last executing test programs:

26.826218429s ago: executing program 3 (id=214):
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0xa4, 0xa0, 0x1, 0x0, 0x1, 0x20, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xb7b1, 0x4, @perf_bp={&(0x7f0000000080)}, 0x8, 0x5, 0x4, 0x8, 0x4, 0xff, 0x8, 0x0, 0x7fffffff, 0x0, 0x9}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x3fffffffc}, 0x0, 0x40000000, 0x0, 0x1, 0x63e4b27f, 0x8001, 0x8000}, 0x0, 0x7, r0, 0xa)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x4, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0xb2325, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x0, @mcast1, 0x2}}}, 0x80, 0x0}, 0x44)
r1 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r1, 0x84, 0x9, &(0x7f0000000380), 0x98)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x2)
openat$cgroup_procs(r2, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8918, &(0x7f0000000000)={'veth1_to_bridge\x00', @random="02008125d7e1"})
socket$kcm(0x29, 0x4, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[], 0x32600)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140))
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
r8 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@keyring={'key_or_keyring:', r8})
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r6, 0x0)

26.737724496s ago: executing program 3 (id=216):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x594, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_config_ext={0x4, 0xa5d4}, 0x4c58, 0x5, 0x0, 0x0, 0x4, 0x20002, 0x8, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x347142, 0x50)
ftruncate(r0, 0x2007ffc)

26.69732689s ago: executing program 3 (id=218):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val={'init_itable', 0x3d, 0x2}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@quota}]}, 0x3, 0x433, &(0x7f0000000d80)="$eJzs289rHFUcAPDvzCat6Q8TS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5Ms7vZTZN0k63u5wPTvjfzlve+++btvjcvG0DPGsn+SSL2RcTvETFYyzYWGKn9d3NlafrvlaXpJCqVt/5KquVurCxNF0WL1+0tMn0R6WdJHG5R78Kly+emyuXZi3l+fPH8++MLly4/N3d+6uzs2dkLk6dOnTg+8cLJyec7EmcW143hj+aPHHrtnatvTJ+++u7P3yZF/E1xdMjIehefrFQ6XF137a9LJ31dbAibUqoN0+ivjv/BKMVq5w3Gq592tXHAtqpUKpUH2l9ergD/Y0l0uwVAdxRf9Nn6tzh2aOpxV7j+Um0BlMV9Mz9qV/oizcv0N61vO2kkIk4v//NVdsT2PIcAAGjwfTb/ebbV/C+N+udC9+Z7KEMRcV9EHIiIkxFxMCLuj6iWfTAiHtpk/c2bJGvnP+m1LQW2Qdn878V8b6tx/lfM/mKolOf2V+PvT87MlWeP5e/JaPTvzvIT69Txwyu/fdHuWv38Lzuy+ou5YN6Oa327G18zM7U4dScx17v+ScRwX6v4k1s7AUlEHIqI4S3WMff0N0faXbt9/OvowD5T5euIp2r9vxxN8ReS9fcnx++J8uyx8eKuWOuXX6+82a7+O4q/A7L+3xO197K5/3NDSf1+7cLm67jyx+dt1zRbvf93JW83nPtwanHx4kTEruT1WqPrz082lZtcLZ/FP3q09fg/EKvvxOGIyG7ihyPikYh4NG/7YxHxeEQcXSf+n15+4r2tx7+9svhnWn7+tev/1cSuaD7TOlE69+N3DZUObSb+rP9PVFOj+ZmNfP5tpF1bu5sBAADgvyeNiH2RpGO30mk6Nlb7G/6DsSctzy8sPnNm/oMLM7XfCAxFf1o86Rqsex46kS/ri/xkU/54/tz4y9JANT82PV+e6Xbw0OP2thn/mT9L3W4dsO38Xgt6l/EPvcv4h95l/EPvajH+B7rRDmDntfr+/7gL7QB2XtP4t+0HPcT6H3qX8Q+9y/iHnrQwELf/kbyExJpEpHdFMyS2KdHtTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDO+DcAAP//rx3kEg==")
openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

26.428443061s ago: executing program 3 (id=219):
bind$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x0, @empty}}, 0x1e)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x22000011, &(0x7f0000000000)={[{@commit}, {@noblock_validity}, {@user_xattr}]}, 0x86, 0x48e, &(0x7f0000000400)="$eJzs3EtvVFUcAPD/nXaKFUoLPnkoo0hsRFtaUFmYGI0mbExMdKHLWipBChioiRAiaAwujZ9AXZr4CVzpxqgrjVvdGxNi2IguzJj7KlM6rdPpTKcyv18y7Tn3dc7/nnt6H+dOA+hbtfRHErEtIn6JiNE8u3SBWv7rxvVLs39dvzSbRL3+yh9Jttyf1y/NlotuK35vLbY5XomofJjEniblnr9w8dTM/PzcuSI/uXD67cnzFy4+cfL0zIm5E3Nnpo8ePXJ46umnpp/sSJwjaV13v3d2765jr3/y0mw93vj+y7T+A8X8xjhyY+susxa1GI56vbJk6lD288C6t765jDSkk8EeVoQ1SY//tLmqWf8fjYG42Xij8eIHPa0c0FX1er2+Y9nU/KxYOZBk84HblT4O/ao846f3v+VnY69Aeuvac/kNUBr3jeKTzxmM9L49Gcvv2Ae6VP62iHjtyt+fpp9o+hwCAKCzvk6vfx5vdv1XiXsblttejA2NRcTBiNgZEXdFxN0RcU9Etux9EXH/Gsuv3ZLPy682TPlpuN3YWpFe/z1TjG0tvf5bHLUZGyhyI1n81eTNk/Nzh4p9Mh7VLWl+apUyvnnh54+zRJNIag3Xf+knLb+8Fizq8fvglqXrHJ9ZmFlv3KVr70fsHny2SfzJ4khAEhG7ImJ3G9tP99nJx77Ym6a3b10+/7/jX0UHxpnqn0c8mrf/lbgl/lKSl7TS+OTkHTE/d2iyPCqW++HHqy835huP7loWRpvxd0Da/nc2Pf6L+MtuUI7Xnl97GVd//WjFe5p2j/+h5NUsPVRMe3dmYeHcVMRQMWHJ9Omb65b5cvk0/vH9zfv/zoh/PivW2xMR6UH8QEQ8GBH7iro/FBEPR8T+VeL/7vlH3lp9D/W2/Y+v1v4RY0kRf+rc4sB964mBU99+tVL5rbX/kSw1Xkxp5e9fqxVsd78BAADA/0klG4NOKhOL6UplYiJ/h7987HKwFu+cOZ6PVY9FtVI+6RpteB46VTwbLvPTt+QPR8SO7E2j4Sw/MXt2fqTHsUO/27pC/0/91q2XXoDNY03jaEn36gFsPN/XhP7VvP939b0rYJNw/of+pf9D/2rW/y9H3OhBVYAN5vwP/av1/u+NALjdOP9D/9L/oS8t/0r8cPGvE9r5pv/NxM5j61p9rYnqBpbV4cRAl7Ycjf+0owuJqPR817WfqGyGauwrElsiotW1Lje0aXna7kYNq/M9/KMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQQf8GAAD//4F+194=")
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r1, 0x0, 0xc, 0x0, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x8, 0x0, 0x0)
getsockopt$inet_opts(r1, 0x0, 0x9, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x66)
perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x280200, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, 0x0, 0x0)
creat(0x0, 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r6, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0xc7, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
mount$9p_fd(0x0, 0x0, &(0x7f0000000300), 0x80, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_uid}]}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000cae2cec2278426e9f17ece43f7984d3ae6010700fdcaaea40000bb6c00722f7fd69f3603dc610f2a03e4e3f1b16613373803a026e11a"], 0x48)

26.125561606s ago: executing program 3 (id=224):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0x1d9}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
unlinkat(0xffffffffffffffff, &(0x7f0000002140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
writev(r3, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
write$cgroup_pid(r6, &(0x7f0000000000), 0xffffff98)
splice(r2, 0x0, r6, 0x0, 0x80, 0x4)
write(r4, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000001340), 0x2931b90f, r7}, 0x38)
r8 = dup2(0xffffffffffffffff, r7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r8}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240))
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000c00)={[], [{@smackfsroot={'smackfsroot', 0x3d, ')'}}, {@uid_lt}, {@audit}, {@context={'context', 0x3d, 'staff_u'}}, {@subj_user={'subj_user', 0x3d, 'GPL\x00'}}]}, 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")

25.881932785s ago: executing program 3 (id=231):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRES16], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)

25.871100676s ago: executing program 32 (id=231):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRES16], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)

2.508622168s ago: executing program 0 (id=685):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x50)
pipe2$9p(&(0x7f0000001900), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x468, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x43c, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x25cf, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000, 0x0, 0xfffffffd, 0xfffffffc, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0xfffffffa, 0x7fffffff, 0x9, 0x10, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x7b2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x9, 0xfffffeff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x7, 0x100000, 0x1000, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0xd4, 0xc, 0x5, 0x0, 0x0, 0x0, 0x3032, 0x0, 0x10, 0x0, 0x6, 0x8, 0x0, 0x1, 0x0, 0xfffffffc, 0x0, 0x0, 0xb, 0x0, 0x1, 0x20000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x1, 0x2, 0x3ff, 0xfffffffc, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x9, 0x0, 0x0, 0x40000000, 0xffffffff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4]}, @TCA_TBF_RATE64={0xc}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x2, 0x0, 0x5, 0x0, 0x0, 0x40}}}]}}]}, 0x468}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000008000000000a90000000030a0300000000000000000002e000000c00020000000000000000010900010073797a30"], 0xb8}}, 0x0)

2.456845162s ago: executing program 0 (id=688):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000640)={[{@delalloc}, {@nodelalloc}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)={0x200000, 0x1f2, 0x12}, 0x18)
syz_usb_disconnect(r2)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r2, 0x40095505, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x1, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f7ff0000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r4}, 0x10)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f00000005c0)="f5", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
socket(0x10, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.925643255s ago: executing program 5 (id=692):
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\xac\xed\x00\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4c001}, 0x4004110)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x11, 0xa, 0x300)
socket$kcm(0x2, 0xa, 0x2)
socket$kcm(0x2, 0xa, 0x73)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x18)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x480d5}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000040))
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r8, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
shutdown(r8, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010027bd7000fbdbdf250f00000005002f000100000005002a0001000000050029000100000008000300", @ANYRES32=r9], 0x54}, 0x1, 0x0, 0x0, 0x24004040}, 0x24008824)

1.660630267s ago: executing program 1 (id=698):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r1, @ANYRESDEC=0x0], 0x1c}}, 0x20040040)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='security.selinux\x00', 0x0, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r5, 0x4018f50b, &(0x7f0000000080)={0x0, 0x1058a078, 0x6})
connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e21, 0x1393, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c)
close_range(r4, 0xffffffffffffffff, 0x0)

1.638337598s ago: executing program 0 (id=699):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x9}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f00000004c0)={[], [{@smackfshat={'smackfshat', 0x3d, '%:'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}, 0xfd, 0x440, &(0x7f00000007c0)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckG0LdG05ckYk9E/B4Rw9VsfYHR6j83V5am/15Zmk6iXH7zr6RS7sbK0nReNH/f7jwzEFH4NIlDTepduHT53FSpNHsxy48vnn9vfOHS5Wfnzk+dnT07e2Hy1KkTxyeePzn5XFfiTOO6cfDD+cMHXn376uvTp6++8/O3SR5/QxxdMtru4OPlcper6629NelkoIcNoSPFajeNwUr/H45irJ284Xjlk542DthS5XK5fF/rw8tl4C6WRK9bAPRG/kOfzn/zbZuGHneE6y9WJ0Bp3DezrXpkIApZmcGG+W03jUbE6eV/vkq32Jr7EAAAdb5Pxz/PNBv/FaL2vtD/szWUkYi4JyL2RcTJiNgfEfdGVMreHxEPdFh/4yLJ+vFP4dqmAtugdPz3Qra2VT/+y0d/MVLMcnsr8Q8mZ+ZKs8eyz+RoDO5I8xNt6vjh5d8+b3WsdvyXbmn9+Vgwa8e1gR3175mZWpy6nZhrXf844uBAs/iT1ZWAJCIORMTBTdYx99Q3h1sdu3X8bXRhnan8dcQT1fO/HA3x55L265Pj/4vS7LHx/KpY75dfr7zRqv7bir8L0vO/q+n1vxr/SFK7XrvQyf/+5ZPp65U/Pms5p9ns9T+UvFW374OpxcWLExFDyWvVRtfun2woN7lWPo3/6JHm/X9frH0ShyIivYgfjIiHIuLhrO2PRMSjEXGkzafw00uPvbv5+LdWGv9MR+d/LTEUjXuaJ4rnfvyurtKRTuJPz/+JSupotmcj338baVenVzMAAAD8VxUiYk8khbHVdKEwNlb9G/79satQml9YfPrM/PsXZqrPCIzEYCG/0zVccz90IpvW5/nJhvzx7L7xF8WdlfzY9HxpptfBQ5/b3aL/p/4s9rp1wJbzvBb0L/0f+pf+D/1L/4f+1aT/7+xFO4Dt1+z3/6MetAPYfg3937If9BHzf+hfm+n/vjPg7tC2Lw9tXzuAbbWwM279kLyExLpEFO6IZkhsUaLX30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8W8AAAD//58P56I=")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)

1.589482742s ago: executing program 5 (id=701):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = open(&(0x7f0000000140)='./file2\x00', 0x242842, 0x184)
preadv2(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000540)={'bridge0\x00', 0xa})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x0, 0x0, 0x10, 0xfe, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x883, 0x4, 0x0, 0x6, 0xfffffffffffff000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r3, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000001dc0)={0x0, 0x0, 0x80000}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x28}, [0xffffff00, 0xffffff00, 0x0, 0xff000000], [0xff, 0x0, 0x9f19fd7a5e924fa7, 0xff], 'macvtap0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x2b, 0x7, 0x5, 0x10}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@tcpmss={{0x28}, {0x39d3, 0x9, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
semop(0x0, &(0x7f0000000040)=[{0x4, 0x1}], 0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x9c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1], 0x0, [0x8, 0x6, 0x3c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0x9c}}, 0x0)

1.557614945s ago: executing program 2 (id=704):
add_key(&(0x7f0000000800)='asymmetric\x00', 0x0, &(0x7f0000000840)='\x00', 0x1, 0xffffffffffffffff) (fail_nth: 12)

1.426004395s ago: executing program 2 (id=705):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xa, 0x101, 0x7ffc, 0xcc}, 0x50)

1.412845257s ago: executing program 5 (id=706):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x800000000000, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
memfd_create(0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x28}, [0xffffff00, 0xffffff00, 0x0, 0xff000000], [0xff, 0x0, 0x9f19fd7a5e924fa7, 0xff], 'macvtap0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x2b, 0x7, 0x5, 0x10}, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x200)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r8, 0xc08c5335, &(0x7f0000001200)={0x7, 0x9, 0x1, 'queue1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/227, 0xe3}], 0x1, 0x3523, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='tegra_dma_tx_status\x00', r9, 0x0, 0x6}, 0x18)

1.320585344s ago: executing program 1 (id=707):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f00000003c0)={'ip6_vti0\x00', <r4=>0x0, 0x4, 0x3, 0x6, 0xfffffffe, 0x3d, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x80, 0x80, 0x1, 0x9}})
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000580)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x58, r3, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x13}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xff}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x41)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1d, 0xc, &(0x7f0000000b80)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r1, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$kcm(0x2, 0x5, 0x0)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000140)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0}, 0x0)
accept4$unix(r5, &(0x7f0000000800), &(0x7f0000000880)=0x6e, 0x80000)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000006600816657bb97c9269de9aaec8488040f0000004cb9cca7480ef402000000e305000a00000200000000", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)
sendmsg$inet(r7, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000040)='t', 0x1}, {&(0x7f0000000780)="5484b671942b39b666b0f491121b7b8a33dde9cefa6dbde7c255b947c2d94ddf6d423e84ff2a63faa2337c99feed0fb190f097fce7d5eae4f6166d78e1c4ed9df9e3067e95f024ff5acf350b19f539e1de8c0147", 0x54}], 0x2}, 0x24004003)

1.282841147s ago: executing program 0 (id=708):
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)=""/29, 0x1d}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@deltclass={0x24, 0x29, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0x3, 0xfff3}, {0xfff2, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x503, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x2}, @IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x7}]}}}]}, 0x44}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x81}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000084}, 0x8890)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)=""/29, 0x1d}], 0x1}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@deltclass={0x24, 0x29, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0x3, 0xfff3}, {0xfff2, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x8000) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x503, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x2}, @IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x7}]}}}]}, 0x44}}, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'lo\x00'}) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x81}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000084}, 0x8890) (async)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)

1.272117978s ago: executing program 2 (id=709):
sigaltstack(0x0, 0x0)

