last executing test programs:

14.692985443s ago: executing program 2 (id=2318):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r0}, 0x18)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000080)=0x2e9aa845)

14.62631628s ago: executing program 2 (id=2322):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
write(r0, &(0x7f00000000c0)="8f2a", 0x2)

14.571941576s ago: executing program 2 (id=2326):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)

14.553300457s ago: executing program 2 (id=2328):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r3=>0x0, &(0x7f0000000480)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f0000000640), 0x1, 0x451, &(0x7f00000001c0)="$eJzs28tvG0UYAPBv7SQlfZBQlUcfQKAgyitp0lJ64AICiQNISHAox5CkVanboCZItKqgRagcUSVOvSAuSEj8BZzggoATEle4I6QK5dLCyWhtb2O7thOnjhfq30/adGZ30vk+7449uxMHMLAm0h9JxPaI+C0ixqrVxgYT1X9urFyY+3vlwlwS5fKbfyWVdtdXLsxlTbPf25ZVhiIKnySxt0W/S+fOn5otlRbO1upTy6ffm1o6d/7Zk6dnTyycWDgzc/To4UPTzx+Zea4neaZ5Xd/z4eK+3a++feX1uWNX3vnpmyTLvymPHpnodPDxcrnH3eVrR105GcoxELpSrA7TGK6M/7EoxurJG4tXPs41OGBTlcvl8n3tD18sA3ewJPKOAMhH9kGf3v9mW5+mHv8J116s3gCled+obdUjQ1GotRluur/tpYmIOHbxny/SLTbnOQQAQIPv0vnPM63mf4Wofy50d20NZTwi7omInRFxJCJ2RcS9EZW290fEA13237xIcuv8pzC8ocTWKZ3/vVBb22qc/2Wzvxgv1mo7KvkPJ8dPlhYO1l6TAzG8Ja1Pd+jj+5d//azdsfr5X7ql/WdzwUvVOP4c2tL4O/Ozy7O3m3fm2qWIPUOt8k9urgQkEbE7IvZssI+TT329r92xTvmvqQfrTOUvI56onv+L0ZR/Jum8Pjl1V5QWDk5lV8Wtfv7l8hvt+r+t/HsgPf9bW17/N/MfT+rXa5e6+d+vPpn+vPz7p23vadbOv/X1P5K81bDvg9nl5bPTESPJa9Wg6/fPNLWbWW2f5n9gf+vxvzNWX4m9EZFexA9GxEMR8XAt9kci4tGI2N/hVfjxpcfe3Xj+myvNf76r879aGInmPa0LxVM/fNvQ6Xg3+afn/3CldKC2Zz3vf+uJq9urGQAAAP6vChGxPZLC5M1yoTA5Wf0b/l2xtVBaXFp++vji+2fmq98RGI/hQvaka6zueeh07bY+q8801Q/Vnht/Xhyt1CfnFkvzeScPA25bm/Gf+qOYtbqaY4TApvJ9LRhcxj8MLuMfBtZXC3lHAORkZbTF5/9oHpEA/ddq/v9RDnEA/dc0/ot5xQH0n+d/MLg2Mv69Z8CdoeNYHulfHEBfLY3G2l+SVxigwmjEui6JKOQeqsImFvJ+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiNfwMAAP//0YXoCg==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r6 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r5, r6, 0x0, 0x80000000007)
r7 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_int(r7, 0x1, 0xe, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000)
r8 = memfd_create(&(0x7f0000000080)=',\xea\x00', 0x4)
ftruncate(r8, 0x7000000)
preadv(r8, &(0x7f0000000000)=[{&(0x7f0000000380)=""/4090, 0xffa}], 0x1, 0xa, 0x203)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$pokeuser(0x6, r9, 0x388, 0xfffffffffffff341)
waitid(0x0, r9, 0x0, 0x80000000, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB='\x00'/12])
r10 = socket(0x10, 0x803, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r11=>r0, {0x80000000}}, './file0\x00'})
move_mount(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', r11, &(0x7f00000013c0)='./file0\x00', 0x131)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r11, 0x8933, &(0x7f00000006c0)={'batadv_slave_0\x00'})
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r10, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="000329bd7000ffdbdf250100000004000300580102802400018008000100080000000800010007000000080001000000000008000100070000002c000180080001000200000008000100060000000800010002000000080001000200000008000100080000003400018008000100010000000800010005000000080001000400000008000100060000000800010000000000080001000200000014000180080001000200000008000100010000001c000180080001000500000008000100010000000800010008000000140001800800010005000000080001000800000014000180080001000200000008000100080000002c000180080001000100000008000100060000000800010000000000080001000000000008000100010000004c000180080001000200000008000100020000000800010006000000080001000000000008000100070000000800010003000000080001000600000008000100080000000800010008000000"], 0x170}}, 0x34008081)
io_uring_enter(r2, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)

13.561153115s ago: executing program 2 (id=2348):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002801400038010"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

13.00051295s ago: executing program 2 (id=2354):
prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r0, 0x2284, 0x0)

13.00027847s ago: executing program 32 (id=2354):
prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r0, 0x2284, 0x0)

3.313368574s ago: executing program 0 (id=2468):
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000000)={'tunl0\x00', <r0=>0x0, 0x1, 0x80, 0x5, 0x4, {{0x9, 0x4, 0x1, 0x2, 0x24, 0x67, 0x0, 0x40, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x39}, {[@timestamp={0x44, 0x10, 0x9a, 0x0, 0x9, [0x4, 0x7, 0xfffffff7]}]}}}}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x200000000}, 0x18)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
write$tun(r2, 0x0, 0xfdef)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x22, 0x0, 0x0, 0x40f00, 0x3, '\x00', r0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/cpu_byteorder', 0x0, 0x134)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x180a0, 0x62c04}}, 0x20}}, 0x24)
fcntl$setlease(r3, 0x400, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r5}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

2.798934195s ago: executing program 0 (id=2476):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x400002, 0x0)
recvmsg(r1, &(0x7f0000000940)={&(0x7f0000000140)=@alg, 0x80, &(0x7f0000000880)=[{&(0x7f00000001c0)=""/170, 0xaa}, {&(0x7f0000000280)=""/142, 0x8e}, {&(0x7f0000000340)=""/241, 0xf1}, {0x0}, {0x0}, {&(0x7f0000000780)=""/232, 0xe8}], 0x6, &(0x7f0000000900)=""/20, 0x14}, 0x40000103)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x4000000)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYRESOCT=0x0], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
syz_open_procfs$namespace(r2, &(0x7f0000000040)='ns/pid_for_children\x00')
syz_clone3(&(0x7f0000000340)={0x20220080, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="1b00000000000000000000000080d359845299c43ab4022e1f02294797fea14419d0a2a1d405f5d165869aaacf7d86aaac4235d0d07fb92baf16656cb5b2ccceb1e336fadda5af2b3ae9efc92c8a177478e762a44f0e44d53c0e0c30d5d93aa703c508d07d42998a942539063c8e98dce4f0950e0327d9c7ed6c25b2a5820151f1c8de71f7e30446c0ae0c375b6fd738a93d3ff46a0fc11abbb1db3c4cfb1ef58d954d3f8aa03893539a21d94a7021730130373aab01b646a5c8f880b9d0906a6ffdbb12a5466a8685c2dd7c7415a01c5d0a05946e7c7558b82e2dd64d8c38573ffd713e7c993a7a6074180173b2e999f0173608c59350ad727cd604c55e0e51848248d4f906631c3c729322138bf6807ff2e9585134c90844133103cb28317a0252cc3f7d64ad6174681c94443df3a99b858c7f09"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x20000000, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0x8}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x1, 0xfffe, 0x5, 0x3, 0x1, 0x100}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044081}, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x18)
write$cgroup_int(r0, &(0x7f0000000040)=0x922, 0x12)

