last executing test programs:

1m54.881458367s ago: executing program 3 (id=567):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_writev(0x0, &(0x7f0000001f40)=[{&(0x7f0000002500)=""/172, 0xac}, {&(0x7f0000001e40)=""/104, 0x68}, {&(0x7f0000001ec0)=""/43, 0x2b}, {&(0x7f0000001f00)=""/1, 0x1}], 0x4, &(0x7f0000002440)=[{&(0x7f0000001f80)=""/83, 0x55}, {&(0x7f0000002000)=""/34, 0x22}, {&(0x7f0000002600)=""/4096, 0x1000}, {&(0x7f0000002040)=""/163, 0xa3}, {&(0x7f0000002100)=""/251, 0xfb}, {&(0x7f0000002200)=""/10, 0xa}, {&(0x7f0000002240)=""/46, 0xfffffffffffffe49}, {&(0x7f0000002280)=""/79, 0x4f}, {&(0x7f0000002300)=""/60, 0x3c}, {&(0x7f0000002340)=""/210, 0xd2}], 0xa, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38)

1m54.878046197s ago: executing program 3 (id=568):
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') (fail_nth: 6)

1m54.593047741s ago: executing program 3 (id=569):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x7, 0x1f, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x10000000, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0}, 0x1495b0328ff77991)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f0000001b40)='nfs\x00', 0xa00008, &(0x7f0000000000))
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x60ff, 0x8cffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x14, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES32, @ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000026e10006004bc968b2f4ff000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000c80)={{0x1}, &(0x7f0000000c00), &(0x7f0000000080)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f0, 0x0)
r4 = epoll_create1(0x80000)
fcntl$F_SET_RW_HINT(r4, 0x40c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010100f8ffffffb702000008000000b703000000000000850000000e200000958eafa381c72896c3bb11a4ac6e2bf358e10e0534dacc9a4d9386c8ded85558e18645c3414cd8892033cfdfd4d72f1fc0d267da528c0700000016526f9611ec37616f8088f5fb6f3a6aab432312e97b11544a603dcdbaf5f837f7d3f7e190ecae221c9ba4180c5339654541da9185304d101078ee9ed3354cfc7bd46db9816f6d7f17b264da7d9c850493301a49c0f7825529c3038f809074498b8a3fb85425e52ad42de5b2df0150d025aedee9773f8b9ee4876e1b6e4d1db97e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000cc0)=@urb_type_iso={0x0, {0xa}, 0x80, 0x5, &(0x7f00000004c0)="09b401575bd98a2e9f938e42b97ab63e216e42eb334938246d6c5b4eace7b4768e007afe7145b0fad6070fbd4c060718b0a44e446c2235b2e0dd4c22e95c81c16d5275426f9552229e9062c2dbb7f20b1bb7", 0x52, 0x400, 0x5, 0x40, 0xf8, 0x9, &(0x7f0000000200)="5f69beeae952557985794bad574e6ee25353935e3cde8a17d1561b43caa7", [{0x0, 0xf8c4, 0x1}, {0x9, 0x1, 0x1}, {0xe9, 0x6, 0x6}, {0x8, 0x1, 0x30}, {0x7, 0x3, 0x9}, {0x6, 0xc, 0x4}, {0x5, 0x5, 0x1}, {0x6, 0x0, 0x3}, {0xffff8000, 0x1, 0x7f}, {0x2, 0x9, 0x400000}, {0x7, 0xffffffff, 0xb2}, {0x4, 0x6, 0x8}, {0x5, 0x3, 0x1}, {0xfff, 0xfffffff7, 0x9}, {0x7ff, 0x1, 0x9}, {0xa6d, 0xd466, 0x5}, {0x0, 0x40, 0x7fffffff}, {0x0, 0x8, 0x9}, {0x6, 0x200}, {0x81, 0x7ff, 0x8001}, {0x2, 0x5, 0x6}, {0x5, 0x2df, 0xa}, {0x4, 0xe211}, {0x5, 0x9, 0x2}, {0x1, 0x80000001, 0x6}, {0x9, 0x6, 0x7fffffff}, {0xb, 0x100, 0x5}, {0x8000, 0x1, 0xd5a}, {0x8, 0x80000000, 0xc01}, {0x7, 0x9, 0x6}, {0x4, 0x9, 0x4}, {0x4, 0x2, 0x3}, {0x6, 0x80000000, 0x7}, {0x3, 0x800, 0xb9}, {0xffffeadc, 0x8f, 0xfffffffa}, {0x7, 0x0, 0x4}, {0x3, 0xf21, 0x1}, {0x200, 0x80000000, 0xd}, {0x6, 0x9, 0xc}, {0x5, 0x9, 0x3}, {0x1, 0x8000, 0x9}, {0x3, 0x0, 0x8}, {0x6, 0x6, 0xe09}, {0xffff, 0x1, 0x2}, {0xbdf, 0x468, 0x1}, {0x4, 0xa, 0x7}, {0x7ff, 0x4, 0x7f}, {0x3, 0xfff, 0xfffffffe}, {0x81, 0x1, 0x83e}, {0x800, 0x2, 0x6e34}, {0x5, 0x7f, 0x457}, {0x5, 0x4, 0x1ff}, {0x6, 0x8000, 0x8}, {0x0, 0x4, 0xb441}, {0x40, 0x2, 0x3}, {0x800, 0x7f, 0x2}, {0x8, 0x9, 0x7fffffff}, {0x7f, 0x7fffffff, 0xa2ff}, {0x1, 0x5e8, 0xc34}, {0x5, 0x783, 0x1000}, {0x1b7, 0xb76c, 0x200}, {0x8, 0xb0, 0x7}, {0x7, 0xf, 0x7}, {0x4, 0xee3c, 0x9}]})

1m54.592773352s ago: executing program 3 (id=570):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x1200000, &(0x7f0000000200)={[{@noblock_validity}, {}, {@noinit_itable}, {@orlov}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@noquota}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200, 0x400000]})
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000001f00)=ANY=[], 0xe00f, 0x0)
ioctl$KDSKBENT(r0, 0x4b47, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10)
link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00')

1m54.419836914s ago: executing program 3 (id=573):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r4 = getpid()
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='neigh_create\x00', r5}, 0x18)
r6 = socket(0x8000000010, 0x2, 0x0)
write(r6, &(0x7f00000002c0)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbf6, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0xc8fa, 0x80000001, 0xfffffff1}}}}]}, 0x44}}, 0x40804)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r10}, 0x18)
lsm_get_self_attr(0x67, 0x0, &(0x7f0000000080), 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r12}, 0x10)
r13 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r13, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x0, 0x100804, 0x0, 0xa, 0x10001, 0x0, 0x4, 0x0, 0x0, 0x4})
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r13, 0x40a85321, &(0x7f00000004c0)={{0x80}, 'port0\x00', 0x0, 0x121428, 0x7fff, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xe})

1m54.04817601s ago: executing program 3 (id=585):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xb, &(0x7f0000000640)=ANY=[@ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@nolazytime}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000340)={0x23, 0x0, 0x0, 0x2}, 0x10) (fail_nth: 4)

1m54.02250406s ago: executing program 32 (id=585):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xb, &(0x7f0000000640)=ANY=[@ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@nolazytime}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000340)={0x23, 0x0, 0x0, 0x2}, 0x10) (fail_nth: 4)

1m32.975949204s ago: executing program 0 (id=1051):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x0, 0x3, 0x8002ae}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2000044, &(0x7f0000000040)={[{@errors_remount}, {@jqfmt_vfsold}, {@quota}]}, 0x2, 0x500, &(0x7f0000000b00)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x80)
ioctl$FS_IOC_ENABLE_VERITY(r3, 0x8004587d, &(0x7f0000000340)={0x2, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0xc}, 0x50)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x109880})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

1m32.5671952s ago: executing program 0 (id=1063):
clock_getres(0x4, &(0x7f00000000c0))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x200000, &(0x7f0000000180)={[{@delalloc}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r3, 0x2007ffb)
sendfile(r2, r3, 0x0, 0x1000000201005)

1m31.351942548s ago: executing program 0 (id=1070):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800ffffffffffffffe30000000011b0b81e000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x1, 0x40000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000340)='virt_wifi0\x00', 0x10)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x8)
close(0xffffffffffffffff)
write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, &(0x7f0000000300)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x9}}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x0, &(0x7f00000003c0)})
set_mempolicy(0x1, &(0x7f0000000240)=0xb3, 0x7)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f00000004c0)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@dioread_lock}, {@stripe={'stripe', 0x3d, 0x1f5}}, {@grpjquota, 0x2e}, {@barrier}, {@nolazytime}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4aa, &(0x7f0000000740)="$eJzs3MtvG0UYAPBvN4++m7SURx9QQ0FEFJImLdADh4JA6gUJCQ7lGNJQlaYtaoJEq4oGhMoR8RcARyQkTlw4gYQQcAJxhTtCqlAvLRxQ0Nq7ybqxU8d5GOrfT7IzszvrmW93xx7vZB1A16pkT0nE1oj4NSIGatn6ApXan5vXL0/8df3yRBJzcy//mVTL3bh+eaIoWmy3Jc8MpRHp+0nsbVDv9MVLZ8anpiYv5PmRmbNvjkxfvPTE6bPjpyZPTZ4bO3r0yOHRp58ae3JV4sziurHnnfP7dh9/9aMXJ+bitR8+z9q7NV9fjqNmcMV1VqISc7mFpf3V50dW/Or/LdtK6aS3gw1hWXoiIjtcfdX+PxA9sXDwBuKF9+Yz33aogcCayT6bdixa2pP/Tec/v4A7UaKPQ5cqPvGz77/FYz3HH5127dnsebIa/838UVvTG2n2XXaw9o29p8n2x1ZY/9aIODH798fZIxpehwAAWF1fZ+OfxxuN/9K4p1Ruez6HMhgRByNiZ0TcFRG7IuLuiGrZeyPivmXWX7klv3j88/OmtgJrUTb+eyaf26of/6V5iWQ+t60af1/y+umpyUP5PhmKvg1ZfnSJOr55/pcPm62rlMZ/2SOrvxgL5u34o3dD/TYnx2fGVxBynWvvRuzpbRR/Mj8TkO2B3RGxp43Xz/bZ6cc+25elt29ZvP728S9hFeaZ5j6NeLR2/GfjlvgLSa2mZvOTIxtjavLQSHFWLPbjT1dfKuf7Sum6+De2FtPGdoNtIDv+mxue/3n8RTco5munl1/H1d8+aPqdZvHxT+LEbLlE7fxPS0uy878/eaWa7s+XvT0+M3NhNKI/X1C3fGxh2yJflM/iHzrQuP/vjPjnk3y7vRGRncT3R8QDEbE/b/uDEfFQRBxYIv7vn3v4jaX3UJvn/yrI4j+51PGPGEzK8/VtJHrOfPdVs/pbe/87Uk0N5Utaef9rtYEr2XcAAADwf5FW56CTdLhIly5O7YrN6dT56ZmDlXjr3MnaXPVg9KXFla6B0vXQ0fzacJEfuyV/OCJ2VP/TaFM1PzxxfmpbJwMHqvfq1PX/SNPh4dq635v90wtw51jWPFr57sAvvlz9xgDryv2a0L30f+he+j90L/0fulej/n8l4mYHmgKsM5//0L30f+he+j90L/0futLiW+KLn1tp507/hcTO4yvafM0TcwNr8sqzy9+qZ40ijfKPdjRNJBHRXhWRLl2mv4XaO5ZIb1vmWJu7ZRmJ/XliQ0S0utWVddurnX1fAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWC3/BgAA//+NJdz0")
munmap(&(0x7f0000006000/0x2000)=nil, 0x2000)

1m25.719132242s ago: executing program 0 (id=1178):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10, &(0x7f0000000040)={[{@usrjquota}]}, 0x1, 0x3e7, &(0x7f0000000480)="$eJzs3E1vG0UfAPD/bl7apn1qV3oOvFwsQCISImnSFqgEEhEXDu2JHjhixWmJ6jSoMRKtIl4E4gYSiA8AB+AjcIQD3wHOwAEqRSgHUm5Ga+86Jn5pQx0skt9PGnlmZ+OZ9WTWu+PZCeDIqkTEixExERFnI6KUb0/zEO+2Q7bfzvbm8p/bm8tJNJuv/J5Ekm8r3ivJX0/mbzCbRqQfJPFon3I3bt2+Xq3XV27m6fnG2hvzG7duP726Vr22cm3lxuIz585fuPDcxcVnR3asW2vJR098demXTz6sffrDb9+Ws/qeyvO6j2NUKlHpfCZ7XRx1YWN2vCueTI6xIgAADJXm1/6Trev/UkzE7sVbKT7+fqyVAwAAAEai2SxeAQAAgMMrce8PAAAAh1wxD2Bne3O5CGOcjsC/bGspIsrt9r+bh3bOZOeZ3qk9z/eOUiUiXj5+eTELcUDPYQMAAAAcZd8ttRf+6x3/S+Ohrv1ORMRMsbbfCFX2pHvHf9I7Iy6SLltLEc9HxN2e8b+02KU8kaf+1xoqnEqurtZXzkbE6YiYjaljWXphSBlvP3b960F53eN/n//86kJWfva6u0d6Z/LY3/+mVm1UH+SY2bX1XsQjk/3aP+mM+Xavk/lPvLa688KgvKz9s/YuQm/7c5CaX0Q82bf/765cmgxfn3W+dT6YL84KvX469eX7g8rv7v9ZyMovfgvg4GX9f2Z4+7fWye2s17ux/zK++ePyj4Py7t3+/c//08mVVgWn821vVRuNmwsR08ml3u3+mzqKz6P4vLL2n328//d/cf2X5N/9p7vWh+4x5AfCl945c2VQnv4/Xln71/bV//cfeX3m4dlB5d9f/z/fqkzxJq7/7u1+G2jc9QQAAAAAAABgNNLW3L4knevE03Rurj3P9/8xk9bXNxpPXV1/80atPQewHFNpMdOr1DUfdKH9GHknvbgnfS4izkTEZ6UTrfTc8nq9Nu6DBwAAgCPi5ID7/8yvAx/2AAAAAP5zyuOuAAAAAHDg3P8DAADAofYg6/qLiIgc1si4z0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR9tfAQAA///8h8MD")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
fstat(r0, &(0x7f00000009c0))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
ioctl$VT_DISALLOCATE(r3, 0x5608)
r4 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000019000100000000000000000002"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet6(r4, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
write(r3, &(0x7f0000000740)="cc", 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7fffeffd)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x20, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
openat(r3, &(0x7f0000000300)='./bus/file0\x00', 0xa4001, 0x0)
sync()
mount$9p_unix(&(0x7f0000000000)='\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r2])
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000007c0), 0x4)
keyctl$read(0xb, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m24.787306946s ago: executing program 0 (id=1193):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x0, 0x3, 0x8002ae}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2000044, &(0x7f0000000040)={[{@errors_remount}, {@jqfmt_vfsold}, {@quota}]}, 0x2, 0x500, &(0x7f0000000b00)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x80)
ioctl$FS_IOC_ENABLE_VERITY(r3, 0x8004587d, &(0x7f0000000340)={0x2, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0xc}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18040000000000000000000000400000850000000800000018110000", @ANYRES32=r4], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x109880})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

1m24.365640932s ago: executing program 0 (id=1199):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5ce", 0x17)

1m24.283881873s ago: executing program 33 (id=1199):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5ce", 0x17)

10.09992185s ago: executing program 5 (id=3013):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0}, 0x90)
r0 = creat(&(0x7f0000000080)='./file0\x00', 0xc7)
close(r0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',\x00'])
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

10.06376027s ago: executing program 5 (id=3016):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600)

9.966450202s ago: executing program 5 (id=3017):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x10d002, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r2}, &(0x7f0000000800), &(0x7f0000000840)=r3}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)

9.097461495s ago: executing program 5 (id=3034):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x9c)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[], 0x15)
r4 = dup(r3)
write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
creat(&(0x7f0000000300)='./file0\x00', 0x20)