1.141291999s ago: executing program 0 (id=710):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000640)={[{@delalloc}, {@nodelalloc}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)={0x200000, 0x1f2, 0x12}, 0x18)
syz_usb_disconnect(r2)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r2, 0x40095505, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x1, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f7ff0000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r4}, 0x10)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f00000005c0)="f5", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
socket(0x10, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.140875838s ago: executing program 2 (id=711):
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0xa0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0xd}, 0x4c58, 0xfffffffffffffff8, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000010c0)='f2fs_background_gc\x00', r1, 0x0, 0x3}, 0x18)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x2, 0x4e, @local, @loopback, 0x10, 0x40, 0x0, 0x4}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', 0x0})
getresuid(&(0x7f0000000040), &(0x7f00000001c0), &(0x7f00000000c0))
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x84, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0xab, @remote, 0x8000}}, [0xd, 0x580, 0x7, 0x8000000005, 0x1, 0xffffffffffffffff, 0x26b3, 0x5, 0x7, 0x10001, 0xfffffffffffffffd, 0x100000000, 0x0, 0xfffd, 0x4]}, &(0x7f0000000180)=0x100)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0xfd, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xe9, 0x4}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x101402, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$ext4(&(0x7f0000000640)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x2c0c044, &(0x7f0000000600), 0x1, 0x539, &(0x7f00000000c0)="$eJzs3c9vG1kdAPDvjOP+zDZZwWFZiaWCRekKajcN2404FFZC3BaBlgunEho3iurEVezsNtaKpuIPQEIIkDhx4gASF25IaP8EhLQS3BEgEIIuewBp2UEe263j2MSb2rGIPx9p7Pfm1/f73MlL3szUE8DMuhwR1yPigyzLWvWFnmVp6yWJiP32eu8+eut2a0oiy17/e5IvatVbq13p2e5ie5O4upTlvpUcjlvfa95dq1YrO516ubF1r1zfa17d3FrbqGxUtldWlm+svrL68uq1sbRzPiJufunPP/juT79889efffMPt/565dtJp3nR046x+NmTYnv/xTjXs3guInbGFmy6Cp32FI9edf7SwfrlAYcFAAATlnamT0YhXoqFKIzylxwAAADwfyX7wny8n0RkhwyYNcDZvnoxBu0LAAAAmKY0vzc2SUud+wDmI01LpYh/Z1n20biQVmv1xmfu1Ha319v30C5GMb2zWa1c69wrvBjFpFVfzstP6tf76isR8WxEfH/hfF4v3a5V16d98gMAAABmxMW+8f97C+3xPwAAAHDKLE47AQAAAGDijP8BAADg9PtQ4/9fzk0uEQAAAGASvvraa60p6z7/ev2Nvd27tTeurlfqd0tbu7dLWW3nXmmjVtvIv7Nv66j9VWu1e5+L7d375Ual3ijX95q3tmq7241bmwcegQ0AAACcoGc/8fbvk4jY//z5fGo5M+2kgBMx9/hlBH+abC7AySpMOwFgatzMC7OrOO0EgKlLjlg+9Oad34w/FwAAYDKWPjb4+n9y5LmB/fSEUgQmxPk/mF2u/8PsOsb1f/+PF06JYhTCQB5m24e4/n9wyDD8+v97za/s9FSz7Li5AQAA4zGfT0laisjPA8xHmpZKEc/kjwUoJnc2q5VrEXEpIn63UDzbqi/nWyauHQAAAAAAAAAAAAAAAAAAAAAAAADAiLIsiQwAAAA41SLSvySd538tLbw4339+4Ezyr4X8PSLe/PHrP7y/1mjsLLfm/+Px/MaPOvOvt7c5xjNFAQAAgDHqjtO743gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKd3H711uzudZNy/vRoRi4Piz8W5/P1cFCPiwj+TmOvZLomIwhji7z+MiOcGxU9aacViJ4tB8c9PMX4aERfHEB9m2dut/ueLg37+0ricvw/++buR91BP72D/d+bJgqRbOJf3c4P6n2dGjPH8O78oD43/MOL5ucH9T7f/TTrxL/XF/9SA/b168/C8b3692RwWP/tJxNLA3z/JgVjlxta9cn2veXVza22jslHZXllZvrH6yurLq9fKdzarlc5rT5d8+XHpex//1QdD2589iAtD4i/2tb//839x2E77/Oed+48+0i4WD8U/2ykMOP6eGxI/7fzu+3Sn3Fq+1C3vt8u9Xvj5b18Y2v6HEevt9s8d9e/f3/4rI7b/pa99548jrgoAnID6XvPuWrVa2RlD4f0sy46zeSHGEf1pCk/1abT+LBph5TSOk9j+ND+WU194MNXoZ0Y5bB4XsgftY3SsaRSG73CKnRIAADAR9b0kvjHtJAAAAAAAAAAAAAAAAAAAAGDGneS363XtT6epAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/038DAAD//2lw0Ko=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000240)='./file0\x00', 0x12000021)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x0, 0x0)
socket(0x8, 0x1, 0x9)
getpid()
r4 = gettid()
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x88000)
read(r5, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000100)={0x377, @time={0x72, 0x1ff}, 0x0, {0x0, 0xb0}})
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000940)={{0x0, 0x3}, {0x1}})
tkill(r4, 0x7)

1.060369605s ago: executing program 1 (id=712):
socket(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={0x0, 0xd}, 0xb008, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xc88}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="34bf58056c00000004000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
setrlimit(0x40000000000008, &(0x7f0000000000))
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000600)={0x200000000000001, 0x3}, 0x8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x401c000, &(0x7f0000000540)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c)

969.717972ms ago: executing program 1 (id=714):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000007140)={'veth0\x00', &(0x7f0000007040)=@ethtool_eeprom={0x43, 0x400, 0x8}})
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x6995}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

969.160342ms ago: executing program 4 (id=715):
mprotect(&(0x7f0000712000/0x1000)=nil, 0x1000, 0x100000c)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000020000000000000000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kfree\x00', r0, 0x0, 0x9}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
acct(&(0x7f0000000040)='./file0\x00')

875.84665ms ago: executing program 4 (id=716):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000040)})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440))
r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r1, 0x0, 0x400000000000000, 0x2)

823.441834ms ago: executing program 1 (id=717):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a00)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@decl_tag={0x4, 0x0, 0x0, 0x11, 0x5, 0x8}, @restrict={0x5, 0x0, 0x0, 0xb, 0x4}]}, {0x0, [0x30, 0x0]}}, &(0x7f0000000a80)=""/213, 0x38, 0xd5, 0x1, 0xcc85}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000e40)=ANY=[@ANYRES32=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
setitimer(0x2, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$xdp(0x2c, 0x3, 0x0)
accept(r4, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x9, 0x14, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfff}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}]}, &(0x7f0000000480)='syzkaller\x00', 0x200, 0x97, &(0x7f0000000740)=""/151, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x1, 0xc, 0x7, 0x4}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000005c0)=[r2, 0x1, r2, r2], &(0x7f0000000800)=[{0x2, 0x4, 0x10, 0x6}, {0x2, 0x5, 0x6, 0x2}, {0x4, 0x3, 0x3, 0x4}, {0x5, 0x1, 0x10, 0x5}, {0x3, 0x4, 0x4, 0x4}, {0x2, 0x2, 0xc, 0x9}, {0x5, 0x5, 0x6, 0x6}, {0x2, 0x2, 0xf, 0xc}, {0x5, 0x1, 0x1, 0x4}, {0x1, 0x1, 0xc, 0x2}], 0x10, 0x1ff}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r2}, &(0x7f0000000300), &(0x7f0000000640)=r5}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x2d)
setxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000280)='system_u:object_r:event_device_t:s0\x00', 0x24, 0x1)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x3c}}, 0x4000000)

576.146754ms ago: executing program 4 (id=718):
r0 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x2, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f0000000040)={@random="871000bb2c00", @local, @val={@val={0x88a8, 0x3, 0x1, 0x3}, {0x8100, 0x0, 0x1, 0x4}}, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x2, 0x7, 0x24, 0x65, 0x0, 0x9, 0x21, 0x0, @loopback, @local}, {{0x4e20, 0x4e20, 0x4, 0x1, 0xb, 0x0, 0x0, 0x6, 0x1, "196b36", 0x2, '5\x00'}}}}}}, 0x0)

518.518889ms ago: executing program 5 (id=719):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x9}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f00000004c0)={[], [{@smackfshat={'smackfshat', 0x3d, '%:'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}, 0xfd, 0x440, &(0x7f00000007c0)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckG0LdG05ckYk9E/B4Rw9VsfYHR6j83V5am/15Zmk6iXH7zr6RS7sbK0nReNH/f7jwzEFH4NIlDTepduHT53FSpNHsxy48vnn9vfOHS5Wfnzk+dnT07e2Hy1KkTxyeePzn5XFfiTOO6cfDD+cMHXn376uvTp6++8/O3SR5/QxxdMtru4OPlcper6629NelkoIcNoSPFajeNwUr/H45irJ284Xjlk542DthS5XK5fF/rw8tl4C6WRK9bAPRG/kOfzn/zbZuGHneE6y9WJ0Bp3DezrXpkIApZmcGG+W03jUbE6eV/vkq32Jr7EAAAdb5Pxz/PNBv/FaL2vtD/szWUkYi4JyL2RcTJiNgfEfdGVMreHxEPdFh/4yLJ+vFP4dqmAtugdPz3Qra2VT/+y0d/MVLMcnsr8Q8mZ+ZKs8eyz+RoDO5I8xNt6vjh5d8+b3WsdvyXbmn9+Vgwa8e1gR3175mZWpy6nZhrXf844uBAs/iT1ZWAJCIORMTBTdYx99Q3h1sdu3X8bXRhnan8dcQT1fO/HA3x55L265Pj/4vS7LHx/KpY75dfr7zRqv7bir8L0vO/q+n1vxr/SFK7XrvQyf/+5ZPp65U/Pms5p9ns9T+UvFW374OpxcWLExFDyWvVRtfun2woN7lWPo3/6JHm/X9frH0ShyIivYgfjIiHIuLhrO2PRMSjEXGkzafw00uPvbv5+LdWGv9MR+d/LTEUjXuaJ4rnfvyurtKRTuJPz/+JSupotmcj338baVenVzMAAAD8VxUiYk8khbHVdKEwNlb9G/79satQml9YfPrM/PsXZqrPCIzEYCG/0zVccz90IpvW5/nJhvzx7L7xF8WdlfzY9HxpptfBQ5/b3aL/p/4s9rp1wJbzvBb0L/0f+pf+D/1L/4f+1aT/7+xFO4Dt1+z3/6MetAPYfg3937If9BHzf+hfm+n/vjPg7tC2Lw9tXzuAbbWwM279kLyExLpEFO6IZkhsUaLX30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8W8AAAD//58P56I=")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)

486.833691ms ago: executing program 4 (id=720):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
fcntl$lock(0xffffffffffffffff, 0x25, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, 0x0)
perf_event_open(0x0, 0x0, 0xd, 0xffffffffffffffff, 0xe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

459.289133ms ago: executing program 4 (id=721):
sigaltstack(0x0, 0x0)

449.937334ms ago: executing program 5 (id=722):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@errors_remount}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x10}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@nojournal_checksum}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000740)={{}, {0x1, 0x2}, [{0x2, 0x5}], {}, [{0x8, 0x2}], {0x10, 0x5}}, 0x34, 0x2)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
mq_open(0x0, 0x42, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x18)
gettid()
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
keyctl$get_security(0x11, 0x0, &(0x7f0000000480)=""/232, 0xe8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={0x0}, 0x1, 0x0, 0x0, 0x24008050}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x46, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x81)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380), 0x2280400, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})

397.631678ms ago: executing program 4 (id=723):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000c75655592ae2cf4b00d7000000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket(0x2, 0x3, 0xff)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x18}}, 0x4020)
r1 = socket$kcm(0x11, 0x3, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000000000bf3b1b8600005335710858461d521d86422f33258c1aba4484d81f75ba06f6d70ddc82d937435921bf1a498906f7c2b5ec5d1238c9422a91b9dff238997efa88010dc20692749db1a97bf32f9d3155b0270cb44e1c9abab8c849c71aa6e6cbd30a1720416e18daae5dbfef3e5ebe982a8f08b19f280270dd5c48989eb106fd6425f2eac83b5603a37ac4e52ae31ff1fae2f6d8495cb87dcd79fb832f34e42657622529c6d61af844fa09dced9ef27048aea08de0d11e4565675d6cd8fd3a9627a43df3fda9282a6196e990132be43c16907c93dfa733d03680edab5c08fa55b3dadd1a61864956e8721ef2206943fbac6a8ff896f8d49739c64f22dcec3a70ad689be73c65b42cc2fb6cd9512213962ddbba0a868598c41331e11c20db74df1a7d5dde320172774e68278e10121585c17498d6cdf5c6205f5bbb8fc12b2376f6a3f8713bf23a18df92c8d77267bbca516da8cc750c2d6a33e635a7749ef25a046df96b565ae609ff0618bfc033f3cbe630c320144118da3b7abbfa7b7c7ea6eb7af6f9b20b6fae4544f26bc982fb098216"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r3, 0x0, 0x0, 0x24000080, 0x0, 0x0)

335.241783ms ago: executing program 2 (id=724):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val={'init_itable', 0x3d, 0x2}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@quota}]}, 0x3, 0x433, &(0x7f0000000d80)="$eJzs289rHFUcAPDvzCat6Q8TS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5Ms7vZTZN0k63u5wPTvjfzlve+++btvjcvG0DPGsn+SSL2RcTvETFYyzYWGKn9d3NlafrvlaXpJCqVt/5KquVurCxNF0WL1+0tMn0R6WdJHG5R78Kly+emyuXZi3l+fPH8++MLly4/N3d+6uzs2dkLk6dOnTg+8cLJyec7EmcW143hj+aPHHrtnatvTJ+++u7P3yZF/E1xdMjIehefrFQ6XF137a9LJ31dbAibUqoN0+ivjv/BKMVq5w3Gq592tXHAtqpUKpUH2l9ergD/Y0l0uwVAdxRf9Nn6tzh2aOpxV7j+Um0BlMV9Mz9qV/oizcv0N61vO2kkIk4v//NVdsT2PIcAAGjwfTb/ebbV/C+N+udC9+Z7KEMRcV9EHIiIkxFxMCLuj6iWfTAiHtpk/c2bJGvnP+m1LQW2Qdn878V8b6tx/lfM/mKolOf2V+PvT87MlWeP5e/JaPTvzvIT69Txwyu/fdHuWv38Lzuy+ou5YN6Oa327G18zM7U4dScx17v+ScRwX6v4k1s7AUlEHIqI4S3WMff0N0faXbt9/OvowD5T5euIp2r9vxxN8ReS9fcnx++J8uyx8eKuWOuXX6+82a7+O4q/A7L+3xO197K5/3NDSf1+7cLm67jyx+dt1zRbvf93JW83nPtwanHx4kTEruT1WqPrz082lZtcLZ/FP3q09fg/EKvvxOGIyG7ihyPikYh4NG/7YxHxeEQcXSf+n15+4r2tx7+9svhnWn7+tev/1cSuaD7TOlE69+N3DZUObSb+rP9PVFOj+ZmNfP5tpF1bu5sBAADgvyeNiH2RpGO30mk6Nlb7G/6DsSctzy8sPnNm/oMLM7XfCAxFf1o86Rqsex46kS/ri/xkU/54/tz4y9JANT82PV+e6Xbw0OP2thn/mT9L3W4dsO38Xgt6l/EPvcv4h95l/EPvajH+B7rRDmDntfr+/7gL7QB2XtP4t+0HPcT6H3qX8Q+9y/iHnrQwELf/kbyExJpEpHdFMyS2KdHtTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDO+DcAAP//rx3kEg==")
openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

222.493563ms ago: executing program 2 (id=725):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='rseq_update\x00', r1}, 0x18)
rseq(&(0x7f0000000080), 0x20, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = eventfd2(0x0, 0x0)
read$eventfd(r3, &(0x7f0000000040), 0x8)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8cffffffffffffff}, 0x3b35}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000006"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x54, 0x1, 0x0, 0x0, 0x0, 0x7, 0xa5570, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={0x0, 0xd}, 0x10000, 0x10000, 0x0, 0x0, 0x8, 0x20205, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)

113.362801ms ago: executing program 5 (id=726):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x800000000000, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
memfd_create(0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x28}, [0xffffff00, 0xffffff00, 0x0, 0xff000000], [0xff, 0x0, 0x9f19fd7a5e924fa7, 0xff], 'macvtap0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x2b, 0x7, 0x5, 0x10}, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x200)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r8, 0xc08c5335, &(0x7f0000001200)={0x7, 0x9, 0x1, 'queue1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)

68.214665ms ago: executing program 0 (id=727):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'nr0\x00', <r1=>0x0})
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfa, 0xfa, 0x4, [@fwd={0xa}, @var={0x3, 0x0, 0x0, 0xe, 0x2}, @datasec={0x1, 0x1, 0x0, 0xf, 0x2, [{0x5, 0x56daa5c, 0xfffffff7}], "1a71"}, @ptr={0x3, 0x0, 0x0, 0x2, 0x3}, @enum={0xa, 0x5, 0x0, 0x6, 0x4, [{0xf, 0x2}, {0xf, 0xe0a}, {0x7, 0x243}, {0x4, 0x5}, {0x7, 0x6}]}, @fwd={0x2}, @union={0x3, 0x9, 0x0, 0x5, 0x1, 0x8, [{0x2, 0x1, 0x1}, {0x1, 0x1, 0x2}, {0x4, 0x5, 0x7}, {0x9, 0x2, 0x8}, {0xb, 0x4, 0x24}, {0xc, 0x2, 0x8ec}, {0x8, 0x1, 0xb}, {0x9, 0x0, 0x6}, {0x7, 0x5, 0x4a}]}]}, {0x0, [0x5f, 0x0]}}, &(0x7f00000008c0)=""/184, 0x118, 0xb8, 0x0, 0x8001, 0x10000}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007100000f8e3ffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x25, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000ff1f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4014)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r6}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)
get_mempolicy(0x0, 0x0, 0x73e, &(0x7f0000433000/0x2000)=nil, 0x3)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000100)={0x209b, 0x3, 0x0, 0x7ffffff9}, 0x10)
r8 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x1000, 0xfffffffe, 0x21e}, &(0x7f00000003c0)=<r9=>0x0, &(0x7f0000000040))
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r11}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r8, 0x47fa, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=728):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="6d9312000000f8dbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x880)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r1) (fail_nth: 7)

kernel console output (not intermixed with test programs):