2.380135186s ago: executing program 1 (id=2485):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x112, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x1, @perf_config_ext={0xd, 0x3}, 0x12, 0x6, 0x7, 0x3, 0x4, 0x5, 0x0, 0x0, 0x2}, 0x0, 0x2000000000000000, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)
socket(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
setgroups(0x0, 0x0)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x20000001}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r11, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r6, &(0x7f00000001c0)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000007c0)=0x14)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r13, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r13], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x50, 0x5}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x8, 0x3}]}, 0x10)
writev(r3, &(0x7f0000000500)=[{&(0x7f0000000080)='\f', 0x1}], 0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='cpu>00\t&&')

2.000322933s ago: executing program 1 (id=2490):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057000000"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(0x0, r2)
r4 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000002c0)={0x74, r3, 0x20, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0xa6ff}, [@GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_MS_ADDRESS={0x8, 0x5, @empty}, @GTPA_NET_NS_FD={0x8, 0x7, r4}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_FAMILY={0x5, 0xd, 0x9}, @GTPA_MS_ADDR6={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_PEER_ADDR6={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x18}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
io_setup(0x2004, &(0x7f0000000680))
sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="58000000000905000000000000000000020000050900010073797a3000000000080005400000001c0c00048008000144fffffff7240002001400018008000100ac1414aa08000200e00000020c0002"], 0x58}, 0x1, 0x0, 0x0, 0x24000800}, 0x4040040)
socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)

1.686855574s ago: executing program 4 (id=2495):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x609e495c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0), 0x2, 0x0)
ioctl$F2FS_IOC_DECOMPRESS_FILE(r1, 0xf517, 0x0)
unshare(0x8000000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}], [@TCA_POLICE_RATE={0x404}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}], 0x1, 0x0)
unshare(0x2c040000)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x68, 0x2, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x3}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x6}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x5}]}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x3}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x30}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000880}, 0x24000088)

1.580333245s ago: executing program 4 (id=2496):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)

1.562134777s ago: executing program 4 (id=2497):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x60}]})

1.439417929s ago: executing program 4 (id=2499):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000001c0)=0x1081, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x18, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES16, @ANYBLOB="300bf8cf13802020de7be0c2d69b5b51a1df3362d253b4935b6feb6a58613d044dabf5d31c80263d49f89ad70a455986d3bdf603ac96cc7d0f0966c1d826cf9fa1488938895b16f83683844b789a85ee326b8573b773d7a5a5d77afe07d0a915c21b58ea217b3ef68ae4efd2d383b3757561b501d80da69283292f1049b7f1e67fcbecd3a4c65ed735737c88d229fdf2900164b7d88ce2d64f3fae009212d6d958ec8a82ac8f2e1188d120dff30cf89671", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112})
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x3c1, 0x3, 0x5f8, 0x3c0, 0xffffff80, 0x178, 0x0, 0x178, 0x528, 0x22b, 0x258, 0x528, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x398, 0x3c0, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {}, {0x9}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x80000000}, {0x870}, {}, {}, {}, {0x2, 0xfe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0xfc}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {0x0, 0x8a}]}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "e22e50439abb066265e088a63e13552b8b2fec412753ac647d17d2ebca69d17a9722bd2f5be411676d5993fb4cc74168209fb9f43b63bab2a88206d7dd8158d916b865d0f713f772c59ad6e6b572e9a6c498fb6459888a281e8c071a9a7229f9fe02cb8e9ba7637a2591a5367c770c87034734be6eda195ce135517efa85da52", 0x59}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x9}}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [0x0, 0xffffff00], 'veth1_to_bridge\x00', 'geneve1\x00', {0xff}}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@ah={{0x30}}, @inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x658)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000000)={'vlan0\x00', 0x400})
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'rose0\x00', <r7=>0x0})
r8 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000200), &(0x7f00000002c0)=0x10, 0x80800)
setsockopt$PNPIPE_HANDLE(r8, 0x113, 0x3, &(0x7f0000000340)=0x9, 0x4)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r7], 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv6_getaddrlabel={0x30, 0x4a, 0x1, 0x70bd2b, 0x77, {0xa, 0x0, 0x80, 0x0, 0x0, 0x7}, [@IFAL_ADDRESS={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x4000000)
pipe(&(0x7f0000000040))
io_setup(0x3ff, &(0x7f0000000500)=<r11=>0x0)
io_getevents(r11, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)

1.247794468s ago: executing program 3 (id=2502):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(0x0, r2)
r4 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000002c0)={0x88, r3, 0x20, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0xa6ff}, [@GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_MS_ADDRESS={0x8, 0x5, @empty}, @GTPA_NET_NS_FD={0x8, 0x7, r4}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_MS_ADDR6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x19}}, @GTPA_FAMILY={0x5, 0xd, 0x9}, @GTPA_MS_ADDR6={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_PEER_ADDR6={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x18}}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a0000000500"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r6}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
io_setup(0x2004, &(0x7f0000000680))
socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_procs(r7, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r7, 0x4c09, 0xd)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)

1.202937762s ago: executing program 5 (id=2503):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c)
write(r0, &(0x7f00000000c0)="8f2a", 0x2)

1.139293938s ago: executing program 0 (id=2504):
io_setup(0x3ff, &(0x7f0000000500)=<r0=>0x0)
io_getevents(r0, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
io_destroy(r0)

1.138687148s ago: executing program 5 (id=2505):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020a07b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a99985000000040000"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6f, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r0}, 0x18)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000080)=0x2e9aa845)

1.11922246s ago: executing program 5 (id=2506):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x9c}, {}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x2000}, {0x0, 0x10000, 0x0, 0x0, 0x400}, {}, {0x0, 0x400}, {}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x8001}, {}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0xfffffffc}, {}, {}, {}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {0x7}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xd5}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x800, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x5, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x5}, {}, {0xffffffff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {0x4}, {}, {0xa7}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, {0x0, 0x0, 0x1000}, {}, {0xd2, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1000000}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x10000000}, {}, {}, {}, {}, {0x523e}, {}, {0x4, 0x0, 0x0, 0x10}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {0x2}, {0x2}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCX25SENDCALLACCPT(0xffffffffffffffff, 0x89e9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef)

1.097926313s ago: executing program 3 (id=2507):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab", 0x8}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x8000000008}, 0x18)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21481e, &(0x7f0000000300), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[], 0x34c}}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
open$dir(&(0x7f0000000140)='./file1\x00', 0x18180, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]})
getrlimit(0x8, &(0x7f0000000b40))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="04000000040000000400000005", @ANYRESHEX=0x0], 0x48)
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCVJr/+0uvqr7X9HFGOhyiuvYc6A1VapVCoDnVeXK62uPrAEWLdisNc5AHoj/6BPn3/zV7uOwKbV6X703O0TtQegtNz3slfE49WF+ThIf8vzbTcNRcQ75d8/T1+xSuMQAADNvj2R9wRb+n+l2szIHxdvvJi+/yubQylFxL8jYmdE/CcidkXEfyNid0T8LyL+33L8YkRUFkh/qCVeT78+CVW41aWitpX2/17I5rYa/b95GSgVs9j2iLzDPHUoOyfD0T9w6sz01OEF0vju5Z8+7bSuuf+XvtL0875glo9bfS0DdJPjc+PLLnCL21cj9va1lj/pi0jqMwFJROyJiL1LOG6pKXzmmS/31SP987dbvPxVlbbzaF2YZ6p8EfF0rf7LMa/+Gykm8+Ynz42fnjo9dX6sPj85OhjTU4dG06vgUNs0fvjx2hud0l+0/F//0rrLK8e+OZm1rJVL639L0/Uf+fxto/ylJCKpz9fOLj2Naz9/0vGZZrnX/6bkrWo4fy79YHxu7sLhiE3Jaw8uH2vsm8fT9yjXyj98oH3735ntk56JRyIivYgfjYjHovaEmOZ9f0Q8EREHFij/9y89+d7yy7+60vJPttz/ajU/r/4b8/WdAkk2N9hmVfHs/pv3O9w8Hq7+j1ZDw9mS9ve/ZN4tolNO80+7dMmfKz57AAAAsD4UImJb01jStigURkZqY0C7YkthemZ27uCpmYvnJ9N1EaXoL+QjXbXx4P4kH/8sNcXHWuJHsnHjz4qbq/GRiZnpyZ6WHNhabfNJYSTi7WJT+0/92p0hZuDvzPe1YONaqP2nnfjd19cwM8CaevjP/xsfrmpGgDXX1P47fcO/vIz/+wLWAc//QMPiP/TjngHrX0Vbhg1tSe3/oB8BhH+SvnizHi70NCfAWtP/hw1p0e/1ryhQGWi/ajAe3DgGFz5gMZaXjc1t0upJIO1Z9ST1zcvZK/81hY7bRGFpBxyI7tTpqRWejfKF2dO7u37xV7L/le92DX61Ju20XaAntyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+ysAAP//+sDgnA==")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdbf, 0x0, 0x0, 0x0, 0x80}, 0x94)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10)