8.563726453s ago: executing program 5 (id=3039):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@sysvgroups}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
r2 = syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r4}, 0x10)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0xc)
r5 = socket$netlink(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
sendfile(r2, r9, 0x0, 0x0)
sendmmsg$unix(r9, &(0x7f0000006a00)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r9, @ANYRESHEX=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x18, 0x40080}}], 0x1, 0x0)

1.743986154s ago: executing program 5 (id=3137):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x208ca44, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000010080)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8a)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000040), 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x18)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
read(r4, &(0x7f0000000240)=""/104, 0x68)
r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000200), 0x101101, 0x0)
sendmsg$nl_xfrm(r6, 0x0, 0x4008081)
sendmsg$nl_route(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400e0fedb012600"/20], 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000040)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000f5a000/0x2000)=nil, 0x2, 0x0, 0x0, 0xdff, 0x3e, 0x0, 0x2, 0x4})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0x2000000000a, 0x2)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)

1.221779862s ago: executing program 4 (id=3144):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

1.197033963s ago: executing program 4 (id=3145):
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000010140)=@base={0x5, 0x5, 0x2, 0x9, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r3, 0x0, 0x4}, 0x18)
r5 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={{0x14, 0x453, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xb, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095", @ANYRES32=r6, @ANYRESDEC=r4, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
getpeername$packet(r5, &(0x7f0000000380)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000600)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0xece501314d898b36, 0x7, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x730b}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xc}]}, &(0x7f0000000100)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000fc0)=""/4096, 0x41100, 0x1, '\x00', r7, @fallback=0x15, r8, 0x8, &(0x7f0000000680)={0x1, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0xe, 0x2, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000700)=[{0x1, 0x2, 0xe, 0x3}, {0x5, 0x2, 0xa, 0x14}, {0x2, 0x1, 0xf, 0x1}, {0x2, 0x1, 0x6, 0x9}, {0x0, 0x1, 0xa, 0x6}, {0x5, 0x5, 0x0, 0x1}], 0x10, 0x10}, 0x94)
r9 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r9, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r9, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0xd57e}, {{0x0, 0x0, 0x0}, 0x1}], 0x2, 0x60010022, 0x0)
sendto$inet(r9, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000640), &(0x7f0000000f80)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r10, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r10, 0x5)
syz_emit_ethernet(0x4a, &(0x7f0000000900)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0xfffe}}}}}}}, 0x0)

1.091429005s ago: executing program 4 (id=3149):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0}, 0x18)
quotactl$Q_QUOTAON(0xffffffff80000202, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1ae96d0103010000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9)
close_range(r0, 0xffffffffffffffff, 0x0)
getpgrp(0xffffffffffffffff)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r2=>0x0}, &(0x7f0000000080)=0xc)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x3, 0x80000001, 0x5, 0x9, 0x100, <r3=>r2})
setpgid(r3, r2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r4}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@generic={&(0x7f0000000a00)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r5}, 0x18)

941.007716ms ago: executing program 4 (id=3150):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYRESDEC=r0], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000240)={0xb, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x7}}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)

915.204237ms ago: executing program 4 (id=3152):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x10d002, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), &(0x7f0000000840)=r2}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)

812.947898ms ago: executing program 6 (id=3155):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

812.437488ms ago: executing program 6 (id=3156):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

750.555429ms ago: executing program 6 (id=3157):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x7, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009e0000000b"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5, 0x0, 0x4}, 0x18)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6654050000000000000000aafe8100000000000000000000000000aa3a00000700000000701c0b7580219306"], 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)={0x4f0, r7, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x4a4, 0x8, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x50, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x3b8, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x370, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x40}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x3e}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x10}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2c}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x4f0}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004000000060018"], 0x4c}}, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000080), 0x4)

658.117861ms ago: executing program 1 (id=3158):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

657.299751ms ago: executing program 1 (id=3159):
socket$netlink(0x10, 0x3, 0x0) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) (rerun: 32)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1d, 0x8e, 0xe365e39d0c265083}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x20048080) (async)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40091}, 0x4) (async)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x4)

531.902093ms ago: executing program 6 (id=3160):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
syz_read_part_table(0x622, &(0x7f00000003c0)="$eJzs3D9oVHccAPDv5e7dy5liHByKU+IsFKVDBzNUSa4WC3K2FIJD/yJCphQCKT1MMUProJihOHaRwnXQc6rN4CYKnYs4WIQMLgW7lKZDXnl/LneFtEM5CMXPZ3i/b977vu/39yW3/l7wvzYRSRVlabG89tG/5mfTw3gt3uvNL5zJsix7N6IWFyKJ2eRgPyIaEf2bETFTVY2jETEVh3bfvfXtgc2vf3sr6T05n4zWX4u0yJpqRl6y0tprK+l/mZfxuj33YPrK+nL7Wv5Hu7u1837EnRfznXtnr27068npT/L7lyMeVvmN4tqaGLz/YSP+9mTvf3Xhy2FYG+3fyn/FEW9cetzubt3sPTu+c6Rd/+Hiye2Zzev3T0Ss5JXPRZRppe0sy8Yxft4/qxT9V2ZvLG50Tx27ezi/9ajzvP5H9TiiOdzC5D+PCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAfnolv6w349rq3KXH7e7WVz//9M6dF/Ode2evbvTfbp5+WivzHlb5jWr9LFbj80giYimW4tNY3rv8q7vRwd1osTaScHvuwfSV9eWk7P/ngYhnx3eOtHutiye3Fzav3z9RZNViMl8mxjr6aP/2YP6V2RuLG91Tx+4e/ub11R8fdZ7Xy7ylND4uxo2IdPzbAAAAAAAAAAAAAAAAAAAA4CU3v3Bm5tybnUN5fGEyIn79ojhln6Wt76M4eV86Wq1P0/Io/63J8lsAvSfnf29+0IhfqkPxa5HGWkRMfZfkVeqDPpeL6+DrAZEMK7Of/goAAP//i8CSkA==")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x3c56, 0x1, 0x2}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf79d}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
socket$kcm(0x29, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r3, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

531.496153ms ago: executing program 1 (id=3161):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73c1bd07}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_int(r4, 0x29, 0x3, &(0x7f0000000380)=0x1040, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback, 0x1}, 0x1c)
close_range(r3, 0xffffffffffffffff, 0x0)

521.513653ms ago: executing program 1 (id=3162):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@noquota}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r1, &(0x7f0000000040)={0x24, @short={0x2, 0x1}}, 0x14)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYRES32=0x0, @ANYBLOB="01"], 0x9)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e23, 0x3662, @loopback}, 0xffffffffffffffdc)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000340)={0x0, 0x1}, 0x8)

502.450043ms ago: executing program 1 (id=3163):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2, 0x0, 0x2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

483.675243ms ago: executing program 1 (id=3164):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = gettid()
sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q;', 0x2}], 0xfd, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000018"], 0xa0}, 0x4004881)
recvmsg$unix(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2000)

439.833384ms ago: executing program 6 (id=3165):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x5000000, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x10, [{0xf, 0x1, 0x10}]}]}, {0x0, [0x61, 0x5f, 0x2e, 0x0, 0x61]}}, 0x0, 0x37, 0x0, 0x9, 0x9bc6}, 0x28)

414.373394ms ago: executing program 6 (id=3166):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x5}, {0x5, 0x6}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x101}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
getsockname$packet(r1, &(0x7f0000000300)={0x11, 0x0, <r2=>0x0}, &(0x7f0000000380)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=@newtclass={0x4c, 0x28, 0x100, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xa}, {0x20, 0x6}, {0xf, 0x6}}, [@tclass_kind_options=@c_tbf={0x8}, @tclass_kind_options=@c_fq_codel={0xd}, @TCA_RATE={0x6, 0x5, {0xa4, 0x6}}, @TCA_RATE={0x6, 0x5, {0xd1, 0xe0}}]}, 0x4c}}, 0x880)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r6, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x4, 0x2, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_WOL_SET(r8, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010025bd7000ffdbe8251c00000018000180140002006c6f"], 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SCAN(r9, 0x0, 0x0)
r10 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r10, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)

142.655429ms ago: executing program 2 (id=3171):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB="8cf0d8830947b5b03a89db5bdae3d6cb21f6918a261469b3177a36ba8382f1d350c3a2673803a5b7fe267716e4e81ab4e90f92898bfb66723c089df997f4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wg0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRES8=r1], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x5, '\x00', r2, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffde2, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r3}, 0x10)
socket$key(0xf, 0x3, 0x2)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r7, &(0x7f0000001280), 0x6)
keyctl$session_to_parent(0x12)
socket$packet(0x11, 0x2, 0x300)
fcntl$setpipe(r4, 0x407, 0x7000000)

119.874519ms ago: executing program 2 (id=3172):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r3}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

97.357859ms ago: executing program 2 (id=3173):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

76.09335ms ago: executing program 2 (id=3174):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a385000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@noquota}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r1, &(0x7f0000000040)={0x24, @short={0x2, 0x1}}, 0x14)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYRES32=0x0, @ANYBLOB="01"], 0x9)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e23, 0x3662, @loopback}, 0xffffffffffffffdc)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000340)={0x0, 0x1}, 0x8)

67.19687ms ago: executing program 4 (id=3175):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
dup3(r0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0x401}, 0x18)
move_mount(r0, &(0x7f0000000100)='./bus\x00', r1, &(0x7f00000000c0)='./bus\x00', 0x14)
sendfile(r1, r0, 0x0, 0x7ffff000)
pipe2$9p(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'macvlan1\x00'})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
modify_ldt$read(0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="0700000000b8d2020b19aaf0cebb732073a49bae841cdfd883852497e51807aeeb16a1ac2259669dad520125e1fce61bc27c48a6d6795f3896f00133014773915e7e9a6c70267be48e597016982cad85836aea2ee5cbb089ecba2c1658e38bda5e2e6ba0192150fa8c1081add3fd4f5cad1237f07f39428d2fa03cab213fbf52571e2be6ab9b7c9fe5ef5485b0879204ea0bf3ad47a58d0ff344b4349f3d78d04353967a32bfe7236cd7bc4b2b45b9c3d9430087454b0d10cea54f55e505872b782fb42a007cd49c9c08fb62f07661a215a383316e42ccfc3de4fcf426aaa219b4d6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x2c, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0f00000004000000080000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

56.15968ms ago: executing program 2 (id=3176):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1802000000000000290000000400000002000000000000001800000000000000290000003b000000004000000000000028"], 0x58}, 0x0)

0s ago: executing program 2 (id=3177):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0xd2, 0x8002)
read(r0, &(0x7f0000000040)=""/204, 0xcc)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000140), &(0x7f0000000180)='%ps    \x00'}, 0x20)
socket$can_raw(0x1d, 0x3, 0x1)
socket(0x1e, 0x4, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4}, 0x18)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