4967295 subj=root:sysadm_r:sysadm_t pid=3760 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   44.668895][   T29] audit: type=1326 audit(44.602:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3760 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   44.692088][   T29] audit: type=1326 audit(44.602:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3760 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   44.714981][   T29] audit: type=1326 audit(44.602:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3760 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   44.737581][   T29] audit: type=1326 audit(44.602:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3760 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   44.762717][ T3766] FAULT_INJECTION: forcing a failure.
[   44.762717][ T3766] name failslab, interval 1, probability 0, space 0, times 1
[   44.775435][ T3766] CPU: 0 UID: 0 PID: 3766 Comm: syz.2.92 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   44.775464][ T3766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.775484][ T3766] Call Trace:
[   44.775492][ T3766]  <TASK>
[   44.775501][ T3766]  __dump_stack+0x1d/0x30
[   44.775539][ T3766]  dump_stack_lvl+0xe8/0x140
[   44.775564][ T3766]  dump_stack+0x15/0x1b
[   44.775583][ T3766]  should_fail_ex+0x265/0x280
[   44.775615][ T3766]  should_failslab+0x8c/0xb0
[   44.775644][ T3766]  kmem_cache_alloc_noprof+0x50/0x310
[   44.775678][ T3766]  ? skb_clone+0x151/0x1f0
[   44.775714][ T3766]  skb_clone+0x151/0x1f0
[   44.775741][ T3766]  __netlink_deliver_tap+0x2c9/0x500
[   44.775853][ T3766]  netlink_unicast+0x653/0x680
[   44.775879][ T3766]  netlink_sendmsg+0x58b/0x6b0
[   44.775977][ T3766]  ? __pfx_netlink_sendmsg+0x10/0x10
[   44.776081][ T3766]  __sock_sendmsg+0x142/0x180
[   44.776113][ T3766]  ____sys_sendmsg+0x31e/0x4e0
[   44.776215][ T3766]  ___sys_sendmsg+0x17b/0x1d0
[   44.776263][ T3766]  __x64_sys_sendmsg+0xd4/0x160
[   44.776402][ T3766]  x64_sys_call+0x191e/0x2ff0
[   44.776430][ T3766]  do_syscall_64+0xd2/0x200
[   44.776460][ T3766]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   44.776498][ T3766]  ? clear_bhb_loop+0x40/0x90
[   44.776520][ T3766]  ? clear_bhb_loop+0x40/0x90
[   44.776548][ T3766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.776576][ T3766] RIP: 0033:0x7f940355e9a9
[   44.776598][ T3766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   44.776744][ T3766] RSP: 002b:00007f9401bbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   44.776768][ T3766] RAX: ffffffffffffffda RBX: 00007f9403785fa0 RCX: 00007f940355e9a9
[   44.776837][ T3766] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[   44.776852][ T3766] RBP: 00007f9401bbf090 R08: 0000000000000000 R09: 0000000000000000
[   44.776925][ T3766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.776940][ T3766] R13: 0000000000000000 R14: 00007f9403785fa0 R15: 00007ffedad2a368
[   44.776964][ T3766]  </TASK>
[   44.906697][   T29] audit: type=1326 audit(44.632:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3762 comm="syz.2.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   45.016789][   T29] audit: type=1326 audit(44.632:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3762 comm="syz.2.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   45.039878][   T29] audit: type=1326 audit(44.632:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3762 comm="syz.2.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   45.106050][   T12] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   45.131980][   T12] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   45.144545][   T12] EXT4-fs (loop4): This should not happen!! Data will be lost
[   45.144545][   T12] 
[   45.154252][   T12] EXT4-fs (loop4): Total free blocks count 0
[   45.160960][   T12] EXT4-fs (loop4): Free/Dirty block details
[   45.166891][   T12] EXT4-fs (loop4): free_blocks=2415919104
[   45.172892][   T12] EXT4-fs (loop4): dirty_blocks=8208
[   45.178214][   T12] EXT4-fs (loop4): Block reservation details
[   45.185751][   T12] EXT4-fs (loop4): i_reserved_data_blocks=513
[   45.205752][ T3771] xt_hashlimit: size too large, truncated to 1048576
[   45.212615][ T3771] xt_hashlimit: Unknown mode mask 80FF, kernel too old?
[   45.244874][ T3777] loop0: detected capacity change from 0 to 1756
[   45.248697][   T12] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   45.392864][ T3777] syzkaller0: entered promiscuous mode
[   45.398415][ T3777] syzkaller0: entered allmulticast mode
[   45.507885][ T3781] loop2: detected capacity change from 0 to 1024
[   45.514775][ T3781] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   45.544549][ T3789] loop0: detected capacity change from 0 to 512
[   45.552429][ T3789] ext4: Unknown parameter '"'
[   45.588893][ T3793] FAULT_INJECTION: forcing a failure.
[   45.588893][ T3793] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   45.602461][ T3793] CPU: 1 UID: 0 PID: 3793 Comm: syz.4.102 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   45.602550][ T3793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.602566][ T3793] Call Trace:
[   45.602573][ T3793]  <TASK>
[   45.602641][ T3793]  __dump_stack+0x1d/0x30
[   45.602734][ T3793]  dump_stack_lvl+0xe8/0x140
[   45.602799][ T3793]  dump_stack+0x15/0x1b
[   45.602820][ T3793]  should_fail_ex+0x265/0x280
[   45.602856][ T3793]  should_fail_alloc_page+0xf2/0x100
[   45.602901][ T3793]  __alloc_frozen_pages_noprof+0xff/0x360
[   45.602949][ T3793]  alloc_pages_mpol+0xb3/0x250
[   45.602988][ T3793]  vma_alloc_folio_noprof+0x1aa/0x300
[   45.603066][ T3793]  handle_mm_fault+0xec2/0x2be0
[   45.603091][ T3793]  ? __rcu_read_unlock+0x4f/0x70
[   45.603142][ T3793]  do_user_addr_fault+0x3fe/0x1090
[   45.603221][ T3793]  exc_page_fault+0x62/0xa0
[   45.603317][ T3793]  asm_exc_page_fault+0x26/0x30
[   45.603343][ T3793] RIP: 0010:rep_movs_alternative+0x4a/0x90
[   45.603397][ T3793] Code: f1 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 0f f1 01 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[   45.603420][ T3793] RSP: 0018:ffffc90002cf7e00 EFLAGS: 00050206
[   45.603440][ T3793] RAX: ffff88811a266c18 RBX: 00000000000000fd RCX: 00000000000000fd
[   45.603456][ T3793] RDX: 0000000000000000 RSI: ffff88812ea6d000 RDI: 0000200000001200
[   45.603489][ T3793] RBP: 0000000000001000 R08: 000000000000085d R09: 0000000000000000
[   45.603504][ T3793] R10: 000188812ea6d000 R11: 000188812ea6d0fc R12: 00002000000012fd
[   45.603519][ T3793] R13: 00007ffffffff000 R14: 0000200000001200 R15: ffff88812ea6d000
[   45.603544][ T3793]  _copy_to_user+0x7c/0xa0
[   45.603718][ T3793]  vfs_readlink+0x1dd/0x390
[   45.603741][ T3793]  ? __pfx_shmem_put_link+0x10/0x10
[   45.603770][ T3793]  do_readlinkat+0x144/0x320
[   45.603810][ T3793]  __x64_sys_readlink+0x47/0x60
[   45.603841][ T3793]  x64_sys_call+0x28da/0x2ff0
[   45.603922][ T3793]  do_syscall_64+0xd2/0x200
[   45.603954][ T3793]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.603997][ T3793]  ? clear_bhb_loop+0x40/0x90
[   45.604073][ T3793]  ? clear_bhb_loop+0x40/0x90
[   45.604102][ T3793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.604197][ T3793] RIP: 0033:0x7fb824a7e9a9
[   45.604277][ T3793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.604301][ T3793] RSP: 002b:00007fb8230e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000059
[   45.604324][ T3793] RAX: ffffffffffffffda RBX: 00007fb824ca5fa0 RCX: 00007fb824a7e9a9
[   45.604340][ T3793] RDX: 0000000000001000 RSI: 0000200000001200 RDI: 0000200000000240
[   45.604356][ T3793] RBP: 00007fb8230e7090 R08: 0000000000000000 R09: 0000000000000000
[   45.604371][ T3793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.604386][ T3793] R13: 0000000000000000 R14: 00007fb824ca5fa0 R15: 00007fff02da7118
[   45.604411][ T3793]  </TASK>
[   45.929652][ T3797] netlink: 'syz.4.104': attribute type 4 has an invalid length.
[   45.937460][ T3797] __nla_validate_parse: 4 callbacks suppressed
[   45.937472][ T3797] netlink: 17 bytes leftover after parsing attributes in process `syz.4.104'.
[   45.988366][ T3802] batadv_slave_0: entered promiscuous mode
[   45.998789][ T3804] netlink: 4 bytes leftover after parsing attributes in process `syz.4.106'.
[   46.008028][ T3805] loop0: detected capacity change from 0 to 512
[   46.017946][ T3805] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   46.019384][ T3804] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   46.027043][ T3805] EXT4-fs (loop0): Couldn't mount because of unsupported optional features (fffc1829)
[   46.027114][ T3805] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[   46.056434][ T3804] batadv_slave_0 (unregistering): left promiscuous mode
[   46.063746][ T3804] batman_adv: batadv0: Removing interface: batadv_slave_0
[   46.231426][ T3817] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   46.233956][ T3812] Cannot find add_set index 0 as target
[   46.248500][ T3817] netlink: 'syz.4.108': attribute type 21 has an invalid length.
[   46.274666][ T3817] loop4: detected capacity change from 0 to 1024
[   46.286566][ T3817] EXT4-fs: Ignoring removed orlov option
[   46.303986][ T3817] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.317945][ T3817] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[   46.374790][ T3812] smc: net device bond0 applied user defined pnetid SYZ2
[   46.392186][ T3812] loop2: detected capacity change from 0 to 1764
[   46.464023][ T3828] loop0: detected capacity change from 0 to 164
[   46.555093][ T3831] loop0: detected capacity change from 0 to 512
[   46.563547][ T3831] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.114: casefold flag without casefold feature
[   46.577834][ T3831] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.114: couldn't read orphan inode 15 (err -117)
[   46.592253][ T3831] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.601216][ T3834] loop2: detected capacity change from 0 to 512
[   46.662119][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.680251][ T3837] bridge0: entered promiscuous mode
[   46.686869][ T3835] bridge0: left promiscuous mode
[   46.708484][ T3839] netlink: 128 bytes leftover after parsing attributes in process `syz.0.117'.
[   46.738950][ T3834] syz.2.115 (3834) used greatest stack depth: 10856 bytes left
[   46.746254][ T3841] loop0: detected capacity change from 0 to 2048
[   46.753948][ T3841] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   46.768636][ T3841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.118'.
[   46.872733][ T3845] FAULT_INJECTION: forcing a failure.
[   46.872733][ T3845] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   46.885913][ T3845] CPU: 1 UID: 0 PID: 3845 Comm: syz.2.120 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   46.885956][ T3845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   46.885970][ T3845] Call Trace:
[   46.885976][ T3845]  <TASK>
[   46.885983][ T3845]  __dump_stack+0x1d/0x30
[   46.886008][ T3845]  dump_stack_lvl+0xe8/0x140
[   46.886030][ T3845]  dump_stack+0x15/0x1b
[   46.886053][ T3845]  should_fail_ex+0x265/0x280
[   46.886159][ T3845]  should_fail+0xb/0x20
[   46.886181][ T3845]  should_fail_usercopy+0x1a/0x20
[   46.886222][ T3845]  _copy_to_user+0x20/0xa0
[   46.886256][ T3845]  simple_read_from_buffer+0xb5/0x130
[   46.886291][ T3845]  proc_fail_nth_read+0x100/0x140
[   46.886392][ T3845]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   46.886416][ T3845]  vfs_read+0x19d/0x6f0
[   46.886493][ T3845]  ? __rcu_read_unlock+0x4f/0x70
[   46.886519][ T3845]  ? __fget_files+0x184/0x1c0
[   46.886544][ T3845]  ksys_read+0xda/0x1a0
[   46.886610][ T3845]  __x64_sys_read+0x40/0x50
[   46.886645][ T3845]  x64_sys_call+0x27bc/0x2ff0
[   46.886670][ T3845]  do_syscall_64+0xd2/0x200
[   46.886699][ T3845]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.886763][ T3845]  ? clear_bhb_loop+0x40/0x90
[   46.886788][ T3845]  ? clear_bhb_loop+0x40/0x90
[   46.886814][ T3845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.886920][ T3845] RIP: 0033:0x7f940355d3bc
[   46.886938][ T3845] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   46.886989][ T3845] RSP: 002b:00007f9401bbf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   46.887086][ T3845] RAX: ffffffffffffffda RBX: 00007f9403785fa0 RCX: 00007f940355d3bc
[   46.887100][ T3845] RDX: 000000000000000f RSI: 00007f9401bbf0a0 RDI: 0000000000000006
[   46.887113][ T3845] RBP: 00007f9401bbf090 R08: 0000000000000000 R09: 0000000000000000
[   46.887126][ T3845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.887139][ T3845] R13: 0000000000000000 R14: 00007f9403785fa0 R15: 00007ffedad2a368
[   46.887158][ T3845]  </TASK>
[   47.171897][ T3855] loop0: detected capacity change from 0 to 164
[   47.235213][ T3855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.124'.
[   47.333117][ T3864] loop2: detected capacity change from 0 to 512
[   47.350419][ T3864] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   47.401755][ T3864] EXT4-fs (loop2): 1 truncate cleaned up
[   47.407827][ T3864] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.436010][ T3872] Zero length message leads to an empty skb
[   47.487339][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.512425][ T3871] syz.1.131 (3871) used greatest stack depth: 10848 bytes left
[   47.520974][ T3299] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.591535][ T3882] bridge: RTM_NEWNEIGH with invalid ether address
[   47.650764][ T3886] loop2: detected capacity change from 0 to 1024
[   47.668834][ T3886] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.683188][ T3855] netlink: 20 bytes leftover after parsing attributes in process `syz.0.124'.
[   47.692154][ T3855] netlink: 21 bytes leftover after parsing attributes in process `syz.0.124'.
[   47.701265][ T3855] netlink: 'syz.0.124': attribute type 2 has an invalid length.
[   47.709188][ T3855] netlink: 21 bytes leftover after parsing attributes in process `syz.0.124'.
[   47.736137][ T3886] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   47.748032][ T3855] rock: directory entry would overflow storage
[   47.754338][ T3855] rock: sig=0x4f50, size=4, remaining=3
[   47.759927][ T3855] iso9660: Corrupted directory entry in block 4 of inode 1792
[   47.772891][ T3886] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.773242][ T3889] vlan2: entered allmulticast mode
[   47.799157][ T3889] dummy0: entered allmulticast mode
[   47.926272][ T3899] loop3: detected capacity change from 0 to 512
[   47.933763][ T3899] EXT4-fs: old and new quota format mixing
[   47.944752][ T3900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   47.953431][ T3900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   47.962775][ T3889] syz.1.136 (3889) used greatest stack depth: 10560 bytes left
[   48.002249][ T3902] loop3: detected capacity change from 0 to 164
[   48.058330][ T3907] loop1: detected capacity change from 0 to 512
[   48.075967][ T3907] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   48.095621][ T3914] loop0: detected capacity change from 0 to 512
[   48.107284][ T3914] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.145: casefold flag without casefold feature
[   48.120389][ T3914] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.145: couldn't read orphan inode 15 (err -117)
[   48.151552][ T3907] EXT4-fs (loop1): 1 truncate cleaned up
[   48.152117][ T3914] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.157747][ T3907] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.204288][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.225454][ T3926] xt_CT: You must specify a L4 protocol and not use inversions on it
[   48.284541][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.309210][ T3933] loop1: detected capacity change from 0 to 128
[   48.333498][ T3935] FAULT_INJECTION: forcing a failure.
[   48.333498][ T3935] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   48.346703][ T3935] CPU: 0 UID: 0 PID: 3935 Comm: syz.0.154 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   48.346789][ T3935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   48.346802][ T3935] Call Trace:
[   48.346810][ T3935]  <TASK>
[   48.346818][ T3935]  __dump_stack+0x1d/0x30
[   48.346840][ T3935]  dump_stack_lvl+0xe8/0x140
[   48.346867][ T3935]  dump_stack+0x15/0x1b
[   48.346883][ T3935]  should_fail_ex+0x265/0x280
[   48.346910][ T3935]  should_fail+0xb/0x20
[   48.346933][ T3935]  should_fail_usercopy+0x1a/0x20
[   48.347047][ T3935]  _copy_from_user+0x1c/0xb0
[   48.347098][ T3935]  do_ipt_set_ctl+0x3a0/0x820
[   48.347130][ T3935]  nf_setsockopt+0x196/0x1b0
[   48.347176][ T3935]  ip_setsockopt+0x102/0x110
[   48.347254][ T3935]  udp_setsockopt+0x99/0xb0
[   48.347274][ T3935]  sock_common_setsockopt+0x66/0x80
[   48.347338][ T3935]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   48.347384][ T3935]  __sys_setsockopt+0x181/0x200
[   48.347411][ T3935]  __x64_sys_setsockopt+0x64/0x80
[   48.347438][ T3935]  x64_sys_call+0x20ec/0x2ff0
[   48.347516][ T3935]  do_syscall_64+0xd2/0x200
[   48.347543][ T3935]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.347576][ T3935]  ? clear_bhb_loop+0x40/0x90
[   48.347599][ T3935]  ? clear_bhb_loop+0x40/0x90
[   48.347632][ T3935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.347668][ T3935] RIP: 0033:0x7f5f59ede9a9
[   48.347685][ T3935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.347703][ T3935] RSP: 002b:00007f5f58547038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   48.347722][ T3935] RAX: ffffffffffffffda RBX: 00007f5f5a105fa0 RCX: 00007f5f59ede9a9
[   48.347735][ T3935] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000005
[   48.347814][ T3935] RBP: 00007f5f58547090 R08: 0000000000000278 R09: 0000000000000000
[   48.347826][ T3935] R10: 0000200000002700 R11: 0000000000000246 R12: 0000000000000001
[   48.347838][ T3935] R13: 0000000000000000 R14: 00007f5f5a105fa0 R15: 00007ffc7bf909a8
[   48.347860][ T3935]  </TASK>
[   48.563906][ T3933] syz.1.153: attempt to access beyond end of device
[   48.563906][ T3933] loop1: rw=0, sector=2072, nr_sectors = 1 limit=128
[   48.582574][ T3933] netlink: 'syz.1.153': attribute type 10 has an invalid length.
[   48.610165][ T3933] team0 (unregistering): Port device team_slave_0 removed
[   48.623790][ T3933] team0 (unregistering): Port device team_slave_1 removed
