sectors = 1 limit=128
[   44.692311][ T3776] Buffer I/O error on dev loop2, logical block 2069, async page read
[   44.726522][ T3776] syz.2.68: attempt to access beyond end of device
[   44.726522][ T3776] loop2: rw=0, sector=2070, nr_sectors = 1 limit=128
[   44.739791][ T3776] Buffer I/O error on dev loop2, logical block 2070, async page read
[   44.771869][ T3784] bridge_slave_1: left allmulticast mode
[   44.777631][ T3784] bridge_slave_1: left promiscuous mode
[   44.783367][ T3784] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.795119][ T3776] syz.2.68: attempt to access beyond end of device
[   44.795119][ T3776] loop2: rw=0, sector=2071, nr_sectors = 1 limit=128
[   44.808324][ T3776] Buffer I/O error on dev loop2, logical block 2071, async page read
[   44.818093][ T3784] bridge_slave_0: left allmulticast mode
[   44.824044][ T3784] bridge_slave_0: left promiscuous mode
[   44.829826][ T3784] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.840331][ T3776] syz.2.68: attempt to access beyond end of device
[   44.840331][ T3776] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128
[   44.853458][ T3776] Buffer I/O error on dev loop2, logical block 2072, async page read
[   44.861642][ T3769] syz.2.68: attempt to access beyond end of device
[   44.861642][ T3769] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[   44.874824][ T3769] Buffer I/O error on dev loop2, logical block 2065, async page read
[   44.885446][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.901872][ T3769] Buffer I/O error on dev loop2, logical block 2066, async page read
[   44.935498][ T3786] __nla_validate_parse: 10 callbacks suppressed
[   44.935516][ T3786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.72'.
[   44.958797][ T3778] netlink: 'syz.2.68': attribute type 10 has an invalid length.
[   44.966548][ T3778] netlink: 40 bytes leftover after parsing attributes in process `syz.2.68'.
[   44.998280][ T3786] loop0: detected capacity change from 0 to 1024
[   45.016578][ T3778] batadv0: entered promiscuous mode
[   45.021863][ T3778] batadv0: entered allmulticast mode
[   45.041612][   T29] audit: type=1400 audit(1753534323.044:282): avc:  denied  { write } for  pid=3787 comm="syz.1.73" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   45.069593][ T3778] bond0: (slave batadv0): Releasing backup interface
[   45.084429][ T3778] bridge0: port 3(batadv0) entered blocking state
[   45.090976][ T3778] bridge0: port 3(batadv0) entered disabled state
[   45.116120][   T29] audit: type=1400 audit(1753534323.094:283): avc:  denied  { sqpoll } for  pid=3787 comm="syz.1.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   45.143307][ T3786] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.188801][ T3788] lo speed is unknown, defaulting to 1000
[   45.211519][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.262506][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.272240][   T29] audit: type=1400 audit(1753534323.274:284): avc:  denied  { unmount } for  pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   45.273965][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.305363][  T553] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   45.314792][  T553] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   45.356513][   T29] audit: type=1400 audit(1753534323.344:285): avc:  denied  { cpu } for  pid=3792 comm="syz.3.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   45.387513][ T3800] loop0: detected capacity change from 0 to 512
[   45.394946][ T3800] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   45.411050][ T3800] EXT4-fs (loop0): orphan cleanup on readonly fs
[   45.419400][ T3800] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.75: Block bitmap for bg 0 marked uninitialized
[   45.441880][ T3800] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   45.453623][ T3800] EXT4-fs (loop0): 1 orphan inode deleted
[   45.459754][ T3800] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   45.505395][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.549436][ T3814] loop4: detected capacity change from 0 to 128
[   45.598190][ T3814] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   45.606152][ T3814] FAT-fs (loop4): Filesystem has been set read-only
[   45.656389][ T3814] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   45.664330][ T3814] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   45.703683][ T3821] netlink: 24 bytes leftover after parsing attributes in process `syz.4.81'.
[   45.712783][ T3821] netlink: 212 bytes leftover after parsing attributes in process `syz.4.81'.
[   45.775371][ T3825] loop0: detected capacity change from 0 to 1024
[   45.790980][ T3827] netlink: 'syz.4.81': attribute type 10 has an invalid length.
[   45.805358][ T3825] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   45.816606][ T3825] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   45.838706][ T3829] loop2: detected capacity change from 0 to 512
[   45.845766][ T3831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.83'.
[   45.846795][ T3827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.861868][ T3829] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   45.874426][ T3825] JBD2: no valid journal superblock found
[   45.880212][ T3825] EXT4-fs (loop0): Could not load journal inode
[   45.889778][ T3821] netlink: 'syz.4.81': attribute type 10 has an invalid length.
[   45.897493][ T3821] netlink: 40 bytes leftover after parsing attributes in process `syz.4.81'.
[   45.934384][ T3829] EXT4-fs (loop2): orphan cleanup on readonly fs
[   45.965776][ T3827] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   45.976170][ T3829] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.84: Block bitmap for bg 0 marked uninitialized
[   46.036948][ T3821] batadv0: entered promiscuous mode
[   46.042331][ T3821] batadv0: entered allmulticast mode
[   46.064014][ T3829] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   46.081857][ T3821] bond0: (slave batadv0): Releasing backup interface
[   46.083006][ T3829] EXT4-fs (loop2): 1 orphan inode deleted
[   46.107139][ T3829] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   46.126977][ T3821] bridge0: port 3(batadv0) entered blocking state
[   46.133604][ T3821] bridge0: port 3(batadv0) entered disabled state
[   46.140218][ T3829] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   46.162255][ T3829] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   46.189084][ T3837] siw: device registration error -23
[   46.322062][ T3794] syz.3.74 (3794) used greatest stack depth: 7160 bytes left
[   46.362183][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.393506][   T31] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   46.402910][   T31] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   46.565323][ T3870] loop3: detected capacity change from 0 to 512
[   46.585199][ T3872] loop4: detected capacity change from 0 to 512
[   46.617183][ T3870] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   46.641890][ T3872] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   46.659923][ T3870] EXT4-fs (loop3): orphan cleanup on readonly fs
[   46.670476][ T3882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.95'.
[   46.679755][ T3872] EXT4-fs (loop4): orphan cleanup on readonly fs
[   46.693467][ T3870] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.93: Block bitmap for bg 0 marked uninitialized
[   46.707081][ T3872] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.94: Block bitmap for bg 0 marked uninitialized
[   46.721429][ T3886] loop0: detected capacity change from 0 to 128
[   46.728176][ T3870] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   46.736730][ T3886] EXT4-fs: Ignoring removed nobh option
[   46.739212][ T3872] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   46.749399][ T3888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.99'.
[   46.760192][ T3870] EXT4-fs (loop3): 1 orphan inode deleted
[   46.760712][ T3870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   46.766240][ T3885] loop2: detected capacity change from 0 to 512
[   46.797464][ T3886] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   46.812773][ T3885] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   46.829070][ T3872] EXT4-fs (loop4): 1 orphan inode deleted
[   46.829702][ T3891] FAULT_INJECTION: forcing a failure.
[   46.829702][ T3891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   46.842068][ T3885] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 1285)!
[   46.848074][ T3891] CPU: 0 UID: 0 PID: 3891 Comm: syz.1.100 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   46.848129][ T3891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   46.848176][ T3891] Call Trace:
[   46.848183][ T3891]  <TASK>
[   46.848195][ T3891]  __dump_stack+0x1d/0x30
[   46.848224][ T3891]  dump_stack_lvl+0xe8/0x140
[   46.848253][ T3891]  dump_stack+0x15/0x1b
[   46.848275][ T3891]  should_fail_ex+0x265/0x280
[   46.848318][ T3891]  should_fail+0xb/0x20
[   46.848394][ T3891]  should_fail_usercopy+0x1a/0x20
[   46.848438][ T3891]  _copy_to_user+0x20/0xa0
[   46.848526][ T3891]  simple_read_from_buffer+0xb5/0x130
[   46.848567][ T3891]  proc_fail_nth_read+0x100/0x140
[   46.848613][ T3891]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   46.848732][ T3891]  vfs_read+0x1a0/0x6f0
[   46.848843][ T3891]  ? __rcu_read_unlock+0x4f/0x70
[   46.848873][ T3891]  ? __fget_files+0x184/0x1c0
[   46.848901][ T3891]  ksys_read+0xda/0x1a0
[   46.848944][ T3891]  __x64_sys_read+0x40/0x50
[   46.849045][ T3891]  x64_sys_call+0x2d77/0x2fb0
[   46.849075][ T3891]  do_syscall_64+0xd2/0x200
[   46.849154][ T3891]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.849191][ T3891]  ? clear_bhb_loop+0x40/0x90
[   46.849219][ T3891]  ? clear_bhb_loop+0x40/0x90
[   46.849249][ T3891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.849342][ T3891] RIP: 0033:0x7f5911efd3bc
[   46.849364][ T3891] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   46.849388][ T3891] RSP: 002b:00007f5910567030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   46.849412][ T3891] RAX: ffffffffffffffda RBX: 00007f5912125fa0 RCX: 00007f5911efd3bc
[   46.849429][ T3891] RDX: 000000000000000f RSI: 00007f59105670a0 RDI: 0000000000000007
[   46.849446][ T3891] RBP: 00007f5910567090 R08: 0000000000000000 R09: 0000000000000000
[   46.849541][ T3891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   46.849556][ T3891] R13: 0000000000000000 R14: 00007f5912125fa0 R15: 00007ffc0d5822f8
[   46.849584][ T3891]  </TASK>
[   46.850247][ T3872] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   46.858323][ T3885] EXT4-fs (loop2): group descriptors corrupted!
[   46.861399][ T3886] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   46.943295][ T3896] siw: device registration error -23
[   46.967128][ T3870] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[   46.977575][ T3894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.101'.
[   47.070682][ T3870] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   47.090498][ T3872] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   47.135678][ T3872] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   47.167411][ T3315] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   47.169790][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.186346][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.220508][ T3902] loop4: detected capacity change from 0 to 512
[   47.259211][ T3902] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   47.301953][ T3902] EXT4-fs (loop4): 1 truncate cleaned up
[   47.320526][ T3919] netlink: 4 bytes leftover after parsing attributes in process `syz.3.110'.
[   47.340427][ T3902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.380842][ T3919] loop3: detected capacity change from 0 to 1024
[   47.401050][ T3919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.437260][ T3928] loop0: detected capacity change from 0 to 512
[   47.470269][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.472554][ T3930] loop2: detected capacity change from 0 to 1024
[   47.495685][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.507382][ T3928] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.520866][ T3928] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   47.556107][ T3930] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   47.567088][ T3930] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   47.678630][ T3941] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   47.686174][ T3941] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   47.706509][ T3930] JBD2: no valid journal superblock found
[   47.712302][ T3930] EXT4-fs (loop2): Could not load journal inode
[   47.733564][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.744033][ T3938] loop4: detected capacity change from 0 to 1024
[   47.764136][ T3938] EXT4-fs: Ignoring removed orlov option
[   47.815634][ T3938] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.865163][ T3938] lo speed is unknown, defaulting to 1000
[   47.894713][ T3952] loop0: detected capacity change from 0 to 512
[   47.914876][ T3952] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   47.926531][ T3952] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 1285)!
[   47.936951][ T3952] EXT4-fs (loop0): group descriptors corrupted!
[   48.562524][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.718664][ T3912] syz.2.108 (3912) used greatest stack depth: 7000 bytes left
[   48.734642][ T3968] loop4: detected capacity change from 0 to 512
[   48.744488][ T3968] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   48.756238][ T3968] EXT4-fs (loop4): orphan cleanup on readonly fs
[   48.771166][ T3968] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.124: Block bitmap for bg 0 marked uninitialized
[   48.798751][ T3970] loop2: detected capacity change from 0 to 1024
[   48.807914][ T3968] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   48.825456][ T3975] loop0: detected capacity change from 0 to 512
[   48.832646][ T3968] EXT4-fs (loop4): 1 orphan inode deleted
[   48.840808][ T3968] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   48.843342][ T3970] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.875395][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.888481][ T3975] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   48.926199][ T3975] EXT4-fs (loop0): orphan cleanup on readonly fs
[   48.937815][ T3982] netlink: 'syz.4.129': attribute type 10 has an invalid length.
[   48.951296][ T3975] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.127: Block bitmap for bg 0 marked uninitialized
[   48.977167][ T3982] batadv0: left allmulticast mode
[   48.982361][ T3982] batadv0: left promiscuous mode
[   48.987556][ T3982] bridge0: port 3(batadv0) entered disabled state
[   49.003114][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.015919][ T3975] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   49.116451][ T3975] EXT4-fs (loop0): 1 orphan inode deleted
[   49.123635][ T3982] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.131829][ T3982] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   49.140843][ T3975] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   49.157610][ T3975] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   49.180052][ T3986] pim6reg: entered allmulticast mode
[   49.191752][ T3986] pim6reg: left allmulticast mode
[   49.198541][ T3975] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   49.217621][ T3988] loop4: detected capacity change from 0 to 512
[   49.237048][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.255199][ T3988] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   49.281402][ T3988] EXT4-fs (loop4): 1 truncate cleaned up
[   49.289175][ T3988] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.329015][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.379524][ T3997] loop4: detected capacity change from 0 to 1024
[   49.468696][ T4000] lo speed is unknown, defaulting to 1000
[   49.514283][ T4000] loop2: detected capacity change from 0 to 512
[   49.550428][ T4000] EXT4-fs (loop2): too many log groups per flexible block group
[   49.558214][ T4000] EXT4-fs (loop2): failed to initialize mballoc (-12)
[   49.565127][ T4000] EXT4-fs (loop2): mount failed
[   49.606371][ T4005] lo speed is unknown, defaulting to 1000
[   49.661577][ T3997] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.745679][   T29] kauditd_printk_skb: 57 callbacks suppressed
[   49.745769][   T29] audit: type=1400 audit(1753534327.754:343): avc:  denied  { create } for  pid=3996 comm="syz.4.134" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1
[   50.243906][ T4021] loop3: detected capacity change from 0 to 1024
[   50.281737][ T4021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.309290][ T4025] loop0: detected capacity change from 0 to 512
[   50.337829][ T4025] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   50.357732][ T4025] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 1285)!