ab0
[  140.606701][T10249]  rtnl_create_link+0x239/0x710
[  140.606739][T10249]  rtnl_newlink_create+0x14c/0x620
[  140.606840][T10249]  ? __list_del_entry_valid_or_report+0x65/0x130
[  140.606883][T10249]  rtnl_newlink+0xf29/0x12d0
[  140.606917][T10249]  ? bpf_trace_run3+0x12c/0x1d0
[  140.607017][T10249]  ? __memcg_slab_free_hook+0x135/0x230
[  140.607054][T10249]  ? __kfree_skb+0x109/0x150
[  140.607112][T10249]  ? __rcu_read_unlock+0x4f/0x70
[  140.607201][T10249]  ? avc_has_perm_noaudit+0x1b1/0x200
[  140.607236][T10249]  ? selinux_capable+0x1f9/0x270
[  140.607275][T10249]  ? security_capable+0x83/0x90
[  140.607311][T10249]  ? ns_capable+0x7d/0xb0
[  140.607346][T10249]  ? __pfx_rtnl_newlink+0x10/0x10
[  140.607370][T10249]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  140.607401][T10249]  netlink_rcv_skb+0x120/0x220
[  140.607495][T10249]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  140.607527][T10249]  rtnetlink_rcv+0x1c/0x30
[  140.607582][T10249]  netlink_unicast+0x5a8/0x680
[  140.607749][T10249]  netlink_sendmsg+0x58b/0x6b0
[  140.607773][T10249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.607847][T10249]  __sock_sendmsg+0x145/0x180
[  140.607883][T10249]  ____sys_sendmsg+0x31e/0x4e0
[  140.607935][T10249]  ___sys_sendmsg+0x17b/0x1d0
[  140.607985][T10249]  __x64_sys_sendmsg+0xd4/0x160
[  140.608058][T10249]  x64_sys_call+0x2999/0x2fb0
[  140.608084][T10249]  do_syscall_64+0xd2/0x200
[  140.608105][T10249]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  140.608136][T10249]  ? clear_bhb_loop+0x40/0x90
[  140.608162][T10249]  ? clear_bhb_loop+0x40/0x90
[  140.608240][T10249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.608261][T10249] RIP: 0033:0x7f890033e9a9
[  140.608278][T10249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.608374][T10249] RSP: 002b:00007f88fe9a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.608395][T10249] RAX: ffffffffffffffda RBX: 00007f8900565fa0 RCX: 00007f890033e9a9
[  140.608409][T10249] RDX: 0000000000000080 RSI: 0000200000000280 RDI: 0000000000000003
[  140.608423][T10249] RBP: 00007f88fe9a7090 R08: 0000000000000000 R09: 0000000000000000
[  140.608435][T10249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  140.608449][T10249] R13: 0000000000000000 R14: 00007f8900565fa0 R15: 00007ffee1851dc8
[  140.608470][T10249]  </TASK>
[  140.982111][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.026954][T10291] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2644'.
[  141.158037][T10291] infiniband syz!: set active
[  141.162773][T10291] infiniband syz!: added team_slave_0
[  141.174511][T10291] RDS/IB: syz!: added
[  141.178594][T10291] smc: adding ib device syz! with port count 1
[  141.184869][T10291] smc:    ib device syz! port 1 has pnetid 
[  141.369059][T10310] lo speed is unknown, defaulting to 1000
[  141.654385][   T29] kauditd_printk_skb: 259 callbacks suppressed
[  141.654402][   T29] audit: type=1400 audit(2000000073.360:7947): avc:  denied  { mount } for  pid=10324 comm="syz.5.2660" name="/" dev="ramfs" ino=27528 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  141.776284][T10329] loop6: detected capacity change from 0 to 128
[  141.914206][T10335] loop5: detected capacity change from 0 to 1024
[  141.929926][T10329] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  141.937811][T10329] FAT-fs (loop6): Filesystem has been set read-only
[  141.947808][T10329] bio_check_eod: 30026 callbacks suppressed
[  141.947823][T10329] syz.6.2662: attempt to access beyond end of device
[  141.947823][T10329] loop6: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  141.967409][T10335] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  141.978491][T10335] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  142.017850][T10329] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  142.025713][T10329] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  142.040797][T10335] JBD2: no valid journal superblock found
[  142.041332][T10336] syz.6.2662: attempt to access beyond end of device
[  142.041332][T10336] loop6: rw=0, sector=2065, nr_sectors = 1 limit=128
[  142.046577][T10335] EXT4-fs (loop5): Could not load journal inode
[  142.059831][T10336] buffer_io_error: 24305 callbacks suppressed
[  142.059844][T10336] Buffer I/O error on dev loop6, logical block 2065, async page read
[  142.092009][   T29] audit: type=1326 audit(2000000073.800:7948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10340 comm="syz.4.2667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176523e9a9 code=0x7ffc0000
[  142.118306][T10336] syz.6.2662: attempt to access beyond end of device
[  142.118306][T10336] loop6: rw=0, sector=2066, nr_sectors = 1 limit=128
[  142.131636][T10336] Buffer I/O error on dev loop6, logical block 2066, async page read
[  142.140104][T10335] netlink: 272 bytes leftover after parsing attributes in process `syz.5.2665'.
[  142.157862][   T29] audit: type=1326 audit(2000000073.800:7949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10340 comm="syz.4.2667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176523e9a9 code=0x7ffc0000
[  142.181514][   T29] audit: type=1326 audit(2000000073.800:7950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10340 comm="syz.4.2667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f176523e9a9 code=0x7ffc0000
[  142.187831][T10336] syz.6.2662: attempt to access beyond end of device
[  142.187831][T10336] loop6: rw=0, sector=2067, nr_sectors = 1 limit=128
[  142.204818][   T29] audit: type=1326 audit(2000000073.800:7951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10340 comm="syz.4.2667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176523e9a9 code=0x7ffc0000
[  142.218045][T10336] Buffer I/O error on dev loop6, logical block 2067, async page read
[  142.241470][   T29] audit: type=1326 audit(2000000073.800:7952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10340 comm="syz.4.2667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176523e9a9 code=0x7ffc0000
[  142.312576][T10336] syz.6.2662: attempt to access beyond end of device
[  142.312576][T10336] loop6: rw=0, sector=2068, nr_sectors = 1 limit=128
[  142.325905][T10336] Buffer I/O error on dev loop6, logical block 2068, async page read
[  142.399897][T10354] FAULT_INJECTION: forcing a failure.
[  142.399897][T10354] name failslab, interval 1, probability 0, space 0, times 0
[  142.412657][T10354] CPU: 1 UID: 0 PID: 10354 Comm: syz.4.2671 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  142.412744][T10354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.412758][T10354] Call Trace:
[  142.412764][T10354]  <TASK>
[  142.412771][T10354]  __dump_stack+0x1d/0x30
[  142.412798][T10354]  dump_stack_lvl+0xe8/0x140
[  142.412821][T10354]  dump_stack+0x15/0x1b
[  142.412899][T10354]  should_fail_ex+0x265/0x280
[  142.412930][T10354]  should_failslab+0x8c/0xb0
[  142.412952][T10354]  __kvmalloc_node_noprof+0x123/0x4e0
[  142.412985][T10354]  ? rhashtable_init_noprof+0x316/0x4f0
[  142.413041][T10354]  rhashtable_init_noprof+0x316/0x4f0
[  142.413101][T10354]  rhltable_init_noprof+0x1d/0x40
[  142.413140][T10354]  nf_tables_newtable+0x522/0xea0
[  142.413187][T10354]  nfnetlink_rcv+0xb99/0x1690
[  142.413290][T10354]  netlink_unicast+0x5a8/0x680
[  142.413328][T10354]  netlink_sendmsg+0x58b/0x6b0
[  142.413349][T10354]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.413372][T10354]  __sock_sendmsg+0x145/0x180
[  142.413397][T10354]  ____sys_sendmsg+0x31e/0x4e0
[  142.413441][T10354]  ___sys_sendmsg+0x17b/0x1d0
[  142.413531][T10354]  __x64_sys_sendmsg+0xd4/0x160
[  142.413567][T10354]  x64_sys_call+0x2999/0x2fb0
[  142.413589][T10354]  do_syscall_64+0xd2/0x200
[  142.413626][T10354]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  142.413655][T10354]  ? clear_bhb_loop+0x40/0x90
[  142.413681][T10354]  ? clear_bhb_loop+0x40/0x90
[  142.413775][T10354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.413803][T10354] RIP: 0033:0x7f176523e9a9
[  142.413817][T10354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.413836][T10354] RSP: 002b:00007f17638a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  142.413858][T10354] RAX: ffffffffffffffda RBX: 00007f1765465fa0 RCX: 00007f176523e9a9
[  142.413873][T10354] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000005
[  142.413947][T10354] RBP: 00007f17638a7090 R08: 0000000000000000 R09: 0000000000000000
[  142.413962][T10354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  142.413976][T10354] R13: 0000000000000000 R14: 00007f1765465fa0 R15: 00007fffe7aa7fc8
[  142.413998][T10354]  </TASK>
[  142.425718][T10336] syz.6.2662: attempt to access beyond end of device
[  142.425718][T10336] loop6: rw=0, sector=2069, nr_sectors = 1 limit=128
[  142.654846][T10336] Buffer I/O error on dev loop6, logical block 2069, async page read
[  142.670220][T10371] loop4: detected capacity change from 0 to 512
[  142.676258][T10336] syz.6.2662: attempt to access beyond end of device
[  142.676258][T10336] loop6: rw=0, sector=2070, nr_sectors = 1 limit=128
[  142.689822][T10336] Buffer I/O error on dev loop6, logical block 2070, async page read
[  142.698070][T10336] syz.6.2662: attempt to access beyond end of device
[  142.698070][T10336] loop6: rw=0, sector=2071, nr_sectors = 1 limit=128
[  142.711299][T10371] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  142.720394][T10336] Buffer I/O error on dev loop6, logical block 2071, async page read
[  142.729385][T10336] syz.6.2662: attempt to access beyond end of device
[  142.729385][T10336] loop6: rw=0, sector=2072, nr_sectors = 1 limit=128
[  142.742735][T10336] Buffer I/O error on dev loop6, logical block 2072, async page read
[  142.788395][T10371] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.812372][   T29] audit: type=1400 audit(2000000074.510:7953): avc:  denied  { mount } for  pid=10378 comm="syz.5.2681" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  142.834456][   T29] audit: type=1400 audit(2000000074.510:7954): avc:  denied  { unmount } for  pid=10378 comm="syz.5.2681" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  142.895998][T10371] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.972186][   T29] audit: type=1400 audit(2000000074.680:7955): avc:  denied  { execute_no_trans } for  pid=10370 comm="syz.4.2679" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1367 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  142.996051][T10394] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10394 comm=syz.5.2687
[  143.024343][T10396] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2688'.
[  143.041299][T10394] tipc: Failed to obtain node identity
[  143.044568][   T29] audit: type=1400 audit(2000000074.730:7956): avc:  denied  { audit_write } for  pid=10393 comm="syz.5.2687" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  143.046766][T10394] tipc: Enabling of bearer <ib:gre0> rejected, failed to enable media
[  143.145608][T10409] SET target dimension over the limit!
[  143.179762][T10411] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  143.192865][T10411] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  143.219543][T10411] loop4: detected capacity change from 0 to 164
[  143.226214][T10411] iso9660: Unknown parameter '�ݖ7X�'
[  143.231812][T10413] loop6: detected capacity change from 0 to 2048
[  143.238293][T10394] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=48 sclass=netlink_audit_socket pid=10394 comm=syz.5.2687
[  143.278175][T10413]  loop6: p1 < > p4
[  143.282465][T10413] loop6: p4 size 8388608 extends beyond EOD, truncated
[  143.514930][T10425] loop5: detected capacity change from 0 to 128
[  143.537437][T10425] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  143.557939][T10425] ext4 filesystem being mounted at /412/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.592440][ T5035] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  143.654004][T10435] loop5: detected capacity change from 0 to 512
[  143.663357][T10435] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  143.676895][T10435] EXT4-fs (loop5): 1 truncate cleaned up
[  143.687204][T10435] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.911216][T10459] netlink: 360 bytes leftover after parsing attributes in process `syz.6.2708'.
[  143.983853][T10460] macvlan1: entered promiscuous mode
[  144.034355][T10460] ipvlan0: entered promiscuous mode
[  144.110560][T10460] ipvlan0: left promiscuous mode
[  144.122275][T10460] macvlan1: left promiscuous mode
[  144.294230][T10464] macvlan1: entered promiscuous mode
[  144.308412][T10464] ipvlan0: entered promiscuous mode
[  144.319772][T10464] ipvlan0: left promiscuous mode
[  144.337789][T10464] macvlan1: left promiscuous mode
[  144.437799][T10467] FAULT_INJECTION: forcing a failure.
[  144.437799][T10467] name failslab, interval 1, probability 0, space 0, times 0
[  144.450482][T10467] CPU: 1 UID: 0 PID: 10467 Comm: syz.4.2712 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  144.450513][T10467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  144.450526][T10467] Call Trace:
[  144.450532][T10467]  <TASK>
[  144.450540][T10467]  __dump_stack+0x1d/0x30
[  144.450562][T10467]  dump_stack_lvl+0xe8/0x140
[  144.450664][T10467]  dump_stack+0x15/0x1b
[  144.450684][T10467]  should_fail_ex+0x265/0x280
[  144.450797][T10467]  should_failslab+0x8c/0xb0
[  144.450822][T10467]  __kmalloc_noprof+0xa5/0x3e0
[  144.450852][T10467]  ? slhc_init+0x81/0x390
[  144.450945][T10467]  slhc_init+0x81/0x390
[  144.450970][T10467]  slip_open+0x54c/0x920
[  144.451000][T10467]  tty_ldisc_open+0x5a/0xb0
[  144.451033][T10467]  tty_set_ldisc+0x1db/0x380
[  144.451099][T10467]  tiocsetd+0x51/0x60
[  144.451131][T10467]  tty_ioctl+0xa7f/0xb80
[  144.451182][T10467]  ? __pfx_tty_ioctl+0x10/0x10
[  144.451260][T10467]  __se_sys_ioctl+0xce/0x140
[  144.451293][T10467]  __x64_sys_ioctl+0x43/0x50
[  144.451325][T10467]  x64_sys_call+0x19a8/0x2fb0
[  144.451400][T10467]  do_syscall_64+0xd2/0x200
[  144.451422][T10467]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  144.451454][T10467]  ? clear_bhb_loop+0x40/0x90
[  144.451480][T10467]  ? clear_bhb_loop+0x40/0x90
[  144.451534][T10467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.451555][T10467] RIP: 0033:0x7f176523e9a9
[  144.451572][T10467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.451594][T10467] RSP: 002b:00007f17638a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  144.451615][T10467] RAX: ffffffffffffffda RBX: 00007f1765465fa0 RCX: 00007f176523e9a9
[  144.451629][T10467] RDX: 00002000000002c0 RSI: 0000000000005423 RDI: 0000000000000003
[  144.451721][T10467] RBP: 00007f17638a7090 R08: 0000000000000000 R09: 0000000000000000
[  144.451733][T10467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  144.451745][T10467] R13: 0000000000000000 R14: 00007f1765465fa0 R15: 00007fffe7aa7fc8
[  144.451764][T10467]  </TASK>
[  144.455559][T10469] bridge0: port 3(vlan2) entered blocking state
[  144.661849][T10477] SET target dimension over the limit!
[  144.667857][T10469] bridge0: port 3(vlan2) entered disabled state
[  144.669575][T10469] vlan2: entered allmulticast mode
[  144.684780][T10469] bridge0: entered allmulticast mode
[  144.691978][T10469] vlan2: left allmulticast mode
[  144.696882][T10469] bridge0: left allmulticast mode
[  144.835956][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.871952][T10482] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2716'.
[  145.011987][T10492] sch_tbf: burst 2 is lower than device ip6tnl0 mtu (1452) !
[  145.046704][T10490] bridge_slave_0: left allmulticast mode
[  145.052543][T10490] bridge_slave_0: left promiscuous mode
[  145.058297][T10490] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.076397][T10490] bridge_slave_1: left allmulticast mode
[  145.082104][T10490] bridge_slave_1: left promiscuous mode
[  145.087938][T10490] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.099900][T10490] bond0: (slave bond_slave_0): Releasing backup interface
[  145.128695][T10490] bond0: (slave bond_slave_1): Releasing backup interface
[  145.154957][T10490] team0: Port device team_slave_0 removed
[  145.199974][T10490] team0: Port device team_slave_1 removed
[  145.209209][T10490] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  145.216640][T10490] batman_adv: batadv0: Removing interface: batadv_slave_0
[  145.237908][T10490] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  145.245334][T10490] batman_adv: batadv0: Removing interface: batadv_slave_1
[  145.280218][ T3404] syz!: Port: 1 Link DOWN
[  145.289546][T10515] loop4: detected capacity change from 0 to 512
[  145.318308][T10516] macvlan1: entered promiscuous mode
[  145.336468][T10516] ipvlan0: entered promiscuous mode
[  145.337335][T10515] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  145.342648][T10516] ipvlan0: left promiscuous mode
[  145.356046][T10516] macvlan1: left promiscuous mode
[  145.403663][T10515] EXT4-fs (loop4): failed to open journal device unknown-block(11,131) -6
[  145.427263][T10504] loop4: detected capacity change from 0 to 512
[  145.434704][T10504] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  145.454149][T10504] EXT4-fs (loop4): 1 truncate cleaned up
[  145.461260][T10504] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.815991][T10522] loop5: detected capacity change from 0 to 1024
[  145.830365][T10522] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.846186][T10522] ext4 filesystem being mounted at /416/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.053016][T10535] 9pnet_fd: Insufficient options for proto=fd
[  146.132631][T10541] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2735'.
[  146.176477][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.203584][T10548] bridge_slave_0: left promiscuous mode
[  146.209370][T10548] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.221139][T10548] bridge_slave_1: left allmulticast mode
[  146.226816][T10548] bridge_slave_1: left promiscuous mode
[  146.232555][T10548] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.257672][T10555] loop4: detected capacity change from 0 to 512
[  146.277421][T10548] bond0: (slave bond_slave_0): Releasing backup interface
[  146.286273][T10555] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.303788][T10555] ext4 filesystem being mounted at /596/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.318830][T10548] bond0: (slave bond_slave_1): Releasing backup interface
[  146.427999][T10548] team0: Port device team_slave_0 removed
[  146.438715][T10548] team0: Port device team_slave_1 removed
[  146.445861][T10548] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.453489][T10548] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.463746][T10548] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  146.471309][T10548] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.572345][T10565] loop6: detected capacity change from 0 to 512