[   48.645348][ T3939] loop0: detected capacity change from 0 to 512
[   48.667171][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.703125][ T3939] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   48.728786][ T3939] EXT4-fs (loop0): orphan cleanup on readonly fs
[   48.746349][ T3939] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   48.746486][ T3939] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   48.746605][ T3939] EXT4-fs error (device loop0): __ext4_iget:5374: inode #16: block 127754: comm syz.0.156: invalid block
[   48.779397][ T3946] loop4: detected capacity change from 0 to 2048
[   48.807026][ T3946]  loop4: p1 < > p2 p3 < p5 p6 > p4
[   48.812490][ T3946] loop4: partition table partially beyond EOD, truncated
[   48.821423][ T3946] loop4: p1 start 4278190080 is beyond EOD, truncated
[   48.828252][ T3946] loop4: p2 start 16908800 is beyond EOD, truncated
[   48.836104][ T3946] loop4: p5 start 16908800 is beyond EOD, truncated
[   48.846631][ T3939] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.156: couldn't read orphan inode 16 (err -117)
[   48.859889][ T3939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   48.930529][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.979481][ T3963] loop4: detected capacity change from 0 to 512
[   48.986655][ T3963] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   48.998293][ T3963] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   49.048847][ T3965] loop4: detected capacity change from 0 to 128
[   49.085657][ T3965] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   49.093609][ T3965] FAT-fs (loop4): Filesystem has been set read-only
[   49.101792][ T3965] syz.4.167: attempt to access beyond end of device
[   49.101792][ T3965] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   49.116522][ T3965] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   49.124468][ T3965] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   49.134403][ T3965] syz.4.167: attempt to access beyond end of device
[   49.134403][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.148262][ T3965] syz.4.167: attempt to access beyond end of device
[   49.148262][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.162680][ T3965] syz.4.167: attempt to access beyond end of device
[   49.162680][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.176081][ T3965] syz.4.167: attempt to access beyond end of device
[   49.176081][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.190615][ T3965] syz.4.167: attempt to access beyond end of device
[   49.190615][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.219250][ T3965] syz.4.167: attempt to access beyond end of device
[   49.219250][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.233837][ T3965] syz.4.167: attempt to access beyond end of device
[   49.233837][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.249641][ T3965] syz.4.167: attempt to access beyond end of device
[   49.249641][ T3965] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   49.595994][   T29] kauditd_printk_skb: 701 callbacks suppressed
[   49.596012][   T29] audit: type=1326 audit(49.572:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.667341][   T29] audit: type=1326 audit(49.572:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.690548][   T29] audit: type=1326 audit(49.602:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.713416][   T29] audit: type=1326 audit(49.602:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.736204][   T29] audit: type=1326 audit(49.602:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.758868][   T29] audit: type=1326 audit(49.602:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.781228][ T3970] syz.0.168 (3970) used greatest stack depth: 10376 bytes left
[   49.781612][   T29] audit: type=1326 audit(49.602:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.811813][   T29] audit: type=1326 audit(49.602:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.834585][   T29] audit: type=1326 audit(49.602:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.857302][   T29] audit: type=1326 audit(49.612:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3974 comm="syz.2.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   49.981722][ T3987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.178'.
[   49.987933][ T3989] loop2: detected capacity change from 0 to 512
[   49.997301][ T3989] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   50.007649][ T3989] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   50.069228][ T3992] loop2: detected capacity change from 0 to 1024
[   50.104777][ T3992] EXT4-fs: Ignoring removed nobh option
[   50.110462][ T3992] EXT4-fs: Ignoring removed bh option
[   50.125589][ T3992] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.274616][ T4022] loop1: detected capacity change from 0 to 512
[   50.282633][ T4022] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   50.292734][ T4022] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   51.154408][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.191654][ T4043] loop3: detected capacity change from 0 to 1024
[   51.198587][ T4043] EXT4-fs: Ignoring removed nobh option
[   51.204437][ T4043] EXT4-fs: Ignoring removed nobh option
[   51.210563][ T4043] EXT4-fs: Ignoring removed bh option
[   51.235784][ T4043] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.304933][ T4043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.197'.
[   51.453495][ T4064] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
[   51.453990][ T4062] loop0: detected capacity change from 0 to 8192
[   51.961389][ T4089] loop4: detected capacity change from 0 to 1024
[   51.968351][ T4089] EXT4-fs: Ignoring removed nobh option
[   51.974263][ T4089] EXT4-fs: Ignoring removed nobh option
[   51.980070][ T4089] EXT4-fs: Ignoring removed bh option
[   51.996991][ T4089] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.235158][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.362352][ T3356] kernel write not supported for file /142/clear_refs (pid: 3356 comm: kworker/1:2)
[   52.404010][ T4106] loop3: detected capacity change from 0 to 1024
[   52.419777][ T4106] EXT4-fs: Ignoring removed orlov option
[   52.452589][ T4106] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.469327][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.547647][ T4114] loop3: detected capacity change from 0 to 512
[   52.553421][ T4114] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   52.572171][ T4114] EXT4-fs (loop3): 1 truncate cleaned up
[   52.572738][ T4114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.746449][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.847339][ T4121] loop3: detected capacity change from 0 to 512
[   52.855655][ T4121] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   52.863635][ T4121] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002]
[   52.863974][ T4121] EXT4-fs (loop3): orphan cleanup on readonly fs
[   52.864483][ T4121] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #13: comm syz.3.219: iget: bad i_size value: 12154761577498
[   52.864843][ T4121] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.219: couldn't read orphan inode 13 (err -117)
[   52.909463][ T4121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   52.933842][ T4121] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.219: dx entry: limit 65535 != root limit 120
[   52.946080][ T4121] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.219: Corrupt directory, running e2fsck is recommended
[   52.959237][ T4121] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.219: dx entry: limit 65535 != root limit 120
[   52.960791][ T4126] loop0: detected capacity change from 0 to 512
[   52.971269][ T4121] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.219: Corrupt directory, running e2fsck is recommended
[   52.994418][ T3305] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz-executor: dx entry: limit 65535 != root limit 120
[   52.994454][ T3305] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended
[   52.994549][ T3305] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /45/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[   53.049815][ T4126] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   53.072362][ T4126] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   53.180669][ T3299] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.199180][ T4137] FAULT_INJECTION: forcing a failure.
[   53.199180][ T4137] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   53.199207][ T4137] CPU: 0 UID: 0 PID: 4137 Comm: +}[@ Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   53.199234][ T4137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.199249][ T4137] Call Trace:
[   53.199256][ T4137]  <TASK>
[   53.199264][ T4137]  __dump_stack+0x1d/0x30
[   53.199324][ T4137]  dump_stack_lvl+0xe8/0x140
[   53.199347][ T4137]  dump_stack+0x15/0x1b
[   53.199367][ T4137]  should_fail_ex+0x265/0x280
[   53.199393][ T4137]  should_fail+0xb/0x20
[   53.199435][ T4137]  should_fail_usercopy+0x1a/0x20
[   53.199513][ T4137]  _copy_to_user+0x20/0xa0
[   53.199552][ T4137]  generic_map_lookup_batch+0x523/0x7c0
[   53.199591][ T4137]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[   53.199685][ T4137]  bpf_map_do_batch+0x1b7/0x380
[   53.199788][ T4137]  ? security_bpf+0x2b/0x90
[   53.199816][ T4137]  __sys_bpf+0x640/0x790
[   53.199907][ T4137]  __x64_sys_bpf+0x41/0x50
[   53.199936][ T4137]  x64_sys_call+0x2aea/0x2ff0
[   53.199958][ T4137]  do_syscall_64+0xd2/0x200
[   53.199988][ T4137]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.200093][ T4137]  ? clear_bhb_loop+0x40/0x90
[   53.200165][ T4137]  ? clear_bhb_loop+0x40/0x90
[   53.200192][ T4137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.200213][ T4137] RIP: 0033:0x7f23c309e9a9
[   53.200248][ T4137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.200269][ T4137] RSP: 002b:00007f23c16ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   53.200291][ T4137] RAX: ffffffffffffffda RBX: 00007f23c32c5fa0 RCX: 00007f23c309e9a9
[   53.200306][ T4137] RDX: 0000000000000038 RSI: 00002000000003c0 RDI: 0000000000000018
[   53.200321][ T4137] RBP: 00007f23c16ff090 R08: 0000000000000000 R09: 0000000000000000
[   53.200368][ T4137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.200414][ T4137] R13: 0000000000000000 R14: 00007f23c32c5fa0 R15: 00007ffd5185f068
[   53.200433][ T4137]  </TASK>
[   53.243066][ T4127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.285159][  T410] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   53.303832][ T4145] FAULT_INJECTION: forcing a failure.
[   53.303832][ T4145] name failslab, interval 1, probability 0, space 0, times 0
[   53.303865][ T4145] CPU: 0 UID: 0 PID: 4145 Comm: syz.1.230 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   53.303954][ T4145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.303969][ T4145] Call Trace:
[   53.303976][ T4145]  <TASK>
[   53.304047][ T4145]  __dump_stack+0x1d/0x30
[   53.304071][ T4145]  dump_stack_lvl+0xe8/0x140
[   53.304092][ T4145]  dump_stack+0x15/0x1b
[   53.304112][ T4145]  should_fail_ex+0x265/0x280
[   53.304194][ T4145]  should_failslab+0x8c/0xb0
[   53.304221][ T4145]  __kmalloc_noprof+0xa5/0x3e0
[   53.304276][ T4145]  ? security_prepare_creds+0x52/0x120
[   53.304309][ T4145]  security_prepare_creds+0x52/0x120
[   53.304335][ T4145]  prepare_creds+0x34a/0x4c0
[   53.304426][ T4145]  __sys_setregid+0xd8/0x360
[   53.304456][ T4145]  __x64_sys_setregid+0x2d/0x40
[   53.304488][ T4145]  x64_sys_call+0x2e2e/0x2ff0
[   53.304570][ T4145]  do_syscall_64+0xd2/0x200
[   53.304663][ T4145]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.304692][ T4145]  ? clear_bhb_loop+0x40/0x90
[   53.304716][ T4145]  ? clear_bhb_loop+0x40/0x90
[   53.304739][ T4145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.304812][ T4145] RIP: 0033:0x7f23c309e9a9
[   53.304829][ T4145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.304859][ T4145] RSP: 002b:00007f23c16ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072
[   53.304881][ T4145] RAX: ffffffffffffffda RBX: 00007f23c32c5fa0 RCX: 00007f23c309e9a9
[   53.304896][ T4145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[   53.304911][ T4145] RBP: 00007f23c16ff090 R08: 0000000000000000 R09: 0000000000000000
[   53.304926][ T4145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.304940][ T4145] R13: 0000000000000000 R14: 00007f23c32c5fa0 R15: 00007ffd5185f068
[   53.305012][ T4145]  </TASK>
[   53.351693][  T410] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   53.414113][  T410] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   53.453762][  T410] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   53.508717][ T4159] loop1: detected capacity change from 0 to 512
[   53.508972][ T4159] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   53.510527][ T4159] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   53.564822][  T410] bridge_slave_1: left allmulticast mode
[   53.564845][  T410] bridge_slave_1: left promiscuous mode
[   53.565006][  T410] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.566806][  T410] bridge_slave_0: left allmulticast mode
[   53.566828][  T410] bridge_slave_0: left promiscuous mode
[   53.566957][  T410] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.636038][ T4176] loop1: detected capacity change from 0 to 764
[   53.672659][ T4176] Symlink component flag not implemented
[   53.672991][ T4176] Symlink component flag not implemented (7)
[   53.772766][  T410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   53.780554][  T410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   53.781889][  T410] bond0 (unregistering): Released all slaves
[   53.831084][ T4178] loop4: detected capacity change from 0 to 1024
[   54.013363][  T410] tipc: Left network mode
[   54.014008][ T4178] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   54.114763][  T410] hsr_slave_0: left promiscuous mode
[   54.123512][  T410] hsr_slave_1: left promiscuous mode
[   54.132204][  T410] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   54.139740][  T410] batman_adv: batadv0: Removing interface: batadv_slave_0
[   54.142160][ T4191] loop1: detected capacity change from 0 to 512
[   54.154154][  T410] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   54.161643][  T410] batman_adv: batadv0: Removing interface: batadv_slave_1
[   54.169361][ T4191] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   54.177557][ T4191] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002]
[   54.197190][ T4191] EXT4-fs (loop1): orphan cleanup on readonly fs
[   54.207334][ T4191] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #13: comm syz.1.246: iget: bad i_size value: 12154761577498
[   54.207498][  T410] veth1_macvtap: left promiscuous mode
[   54.221267][ T4191] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.246: couldn't read orphan inode 13 (err -117)
[   54.237289][  T410] veth0_macvtap: left promiscuous mode
[   54.244585][ T4191] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   54.257655][  T410] veth1_vlan: left promiscuous mode
[   54.262976][  T410] veth0_vlan: left promiscuous mode
[   54.280957][ T4200] EXT4-fs warning (device loop1): dx_probe:861: inode #2: comm syz.1.246: dx entry: limit 65535 != root limit 120
[   54.293217][ T4200] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.246: Corrupt directory, running e2fsck is recommended
[   54.315862][ T3300] EXT4-fs warning (device loop1): dx_probe:861: inode #2: comm syz-executor: dx entry: limit 65535 != root limit 120
[   54.328257][ T3300] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended
[   54.342565][ T3300] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /49/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[   54.365271][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.405957][  T410] team0 (unregistering): Port device team_slave_1 removed
[   54.417461][  T410] team0 (unregistering): Port device team_slave_0 removed
[   54.482677][ T4197] netlink: 60 bytes leftover after parsing attributes in process `syz.2.247'.
[   54.494239][ T4196] netlink: 60 bytes leftover after parsing attributes in process `syz.2.247'.
[   54.537365][ T4149] chnl_net:caif_netlink_parms(): no params data found
[   54.577101][   T29] kauditd_printk_skb: 419 callbacks suppressed
[   54.577119][   T29] audit: type=1400 audit(54.757:1686): avc:  denied  { map } for  pid=4207 comm="syz.1.250" path="socket:[7016]" dev="sockfs" ino=7016 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   54.605821][   T29] audit: type=1400 audit(54.757:1687): avc:  denied  { read } for  pid=4207 comm="syz.1.250" path="socket:[7016]" dev="sockfs" ino=7016 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   54.688776][ T4149] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.696057][ T4149] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.707480][ T4224] SELinux:  Context system_u:object_r:netutils_exec_t:s0 is not valid (left unmapped).
[   54.718286][   T29] audit: type=1400 audit(54.907:1688): avc:  denied  { relabelto } for  pid=4218 comm="syz.0.254" name="cgroup.procs" dev="cgroup" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:netutils_exec_t:s0"
[   54.745179][   T29] audit: type=1400 audit(54.907:1689): avc:  denied  { associate } for  pid=4218 comm="syz.0.254" name="cgroup.procs" dev="cgroup" ino=151 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:netutils_exec_t:s0"
[   54.777023][ T4149] bridge_slave_0: entered allmulticast mode
[   54.783754][ T4149] bridge_slave_0: entered promiscuous mode
[   54.792180][ T4149] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.796922][ T4224] netlink: 36 bytes leftover after parsing attributes in process `syz.0.254'.
[   54.799321][ T4149] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.799471][   T29] audit: type=1400 audit(54.982:1690): avc:  denied  { write } for  pid=4218 comm="syz.0.254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   54.834338][ T4149] bridge_slave_1: entered allmulticast mode
[   54.841056][ T4149] bridge_slave_1: entered promiscuous mode