[   50.368091][ T4025] EXT4-fs (loop0): group descriptors corrupted!
[   50.426687][ T4031] loop2: detected capacity change from 0 to 128
[   50.433555][ T4031] EXT4-fs: Ignoring removed nobh option
[   50.445371][   T29] audit: type=1326 audit(1753534328.454:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.446393][ T4031] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   50.468675][   T29] audit: type=1326 audit(1753534328.454:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.504026][   T29] audit: type=1326 audit(1753534328.454:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.508549][ T4031] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   50.545568][   T29] audit: type=1326 audit(1753534328.494:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.568831][   T29] audit: type=1326 audit(1753534328.514:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.592153][   T29] audit: type=1326 audit(1753534328.514:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.617553][   T29] audit: type=1326 audit(1753534328.554:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.640796][   T29] audit: type=1326 audit(1753534328.554:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.664154][   T29] audit: type=1326 audit(1753534328.554:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4024 comm="syz.0.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faadea1e9a9 code=0x7ffc0000
[   50.725567][ T3319] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   50.761091][ T4038] netlink: 'syz.2.141': attribute type 10 has an invalid length.
[   50.780322][ T4038] batadv0: left allmulticast mode
[   50.785606][ T4038] batadv0: left promiscuous mode
[   50.790709][ T4038] bridge0: port 3(batadv0) entered disabled state
[   50.814558][ T4038] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.831185][ T4038] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   50.853683][ T4041] loop0: detected capacity change from 0 to 128
[   50.872208][ T4041] __nla_validate_parse: 2 callbacks suppressed
[   50.872226][ T4041] netlink: 24 bytes leftover after parsing attributes in process `syz.0.142'.
[   50.887681][ T4041] netlink: 212 bytes leftover after parsing attributes in process `syz.0.142'.
[   50.904214][ T4041] netlink: 'syz.0.142': attribute type 10 has an invalid length.
[   50.912743][ T4041] batadv0: left allmulticast mode
[   50.917996][ T4041] batadv0: left promiscuous mode
[   50.923368][ T4041] bridge0: port 3(batadv0) entered disabled state
[   50.932997][ T4041] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.942562][ T4041] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   50.955464][ T4041] netlink: 'syz.0.142': attribute type 10 has an invalid length.
[   50.963312][ T4041] netlink: 40 bytes leftover after parsing attributes in process `syz.0.142'.
[   50.972723][ T4041] batadv0: entered promiscuous mode
[   50.977986][ T4041] batadv0: entered allmulticast mode
[   50.987787][ T4041] bond0: (slave batadv0): Releasing backup interface
[   50.996757][ T4041] bridge0: port 3(batadv0) entered blocking state
[   51.003281][ T4041] bridge0: port 3(batadv0) entered disabled state
[   51.011281][ T4044] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   51.021581][ T4044] loop2: detected capacity change from 0 to 512
[   51.028718][ T4044] journal_path: Lookup failure for './file0/../file0'
[   51.035715][ T4044] EXT4-fs: error: could not find journal device path
[   51.072800][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.120492][ T4049] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.127812][ T4049] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.152582][ T4049] bridge0: entered allmulticast mode
[   51.163525][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.232560][ T4049] bridge0: port 3(batadv0) entered disabled state
[   51.260400][ T4049] bridge_slave_1: left allmulticast mode
[   51.266247][ T4049] bridge_slave_1: left promiscuous mode
[   51.272009][ T4049] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.304247][ T4049] bridge_slave_0: left allmulticast mode
[   51.309970][ T4049] bridge_slave_0: left promiscuous mode
[   51.315823][ T4049] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.544343][ T4064] loop3: detected capacity change from 0 to 764
[   51.555245][ T4064] rock: directory entry would overflow storage
[   51.561472][ T4064] rock: sig=0x4654, size=5, remaining=4
[   51.732209][ T4070] loop2: detected capacity change from 0 to 1024
[   51.746826][ T4070] EXT4-fs: Ignoring removed orlov option
[   51.764521][ T4070] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.893304][ T3315] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   51.904302][ T3315] CPU: 1 UID: 0 PID: 3315 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   51.904336][ T3315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   51.904350][ T3315] Call Trace:
[   51.904358][ T3315]  <TASK>
[   51.904367][ T3315]  __dump_stack+0x1d/0x30
[   51.904392][ T3315]  dump_stack_lvl+0xe8/0x140
[   51.904481][ T3315]  dump_stack+0x15/0x1b
[   51.904502][ T3315]  dump_header+0x81/0x220
[   51.904542][ T3315]  oom_kill_process+0x334/0x3f0
[   51.904577][ T3315]  out_of_memory+0x979/0xb80
[   51.904669][ T3315]  try_charge_memcg+0x5e6/0x9e0
[   51.904720][ T3315]  charge_memcg+0x51/0xc0
[   51.904834][ T3315]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   51.904890][ T3315]  __read_swap_cache_async+0x1df/0x350
[   51.904930][ T3315]  swap_cluster_readahead+0x277/0x3e0
[   51.905005][ T3315]  swapin_readahead+0xde/0x6f0
[   51.905078][ T3315]  ? __filemap_get_folio+0x4f7/0x6b0
[   51.905115][ T3315]  ? next_uptodate_folio+0x81c/0x890
[   51.905147][ T3315]  ? bpf_snprintf_btf+0x58/0x150
[   51.905237][ T3315]  ? swap_cache_get_folio+0x77/0x200
[   51.905267][ T3315]  do_swap_page+0x301/0x2430
[   51.905286][ T3315]  ? finish_task_switch+0xad/0x2b0
[   51.905310][ T3315]  ? __pfx_default_wake_function+0x10/0x10
[   51.905336][ T3315]  handle_mm_fault+0x9a5/0x2be0
[   51.905434][ T3315]  ? mas_walk+0xf2/0x120
[   51.905470][ T3315]  do_user_addr_fault+0x636/0x1090
[   51.905502][ T3315]  ? fpregs_restore_userregs+0xe2/0x1d0
[   51.905574][ T3315]  exc_page_fault+0x62/0xa0
[   51.905604][ T3315]  asm_exc_page_fault+0x26/0x30
[   51.905624][ T3315] RIP: 0033:0x7faadea51225
[   51.905659][ T3315] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 63 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[   51.905678][ T3315] RSP: 002b:00007ffef46b03c8 EFLAGS: 00010246
[   51.905773][ T3315] RAX: 0000000000000000 RBX: 0000000000000051 RCX: 00007faadea51223
[   51.905787][ T3315] RDX: 00007ffef46b03e0 RSI: 0000000000000000 RDI: 0000000000000000
[   51.905801][ T3315] RBP: 00007ffef46b044c R08: 00000000305948c8 R09: 0000000000000000
[   51.905815][ T3315] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[   51.905881][ T3315] R13: 00000000000927c0 R14: 000000000000c804 R15: 00007ffef46b04a0
[   51.905904][ T3315]  </TASK>
[   51.905912][ T3315] memory: usage 307200kB, limit 307200kB, failcnt 184
[   52.140853][ T3315] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0
[   52.148800][ T3315] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0
[   52.156171][ T3315] Memory cgroup stats for /syz0:
[   52.160132][ T3315] cache 0
[   52.168210][ T3315] rss 0
[   52.170994][ T3315] shmem 0
[   52.173974][ T3315] mapped_file 0
[   52.177473][ T3315] dirty 0
[   52.180433][ T3315] writeback 8192
[   52.184210][ T3315] workingset_refault_anon 6
[   52.188722][ T3315] workingset_refault_file 281
[   52.193444][ T3315] swap 196608
[   52.196747][ T3315] swapcached 12288
[   52.200479][ T3315] pgpgin 25431
[   52.203909][ T3315] pgpgout 25427
[   52.207397][ T3315] pgfault 26926
[   52.210887][ T3315] pgmajfault 20
[   52.214454][ T3315] inactive_anon 8192
[   52.218371][ T3315] active_anon 4096
[   52.222110][ T3315] inactive_file 0
[   52.225791][ T3315] active_file 4096
[   52.229593][ T3315] unevictable 0
[   52.233109][ T3315] hierarchical_memory_limit 314572800
[   52.238703][ T3315] hierarchical_memsw_limit 9223372036854771712
[   52.244972][ T3315] total_cache 0
[   52.248457][ T3315] total_rss 0
[   52.251769][ T3315] total_shmem 0
[   52.255414][ T3315] total_mapped_file 0
[   52.259435][ T3315] total_dirty 0
[   52.263923][ T3315] total_writeback 8192
[   52.268021][ T3315] total_workingset_refault_anon 6
[   52.273671][ T3315] total_workingset_refault_file 281
[   52.278945][ T3315] total_swap 196608
[   52.282848][ T3315] total_swapcached 12288
[   52.287160][ T3315] total_pgpgin 25431
[   52.291078][ T3315] total_pgpgout 25427
[   52.295148][ T3315] total_pgfault 26926
[   52.299141][ T3315] total_pgmajfault 20
[   52.303173][ T3315] total_inactive_anon 8192
[   52.307616][ T3315] total_active_anon 4096
[   52.311885][ T3315] total_inactive_file 0
[   52.316103][ T3315] total_active_file 4096
[   52.320394][ T3315] total_unevictable 0
[   52.324415][ T3315] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.144,pid=4045,uid=0
[   52.339101][ T3315] Memory cgroup out of memory: Killed process 4045 (syz.0.144) total-vm:95940kB, anon-rss:1024kB, file-rss:22320kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[   52.447426][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.501474][ T4081] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   52.514145][ T4081] loop4: detected capacity change from 0 to 512
[   52.527845][ T4081] journal_path: Lookup failure for './file0/../file0'
[   52.534746][ T4081] EXT4-fs: error: could not find journal device path
[   52.605604][ T4085] loop2: detected capacity change from 0 to 1024
[   52.878929][ T4098] serio: Serial port ttyS3
[   53.016089][ T4101] netlink: 16 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[   53.044882][ T4104] loop0: detected capacity change from 0 to 512
[   53.052008][ T4104] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   53.063415][ T4104] EXT4-fs (loop0): 1 truncate cleaned up
[   53.106811][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.114472][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.121965][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.129451][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.136997][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.144434][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.151931][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.159500][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.167102][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.174680][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.182105][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.189570][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.197161][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.204635][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.212051][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.216800][ T4111] FAULT_INJECTION: forcing a failure.
[   53.216800][ T4111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   53.219541][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.232595][ T4111] CPU: 1 UID: 0 PID: 4111 Comm: syz.4.163 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   53.232634][ T4111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.232652][ T4111] Call Trace:
[   53.232661][ T4111]  <TASK>
[   53.232674][ T4111]  __dump_stack+0x1d/0x30
[   53.232763][ T4111]  dump_stack_lvl+0xe8/0x140
[   53.232790][ T4111]  dump_stack+0x15/0x1b
[   53.232812][ T4111]  should_fail_ex+0x265/0x280
[   53.232854][ T4111]  should_fail+0xb/0x20
[   53.232890][ T4111]  should_fail_usercopy+0x1a/0x20
[   53.232934][ T4111]  fpu__restore_sig+0x12d/0xaa0
[   53.232976][ T4111]  ? should_fail_ex+0xdb/0x280
[   53.233027][ T4111]  __ia32_sys_rt_sigreturn+0x29f/0x350
[   53.233116][ T4111]  x64_sys_call+0x2e8a/0x2fb0
[   53.233146][ T4111]  do_syscall_64+0xd2/0x200
[   53.233172][ T4111]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.233239][ T4111]  ? clear_bhb_loop+0x40/0x90
[   53.233269][ T4111]  ? clear_bhb_loop+0x40/0x90
[   53.233298][ T4111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.233328][ T4111] RIP: 0033:0x7f33a52ce9a7
[   53.233348][ T4111] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   53.233439][ T4111] RSP: 002b:00007f33a3937038 EFLAGS: 00000246
[   53.233460][ T4111] RAX: 0000000000000000 RBX: 00007f33a54f5fa0 RCX: 00007f33a52ce9a9
[   53.233477][ T4111] RDX: 0000000000018fdc RSI: 0000200000032440 RDI: 0000000000000003
[   53.233494][ T4111] RBP: 00007f33a3937090 R08: 0000000000000000 R09: 0000000000000000
[   53.233509][ T4111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.233525][ T4111] R13: 0000000000000000 R14: 00007f33a54f5fa0 R15: 00007ffe3357e698
[   53.233625][ T4111]  </TASK>
[   53.415628][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415660][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415688][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415715][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415739][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415789][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415812][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.415846][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.475218][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.475328][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.475351][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.497568][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.504993][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.512492][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.519906][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.527349][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.534771][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.542184][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.549909][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.557569][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.565041][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.572465][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.579876][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.587293][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.594733][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.602191][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.609707][   T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   53.619198][   T10] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   53.700618][ T4116] fido_id[4116]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   53.720508][ T4124] capability: warning: `syz.1.168' uses deprecated v2 capabilities in a way that may be insecure
[   53.737276][ T4120] loop3: detected capacity change from 0 to 512
[   53.748613][ T4122] loop0: detected capacity change from 0 to 512
[   53.762297][ T4120] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   53.762648][ T4126] loop2: detected capacity change from 0 to 128
[   53.782561][ T4122] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   53.797520][ T4126] EXT4-fs: Ignoring removed nobh option
[   53.812736][ T4120] EXT4-fs (loop3): orphan cleanup on readonly fs
[   53.813652][ T4126] ext4 filesystem being mounted at /31/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   53.832354][ T4120] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.166: Block bitmap for bg 0 marked uninitialized
[   53.851710][ T4122] EXT4-fs (loop0): 1 truncate cleaned up
[   53.865079][ T4120] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   53.878922][ T4120] EXT4-fs (loop3): 1 orphan inode deleted
[   53.895294][ T4133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.170'.