1.096518613s ago: executing program 1 (id=2508):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18)
r3 = dup(r1)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lstat(&(0x7f0000000380)='./file0\x00', 0x0)

1.075456844s ago: executing program 1 (id=2509):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x60}]})

1.055509697s ago: executing program 3 (id=2510):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000300000784"], 0x0, 0x5, 0x0, 0x0, 0x41100, 0x9}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
dup(r2)

1.036032309s ago: executing program 3 (id=2511):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580)={0xfffffffc, <r0=>0x0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYRES8=r0], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d80672e65a6a0a72e19c2b60bd6276fd8bb6366e9d1ed9a60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d10d1f600"})
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002801400038010"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

1.006707051s ago: executing program 0 (id=2512):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0x3, 0x288}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}})
io_uring_enter(r4, 0x3516, 0xddd3, 0x4, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
ptrace$setregset(0x4205, r0, 0x200, &(0x7f0000000100)={&(0x7f0000000480)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r7 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r7, 0x6, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x3, 0x2, 0x301, 0x0, 0x0, {0x3, 0x0, 0x2}, ["", "", "", ""]}, 0x14}}, 0x804)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68737200"], 0xfc}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
epoll_create1(0x0)

987.690313ms ago: executing program 3 (id=2513):
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000000)={'tunl0\x00', <r0=>0x0, 0x1, 0x80, 0x5, 0x4, {{0x9, 0x4, 0x1, 0x2, 0x24, 0x67, 0x0, 0x40, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x39}, {[@timestamp={0x44, 0x10, 0x9a, 0x0, 0x9, [0x4, 0x7, 0xfffffff7]}]}}}}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x200000000}, 0x18)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
write$tun(r2, 0x0, 0xfdef)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x22, 0x0, 0x0, 0x40f00, 0x3, '\x00', r0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/cpu_byteorder', 0x0, 0x134)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x180a0, 0x62c04}}, 0x20}}, 0x24)
fcntl$setlease(r3, 0x400, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r5}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

870.109145ms ago: executing program 1 (id=2514):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)

776.803964ms ago: executing program 1 (id=2515):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010", @ANYBLOB, @ANYRES32=0x0], 0x50)
io_setup(0x8, &(0x7f0000000180))
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
socket(0x10, 0x803, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r6, &(0x7f0000004200)='t', 0x1)
sendfile(r6, r5, 0x0, 0x3ffff)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000003c0)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xc7, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000036c0), 0x0, 0x2, 0x0)
sendfile(r6, r5, 0x0, 0x7ffff000)

689.341583ms ago: executing program 5 (id=2516):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c)
write(r0, &(0x7f00000000c0)="8f2a", 0x2)

652.154146ms ago: executing program 5 (id=2517):
r0 = epoll_create1(0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100000ffe00340003800c0001000ffe0000000000000c00010094040000000000000c00010000010000000000000c000100040000000000000008000500", @ANYRES32=r3], 0x80}}, 0x8000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', r3, 0x2f, 0x84, 0x2, 0xaf6, 0x4, @loopback, @loopback, 0x8000, 0x8, 0x1ff, 0x80000001}})
r4 = socket$unix(0x1, 0x1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f00000000c0)={0x20000013})
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r4, &(0x7f00000016c0)={0x40000001})

621.885099ms ago: executing program 3 (id=2518):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057000000"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(0x0, r2)
r4 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000002c0)={0x74, r3, 0x20, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0xa6ff}, [@GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_MS_ADDRESS={0x8, 0x5, @empty}, @GTPA_NET_NS_FD={0x8, 0x7, r4}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_FAMILY={0x5, 0xd, 0x9}, @GTPA_MS_ADDR6={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_PEER_ADDR6={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x18}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
io_setup(0x2004, &(0x7f0000000680))
sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="58000000000905000000000000000000020000050900010073797a3000000000080005400000001c0c00048008000144fffffff7240002001400018008000100ac1414aa08000200e00000020c0002"], 0x58}, 0x1, 0x0, 0x0, 0x24000800}, 0x4040040)
socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)

501.132691ms ago: executing program 5 (id=2519):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(0x0, r2)
r4 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000002c0)={0x88, r3, 0x20, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0xa6ff}, [@GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_MS_ADDRESS={0x8, 0x5, @empty}, @GTPA_NET_NS_FD={0x8, 0x7, r4}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_MS_ADDR6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x19}}, @GTPA_FAMILY={0x5, 0xd, 0x9}, @GTPA_MS_ADDR6={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}, @GTPA_PEER_ADDRESS={0x8, 0x4, @loopback}, @GTPA_PEER_ADDR6={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x18}}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a0000000500"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))
sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="58000000000905000000000000000000020000050900010073797a3000000000080005400000001c0c00048008000144fffffff7240002001400018008000100ac1414aa08000200e00000020c0002"], 0x58}, 0x1, 0x0, 0x0, 0x24000800}, 0x4040040)
socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_procs(r8, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r8, 0x4c09, 0xd)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)

288.232462ms ago: executing program 4 (id=2520):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18)
r3 = dup(r1)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lstat(&(0x7f0000000380)='./file0\x00', 0x0)

200.899401ms ago: executing program 4 (id=2521):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab", 0x8}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x8000000008}, 0x18)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21481e, &(0x7f0000000300), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[], 0x34c}}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
open$dir(&(0x7f0000000140)='./file1\x00', 0x18180, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]})
getrlimit(0x8, &(0x7f0000000b40))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="04000000040000000400000005", @ANYRESHEX=0x0], 0x48)
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCVJr/+0uvqr7X9HFGOhyiuvYc6A1VapVCoDnVeXK62uPrAEWLdisNc5AHoj/6BPn3/zV7uOwKbV6X703O0TtQegtNz3slfE49WF+ThIf8vzbTcNRcQ75d8/T1+xSuMQAADNvj2R9wRb+n+l2szIHxdvvJi+/yubQylFxL8jYmdE/CcidkXEfyNid0T8LyL+33L8YkRUFkh/qCVeT78+CVW41aWitpX2/17I5rYa/b95GSgVs9j2iLzDPHUoOyfD0T9w6sz01OEF0vju5Z8+7bSuuf+XvtL0875glo9bfS0DdJPjc+PLLnCL21cj9va1lj/pi0jqMwFJROyJiL1LOG6pKXzmmS/31SP987dbvPxVlbbzaF2YZ6p8EfF0rf7LMa/+Gykm8+Ynz42fnjo9dX6sPj85OhjTU4dG06vgUNs0fvjx2hud0l+0/F//0rrLK8e+OZm1rJVL639L0/Uf+fxto/ylJCKpz9fOLj2Naz9/0vGZZrnX/6bkrWo4fy79YHxu7sLhiE3Jaw8uH2vsm8fT9yjXyj98oH3735ntk56JRyIivYgfjYjHovaEmOZ9f0Q8EREHFij/9y89+d7yy7+60vJPttz/ajU/r/4b8/WdAkk2N9hmVfHs/pv3O9w8Hq7+j1ZDw9mS9ve/ZN4tolNO80+7dMmfKz57AAAAsD4UImJb01jStigURkZqY0C7YkthemZ27uCpmYvnJ9N1EaXoL+QjXbXx4P4kH/8sNcXHWuJHsnHjz4qbq/GRiZnpyZ6WHNhabfNJYSTi7WJT+0/92p0hZuDvzPe1YONaqP2nnfjd19cwM8CaevjP/xsfrmpGgDXX1P47fcO/vIz/+wLWAc//QMPiP/TjngHrX0Vbhg1tSe3/oB8BhH+SvnizHi70NCfAWtP/hw1p0e/1ryhQGWi/ajAe3DgGFz5gMZaXjc1t0upJIO1Z9ST1zcvZK/81hY7bRGFpBxyI7tTpqRWejfKF2dO7u37xV7L/le92DX61Ju20XaAntyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+ysAAP//+sDgnA==")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdbf, 0x0, 0x0, 0x0, 0x80}, 0x94)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10)