[   54.872187][ T4149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.894065][ T4149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.903484][   T29] audit: type=1326 audit(55.089:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4226 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   54.926257][   T29] audit: type=1326 audit(55.089:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4226 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   54.949078][   T29] audit: type=1326 audit(55.089:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4226 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   54.971785][   T29] audit: type=1326 audit(55.089:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4226 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   54.994537][   T29] audit: type=1326 audit(55.089:1695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4226 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   55.067117][ T4235] netlink: 24 bytes leftover after parsing attributes in process `syz.4.258'.
[   55.082009][ T4149] team0: Port device team_slave_0 added
[   55.099958][ T4149] team0: Port device team_slave_1 added
[   55.139706][ T4149] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.146814][ T4149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.172932][ T4149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.184580][ T4149] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.189870][ T4244] loop4: detected capacity change from 0 to 512
[   55.191597][ T4149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.198497][ T4244] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   55.223751][ T4149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.250666][ T4244] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   55.268707][ T4149] hsr_slave_0: entered promiscuous mode
[   55.275292][ T4149] hsr_slave_1: entered promiscuous mode
[   55.281510][ T4149] debugfs: 'hsr0' already exists in 'hsr'
[   55.287330][ T4149] Cannot create hsr debugfs directory
[   55.302184][ T4247] FAULT_INJECTION: forcing a failure.
[   55.302184][ T4247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.315578][ T4247] CPU: 0 UID: 0 PID: 4247 Comm: syz.1.262 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   55.315669][ T4247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.315691][ T4247] Call Trace:
[   55.315696][ T4247]  <TASK>
[   55.315702][ T4247]  __dump_stack+0x1d/0x30
[   55.315722][ T4247]  dump_stack_lvl+0xe8/0x140
[   55.315784][ T4247]  dump_stack+0x15/0x1b
[   55.315804][ T4247]  should_fail_ex+0x265/0x280
[   55.315851][ T4247]  should_fail+0xb/0x20
[   55.315872][ T4247]  should_fail_usercopy+0x1a/0x20
[   55.315902][ T4247]  _copy_from_user+0x1c/0xb0
[   55.316001][ T4247]  bpf_test_init+0xdf/0x160
[   55.316032][ T4247]  bpf_prog_test_run_xdp+0x274/0x910
[   55.316076][ T4247]  ? __rcu_read_unlock+0x4f/0x70
[   55.316099][ T4247]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   55.316136][ T4247]  bpf_prog_test_run+0x22a/0x390
[   55.316166][ T4247]  __sys_bpf+0x3dc/0x790
[   55.316242][ T4247]  __x64_sys_bpf+0x41/0x50
[   55.316265][ T4247]  x64_sys_call+0x2aea/0x2ff0
[   55.316283][ T4247]  do_syscall_64+0xd2/0x200
[   55.316334][ T4247]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.316434][ T4247]  ? clear_bhb_loop+0x40/0x90
[   55.316455][ T4247]  ? clear_bhb_loop+0x40/0x90
[   55.316513][ T4247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.316536][ T4247] RIP: 0033:0x7f23c309e9a9
[   55.316549][ T4247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.316576][ T4247] RSP: 002b:00007f23c16ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   55.316592][ T4247] RAX: ffffffffffffffda RBX: 00007f23c32c5fa0 RCX: 00007f23c309e9a9
[   55.316620][ T4247] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[   55.316631][ T4247] RBP: 00007f23c16ff090 R08: 0000000000000000 R09: 0000000000000000
[   55.316641][ T4247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.316651][ T4247] R13: 0000000000000000 R14: 00007f23c32c5fa0 R15: 00007ffd5185f068
[   55.316668][ T4247]  </TASK>
[   55.521587][ T4251] loop1: detected capacity change from 0 to 512
[   55.528762][ T4242] loop2: detected capacity change from 0 to 1024
[   55.535831][ T4242] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   55.710096][ T4256] loop1: detected capacity change from 0 to 512
[   55.721502][ T4149] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   55.737760][ T4149] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   55.775010][ T4149] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   55.799805][ T4149] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   55.835834][ T4282] loop4: detected capacity change from 0 to 512
[   55.849044][ T4282] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   55.864317][ T4272] Unsupported ieee802154 address type: 0
[   55.872476][ T4283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.273'.
[   55.898963][ T4291] loop1: detected capacity change from 0 to 2048
[   55.903595][ T4283] 8021q: adding VLAN 0 to HW filter on device bond1
[   55.913566][ T4282] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   55.924874][ T4149] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.941631][ T4149] 8021q: adding VLAN 0 to HW filter on device team0
[   55.969138][ T4282] EXT4-fs (loop4): 1 truncate cleaned up
[   55.969836][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.981940][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.982285][ T4282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.005042][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.012241][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.021739][ T4291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.067467][ T3299] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.107879][ T4309] process 'syz.0.279' launched './file1' with NULL argv: empty string added
[   56.136629][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.159064][ T4149] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.251187][ T4328] netlink: 24 bytes leftover after parsing attributes in process `syz.4.283'.
[   56.278673][ T4331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.303582][ T4331] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.316070][ T4328] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4328 comm=syz.4.283
[   56.410306][ T4344] loop4: detected capacity change from 0 to 2048
[   56.423603][ T4149] veth0_vlan: entered promiscuous mode
[   56.429750][ T4344] SELinux: security_context_str_to_sid (root) failed with errno=-22
[   56.447235][ T4149] veth1_vlan: entered promiscuous mode
[   56.470366][ T4344] batman_adv: batadv0: Adding interface: dummy0
[   56.476772][ T4344] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.512332][ T4335] loop0: detected capacity change from 0 to 1024
[   56.519183][ T4335] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   56.530191][ T4344] batman_adv: batadv0: Interface activated: dummy0
[   56.545748][ T4351] batadv0: mtu less than device minimum
[   56.552078][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.562957][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.573936][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.585030][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.596016][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.607035][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.617889][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.628664][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.639430][ T4351] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   56.667040][ T4344] bond1: entered promiscuous mode
[   56.672426][ T4344] bond1: entered allmulticast mode
[   56.680040][ T4344] 8021q: adding VLAN 0 to HW filter on device bond1
[   56.692298][ T4344] bond1 (unregistering): Released all slaves
[   56.705137][ T4149] veth0_macvtap: entered promiscuous mode
[   56.714328][ T4149] veth1_macvtap: entered promiscuous mode
[   56.729848][ T4149] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.743654][ T4149] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.754652][ T4149] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.763633][ T4149] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.772577][ T4149] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.781698][ T4149] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.884395][ T4363] netlink: 28 bytes leftover after parsing attributes in process `syz.5.232'.
[   57.063763][ T4355] loop2: detected capacity change from 0 to 164
[   57.071177][ T4355] ISOFS: unable to read i-node block
[   57.076705][ T4355] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[   57.164422][ T4388] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   57.307192][ T4389] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   57.346283][ T4395] loop1: detected capacity change from 0 to 1024
[   57.354511][ T4395] EXT4-fs: Ignoring removed nomblk_io_submit option
[   57.374688][ T4395] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.476720][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.490428][ T4403] loop0: detected capacity change from 0 to 256
[   57.509434][ T4403] FAT-fs (loop0): Directory bread(block 64) failed
[   57.516478][ T4403] FAT-fs (loop0): Directory bread(block 65) failed
[   57.524345][ T4403] FAT-fs (loop0): Directory bread(block 66) failed
[   57.532632][ T4403] FAT-fs (loop0): Directory bread(block 67) failed
[   57.539273][ T4403] FAT-fs (loop0): Directory bread(block 68) failed
[   57.545925][ T4403] FAT-fs (loop0): Directory bread(block 69) failed
[   57.559850][ T4403] FAT-fs (loop0): Directory bread(block 70) failed
[   57.572117][ T4403] FAT-fs (loop0): Directory bread(block 71) failed
[   57.586863][ T4403] FAT-fs (loop0): Directory bread(block 72) failed
[   57.594071][ T4403] FAT-fs (loop0): Directory bread(block 73) failed
[   57.705256][ T4403] bio_check_eod: 6220 callbacks suppressed
[   57.705278][ T4403] syz.0.301: attempt to access beyond end of device
[   57.705278][ T4403] loop0: rw=2051, sector=1224, nr_sectors = 608 limit=256
[   57.741116][ T4403] syz.0.301: attempt to access beyond end of device
[   57.741116][ T4403] loop0: rw=2051, sector=1864, nr_sectors = 31936 limit=256
[   57.771572][ T4418] capability: warning: `syz.4.306' uses deprecated v2 capabilities in a way that may be insecure
[   57.857990][ T4427] loop1: detected capacity change from 0 to 2048
[   57.885659][ T4415] loop2: detected capacity change from 0 to 1024
[   57.892498][ T4415] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   57.933285][ T4436] netlink: 96 bytes leftover after parsing attributes in process `syz.1.312'.
[   57.963614][ T4434] veth1_to_team: entered promiscuous mode
[   57.972990][ T4434] bond_slave_0: entered promiscuous mode
[   57.979997][ T4434] bond_slave_0: left promiscuous mode
[   57.985586][ T4434] veth1_to_team: left promiscuous mode
[   58.018205][ T4440] netlink: 'syz.0.314': attribute type 1 has an invalid length.
[   58.026060][ T4440] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.314'.
[   58.076675][ T4442] loop4: detected capacity change from 0 to 2048
[   58.097485][ T4440] loop0: detected capacity change from 0 to 8192
[   58.138361][ T4442] Alternate GPT is invalid, using primary GPT.
[   58.144916][ T4442]  loop4: p2 p3 p7
[   58.652042][ T4461] netlink: 8 bytes leftover after parsing attributes in process `syz.2.319'.
[   58.694406][ T4455] netlink: 4 bytes leftover after parsing attributes in process `syz.2.319'.
[   58.721400][ T4464] netlink: 32 bytes leftover after parsing attributes in process `syz.5.321'.
[   58.777118][ T4464] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.784614][ T4464] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.875997][ T4464] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.889038][ T4464] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   58.940987][ T4464] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   58.950452][ T4464] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   58.959631][ T4464] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   58.969010][ T4464] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.049699][ T4488] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   59.146634][ T4503] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[   59.172994][ T4480] loop0: detected capacity change from 0 to 1024
[   59.180932][ T4480] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   59.269209][   T29] kauditd_printk_skb: 557 callbacks suppressed
[   59.269227][   T29] audit: type=1400 audit(59.789:2253): avc:  denied  { write } for  pid=4510 comm="syz.4.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   59.332273][   T29] audit: type=1400 audit(59.853:2254): avc:  denied  { execute } for  pid=4510 comm="syz.4.340" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=8578 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[   59.520847][   T29] audit: type=1326 audit(60.057:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.565966][   T29] audit: type=1326 audit(60.057:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.588828][   T29] audit: type=1326 audit(60.057:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.611975][   T29] audit: type=1326 audit(60.057:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.634727][   T29] audit: type=1326 audit(60.057:2259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.657438][   T29] audit: type=1326 audit(60.057:2260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.680142][   T29] audit: type=1326 audit(60.057:2261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.702892][   T29] audit: type=1326 audit(60.057:2262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4516 comm="syz.5.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe92fd0e9a9 code=0x7ffc0000
[   59.783879][ T4523] netlink: 4 bytes leftover after parsing attributes in process `syz.4.346'.
[   59.831704][ T4527] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   59.878023][ T4534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.886557][ T4534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.958378][ T4536] Cannot find add_set index 0 as target
[   59.976127][ T4538] loop0: detected capacity change from 0 to 512
[   60.019532][ T4538] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   60.039044][ T4538] EXT4-fs error (device loop0): ext4_do_update_inode:5563: inode #2: comm syz.0.351: corrupted inode contents
[   60.053398][ T4538] EXT4-fs error (device loop0): ext4_dirty_inode:6454: inode #2: comm syz.0.351: mark_inode_dirty error
[   60.068190][ T4543] FAULT_INJECTION: forcing a failure.
[   60.068190][ T4543] name failslab, interval 1, probability 0, space 0, times 0
[   60.081088][ T4543] CPU: 1 UID: 0 PID: 4543 Comm: syz.5.352 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   60.081120][ T4543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   60.081136][ T4543] Call Trace:
[   60.081143][ T4543]  <TASK>
[   60.081151][ T4543]  __dump_stack+0x1d/0x30
[   60.081224][ T4543]  dump_stack_lvl+0xe8/0x140
[   60.081247][ T4543]  dump_stack+0x15/0x1b
[   60.081267][ T4543]  should_fail_ex+0x265/0x280
[   60.081300][ T4543]  should_failslab+0x8c/0xb0
[   60.081327][ T4543]  kmem_cache_alloc_noprof+0x50/0x310
[   60.081474][ T4543]  ? audit_log_start+0x365/0x6c0
[   60.081562][ T4543]  audit_log_start+0x365/0x6c0
[   60.081606][ T4543]  audit_seccomp+0x48/0x100
[   60.081639][ T4543]  ? __seccomp_filter+0x68c/0x10d0
[   60.081714][ T4543]  __seccomp_filter+0x69d/0x10d0
[   60.081744][ T4543]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   60.081845][ T4543]  ? vfs_write+0x75e/0x8e0
[   60.081908][ T4543]  ? __rcu_read_unlock+0x4f/0x70
[   60.081935][ T4543]  ? __fget_files+0x184/0x1c0
[   60.081961][ T4543]  __secure_computing+0x82/0x150
[   60.081990][ T4543]  syscall_trace_enter+0xcf/0x1e0
[   60.082012][ T4543]  do_syscall_64+0xac/0x200
[   60.082095][ T4543]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   60.082176][ T4543]  ? clear_bhb_loop+0x40/0x90
[   60.082203][ T4543]  ? clear_bhb_loop+0x40/0x90
[   60.082231][ T4543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.082307][ T4543] RIP: 0033:0x7fe92fd0e9a9
[   60.082332][ T4543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.082355][ T4543] RSP: 002b:00007fe92e377038 EFLAGS: 00000246 ORIG_RAX: 000000000000014e
[   60.082379][ T4543] RAX: ffffffffffffffda RBX: 00007fe92ff35fa0 RCX: 00007fe92fd0e9a9
[   60.082391][ T4543] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 00002000000000c0
[   60.082402][ T4543] RBP: 00007fe92e377090 R08: 0000000000000000 R09: 0000000000000000
[   60.082558][ T4543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.082570][ T4543] R13: 0000000000000000 R14: 00007fe92ff35fa0 R15: 00007fff01380f58
[   60.082588][ T4543]  </TASK>
[   60.282059][ T4538] EXT4-fs error (device loop0): ext4_do_update_inode:5563: inode #2: comm syz.0.351: corrupted inode contents
[   60.319806][ T4544] EXT4-fs error (device loop0): ext4_do_update_inode:5563: inode #2: comm syz.0.351: corrupted inode contents
[   60.336111][ T4544] EXT4-fs error (device loop0): ext4_dirty_inode:6454: inode #2: comm syz.0.351: mark_inode_dirty error
[   60.349218][ T4544] EXT4-fs error (device loop0): ext4_do_update_inode:5563: inode #2: comm syz.0.351: corrupted inode contents
[   60.364109][ T4544] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.351: mark_inode_dirty error
[   60.375957][ T4548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=275 sclass=netlink_route_socket pid=4548 comm=syz.5.354
[   60.381314][ T4544] EXT4-fs error (device loop0): ext4_do_update_inode:5563: inode #2: comm syz.0.351: corrupted inode contents
[   60.401757][ T4544] EXT4-fs error (device loop0): ext4_dirty_inode:6454: inode #2: comm syz.0.351: mark_inode_dirty error
[   60.440383][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.482121][ T4553] netlink: 'syz.4.357': attribute type 1 has an invalid length.
[   60.512238][ T4554] debugfs: 'ttyS3' already exists in 'caif_serial'
[   60.568998][ T4558] netlink: 32 bytes leftover after parsing attributes in process `syz.0.359'.
[   60.696290][ T4556] loop5: detected capacity change from 0 to 1024
[   60.713141][ T4556] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   60.729650][ T4571] loop1: detected capacity change from 0 to 128
[   60.949219][ T4585] loop1: detected capacity change from 0 to 512