[   53.910855][ T4120] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[   53.927338][ T4120] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   53.964525][ T4137] FAULT_INJECTION: forcing a failure.
[   53.964525][ T4137] name failslab, interval 1, probability 0, space 0, times 0
[   53.977291][ T4137] CPU: 0 UID: 0 PID: 4137 Comm: syz.2.171 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   53.977324][ T4137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.977339][ T4137] Call Trace:
[   53.977347][ T4137]  <TASK>
[   53.977379][ T4137]  __dump_stack+0x1d/0x30
[   53.977406][ T4137]  dump_stack_lvl+0xe8/0x140
[   53.977477][ T4137]  dump_stack+0x15/0x1b
[   53.977499][ T4137]  should_fail_ex+0x265/0x280
[   53.977533][ T4137]  should_failslab+0x8c/0xb0
[   53.977559][ T4137]  __kmalloc_noprof+0xa5/0x3e0
[   53.977662][ T4137]  ? ipv6_flowlabel_opt+0x747/0x1230
[   53.977698][ T4137]  ipv6_flowlabel_opt+0x747/0x1230
[   53.977745][ T4137]  do_ipv6_setsockopt+0xc92/0x22e0
[   53.977819][ T4137]  ? kstrtoull+0x111/0x140
[   53.977847][ T4137]  ? avc_has_perm_noaudit+0x1b1/0x200
[   53.977875][ T4137]  ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0
[   53.977928][ T4137]  ipv6_setsockopt+0x59/0x130
[   53.978009][ T4137]  udpv6_setsockopt+0x99/0xb0
[   53.978034][ T4137]  sock_common_setsockopt+0x66/0x80
[   53.978066][ T4137]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   53.978154][ T4137]  __sys_setsockopt+0x181/0x200
[   53.978190][ T4137]  __x64_sys_setsockopt+0x64/0x80
[   53.978231][ T4137]  x64_sys_call+0x2bd5/0x2fb0
[   53.978258][ T4137]  do_syscall_64+0xd2/0x200
[   53.978280][ T4137]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.978370][ T4137]  ? clear_bhb_loop+0x40/0x90
[   53.978411][ T4137]  ? clear_bhb_loop+0x40/0x90
[   53.978431][ T4137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.978552][ T4137] RIP: 0033:0x7f6bfaa1e9a9
[   53.978567][ T4137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.978589][ T4137] RSP: 002b:00007f6bf9087038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   53.978612][ T4137] RAX: ffffffffffffffda RBX: 00007f6bfac45fa0 RCX: 00007f6bfaa1e9a9
[   53.978628][ T4137] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000006
[   53.978709][ T4137] RBP: 00007f6bf9087090 R08: 0000000000000021 R09: 0000000000000000
[   53.978724][ T4137] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[   53.978740][ T4137] R13: 0000000000000000 R14: 00007f6bfac45fa0 R15: 00007fff3010e1e8
[   53.978764][ T4137]  </TASK>
[   54.240220][ T4146] loop2: detected capacity change from 0 to 1024
[   54.301664][ T4152] loop0: detected capacity change from 0 to 512
[   54.309529][ T4152] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   54.321295][ T4152] EXT4-fs (loop0): orphan cleanup on readonly fs
[   54.336054][ T4152] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.179: Block bitmap for bg 0 marked uninitialized
[   54.362484][ T4152] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   54.384574][ T4162] FAULT_INJECTION: forcing a failure.
[   54.384574][ T4162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.397750][ T4162] CPU: 0 UID: 0 PID: 4162 Comm: syz.1.181 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   54.397779][ T4162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   54.397846][ T4162] Call Trace:
[   54.397853][ T4162]  <TASK>
[   54.397861][ T4162]  __dump_stack+0x1d/0x30
[   54.397884][ T4162]  dump_stack_lvl+0xe8/0x140
[   54.397942][ T4162]  dump_stack+0x15/0x1b
[   54.397959][ T4162]  should_fail_ex+0x265/0x280
[   54.397993][ T4162]  should_fail+0xb/0x20
[   54.398032][ T4162]  should_fail_usercopy+0x1a/0x20
[   54.398101][ T4162]  _copy_from_user+0x1c/0xb0
[   54.398204][ T4162]  __sys_bpf+0x178/0x790
[   54.398242][ T4162]  __x64_sys_bpf+0x41/0x50
[   54.398270][ T4162]  x64_sys_call+0x2478/0x2fb0
[   54.398293][ T4162]  do_syscall_64+0xd2/0x200
[   54.398376][ T4162]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.398406][ T4162]  ? clear_bhb_loop+0x40/0x90
[   54.398488][ T4162]  ? clear_bhb_loop+0x40/0x90
[   54.398554][ T4162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.398576][ T4162] RIP: 0033:0x7f5911efe9a9
[   54.398592][ T4162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.398610][ T4162] RSP: 002b:00007f5910567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   54.398701][ T4162] RAX: ffffffffffffffda RBX: 00007f5912125fa0 RCX: 00007f5911efe9a9
[   54.398713][ T4162] RDX: 0000000000000048 RSI: 00002000000009c0 RDI: 0000000000000000
[   54.398726][ T4162] RBP: 00007f5910567090 R08: 0000000000000000 R09: 0000000000000000
[   54.398738][ T4162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.398749][ T4162] R13: 0000000000000000 R14: 00007f5912125fa0 R15: 00007ffc0d5822f8
[   54.398768][ T4162]  </TASK>
[   54.609421][ T4152] EXT4-fs (loop0): 1 orphan inode deleted
[   54.632462][ T4152] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   54.645567][ T4152] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   54.708772][ T4172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   54.722897][ T4172] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   54.830587][   T29] kauditd_printk_skb: 47 callbacks suppressed
[   54.830605][   T29] audit: type=1326 audit(1753536910.840:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911efe9a9 code=0x7ffc0000
[   54.862300][ T4184] FAULT_INJECTION: forcing a failure.
[   54.862300][ T4184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.875605][ T4184] CPU: 1 UID: 0 PID: 4184 Comm: syz.1.188 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   54.875631][ T4184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   54.875646][ T4184] Call Trace:
[   54.875653][ T4184]  <TASK>
[   54.875662][ T4184]  __dump_stack+0x1d/0x30
[   54.875755][ T4184]  dump_stack_lvl+0xe8/0x140
[   54.875776][ T4184]  dump_stack+0x15/0x1b
[   54.875796][ T4184]  should_fail_ex+0x265/0x280
[   54.875833][ T4184]  should_fail+0xb/0x20
[   54.875864][ T4184]  should_fail_usercopy+0x1a/0x20
[   54.875937][ T4184]  strncpy_from_user+0x25/0x230
[   54.875966][ T4184]  ? vsnprintf+0x829/0x890
[   54.875995][ T4184]  strncpy_from_user_nofault+0x68/0xf0
[   54.876046][ T4184]  bpf_probe_read_user_str+0x2a/0x70
[   54.876118][ T4184]  bpf_prog_b1bc9f7c1f89903c+0x41/0x47
[   54.876138][ T4184]  bpf_trace_run3+0x10c/0x1d0
[   54.876172][ T4184]  ? audit_log_end+0x1d7/0x1f0
[   54.876213][ T4184]  ? audit_log_end+0x1d7/0x1f0
[   54.876249][ T4184]  kmem_cache_free+0x257/0x300
[   54.876319][ T4184]  audit_log_end+0x1d7/0x1f0
[   54.876367][ T4184]  audit_seccomp+0xdc/0x100
[   54.876416][ T4184]  __seccomp_filter+0x69d/0x10d0
[   54.876440][ T4184]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   54.876479][ T4184]  ? vfs_write+0x75e/0x8e0
[   54.876526][ T4184]  ? __rcu_read_unlock+0x4f/0x70
[   54.876550][ T4184]  ? __fget_files+0x184/0x1c0
[   54.876579][ T4184]  __secure_computing+0x82/0x150
[   54.876604][ T4184]  syscall_trace_enter+0xcf/0x1e0
[   54.876629][ T4184]  do_syscall_64+0xac/0x200
[   54.876646][ T4184]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.876733][ T4184]  ? clear_bhb_loop+0x40/0x90
[   54.876761][ T4184]  ? clear_bhb_loop+0x40/0x90
[   54.876797][ T4184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.876816][ T4184] RIP: 0033:0x7f5911efe9a9
[   54.876833][ T4184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.876855][ T4184] RSP: 002b:00007f5910567038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7
[   54.876876][ T4184] RAX: ffffffffffffffda RBX: 00007f5912125fa0 RCX: 00007f5911efe9a9
[   54.876888][ T4184] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffffffffffff
[   54.876899][ T4184] RBP: 00007f5910567090 R08: 0000000000000000 R09: 0000000000000000
[   54.876948][ T4184] R10: 0000000000001300 R11: 0000000000000246 R12: 0000000000000001
[   54.876959][ T4184] R13: 0000000000000000 R14: 00007f5912125fa0 R15: 00007ffc0d5822f8
[   54.876977][ T4184]  </TASK>
[   54.880823][   T29] audit: type=1326 audit(1753536910.840:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5911efe9a9 code=0x7ffc0000
[   55.152087][   T29] audit: type=1326 audit(1753536910.840:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911efe9a9 code=0x7ffc0000
[   55.175412][   T29] audit: type=1326 audit(1753536910.840:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5911efe9a9 code=0x7ffc0000
[   55.198676][   T29] audit: type=1326 audit(1753536910.870:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5911efe9a9 code=0x7ffc0000
[   55.222887][   T29] audit: type=1326 audit(1753536910.870:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5911efd310 code=0x7ffc0000
[   55.246226][   T29] audit: type=1326 audit(1753536910.870:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5911efd45f code=0x7ffc0000
[   55.269308][   T29] audit: type=1326 audit(1753536910.870:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f5911efe9a9 code=0x7ffc0000
[   55.292616][   T29] audit: type=1326 audit(1753536910.890:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f5911efd3bc code=0x7ffc0000
[   55.293122][ T3312] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   55.315701][   T29] audit: type=1326 audit(1753536910.890:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.1.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5911efd45f code=0x7ffc0000
[   55.349795][ T3312] CPU: 1 UID: 0 PID: 3312 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   55.349828][ T3312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.349842][ T3312] Call Trace:
[   55.349849][ T3312]  <TASK>
[   55.349856][ T3312]  __dump_stack+0x1d/0x30
[   55.349909][ T3312]  dump_stack_lvl+0xe8/0x140
[   55.349930][ T3312]  dump_stack+0x15/0x1b
[   55.349948][ T3312]  dump_header+0x81/0x220
[   55.350010][ T3312]  oom_kill_process+0x334/0x3f0
[   55.350043][ T3312]  out_of_memory+0x979/0xb80
[   55.350076][ T3312]  try_charge_memcg+0x5e6/0x9e0
[   55.350143][ T3312]  charge_memcg+0x51/0xc0
[   55.350200][ T3312]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   55.350240][ T3312]  __read_swap_cache_async+0x1df/0x350
[   55.350332][ T3312]  swap_cluster_readahead+0x277/0x3e0
[   55.350372][ T3312]  swapin_readahead+0xde/0x6f0
[   55.350403][ T3312]  ? __filemap_get_folio+0x4f7/0x6b0
[   55.350477][ T3312]  ? swap_cache_get_folio+0x77/0x200
[   55.350510][ T3312]  do_swap_page+0x301/0x2430
[   55.350532][ T3312]  ? finish_task_switch+0xad/0x2b0
[   55.350560][ T3312]  ? __pfx_default_wake_function+0x10/0x10
[   55.350585][ T3312]  handle_mm_fault+0x9a5/0x2be0
[   55.350605][ T3312]  ? mas_walk+0xf2/0x120
[   55.350641][ T3312]  do_user_addr_fault+0x636/0x1090
[   55.350747][ T3312]  ? fpregs_restore_userregs+0xe2/0x1d0
[   55.350781][ T3312]  exc_page_fault+0x62/0xa0
[   55.350812][ T3312]  asm_exc_page_fault+0x26/0x30
[   55.350880][ T3312] RIP: 0033:0x7f33a5301225
[   55.350897][ T3312] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 63 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[   55.350916][ T3312] RSP: 002b:00007ffe3357e9d8 EFLAGS: 00010246
[   55.350933][ T3312] RAX: 0000000000000000 RBX: 0000000000000062 RCX: 00007f33a5301223
[   55.350946][ T3312] RDX: 00007ffe3357e9f0 RSI: 0000000000000000 RDI: 0000000000000000
[   55.350959][ T3312] RBP: 00007ffe3357ea5c R08: 000000000efee479 R09: 0000000000000000
[   55.351017][ T3312] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[   55.351030][ T3312] R13: 00000000000927c0 R14: 000000000000d788 R15: 00007ffe3357eab0
[   55.351051][ T3312]  </TASK>
[   55.351058][ T3312] memory: usage 307200kB, limit 307200kB, failcnt 244
[   55.532667][ T4195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.192'.