[  146.616689][T10565] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  146.628229][T10565] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it
[  146.638432][T10565] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.2740: Corrupt directory, running e2fsck is recommended
[  146.644875][T10555] EXT4-fs error (device loop4): ext4_empty_dir:3075: inode #12: comm syz.4.2738: invalid size
[  146.687632][T10565] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  146.742762][T10565] EXT4-fs error (device loop6): ext4_iget_extra_inode:5035: inode #15: comm syz.6.2740: corrupted in-inode xattr: invalid ea_ino
[  146.852936][T10567] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2738'.
[  146.872140][T10565] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.2740: couldn't read orphan inode 15 (err -117)
[  146.909725][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.929652][T10571] FAULT_INJECTION: forcing a failure.
[  146.929652][T10571] name failslab, interval 1, probability 0, space 0, times 0
[  146.942324][T10571] CPU: 0 UID: 0 PID: 10571 Comm: syz.4.2742 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  146.942355][T10571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.942372][T10571] Call Trace:
[  146.942379][T10571]  <TASK>
[  146.942387][T10571]  __dump_stack+0x1d/0x30
[  146.942411][T10571]  dump_stack_lvl+0xe8/0x140
[  146.942434][T10571]  dump_stack+0x15/0x1b
[  146.942454][T10571]  should_fail_ex+0x265/0x280
[  146.942561][T10571]  should_failslab+0x8c/0xb0
[  146.942584][T10571]  kmem_cache_alloc_noprof+0x50/0x310
[  146.942615][T10571]  ? __anon_vma_prepare+0xcd/0x2f0
[  146.942733][T10571]  __anon_vma_prepare+0xcd/0x2f0
[  146.942775][T10571]  handle_mm_fault+0x1d19/0x2be0
[  146.942799][T10571]  ? mas_walk+0xf2/0x120
[  146.942841][T10571]  do_user_addr_fault+0x636/0x1090
[  146.942881][T10571]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  146.943018][T10571]  exc_page_fault+0x62/0xa0
[  146.943076][T10571]  asm_exc_page_fault+0x26/0x30
[  146.943099][T10571] RIP: 0033:0x7f1765100ca3
[  146.943193][T10571] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  146.943212][T10571] RSP: 002b:00007f17638a64a0 EFLAGS: 00010206
[  146.943227][T10571] RAX: 0000000000000000 RBX: 00007f17638a6540 RCX: 00007f175b487000
[  146.943241][T10571] RDX: 00007f17638a66e0 RSI: 0000000000000077 RDI: 00007f17638a65e0
[  146.943276][T10571] RBP: 000000000000013c R08: 0000000000000009 R09: 00000000000001c9
[  146.943290][T10571] R10: 00000000000001dc R11: 00007f17638a6540 R12: 00007f17638a6540
[  146.943361][T10571] R13: 00007f17652dc7c0 R14: 0000000000000060 R15: 00007f17638a65e0
[  146.943382][T10571]  </TASK>
[  146.943408][T10571] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  147.020706][T10565] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.091771][T10571] loop4: detected capacity change from 0 to 512
[  147.145953][T10573] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  147.374930][T10585] atomic_op ffff88812bcdfd28 conn xmit_atomic 0000000000000000
[  147.485828][   T29] kauditd_printk_skb: 560 callbacks suppressed
[  147.485841][   T29] audit: type=1326 audit(2000000079.190:8517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.524391][T10586] macvlan1: entered promiscuous mode
[  147.544405][T10586] ipvlan0: entered promiscuous mode
[  147.565435][T10586] ipvlan0: left promiscuous mode
[  147.570544][   T29] audit: type=1326 audit(2000000079.230:8518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.594112][   T29] audit: type=1326 audit(2000000079.230:8519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.617598][   T29] audit: type=1326 audit(2000000079.230:8520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.641164][   T29] audit: type=1326 audit(2000000079.230:8521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.664679][   T29] audit: type=1326 audit(2000000079.230:8522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.688184][   T29] audit: type=1326 audit(2000000079.230:8523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.711670][   T29] audit: type=1326 audit(2000000079.230:8524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.735094][   T29] audit: type=1326 audit(2000000079.230:8525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.758639][   T29] audit: type=1326 audit(2000000079.230:8526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10578 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  147.782253][T10586] macvlan1: left promiscuous mode
[  147.998637][T10594] loop4: detected capacity change from 0 to 128
[  148.026611][T10594] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  148.034517][T10594] FAT-fs (loop4): Filesystem has been set read-only
[  148.051547][T10594] syz.4.2750: attempt to access beyond end of device
[  148.051547][T10594] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  148.087217][T10594] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  148.095102][T10594] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  148.132587][T10594] syz.4.2750: attempt to access beyond end of device
[  148.132587][T10594] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  148.168140][T10594] syz.4.2750: attempt to access beyond end of device
[  148.168140][T10594] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  148.181829][T10594] syz.4.2750: attempt to access beyond end of device
[  148.181829][T10594] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  148.203912][T10604] syz.4.2750: attempt to access beyond end of device
[  148.203912][T10604] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  148.217194][T10604] Buffer I/O error on dev loop4, logical block 2065, async page read
[  148.271076][T10604] syz.4.2750: attempt to access beyond end of device
[  148.271076][T10604] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  148.284367][T10604] Buffer I/O error on dev loop4, logical block 2066, async page read
[  148.316328][T10604] syz.4.2750: attempt to access beyond end of device
[  148.316328][T10604] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[  148.329685][T10604] Buffer I/O error on dev loop4, logical block 2067, async page read
[  148.338923][T10604] syz.4.2750: attempt to access beyond end of device
[  148.338923][T10604] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[  148.352210][T10604] Buffer I/O error on dev loop4, logical block 2068, async page read
[  148.360497][T10604] syz.4.2750: attempt to access beyond end of device
[  148.360497][T10604] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128
[  148.373832][T10604] Buffer I/O error on dev loop4, logical block 2069, async page read
[  148.387851][T10604] syz.4.2750: attempt to access beyond end of device
[  148.387851][T10604] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128
[  148.401172][T10604] Buffer I/O error on dev loop4, logical block 2070, async page read
[  148.412797][T10612] FAULT_INJECTION: forcing a failure.
[  148.412797][T10612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  148.415442][T10604] Buffer I/O error on dev loop4, logical block 2071, async page read
[  148.425915][T10612] CPU: 0 UID: 0 PID: 10612 Comm: syz.1.2755 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  148.425947][T10612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  148.425961][T10612] Call Trace:
[  148.426012][T10612]  <TASK>
[  148.426020][T10612]  __dump_stack+0x1d/0x30
[  148.426043][T10612]  dump_stack_lvl+0xe8/0x140
[  148.426065][T10612]  dump_stack+0x15/0x1b
[  148.426083][T10612]  should_fail_ex+0x265/0x280
[  148.426118][T10612]  should_fail+0xb/0x20
[  148.426198][T10612]  should_fail_usercopy+0x1a/0x20
[  148.426335][T10612]  _copy_from_user+0x1c/0xb0
[  148.426357][T10612]  vmemdup_user+0x59/0xd0
[  148.426383][T10612]  path_setxattrat+0x1b6/0x310
[  148.426422][T10612]  __x64_sys_fsetxattr+0x6b/0x80
[  148.426513][T10612]  x64_sys_call+0x2f7c/0x2fb0
[  148.426537][T10612]  do_syscall_64+0xd2/0x200
[  148.426558][T10612]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  148.426588][T10612]  ? clear_bhb_loop+0x40/0x90
[  148.426621][T10612]  ? clear_bhb_loop+0x40/0x90
[  148.426646][T10612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.426670][T10612] RIP: 0033:0x7f3b2514e9a9
[  148.426702][T10612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.426722][T10612] RSP: 002b:00007f3b237b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  148.426748][T10612] RAX: ffffffffffffffda RBX: 00007f3b25375fa0 RCX: 00007f3b2514e9a9
[  148.426763][T10612] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000000000000003
[  148.426819][T10612] RBP: 00007f3b237b7090 R08: 0000000000000001 R09: 0000000000000000
[  148.426833][T10612] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  148.426880][T10612] R13: 0000000000000000 R14: 00007f3b25375fa0 R15: 00007fff4acc0858
[  148.426901][T10612]  </TASK>
[  148.509776][T10606] lo speed is unknown, defaulting to 1000
[  148.513180][T10604] Buffer I/O error on dev loop4, logical block 2072, async page read
[  148.628241][T10594] Buffer I/O error on dev loop4, logical block 2065, async page read
[  148.629350][T10441] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[  148.653656][T10441] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  148.669884][T10594] Buffer I/O error on dev loop4, logical block 2066, async page read
[  148.737178][ T6328] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.806573][T10620] macvlan1: entered promiscuous mode
[  148.848171][T10620] ipvlan0: entered promiscuous mode
[  148.883194][T10625] tmpfs: Bad value for 'nr_inodes'
[  148.914199][T10628] SET target dimension over the limit!
[  148.921196][T10620] ipvlan0: left promiscuous mode
[  148.936445][T10620] macvlan1: left promiscuous mode
[  149.093134][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.116809][T10633] loop5: detected capacity change from 0 to 128
[  149.138576][T10633] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  149.146428][T10633] FAT-fs (loop5): Filesystem has been set read-only
[  149.162082][T10633] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  149.169952][T10633] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  149.258715][ T6328] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.375626][ T6328] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.396334][T10606] chnl_net:caif_netlink_parms(): no params data found
[  149.497066][T10640] loop4: detected capacity change from 0 to 128
[  149.505753][T10640] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  149.513641][T10640] FAT-fs (loop4): Filesystem has been set read-only
[  149.520372][T10640] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  149.524326][ T6328] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.528192][T10640] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  149.667889][T10606] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.674968][T10606] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.729970][T10606] bridge_slave_0: entered allmulticast mode
[  149.736530][T10606] bridge_slave_0: entered promiscuous mode
[  149.779668][ T6328] bridge_slave_1: left allmulticast mode
[  149.785385][ T6328] bridge_slave_1: left promiscuous mode
[  149.791094][ T6328] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.818428][ T6328] bridge_slave_0: left allmulticast mode
[  149.824106][ T6328] bridge_slave_0: left promiscuous mode
[  149.829786][ T6328] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.050349][T10649] loop5: detected capacity change from 0 to 512
[  150.100026][T10649] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.115954][ T6328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  150.147928][ T6328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  150.152758][T10649] ext4 filesystem being mounted at /418/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.172842][ T6328] bond0 (unregistering): Released all slaves
[  150.189594][T10606] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.196683][T10606] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.206025][T10649] EXT4-fs error (device loop5): ext4_empty_dir:3075: inode #12: comm syz.5.2766: invalid size
[  150.244030][T10606] bridge_slave_1: entered allmulticast mode
[  150.259471][T10606] bridge_slave_1: entered promiscuous mode
[  150.266742][T10660] loop4: detected capacity change from 0 to 512
[  150.308290][T10660] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.334182][T10660] ext4 filesystem being mounted at /608/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.355611][T10649] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2766'.
[  150.389596][ T6328] hsr_slave_0: left promiscuous mode
[  150.399729][T10660] EXT4-fs error (device loop4): ext4_empty_dir:3075: inode #12: comm syz.4.2770: invalid size
[  150.410410][ T6328] hsr_slave_1: left promiscuous mode
[  150.416902][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.426179][ T6328] batman_adv: batadv0: Interface deactivated: dummy0
[  150.432919][ T6328] batman_adv: batadv0: Removing interface: dummy0
[  150.457489][ T6328] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.465051][ T6328] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.474648][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.490563][ T6328] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.498034][ T6328] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.509547][ T6328] veth1_macvtap: left promiscuous mode
[  150.515034][ T6328] veth0_macvtap: left promiscuous mode
[  150.520844][ T6328] veth1_vlan: left promiscuous mode
[  150.529234][T10675] loop5: detected capacity change from 0 to 128
[  150.537749][ T6328] veth0_vlan: left promiscuous mode
[  150.547085][T10660] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2770'.
[  150.551117][T10675] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  150.563878][T10675] FAT-fs (loop5): Filesystem has been set read-only
[  150.570734][T10675] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  150.578608][T10675] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  150.650642][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.709883][ T6328] team0 (unregistering): Port device team_slave_1 removed
[  150.725677][ T6328] team0 (unregistering): Port device team_slave_0 removed
[  150.787396][T10683] loop6: detected capacity change from 0 to 512
[  150.800886][T10606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.824238][T10683] EXT4-fs (loop6): orphan cleanup on readonly fs
[  150.832236][T10606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.865052][T10686] lo speed is unknown, defaulting to 1000
[  150.873462][T10683] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.2779: bg 0: block 248: padding at end of block bitmap is not set
[  150.916538][T10606] team0: Port device team_slave_0 added
[  150.924571][T10683] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.2779: Failed to acquire dquot type 1
[  151.009205][T10683] EXT4-fs (loop6): 1 truncate cleaned up
[  151.051148][T10683] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  151.064292][T10606] team0: Port device team_slave_1 added
[  151.074851][T10683] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[  151.122669][T10606] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.129698][T10606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.155738][T10606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.183890][T10606] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.190919][T10606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.217023][T10606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.377899][T10683] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  151.396209][T10606] hsr_slave_0: entered promiscuous mode
[  151.404752][T10606] hsr_slave_1: entered promiscuous mode
[  151.423553][T10606] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  151.431226][T10606] Cannot create hsr debugfs directory
[  151.447153][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.460625][T10691] lo speed is unknown, defaulting to 1000
[  151.597804][T10711] loop6: detected capacity change from 0 to 512
[  151.604568][T10711] EXT4-fs: Ignoring removed nomblk_io_submit option
[  151.641715][T10711] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  151.676062][T10711] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.691742][T10719] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2790'.
[  151.704811][T10718] loop5: detected capacity change from 0 to 512
[  151.712098][T10711] ext4 filesystem being mounted at /310/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.727638][T10718] EXT4-fs (loop5): orphan cleanup on readonly fs
[  151.736116][T10719] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2790'.
[  151.736635][T10718] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2791: bg 0: block 248: padding at end of block bitmap is not set
[  151.760718][T10718] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2791: Failed to acquire dquot type 1
[  151.761577][T10708] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  151.773859][T10718] EXT4-fs (loop5): 1 truncate cleaned up
[  151.803743][T10718] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  151.853374][T10718] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  151.854372][T10726] loop4: detected capacity change from 0 to 128
[  151.869235][T10718] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  151.879128][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.880798][T10726] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  151.895974][T10726] FAT-fs (loop4): Filesystem has been set read-only
[  151.902859][T10726] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  151.910752][T10726] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  151.944047][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.033895][T10606] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  152.054875][T10606] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  152.060270][T10606] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  152.093434][T10606] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  152.228903][T10606] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.245050][T10606] 8021q: adding VLAN 0 to HW filter on device team0
[  152.247455][ T6328] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.247485][ T6328] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.259388][ T6324] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.259418][ T6324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.275160][T10606] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  152.275182][T10606] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  152.300464][T10757] loop5: detected capacity change from 0 to 1024