55.436185ms ago: executing program 0 (id=2522):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000300000784"], 0x0, 0x5, 0x0, 0x0, 0x41100, 0x9}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
dup(r2)

0s ago: executing program 0 (id=2523):
io_setup(0x3ff, &(0x7f0000000500)=<r0=>0x0)
io_getevents(r0, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)

kernel console output (not intermixed with test programs):

submit option
[  107.933903][ T7902] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  107.942372][ T7902] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  107.974806][ T7902] EXT4-fs (loop2): failed to initialize system zone (-117)
[  107.992371][ T7902] EXT4-fs (loop2): mount failed
[  108.039489][ T7912] __nla_validate_parse: 35 callbacks suppressed
[  108.039508][ T7912] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1742'.
[  108.078125][ T7916] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1741'.
[  108.087357][ T7916] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1741'.
[  108.099476][ T7914] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1744'.
[  108.108840][ T7916] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1741'.
[  108.112857][ T7918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1745'.
[  108.118174][ T7916] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1741'.
[  108.141998][ T7916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.142465][ T7914] 8021q: adding VLAN 0 to HW filter on device bond21
[  108.150706][ T7916] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.172061][ T7914] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1744'.
[  108.181114][ T7914] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1744'.
[  108.208704][ T7923] loop1: detected capacity change from 0 to 512
[  108.226041][ T7923] EXT4-fs (loop1): too many log groups per flexible block group
[  108.234697][ T7923] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  108.243729][ T7923] EXT4-fs (loop1): mount failed
[  108.251172][ T7923] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1746'.
[  108.266592][ T7923] loop1: detected capacity change from 0 to 512
[  108.283800][ T7923] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  108.324590][ T7923] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.1746: invalid block
[  108.339957][ T7923] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1746: invalid indirect mapped block 4294967295 (level 1)
[  108.366927][ T7923] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1746: invalid indirect mapped block 4294967295 (level 1)
[  108.381610][ T7923] EXT4-fs (loop1): 2 truncates cleaned up
[  108.387923][ T7923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.421039][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.552146][ T7949] loop3: detected capacity change from 0 to 512
[  108.564417][ T7949] EXT4-fs (loop3): too many log groups per flexible block group
[  108.572169][ T7949] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  108.579012][ T7949] EXT4-fs (loop3): mount failed
[  108.663609][ T7957] loop3: detected capacity change from 0 to 512
[  108.671286][ T7957] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1758: casefold flag without casefold feature
[  108.685745][ T7959] FAULT_INJECTION: forcing a failure.
[  108.685745][ T7959] name failslab, interval 1, probability 0, space 0, times 0
[  108.698432][ T7959] CPU: 0 UID: 0 PID: 7959 Comm: syz.0.1760 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  108.698466][ T7959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  108.698483][ T7959] Call Trace:
[  108.698492][ T7959]  <TASK>
[  108.698502][ T7959]  __dump_stack+0x1d/0x30
[  108.698524][ T7959]  dump_stack_lvl+0xe8/0x140
[  108.698543][ T7959]  dump_stack+0x15/0x1b
[  108.698559][ T7959]  should_fail_ex+0x265/0x280
[  108.698596][ T7959]  should_failslab+0x8c/0xb0
[  108.698629][ T7959]  kmem_cache_alloc_noprof+0x50/0x480
[  108.698662][ T7959]  ? vm_area_dup+0x33/0x2c0
[  108.698705][ T7961] loop1: detected capacity change from 0 to 512
[  108.698701][ T7959]  vm_area_dup+0x33/0x2c0
[  108.698755][ T7959]  __split_vma+0xe9/0x650
[  108.698788][ T7959]  ? mas_find+0x5d5/0x700
[  108.698821][ T7959]  vms_gather_munmap_vmas+0x2b2/0x7b0
[  108.698862][ T7959]  mmap_region+0x52b/0x1620
[  108.698899][ T7959]  ? __rcu_read_unlock+0x4f/0x70
[  108.698936][ T7959]  ? mntput_no_expire+0x6f/0x440
[  108.699014][ T7959]  do_mmap+0x9b3/0xbe0
[  108.699064][ T7959]  vm_mmap_pgoff+0x17a/0x2e0
[  108.699110][ T7959]  ksys_mmap_pgoff+0xc2/0x310
[  108.699153][ T7959]  ? __x64_sys_mmap+0x49/0x70
[  108.699186][ T7959]  x64_sys_call+0x14a3/0x3000
[  108.699231][ T7959]  do_syscall_64+0xd2/0x200
[  108.699265][ T7959]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  108.699304][ T7959]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  108.699334][ T7959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.699365][ T7959] RIP: 0033:0x7fa203e3eec9
[  108.699386][ T7959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.699413][ T7959] RSP: 002b:00007fa2028a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  108.699440][ T7959] RAX: ffffffffffffffda RBX: 00007fa204095fa0 RCX: 00007fa203e3eec9
[  108.699458][ T7959] RDX: 0000000003000003 RSI: 0000000000b36000 RDI: 0000200000000000
[  108.699476][ T7959] RBP: 00007fa2028a7090 R08: ffffffffffffffff R09: 0000000000000000
[  108.699494][ T7959] R10: 0000000004008032 R11: 0000000000000246 R12: 0000000000000001
[  108.699511][ T7959] R13: 00007fa204096038 R14: 00007fa204095fa0 R15: 00007ffea4008aa8
[  108.699539][ T7959]  </TASK>
[  108.708800][ T7957] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1758: couldn't read orphan inode 15 (err -117)
[  108.930449][ T7957] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.936454][ T7967] 9pnet_fd: Insufficient options for proto=fd
[  108.948252][ T7961] EXT4-fs (loop1): too many log groups per flexible block group
[  108.957356][ T7961] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  108.964296][ T7961] EXT4-fs (loop1): mount failed
[  108.972753][ T7957] loop9: detected capacity change from 0 to 7
[  108.979495][ T7957] Buffer I/O error on dev loop9, logical block 0, async page read
[  108.987661][ T7957] Buffer I/O error on dev loop9, logical block 0, async page read
[  108.995884][ T7957]  loop9: unable to read partition table
[  109.002295][ T7957] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  109.002295][ T7957] 
) failed (rc=-5)
[  109.030018][ T7961] loop1: detected capacity change from 0 to 512
[  109.042751][ T7961] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  109.064391][ T7961] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.1761: invalid block
[  109.092094][ T7961] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1761: invalid indirect mapped block 4294967295 (level 1)
[  109.114650][ T7985] loop2: detected capacity change from 0 to 512
[  109.123178][ T7961] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1761: invalid indirect mapped block 4294967295 (level 1)
[  109.137630][ T7961] EXT4-fs (loop1): 2 truncates cleaned up
[  109.144002][ T7961] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.148455][ T7985] EXT4-fs (loop2): too many log groups per flexible block group
[  109.173586][ T7985] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  109.184476][ T7985] EXT4-fs (loop2): mount failed
[  109.204107][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.233611][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.260476][ T7992] sd 0:0:1:0: device reset
[  109.277896][ T7994] lo speed is unknown, defaulting to 1000
[  109.479537][ T8009] loop1: detected capacity change from 0 to 512
[  109.504110][ T8009] EXT4-fs: Ignoring removed mblk_io_submit option
[  109.515474][ T8009] EXT4-fs: Ignoring removed nomblk_io_submit option