[   55.532897][ T3312] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0
[   55.568284][ T4195] loop0: detected capacity change from 0 to 1024
[   55.575000][ T3312] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[   55.575019][ T3312] Memory cgroup stats for /syz4:
[   55.579040][ T3312] cache 0
[   55.613731][ T3312] rss 0
[   55.613741][ T3312] shmem 0
[   55.613750][ T3312] mapped_file 0
[   55.613757][ T3312] dirty 0
[   55.613765][ T3312] writeback 0
[   55.613773][ T3312] workingset_refault_anon 50
[   55.613808][ T3312] workingset_refault_file 128
[   55.613816][ T3312] swap 200704
[   55.613860][ T3312] swapcached 0
[   55.613867][ T3312] pgpgin 11803
[   55.613873][ T3312] pgpgout 11800
[   55.613879][ T3312] pgfault 13378
[   55.613884][ T3312] pgmajfault 43
[   55.613890][ T3312] inactive_anon 0
[   55.613897][ T3312] active_anon 0
[   55.613903][ T3312] inactive_file 12288
[   55.613909][ T3312] active_file 0
[   55.613915][ T3312] unevictable 0
[   55.613922][ T3312] hierarchical_memory_limit 314572800
[   55.613932][ T3312] hierarchical_memsw_limit 9223372036854771712
[   55.614011][ T3312] total_cache 0
[   55.614020][ T3312] total_rss 0
[   55.614028][ T3312] total_shmem 0
[   55.614039][ T3312] total_mapped_file 0
[   55.614048][ T3312] total_dirty 0
[   55.614057][ T3312] total_writeback 0
[   55.614065][ T3312] total_workingset_refault_anon 50
[   55.614072][ T3312] total_workingset_refault_file 128
[   55.614080][ T3312] total_swap 200704
[   55.614086][ T3312] total_swapcached 0
[   55.614093][ T3312] total_pgpgin 11803
[   55.614099][ T3312] total_pgpgout 11800
[   55.614171][ T3312] total_pgfault 13378
[   55.614195][ T3312] total_pgmajfault 43
[   55.614204][ T3312] total_inactive_anon 0
[   55.614214][ T3312] total_active_anon 0
[   55.614223][ T3312] total_inactive_file 12288
[   55.614232][ T3312] total_active_file 0
[   55.614242][ T3312] total_unevictable 0
[   55.614251][ T3312] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.178,pid=4149,uid=0
[   55.614445][ T3312] Memory cgroup out of memory: Killed process 4149 (syz.4.178) total-vm:95808kB, anon-rss:1072kB, file-rss:22488kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   55.680625][ T4201] loop0: detected capacity change from 0 to 128
[   55.862599][ T4201] EXT4-fs: Ignoring removed nobh option
[   55.872538][ T4203] loop2: detected capacity change from 0 to 512
[   55.895898][ T4201] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   55.909918][ T4203] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   55.957221][ T4203] EXT4-fs (loop2): orphan cleanup on readonly fs
[   56.008974][ T4203] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.194: Block bitmap for bg 0 marked uninitialized
[   56.023839][ T4203] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   56.035796][ T4203] EXT4-fs (loop2): 1 orphan inode deleted
[   56.107435][ T4151] syz.4.178 (4151) used greatest stack depth: 6952 bytes left
[   56.115483][ T4217] loop0: detected capacity change from 0 to 512
[   56.125274][ T4217] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   56.143528][ T4217] EXT4-fs (loop0): 1 truncate cleaned up
[   56.177653][ T4226] netlink: 'syz.4.200': attribute type 12 has an invalid length.
[   56.185494][ T4226] netlink: 'syz.4.200': attribute type 29 has an invalid length.
[   56.193358][ T4226] netlink: 148 bytes leftover after parsing attributes in process `syz.4.200'.
[   56.220750][ T4228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.201'.
[   56.317054][ T4240] netlink: 'syz.1.205': attribute type 10 has an invalid length.
[   56.347014][ T4243] loop4: detected capacity change from 0 to 512
[   56.365523][ T4243] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   56.377094][ T4245] netlink: 24 bytes leftover after parsing attributes in process `syz.1.207'.
[   56.396037][ T4243] EXT4-fs (loop4): orphan cleanup on readonly fs
[   56.407524][ T4243] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.206: Block bitmap for bg 0 marked uninitialized
[   56.423247][ T4245] netlink: 4 bytes leftover after parsing attributes in process `syz.1.207'.
[   56.432574][ T4243] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   56.445842][ T4243] EXT4-fs (loop4): 1 orphan inode deleted
[   56.470332][ T4248] lo speed is unknown, defaulting to 1000
[   56.479407][ T4243] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   56.499596][ T4243] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   56.516526][ T4220] loop3: detected capacity change from 0 to 512
[   56.521172][ T4243] siw: device registration error -23
[   56.523730][ T4220] journal_path: Lookup failure for './file0/../file0'
[   56.535175][ T4220] EXT4-fs: error: could not find journal device path
[   56.552453][ T4250] netlink: 104 bytes leftover after parsing attributes in process `syz.1.208'.
[   56.980946][ T4261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.211'.
[   57.007351][ T4261] bridge0: entered promiscuous mode
[   57.025860][ T4261] bridge0: port 3(macvlan2) entered blocking state
[   57.032515][ T4261] bridge0: port 3(macvlan2) entered disabled state
[   57.076456][ T4261] macvlan2: entered allmulticast mode
[   57.081971][ T4261] bridge0: entered allmulticast mode
[   57.104015][ T4261] macvlan2: left allmulticast mode
[   57.109245][ T4261] bridge0: left allmulticast mode
[   57.148648][ T4261] bridge0: left promiscuous mode
[   57.197943][ T4265] loop3: detected capacity change from 0 to 512
[   57.217447][ T4265] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   57.257910][ T4265] EXT4-fs (loop3): 1 truncate cleaned up
[   57.401520][ T4277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'.
[   57.559085][ T4284] netlink: 'syz.3.217': attribute type 10 has an invalid length.
[   57.592526][ T4284] batadv0: left promiscuous mode
[   57.597633][ T4284] batadv0: left allmulticast mode
[   57.625928][ T4284] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.651383][ T4284] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   57.720463][ T4254] syz.4.209 (4254) used greatest stack depth: 6880 bytes left
[   57.873168][ T4311] loop4: detected capacity change from 0 to 164
[   57.892338][ T4311] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   57.914652][ T4311] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   57.932851][ T4311] Symlink component flag not implemented
[   57.938733][ T4311] Symlink component flag not implemented
[   57.950490][ T4311] Symlink component flag not implemented (7)
[   57.956537][ T4311] Symlink component flag not implemented (116)
[   57.970725][ T4313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.228'.
[   58.003050][ T4313] bridge_slave_1: left allmulticast mode
[   58.008854][ T4313] bridge_slave_1: left promiscuous mode
[   58.014686][ T4313] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.023191][ T4317] netlink: 'syz.0.230': attribute type 10 has an invalid length.
[   58.031711][ T4315] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5986 sclass=netlink_route_socket pid=4315 comm=syz.1.229
[   58.047782][ T4313] bridge_slave_0: left allmulticast mode
[   58.053552][ T4313] bridge_slave_0: left promiscuous mode
[   58.059272][ T4313] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.098442][ T4324] netlink: 316 bytes leftover after parsing attributes in process `syz.1.233'.
[   58.151863][ T4317] batadv0: left allmulticast mode
[   58.157045][ T4317] batadv0: left promiscuous mode
[   58.162409][ T4317] bridge0: port 3(batadv0) entered disabled state
[   58.171402][ T4328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   58.180917][ T4328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   58.194517][ T4317] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.207467][ T4317] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   58.298976][ T4338] loop0: detected capacity change from 0 to 256
[   58.363449][ T4340] lo speed is unknown, defaulting to 1000
[   58.372687][ T4342] loop0: detected capacity change from 0 to 128
[   58.393945][ T4342] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   58.401848][ T4342] FAT-fs (loop0): Filesystem has been set read-only
[   58.413164][ T4342] bio_check_eod: 25752 callbacks suppressed
[   58.413180][ T4342] syz.0.240: attempt to access beyond end of device
[   58.413180][ T4342] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   58.451581][ T4342] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   58.459516][ T4342] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   58.468815][ T4342] syz.0.240: attempt to access beyond end of device
[   58.468815][ T4342] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[   58.482008][ T4342] buffer_io_error: 25750 callbacks suppressed
[   58.482019][ T4342] Buffer I/O error on dev loop0, logical block 2065, async page read
[   58.501740][ T4345] netlink: 24 bytes leftover after parsing attributes in process `syz.0.240'.
[   58.511457][ T4342] syz.0.240: attempt to access beyond end of device
[   58.511457][ T4342] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[   58.524819][ T4342] Buffer I/O error on dev loop0, logical block 2066, async page read
[   58.534791][ T4342] syz.0.240: attempt to access beyond end of device
[   58.534791][ T4342] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128
[   58.548030][ T4342] Buffer I/O error on dev loop0, logical block 2067, async page read
[   58.563830][ T4342] syz.0.240: attempt to access beyond end of device
[   58.563830][ T4342] loop0: rw=0, sector=2068, nr_sectors = 1 limit=128
[   58.577072][ T4342] Buffer I/O error on dev loop0, logical block 2068, async page read
[   58.587163][ T4342] syz.0.240: attempt to access beyond end of device
[   58.587163][ T4342] loop0: rw=0, sector=2069, nr_sectors = 1 limit=128
[   58.600371][ T4342] Buffer I/O error on dev loop0, logical block 2069, async page read
[   58.609466][ T4345] netlink: 'syz.0.240': attribute type 10 has an invalid length.
[   58.615328][ T4342] syz.0.240: attempt to access beyond end of device
[   58.615328][ T4342] loop0: rw=0, sector=2070, nr_sectors = 1 limit=128
[   58.630447][ T4342] Buffer I/O error on dev loop0, logical block 2070, async page read
[   58.639442][ T4342] syz.0.240: attempt to access beyond end of device
[   58.639442][ T4342] loop0: rw=0, sector=2071, nr_sectors = 1 limit=128
[   58.652639][ T4342] Buffer I/O error on dev loop0, logical block 2071, async page read
[   58.663049][ T4342] syz.0.240: attempt to access beyond end of device
[   58.663049][ T4342] loop0: rw=0, sector=2072, nr_sectors = 1 limit=128
[   58.676382][ T4342] Buffer I/O error on dev loop0, logical block 2072, async page read
[   58.684712][ T4344] syz.0.240: attempt to access beyond end of device
[   58.684712][ T4344] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[   58.697994][ T4344] Buffer I/O error on dev loop0, logical block 2065, async page read
[   58.739021][ T4344] Buffer I/O error on dev loop0, logical block 2066, async page read
[   58.752230][ T4344] netlink: 'syz.0.240': attribute type 10 has an invalid length.
[   58.760235][ T4351] loop3: detected capacity change from 0 to 1024
[   58.767293][ T4344] batadv0: entered promiscuous mode
[   58.772601][ T4344] batadv0: entered allmulticast mode
[   58.787346][ T4344] bond0: (slave batadv0): Releasing backup interface
[   58.795221][ T4344] bridge0: port 3(batadv0) entered blocking state
[   58.801957][ T4344] bridge0: port 3(batadv0) entered disabled state
[   58.878491][ T4360] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.965101][ T4364] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.972360][ T4364] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.982081][  T553] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   58.991488][  T553] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   59.016746][ T4366] mmap: syz.2.245 (4366) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   59.058616][ T4364] bridge0: entered allmulticast mode
[   59.239167][ T4373] netlink: 'syz.2.248': attribute type 10 has an invalid length.
[   59.274213][ T4376] FAULT_INJECTION: forcing a failure.
[   59.274213][ T4376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.282226][ T4380] loop0: detected capacity change from 0 to 1024
[   59.287350][ T4376] CPU: 1 UID: 0 PID: 4376 Comm: syz.1.250 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   59.287390][ T4376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   59.287408][ T4376] Call Trace:
[   59.287417][ T4376]  <TASK>
[   59.287427][ T4376]  __dump_stack+0x1d/0x30
[   59.287464][ T4376]  dump_stack_lvl+0xe8/0x140
[   59.287533][ T4376]  dump_stack+0x15/0x1b
[   59.287557][ T4376]  should_fail_ex+0x265/0x280
[   59.287598][ T4376]  should_fail+0xb/0x20
[   59.287642][ T4376]  should_fail_usercopy+0x1a/0x20
[   59.287706][ T4376]  _copy_from_user+0x1c/0xb0
[   59.287733][ T4376]  do_ipv6_setsockopt+0x220/0x22e0
[   59.287769][ T4376]  ? kstrtoull+0x111/0x140
[   59.287946][ T4376]  ? __rcu_read_unlock+0x4f/0x70
[   59.287975][ T4376]  ? avc_has_perm_noaudit+0x1b1/0x200
[   59.288029][ T4376]  ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0
[   59.288084][ T4376]  ipv6_setsockopt+0x59/0x130
[   59.288116][ T4376]  tcp_setsockopt+0x98/0xb0
[   59.288281][ T4376]  sock_common_setsockopt+0x66/0x80
[   59.288316][ T4376]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   59.288352][ T4376]  __sys_setsockopt+0x181/0x200
[   59.288397][ T4376]  __x64_sys_setsockopt+0x64/0x80
[   59.288448][ T4376]  x64_sys_call+0x2bd5/0x2fb0
[   59.288488][ T4376]  do_syscall_64+0xd2/0x200
[   59.288568][ T4376]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   59.288601][ T4376]  ? clear_bhb_loop+0x40/0x90
[   59.288698][ T4376]  ? clear_bhb_loop+0x40/0x90
[   59.288726][ T4376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.288753][ T4376] RIP: 0033:0x7f5911efe9a9
[   59.288774][ T4376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.288831][ T4376] RSP: 002b:00007f5910567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   59.288856][ T4376] RAX: ffffffffffffffda RBX: 00007f5912125fa0 RCX: 00007f5911efe9a9
[   59.288873][ T4376] RDX: 000000000000002a RSI: 0000000000000029 RDI: 0000000000000007
[   59.288889][ T4376] RBP: 00007f5910567090 R08: 0000000000000088 R09: 0000000000000000
[   59.288905][ T4376] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001
[   59.288920][ T4376] R13: 0000000000000000 R14: 00007f5912125fa0 R15: 00007ffc0d5822f8
[   59.288978][ T4376]  </TASK>
[   59.443800][ T4388] siw: device registration error -23
[   59.551863][ T4392] FAULT_INJECTION: forcing a failure.