[  152.300696][T10757] EXT4-fs: Ignoring removed orlov option
[  152.303802][T10757] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.403279][T10606] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.487917][   T29] kauditd_printk_skb: 117 callbacks suppressed
[  152.487933][   T29] audit: type=1326 audit(2000000084.200:8638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.488046][   T29] audit: type=1326 audit(2000000084.200:8639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.489911][   T29] audit: type=1326 audit(2000000084.200:8640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.502079][T10764] macvlan1: entered promiscuous mode
[  152.538825][   T29] audit: type=1326 audit(2000000084.200:8641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.594652][   T29] audit: type=1326 audit(2000000084.200:8642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.618367][   T29] audit: type=1326 audit(2000000084.200:8643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.641940][   T29] audit: type=1326 audit(2000000084.200:8644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.665372][   T29] audit: type=1326 audit(2000000084.200:8645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.689057][   T29] audit: type=1326 audit(2000000084.200:8646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.712514][   T29] audit: type=1326 audit(2000000084.200:8647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10755 comm="syz.5.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  152.716947][T10764] ipvlan0: entered promiscuous mode
[  152.753264][T10764] ipvlan0: left promiscuous mode
[  152.753340][T10764] macvlan1: left promiscuous mode
[  152.866508][T10606] veth0_vlan: entered promiscuous mode
[  152.886178][T10775] loop4: detected capacity change from 0 to 1024
[  152.886641][T10775] EXT4-fs: Ignoring removed nobh option
[  152.886661][T10775] EXT4-fs: Ignoring removed bh option
[  152.895216][T10775] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.901989][T10606] veth1_vlan: entered promiscuous mode
[  152.910156][T10606] veth0_macvtap: entered promiscuous mode
[  152.911288][T10606] veth1_macvtap: entered promiscuous mode
[  152.915510][T10606] batman_adv: batadv0: Interface activated: batadv_slave_0
[  152.916884][T10606] batman_adv: batadv0: Interface activated: batadv_slave_1
[  152.918320][T10606] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  152.918359][T10606] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  152.918396][T10606] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  152.918432][T10606] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.092401][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.157397][T10791] FAULT_INJECTION: forcing a failure.
[  153.157397][T10791] name failslab, interval 1, probability 0, space 0, times 0
[  153.170161][T10791] CPU: 0 UID: 0 PID: 10791 Comm: syz.5.2808 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  153.170193][T10791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.170206][T10791] Call Trace:
[  153.170212][T10791]  <TASK>
[  153.170220][T10791]  __dump_stack+0x1d/0x30
[  153.170248][T10791]  dump_stack_lvl+0xe8/0x140
[  153.170269][T10791]  dump_stack+0x15/0x1b
[  153.170297][T10791]  should_fail_ex+0x265/0x280
[  153.170330][T10791]  should_failslab+0x8c/0xb0
[  153.170356][T10791]  kmem_cache_alloc_node_noprof+0x57/0x320
[  153.170388][T10791]  ? __alloc_skb+0x101/0x320
[  153.170422][T10791]  __alloc_skb+0x101/0x320
[  153.170456][T10791]  netlink_alloc_large_skb+0xba/0xf0
[  153.170491][T10791]  netlink_sendmsg+0x3cf/0x6b0
[  153.170583][T10791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.170651][T10791]  __sock_sendmsg+0x145/0x180
[  153.170678][T10791]  ____sys_sendmsg+0x31e/0x4e0
[  153.170719][T10791]  ___sys_sendmsg+0x17b/0x1d0
[  153.170767][T10791]  __x64_sys_sendmsg+0xd4/0x160
[  153.170850][T10791]  x64_sys_call+0x2999/0x2fb0
[  153.170873][T10791]  do_syscall_64+0xd2/0x200
[  153.170951][T10791]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  153.170981][T10791]  ? clear_bhb_loop+0x40/0x90
[  153.171005][T10791]  ? clear_bhb_loop+0x40/0x90
[  153.171065][T10791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.171089][T10791] RIP: 0033:0x7f38f8e9e9a9
[  153.171105][T10791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.171127][T10791] RSP: 002b:00007f38f7507038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.171191][T10791] RAX: ffffffffffffffda RBX: 00007f38f90c5fa0 RCX: 00007f38f8e9e9a9
[  153.171206][T10791] RDX: 000000000c040080 RSI: 0000200000000240 RDI: 0000000000000003
[  153.171220][T10791] RBP: 00007f38f7507090 R08: 0000000000000000 R09: 0000000000000000
[  153.171234][T10791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.171248][T10791] R13: 0000000000000000 R14: 00007f38f90c5fa0 R15: 00007ffcbcb5d0e8
[  153.171267][T10791]  </TASK>
[  153.178088][T10793] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2807'.
[  153.220933][T10797] loop5: detected capacity change from 0 to 512
[  153.249959][T10799] loop6: detected capacity change from 0 to 2048
[  153.279584][T10789] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  153.294387][T10797] journal_path: Lookup failure for './file0/../file0'
[  153.303478][T10794] 9pnet: Could not find request transport: fd0x0000000000000004
[  153.309052][T10797] EXT4-fs: error: could not find journal device path
[  153.384145][T10799] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.482248][T10809] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2814'.
[  153.532489][T10814] IPv4: Oversized IP packet from 127.202.26.0
[  153.630912][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.691791][T10832] 9pnet_fd: Insufficient options for proto=fd
[  153.728126][T10838] loop6: detected capacity change from 0 to 512
[  153.741832][T10840] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2820'.
[  153.750932][T10840] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2820'.
[  153.789091][T10838] ext4 filesystem being mounted at /316/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.850279][T10838] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #12: comm syz.6.2823: invalid size
[  153.953744][T10849] lo speed is unknown, defaulting to 1000
[  153.960848][T10838] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2823'.
[  154.029653][T10860] netlink: 'syz.5.2827': attribute type 2 has an invalid length.
[  154.037424][T10860] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2827'.
[  154.088927][T10868] loop5: detected capacity change from 0 to 128
[  154.103509][T10868] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  154.111460][T10868] FAT-fs (loop5): Filesystem has been set read-only
[  154.129442][ T6325] bridge_slave_1: left allmulticast mode
[  154.129460][ T6325] bridge_slave_1: left promiscuous mode
[  154.135197][T10868] bio_check_eod: 125091 callbacks suppressed
[  154.135210][T10868] syz.5.2830: attempt to access beyond end of device
[  154.135210][T10868] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  154.140772][ T6325] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.147113][T10868] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  154.175180][T10868] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  154.183273][T10868] syz.5.2830: attempt to access beyond end of device
[  154.183273][T10868] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  154.197137][ T6325] bridge_slave_0: left allmulticast mode
[  154.202906][ T6325] bridge_slave_0: left promiscuous mode
[  154.207623][T10868] syz.5.2830: attempt to access beyond end of device
[  154.207623][T10868] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  154.208614][ T6325] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.221734][T10868] syz.5.2830: attempt to access beyond end of device
[  154.221734][T10868] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  154.242029][T10868] syz.5.2830: attempt to access beyond end of device
[  154.242029][T10868] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  154.256198][T10871] syz.5.2830: attempt to access beyond end of device
[  154.256198][T10871] loop5: rw=0, sector=2065, nr_sectors = 1 limit=128
[  154.269540][T10871] buffer_io_error: 94566 callbacks suppressed
[  154.269553][T10871] Buffer I/O error on dev loop5, logical block 2065, async page read
[  154.283715][T10871] syz.5.2830: attempt to access beyond end of device
[  154.283715][T10871] loop5: rw=0, sector=2066, nr_sectors = 1 limit=128
[  154.296944][T10871] Buffer I/O error on dev loop5, logical block 2066, async page read
[  154.305187][T10871] syz.5.2830: attempt to access beyond end of device
[  154.305187][T10871] loop5: rw=0, sector=2067, nr_sectors = 1 limit=128
[  154.318500][T10871] Buffer I/O error on dev loop5, logical block 2067, async page read
[  154.326704][T10871] syz.5.2830: attempt to access beyond end of device
[  154.326704][T10871] loop5: rw=0, sector=2068, nr_sectors = 1 limit=128
[  154.339923][T10871] Buffer I/O error on dev loop5, logical block 2068, async page read
[  154.348019][T10871] syz.5.2830: attempt to access beyond end of device
[  154.348019][T10871] loop5: rw=0, sector=2069, nr_sectors = 1 limit=128
[  154.361268][T10871] Buffer I/O error on dev loop5, logical block 2069, async page read
[  154.369906][T10871] Buffer I/O error on dev loop5, logical block 2070, async page read
[  154.378041][T10871] Buffer I/O error on dev loop5, logical block 2071, async page read
[  154.386320][T10871] Buffer I/O error on dev loop5, logical block 2072, async page read
[  154.394477][T10871] Buffer I/O error on dev loop5, logical block 2065, async page read
[  154.402664][T10871] Buffer I/O error on dev loop5, logical block 2066, async page read
[  154.465712][T10880] loop6: detected capacity change from 0 to 512
[  154.475084][ T6325] bond0 (unregistering): left allmulticast mode
[  154.481375][ T6325] bond_slave_0: left allmulticast mode
[  154.486833][ T6325] bond_slave_1: left allmulticast mode
[  154.492339][ T6325] bond0 (unregistering): left promiscuous mode
[  154.498565][ T6325] bond_slave_0: left promiscuous mode
[  154.504132][ T6325] bond_slave_1: left promiscuous mode
[  154.529978][ T6325] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.552849][ T6325] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.561846][ T6325] bond0 (unregistering): Released all slaves
[  154.618097][T10849] chnl_net:caif_netlink_parms(): no params data found
[  154.647995][ T6325] tipc: Left network mode
[  154.666616][T10887] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2835'.
[  154.706745][T10891] netlink: 'syz.2.2836': attribute type 21 has an invalid length.
[  154.757298][ T6325] hsr_slave_0: left promiscuous mode
[  154.770103][ T6325] hsr_slave_1: left promiscuous mode
[  154.777468][ T6325] batman_adv: batadv0: Removing interface: batadv_slave_0
[  154.785803][ T6325] batman_adv: batadv0: Removing interface: batadv_slave_1
[  154.834292][ T6325] team0 (unregistering): Port device team_slave_1 removed
[  154.846025][ T6325] team0 (unregistering): Port device C removed
[  154.878746][T10897] loop6: detected capacity change from 0 to 128
[  154.888990][T10897] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  154.896814][T10897] FAT-fs (loop6): Filesystem has been set read-only
[  154.903552][T10897] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  154.911384][T10897] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  154.919383][ T6328] smc: removing ib device syz0
[  154.934775][T10849] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.941933][T10849] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.968001][T10849] bridge_slave_0: entered allmulticast mode
[  154.974313][T10849] bridge_slave_0: entered promiscuous mode
[  154.991683][T10849] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.998795][T10849] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.006114][T10849] bridge_slave_1: entered allmulticast mode
[  155.014532][T10849] bridge_slave_1: entered promiscuous mode
[  155.035319][T10849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  155.045744][T10849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.056239][T10900] loop5: detected capacity change from 0 to 2048
[  155.069569][T10849] team0: Port device team_slave_0 added
[  155.076427][T10849] team0: Port device team_slave_1 added
[  155.093009][T10849] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.099999][T10849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.126140][T10849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.137584][T10849] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.139215][T10900]  loop5: p1 < > p4
[  155.144550][T10849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.167875][T10900] loop5: p4 size 8388608 extends beyond EOD, truncated
[  155.174344][T10849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.200809][T10849] hsr_slave_0: entered promiscuous mode
[  155.216946][T10849] hsr_slave_1: entered promiscuous mode
[  155.223547][T10849] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  155.231289][T10849] Cannot create hsr debugfs directory
[  155.515830][T10849] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  155.525003][T10849] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  155.535252][T10849] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  155.549785][T10849] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  155.582176][T10849] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.589342][T10849] bridge0: port 2(bridge_slave_1) entered forwarding state
[  155.596725][T10849] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.603777][T10849] bridge0: port 1(bridge_slave_0) entered forwarding state
[  155.642642][T10849] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.663545][ T6326] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.671805][ T6326] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.700239][T10849] 8021q: adding VLAN 0 to HW filter on device team0
[  155.717479][ T6326] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.724609][ T6326] bridge0: port 1(bridge_slave_0) entered forwarding state
[  155.743242][ T6329] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.750459][ T6329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  155.821860][T10849] 8021q: adding VLAN 0 to HW filter on device batadv0
[  155.986390][T10849] veth0_vlan: entered promiscuous mode
[  155.997533][T10849] veth1_vlan: entered promiscuous mode
[  156.014479][T10849] veth0_macvtap: entered promiscuous mode
[  156.022153][T10849] veth1_macvtap: entered promiscuous mode
[  156.033665][T10849] batman_adv: batadv0: Interface activated: batadv_slave_0
[  156.045028][T10849] batman_adv: batadv0: Interface activated: batadv_slave_1
[  156.054494][T10849] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  156.063328][T10849] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  156.072075][T10849] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  156.080826][T10849] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  156.140421][T10953] loop5: detected capacity change from 0 to 512
[  156.149493][T10953] EXT4-fs (loop5): orphan cleanup on readonly fs
[  156.153731][T10957] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2825'.
[  156.169616][T10955] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10955 comm=syz.6.2852
[  156.182610][T10953] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2853: bg 0: block 248: padding at end of block bitmap is not set
[  156.197918][T10953] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2853: Failed to acquire dquot type 1
[  156.211590][T10953] EXT4-fs (loop5): 1 truncate cleaned up
[  156.220867][T10953] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  156.238186][T10960] openvswitch: netlink: Message has 6 unknown bytes.
[  156.255049][T10953] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  156.290878][T10968] loop4: detected capacity change from 0 to 128
[  156.316918][T10968] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  156.324921][T10968] FAT-fs (loop4): Filesystem has been set read-only
[  156.337665][T10976] loop6: detected capacity change from 0 to 1024
[  156.344291][T10976] EXT4-fs: Ignoring removed orlov option
[  156.351347][T10968] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  156.359273][T10968] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  156.392273][T10985] loop5: detected capacity change from 0 to 164
[  156.512721][T10991] macvlan1: entered promiscuous mode
[  156.521017][T10991] ipvlan0: entered promiscuous mode
[  156.527225][T10991] ipvlan0: left promiscuous mode
[  156.532511][T10991] macvlan1: left promiscuous mode
[  156.621549][T10994] loop5: detected capacity change from 0 to 128
[  156.681912][T10994] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  156.689854][T10994] FAT-fs (loop5): Filesystem has been set read-only
[  156.710618][T10996] FAULT_INJECTION: forcing a failure.
[  156.710618][T10996] name failslab, interval 1, probability 0, space 0, times 0
[  156.723435][T10996] CPU: 0 UID: 0 PID: 10996 Comm: syz.1.2867 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  156.723511][T10996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.723526][T10996] Call Trace:
[  156.723533][T10996]  <TASK>
[  156.723540][T10996]  __dump_stack+0x1d/0x30
[  156.723563][T10996]  dump_stack_lvl+0xe8/0x140
[  156.723643][T10996]  dump_stack+0x15/0x1b
[  156.723659][T10996]  should_fail_ex+0x265/0x280
[  156.723689][T10996]  ? __pfx_cond_bools_destroy+0x10/0x10
[  156.723760][T10996]  should_failslab+0x8c/0xb0
[  156.723783][T10996]  kmem_cache_alloc_noprof+0x50/0x310
[  156.723881][T10996]  ? hashtab_duplicate+0xfe/0x360
[  156.723901][T10996]  ? __pfx_cond_bools_destroy+0x10/0x10
[  156.723929][T10996]  hashtab_duplicate+0xfe/0x360
[  156.724019][T10996]  ? __pfx_cond_bools_copy+0x10/0x10
[  156.724049][T10996]  cond_policydb_dup+0xd2/0x4e0
[  156.724080][T10996]  security_set_bools+0xa0/0x340
[  156.724107][T10996]  sel_commit_bools_write+0x1ea/0x270
[  156.724176][T10996]  vfs_writev+0x403/0x8b0
[  156.724271][T10996]  ? __pfx_sel_commit_bools_write+0x10/0x10
[  156.724368][T10996]  ? mutex_lock+0xd/0x30
[  156.724473][T10996]  do_writev+0xe7/0x210
[  156.724496][T10996]  __x64_sys_writev+0x45/0x50
[  156.724515][T10996]  x64_sys_call+0x2006/0x2fb0
[  156.724611][T10996]  do_syscall_64+0xd2/0x200
[  156.724629][T10996]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  156.724655][T10996]  ? clear_bhb_loop+0x40/0x90
[  156.724676][T10996]  ? clear_bhb_loop+0x40/0x90
[  156.724706][T10996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.724727][T10996] RIP: 0033:0x7f3b2514e9a9
[  156.724742][T10996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.724760][T10996] RSP: 002b:00007f3b237b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  156.724778][T10996] RAX: ffffffffffffffda RBX: 00007f3b25375fa0 RCX: 00007f3b2514e9a9