[   60.956871][ T4585] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   60.967957][ T4585] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   61.018246][ T4593] loop2: detected capacity change from 0 to 512
[   61.024820][ T4589] loop0: detected capacity change from 0 to 2048
[   61.032729][ T4593] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   61.044861][ T4589] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #2: comm syz.0.368: pblk 0 bad header/extent: too large eh_depth - magic f30a, entries 1, max 4(4), depth 25349(25349)
[   61.045553][ T4593] EXT4-fs (loop2): 1 truncate cleaned up
[   61.066789][ T4589] EXT4-fs (loop0): Remounting filesystem read-only
[   61.076445][ T4589] EXT4-fs (loop0): get root inode failed
[   61.083554][ T4589] EXT4-fs (loop0): mount failed
[   61.089495][ T4593] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.135057][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.329568][ T4616] loop5: detected capacity change from 0 to 512
[   61.337638][ T4616] EXT4-fs: Ignoring removed mblk_io_submit option
[   61.345726][ T4616] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   61.357833][ T4616] EXT4-fs (loop5): 1 truncate cleaned up
[   61.363982][ T4616] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.383811][ T4616] netlink: 76 bytes leftover after parsing attributes in process `syz.5.376'.
[   61.452647][ T4149] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.473189][ T4620] loop4: detected capacity change from 0 to 512
[   61.486247][ T4620] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.377: iget: bad extended attribute block 1
[   61.499933][ T4620] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.377: couldn't read orphan inode 15 (err -117)
[   61.505684][ T4625] loop5: detected capacity change from 0 to 512
[   61.522150][ T4625] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   61.532788][ T4620] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #2: block 13: comm syz.4.377: lblock 0 mapped to illegal pblock 13 (length 1)
[   61.533037][ T4620] EXT4-fs warning (device loop4): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz.4.377: error -117 reading directory block
[   61.533650][ T4620] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #2: block 13: comm syz.4.377: lblock 0 mapped to illegal pblock 13 (length 1)
[   61.586268][ T4625] EXT4-fs (loop5): 1 truncate cleaned up
[   61.796035][ T4640] FAULT_INJECTION: forcing a failure.
[   61.796035][ T4640] name failslab, interval 1, probability 0, space 0, times 0
[   61.808879][ T4640] CPU: 1 UID: 0 PID: 4640 Comm: syz.5.384 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   61.808951][ T4640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   61.808967][ T4640] Call Trace:
[   61.808975][ T4640]  <TASK>
[   61.808984][ T4640]  __dump_stack+0x1d/0x30
[   61.809007][ T4640]  dump_stack_lvl+0xe8/0x140
[   61.809026][ T4640]  dump_stack+0x15/0x1b
[   61.809065][ T4640]  should_fail_ex+0x265/0x280
[   61.809096][ T4640]  should_failslab+0x8c/0xb0
[   61.809119][ T4640]  kmem_cache_alloc_lru_noprof+0x55/0x310
[   61.809213][ T4640]  ? __d_alloc+0x3d/0x340
[   61.809296][ T4640]  __d_alloc+0x3d/0x340
[   61.809322][ T4640]  ? __rcu_read_unlock+0x4f/0x70
[   61.809344][ T4640]  d_alloc_parallel+0x53/0xc60
[   61.809370][ T4640]  ? __account_obj_stock+0x211/0x350
[   61.809396][ T4640]  ? __rcu_read_unlock+0x4f/0x70
[   61.809497][ T4640]  ? __d_lookup+0x316/0x340
[   61.809544][ T4640]  ? obj_cgroup_charge_account+0x122/0x1a0
[   61.809580][ T4640]  __lookup_slow+0x8c/0x250
[   61.809606][ T4640]  lookup_noperm+0xc9/0x180
[   61.809692][ T4640]  simple_start_creating+0x97/0x120
[   61.809732][ T4640]  start_creating+0xe9/0x160
[   61.809761][ T4640]  debugfs_create_dir+0x22/0x2b0
[   61.809795][ T4640]  ldisc_open+0x1c3/0x530
[   61.809837][ T4640]  tty_ldisc_reinit+0x208/0x310
[   61.809879][ T4640]  tty_reopen+0x187/0x1c0
[   61.809912][ T4640]  tty_open+0x8f0/0xaf0
[   61.809943][ T4640]  chrdev_open+0x2eb/0x3a0
[   61.809967][ T4640]  do_dentry_open+0x646/0xa20
[   61.809995][ T4640]  ? __pfx_chrdev_open+0x10/0x10
[   61.810050][ T4640]  vfs_open+0x37/0x1e0
[   61.810072][ T4640]  path_openat+0x1c5e/0x2170
[   61.810167][ T4640]  ? __bpf_get_stackid+0x721/0x800
[   61.810204][ T4640]  do_filp_open+0x109/0x230
[   61.810243][ T4640]  do_sys_openat2+0xa6/0x110
[   61.810281][ T4640]  __x64_sys_openat+0xf2/0x120
[   61.810314][ T4640]  x64_sys_call+0x2e9c/0x2ff0
[   61.810340][ T4640]  do_syscall_64+0xd2/0x200
[   61.810372][ T4640]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   61.810483][ T4640]  ? clear_bhb_loop+0x40/0x90
[   61.810560][ T4640]  ? clear_bhb_loop+0x40/0x90
[   61.810587][ T4640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.810612][ T4640] RIP: 0033:0x7fe92fd0e9a9
[   61.810647][ T4640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.810670][ T4640] RSP: 002b:00007fe92e377038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   61.810752][ T4640] RAX: ffffffffffffffda RBX: 00007fe92ff35fa0 RCX: 00007fe92fd0e9a9
[   61.810768][ T4640] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   61.810783][ T4640] RBP: 00007fe92e377090 R08: 0000000000000000 R09: 0000000000000000
[   61.810798][ T4640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   61.810812][ T4640] R13: 0000000000000000 R14: 00007fe92ff35fa0 R15: 00007fff01380f58
[   61.810836][ T4640]  </TASK>
[   61.818602][ T4642] FAULT_INJECTION: forcing a failure.
[   61.818602][ T4642] name failslab, interval 1, probability 0, space 0, times 0
[   62.039080][ T4647] loop2: detected capacity change from 0 to 1024
[   62.040296][ T4642] CPU: 0 UID: 0 PID: 4642 Comm: syz.4.385 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   62.040392][ T4642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   62.040424][ T4642] Call Trace:
[   62.040434][ T4642]  <TASK>
[   62.040452][ T4642]  __dump_stack+0x1d/0x30
[   62.040474][ T4642]  dump_stack_lvl+0xe8/0x140
[   62.040493][ T4642]  dump_stack+0x15/0x1b
[   62.040517][ T4642]  should_fail_ex+0x265/0x280
[   62.040554][ T4642]  should_failslab+0x8c/0xb0
[   62.040661][ T4642]  kmem_cache_alloc_node_noprof+0x57/0x320
[   62.040734][ T4642]  ? __alloc_skb+0x101/0x320
[   62.040761][ T4642]  __alloc_skb+0x101/0x320
[   62.040783][ T4642]  netlink_alloc_large_skb+0xba/0xf0
[   62.040864][ T4642]  netlink_sendmsg+0x3cf/0x6b0
[   62.040917][ T4642]  ? __pfx_netlink_sendmsg+0x10/0x10
[   62.040955][ T4642]  __sock_sendmsg+0x142/0x180
[   62.041089][ T4642]  ____sys_sendmsg+0x31e/0x4e0
[   62.041172][ T4642]  ___sys_sendmsg+0x17b/0x1d0
[   62.041228][ T4642]  __x64_sys_sendmsg+0xd4/0x160
[   62.041270][ T4642]  x64_sys_call+0x191e/0x2ff0
[   62.041371][ T4642]  do_syscall_64+0xd2/0x200
[   62.041406][ T4642]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   62.041442][ T4642]  ? clear_bhb_loop+0x40/0x90
[   62.041472][ T4642]  ? clear_bhb_loop+0x40/0x90
[   62.041557][ T4642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.041585][ T4642] RIP: 0033:0x7fb824a7e9a9
[   62.041605][ T4642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.041630][ T4642] RSP: 002b:00007fb8230e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.041655][ T4642] RAX: ffffffffffffffda RBX: 00007fb824ca5fa0 RCX: 00007fb824a7e9a9
[   62.041673][ T4642] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005
[   62.041690][ T4642] RBP: 00007fb8230e7090 R08: 0000000000000000 R09: 0000000000000000
[   62.041741][ T4642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.041800][ T4642] R13: 0000000000000000 R14: 00007fb824ca5fa0 R15: 00007fff02da7118
[   62.041829][ T4642]  </TASK>
[   62.244815][ T4666] netlink: 44 bytes leftover after parsing attributes in process `syz.4.391'.
[   62.265336][ T4647] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   62.291307][ T4668] loop1: detected capacity change from 0 to 512
[   62.308698][ T4666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.391'.
[   62.349997][ T4669] loop4: detected capacity change from 0 to 1024
[   62.350394][ T4669] EXT4-fs: Ignoring removed nobh option
[   62.350427][ T4669] EXT4-fs: Ignoring removed bh option
[   62.365646][ T4668] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   62.373341][ T4666] netlink: 16 bytes leftover after parsing attributes in process `syz.4.391'.
[   62.389618][ T4671] loop0: detected capacity change from 0 to 512
[   62.406047][ T4668] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   62.416115][ T4671] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   62.418687][ T4671] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   62.561697][ T4683] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4683 comm=syz.1.397
[   62.682479][ T4700] loop2: detected capacity change from 0 to 512
[   62.731127][ T4700] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   62.774185][ T4700] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   62.788006][ T4705] loop7: detected capacity change from 0 to 7
[   63.081778][ T4733] loop0: detected capacity change from 0 to 512
[   63.116060][ T4733] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.412: bg 0: block 16: invalid block bitmap
[   63.130622][ T4733] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   63.140970][ T4733] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.412: invalid indirect mapped block 5 (level 0)
[   63.166534][ T4733] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.412: invalid indirect mapped block 4294967295 (level 1)
[   63.190675][ T4728] loop2: detected capacity change from 0 to 1024
[   63.192663][ T4733] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.412: invalid indirect mapped block 4294967295 (level 2)
[   63.198979][ T4728] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   63.216174][ T4733] EXT4-fs (loop0): 1 truncate cleaned up
[   63.333136][ T4757] loop5: detected capacity change from 0 to 512
[   63.339858][ T4757] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   63.350041][ T4757] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   63.356257][ T4753] tipc: Started in network mode
[   63.363467][ T4753] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   63.372939][ T4753] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[   63.381420][ T4753] tipc: Enabled bearer <udp:syz0>, priority 10
[   63.404541][ T4763] loop5: detected capacity change from 0 to 1024
[   63.412275][ T4763] EXT4-fs: Ignoring removed orlov option
[   63.682343][ T4763] syz.5.422 (4763) used greatest stack depth: 10192 bytes left
[   63.732177][ T4783] 9pnet: Could not find request transport: 0xffffffffffffffff
[   63.763343][ T4788] FAULT_INJECTION: forcing a failure.
[   63.763343][ T4788] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   63.777756][ T4788] CPU: 0 UID: 0 PID: 4788 Comm: syz.5.431 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   63.777791][ T4788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   63.777807][ T4788] Call Trace:
[   63.777814][ T4788]  <TASK>
[   63.777823][ T4788]  __dump_stack+0x1d/0x30
[   63.777916][ T4788]  dump_stack_lvl+0xe8/0x140
[   63.777942][ T4788]  dump_stack+0x15/0x1b
[   63.777986][ T4788]  should_fail_ex+0x265/0x280
[   63.778019][ T4788]  should_fail+0xb/0x20
[   63.778076][ T4788]  should_fail_usercopy+0x1a/0x20
[   63.778154][ T4788]  _copy_to_user+0x20/0xa0
[   63.778197][ T4788]  simple_read_from_buffer+0xb5/0x130
[   63.778360][ T4788]  proc_fail_nth_read+0x100/0x140
[   63.778386][ T4788]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   63.778482][ T4788]  vfs_read+0x19d/0x6f0
[   63.778519][ T4788]  ? fcntl_setlease+0x2df/0x300
[   63.778556][ T4788]  ? __rcu_read_unlock+0x4f/0x70
[   63.778612][ T4788]  ? __fget_files+0x184/0x1c0
[   63.778639][ T4788]  ksys_read+0xda/0x1a0
[   63.778687][ T4788]  __x64_sys_read+0x40/0x50
[   63.778793][ T4788]  x64_sys_call+0x27bc/0x2ff0
[   63.778820][ T4788]  do_syscall_64+0xd2/0x200
[   63.778853][ T4788]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   63.778893][ T4788]  ? clear_bhb_loop+0x40/0x90
[   63.778918][ T4788]  ? clear_bhb_loop+0x40/0x90
[   63.778946][ T4788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.778973][ T4788] RIP: 0033:0x7fe92fd0d3bc
[   63.778993][ T4788] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   63.779017][ T4788] RSP: 002b:00007fe92e377030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   63.779068][ T4788] RAX: ffffffffffffffda RBX: 00007fe92ff35fa0 RCX: 00007fe92fd0d3bc
[   63.779081][ T4788] RDX: 000000000000000f RSI: 00007fe92e3770a0 RDI: 0000000000000006
[   63.779097][ T4788] RBP: 00007fe92e377090 R08: 0000000000000000 R09: 0000000000000000
[   63.779113][ T4788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.779128][ T4788] R13: 0000000000000000 R14: 00007fe92ff35fa0 R15: 00007fff01380f58
[   63.779150][ T4788]  </TASK>
[   64.021733][ T4786] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.105889][   T29] kauditd_printk_skb: 314 callbacks suppressed
[   64.105908][   T29] audit: type=1400 audit(64.971:2575): avc:  denied  { ioctl } for  pid=4796 comm="syz.1.435" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 ioctlcmd=0x9402 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   64.204606][ T4786] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.220184][   T29] audit: type=1326 audit(65.078:2576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.244337][   T29] audit: type=1326 audit(65.078:2577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f23c309d217 code=0x7ffc0000
[   64.267056][   T29] audit: type=1326 audit(65.078:2578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.290998][   T29] audit: type=1326 audit(65.078:2579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.314868][   T29] audit: type=1326 audit(65.078:2580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.338693][   T29] audit: type=1326 audit(65.078:2581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.342075][ T3408] tipc: Node number set to 1
[   64.362597][   T29] audit: type=1326 audit(65.078:2582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.389969][   T29] audit: type=1326 audit(65.078:2583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.413827][   T29] audit: type=1326 audit(65.078:2584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4809 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   64.475791][ T4828] loop1: detected capacity change from 0 to 512
[   64.491730][ T4828] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   64.504234][ T4828] EXT4-fs (loop1): orphan cleanup on readonly fs
[   64.510961][ T4828] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.444: iget: bad i_size value: 38620345925642
[   64.514431][ T4786] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.523831][ T4828] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.444: couldn't read orphan inode 15 (err -117)
[   64.599725][ T4835] xt_hashlimit: size too large, truncated to 1048576
[   64.606555][ T4835] xt_hashlimit: Unknown mode mask 80FF, kernel too old?
[   64.666436][ T4786] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.693684][ T4824] loop5: detected capacity change from 0 to 512
[   64.701703][ T4824] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[   64.711113][ T4824] EXT4-fs (loop5): Couldn't mount because of unsupported optional features (fffc1829)
[   64.721160][ T4824] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[   64.757602][ T4786] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.777279][ T4786] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.813213][ T4786] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.841036][ T4786] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.868939][ T4844] loop5: detected capacity change from 0 to 512
[   64.893517][ T4844] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.449: iget: bad extended attribute block 1
[   64.906876][ T4844] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.449: couldn't read orphan inode 15 (err -117)
[   64.946494][ T4843] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #2: block 13: comm syz.5.449: lblock 0 mapped to illegal pblock 13 (length 1)
[   64.961031][ T4843] EXT4-fs warning (device loop5): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz.5.449: error -117 reading directory block
[   64.977440][ T4843] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #2: block 13: comm syz.5.449: lblock 0 mapped to illegal pblock 13 (length 1)
[   65.493546][ T4865] loop2: detected capacity change from 0 to 1764
[   65.504717][ T4865] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   65.513758][ T4865] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   65.544091][ T4865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.458'.
[   65.568342][ T4865] netlink: 32 bytes leftover after parsing attributes in process `syz.2.458'.
[   65.632985][ T4872] loop5: detected capacity change from 0 to 512
[   65.647196][ T4872] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   65.681549][ T4872] EXT4-fs (loop5): 1 truncate cleaned up
[   65.836636][ T4888] loop1: detected capacity change from 0 to 764
[   65.872064][ T4893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4893 comm=syz.5.470
[   65.890733][ T4893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=4893 comm=syz.5.470
[   66.121783][ T4910] loop0: detected capacity change from 0 to 764
[   66.273706][ T4923] loop4: detected capacity change from 0 to 1024
[   66.479600][ T4933] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.485' sets config #1
[   66.530771][ T4910] geneve2: entered promiscuous mode
[   66.537579][ T4910] geneve2: entered allmulticast mode
[   66.600912][   T36] kernel write not supported for file /110/attr/exec (pid: 36 comm: kworker/1:1)
[   66.628629][ T4924] smc: net device bond0 erased user defined pnetid SYZ2
[   66.638497][ T4938] loop2: detected capacity change from 0 to 512
[   66.677792][ T4938] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.487: casefold flag without casefold feature
[   66.696499][ T4938] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.487: couldn't read orphan inode 15 (err -117)
[   66.720351][ T4943] FAULT_INJECTION: forcing a failure.
[   66.720351][ T4943] name failslab, interval 1, probability 0, space 0, times 0
[   66.733325][ T4943] CPU: 1 UID: 0 PID: 4943 Comm: syz.5.489 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   66.733360][ T4943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   66.733385][ T4943] Call Trace:
[   66.733390][ T4943]  <TASK>
[   66.733396][ T4943]  __dump_stack+0x1d/0x30
[   66.733419][ T4943]  dump_stack_lvl+0xe8/0x140
[   66.733442][ T4943]  dump_stack+0x15/0x1b
[   66.733463][ T4943]  should_fail_ex+0x265/0x280
[   66.733571][ T4943]  should_failslab+0x8c/0xb0
[   66.733600][ T4943]  kmem_cache_alloc_noprof+0x50/0x310
[   66.733672][ T4943]  ? audit_log_start+0x365/0x6c0
[   66.733782][ T4943]  audit_log_start+0x365/0x6c0
[   66.733828][ T4943]  audit_seccomp+0x48/0x100
[   66.733861][ T4943]  ? __seccomp_filter+0x68c/0x10d0
[   66.733885][ T4943]  __seccomp_filter+0x69d/0x10d0
[   66.733943][ T4943]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   66.733970][ T4943]  ? vfs_write+0x75e/0x8e0
[   66.734007][ T4943]  __secure_computing+0x82/0x150
[   66.734028][ T4943]  syscall_trace_enter+0xcf/0x1e0
[   66.734180][ T4943]  do_syscall_64+0xac/0x200
[   66.734205][ T4943]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.734268][ T4943]  ? clear_bhb_loop+0x40/0x90
[   66.734290][ T4943]  ? clear_bhb_loop+0x40/0x90
[   66.734311][ T4943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.734431][ T4943] RIP: 0033:0x7fe92fd0e9a9
[   66.734503][ T4943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.734523][ T4943] RSP: 002b:00007fe92e377038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   66.734542][ T4943] RAX: ffffffffffffffda RBX: 00007fe92ff35fa0 RCX: 00007fe92fd0e9a9
[   66.734554][ T4943] RDX: 0000200000000000 RSI: 0000000080045505 RDI: 000000000000000e
[   66.734570][ T4943] RBP: 00007fe92e377090 R08: 0000000000000000 R09: 0000000000000000
[   66.734586][ T4943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.734601][ T4943] R13: 0000000000000000 R14: 00007fe92ff35fa0 R15: 00007fff01380f58
[   66.734625][ T4943]  </TASK>
[   66.851282][ T4943] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.489' sets config #1
[   67.077866][ T4954] loop0: detected capacity change from 0 to 512
[   67.086816][ T4954] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   67.098317][ T4954] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   67.132583][ T4961] loop0: detected capacity change from 0 to 764
[   67.142299][ T4959] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.495' sets config #1
[   67.555933][ T4988] xt_hashlimit: size too large, truncated to 1048576
[   67.563932][ T4988] xt_hashlimit: Unknown mode mask 80FF, kernel too old?
[   67.681475][ T4990] xt_hashlimit: size too large, truncated to 1048576
[   67.689338][ T4990] xt_hashlimit: Unknown mode mask 80FF, kernel too old?
[   67.921790][ T4999] loop1: detected capacity change from 0 to 736
[   67.928365][ T4999] iso9660: Unknown parameter '0177777777777777777777701777777777777777777777ÿÿÿÿÿÿÿÿ'
[   67.962665][ T4999] loop1: detected capacity change from 0 to 1024
[   67.992383][ T4999] FAULT_INJECTION: forcing a failure.
[   67.992383][ T4999] name failslab, interval 1, probability 0, space 0, times 0
[   68.005242][ T4999] CPU: 1 UID: 0 PID: 4999 Comm: syz.1.509 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   68.005276][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   68.005292][ T4999] Call Trace:
[   68.005355][ T4999]  <TASK>
[   68.005364][ T4999]  __dump_stack+0x1d/0x30
[   68.005494][ T4999]  dump_stack_lvl+0xe8/0x140
[   68.005518][ T4999]  dump_stack+0x15/0x1b
[   68.005540][ T4999]  should_fail_ex+0x265/0x280
[   68.005571][ T4999]  should_failslab+0x8c/0xb0
[   68.005614][ T4999]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   68.005713][ T4999]  ? sidtab_sid2str_get+0xa0/0x130
[   68.005745][ T4999]  kmemdup_noprof+0x2b/0x70
[   68.005771][ T4999]  sidtab_sid2str_get+0xa0/0x130
[   68.005804][ T4999]  security_sid_to_context_core+0x1eb/0x2e0
[   68.005915][ T4999]  security_sid_to_context+0x27/0x40
[   68.005946][ T4999]  avc_audit_post_callback+0x10f/0x520
[   68.006011][ T4999]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   68.006051][ T4999]  common_lsm_audit+0x1bb/0x230
[   68.006124][ T4999]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   68.006160][ T4999]  ? avc_denied+0xe4/0x100
[   68.006188][ T4999]  slow_avc_audit+0x104/0x140
[   68.006294][ T4999]  avc_has_perm+0x13a/0x180
[   68.006334][ T4999]  selinux_inode_setxattr+0x478/0x6e0
[   68.006366][ T4999]  ? __kernel_text_address+0xd/0x40
[   68.006416][ T4999]  ? unwind_get_return_address+0x16/0x40
[   68.006453][ T4999]  security_inode_setxattr+0x13a/0x1b0
[   68.006481][ T4999]  __vfs_setxattr_locked+0x83/0x1d0
[   68.006527][ T4999]  vfs_setxattr+0x132/0x270
[   68.006570][ T4999]  file_setxattr+0x139/0x1b0
[   68.006611][ T4999]  path_setxattrat+0x290/0x310
[   68.006751][ T4999]  __x64_sys_fsetxattr+0x6b/0x80
[   68.006822][ T4999]  x64_sys_call+0x1ced/0x2ff0
[   68.006850][ T4999]  do_syscall_64+0xd2/0x200
[   68.006879][ T4999]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   68.006908][ T4999]  ? clear_bhb_loop+0x40/0x90
[   68.006944][ T4999]  ? clear_bhb_loop+0x40/0x90
[   68.006966][ T4999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.006987][ T4999] RIP: 0033:0x7f23c309e9a9
[   68.007003][ T4999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.007075][ T4999] RSP: 002b:00007f23c16ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[   68.007094][ T4999] RAX: ffffffffffffffda RBX: 00007f23c32c5fa0 RCX: 00007f23c309e9a9
[   68.007106][ T4999] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000000000000007
[   68.007192][ T4999] RBP: 00007f23c16ff090 R08: 0000000000000000 R09: 0000000000000000
[   68.007204][ T4999] R10: 000000000000001e R11: 0000000000000246 R12: 0000000000000001
[   68.007216][ T4999] R13: 0000000000000000 R14: 00007f23c32c5fa0 R15: 00007ffd5185f068
[   68.007236][ T4999]  </TASK>
[   68.317946][ T5009] loop5: detected capacity change from 0 to 164
[   68.330786][ T5009] netlink: 8 bytes leftover after parsing attributes in process `syz.5.511'.
[   68.553257][ T5034] loop2: detected capacity change from 0 to 164
[   68.674274][ T5045] loop1: detected capacity change from 0 to 512
[   68.683146][ T5045] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   68.702582][ T5045] EXT4-fs (loop1): 1 truncate cleaned up
[   68.710301][ T5045] EXT4-fs mount: 22 callbacks suppressed
[   68.710319][ T5045] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.711355][ T5009] netlink: 20 bytes leftover after parsing attributes in process `syz.5.511'.
[   68.738034][ T5009] netlink: 21 bytes leftover after parsing attributes in process `syz.5.511'.
[   68.747217][ T5009] netlink: 'syz.5.511': attribute type 2 has an invalid length.
[   68.755022][ T5009] netlink: 21 bytes leftover after parsing attributes in process `syz.5.511'.
[   68.769822][   T29] kauditd_printk_skb: 594 callbacks suppressed
[   68.769835][   T29] audit: type=1326 audit(69.981:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   68.782516][ T5035] rock: directory entry would overflow storage
[   68.806115][ T5035] rock: sig=0x4f50, size=4, remaining=3
[   68.813793][ T5035] iso9660: Corrupted directory entry in block 4 of inode 1792
[   68.850216][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.889637][   T29] audit: type=1326 audit(70.014:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   68.913468][   T29] audit: type=1326 audit(70.014:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   68.937484][   T29] audit: type=1326 audit(70.014:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   68.961405][   T29] audit: type=1326 audit(70.014:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   68.985457][   T29] audit: type=1326 audit(70.014:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   69.009351][   T29] audit: type=1326 audit(70.078:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5053 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9403591265 code=0x7ffc0000
[   69.033250][   T29] audit: type=1326 audit(70.078:3184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   69.056880][   T29] audit: type=1326 audit(70.078:3185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   69.080641][   T29] audit: type=1326 audit(70.078:3186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.2.526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f940355e9a9 code=0x7ffc0000
[   69.108790][ T5056] loop4: detected capacity change from 0 to 512
[   69.116568][ T5056] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   69.131525][ T5056] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   69.281927][ T5072] bridge0: port 3(macsec1) entered blocking state
[   69.288901][ T5072] bridge0: port 3(macsec1) entered disabled state
[   69.316014][ T5072] macsec1: entered allmulticast mode
[   69.321507][ T5072] bridge0: entered allmulticast mode
[   69.322739][ T5079] loop4: detected capacity change from 0 to 512
[   69.334886][ T5072] macsec1: left allmulticast mode
[   69.340199][ T5072] bridge0: left allmulticast mode
[   69.342206][ T5079] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   69.364597][ T5079] EXT4-fs (loop4): 1 truncate cleaned up
[   69.371039][ T5079] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.402820][ T3299] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.517436][ T5102] loop2: detected capacity change from 0 to 164
[   69.534154][ T5102] netlink: 8 bytes leftover after parsing attributes in process `syz.2.545'.
[   69.645547][ T5093] loop5: detected capacity change from 0 to 512
[   69.652609][ T5093] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[   69.661795][ T5093] EXT4-fs (loop5): Couldn't mount because of unsupported optional features (fffc1829)
[   69.671408][ T5093] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[   69.762553][ T5102] netlink: 20 bytes leftover after parsing attributes in process `syz.2.545'.
[   69.771613][ T5102] netlink: 21 bytes leftover after parsing attributes in process `syz.2.545'.
[   69.780692][ T5102] netlink: 'syz.2.545': attribute type 2 has an invalid length.
[   69.788389][ T5102] netlink: 21 bytes leftover after parsing attributes in process `syz.2.545'.
[   69.801041][ T5102] rock: directory entry would overflow storage
[   69.807298][ T5102] rock: sig=0x4f50, size=4, remaining=3
[   69.812895][ T5102] iso9660: Corrupted directory entry in block 4 of inode 1792
[   69.938538][ T5124] loop4: detected capacity change from 0 to 764
[   70.013141][ T5127] Symlink component flag not implemented
[   70.020134][ T5127] Symlink component flag not implemented
[   70.026087][ T5127] Symlink component flag not implemented (129)
[   70.033368][ T5127] Symlink component flag not implemented (6)
[   70.139082][ T5138] loop0: detected capacity change from 0 to 512
[   70.148243][ T5138] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   70.159404][ T5138] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   70.218737][ T5143] xt_hashlimit: size too large, truncated to 1048576
[   70.226807][ T5143] xt_hashlimit: Unknown mode mask 80FF, kernel too old?
[   70.509071][ T5168] FAULT_INJECTION: forcing a failure.
[   70.509071][ T5168] name failslab, interval 1, probability 0, space 0, times 0
[   70.540261][ T5168] CPU: 0 UID: 0 PID: 5168 Comm: syz.5.568 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   70.540295][ T5168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.540306][ T5168] Call Trace:
[   70.540311][ T5168]  <TASK>
[   70.540317][ T5168]  __dump_stack+0x1d/0x30
[   70.540418][ T5168]  dump_stack_lvl+0xe8/0x140
[   70.540434][ T5168]  dump_stack+0x15/0x1b
[   70.540448][ T5168]  should_fail_ex+0x265/0x280
[   70.540469][ T5168]  ? audit_log_d_path+0x8d/0x150
[   70.540496][ T5168]  should_failslab+0x8c/0xb0
[   70.540567][ T5168]  __kmalloc_cache_noprof+0x4c/0x320
[   70.540592][ T5168]  audit_log_d_path+0x8d/0x150
[   70.540685][ T5168]  audit_log_d_path_exe+0x42/0x70
[   70.540712][ T5168]  audit_log_task+0x1e9/0x250
[   70.540738][ T5168]  audit_seccomp+0x61/0x100
[   70.540759][ T5168]  ? __seccomp_filter+0x68c/0x10d0
[   70.540826][ T5168]  __seccomp_filter+0x69d/0x10d0
[   70.540875][ T5168]  ? read_tsc+0x9/0x20
[   70.540963][ T5168]  ? ktime_get+0x1eb/0x210
[   70.540984][ T5168]  ? lapic_next_event+0x11/0x20
[   70.541005][ T5168]  ? clockevents_program_event+0x240/0x4e0
[   70.541094][ T5168]  __secure_computing+0x82/0x150
[   70.541119][ T5168]  syscall_trace_enter+0xcf/0x1e0
[   70.541139][ T5168]  do_syscall_64+0xac/0x200
[   70.541208][ T5168]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.541237][ T5168]  ? clear_bhb_loop+0x40/0x90
[   70.541264][ T5168]  ? clear_bhb_loop+0x40/0x90
[   70.541322][ T5168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.541340][ T5168] RIP: 0033:0x7fe92fd0e9a9
[   70.541353][ T5168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.541402][ T5168] RSP: 002b:00007fe92e377038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.541417][ T5168] RAX: ffffffffffffffda RBX: 00007fe92ff35fa0 RCX: 00007fe92fd0e9a9
[   70.541460][ T5168] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000007
[   70.541470][ T5168] RBP: 00007fe92e377090 R08: 0000000000000000 R09: 0000000000000000
[   70.541481][ T5168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.541491][ T5168] R13: 0000000000000000 R14: 00007fe92ff35fa0 R15: 00007fff01380f58
[   70.541507][ T5168]  </TASK>
[   70.909114][ T5185] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   71.144745][ T5181] loop2: detected capacity change from 0 to 512
[   71.166896][ T5181] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   71.177128][ T5181] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (fffc1829)
[   71.188054][ T5181] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[   71.467670][ T5231] xt_hashlimit: size too large, truncated to 1048576
[   71.474492][ T5231] xt_hashlimit: Unknown mode mask 80FF, kernel too old?
[   71.918720][ T5250] loop1: detected capacity change from 0 to 512
[   71.925819][ T5250] EXT4-fs: Ignoring removed mblk_io_submit option
[   71.932402][ T5250] EXT4-fs: quotafile must be on filesystem root
[   71.963542][ T5252] FAULT_INJECTION: forcing a failure.
[   71.963542][ T5252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.976843][ T5252] CPU: 1 UID: 0 PID: 5252 Comm: syz.2.594 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   71.976883][ T5252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   71.976899][ T5252] Call Trace:
[   71.976906][ T5252]  <TASK>
[   71.976914][ T5252]  __dump_stack+0x1d/0x30
[   71.976940][ T5252]  dump_stack_lvl+0xe8/0x140
[   71.976996][ T5252]  dump_stack+0x15/0x1b
[   71.977016][ T5252]  should_fail_ex+0x265/0x280
[   71.977043][ T5252]  should_fail+0xb/0x20
[   71.977119][ T5252]  should_fail_usercopy+0x1a/0x20
[   71.977151][ T5252]  _copy_to_user+0x20/0xa0
[   71.977218][ T5252]  simple_read_from_buffer+0xb5/0x130
[   71.977254][ T5252]  proc_fail_nth_read+0x100/0x140
[   71.977280][ T5252]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   71.977304][ T5252]  vfs_read+0x19d/0x6f0
[   71.977420][ T5252]  ? __cond_resched+0x4e/0x90
[   71.977459][ T5252]  ksys_read+0xda/0x1a0
[   71.977500][ T5252]  __x64_sys_read+0x40/0x50
[   71.977538][ T5252]  x64_sys_call+0x27bc/0x2ff0
[   71.977619][ T5252]  do_syscall_64+0xd2/0x200
[   71.977645][ T5252]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   71.977703][ T5252]  ? clear_bhb_loop+0x40/0x90
[   71.977725][ T5252]  ? clear_bhb_loop+0x40/0x90
[   71.977746][ T5252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.977771][ T5252] RIP: 0033:0x7f940355d3bc
[   71.977791][ T5252] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   71.977889][ T5252] RSP: 002b:00007f9401bbf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   71.977914][ T5252] RAX: ffffffffffffffda RBX: 00007f9403785fa0 RCX: 00007f940355d3bc
[   71.977930][ T5252] RDX: 000000000000000f RSI: 00007f9401bbf0a0 RDI: 0000000000000005
[   71.977943][ T5252] RBP: 00007f9401bbf090 R08: 0000000000000000 R09: 0000000000000000
[   71.977955][ T5252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   71.977966][ T5252] R13: 0000000000000000 R14: 00007f9403785fa0 R15: 00007ffedad2a368
[   71.977989][ T5252]  </TASK>
[   72.289043][ T5261] loop2: detected capacity change from 0 to 512
[   72.295782][ T5261] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   72.319924][ T5261] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   72.671481][ T5298] FAULT_INJECTION: forcing a failure.
[   72.671481][ T5298] name failslab, interval 1, probability 0, space 0, times 0
[   72.684396][ T5298] CPU: 1 UID: 0 PID: 5298 Comm: syz.1.612 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   72.684430][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.684446][ T5298] Call Trace:
[   72.684451][ T5298]  <TASK>
[   72.684457][ T5298]  __dump_stack+0x1d/0x30
[   72.684555][ T5298]  dump_stack_lvl+0xe8/0x140
[   72.684580][ T5298]  dump_stack+0x15/0x1b
[   72.684598][ T5298]  should_fail_ex+0x265/0x280
[   72.684701][ T5298]  ? v9fs_mount+0x51/0x5c0
[   72.684737][ T5298]  should_failslab+0x8c/0xb0
[   72.684762][ T5298]  __kmalloc_cache_noprof+0x4c/0x320
[   72.684828][ T5298]  v9fs_mount+0x51/0x5c0
[   72.684867][ T5298]  ? selinux_capable+0x31/0x40
[   72.684907][ T5298]  ? __pfx_v9fs_mount+0x10/0x10
[   72.684948][ T5298]  legacy_get_tree+0x78/0xd0
[   72.685069][ T5298]  vfs_get_tree+0x54/0x1d0
[   72.685319][ T5298]  do_new_mount+0x207/0x5e0
[   72.685393][ T5298]  ? security_capable+0x83/0x90
[   72.685441][ T5298]  path_mount+0x4a4/0xb20
[   72.685475][ T5298]  ? user_path_at+0x109/0x130
[   72.685658][ T5298]  __se_sys_mount+0x28f/0x2e0
[   72.685807][ T5298]  ? fput+0x8f/0xc0
[   72.685835][ T5298]  __x64_sys_mount+0x67/0x80
[   72.685869][ T5298]  x64_sys_call+0x2b4d/0x2ff0
[   72.685915][ T5298]  do_syscall_64+0xd2/0x200
[   72.685981][ T5298]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   72.686010][ T5298]  ? clear_bhb_loop+0x40/0x90
[   72.686034][ T5298]  ? clear_bhb_loop+0x40/0x90
[   72.686058][ T5298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.686115][ T5298] RIP: 0033:0x7f23c309e9a9
[   72.686131][ T5298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.686166][ T5298] RSP: 002b:00007f23c16ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   72.686186][ T5298] RAX: ffffffffffffffda RBX: 00007f23c32c5fa0 RCX: 00007f23c309e9a9
[   72.686199][ T5298] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000