[   59.551863][ T4392] name failslab, interval 1, probability 0, space 0, times 0
[   59.551972][ T4392] CPU: 1 UID: 0 PID: 4392 Comm: syz.1.254 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   59.552006][ T4392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   59.552022][ T4392] Call Trace:
[   59.552029][ T4392]  <TASK>
[   59.552096][ T4392]  __dump_stack+0x1d/0x30
[   59.552122][ T4392]  dump_stack_lvl+0xe8/0x140
[   59.552142][ T4392]  dump_stack+0x15/0x1b
[   59.552158][ T4392]  should_fail_ex+0x265/0x280
[   59.552274][ T4392]  should_failslab+0x8c/0xb0
[   59.552302][ T4392]  kmem_cache_alloc_noprof+0x50/0x310
[   59.552332][ T4392]  ? security_inode_alloc+0x37/0x100
[   59.552362][ T4392]  security_inode_alloc+0x37/0x100
[   59.552417][ T4392]  inode_init_always_gfp+0x4b7/0x500
[   59.552525][ T4392]  ? __pfx_sock_alloc_inode+0x10/0x10
[   59.552557][ T4392]  alloc_inode+0x58/0x170
[   59.552589][ T4392]  __sock_create+0x122/0x5b0
[   59.552714][ T4392]  ? __rcu_read_unlock+0x34/0x70
[   59.552739][ T4392]  sock_create_kern+0x38/0x50
[   59.552764][ T4392]  udp_sock_create6+0x68/0x3d0
[   59.552785][ T4392]  fou_nl_add_doit+0xd8/0x410
[   59.552888][ T4392]  genl_family_rcv_msg_doit+0x143/0x1b0
[   59.552918][ T4392]  genl_rcv_msg+0x422/0x460
[   59.552941][ T4392]  ? __pfx_fou_nl_add_doit+0x10/0x10
[   59.553022][ T4392]  netlink_rcv_skb+0x123/0x220
[   59.553060][ T4392]  ? __pfx_genl_rcv_msg+0x10/0x10
[   59.553153][ T4392]  genl_rcv+0x28/0x40
[   59.553251][ T4392]  netlink_unicast+0x5a8/0x680
[   59.553288][ T4392]  netlink_sendmsg+0x58b/0x6b0
[   59.553328][ T4392]  ? __pfx_netlink_sendmsg+0x10/0x10
[   59.553366][ T4392]  __sock_sendmsg+0x142/0x180
[   59.553395][ T4392]  ____sys_sendmsg+0x31e/0x4e0
[   59.553422][ T4392]  ___sys_sendmsg+0x17b/0x1d0
[   59.553457][ T4392]  __x64_sys_sendmsg+0xd4/0x160
[   59.553562][ T4392]  x64_sys_call+0x2999/0x2fb0
[   59.553583][ T4392]  do_syscall_64+0xd2/0x200
[   59.553606][ T4392]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   59.553637][ T4392]  ? clear_bhb_loop+0x40/0x90
[   59.553659][ T4392]  ? clear_bhb_loop+0x40/0x90
[   59.553727][ T4392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.553746][ T4392] RIP: 0033:0x7f5911efe9a9
[   59.553788][ T4392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.553807][ T4392] RSP: 002b:00007f5910567038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.553829][ T4392] RAX: ffffffffffffffda RBX: 00007f5912125fa0 RCX: 00007f5911efe9a9
[   59.553844][ T4392] RDX: 0000000004000080 RSI: 00002000000002c0 RDI: 0000000000000003
[   59.553859][ T4392] RBP: 00007f5910567090 R08: 0000000000000000 R09: 0000000000000000
[   59.553933][ T4392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.553945][ T4392] R13: 0000000000000000 R14: 00007f5912125fa0 R15: 00007ffc0d5822f8
[   59.553965][ T4392]  </TASK>
[   59.553989][ T4392] socket: no more sockets
[   59.753567][ T4408] FAULT_INJECTION: forcing a failure.
[   59.753567][ T4408] name failslab, interval 1, probability 0, space 0, times 0
[   59.941930][ T4408] CPU: 1 UID: 0 PID: 4408 Comm: syz.0.259 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   59.941988][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   59.942004][ T4408] Call Trace:
[   59.942012][ T4408]  <TASK>
[   59.942022][ T4408]  __dump_stack+0x1d/0x30
[   59.942048][ T4408]  dump_stack_lvl+0xe8/0x140
[   59.942069][ T4408]  dump_stack+0x15/0x1b
[   59.942089][ T4408]  should_fail_ex+0x265/0x280
[   59.942166][ T4408]  ? alloc_tty_struct+0x4c/0x400
[   59.942214][ T4408]  should_failslab+0x8c/0xb0
[   59.942235][ T4408]  __kmalloc_cache_noprof+0x4c/0x320
[   59.942307][ T4408]  alloc_tty_struct+0x4c/0x400
[   59.942343][ T4408]  tty_init_dev+0x39/0x330
[   59.942442][ T4408]  ptmx_open+0xda/0x240
[   59.942545][ T4408]  chrdev_open+0x2eb/0x3a0
[   59.942627][ T4408]  do_dentry_open+0x646/0xa20
[   59.942739][ T4408]  ? __pfx_chrdev_open+0x10/0x10
[   59.942765][ T4408]  vfs_open+0x37/0x1e0
[   59.942787][ T4408]  path_openat+0x1c5e/0x2170
[   59.942837][ T4408]  do_filp_open+0x109/0x230
[   59.942908][ T4408]  do_sys_openat2+0xa6/0x110
[   59.942943][ T4408]  __x64_sys_openat+0xf2/0x120
[   59.942979][ T4408]  x64_sys_call+0x1af/0x2fb0
[   59.943002][ T4408]  do_syscall_64+0xd2/0x200
[   59.943026][ T4408]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   59.943090][ T4408]  ? clear_bhb_loop+0x40/0x90
[   59.943113][ T4408]  ? clear_bhb_loop+0x40/0x90
[   59.943141][ T4408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.943182][ T4408] RIP: 0033:0x7faadea1e9a9
[   59.943197][ T4408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.943216][ T4408] RSP: 002b:00007faadd087038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   59.943239][ T4408] RAX: ffffffffffffffda RBX: 00007faadec45fa0 RCX: 00007faadea1e9a9
[   59.943255][ T4408] RDX: 0000000000004200 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[   59.943272][ T4408] RBP: 00007faadd087090 R08: 0000000000000000 R09: 0000000000000000
[   59.943289][ T4408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.943387][ T4408] R13: 0000000000000001 R14: 00007faadec45fa0 R15: 00007ffef46b0088
[   59.943484][ T4408]  </TASK>
[   60.187643][ T4415] netlink: 'syz.1.261': attribute type 10 has an invalid length.
[   60.293753][   T29] kauditd_printk_skb: 229 callbacks suppressed
[   60.293768][   T29] audit: type=1400 audit(1753536916.295:639): avc:  denied  { setopt } for  pid=4416 comm="syz.2.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   60.319512][   T29] audit: type=1400 audit(1753536916.295:640): avc:  denied  { write } for  pid=4416 comm="syz.2.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   60.392323][ T4412] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   60.404226][ T4412] loop0: detected capacity change from 0 to 512
[   60.413271][ T4412] journal_path: Lookup failure for './file0/../file0'
[   60.420245][ T4412] EXT4-fs: error: could not find journal device path
[   60.441974][   T29] audit: type=1400 audit(1753536916.455:641): avc:  denied  { shutdown } for  pid=4434 comm="syz.4.266" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   60.473006][   T29] audit: type=1400 audit(1753536916.486:642): avc:  denied  { listen } for  pid=4434 comm="syz.4.266" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   60.501198][   T29] audit: type=1326 audit(1753536916.516:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4437 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5cef8e9a9 code=0x7ffc0000
[   60.524641][   T29] audit: type=1326 audit(1753536916.516:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4437 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5cef8e9a9 code=0x7ffc0000
[   60.556038][   T29] audit: type=1326 audit(1753536916.566:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4437 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd5cef8e9a9 code=0x7ffc0000
[   60.579293][   T29] audit: type=1326 audit(1753536916.566:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4437 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5cef8e9a9 code=0x7ffc0000
[   60.602654][   T29] audit: type=1326 audit(1753536916.566:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4437 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5cef8e9a9 code=0x7ffc0000
[   60.626086][   T29] audit: type=1326 audit(1753536916.566:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4437 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5cef8e9a9 code=0x7ffc0000
[   60.921660][ T4454] netlink: 'syz.4.273': attribute type 10 has an invalid length.
[   61.025949][ T4461] process 'syz.0.275' launched './file1' with NULL argv: empty string added
[   61.127838][ T4470] bridge_slave_1: left allmulticast mode
[   61.133606][ T4470] bridge_slave_1: left promiscuous mode
[   61.139621][ T4470] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.155389][ T4470] bridge_slave_0: left allmulticast mode
[   61.161238][ T4470] bridge_slave_0: left promiscuous mode
[   61.167064][ T4470] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.264766][ T4481] netlink: 'syz.0.284': attribute type 10 has an invalid length.
[   61.274064][ T4481] batadv0: left allmulticast mode
[   61.279221][ T4481] batadv0: left promiscuous mode
[   61.284316][ T4481] bridge0: port 3(batadv0) entered disabled state
[   61.295831][ T4481] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.305577][ T4481] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   61.371082][ T4494] loop4: detected capacity change from 0 to 512
[   61.387857][ T4494] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   61.424393][ T4494] EXT4-fs (loop4): orphan cleanup on readonly fs
[   61.449335][ T4494] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.288: Block bitmap for bg 0 marked uninitialized
[   61.486096][ T4494] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   61.504139][ T4494] EXT4-fs (loop4): 1 orphan inode deleted
[   61.535319][ T4494] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   61.547716][ T4494] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   61.570883][ T4494] siw: device registration error -23
[   61.612228][ T4497] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   61.845329][ T4446] syz.3.270 (4446) used greatest stack depth: 6848 bytes left
[   61.928180][ T4518] __nla_validate_parse: 3 callbacks suppressed
[   61.928192][ T4518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.297'.
[   62.141910][ T4545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   62.154474][ T4545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   62.163225][ T4542] netlink: 52 bytes leftover after parsing attributes in process `+}[@'.
[   62.201432][ T4548] serio: Serial port ttyS3
[   62.338772][ T4557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.307'.