[  156.724791][T10996] RDX: 0000000000000002 RSI: 00002000000025c0 RDI: 0000000000000004
[  156.724804][T10996] RBP: 00007f3b237b7090 R08: 0000000000000000 R09: 0000000000000000
[  156.724886][T10996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  156.724898][T10996] R13: 0000000000000000 R14: 00007f3b25375fa0 R15: 00007fff4acc0858
[  156.724915][T10996]  </TASK>
[  156.725746][T10994] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  156.962530][T10994] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  157.021323][T11002] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11002 comm=syz.1.2869
[  157.245052][T11019] IPv4: Oversized IP packet from 127.202.26.0
[  157.292541][T11022] macvlan1: entered promiscuous mode
[  157.316784][T11022] ipvlan0: entered promiscuous mode
[  157.355473][T11022] ipvlan0: left promiscuous mode
[  157.373824][T11022] macvlan1: left promiscuous mode
[  157.380455][T11026] loop4: detected capacity change from 0 to 2048
[  157.410927][T11024] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2876'.
[  157.428213][T11026]  loop4: p1 < > p4
[  157.438926][T11026] loop4: p4 size 8388608 extends beyond EOD, truncated
[  157.513261][   T29] kauditd_printk_skb: 336 callbacks suppressed
[  157.513276][   T29] audit: type=1326 audit(2000000089.220:8981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.562042][T11032] tmpfs: Cannot disable swap on remount
[  157.591545][   T29] audit: type=1326 audit(2000000089.260:8982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.615092][   T29] audit: type=1400 audit(2000000095.289:8983): avc:  denied  { unmount } for  pid=10606 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  157.635217][   T29] audit: type=1326 audit(2000000095.289:8984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.658991][   T29] audit: type=1326 audit(2000000095.289:8985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.682671][   T29] audit: type=1326 audit(2000000095.289:8986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.707176][   T29] audit: type=1326 audit(2000000095.379:8987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.730595][   T29] audit: type=1326 audit(2000000095.379:8988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.754195][   T29] audit: type=1326 audit(2000000095.379:8989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11023 comm="syz.4.2877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  157.886583][T11049] loop5: detected capacity change from 0 to 1024
[  157.895972][T11051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2890'.
[  157.905096][T11051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2890'.
[  157.916746][T11049] EXT4-fs: Ignoring removed orlov option
[  157.949796][T11049] EXT4-fs mount: 7 callbacks suppressed
[  157.949811][T11049] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.041029][T11065] loop6: detected capacity change from 0 to 2048
[  158.078152][T11065]  loop6: p1 < > p4
[  158.086277][T11065] loop6: p4 size 8388608 extends beyond EOD, truncated
[  158.096935][   T29] audit: type=1326 audit(2000000095.799:8990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11072 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  158.181760][T11081] macvlan1: entered promiscuous mode
[  158.188321][T11081] ipvlan0: entered promiscuous mode
[  158.195362][T11081] ipvlan0: left promiscuous mode
[  158.220248][T11081] macvlan1: left promiscuous mode
[  158.245663][T11086] loop6: detected capacity change from 0 to 1024
[  158.254511][T11086] EXT4-fs: Ignoring removed orlov option
[  158.300022][T11084] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2903'.
[  158.353791][T11086] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.403887][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.484105][T11105] loop4: detected capacity change from 0 to 128
[  158.512858][T11111] macvlan1: entered promiscuous mode
[  158.520241][T11111] ipvlan0: entered promiscuous mode
[  158.525899][T11111] ipvlan0: left promiscuous mode
[  158.531168][T11111] macvlan1: left promiscuous mode
[  158.626469][T11123] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.2918'.
[  158.636577][T11123] netlink: zone id is out of range
[  158.642072][T11123] netlink: zone id is out of range
[  158.647249][T11123] netlink: del zone limit has 8 unknown bytes
[  158.677150][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.843235][T11140] loop5: detected capacity change from 0 to 512
[  158.852453][T11137] loop6: detected capacity change from 0 to 512
[  158.859485][T11140] EXT4-fs (loop5): orphan cleanup on readonly fs
[  158.866537][T11140] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2926: bg 0: block 248: padding at end of block bitmap is not set
[  158.892203][T11137] journal_path: Lookup failure for './file0/../file0'
[  158.899052][T11137] EXT4-fs: error: could not find journal device path
[  158.907418][T11140] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2926: Failed to acquire dquot type 1
[  158.925732][T11140] EXT4-fs (loop5): 1 truncate cleaned up
[  158.936295][T11144] loop4: detected capacity change from 0 to 1024
[  158.945051][T11140] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.961086][T11140] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  158.973319][T11144] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  158.988672][T11144] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.013004][T11144] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2927'.
[  159.040962][T11140] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  159.085786][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.105653][T10849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  159.128366][T11156] loop6: detected capacity change from 0 to 8192
[  159.182831][T11162] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2932'.
[  159.291053][T11165] macvlan1: entered promiscuous mode
[  159.316952][T11165] ipvlan0: entered promiscuous mode
[  159.323626][T11165] ipvlan0: left promiscuous mode
[  159.331831][T11165] macvlan1: left promiscuous mode
[  159.344976][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2934'.
[  159.431055][T11177] loop4: detected capacity change from 0 to 128
[  159.440727][T11177] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  159.448703][T11177] FAT-fs (loop4): Filesystem has been set read-only
[  159.455520][T11177] bio_check_eod: 208511 callbacks suppressed
[  159.455532][T11177] syz.4.2938: attempt to access beyond end of device
[  159.455532][T11177] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  159.475854][T11177] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  159.483715][T11177] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  159.492071][T11177] syz.4.2938: attempt to access beyond end of device
[  159.492071][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.505585][T11177] syz.4.2938: attempt to access beyond end of device
[  159.505585][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.519494][T11177] syz.4.2938: attempt to access beyond end of device
[  159.519494][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.533052][T11177] syz.4.2938: attempt to access beyond end of device
[  159.533052][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.546835][T11177] syz.4.2938: attempt to access beyond end of device
[  159.546835][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.560496][T11177] syz.4.2938: attempt to access beyond end of device
[  159.560496][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.574059][T11177] syz.4.2938: attempt to access beyond end of device
[  159.574059][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.588033][T11177] syz.4.2938: attempt to access beyond end of device
[  159.588033][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.601480][T11177] syz.4.2938: attempt to access beyond end of device
[  159.601480][T11177] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  159.852091][T11185] loop6: detected capacity change from 0 to 512
[  159.879408][T11185] EXT4-fs (loop6): orphan cleanup on readonly fs
[  159.886412][T11185] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.2942: bg 0: block 248: padding at end of block bitmap is not set
[  159.905862][T11185] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.2942: Failed to acquire dquot type 1
[  159.908423][T11187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2943'.
[  159.939570][T11185] EXT4-fs (loop6): 1 truncate cleaned up
[  159.954083][T11185] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  160.009329][T11185] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[  160.029499][T11185] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  160.066088][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.108912][T11197] loop6: detected capacity change from 0 to 1024
[  160.125592][T11197] EXT4-fs: Ignoring removed orlov option
[  160.161215][T11197] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.335514][T11227] loop5: detected capacity change from 0 to 512
[  160.347810][T11228] macvlan1: entered promiscuous mode
[  160.354098][T11227] journal_path: Lookup failure for './file0/../file0'
[  160.360991][T11227] EXT4-fs: error: could not find journal device path
[  160.368651][T11228] ipvlan0: entered promiscuous mode
[  160.383367][T11228] ipvlan0: left promiscuous mode
[  160.389690][T11228] macvlan1: left promiscuous mode
[  160.411422][T11232] loop4: detected capacity change from 0 to 2048
[  160.452434][T11232]  loop4: p1 < > p4
[  160.462306][T11232] loop4: p4 size 8388608 extends beyond EOD, truncated
[  160.534429][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.565543][T11256] loop6: detected capacity change from 0 to 128
[  160.576163][T11258] loop5: detected capacity change from 0 to 128
[  160.585168][T11258] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  160.593127][T11258] FAT-fs (loop5): Filesystem has been set read-only
[  160.600208][T11258] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  160.608077][T11258] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  160.609417][T11254] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2970'.
[  160.638450][T11267] buffer_io_error: 207206 callbacks suppressed
[  160.638467][T11267] Buffer I/O error on dev loop5, logical block 2065, async page read
[  160.639239][T11268] loop6: detected capacity change from 0 to 128
[  160.644697][T11267] Buffer I/O error on dev loop5, logical block 2066, async page read
[  160.644717][T11267] Buffer I/O error on dev loop5, logical block 2067, async page read
[  160.667290][T11265] loop4: detected capacity change from 0 to 2048
[  160.677044][T11267] Buffer I/O error on dev loop5, logical block 2068, async page read
[  160.682995][T11268] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  160.690602][T11267] Buffer I/O error on dev loop5, logical block 2069, async page read
[  160.697423][T11268] FAT-fs (loop6): Filesystem has been set read-only
[  160.705573][T11267] Buffer I/O error on dev loop5, logical block 2070, async page read
[  160.705940][T11267] Buffer I/O error on dev loop5, logical block 2071, async page read
[  160.712381][T11268] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  160.720344][T11253] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  160.728322][T11268] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  160.754166][T11267] Buffer I/O error on dev loop5, logical block 2072, async page read
[  160.767047][T11270] Buffer I/O error on dev loop6, logical block 2065, async page read
[  160.775236][T11258] Buffer I/O error on dev loop5, logical block 2065, async page read
[  160.788645][T11265]  loop4: p1 < > p4
[  160.792956][T11265] loop4: p4 size 8388608 extends beyond EOD, truncated
[  161.150014][T11285] loop4: detected capacity change from 0 to 2048
[  161.218913][T11285]  loop4: p1 < > p4
[  161.223990][T11285] loop4: p4 size 8388608 extends beyond EOD, truncated
[  161.317238][T11300] 9pnet_fd: Insufficient options for proto=fd
[  161.330106][T11302] loop4: detected capacity change from 0 to 1024
[  161.381268][T11302] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.422721][T11302] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.479308][T11302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.590208][T11330] FAULT_INJECTION: forcing a failure.
[  161.590208][T11330] name failslab, interval 1, probability 0, space 0, times 0
[  161.602930][T11330] CPU: 0 UID: 0 PID: 11330 Comm: syz.6.2994 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  161.602964][T11330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.602979][T11330] Call Trace:
[  161.602988][T11330]  <TASK>
[  161.602995][T11330]  __dump_stack+0x1d/0x30
[  161.603017][T11330]  dump_stack_lvl+0xe8/0x140
[  161.603038][T11330]  dump_stack+0x15/0x1b
[  161.603055][T11330]  should_fail_ex+0x265/0x280
[  161.603089][T11330]  should_failslab+0x8c/0xb0
[  161.603164][T11330]  __kmalloc_node_noprof+0xa9/0x410
[  161.603240][T11330]  ? load_msg+0x41/0x2f0
[  161.603260][T11330]  load_msg+0x41/0x2f0
[  161.603280][T11330]  do_mq_timedsend+0x23e/0x6b0
[  161.603348][T11330]  __x64_sys_mq_timedsend+0xd1/0x160
[  161.603483][T11330]  x64_sys_call+0x2db9/0x2fb0
[  161.603577][T11330]  do_syscall_64+0xd2/0x200
[  161.603595][T11330]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  161.603667][T11330]  ? clear_bhb_loop+0x40/0x90
[  161.603689][T11330]  ? clear_bhb_loop+0x40/0x90
[  161.603712][T11330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.603734][T11330] RIP: 0033:0x7fb4ce94e9a9
[  161.603752][T11330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.603813][T11330] RSP: 002b:00007fb4ccf96038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f2
[  161.603832][T11330] RAX: ffffffffffffffda RBX: 00007fb4ceb76080 RCX: 00007fb4ce94e9a9
[  161.603876][T11330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[  161.603889][T11330] RBP: 00007fb4ccf96090 R08: 0000000000000000 R09: 0000000000000000
[  161.603922][T11330] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[  161.603934][T11330] R13: 0000000000000000 R14: 00007fb4ceb76080 R15: 00007fffaceee3d8
[  161.603953][T11330]  </TASK>
[  161.887592][T11349] loop6: detected capacity change from 0 to 2048
[  161.944600][T11353] 9pnet_fd: Insufficient options for proto=fd
[  161.958453][T11349]  loop6: p1 < > p4
[  161.964308][T11349] loop6: p4 size 8388608 extends beyond EOD, truncated
[  161.992239][T11355] netlink: 'syz.1.3002': attribute type 1 has an invalid length.
[  162.038476][T11359] netlink: 'syz.1.3002': attribute type 1 has an invalid length.
[  162.069643][T11365] loop6: detected capacity change from 0 to 512
[  162.097177][T11365] journal_path: Lookup failure for './file0/../file0'
[  162.104081][T11365] EXT4-fs: error: could not find journal device path
[  162.214111][T11373] loop6: detected capacity change from 0 to 2048
[  162.267746][T11376] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0
[  162.298338][T11373]  loop6: p1 < > p4
[  162.326942][T11373] loop6: p4 size 8388608 extends beyond EOD, truncated
[  162.395563][T11388] loop5: detected capacity change from 0 to 128
[  162.413549][T11386] 9pnet_fd: Insufficient options for proto=fd
[  162.441102][T11389] __nla_validate_parse: 7 callbacks suppressed
[  162.441115][T11389] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3012'.
[  162.481267][T11391] loop5: detected capacity change from 0 to 128
[  162.499328][T11395] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3019'.
[  162.513129][T11391] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  162.521041][T11391] FAT-fs (loop5): Filesystem has been set read-only
[  162.537558][   T29] kauditd_printk_skb: 424 callbacks suppressed
[  162.537573][   T29] audit: type=1326 audit(2000000100.239:9409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11392 comm="syz.1.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  162.567382][   T29] audit: type=1326 audit(2000000100.239:9410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11392 comm="syz.1.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  162.590955][   T29] audit: type=1326 audit(2000000100.239:9411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11392 comm="syz.1.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  162.614554][   T29] audit: type=1326 audit(2000000100.239:9412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11392 comm="syz.1.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b2514e9a9 code=0x7ffc0000
[  162.640917][T11391] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  162.648803][T11391] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  162.673186][T11380] netlink: 'syz.4.3012': attribute type 10 has an invalid length.
[  162.698865][   T29] audit: type=1326 audit(2000000100.379:9413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11390 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  162.701447][T11380] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  162.722401][   T29] audit: type=1400 audit(2000000100.379:9414): avc:  denied  { ioctl } for  pid=11394 comm="syz.6.3019" path="/dev/virtual_nci" dev="devtmpfs" ino=132 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  162.755642][   T29] audit: type=1400 audit(2000000100.379:9415): avc:  denied  { setopt } for  pid=11394 comm="syz.6.3019" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  162.776200][   T29] audit: type=1326 audit(2000000100.399:9416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11390 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  162.865350][   T29] audit: type=1326 audit(2000000100.539:9417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11390 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  162.888989][   T29] audit: type=1326 audit(2000000100.539:9418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11390 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f8e9e9a9 code=0x7ffc0000
[  162.970396][T11389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.989849][T11389] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.235853][T11423] 9pnet_fd: Insufficient options for proto=fd
[  163.308043][T11434] netem: change failed
[  163.326048][T11436] FAULT_INJECTION: forcing a failure.
[  163.326048][T11436] name failslab, interval 1, probability 0, space 0, times 0
[  163.338737][T11436] CPU: 0 UID: 0 PID: 11436 Comm: syz.1.3033 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  163.338819][T11436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.338834][T11436] Call Trace:
[  163.338842][T11436]  <TASK>
[  163.338851][T11436]  __dump_stack+0x1d/0x30
[  163.338879][T11436]  dump_stack_lvl+0xe8/0x140
[  163.338898][T11436]  dump_stack+0x15/0x1b
[  163.338916][T11436]  should_fail_ex+0x265/0x280
[  163.339090][T11436]  should_failslab+0x8c/0xb0