[  109.523382][ T8009] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  109.531946][ T8009] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  109.566946][ T8009] EXT4-fs (loop1): failed to initialize system zone (-117)
[  109.568632][ T8019] 8021q: adding VLAN 0 to HW filter on device bond17
[  109.597439][ T8009] EXT4-fs (loop1): mount failed
[  109.619443][ T8019] vlan2: entered allmulticast mode
[  109.624658][ T8019] bond17: entered allmulticast mode
[  109.681597][ T8032] lo speed is unknown, defaulting to 1000
[  109.794627][ T8039] validate_nla: 4 callbacks suppressed
[  109.794644][ T8039] netlink: 'syz.4.1791': attribute type 2 has an invalid length.
[  109.824903][ T8038] 8021q: adding VLAN 0 to HW filter on device bond23
[  109.880439][ T8038] vlan4: entered allmulticast mode
[  109.885762][ T8038] bond23: entered allmulticast mode
[  109.919573][ T8047] wireguard0: entered promiscuous mode
[  109.925311][ T8047] wireguard0: entered allmulticast mode
[  109.934485][ T8048] netlink: 'syz.4.1794': attribute type 1 has an invalid length.
[  109.950073][ T8048] 8021q: adding VLAN 0 to HW filter on device bond26
[  109.967359][ T8045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.980070][ T8045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  109.996747][ T8056] netlink: 'syz.4.1796': attribute type 5 has an invalid length.
[  110.006387][ T8045] bond0 (unregistering): Released all slaves
[  110.043694][ T8058] loop1: detected capacity change from 0 to 512
[  110.050617][ T8058] EXT4-fs: Ignoring removed mblk_io_submit option
[  110.061122][ T8058] EXT4-fs: Ignoring removed nomblk_io_submit option
[  110.068926][ T8058] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  110.077444][ T8058] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  110.105121][ T8058] EXT4-fs (loop1): failed to initialize system zone (-117)
[  110.112540][ T8058] EXT4-fs (loop1): mount failed
[  110.147348][ T8068] 8021q: adding VLAN 0 to HW filter on device bond13
[  110.160562][ T8068] vlan4: entered allmulticast mode
[  110.165780][ T8068] bond13: entered allmulticast mode
[  110.206878][ T8079] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  110.216733][ T8079] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.257774][ T8083] FAULT_INJECTION: forcing a failure.
[  110.257774][ T8083] name failslab, interval 1, probability 0, space 0, times 0
[  110.258555][ T8078] netlink: 'syz.2.1806': attribute type 1 has an invalid length.
[  110.270700][ T8083] CPU: 0 UID: 0 PID: 8083 Comm: syz.4.1805 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  110.270741][ T8083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  110.270841][ T8083] Call Trace:
[  110.270851][ T8083]  <TASK>
[  110.270862][ T8083]  __dump_stack+0x1d/0x30
[  110.270892][ T8083]  dump_stack_lvl+0xe8/0x140
[  110.270922][ T8083]  dump_stack+0x15/0x1b
[  110.270943][ T8083]  should_fail_ex+0x265/0x280
[  110.271057][ T8083]  should_failslab+0x8c/0xb0
[  110.271095][ T8083]  kmem_cache_alloc_noprof+0x50/0x480
[  110.271133][ T8083]  ? skb_clone+0x151/0x1f0
[  110.271193][ T8083]  skb_clone+0x151/0x1f0
[  110.271232][ T8083]  __netlink_deliver_tap+0x2c9/0x500
[  110.271279][ T8083]  netlink_unicast+0x66b/0x690
[  110.271397][ T8083]  netlink_sendmsg+0x58b/0x6b0
[  110.271439][ T8083]  ? __pfx_netlink_sendmsg+0x10/0x10
[  110.271541][ T8083]  __sock_sendmsg+0x145/0x180
[  110.271569][ T8083]  ____sys_sendmsg+0x31e/0x4e0
[  110.271614][ T8083]  ___sys_sendmsg+0x17b/0x1d0
[  110.271669][ T8083]  __x64_sys_sendmsg+0xd4/0x160
[  110.271792][ T8083]  x64_sys_call+0x191e/0x3000
[  110.271824][ T8083]  do_syscall_64+0xd2/0x200
[  110.271904][ T8083]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  110.271943][ T8083]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  110.271974][ T8083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.272004][ T8083] RIP: 0033:0x7fe39897eec9
[  110.272028][ T8083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.272109][ T8083] RSP: 002b:00007fe3973c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.272137][ T8083] RAX: ffffffffffffffda RBX: 00007fe398bd6090 RCX: 00007fe39897eec9
[  110.272209][ T8083] RDX: 0000000024040840 RSI: 00002000000001c0 RDI: 0000000000000003
[  110.272227][ T8083] RBP: 00007fe3973c6090 R08: 0000000000000000 R09: 0000000000000000
[  110.272245][ T8083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.272262][ T8083] R13: 00007fe398bd6128 R14: 00007fe398bd6090 R15: 00007fff35c21c08
[  110.272297][ T8083]  </TASK>
[  110.488909][ T8079] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  110.498745][ T8079] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.515578][ T8084] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.555653][ T8079] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  110.565617][ T8079] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.625006][ T8094] loop0: detected capacity change from 0 to 256
[  110.632245][ T8079] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  110.642295][ T8079] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.662009][ T8094] FAT-fs (loop0): Directory bread(block 64) failed
[  110.668865][ T8094] FAT-fs (loop0): Directory bread(block 65) failed
[  110.675678][ T8094] FAT-fs (loop0): Directory bread(block 66) failed
[  110.682383][ T8094] FAT-fs (loop0): Directory bread(block 67) failed
[  110.689270][ T8094] FAT-fs (loop0): Directory bread(block 68) failed
[  110.696164][ T8094] FAT-fs (loop0): Directory bread(block 69) failed
[  110.702862][ T8094] FAT-fs (loop0): Directory bread(block 70) failed
[  110.709658][ T8094] FAT-fs (loop0): Directory bread(block 71) failed
[  110.716423][ T8094] FAT-fs (loop0): Directory bread(block 72) failed
[  110.723291][ T8094] FAT-fs (loop0): Directory bread(block 73) failed
[  110.730420][   T60] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  110.738757][   T60] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.765058][   T60] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  110.770339][ T8101] loop3: detected capacity change from 0 to 512
[  110.773319][   T60] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.797678][   T60] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  110.805990][   T60] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.828100][ T8101] EXT4-fs: Ignoring removed mblk_io_submit option
[  110.838166][ T8101] EXT4-fs: Ignoring removed nomblk_io_submit option
[  110.847444][   T60] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  110.855870][   T60] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.867245][ T8101] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  110.875865][ T8101] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  110.924476][ T8101] EXT4-fs (loop3): failed to initialize system zone (-117)
[  110.931752][ T8101] EXT4-fs (loop3): mount failed
[  110.958169][ T8111] FAULT_INJECTION: forcing a failure.
[  110.958169][ T8111] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  110.971595][ T8111] CPU: 1 UID: 0 PID: 8111 Comm: syz.0.1817 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  110.971626][ T8111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  110.971643][ T8111] Call Trace:
[  110.971650][ T8111]  <TASK>
[  110.971659][ T8111]  __dump_stack+0x1d/0x30
[  110.971694][ T8111]  dump_stack_lvl+0xe8/0x140
[  110.971721][ T8111]  dump_stack+0x15/0x1b
[  110.971743][ T8111]  should_fail_ex+0x265/0x280
[  110.971789][ T8111]  should_fail_alloc_page+0xf2/0x100
[  110.971877][ T8111]  __alloc_frozen_pages_noprof+0xff/0x360
[  110.971927][ T8111]  alloc_pages_mpol+0xb3/0x260
[  110.972016][ T8111]  alloc_pages_noprof+0x90/0x130
[  110.972083][ T8111]  pte_alloc_one+0x1e/0xd0
[  110.972121][ T8111]  __do_fault+0x7b/0x200
[  110.972151][ T8111]  handle_mm_fault+0xf78/0x2be0
[  110.972181][ T8111]  ? mt_find+0x208/0x320
[  110.972227][ T8111]  do_user_addr_fault+0x3fe/0x1080
[  110.972266][ T8111]  exc_page_fault+0x62/0xa0