[   62.378793][ T4561] loop3: detected capacity change from 0 to 1024
[   62.388309][ T4561] EXT4-fs: Ignoring removed orlov option
[   62.425827][ T4565] serio: Serial port ttyS3
[   62.555367][ T4568] lo speed is unknown, defaulting to 1000
[   62.909842][ T4603] loop4: detected capacity change from 0 to 128
[   63.088097][ T4608] loop0: detected capacity change from 0 to 512
[   63.156507][ T4608] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   63.247680][ T4608] EXT4-fs (loop0): 1 truncate cleaned up
[   63.372083][ T3319] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   63.383084][ T3319] CPU: 1 UID: 0 PID: 3319 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   63.383115][ T3319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   63.383127][ T3319] Call Trace:
[   63.383153][ T3319]  <TASK>
[   63.383162][ T3319]  __dump_stack+0x1d/0x30
[   63.383254][ T3319]  dump_stack_lvl+0xe8/0x140
[   63.383352][ T3319]  dump_stack+0x15/0x1b
[   63.383367][ T3319]  dump_header+0x81/0x220
[   63.383404][ T3319]  oom_kill_process+0x334/0x3f0
[   63.383442][ T3319]  out_of_memory+0x979/0xb80
[   63.383523][ T3319]  try_charge_memcg+0x5e6/0x9e0
[   63.383575][ T3319]  charge_memcg+0x51/0xc0
[   63.383604][ T3319]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   63.383696][ T3319]  __read_swap_cache_async+0x1df/0x350
[   63.383790][ T3319]  swap_cluster_readahead+0x376/0x3e0
[   63.383825][ T3319]  swapin_readahead+0xde/0x6f0
[   63.383859][ T3319]  ? __filemap_get_folio+0x4f7/0x6b0
[   63.383922][ T3319]  ? swap_cache_get_folio+0x77/0x200
[   63.383951][ T3319]  do_swap_page+0x301/0x2430
[   63.384037][ T3319]  ? finish_task_switch+0xad/0x2b0
[   63.384066][ T3319]  ? __pfx_default_wake_function+0x10/0x10
[   63.384165][ T3319]  handle_mm_fault+0x9a5/0x2be0
[   63.384188][ T3319]  ? mas_walk+0xf2/0x120
[   63.384276][ T3319]  do_user_addr_fault+0x636/0x1090
[   63.384319][ T3319]  ? fpregs_restore_userregs+0xe2/0x1d0
[   63.384402][ T3319]  ? switch_fpu_return+0xe/0x20
[   63.384427][ T3319]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   63.384481][ T3319]  exc_page_fault+0x62/0xa0
[   63.384509][ T3319]  asm_exc_page_fault+0x26/0x30
[   63.384528][ T3319] RIP: 0033:0x7f6bfaa51225
[   63.384545][ T3319] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 63 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[   63.384567][ T3319] RSP: 002b:00007fff3010e528 EFLAGS: 00010246
[   63.384586][ T3319] RAX: 0000000000000000 RBX: 000000000000009f RCX: 00007f6bfaa51223
[   63.384714][ T3319] RDX: 00007fff3010e540 RSI: 0000000000000000 RDI: 0000000000000000
[   63.384729][ T3319] RBP: 00007fff3010e5ac R08: 000000000f88afeb R09: 0000000000000000
[   63.384744][ T3319] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[   63.384759][ T3319] R13: 00000000000927c0 R14: 000000000000f6d1 R15: 00007fff3010e600
[   63.384782][ T3319]  </TASK>
[   63.610752][ T3319] memory: usage 307200kB, limit 307200kB, failcnt 233
[   63.617649][ T3319] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0
[   63.625709][ T3319] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0
[   63.633008][ T3319] Memory cgroup stats for /syz2:
[   63.720888][ T3319] cache 0
[   63.728871][ T3319] rss 0
[   63.731703][ T3319] shmem 0
[   63.734680][ T3319] mapped_file 0
[   63.738196][ T3319] dirty 0
[   63.741143][ T3319] writeback 0
[   63.744464][ T3319] workingset_refault_anon 108
[   63.749220][ T3319] workingset_refault_file 322
[   63.753993][ T3319] swap 196608
[   63.757327][ T3319] swapcached 4096
[   63.760972][ T3319] pgpgin 13955
[   63.764392][ T3319] pgpgout 13951
[   63.767863][ T3319] pgfault 17111
[   63.771382][ T3319] pgmajfault 78
[   63.775818][ T3319] inactive_anon 4096
[   63.779742][ T3319] active_anon 0
[   63.783257][ T3319] inactive_file 0
[   63.786953][ T3319] active_file 12288
[   63.790793][ T3319] unevictable 0
[   63.794359][ T3319] hierarchical_memory_limit 314572800
[   63.799799][ T3319] hierarchical_memsw_limit 9223372036854771712
[   63.806063][ T3319] total_cache 0
[   63.809535][ T3319] total_rss 0
[   63.812827][ T3319] total_shmem 0
[   63.816329][ T3319] total_mapped_file 0
[   63.820316][ T3319] total_dirty 0
[   63.823792][ T3319] total_writeback 0
[   63.827643][ T3319] total_workingset_refault_anon 108
[   63.833000][ T3319] total_workingset_refault_file 322
[   63.838216][ T3319] total_swap 196608
[   63.842028][ T3319] total_swapcached 4096
[   63.846201][ T3319] total_pgpgin 13955
[   63.850117][ T3319] total_pgpgout 13951
[   63.854134][ T3319] total_pgfault 17111
[   63.858206][ T3319] total_pgmajfault 78
[   63.862189][ T3319] total_inactive_anon 4096
[   63.866654][ T3319] total_active_anon 0
[   63.870690][ T3319] total_inactive_file 0
[   63.874916][ T3319] total_active_file 12288
[   63.879270][ T3319] total_unevictable 0
[   63.883270][ T3319] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.305,pid=4549,uid=0
[   63.897888][ T3319] Memory cgroup out of memory: Killed process 4549 (syz.2.305) total-vm:93760kB, anon-rss:1024kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   63.987344][ T4603] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   63.995362][ T4603] FAT-fs (loop4): Filesystem has been set read-only
[   64.005053][ T4603] bio_check_eod: 18527 callbacks suppressed
[   64.005071][ T4603] syz.4.317: attempt to access beyond end of device
[   64.005071][ T4603] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   64.042427][ T4603] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   64.050355][ T4603] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   64.085622][ T4603] syz.4.317: attempt to access beyond end of device
[   64.085622][ T4603] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   64.100240][ T4617] netlink: 24 bytes leftover after parsing attributes in process `syz.4.317'.
[   64.109171][ T4617] netlink: 212 bytes leftover after parsing attributes in process `syz.4.317'.
[   64.128297][ T4603] syz.4.317: attempt to access beyond end of device
[   64.128297][ T4603] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   64.155504][ T4618] netlink: 'syz.4.317': attribute type 10 has an invalid length.
[   64.163664][ T4615] syz.4.317: attempt to access beyond end of device
[   64.163664][ T4615] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[   64.177009][ T4615] buffer_io_error: 18526 callbacks suppressed
[   64.177020][ T4615] Buffer I/O error on dev loop4, logical block 2065, async page read
[   64.222702][ T4615] syz.4.317: attempt to access beyond end of device
[   64.222702][ T4615] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[   64.235995][ T4615] Buffer I/O error on dev loop4, logical block 2066, async page read
[   64.256826][ T4615] syz.4.317: attempt to access beyond end of device
[   64.256826][ T4615] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[   64.270152][ T4615] Buffer I/O error on dev loop4, logical block 2067, async page read
[   64.328933][ T4623] siw: device registration error -23
[   64.337007][ T4615] syz.4.317: attempt to access beyond end of device
[   64.337007][ T4615] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[   64.350241][ T4615] Buffer I/O error on dev loop4, logical block 2068, async page read
[   64.426937][ T4615] syz.4.317: attempt to access beyond end of device
[   64.426937][ T4615] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128
[   64.440309][ T4615] Buffer I/O error on dev loop4, logical block 2069, async page read
[   64.488338][ T4615] syz.4.317: attempt to access beyond end of device
[   64.488338][ T4615] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128
[   64.501579][ T4615] Buffer I/O error on dev loop4, logical block 2070, async page read
[   64.511550][ T4615] syz.4.317: attempt to access beyond end of device
[   64.511550][ T4615] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128
[   64.524901][ T4615] Buffer I/O error on dev loop4, logical block 2071, async page read
[   64.551928][ T4633] lo speed is unknown, defaulting to 1000
[   64.558121][ T4615] Buffer I/O error on dev loop4, logical block 2072, async page read
[   64.566616][ T4603] Buffer I/O error on dev loop4, logical block 2065, async page read
[   64.599000][ T4603] Buffer I/O error on dev loop4, logical block 2066, async page read
[   64.618300][ T4617] netlink: 'syz.4.317': attribute type 10 has an invalid length.
[   64.626192][ T4617] netlink: 40 bytes leftover after parsing attributes in process `syz.4.317'.
[   64.679643][ T4617] batadv0: entered promiscuous mode
[   64.685056][ T4617] batadv0: entered allmulticast mode
[   64.703741][ T4617] bond0: (slave batadv0): Releasing backup interface
[   64.712762][ T4617] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[   64.748961][ T4639] serio: Serial port ttyS3
[   64.839344][ T4643] loop4: detected capacity change from 0 to 1024
[   64.855187][ T4644] loop0: detected capacity change from 0 to 1024
[   64.866459][ T4643] EXT4-fs: Ignoring removed orlov option
[   64.893534][ T4644] EXT4-fs: Ignoring removed orlov option
[   64.981701][ T4644] lo speed is unknown, defaulting to 1000
[   65.001291][ T4650] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8213 sclass=netlink_route_socket pid=4650 comm=syz.0.328
[   65.089437][ T4644] bridge0: entered promiscuous mode
[   65.095868][ T4644] bond0: entered promiscuous mode
[   65.100938][ T4644] bond_slave_0: entered promiscuous mode
[   65.106746][ T4644] bond_slave_1: entered promiscuous mode
[   65.112543][ T4644] batadv0: entered promiscuous mode
[   65.120011][ T4644] hsr1: entered allmulticast mode
[   65.125176][ T4644] bridge0: entered allmulticast mode
[   65.130620][ T4644] bond0: entered allmulticast mode
[   65.135775][ T4644] bond_slave_0: entered allmulticast mode
[   65.141575][ T4644] bond_slave_1: entered allmulticast mode
[   65.147370][ T4644] batadv0: entered allmulticast mode
[   65.156270][ T4644] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4644 comm=syz.0.328
[   65.290094][ T4658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.307330][ T4658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.319551][   T29] kauditd_printk_skb: 108 callbacks suppressed
[   65.319568][   T29] audit: type=1400 audit(1753536921.340:757): avc:  denied  { create } for  pid=4654 comm="syz.1.330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   65.374348][ T4662] loop3: detected capacity change from 0 to 128
[   65.417209][ T4662] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   65.425213][ T4662] FAT-fs (loop3): Filesystem has been set read-only
[   65.435676][ T4662] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   65.443657][ T4662] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   65.481430][ T4663] netlink: 24 bytes leftover after parsing attributes in process `syz.3.332'.
[   65.490577][ T4663] netlink: 212 bytes leftover after parsing attributes in process `syz.3.332'.
[   65.497374][ T4665] loop4: detected capacity change from 0 to 512
[   65.538987][ T4665] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   65.558792][ T4666] netlink: 'syz.3.332': attribute type 10 has an invalid length.
[   65.568814][ T4665] EXT4-fs (loop4): 1 truncate cleaned up
[   65.609434][ T4663] netlink: 'syz.3.332': attribute type 10 has an invalid length.
[   65.617311][ T4663] netlink: 40 bytes leftover after parsing attributes in process `syz.3.332'.
[   65.681706][ T4669] netlink: 'syz.4.334': attribute type 10 has an invalid length.
[   65.696800][ T4663] batadv0: entered promiscuous mode
[   65.702155][ T4663] batadv0: entered allmulticast mode
[   65.714086][ T4663] bond0: (slave batadv0): Releasing backup interface
[   65.723760][ T4663] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[   65.739493][ T4669] batadv0: left promiscuous mode
[   65.744546][ T4669] batadv0: left allmulticast mode
[   65.757620][ T4669] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.768272][ T4669] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   65.814770][ T4672] loop4: detected capacity change from 0 to 128
[   65.832642][ T4672] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   65.840519][ T4672] FAT-fs (loop4): Filesystem has been set read-only
[   65.865219][ T4672] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   65.873189][ T4672] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   65.890567][ T4675] netlink: 24 bytes leftover after parsing attributes in process `syz.4.335'.
[   65.918168][ T4675] netlink: 'syz.4.335': attribute type 10 has an invalid length.
[   65.954968][ T4675] netlink: 'syz.4.335': attribute type 10 has an invalid length.
[   65.983362][ T4675] batadv0: entered promiscuous mode
[   65.988681][ T4675] batadv0: entered allmulticast mode
[   66.024799][ T4675] bond0: (slave batadv0): Releasing backup interface
[   66.051244][ T4675] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[   66.125901][ T4679] serio: Serial port ttyS3
[   66.704601][   T29] audit: type=1400 audit(1753536922.732:758): avc:  denied  { create } for  pid=4707 comm="syz.0.349" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   66.737882][   T29] audit: type=1400 audit(1753536922.762:759): avc:  denied  { rename } for  pid=4707 comm="syz.0.349" name="file0" dev="tmpfs" ino=416 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   66.779742][   T29] audit: type=1400 audit(1753536922.802:760): avc:  denied  { read } for  pid=4709 comm="syz.4.348" path="socket:[7693]" dev="sockfs" ino=7693 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   66.823167][   T29] audit: type=1400 audit(1753536922.842:761): avc:  denied  { unlink } for  pid=3315 comm="syz-executor" name="file7" dev="tmpfs" ino=416 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   66.859812][ T4712] serio: Serial port ttyS3
[   66.889786][ T4715] lo speed is unknown, defaulting to 1000
[   66.945600][   T29] audit: type=1400 audit(1753536922.972:762): avc:  denied  { read } for  pid=2981 comm="acpid" name="event7" dev="devtmpfs" ino=834 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   66.967469][   T29] audit: type=1400 audit(1753536922.972:763): avc:  denied  { open } for  pid=2981 comm="acpid" path="/dev/input/event7" dev="devtmpfs" ino=834 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   66.991154][   T29] audit: type=1400 audit(1753536922.972:764): avc:  denied  { ioctl } for  pid=2981 comm="acpid" path="/dev/input/event7" dev="devtmpfs" ino=834 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   67.016007][   T29] audit: type=1400 audit(1753536922.972:765): avc:  denied  { create } for  pid=4709 comm="syz.4.348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   67.035333][   T29] audit: type=1400 audit(1753536922.972:766): avc:  denied  { write } for  pid=4709 comm="syz.4.348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   67.058476][ T4720] netlink: 'syz.2.352': attribute type 1 has an invalid length.
[   67.066251][ T4720] __nla_validate_parse: 2 callbacks suppressed
[   67.066368][ T4720] netlink: 224 bytes leftover after parsing attributes in process `syz.2.352'.
[   67.115337][ T4718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.348'.
[   67.476642][ T4736] loop3: detected capacity change from 0 to 512
[   67.485976][ T4736] EXT4-fs: Ignoring removed mblk_io_submit option
[   67.513668][ T4736] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   67.542684][ T4736] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002]
[   67.577884][ T4736] System zones: 1-12
[   67.601466][ T4736] EXT4-fs (loop3): 1 truncate cleaned up
[   67.645207][ T4740] netlink: 'syz.4.358': attribute type 10 has an invalid length.