[  163.339113][T11436]  __kmalloc_noprof+0xa5/0x3e0
[  163.339145][T11436]  ? nla_strdup+0x78/0xc0
[  163.339185][T11436]  nla_strdup+0x78/0xc0
[  163.339297][T11436]  nf_tables_newtable+0x3ba/0xea0
[  163.339344][T11436]  nfnetlink_rcv+0xb99/0x1690
[  163.339400][T11436]  netlink_unicast+0x5a8/0x680
[  163.339513][T11436]  netlink_sendmsg+0x58b/0x6b0
[  163.339538][T11436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.339560][T11436]  __sock_sendmsg+0x145/0x180
[  163.339586][T11436]  ____sys_sendmsg+0x31e/0x4e0
[  163.339697][T11436]  ___sys_sendmsg+0x17b/0x1d0
[  163.339746][T11436]  __x64_sys_sendmsg+0xd4/0x160
[  163.339823][T11436]  x64_sys_call+0x2999/0x2fb0
[  163.339884][T11436]  do_syscall_64+0xd2/0x200
[  163.339902][T11436]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.339930][T11436]  ? clear_bhb_loop+0x40/0x90
[  163.340035][T11436]  ? clear_bhb_loop+0x40/0x90
[  163.340107][T11436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.340133][T11436] RIP: 0033:0x7f3b2514e9a9
[  163.340150][T11436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.340169][T11436] RSP: 002b:00007f3b237b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  163.340248][T11436] RAX: ffffffffffffffda RBX: 00007f3b25375fa0 RCX: 00007f3b2514e9a9
[  163.340264][T11436] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000005
[  163.340287][T11436] RBP: 00007f3b237b7090 R08: 0000000000000000 R09: 0000000000000000
[  163.340300][T11436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.340312][T11436] R13: 0000000000000000 R14: 00007f3b25375fa0 R15: 00007fff4acc0858
[  163.340401][T11436]  </TASK>
[  163.623666][T11447] FAULT_INJECTION: forcing a failure.
[  163.623666][T11447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.636818][T11447] CPU: 1 UID: 0 PID: 11447 Comm: syz.2.3038 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  163.636847][T11447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.636860][T11447] Call Trace:
[  163.636866][T11447]  <TASK>
[  163.636873][T11447]  __dump_stack+0x1d/0x30
[  163.636899][T11447]  dump_stack_lvl+0xe8/0x140
[  163.636918][T11447]  dump_stack+0x15/0x1b
[  163.636953][T11447]  should_fail_ex+0x265/0x280
[  163.636990][T11447]  should_fail+0xb/0x20
[  163.637018][T11447]  should_fail_usercopy+0x1a/0x20
[  163.637070][T11447]  _copy_to_iter+0x24b/0xe30
[  163.637111][T11447]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  163.637139][T11447]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  163.637206][T11447]  __skb_datagram_iter+0xc6/0x690
[  163.637242][T11447]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  163.637281][T11447]  skb_copy_datagram_iter+0x3d/0x110
[  163.637375][T11447]  netlink_recvmsg+0x1a8/0x550
[  163.637398][T11447]  ? __pfx_netlink_recvmsg+0x10/0x10
[  163.637417][T11447]  sock_recvmsg+0x136/0x170
[  163.637443][T11447]  ____sys_recvmsg+0xf5/0x280
[  163.637539][T11447]  ___sys_recvmsg+0x11f/0x370
[  163.637587][T11447]  __x64_sys_recvmsg+0xd1/0x160
[  163.637609][T11447]  x64_sys_call+0xf19/0x2fb0
[  163.637631][T11447]  do_syscall_64+0xd2/0x200
[  163.637721][T11447]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.637817][T11447]  ? clear_bhb_loop+0x40/0x90
[  163.637840][T11447]  ? clear_bhb_loop+0x40/0x90
[  163.637862][T11447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.637883][T11447] RIP: 0033:0x7fdf7978e9a9
[  163.637898][T11447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.637935][T11447] RSP: 002b:00007fdf77df7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  163.637954][T11447] RAX: ffffffffffffffda RBX: 00007fdf799b5fa0 RCX: 00007fdf7978e9a9
[  163.637967][T11447] RDX: 0000000000010020 RSI: 0000200000000340 RDI: 0000000000000003
[  163.637996][T11447] RBP: 00007fdf77df7090 R08: 0000000000000000 R09: 0000000000000000
[  163.638070][T11447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.638083][T11447] R13: 0000000000000000 R14: 00007fdf799b5fa0 R15: 00007ffd4c358cd8
[  163.638101][T11447]  </TASK>
[  163.908538][T11453] SELinux:  Context '8z@���
[  163.908538][T11453]  is not valid (left unmapped).
[  163.915933][T11455] loop6: detected capacity change from 0 to 2048
[  163.927414][T11450] loop5: detected capacity change from 0 to 2048
[  163.936430][T11453] SELinux:  Context �Y7��j
[  163.936430][T11453] u/$2Sٟ�2'��k�s2-�	vj�d��	�#���,�N<
[  163.936430][T11453] �:�E]Y��\?�ͼ�=�ً�1�KI�������k��{kL^���0�����}�4n�r��}���
pį����N�w
���yxiu?+������H~���F���1�W����jm	&8�UۂV�����N���2�)Gx�V�%�5��xeRM4r4c���J�s�HU&����'p��2EMM�k&��c�bU���,�,������f�@��8�������b��D��%$���f�=����8�@���k�I|����w �O��x&KCH;��x-��K��o�4�i!��Oi�%ڂ2��F"2�E,P] ��k�? is not valid (left unmapped).
[  163.983190][T11453] SELinux:  Context *m�kX�I��$h�x4۫�K�M� is not valid (left unmapped).
[  163.991892][T11453] SELinux:  Context ���KM*�,h�c��I�Ǿ�û��̋y���+�.�+y��0�[pr�;J�A9�����Iq�j�Ǽ=7)o
M{���nF��=����Xmnx��r�D�㑉��垳�4��TW
��}�t�����%ȖY��^s�lF����B�53��h�m���5�}��;J�����Xom%~"�~9mM��~alʺL�I8��i��<B�3
[  163.991892][T11453] \�,:��gՀ^!�(D�.�0���� is not valid (left unmapped).
[  164.023399][T11453] SELinux:  Context 5�}��M3�p�X:����]�Q?��֧�p����{��O)B��R���D��P_N�[��`�3�?"�Mp$�=J�9[Ճ�CZ<R is not valid (left unmapped).
[  164.024674][T11455]  loop6: p1 < > p4
[  164.038278][T11450] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.043234][T11455] loop6: p4 size 8388608 extends beyond EOD, truncated
[  164.075262][T11453] SELinux:  Context 77Q�����.�y��H.j��o���@���M����ɭ+�Š��~���o��)�ơ�s�#��{�2t������f���Л�����7�ZDt�ǩ)�X��.�9`�	\^�� is not valid (left unmapped).
[  164.095808][T11450] EXT4-fs (loop5): shut down requested (0)
[  164.105995][T11453] SELinux:  Context A��)��t�'����*'ĺ����k�����ش�L�&��z�
[  164.105995][T11453] :_t� �0��H^����B��>&��Zw8	lX&�D;t�d�B�I�ݛ~���L
[  164.105995][T11453] uSċ�kxI��R��I$4"�l��X�
7f9�٬��b���B��|72�*�
��k���NM������ is not valid (left unmapped).
[  164.132632][T11462] loop4: detected capacity change from 0 to 512
[  164.148204][T11453] SELinux:  Context �W�X�E��][O�:Ѹ���o�߭O���bZD�fq	:�~�t6�uY�x���(��Q��8����NPZ��eo����Q[aS��I>$YiL�.([	P���%U.T8�}zK/7�o���g�W�f$���C%{}9��঴@y�o�P���'�b��9Z-��S��k�6��1E�A[T�<; is not valid (left unmapped).
[  164.164558][T11464] 9pnet_fd: Insufficient options for proto=fd
[  164.194701][T11450] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.208511][T11462] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  164.226862][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.233807][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.242038][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.252427][T11453] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  164.265109][T11453] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  164.277128][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.283630][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.290193][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.298552][T11450] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.315479][T11462] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.328218][T11462] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.357058][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.364553][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.372298][T11453] dummy0 speed is unknown, defaulting to 1000
[  164.381771][T10849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.406687][T11485] netlink: 'syz.4.3051': attribute type 1 has an invalid length.
[  164.415527][T11450] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.445249][T11489] loop6: detected capacity change from 0 to 128
[  164.453500][T11489] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  164.461432][T11489] FAT-fs (loop6): Filesystem has been set read-only
[  164.468428][T11485] sch_fq: defrate 0 ignored.
[  164.471630][T11491] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3053'.
[  164.483148][T11489] bio_check_eod: 153209 callbacks suppressed
[  164.483160][T11489] syz.6.3054: attempt to access beyond end of device
[  164.483160][T11489] loop6: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  164.520741][T11489] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  164.528670][T11489] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  164.558575][T11489] syz.6.3054: attempt to access beyond end of device
[  164.558575][T11489] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  164.572424][T11489] syz.6.3054: attempt to access beyond end of device
[  164.572424][T11489] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  164.587226][T11495] syz.6.3054: attempt to access beyond end of device
[  164.587226][T11495] loop6: rw=0, sector=2065, nr_sectors = 1 limit=128
[  164.601559][T11495] syz.6.3054: attempt to access beyond end of device
[  164.601559][T11495] loop6: rw=0, sector=2066, nr_sectors = 1 limit=128
[  164.616566][T11450] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.634903][T11498] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3055'.
[  164.661055][T11495] syz.6.3054: attempt to access beyond end of device
[  164.661055][T11495] loop6: rw=0, sector=2067, nr_sectors = 1 limit=128
[  164.681555][T11495] syz.6.3054: attempt to access beyond end of device
[  164.681555][T11495] loop6: rw=0, sector=2068, nr_sectors = 1 limit=128
[  164.694981][T11495] syz.6.3054: attempt to access beyond end of device
[  164.694981][T11495] loop6: rw=0, sector=2069, nr_sectors = 1 limit=128
[  164.737656][T11514] 9pnet_fd: Insufficient options for proto=fd
[  164.742923][T11450] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.753313][T11495] syz.6.3054: attempt to access beyond end of device
[  164.753313][T11495] loop6: rw=0, sector=2070, nr_sectors = 1 limit=128
[  164.768201][T11495] syz.6.3054: attempt to access beyond end of device
[  164.768201][T11495] loop6: rw=0, sector=2071, nr_sectors = 1 limit=128
[  164.771816][T11450] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.889323][T11450] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.903851][T11450] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.180778][T11520] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11520 comm=syz.2.3059
[  165.230443][T11470] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.302314][T11470] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.360459][T11499] dummy0 speed is unknown, defaulting to 1000
[  165.411821][T11470] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.476896][T11543] loop6: detected capacity change from 0 to 512
[  165.494436][T11470] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.512708][T11543] vfat: Unknown parameter 'shortnahortname'
[  165.555742][T11499] chnl_net:caif_netlink_parms(): no params data found
[  165.658519][T11499] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.665864][T11499] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.695963][T11499] bridge_slave_0: entered allmulticast mode
[  165.711301][T11499] bridge_slave_0: entered promiscuous mode
[  165.729610][T11499] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.736758][T11499] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.752237][T11560] loop6: detected capacity change from 0 to 128
[  165.772292][T11560] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  165.780535][T11560] FAT-fs (loop6): Filesystem has been set read-only
[  165.791762][T11499] bridge_slave_1: entered allmulticast mode
[  165.798413][T11499] bridge_slave_1: entered promiscuous mode
[  165.812568][T11560] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  165.820490][T11560] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  165.828686][T11562] loop4: detected capacity change from 0 to 512
[  165.837589][T11563] buffer_io_error: 182494 callbacks suppressed
[  165.837602][T11563] Buffer I/O error on dev loop6, logical block 2065, async page read
[  165.859651][T11563] Buffer I/O error on dev loop6, logical block 2066, async page read
[  165.870244][T11562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.870414][T11499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  165.887209][T11563] Buffer I/O error on dev loop6, logical block 2067, async page read
[  165.893227][T11499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.907766][T11562] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  165.920752][T11563] Buffer I/O error on dev loop6, logical block 2068, async page read
[  165.930754][T11563] Buffer I/O error on dev loop6, logical block 2069, async page read
[  165.940058][T11563] Buffer I/O error on dev loop6, logical block 2070, async page read
[  165.948323][T11563] Buffer I/O error on dev loop6, logical block 2071, async page read
[  165.956503][T11563] Buffer I/O error on dev loop6, logical block 2072, async page read
[  165.964743][T11563] Buffer I/O error on dev loop6, logical block 2065, async page read
[  165.972882][T11563] Buffer I/O error on dev loop6, logical block 2066, async page read
[  165.977268][T11562] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.3072: iget: bad i_size value: 2533274857506816
[  166.000004][T11499] team0: Port device team_slave_0 added
[  166.006466][T11499] team0: Port device team_slave_1 added
[  166.023872][T11499] batman_adv: batadv0: Adding interface: batadv_slave_0
[  166.030921][T11499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  166.056908][T11499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  166.117089][T11499] batman_adv: batadv0: Adding interface: batadv_slave_1
[  166.124090][T11499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  166.150204][T11499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  166.194486][T11567] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.3072: iget: bad i_size value: 2533274857506816
[  166.276804][T11499] hsr_slave_0: entered promiscuous mode
[  166.288683][T11499] hsr_slave_1: entered promiscuous mode
[  166.314843][T11499] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  166.325586][T11499] Cannot create hsr debugfs directory
[  166.410547][T10849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.543367][T11580] loop4: detected capacity change from 0 to 512
[  166.570398][T11499] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.579684][T11580] EXT4-fs (loop4): orphan cleanup on readonly fs
[  166.594363][T11580] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3077: bg 0: block 248: padding at end of block bitmap is not set
[  166.612723][T11587] FAULT_INJECTION: forcing a failure.
[  166.612723][T11587] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.619357][T11580] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3077: Failed to acquire dquot type 1
[  166.625895][T11587] CPU: 0 UID: 0 PID: 11587 Comm: syz.2.3080 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  166.625958][T11587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.625972][T11587] Call Trace:
[  166.625980][T11587]  <TASK>
[  166.625988][T11587]  __dump_stack+0x1d/0x30
[  166.626011][T11587]  dump_stack_lvl+0xe8/0x140
[  166.626033][T11587]  dump_stack+0x15/0x1b
[  166.626052][T11587]  should_fail_ex+0x265/0x280
[  166.626107][T11587]  should_fail+0xb/0x20
[  166.626138][T11587]  should_fail_usercopy+0x1a/0x20
[  166.626175][T11587]  _copy_from_user+0x1c/0xb0
[  166.626197][T11587]  ___sys_sendmsg+0xc1/0x1d0
[  166.626306][T11587]  __x64_sys_sendmsg+0xd4/0x160
[  166.626346][T11587]  x64_sys_call+0x2999/0x2fb0
[  166.626371][T11587]  do_syscall_64+0xd2/0x200
[  166.626391][T11587]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  166.626445][T11587]  ? clear_bhb_loop+0x40/0x90
[  166.626470][T11587]  ? clear_bhb_loop+0x40/0x90
[  166.626494][T11587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.626532][T11587] RIP: 0033:0x7fdf7978e9a9
[  166.626548][T11587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.626636][T11587] RSP: 002b:00007fdf77df7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.626657][T11587] RAX: ffffffffffffffda RBX: 00007fdf799b5fa0 RCX: 00007fdf7978e9a9
[  166.626671][T11587] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[  166.626686][T11587] RBP: 00007fdf77df7090 R08: 0000000000000000 R09: 0000000000000000
[  166.626701][T11587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.626715][T11587] R13: 0000000000000000 R14: 00007fdf799b5fa0 R15: 00007ffd4c358cd8
[  166.626748][T11587]  </TASK>
[  166.678695][T11590] loop6: detected capacity change from 0 to 2048
[  166.711839][T11580] EXT4-fs (loop4): 1 truncate cleaned up
[  166.827533][T11499] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.838641][T11580] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  166.859337][T11590]  loop6: p1 < > p4
[  166.868225][T11590] loop6: p4 size 8388608 extends beyond EOD, truncated
[  166.900311][T11580] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  166.917496][T11598] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11598 comm=syz.6.3084
[  166.944600][T11580] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  166.972789][T10849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.045213][T11499] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.163091][T11499] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.167803][T11605] loop4: detected capacity change from 0 to 2048
[  167.222344][T11605]  loop4: p1 < > p4
[  167.228157][T11605] loop4: p4 size 8388608 extends beyond EOD, truncated
[  167.267994][T11499] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  167.279210][T11614] loop6: detected capacity change from 0 to 128
[  167.301270][T11499] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  167.310917][T11614] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  167.318772][T11614] FAT-fs (loop6): Filesystem has been set read-only
[  167.328022][T11499] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  167.334795][T11614] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  167.343617][T11614] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  167.353660][T11499] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  167.419066][T11628] loop4: detected capacity change from 0 to 128
[  167.431626][T11499] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.440124][T11628] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  167.448337][T11628] FAT-fs (loop4): Filesystem has been set read-only
[  167.455100][T11628] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  167.470445][T11499] 8021q: adding VLAN 0 to HW filter on device team0
[  167.500484][ T6326] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.507550][ T6326] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.524638][ T6323] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.531818][ T6323] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.659791][   T29] kauditd_printk_skb: 237 callbacks suppressed
[  167.659808][   T29] audit: type=1326 audit(2000000105.369:9653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11640 comm="syz.4.3099" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b7c78e9a9 code=0x0