[  110.972374][ T8111]  asm_exc_page_fault+0x26/0x30
[  110.972406][ T8111] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  110.972501][ T8111] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 ff f8 01 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  110.972523][ T8111] RSP: 0018:ffffc900113c3c18 EFLAGS: 00050202
[  110.972541][ T8111] RAX: ffff888138d80aa0 RBX: 0000000000000044 RCX: 0000000000000044
[  110.972558][ T8111] RDX: 0000000000000001 RSI: 0000200000000280 RDI: ffffc900113c3cf0
[  110.972575][ T8111] RBP: ffffc900113c3d78 R08: 0000000000000508 R09: 0000000000000000
[  110.972592][ T8111] R10: 0001c900113c3cf0 R11: 0001c900113c3d33 R12: 0000000000000044
[  110.972609][ T8111] R13: 0000000000000000 R14: ffffc900113c3cf0 R15: 0000200000000280
[  110.972631][ T8111]  _copy_from_user+0x6f/0xb0
[  110.972697][ T8111]  do_ip_vs_set_ctl+0x1a1/0x8c0
[  110.972742][ T8111]  ? do_ip_setsockopt+0x1af3/0x2240
[  110.972834][ T8111]  nf_setsockopt+0x199/0x1b0
[  110.972928][ T8111]  ip_setsockopt+0x102/0x110
[  110.972963][ T8111]  sctp_setsockopt+0x113/0xe30
[  110.973004][ T8111]  sock_common_setsockopt+0x69/0x80
[  110.973062][ T8111]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  110.973109][ T8111]  __sys_setsockopt+0x184/0x200
[  110.973147][ T8111]  __x64_sys_setsockopt+0x64/0x80
[  110.973240][ T8111]  x64_sys_call+0x20ec/0x3000
[  110.973297][ T8111]  do_syscall_64+0xd2/0x200
[  110.973331][ T8111]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  110.973367][ T8111]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  110.973394][ T8111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.973426][ T8111] RIP: 0033:0x7fa203e3eec9
[  110.973446][ T8111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.973470][ T8111] RSP: 002b:00007fa2028a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  110.973494][ T8111] RAX: ffffffffffffffda RBX: 00007fa204095fa0 RCX: 00007fa203e3eec9
[  110.973509][ T8111] RDX: 0000000000000488 RSI: 0000000000000000 RDI: 0000000000000005
[  110.973525][ T8111] RBP: 00007fa2028a7090 R08: 0000000000000044 R09: 0000000000000000
[  110.973583][ T8111] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  110.973599][ T8111] R13: 00007fa204096038 R14: 00007fa204095fa0 R15: 00007ffea4008aa8
[  110.973625][ T8111]  </TASK>
[  111.393625][ T8115] tipc: Started in network mode
[  111.398580][ T8115] tipc: Node identity 92ea18fac3f4, cluster identity 4711
[  111.405880][ T8115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  111.423287][ T8121] FAULT_INJECTION: forcing a failure.
[  111.423287][ T8121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.436462][ T8121] CPU: 0 UID: 0 PID: 8121 Comm: syz.0.1821 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  111.436497][ T8121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  111.436513][ T8121] Call Trace:
[  111.436521][ T8121]  <TASK>
[  111.436531][ T8121]  __dump_stack+0x1d/0x30
[  111.436602][ T8121]  dump_stack_lvl+0xe8/0x140
[  111.436625][ T8121]  dump_stack+0x15/0x1b
[  111.436641][ T8121]  should_fail_ex+0x265/0x280
[  111.436675][ T8121]  should_fail+0xb/0x20
[  111.436785][ T8121]  should_fail_usercopy+0x1a/0x20
[  111.436812][ T8121]  _copy_to_user+0x20/0xa0
[  111.436893][ T8121]  simple_read_from_buffer+0xb5/0x130
[  111.436916][ T8121]  proc_fail_nth_read+0x10e/0x150
[  111.436956][ T8121]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  111.437056][ T8121]  vfs_read+0x1a8/0x770
[  111.437091][ T8121]  ? __rcu_read_unlock+0x4f/0x70
[  111.437120][ T8121]  ? __fget_files+0x184/0x1c0
[  111.437150][ T8121]  ksys_read+0xda/0x1a0
[  111.437182][ T8121]  __x64_sys_read+0x40/0x50
[  111.437334][ T8121]  x64_sys_call+0x27c0/0x3000
[  111.437363][ T8121]  do_syscall_64+0xd2/0x200
[  111.437394][ T8121]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  111.437420][ T8121]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  111.437524][ T8121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.437586][ T8121] RIP: 0033:0x7fa203e3d8dc
[  111.437627][ T8121] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  111.437652][ T8121] RSP: 002b:00007fa2028a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  111.437677][ T8121] RAX: ffffffffffffffda RBX: 00007fa204095fa0 RCX: 00007fa203e3d8dc
[  111.437699][ T8121] RDX: 000000000000000f RSI: 00007fa2028a70a0 RDI: 0000000000000004
[  111.437714][ T8121] RBP: 00007fa2028a7090 R08: 0000000000000000 R09: 0000000000000000
[  111.437795][ T8121] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  111.437811][ T8121] R13: 00007fa204096038 R14: 00007fa204095fa0 R15: 00007ffea4008aa8
[  111.437836][ T8121]  </TASK>
[  111.650744][   T37] tipc: Resetting bearer <eth:syzkaller0>
[  111.670022][ T8114] tipc: Resetting bearer <eth:syzkaller0>
[  111.684623][ T8114] tipc: Disabling bearer <eth:syzkaller0>
[  111.700464][   T29] kauditd_printk_skb: 512 callbacks suppressed
[  111.700557][   T29] audit: type=1400 audit(111.671:22306): avc:  denied  { write } for  pid=8128 comm="syz.0.1825" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  111.732969][ T8131] 8021q: adding VLAN 0 to HW filter on device bond18
[  111.746631][ T8131] vlan2: entered allmulticast mode
[  111.751821][ T8131] bond18: entered allmulticast mode
[  111.767390][ T8135] macvtap0: entered promiscuous mode
[  111.773749][ T8135] macvtap0: left promiscuous mode
[  111.789159][ T8142] sd 0:0:1:0: device reset
[  111.807793][   T29] audit: type=1326 audit(111.781:22307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.832823][   T29] audit: type=1326 audit(111.781:22308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.856329][   T29] audit: type=1326 audit(111.781:22309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.879341][   T29] audit: type=1326 audit(111.781:22310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.902869][   T29] audit: type=1326 audit(111.781:22311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.926581][   T29] audit: type=1326 audit(111.781:22312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.927570][ T8145] netlink: 'syz.1.1827': attribute type 1 has an invalid length.
[  111.949580][   T29] audit: type=1326 audit(111.781:22313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  111.949621][   T29] audit: type=1326 audit(111.781:22314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  112.003496][   T29] audit: type=1326 audit(111.781:22315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8143 comm="syz.3.1829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  112.035326][ T8145] 8021q: adding VLAN 0 to HW filter on device bond24
[  112.050559][ T8140] vlan4: entered allmulticast mode
[  112.055753][ T8140] bond24: entered allmulticast mode
[  112.109956][ T8157] loop4: detected capacity change from 0 to 512
[  112.116842][ T8160] loop2: detected capacity change from 0 to 512
[  112.145656][ T8157] 9pnet_fd: Insufficient options for proto=fd
[  112.154246][ T8160] EXT4-fs: Ignoring removed mblk_io_submit option
[  112.160737][ T8160] EXT4-fs: Ignoring removed nomblk_io_submit option
[  112.168539][ T8160] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  112.177092][ T8160] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  112.201446][ T8160] EXT4-fs (loop2): failed to initialize system zone (-117)
[  112.209123][ T8160] EXT4-fs (loop2): mount failed
[  112.227955][ T8170] 8021q: adding VLAN 0 to HW filter on device bond27
[  112.242361][ T8170] vlan2: entered allmulticast mode
[  112.247639][ T8170] bond27: entered allmulticast mode
[  112.446459][ T8181] netlink: 'syz.1.1843': attribute type 1 has an invalid length.
[  112.462584][ T8181] 8021q: adding VLAN 0 to HW filter on device bond25
[  112.551135][ T8189] netlink: 'syz.4.1845': attribute type 1 has an invalid length.
[  112.559320][ T8189] netlink: 'syz.4.1845': attribute type 2 has an invalid length.