[   67.662686][ T4740] batadv0: left promiscuous mode
[   67.667698][ T4740] batadv0: left allmulticast mode
[   67.675972][ T4740] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.699672][ T4742] loop0: detected capacity change from 0 to 128
[   67.707753][ T4740] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   67.750595][ T4742] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   67.758519][ T4742] FAT-fs (loop0): Filesystem has been set read-only
[   67.802596][ T4742] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   67.810546][ T4742] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   67.834143][ T4750] netlink: 24 bytes leftover after parsing attributes in process `syz.0.359'.
[   67.843135][ T4750] netlink: 212 bytes leftover after parsing attributes in process `syz.0.359'.
[   67.896469][ T4753] netlink: 'syz.0.359': attribute type 10 has an invalid length.
[   67.928339][ T4750] netlink: 'syz.0.359': attribute type 10 has an invalid length.
[   67.936174][ T4750] netlink: 40 bytes leftover after parsing attributes in process `syz.0.359'.
[   67.956781][ T4755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.362'.
[   67.983346][ T4750] bond0: (slave batadv0): Releasing backup interface
[   67.996995][ T4750] bridge0: port 3(batadv0) entered blocking state
[   68.003574][ T4750] bridge0: port 3(batadv0) entered disabled state
[   68.040196][ T4757] FAULT_INJECTION: forcing a failure.
[   68.040196][ T4757] name failslab, interval 1, probability 0, space 0, times 0
[   68.052889][ T4757] CPU: 0 UID: 0 PID: 4757 Comm: syz.3.363 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   68.052920][ T4757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   68.052936][ T4757] Call Trace:
[   68.052944][ T4757]  <TASK>
[   68.052953][ T4757]  __dump_stack+0x1d/0x30
[   68.053073][ T4757]  dump_stack_lvl+0xe8/0x140
[   68.053099][ T4757]  dump_stack+0x15/0x1b
[   68.053196][ T4757]  should_fail_ex+0x265/0x280
[   68.053282][ T4757]  should_failslab+0x8c/0xb0
[   68.053308][ T4757]  __kvmalloc_node_noprof+0x123/0x4e0
[   68.053345][ T4757]  ? htable_create+0xf7/0x450
[   68.053395][ T4757]  htable_create+0xf7/0x450
[   68.053431][ T4757]  ? __rcu_read_unlock+0x4f/0x70
[   68.053461][ T4757]  hashlimit_mt_check_common+0x5db/0x6c0
[   68.053508][ T4757]  hashlimit_mt_check_v1+0x12d/0x160
[   68.053583][ T4757]  xt_check_match+0x2ad/0x4f0
[   68.053672][ T4757]  ? strnlen+0x28/0x50
[   68.053699][ T4757]  ? strcmp+0x22/0x50
[   68.053819][ T4757]  ? xt_find_match+0x1d1/0x210
[   68.053869][ T4757]  translate_table+0xb4b/0x1070
[   68.053909][ T4757]  ? _copy_from_user+0x89/0xb0
[   68.053935][ T4757]  do_ip6t_set_ctl+0x678/0x840
[   68.054011][ T4757]  nf_setsockopt+0x199/0x1b0
[   68.054036][ T4757]  ipv6_setsockopt+0x11a/0x130
[   68.054062][ T4757]  udpv6_setsockopt+0x99/0xb0
[   68.054080][ T4757]  sock_common_setsockopt+0x66/0x80
[   68.054175][ T4757]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   68.054210][ T4757]  __sys_setsockopt+0x181/0x200
[   68.054253][ T4757]  __x64_sys_setsockopt+0x64/0x80
[   68.054300][ T4757]  x64_sys_call+0x2bd5/0x2fb0
[   68.054360][ T4757]  do_syscall_64+0xd2/0x200
[   68.054514][ T4757]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   68.054572][ T4757]  ? clear_bhb_loop+0x40/0x90
[   68.054618][ T4757]  ? clear_bhb_loop+0x40/0x90
[   68.054793][ T4757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.054820][ T4757] RIP: 0033:0x7fd5cef8e9a9
[   68.054839][ T4757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.054859][ T4757] RSP: 002b:00007fd5cd5f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   68.054915][ T4757] RAX: ffffffffffffffda RBX: 00007fd5cf1b5fa0 RCX: 00007fd5cef8e9a9
[   68.054927][ T4757] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[   68.054943][ T4757] RBP: 00007fd5cd5f7090 R08: 00000000000004b8 R09: 0000000000000000
[   68.054959][ T4757] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[   68.054973][ T4757] R13: 0000000000000000 R14: 00007fd5cf1b5fa0 R15: 00007ffddd569818
[   68.055001][ T4757]  </TASK>
[   68.134261][ T4760] loop4: detected capacity change from 0 to 512
[   68.316260][ T4598] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   68.332427][ T4598] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   68.344558][ T4760] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   68.360880][ T4760] EXT4-fs (loop4): 1 truncate cleaned up
[   68.485919][ T4771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.522036][ T4771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.596259][ T4777] netlink: 'syz.3.370': attribute type 10 has an invalid length.
[   68.627631][ T4777] batadv0: left promiscuous mode
[   68.632776][ T4777] batadv0: left allmulticast mode
[   68.654186][ T4777] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.674926][ T4777] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   68.735816][ T4787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.748726][ T4787] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.087417][ T4809] siw: device registration error -23
[   69.169252][ T4811] serio: Serial port ttyS3
[   69.422236][ T4828] netlink: 'syz.4.382': attribute type 10 has an invalid length.
[   69.450574][ T4830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.383'.
[   69.530441][ T4837] SELinux:  Context system_u:object_r:pam_exec_t:s0 is not valid (left unmapped).
[   69.580861][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.588401][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.595821][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.603346][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.610776][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.618234][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.625672][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.633355][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.640842][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.648299][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.655783][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.663317][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.671021][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.678466][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.685895][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.693359][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.700811][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.708322][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.715727][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.723250][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.730696][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.738111][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.745543][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.753381][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.760807][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.768365][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.775853][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.783350][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.790776][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.798215][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.805759][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.813201][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.820638][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.828057][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.835508][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.843010][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.850453][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.857881][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.865380][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.865410][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.880229][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.887646][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.892456][ T4846] siw: device registration error -23
[   69.895109][ T1036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   69.948368][ T1036] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   70.243738][ T4861] FAULT_INJECTION: forcing a failure.
[   70.243738][ T4861] name failslab, interval 1, probability 0, space 0, times 0
[   70.256490][ T4861] CPU: 0 UID: 0 PID: 4861 Comm: syz.2.391 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   70.256526][ T4861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.256600][ T4861] Call Trace:
[   70.256607][ T4861]  <TASK>
[   70.256616][ T4861]  __dump_stack+0x1d/0x30
[   70.256641][ T4861]  dump_stack_lvl+0xe8/0x140
[   70.256666][ T4861]  dump_stack+0x15/0x1b
[   70.256744][ T4861]  should_fail_ex+0x265/0x280
[   70.256784][ T4861]  should_failslab+0x8c/0xb0
[   70.256813][ T4861]  __kmalloc_noprof+0xa5/0x3e0
[   70.256845][ T4861]  ? sk_prot_alloc+0xa8/0x190
[   70.256877][ T4861]  sk_prot_alloc+0xa8/0x190
[   70.256940][ T4861]  sk_alloc+0x34/0x360
[   70.256980][ T4861]  pptp_create+0x32/0x160
[   70.257007][ T4861]  pppox_create+0xd0/0x120
[   70.257070][ T4861]  __sock_create+0x2e9/0x5b0
[   70.257100][ T4861]  __sys_socketpair+0x170/0x430
[   70.257145][ T4861]  ? trace_sys_enter+0xd0/0x110
[   70.257177][ T4861]  __x64_sys_socketpair+0x52/0x60
[   70.257221][ T4861]  x64_sys_call+0x23f2/0x2fb0
[   70.257292][ T4861]  do_syscall_64+0xd2/0x200
[   70.257310][ T4861]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   70.257400][ T4861]  ? clear_bhb_loop+0x40/0x90
[   70.257429][ T4861]  ? clear_bhb_loop+0x40/0x90
[   70.257485][ T4861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.257505][ T4861] RIP: 0033:0x7f6bfaa1e9a9
[   70.257522][ T4861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.257545][ T4861] RSP: 002b:00007f6bf9087038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[   70.257569][ T4861] RAX: ffffffffffffffda RBX: 00007f6bfac45fa0 RCX: 00007f6bfaa1e9a9
[   70.257585][ T4861] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000018
[   70.257642][ T4861] RBP: 00007f6bf9087090 R08: 0000000000000000 R09: 0000000000000000
[   70.257661][ T4861] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.257677][ T4861] R13: 0000000000000000 R14: 00007f6bfac45fa0 R15: 00007fff3010e1e8
[   70.257755][ T4861]  </TASK>
[   70.504577][ T4864] FAULT_INJECTION: forcing a failure.
[   70.504577][ T4864] name failslab, interval 1, probability 0, space 0, times 0
[   70.517308][ T4864] CPU: 0 UID: 0 PID: 4864 Comm: syz.3.392 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   70.517340][ T4864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.517356][ T4864] Call Trace:
[   70.517363][ T4864]  <TASK>
[   70.517372][ T4864]  __dump_stack+0x1d/0x30
[   70.517399][ T4864]  dump_stack_lvl+0xe8/0x140
[   70.517505][ T4864]  dump_stack+0x15/0x1b
[   70.517527][ T4864]  should_fail_ex+0x265/0x280
[   70.517565][ T4864]  should_failslab+0x8c/0xb0
[   70.517694][ T4864]  kmem_cache_alloc_noprof+0x50/0x310
[   70.517723][ T4864]  ? skb_clone+0x151/0x1f0
[   70.517801][ T4864]  skb_clone+0x151/0x1f0
[   70.517819][ T4864]  __netlink_deliver_tap+0x2c9/0x500
[   70.517841][ T4864]  netlink_unicast+0x653/0x680
[   70.517917][ T4864]  netlink_sendmsg+0x58b/0x6b0
[   70.517943][ T4864]  ? __pfx_netlink_sendmsg+0x10/0x10
[   70.517969][ T4864]  __sock_sendmsg+0x142/0x180
[   70.518001][ T4864]  ____sys_sendmsg+0x345/0x4e0
[   70.518050][ T4864]  ___sys_sendmsg+0x17b/0x1d0
[   70.518087][ T4864]  __sys_sendmmsg+0x178/0x300
[   70.518123][ T4864]  __x64_sys_sendmmsg+0x57/0x70
[   70.518211][ T4864]  x64_sys_call+0x2f2f/0x2fb0
[   70.518230][ T4864]  do_syscall_64+0xd2/0x200
[   70.518247][ T4864]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   70.518423][ T4864]  ? clear_bhb_loop+0x40/0x90
[   70.518447][ T4864]  ? clear_bhb_loop+0x40/0x90
[   70.518474][ T4864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.518500][ T4864] RIP: 0033:0x7fd5cef8e9a9
[   70.518518][ T4864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.518576][ T4864] RSP: 002b:00007fd5cd5f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   70.518600][ T4864] RAX: ffffffffffffffda RBX: 00007fd5cf1b5fa0 RCX: 00007fd5cef8e9a9
[   70.518616][ T4864] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003
[   70.518632][ T4864] RBP: 00007fd5cd5f7090 R08: 0000000000000000 R09: 0000000000000000
[   70.518701][ T4864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   70.518748][ T4864] R13: 0000000000000000 R14: 00007fd5cf1b5fa0 R15: 00007ffddd569818
[   70.518772][ T4864]  </TASK>
[   70.762765][ T4862] bond1: entered promiscuous mode
[   70.768066][ T4862] 8021q: adding VLAN 0 to HW filter on device bond1
[   71.321376][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.328877][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.336286][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.343808][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.351297][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.358786][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.366187][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.373870][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.381356][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.388809][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.388832][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.388858][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.388884][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.388919][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389019][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389153][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389182][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389210][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389239][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389261][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389281][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389342][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389368][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389403][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389427][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389455][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389483][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389512][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389601][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389628][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389649][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389669][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389771][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389800][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389828][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389849][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389871][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.389948][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.390045][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.390078][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.390112][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.390141][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.390170][ T1036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   71.429335][ T1036] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   71.483711][ T4900] fido_id[4900]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   71.773831][   T29] kauditd_printk_skb: 19 callbacks suppressed
[   71.773849][   T29] audit: type=1400 audit(1753536927.796:786): avc:  denied  { write } for  pid=4788 comm="syz.0.373" name="mcfilter6" dev="proc" ino=4026532507 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   72.002540][ T4910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.406'.
[   72.120568][   T29] audit: type=1400 audit(1753536928.147:787): avc:  denied  { read write } for  pid=4907 comm="syz.3.405" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   72.143943][   T29] audit: type=1400 audit(1753536928.147:788): avc:  denied  { open } for  pid=4907 comm="syz.3.405" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   72.280871][ T4925] lo speed is unknown, defaulting to 1000
[   72.286498][ T4927] netlink: 4 bytes leftover after parsing attributes in process `syz.4.410'.
[   72.310067][   T29] audit: type=1400 audit(1753536928.197:789): avc:  denied  { ioctl } for  pid=4907 comm="syz.3.405" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   72.499579][   T29] audit: type=1400 audit(1753536928.527:790): avc:  denied  { mount } for  pid=4933 comm="syz.4.412" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   72.854143][ T4945] netlink: 24 bytes leftover after parsing attributes in process `syz.4.413'.