[  167.754374][T11644] loop4: detected capacity change from 0 to 1024
[  167.766428][T11644] ext3: Bad value for 'errors'
[  167.777375][   T29] audit: type=1400 audit(2000000105.489:9654): avc:  denied  { write } for  pid=11640 comm="syz.4.3099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  167.814622][T11645] macvlan1: entered promiscuous mode
[  167.840998][T11645] ipvlan0: entered promiscuous mode
[  167.849614][   T29] audit: type=1326 audit(2000000105.519:9655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  167.873242][   T29] audit: type=1326 audit(2000000105.519:9656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  167.896748][   T29] audit: type=1326 audit(2000000105.519:9657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  167.920333][   T29] audit: type=1326 audit(2000000105.519:9658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  167.943882][   T29] audit: type=1326 audit(2000000105.519:9659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  167.967385][   T29] audit: type=1326 audit(2000000105.519:9660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  167.991178][   T29] audit: type=1326 audit(2000000105.519:9661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  168.014747][   T29] audit: type=1326 audit(2000000105.519:9662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11633 comm="syz.2.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdf7978e9a9 code=0x7ffc0000
[  168.035171][T11645] ipvlan0: left promiscuous mode
[  168.053276][T11645] macvlan1: left promiscuous mode
[  168.231273][T11499] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.329707][T11499] veth0_vlan: entered promiscuous mode
[  168.349525][T11499] veth1_vlan: entered promiscuous mode
[  168.385506][T11499] veth0_macvtap: entered promiscuous mode
[  168.396964][T11499] veth1_macvtap: entered promiscuous mode
[  168.410541][T11658] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  168.422966][T11499] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.451908][T11499] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.462318][T11499] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.471069][T11499] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.479794][T11499] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.488598][T11499] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.516014][T11660] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  168.571777][T11665] 9pnet_fd: Insufficient options for proto=fd
[  168.583551][T11667] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11667 comm=syz.6.3104
[  168.761605][T11684] FAULT_INJECTION: forcing a failure.
[  168.761605][T11684] name failslab, interval 1, probability 0, space 0, times 0
[  168.774387][T11684] CPU: 1 UID: 0 PID: 11684 Comm: syz.6.3110 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  168.774434][T11684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  168.774447][T11684] Call Trace:
[  168.774452][T11684]  <TASK>
[  168.774459][T11684]  __dump_stack+0x1d/0x30
[  168.774530][T11684]  dump_stack_lvl+0xe8/0x140
[  168.774550][T11684]  dump_stack+0x15/0x1b
[  168.774566][T11684]  should_fail_ex+0x265/0x280
[  168.774602][T11684]  should_failslab+0x8c/0xb0
[  168.774697][T11684]  __kmalloc_noprof+0xa5/0x3e0
[  168.774727][T11684]  ? nla_strdup+0x78/0xc0
[  168.774763][T11684]  nla_strdup+0x78/0xc0
[  168.774858][T11684]  nf_tables_newtable+0x3ba/0xea0
[  168.774903][T11684]  nfnetlink_rcv+0xb99/0x1690
[  168.775027][T11684]  netlink_unicast+0x5a8/0x680
[  168.775080][T11684]  netlink_sendmsg+0x58b/0x6b0
[  168.775117][T11684]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.775176][T11684]  __sock_sendmsg+0x145/0x180
[  168.775206][T11684]  ____sys_sendmsg+0x31e/0x4e0
[  168.775324][T11684]  ___sys_sendmsg+0x17b/0x1d0
[  168.775376][T11684]  __x64_sys_sendmsg+0xd4/0x160
[  168.775422][T11684]  x64_sys_call+0x2999/0x2fb0
[  168.775448][T11684]  do_syscall_64+0xd2/0x200
[  168.775470][T11684]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  168.775570][T11684]  ? clear_bhb_loop+0x40/0x90
[  168.775593][T11684]  ? clear_bhb_loop+0x40/0x90
[  168.775619][T11684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.775721][T11684] RIP: 0033:0x7fb4ce94e9a9
[  168.775739][T11684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.775760][T11684] RSP: 002b:00007fb4ccfb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  168.775782][T11684] RAX: ffffffffffffffda RBX: 00007fb4ceb75fa0 RCX: 00007fb4ce94e9a9
[  168.775799][T11684] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000005
[  168.775812][T11684] RBP: 00007fb4ccfb7090 R08: 0000000000000000 R09: 0000000000000000
[  168.775825][T11684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.775837][T11684] R13: 0000000000000000 R14: 00007fb4ceb75fa0 R15: 00007fffaceee3d8
[  168.775856][T11684]  </TASK>
[  168.838887][T11680] 9pnet: Could not find request transport: 0xffffffffffffffff
[  169.024730][T11690] Unsupported ieee802154 address type: 0
[  169.081535][T11696] loop6: detected capacity change from 0 to 128
[  169.096248][T11696] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  169.104248][T11696] FAT-fs (loop6): Filesystem has been set read-only
[  169.112311][T11696] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  169.120172][T11696] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100)
[  169.487744][T11696] bio_check_eod: 180112 callbacks suppressed
[  169.487762][T11696] syz.6.3113: attempt to access beyond end of device
[  169.487762][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.507891][T11696] syz.6.3113: attempt to access beyond end of device
[  169.507891][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.521484][T11696] syz.6.3113: attempt to access beyond end of device
[  169.521484][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.535048][T11696] syz.6.3113: attempt to access beyond end of device
[  169.535048][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.573000][T11699] tipc: Started in network mode
[  169.578234][T11699] tipc: Node identity 9a5238bb67f5, cluster identity 4711
[  169.585593][T11699] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  169.597988][T11696] syz.6.3113: attempt to access beyond end of device
[  169.597988][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.613706][T11696] syz.6.3113: attempt to access beyond end of device
[  169.613706][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.616658][T11703] 9pnet_fd: Insufficient options for proto=fd
[  169.634092][T11698] tipc: Disabling bearer <eth:syzkaller0>
[  169.640253][T11696] syz.6.3113: attempt to access beyond end of device
[  169.640253][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.660489][T11696] syz.6.3113: attempt to access beyond end of device
[  169.660489][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.674641][T11696] syz.6.3113: attempt to access beyond end of device
[  169.674641][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.688186][T11696] syz.6.3113: attempt to access beyond end of device
[  169.688186][T11696] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128
[  169.762783][T11709] FAULT_INJECTION: forcing a failure.
[  169.762783][T11709] name failslab, interval 1, probability 0, space 0, times 0
[  169.775499][T11709] CPU: 0 UID: 0 PID: 11709 Comm: syz.4.3119 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  169.775533][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.775605][T11709] Call Trace:
[  169.775612][T11709]  <TASK>
[  169.775620][T11709]  __dump_stack+0x1d/0x30
[  169.775644][T11709]  dump_stack_lvl+0xe8/0x140
[  169.775730][T11709]  dump_stack+0x15/0x1b
[  169.775750][T11709]  should_fail_ex+0x265/0x280
[  169.775823][T11709]  should_failslab+0x8c/0xb0
[  169.775850][T11709]  kmem_cache_alloc_node_noprof+0x57/0x320
[  169.775883][T11709]  ? __alloc_skb+0x101/0x320
[  169.775992][T11709]  __alloc_skb+0x101/0x320
[  169.776022][T11709]  netlink_alloc_large_skb+0xba/0xf0
[  169.776106][T11709]  netlink_sendmsg+0x3cf/0x6b0
[  169.776150][T11709]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.776173][T11709]  __sock_sendmsg+0x145/0x180
[  169.776202][T11709]  ____sys_sendmsg+0x31e/0x4e0
[  169.776237][T11709]  ___sys_sendmsg+0x17b/0x1d0
[  169.776301][T11709]  __x64_sys_sendmsg+0xd4/0x160
[  169.776346][T11709]  x64_sys_call+0x2999/0x2fb0
[  169.776369][T11709]  do_syscall_64+0xd2/0x200
[  169.776437][T11709]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  169.776465][T11709]  ? clear_bhb_loop+0x40/0x90
[  169.776487][T11709]  ? clear_bhb_loop+0x40/0x90
[  169.776514][T11709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.776564][T11709] RIP: 0033:0x7f5b7c78e9a9
[  169.776581][T11709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.776613][T11709] RSP: 002b:00007f5b7adef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.776631][T11709] RAX: ffffffffffffffda RBX: 00007f5b7c9b5fa0 RCX: 00007f5b7c78e9a9
[  169.776645][T11709] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  169.776660][T11709] RBP: 00007f5b7adef090 R08: 0000000000000000 R09: 0000000000000000
[  169.776675][T11709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.776710][T11709] R13: 0000000000000000 R14: 00007f5b7c9b5fa0 R15: 00007fff71af6738
[  169.776732][T11709]  </TASK>
[  170.090665][T11718] loop4: detected capacity change from 0 to 512
[  170.104876][T11719] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3123'.
[  170.125803][T11718] EXT4-fs (loop4): orphan cleanup on readonly fs
[  170.133122][T11718] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3124: bg 0: block 248: padding at end of block bitmap is not set
[  170.149736][T11718] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3124: Failed to acquire dquot type 1
[  170.183811][T11726] loop6: detected capacity change from 0 to 2048
[  170.191766][T11718] EXT4-fs (loop4): 1 truncate cleaned up
[  170.198331][T11718] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  170.215747][T11726]  loop6: p1 < > p4
[  170.220979][T11726] loop6: p4 size 8388608 extends beyond EOD, truncated
[  170.231655][T11718] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  170.255029][T11729] 9pnet_fd: Insufficient options for proto=fd
[  170.262506][T11718] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  170.314582][T10849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.400210][T11749] siw: device registration error -23
[  170.472130][T11753] loop6: detected capacity change from 0 to 512
[  170.480034][T11753] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  170.491670][T11753] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it
[  170.501781][T11753] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.3132: Corrupt directory, running e2fsck is recommended
[  170.523042][T11753] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  170.531710][T11753] EXT4-fs error (device loop6): ext4_iget_extra_inode:5035: inode #15: comm syz.6.3132: corrupted in-inode xattr: invalid ea_ino
[  170.547320][T11753] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.3132: couldn't read orphan inode 15 (err -117)
[  170.568030][T11753] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.588313][T11758] macvlan1: entered promiscuous mode
[  170.594522][T11758] ipvlan0: entered promiscuous mode
[  170.600407][T11758] ipvlan0: left promiscuous mode
[  170.607245][T11758] macvlan1: left promiscuous mode
[  170.625866][T11470] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.641249][T11470] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.657104][T11470] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.673594][T11470] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.693394][ T5035] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.714200][T11761] loop5: detected capacity change from 0 to 128
[  170.804287][T11762] netlink: 'syz.5.3137': attribute type 39 has an invalid length.
[  170.990344][T11764] 9pnet_fd: Insufficient options for proto=fd
[  171.246798][T11778] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11778 comm=syz.4.3145
[  171.284015][ T6735] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.335476][T11783] pimreg: entered allmulticast mode
[  171.363023][T11783] netlink: 'syz.6.3147': attribute type 10 has an invalid length.
[  171.415469][T11783] team0: Port device dummy0 added
[  171.426528][T11789] netlink: 'syz.6.3147': attribute type 10 has an invalid length.
[  171.447744][T11789] team0: Port device dummy0 removed
[  171.456008][T11789] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  171.504909][T11782] pimreg: left allmulticast mode
[  171.532314][T11795] loop4: detected capacity change from 0 to 128
[  171.544326][T11795] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  171.552261][T11795] FAT-fs (loop4): Filesystem has been set read-only
[  171.561020][T11795] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  171.568910][T11795] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  171.629117][T11795] buffer_io_error: 117558 callbacks suppressed
[  171.629133][T11795] Buffer I/O error on dev loop4, logical block 2065, async page read
[  171.644670][T11795] Buffer I/O error on dev loop4, logical block 2066, async page read
[  171.653598][T11795] Buffer I/O error on dev loop4, logical block 2067, async page read
[  171.663224][T11795] Buffer I/O error on dev loop4, logical block 2068, async page read
[  171.672210][T11795] Buffer I/O error on dev loop4, logical block 2069, async page read
[  171.681332][T11795] Buffer I/O error on dev loop4, logical block 2070, async page read
[  171.689637][T11795] Buffer I/O error on dev loop4, logical block 2071, async page read
[  171.698856][T11795] Buffer I/O error on dev loop4, logical block 2072, async page read
[  171.706994][T11802] Buffer I/O error on dev loop4, logical block 2065, async page read
[  171.715286][T11802] Buffer I/O error on dev loop4, logical block 2066, async page read
[  171.721860][T11807] hub 9-0:1.0: USB hub found
[  171.728727][T11807] hub 9-0:1.0: 8 ports detected
[  171.761130][T11807] netlink: 'syz.6.3157': attribute type 1 has an invalid length.
[  171.784685][T11807] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3157'.
[  171.806614][T11807] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[  171.816082][T11807] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[  171.842606][T11813] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3159'.
[  171.865594][T11814] sctp: [Deprecated]: syz.1.3159 (pid 11814) Use of int in max_burst socket option.
[  171.865594][T11814] Use struct sctp_assoc_value instead
[  171.886309][T11818] loop6: detected capacity change from 0 to 2048
[  171.958135][T11818]  loop6: p1 < > p4
[  171.962264][T11818] loop6: p4 size 8388608 extends beyond EOD, truncated
[  172.075096][T11831] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3166'.
[  172.086879][T11831] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  172.095648][T11831] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  172.104506][T11831] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  172.113252][T11831] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  172.125161][T11831] vxlan0: entered promiscuous mode
[  172.382087][T11852] loop4: detected capacity change from 0 to 1024
[  172.388929][T11852] EXT4-fs: Ignoring removed orlov option
[  172.397140][T11852] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.485213][T11852] ==================================================================
[  172.493335][T11852] BUG: KCSAN: data-race in filemap_read / filemap_read
[  172.500220][T11852] 
[  172.502543][T11852] write to 0xffff888101a7c9a8 of 8 bytes by task 11859 on cpu 0:
[  172.510265][T11852]  filemap_read+0x974/0xa00
[  172.514791][T11852]  generic_file_read_iter+0x79/0x330
[  172.520104][T11852]  ext4_file_read_iter+0x1cc/0x290
[  172.525222][T11852]  copy_splice_read+0x3c4/0x5f0
[  172.530084][T11852]  splice_direct_to_actor+0x290/0x680
[  172.535467][T11852]  do_splice_direct+0xda/0x150
[  172.540246][T11852]  do_sendfile+0x380/0x650
[  172.544675][T11852]  __x64_sys_sendfile64+0x105/0x150
[  172.549888][T11852]  x64_sys_call+0xb39/0x2fb0
[  172.554485][T11852]  do_syscall_64+0xd2/0x200
[  172.558998][T11852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.564887][T11852] 
[  172.567195][T11852] read to 0xffff888101a7c9a8 of 8 bytes by task 11852 on cpu 1:
[  172.574826][T11852]  filemap_read+0x6f/0xa00
[  172.579234][T11852]  generic_file_read_iter+0x79/0x330
[  172.584508][T11852]  ext4_file_read_iter+0x1cc/0x290
[  172.589603][T11852]  copy_splice_read+0x3c4/0x5f0
[  172.594437][T11852]  splice_direct_to_actor+0x290/0x680
[  172.599795][T11852]  do_splice_direct+0xda/0x150
[  172.604544][T11852]  do_sendfile+0x380/0x650
[  172.608945][T11852]  __x64_sys_sendfile64+0x105/0x150
[  172.614126][T11852]  x64_sys_call+0xb39/0x2fb0
[  172.618724][T11852]  do_syscall_64+0xd2/0x200
[  172.623239][T11852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.629120][T11852] 
[  172.631423][T11852] value changed: 0x000000000000018f -> 0x0000000000000190
[  172.638515][T11852] 
[  172.640831][T11852] Reported by Kernel Concurrency Sanitizer on:
[  172.646963][T11852] CPU: 1 UID: 0 PID: 11852 Comm: syz.4.3175 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
[  172.659441][T11852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.669477][T11852] ==================================================================
[  172.687589][   T29] kauditd_printk_skb: 258 callbacks suppressed
[  172.687605][   T29] audit: type=1326 audit(2000000110.389:9919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.719390][   T29] audit: type=1326 audit(2000000110.389:9920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.743117][   T29] audit: type=1326 audit(2000000110.399:9921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.766631][   T29] audit: type=1326 audit(2000000110.399:9922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.790214][   T29] audit: type=1326 audit(2000000110.399:9923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.813720][   T29] audit: type=1326 audit(2000000110.399:9924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.837194][   T29] audit: type=1326 audit(2000000110.399:9925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.860757][   T29] audit: type=1326 audit(2000000110.399:9926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.884223][   T29] audit: type=1326 audit(2000000110.399:9927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.907645][   T29] audit: type=1326 audit(2000000110.399:9928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11851 comm="syz.4.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7c78e9a9 code=0x7ffc0000
[  172.932212][T10849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.