[  112.687008][    T9] IPVS: starting estimator thread 0...
[  112.743510][ T8209] xt_CT: No such helper "snmp"
[  112.749164][ T8208] xt_CT: No such helper "snmp"
[  112.783450][ T8206] IPVS: using max 1968 ests per chain, 98400 per kthread
[  112.795736][ T8219] loop1: detected capacity change from 0 to 128
[  113.097218][ T8234] __nla_validate_parse: 30 callbacks suppressed
[  113.097239][ T8234] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1862'.
[  113.177581][ T8239] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1865'.
[  113.430905][ T8257] loop0: detected capacity change from 0 to 512
[  113.499164][ T8257] EXT4-fs (loop0): too many log groups per flexible block group
[  113.507076][ T8257] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  113.514597][ T8257] EXT4-fs (loop0): mount failed
[  113.649306][ T8273] FAULT_INJECTION: forcing a failure.
[  113.649306][ T8273] name failslab, interval 1, probability 0, space 0, times 0
[  113.662081][ T8273] CPU: 0 UID: 0 PID: 8273 Comm: syz.2.1879 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  113.662110][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  113.662124][ T8273] Call Trace:
[  113.662203][ T8273]  <TASK>
[  113.662211][ T8273]  __dump_stack+0x1d/0x30
[  113.662235][ T8273]  dump_stack_lvl+0xe8/0x140
[  113.662256][ T8273]  dump_stack+0x15/0x1b
[  113.662274][ T8273]  should_fail_ex+0x265/0x280
[  113.662310][ T8273]  should_failslab+0x8c/0xb0
[  113.662369][ T8273]  kmem_cache_alloc_noprof+0x50/0x480
[  113.662398][ T8273]  ? security_inode_alloc+0x37/0x100
[  113.662507][ T8273]  security_inode_alloc+0x37/0x100
[  113.662545][ T8273]  inode_init_always_gfp+0x4b7/0x500
[  113.662573][ T8273]  alloc_inode+0x58/0x170
[  113.662637][ T8273]  alloc_anon_inode+0x1e/0x170
[  113.662663][ T8273]  anon_inode_make_secure_inode+0x33/0xf0
[  113.662703][ T8273]  __se_sys_memfd_secret+0xcc/0x230
[  113.662744][ T8273]  __x64_sys_memfd_secret+0x1f/0x30
[  113.662844][ T8273]  x64_sys_call+0x2c85/0x3000
[  113.662868][ T8273]  do_syscall_64+0xd2/0x200
[  113.662894][ T8273]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  113.662931][ T8273]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  113.662953][ T8273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.662975][ T8273] RIP: 0033:0x7f0d4825eec9
[  113.663004][ T8273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.663027][ T8273] RSP: 002b:00007f0d46cbf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf
[  113.663048][ T8273] RAX: ffffffffffffffda RBX: 00007f0d484b5fa0 RCX: 00007f0d4825eec9
[  113.663137][ T8273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  113.663149][ T8273] RBP: 00007f0d46cbf090 R08: 0000000000000000 R09: 0000000000000000
[  113.663161][ T8273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.663173][ T8273] R13: 00007f0d484b6038 R14: 00007f0d484b5fa0 R15: 00007ffd7c45f648
[  113.663228][ T8273]  </TASK>
[  113.761032][ T8278] netlink: 'syz.1.1875': attribute type 1 has an invalid length.
[  113.761048][ T8278] netlink: 'syz.1.1875': attribute type 2 has an invalid length.
[  113.769847][ T8283] loop3: detected capacity change from 0 to 512
[  113.770213][ T8283] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.770252][ T8283] EXT4-fs: Ignoring removed nomblk_io_submit option
[  113.786544][ T8283] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  113.786570][ T8283] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  113.791859][ T8287] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1885'.
[  113.794665][ T8279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1880'.
[  113.794685][ T8279] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1880'.
[  113.794845][ T8279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1880'.
[  113.794939][ T8279] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1880'.
[  113.799390][ T8279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.799504][ T8279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.906617][ T8283] EXT4-fs (loop3): failed to initialize system zone (-117)
[  113.906659][ T8283] EXT4-fs (loop3): mount failed
[  114.064313][ T8302] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1890'.
[  114.217598][ T8299] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1890'.
[  114.239270][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1892'.
[  114.291660][ T8299] 8021q: adding VLAN 0 to HW filter on device bond14
[  114.322291][ T8302] vlan4: entered allmulticast mode
[  114.327535][ T8302] bond14: entered allmulticast mode
[  114.510016][ T8311] loop0: detected capacity change from 0 to 512
[  114.516964][ T8311] EXT4-fs: Ignoring removed mblk_io_submit option
[  114.523788][ T8311] EXT4-fs: Ignoring removed nomblk_io_submit option
[  114.536427][ T8311] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  114.545043][ T8311] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  114.607352][ T8311] EXT4-fs (loop0): failed to initialize system zone (-117)
[  114.614787][ T8311] EXT4-fs (loop0): mount failed
[  114.805128][ T8338] validate_nla: 4 callbacks suppressed
[  114.805143][ T8338] netlink: 'syz.2.1907': attribute type 1 has an invalid length.
[  114.818430][ T8338] netlink: 'syz.2.1907': attribute type 2 has an invalid length.
[  114.841003][ T8341] loop1: detected capacity change from 0 to 512
[  114.860324][ T8341] EXT4-fs: Ignoring removed nobh option
[  114.884201][ T8341] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal
[  114.921983][ T8341] SELinux:  Context system_u:object_r:tmpreaper_exec_t:s0 is not valid (left unmapped).
[  114.936252][ T8354] loop0: detected capacity change from 0 to 512
[  114.954927][ T8354] EXT4-fs (loop0): too many log groups per flexible block group
[  114.962744][ T8354] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  114.970205][ T8354] EXT4-fs (loop0): mount failed
[  114.994025][ T8358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.002995][ T8358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  115.116347][ T8364] netlink: 'syz.0.1917': attribute type 1 has an invalid length.
[  115.124210][ T8364] netlink: 'syz.0.1917': attribute type 2 has an invalid length.
[  115.156703][ T8366] sd 0:0:1:0: device reset
[  115.277033][ T8368] netlink: 'syz.4.1919': attribute type 1 has an invalid length.
[  115.453886][ T8373] netlink: 'syz.4.1921': attribute type 1 has an invalid length.
[  115.461687][ T8373] netlink: 'syz.4.1921': attribute type 2 has an invalid length.
[  115.745497][ T8395] loop4: detected capacity change from 0 to 512
[  115.772606][ T8395] EXT4-fs (loop4): too many log groups per flexible block group
[  115.783449][ T8395] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  115.801216][ T8395] EXT4-fs (loop4): mount failed
[  115.812723][ T8401] netlink: 'syz.3.1934': attribute type 1 has an invalid length.
[  115.821022][ T8401] netlink: 'syz.3.1934': attribute type 2 has an invalid length.
[  115.842155][ T8395] loop4: detected capacity change from 0 to 512
[  115.852789][ T8395] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  115.863990][ T8403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.872831][ T8403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  115.882015][ T8395] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.1932: invalid block
[  115.914827][ T8395] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1932: invalid indirect mapped block 4294967295 (level 1)
[  115.949971][ T8395] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1932: invalid indirect mapped block 4294967295 (level 1)
[  116.003449][ T8395] EXT4-fs (loop4): 2 truncates cleaned up
[  116.018747][ T8395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.037097][ T8409] loop3: detected capacity change from 0 to 512
[  116.068387][ T8409] EXT4-fs (loop3): too many log groups per flexible block group
[  116.081949][ T8409] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  116.103417][ T8409] EXT4-fs (loop3): mount failed