[   72.892514][ T4947] netlink: 'syz.0.415': attribute type 1 has an invalid length.
[   72.900343][ T4947] netlink: 224 bytes leftover after parsing attributes in process `syz.0.415'.
[   72.943224][ T4947] Driver unsupported XDP return value 0 on prog  (id 317) dev N/A, expect packet loss!
[   73.149679][ T4957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.418'.
[   73.161355][ T4957] netlink: 'syz.1.418': attribute type 3 has an invalid length.
[   73.423088][ T4972] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   73.724575][ T4982] netlink: 'syz.3.426': attribute type 10 has an invalid length.
[   73.848127][ T4963] syz.2.421 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   73.862404][ T4963] CPU: 0 UID: 0 PID: 4963 Comm: syz.2.421 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   73.862437][ T4963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.862454][ T4963] Call Trace:
[   73.862462][ T4963]  <TASK>
[   73.862472][ T4963]  __dump_stack+0x1d/0x30
[   73.862500][ T4963]  dump_stack_lvl+0xe8/0x140
[   73.862535][ T4963]  dump_stack+0x15/0x1b
[   73.862550][ T4963]  dump_header+0x81/0x220
[   73.862594][ T4963]  oom_kill_process+0x334/0x3f0
[   73.862624][ T4963]  out_of_memory+0x979/0xb80
[   73.862656][ T4963]  try_charge_memcg+0x5e6/0x9e0
[   73.862785][ T4963]  obj_cgroup_charge_pages+0xa6/0x150
[   73.862893][ T4963]  __memcg_kmem_charge_page+0x9f/0x170
[   73.862930][ T4963]  __alloc_frozen_pages_noprof+0x188/0x360
[   73.863005][ T4963]  alloc_pages_mpol+0xb3/0x250
[   73.863112][ T4963]  alloc_pages_noprof+0x90/0x130
[   73.863152][ T4963]  __vmalloc_node_range_noprof+0x6f2/0xe00
[   73.863249][ T4963]  __kvmalloc_node_noprof+0x30f/0x4e0
[   73.863317][ T4963]  ? ip_set_alloc+0x1f/0x30
[   73.863347][ T4963]  ? ip_set_alloc+0x1f/0x30
[   73.863382][ T4963]  ? __kmalloc_cache_noprof+0x189/0x320
[   73.863448][ T4963]  ip_set_alloc+0x1f/0x30
[   73.863508][ T4963]  hash_netiface_create+0x282/0x740
[   73.863580][ T4963]  ? __pfx_hash_netiface_create+0x10/0x10
[   73.863621][ T4963]  ip_set_create+0x3c9/0x960
[   73.863719][ T4963]  ? __nla_parse+0x40/0x60
[   73.863744][ T4963]  nfnetlink_rcv_msg+0x4c6/0x590
[   73.863777][ T4963]  ? should_fail_ex+0x30/0x280
[   73.863835][ T4963]  ? selinux_capable+0x1f9/0x270
[   73.863937][ T4963]  netlink_rcv_skb+0x123/0x220
[   73.863971][ T4963]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   73.864015][ T4963]  nfnetlink_rcv+0x16b/0x1690
[   73.864110][ T4963]  ? __kfree_skb+0x109/0x150
[   73.864141][ T4963]  ? nlmon_xmit+0x4f/0x60
[   73.864164][ T4963]  ? consume_skb+0x49/0x150
[   73.864345][ T4963]  ? nlmon_xmit+0x4f/0x60
[   73.864373][ T4963]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   73.864424][ T4963]  ? __dev_queue_xmit+0x11c0/0x1fb0
[   73.864442][ T4963]  ? __dev_queue_xmit+0x182/0x1fb0
[   73.864468][ T4963]  ? ref_tracker_free+0x37d/0x3e0
[   73.864569][ T4963]  ? __netlink_deliver_tap+0x4dc/0x500
[   73.864651][ T4963]  netlink_unicast+0x5a8/0x680
[   73.864695][ T4963]  netlink_sendmsg+0x58b/0x6b0
[   73.864725][ T4963]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.864748][ T4963]  __sock_sendmsg+0x142/0x180
[   73.864896][ T4963]  ____sys_sendmsg+0x31e/0x4e0
[   73.864919][ T4963]  ___sys_sendmsg+0x17b/0x1d0
[   73.865027][ T4963]  __x64_sys_sendmsg+0xd4/0x160
[   73.865068][ T4963]  x64_sys_call+0x2999/0x2fb0
[   73.865164][ T4963]  do_syscall_64+0xd2/0x200
[   73.865189][ T4963]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.865257][ T4963]  ? clear_bhb_loop+0x40/0x90
[   73.865280][ T4963]  ? clear_bhb_loop+0x40/0x90
[   73.865309][ T4963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.865337][ T4963] RIP: 0033:0x7f6bfaa1e9a9
[   73.865357][ T4963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.865388][ T4963] RSP: 002b:00007f6bf9087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.865413][ T4963] RAX: ffffffffffffffda RBX: 00007f6bfac45fa0 RCX: 00007f6bfaa1e9a9
[   73.865429][ T4963] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000007
[   73.865446][ T4963] RBP: 00007f6bfaaa0d69 R08: 0000000000000000 R09: 0000000000000000
[   73.865478][ T4963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.865490][ T4963] R13: 0000000000000000 R14: 00007f6bfac45fa0 R15: 00007fff3010e1e8
[   73.865515][ T4963]  </TASK>
[   74.215561][ T4963] memory: usage 307200kB, limit 307200kB, failcnt 529
[   74.222358][ T4963] memory+swap: usage 307576kB, limit 9007199254740988kB, failcnt 0
[   74.230298][ T4963] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[   74.237685][ T4963] Memory cgroup stats for /syz2:
[   74.237902][ T4963] cache 0
[   74.245856][ T4963] rss 0
[   74.248726][ T4963] shmem 0
[   74.251679][ T4963] mapped_file 0
[   74.255186][ T4963] dirty 0
[   74.258165][ T4963] writeback 0
[   74.261515][ T4963] workingset_refault_anon 190
[   74.266240][ T4963] workingset_refault_file 705
[   74.271020][ T4963] swap 385024
[   74.274385][ T4963] swapcached 0
[   74.277827][ T4963] pgpgin 16836
[   74.281228][ T4963] pgpgout 16833
[   74.284750][ T4963] pgfault 21973
[   74.288242][ T4963] pgmajfault 147
[   74.292328][ T4963] inactive_anon 0
[   74.296005][ T4963] active_anon 0
[   74.299638][ T4963] inactive_file 12288
[   74.303640][ T4963] active_file 0
[   74.307192][ T4963] unevictable 0
[   74.310696][ T4963] hierarchical_memory_limit 314572800
[   74.316151][ T4963] hierarchical_memsw_limit 9223372036854771712
[   74.322419][ T4963] total_cache 0
[   74.326098][ T4963] total_rss 0
[   74.329461][ T4963] total_shmem 0
[   74.333008][ T4963] total_mapped_file 0
[   74.337553][ T4963] total_dirty 0
[   74.341047][ T4963] total_writeback 0
[   74.344996][ T4963] total_workingset_refault_anon 190
[   74.350248][ T4963] total_workingset_refault_file 705
[   74.355512][ T4963] total_swap 385024
[   74.359349][ T4963] total_swapcached 0
[   74.363261][ T4963] total_pgpgin 16836
[   74.367244][ T4963] total_pgpgout 16833
[   74.371446][ T4963] total_pgfault 21973
[   74.375474][ T4963] total_pgmajfault 147
[   74.379584][ T4963] total_inactive_anon 0
[   74.383813][ T4963] total_active_anon 0
[   74.387892][ T4963] total_inactive_file 12288
[   74.392407][ T4963] total_active_file 0
[   74.396433][ T4963] total_unevictable 0
[   74.400434][ T4963] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.421,pid=4962,uid=0
[   74.415058][ T4963] Memory cgroup out of memory: Killed process 4962 (syz.2.421) total-vm:93760kB, anon-rss:1020kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   74.456085][ T3319] ==================================================================
[   74.464232][ T3319] BUG: KCSAN: data-race in __mod_timer / blk_add_timer
[   74.471120][ T3319] 
[   74.473465][ T3319] write to 0xffff8881023f4558 of 8 bytes by task 4967 on cpu 0:
[   74.481108][ T3319]  __mod_timer+0x5a1/0x840
[   74.485564][ T3319]  mod_timer+0x1f/0x30
[   74.489662][ T3319]  blk_add_timer+0x182/0x1a0
[   74.494631][ T3319]  blk_mq_start_request+0x15b/0x3b0
[   74.499878][ T3319]  scsi_queue_rq+0x1479/0x19a0
[   74.504693][ T3319]  blk_mq_dispatch_rq_list+0x2a3/0xf80
[   74.510185][ T3319]  __blk_mq_sched_dispatch_requests+0x7e5/0xc60
[   74.516462][ T3319]  blk_mq_sched_dispatch_requests+0x86/0x120
[   74.522479][ T3319]  blk_mq_run_hw_queue+0x17e/0x220
[   74.527639][ T3319]  blk_mq_dispatch_list+0x840/0xa10
[   74.532865][ T3319]  blk_mq_flush_plug_list+0x2d8/0x330
[   74.538280][ T3319]  __blk_flush_plug+0x222/0x2a0
[   74.543150][ T3319]  __submit_bio+0x2fc/0x4d0
[   74.547666][ T3319]  submit_bio_noacct_nocheck+0x208/0x6a0
[   74.553320][ T3319]  submit_bio_noacct+0x6c8/0x8f0
[   74.558289][ T3319]  submit_bio+0x227/0x240
[   74.562648][ T3319]  swap_read_folio+0x875/0xff0
[   74.567446][ T3319]  swap_cluster_readahead+0x3c0/0x3e0
[   74.572851][ T3319]  swapin_readahead+0xde/0x6f0
[   74.577644][ T3319]  do_swap_page+0x301/0x2430
[   74.582246][ T3319]  handle_mm_fault+0x9a5/0x2be0
[   74.587114][ T3319]  do_user_addr_fault+0x3fe/0x1090
[   74.592252][ T3319]  exc_page_fault+0x62/0xa0
[   74.596779][ T3319]  asm_exc_page_fault+0x26/0x30
[   74.601646][ T3319]  __get_user_8+0x14/0x30
[   74.605999][ T3319]  exit_robust_list+0x31/0x280
[   74.610781][ T3319]  futex_exit_release+0xe0/0x130
[   74.615745][ T3319]  exit_mm_release+0x1a/0x30
[   74.620360][ T3319]  exit_mm+0x38/0x190
[   74.624411][ T3319]  do_exit+0x417/0x1590
[   74.628597][ T3319]  do_group_exit+0xff/0x140
[   74.633136][ T3319]  get_signal+0xe59/0xf70
[   74.637497][ T3319]  arch_do_signal_or_restart+0x96/0x480
[   74.643060][ T3319]  exit_to_user_mode_loop+0x7a/0x100
[   74.648365][ T3319]  do_syscall_64+0x1d6/0x200
[   74.652968][ T3319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.658877][ T3319] 
[   74.661216][ T3319] read to 0xffff8881023f4558 of 8 bytes by task 3319 on cpu 1:
[   74.668771][ T3319]  blk_add_timer+0x115/0x1a0
[   74.673390][ T3319]  blk_mq_start_request+0x15b/0x3b0
[   74.678609][ T3319]  scsi_queue_rq+0x1479/0x19a0
[   74.683403][ T3319]  blk_mq_dispatch_rq_list+0x2a3/0xf80
[   74.688885][ T3319]  __blk_mq_sched_dispatch_requests+0x7e5/0xc60
[   74.695504][ T3319]  blk_mq_sched_dispatch_requests+0x86/0x120
[   74.701508][ T3319]  blk_mq_run_hw_queue+0x17e/0x220
[   74.706648][ T3319]  blk_mq_dispatch_list+0x840/0xa10
[   74.711883][ T3319]  blk_mq_flush_plug_list+0x2d8/0x330
[   74.717288][ T3319]  __blk_flush_plug+0x222/0x2a0
[   74.722159][ T3319]  __submit_bio+0x2fc/0x4d0
[   74.726678][ T3319]  submit_bio_noacct_nocheck+0x208/0x6a0
[   74.732343][ T3319]  submit_bio_noacct+0x6c8/0x8f0
[   74.737307][ T3319]  submit_bio+0x227/0x240
[   74.741663][ T3319]  swap_read_folio+0x875/0xff0
[   74.746451][ T3319]  swap_cluster_readahead+0x3c0/0x3e0
[   74.751856][ T3319]  swapin_readahead+0xde/0x6f0
[   74.756647][ T3319]  do_swap_page+0x301/0x2430
[   74.761248][ T3319]  handle_mm_fault+0x9a5/0x2be0
[   74.766115][ T3319]  do_user_addr_fault+0x636/0x1090
[   74.771259][ T3319]  exc_page_fault+0x62/0xa0
[   74.775786][ T3319]  asm_exc_page_fault+0x26/0x30
[   74.780665][ T3319] 
[   74.782998][ T3319] value changed: 0x00000000ffffa778 -> 0x00000000ffffaa21
[   74.790114][ T3319] 
[   74.792442][ T3319] Reported by Kernel Concurrency Sanitizer on:
[   74.798606][ T3319] CPU: 1 UID: 0 PID: 3319 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(voluntary) 
[   74.811207][ T3319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   74.821280][ T3319] ==================================================================