[   72.686211][ T5298] RBP: 00007f23c16ff090 R08: 0000200000000240 R09: 0000000000000000
[   72.686223][ T5298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   72.686235][ T5298] R13: 0000000000000000 R14: 00007f23c32c5fa0 R15: 00007ffd5185f068
[   72.686256][ T5298]  </TASK>
[   73.206568][ T5320] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   73.343407][ T5331] FAULT_INJECTION: forcing a failure.
[   73.343407][ T5331] name failslab, interval 1, probability 0, space 0, times 0
[   73.356250][ T5322] infiniband syz!: set active
[   73.356269][ T5322] infiniband syz!: added team_slave_0
[   73.363939][ T5322] RDS/IB: syz!: added
[   73.368458][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.1.625 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   73.368513][ T5331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.368531][ T5331] Call Trace:
[   73.368539][ T5331]  <TASK>
[   73.368549][ T5331]  __dump_stack+0x1d/0x30
[   73.368579][ T5331]  dump_stack_lvl+0xe8/0x140
[   73.368605][ T5331]  dump_stack+0x15/0x1b
[   73.368634][ T5331]  should_fail_ex+0x265/0x280
[   73.368680][ T5331]  should_failslab+0x8c/0xb0
[   73.368709][ T5331]  __kvmalloc_node_noprof+0x123/0x4e0
[   73.368749][ T5331]  ? alloc_fdtable+0x10b/0x1d0
[   73.368797][ T5331]  alloc_fdtable+0x10b/0x1d0
[   73.368876][ T5331]  dup_fd+0x4c7/0x540
[   73.368927][ T5331]  ksys_unshare+0x346/0x6d0
[   73.368965][ T5331]  ? ksys_write+0x192/0x1a0
[   73.369011][ T5331]  __x64_sys_unshare+0x1f/0x30
[   73.369091][ T5331]  x64_sys_call+0x2911/0x2ff0
[   73.369120][ T5331]  do_syscall_64+0xd2/0x200
[   73.369156][ T5331]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.369239][ T5331]  ? clear_bhb_loop+0x40/0x90
[   73.369267][ T5331]  ? clear_bhb_loop+0x40/0x90
[   73.369298][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.369326][ T5331] RIP: 0033:0x7f23c309e9a9
[   73.369348][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.369371][ T5331] RSP: 002b:00007f23c16ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   73.369402][ T5331] RAX: ffffffffffffffda RBX: 00007f23c32c5fa0 RCX: 00007f23c309e9a9
[   73.369495][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[   73.369512][ T5331] RBP: 00007f23c16ff090 R08: 0000000000000000 R09: 0000000000000000
[   73.369527][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.369543][ T5331] R13: 0000000000000000 R14: 00007f23c32c5fa0 R15: 00007ffd5185f068
[   73.369619][ T5331]  </TASK>
[   73.561918][ T5322] smc: adding ib device syz! with port count 1
[   73.568518][ T5322] smc:    ib device syz! port 1 has pnetid 
[   73.577373][   T29] kauditd_printk_skb: 453 callbacks suppressed
[   73.577389][   T29] audit: type=1400 audit(75.131:3640): avc:  denied  { read write } for  pid=5335 comm="syz.1.626" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   73.606498][   T29] audit: type=1400 audit(75.131:3641): avc:  denied  { open } for  pid=5335 comm="syz.1.626" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   73.789369][ T5302] uprobe: syz.5.614:5302 failed to unregister, leaking uprobe
[   73.853754][ T5347] loop1: detected capacity change from 0 to 512
[   73.863033][ T5347] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   73.875338][ T5347] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   73.878286][   T29] audit: type=1400 audit(75.442:3642): avc:  denied  { mounton } for  pid=5346 comm="syz.1.629" path="/140/file0" dev="tmpfs" ino=771 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   73.922713][   T29] audit: type=1400 audit(75.507:3643): avc:  denied  { execmem } for  pid=5348 comm="syz.1.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   73.955066][ T5351] loop5: detected capacity change from 0 to 512
[   73.971112][ T5351] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   73.984299][ T5351] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   74.040895][ T5355] netlink: 24 bytes leftover after parsing attributes in process `syz.0.634'.
[   74.057461][   T29] audit: type=1400 audit(75.657:3644): avc:  denied  { create } for  pid=5354 comm="syz.0.634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   74.112737][   T29] audit: type=1400 audit(75.678:3645): avc:  denied  { ioctl } for  pid=5354 comm="syz.0.634" path="socket:[11285]" dev="sockfs" ino=11285 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   74.136836][   T29] audit: type=1326 audit(75.678:3646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5354 comm="syz.0.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f59ede9a9 code=0x7ffc0000
[   74.159518][   T29] audit: type=1326 audit(75.678:3647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5354 comm="syz.0.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f59ede9a9 code=0x7ffc0000
[   74.182211][   T29] audit: type=1326 audit(75.678:3648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5354 comm="syz.0.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f59ede9a9 code=0x7ffc0000
[   74.204930][   T29] audit: type=1400 audit(75.700:3649): avc:  denied  { mount } for  pid=5357 comm="syz.0.637" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   74.298603][ T5349] netlink: 'syz.1.631': attribute type 10 has an invalid length.
[   74.306414][ T5349] netlink: 40 bytes leftover after parsing attributes in process `syz.1.631'.
[   74.571608][ T5358] loop2: detected capacity change from 0 to 512
[   74.580411][ T5358] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   74.589528][ T5358] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (fffc1829)
[   74.599211][ T5358] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[   74.801435][ T5392] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   75.296630][ T5413] netlink: 32 bytes leftover after parsing attributes in process `’'.
[   75.565897][ T5429] loop0: detected capacity change from 0 to 512
[   75.575245][ T5417] netlink: 'syz.4.654': attribute type 10 has an invalid length.
[   75.584381][ T5417] netlink: 40 bytes leftover after parsing attributes in process `syz.4.654'.
[   75.643025][ T5429] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   76.089251][ T5461] loop5: detected capacity change from 0 to 512
[   76.097942][ T5459] loop2: detected capacity change from 0 to 512
[   76.104817][ T5461] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   76.113905][ T5459] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   76.144500][ T5459] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   76.176587][ T5468] loop0: detected capacity change from 0 to 512
[   76.184432][ T5468] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   76.208952][ T5468] EXT4-fs (loop0): 1 truncate cleaned up
[   76.228768][ T5474] loop2: detected capacity change from 0 to 2048
[   76.235949][ T5468] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.270394][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.286658][ T5474] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.302054][ T5474] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[   76.321379][ T5474] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   76.333755][ T5474] EXT4-fs (loop2): This should not happen!! Data will be lost
[   76.333755][ T5474] 
[   76.343551][ T5474] EXT4-fs (loop2): Total free blocks count 0
[   76.349696][ T5474] EXT4-fs (loop2): Free/Dirty block details
[   76.355674][ T5474] EXT4-fs (loop2): free_blocks=66060288
[   76.361280][ T5474] EXT4-fs (loop2): dirty_blocks=32
[   76.366451][ T5474] EXT4-fs (loop2): Block reservation details
[   76.372479][ T5474] EXT4-fs (loop2): i_reserved_data_blocks=2
[   76.405862][ T5481] veth1_macvtap: left promiscuous mode
[   76.411432][ T5481] macsec0: entered allmulticast mode
[   76.446674][ T5474] veth1_macvtap: entered promiscuous mode
[   76.452593][ T5474] veth1_macvtap: entered allmulticast mode
[   76.460099][ T5474] macsec0: entered promiscuous mode
[   76.482469][   T12] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[   76.514713][ T5483] loop0: detected capacity change from 0 to 1024
[   76.521632][ T5483] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   76.574553][ T5488] loop4: detected capacity change from 0 to 1024
[   76.583521][ T5488] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   76.648524][ T5511] loop4: detected capacity change from 0 to 512
[   76.656865][ T5511] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   76.662531][ T5513] netlink: 100 bytes leftover after parsing attributes in process `syz.0.685'.
[   76.721839][ T5516] loop4: detected capacity change from 0 to 1024
[   76.728292][ T5521] loop1: detected capacity change from 0 to 1024
[   76.734916][ T5518] loop0: detected capacity change from 0 to 1024
[   76.735418][ T5518] EXT4-fs: Ignoring removed nobh option
[   76.735443][ T5518] EXT4-fs: Ignoring removed bh option
[   76.736699][ T5516] EXT4-fs: Ignoring removed orlov option
[   76.744091][ T5521] EXT4-fs: Ignoring removed orlov option
[   76.771130][ T5518] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.786523][ T5516] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.796576][ T5521] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.126055][ T3299] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.142377][ T5532] loop5: detected capacity change from 0 to 1024
[   77.157024][ T5532] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   77.361758][ T5543] netlink: 32 bytes leftover after parsing attributes in process `syz.5.692'.
[   77.376045][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.415978][ T5553] loop1: detected capacity change from 0 to 512
[   77.444699][ T5553] EXT4-fs (loop1): too many log groups per flexible block group
[   77.452747][ T5553] EXT4-fs (loop1): failed to initialize mballoc (-12)
[   77.460638][ T5553] EXT4-fs (loop1): mount failed
[   77.526938][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.538784][ T5565] netlink: 100 bytes leftover after parsing attributes in process `syz.4.700'.
[   77.584337][ T5567] loop0: detected capacity change from 0 to 512
[   77.617889][ T5575] FAULT_INJECTION: forcing a failure.
[   77.617889][ T5575] name failslab, interval 1, probability 0, space 0, times 0
[   77.631815][ T5575] CPU: 0 UID: 0 PID: 5575 Comm: syz.2.704 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   77.631843][ T5575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   77.631876][ T5575] Call Trace:
[   77.631883][ T5575]  <TASK>
[   77.631891][ T5575]  __dump_stack+0x1d/0x30
[   77.631915][ T5575]  dump_stack_lvl+0xe8/0x140
[   77.631940][ T5575]  dump_stack+0x15/0x1b
[   77.631977][ T5575]  should_fail_ex+0x265/0x280
[   77.632006][ T5575]  ? x509_cert_parse+0xa7/0x430
[   77.632029][ T5575]  should_failslab+0x8c/0xb0
[   77.632057][ T5575]  __kmalloc_cache_noprof+0x4c/0x320
[   77.632107][ T5575]  x509_cert_parse+0xa7/0x430
[   77.632132][ T5575]  x509_key_preparse+0x3c/0x420
[   77.632158][ T5575]  asymmetric_key_preparse+0x68/0xb0
[   77.632229][ T5575]  __key_create_or_update+0x288/0x750
[   77.632256][ T5575]  ? key_validate+0xad/0xd0
[   77.632375][ T5575]  key_create_or_update+0x42/0x60
[   77.632409][ T5575]  __se_sys_add_key+0x296/0x350
[   77.632504][ T5575]  __x64_sys_add_key+0x67/0x80
[   77.632538][ T5575]  x64_sys_call+0x28c4/0x2ff0
[   77.632565][ T5575]  do_syscall_64+0xd2/0x200
[   77.632616][ T5575]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   77.632644][ T5575]  ? clear_bhb_loop+0x40/0x90
[   77.632668][ T5575]  ? clear_bhb_loop+0x40/0x90
[   77.632696][ T5575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.632786][ T5575] RIP: 0033:0x7f940355e9a9
[   77.632802][ T5575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.632824][ T5575] RSP: 002b:00007f9401bbf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   77.632847][ T5575] RAX: ffffffffffffffda RBX: 00007f9403785fa0 RCX: 00007f940355e9a9
[   77.632875][ T5575] RDX: 0000200000000840 RSI: 0000000000000000 RDI: 0000200000000800
[   77.632890][ T5575] RBP: 00007f9401bbf090 R08: ffffffffffffffff R09: 0000000000000000
[   77.632937][ T5575] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000002
[   77.632948][ T5575] R13: 0000000000000001 R14: 00007f9403785fa0 R15: 00007ffedad2a368
[   77.632966][ T5575]  </TASK>
[   77.635868][ T5567] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   77.857901][ T5567] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   77.882635][ T5581] loop5: detected capacity change from 0 to 1024
[   77.903220][ T5586] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-xor(2)
[   77.923051][ T5581] EXT4-fs: Ignoring removed orlov option
[   78.023887][ T5581] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.042942][ T5594] loop0: detected capacity change from 0 to 1024
[   78.085320][ T5594] EXT4-fs: Ignoring removed nobh option
[   78.091009][ T5594] EXT4-fs: Ignoring removed bh option
[   78.159951][ T5594] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.310784][ T5602] loop2: detected capacity change from 0 to 512
[   78.318928][ T5602] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   78.329235][ T5602] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (fffc1829)
[   78.340202][ T5602] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[   78.352693][   T29] kauditd_printk_skb: 391 callbacks suppressed
[   78.352763][   T29] audit: type=1326 audit(80.260:4041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.382855][   T29] audit: type=1326 audit(80.260:4042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.407997][   T29] audit: type=1326 audit(80.260:4043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.431833][   T29] audit: type=1326 audit(80.260:4044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.454736][   T29] audit: type=1326 audit(80.260:4045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.488927][   T29] audit: type=1400 audit(80.292:4046): avc:  denied  { create } for  pid=5612 comm="GPL" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   78.508392][   T29] audit: type=1400 audit(80.292:4047): avc:  denied  { accept } for  pid=5612 comm="GPL" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   78.527837][   T29] audit: type=1326 audit(80.399:4048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.551676][   T29] audit: type=1326 audit(80.399:4049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.575609][   T29] audit: type=1326 audit(80.399:4050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5612 comm="syz.1.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c309e9a9 code=0x7ffc0000
[   78.644541][ T4149] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.670441][ T5620] loop5: detected capacity change from 0 to 512
[   78.678318][ T5620] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   78.689039][ T5620] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   78.792544][ T5629] loop5: detected capacity change from 0 to 1024
[   78.810067][ T5629] EXT4-fs: Ignoring removed nobh option
[   78.815726][ T5629] EXT4-fs: Ignoring removed bh option
[   78.861044][ T5634] loop2: detected capacity change from 0 to 512
[   78.869028][ T5629] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.884262][ T5634] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   78.896910][ T5634] EXT4-fs (loop2): 1 truncate cleaned up
[   78.903690][ T5634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.941615][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.008866][ T4149] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.042211][ T5639] loop5: detected capacity change from 0 to 1024
[   79.049093][ T5639] EXT4-fs: Ignoring removed orlov option
[   79.062911][ T5639] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.097765][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.243465][ T5639] ==================================================================
[   79.251664][ T5639] BUG: KCSAN: data-race in vfs_fsync_range / writeback_single_inode
[   79.259711][ T5639] 
[   79.262060][ T5639] write to 0xffff888109615758 of 4 bytes by task 5647 on cpu 1:
[   79.269721][ T5639]  writeback_single_inode+0x14a/0x3e0
[   79.275131][ T5639]  sync_inode_metadata+0x5b/0x90
[   79.280134][ T5639]  generic_buffers_fsync_noflush+0xd9/0x120
[   79.286086][ T5639]  ext4_sync_file+0x1ab/0x690
[   79.290803][ T5639]  vfs_fsync_range+0x10a/0x130
[   79.295612][ T5639]  ext4_buffered_write_iter+0x34f/0x3c0
[   79.301193][ T5639]  ext4_file_write_iter+0x383/0xf00
[   79.306463][ T5639]  iter_file_splice_write+0x5ef/0x970
[   79.311882][ T5639]  direct_splice_actor+0x153/0x2a0
[   79.317045][ T5639]  splice_direct_to_actor+0x30f/0x680
[   79.322460][ T5639]  do_splice_direct+0xda/0x150
[   79.327280][ T5639]  do_sendfile+0x380/0x650
[   79.331733][ T5639]  __x64_sys_sendfile64+0x105/0x150
[   79.337009][ T5639]  x64_sys_call+0x2bb0/0x2ff0
[   79.341750][ T5639]  do_syscall_64+0xd2/0x200
[   79.346314][ T5639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.352249][ T5639] 
[   79.354598][ T5639] read to 0xffff888109615758 of 4 bytes by task 5639 on cpu 0:
[   79.362168][ T5639]  vfs_fsync_range+0x9b/0x130
[   79.366887][ T5639]  ext4_buffered_write_iter+0x34f/0x3c0
[   79.372491][ T5639]  ext4_file_write_iter+0x383/0xf00
[   79.377823][ T5639]  iter_file_splice_write+0x5ef/0x970
[   79.383262][ T5639]  direct_splice_actor+0x153/0x2a0
[   79.388437][ T5639]  splice_direct_to_actor+0x30f/0x680
[   79.393850][ T5639]  do_splice_direct+0xda/0x150
[   79.398664][ T5639]  do_sendfile+0x380/0x650
[   79.403103][ T5639]  __x64_sys_sendfile64+0x105/0x150
[   79.408353][ T5639]  x64_sys_call+0x2bb0/0x2ff0
[   79.413070][ T5639]  do_syscall_64+0xd2/0x200
[   79.417618][ T5639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.423541][ T5639] 
[   79.425875][ T5639] value changed: 0x00000038 -> 0x00000002
[   79.431618][ T5639] 
[   79.433957][ T5639] Reported by Kernel Concurrency Sanitizer on:
[   79.440140][ T5639] CPU: 0 UID: 0 PID: 5639 Comm: syz.5.726 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[   79.452156][ T5639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   79.462334][ T5639] ==================================================================
[   79.556960][ T4149] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.621531][ T5646] netlink: 'syz.0.727': attribute type 10 has an invalid length.
[   79.629424][ T5646] netlink: 40 bytes leftover after parsing attributes in process `syz.0.727'.