[  116.110478][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.134953][ T8413] sd 0:0:1:0: device reset
[  116.355649][ T8430] 9pnet_fd: Insufficient options for proto=fd
[  116.380344][ T8428] netlink: 'syz.3.1945': attribute type 1 has an invalid length.
[  116.432278][ T8434] lo speed is unknown, defaulting to 1000
[  116.464275][ T8435] 8021q: adding VLAN 0 to HW filter on device bond19
[  116.482831][ T8435] vlan2: entered allmulticast mode
[  116.488209][ T8435] bond19: entered allmulticast mode
[  116.863414][ T8464] sd 0:0:1:0: device reset
[  116.894188][   T29] kauditd_printk_skb: 1108 callbacks suppressed
[  116.894203][   T29] audit: type=1326 audit(116.871:23424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8461 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4825eec9 code=0x7ffc0000
[  116.923550][   T29] audit: type=1326 audit(116.871:23425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8461 comm="syz.2.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4825eec9 code=0x7ffc0000
[  116.966086][ T8473] loop3: detected capacity change from 0 to 4096
[  116.973029][   T29] audit: type=1326 audit(116.871:23426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  116.996038][   T29] audit: type=1326 audit(116.871:23427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.019143][   T29] audit: type=1326 audit(116.871:23428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.042258][   T29] audit: type=1326 audit(116.871:23429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.065175][   T29] audit: type=1326 audit(116.871:23430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.088091][   T29] audit: type=1326 audit(116.871:23431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.110988][   T29] audit: type=1326 audit(116.871:23432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.133881][   T29] audit: type=1326 audit(116.871:23433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8468 comm="syz.1.1961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  117.158686][ T8473] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.202964][ T8473] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.1960: corrupted inode contents
[  117.220005][ T8473] EXT4-fs error (device loop3): ext4_dirty_inode:6509: inode #15: comm syz.3.1960: mark_inode_dirty error
[  117.232533][ T8473] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.1960: corrupted inode contents
[  117.245248][ T8473] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.1960: mark_inode_dirty error
[  117.257181][ T8473] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.1960: corrupted inode contents
[  117.270563][ T8473] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.1960: mark_inode_dirty error
[  117.291965][ T8480] 8021q: adding VLAN 0 to HW filter on device bond26
[  117.304625][ T8480] vlan4: entered allmulticast mode
[  117.309818][ T8480] bond26: entered allmulticast mode
[  117.323573][ T8473] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.1960: corrupted inode contents
[  117.338050][ T8473] EXT4-fs error (device loop3): ext4_truncate:4637: inode #15: comm syz.3.1960: mark_inode_dirty error
[  117.349761][ T8473] EXT4-fs error (device loop3) in ext4_setattr:6042: Corrupt filesystem
[  117.423208][ T8481] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.1960: corrupted inode contents
[  117.545138][ T8493] 8021q: adding VLAN 0 to HW filter on device bond27
[  117.558959][ T8492] vlan4: entered allmulticast mode
[  117.564197][ T8492] bond27: entered allmulticast mode
[  117.672068][ T8496] sd 0:0:1:0: device reset
[  117.678483][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.712287][ T8499] 9pnet_fd: Insufficient options for proto=fd
[  117.742161][ T8506] bridge0: Device is already in use.
[  117.969494][ T8531] loop4: detected capacity change from 0 to 512
[  117.994558][ T8531] EXT4-fs (loop4): too many log groups per flexible block group
[  118.017826][ T8531] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  118.037111][ T8531] EXT4-fs (loop4): mount failed
[  118.075822][ T8531] loop4: detected capacity change from 0 to 512
[  118.084943][ T8531] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  118.100628][ T8531] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.1985: invalid block
[  118.123131][ T8531] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1985: invalid indirect mapped block 4294967295 (level 1)
[  118.137516][ T8531] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1985: invalid indirect mapped block 4294967295 (level 1)
[  118.151905][ T8531] EXT4-fs (loop4): 2 truncates cleaned up
[  118.160431][ T8531] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.189790][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.243971][ T8547] __nla_validate_parse: 31 callbacks suppressed
[  118.244130][ T8547] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1990'.
[  118.279456][ T8551] sd 0:0:1:0: device reset
[  118.509611][ T8555] loop3: detected capacity change from 0 to 512
[  118.530236][ T8555] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  118.687441][ T8567] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1999'.
[  118.707300][ T8567] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1999'.
[  118.722823][ T8567] 8021q: adding VLAN 0 to HW filter on device bond15
[  118.736986][ T8567] vlan4: entered allmulticast mode
[  118.742154][ T8567] bond15: entered allmulticast mode
[  118.750053][ T8569] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2000'.
[  118.759880][ T8569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2000'.
[  118.780045][ T8569] 8021q: adding VLAN 0 to HW filter on device bond28
[  118.797874][ T8569] vlan2: entered allmulticast mode
[  118.803048][ T8569] bond28: entered allmulticast mode
[  118.825008][ T8574] loop1: detected capacity change from 0 to 512
[  118.845812][ T8576] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2002'.
[  118.854913][ T8576] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2002'.
[  118.864390][ T8576] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2002'.
[  118.869843][ T8574] EXT4-fs (loop1): too many log groups per flexible block group
[  118.874501][ T8576] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2002'.
[  118.881366][ T8574] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  118.898006][ T8574] EXT4-fs (loop1): mount failed
[  118.923921][ T8576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.927526][ T8585] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2005'.
[  118.942354][ T8576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.956249][ T8574] loop1: detected capacity change from 0 to 512
[  118.971054][ T8574] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  118.983007][ T8574] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2001: invalid block
[  118.995507][ T8574] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2001: invalid indirect mapped block 4294967295 (level 1)
[  119.010338][ T8574] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2001: invalid indirect mapped block 4294967295 (level 1)
[  119.024937][ T8574] EXT4-fs (loop1): 2 truncates cleaned up
[  119.031571][ T8574] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.060681][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.102963][ T8596] ipvlan2: entered promiscuous mode
[  119.108749][ T8596] bridge0: port 3(ipvlan2) entered blocking state
[  119.110949][ T8597] loop0: detected capacity change from 0 to 512
[  119.115374][ T8596] bridge0: port 3(ipvlan2) entered disabled state
[  119.128373][ T8596] ipvlan2: entered allmulticast mode
[  119.133732][ T8596] bridge0: entered allmulticast mode
[  119.139684][ T8596] ipvlan2: left allmulticast mode
[  119.142678][ T8597] EXT4-fs: Ignoring removed mblk_io_submit option
[  119.144871][ T8596] bridge0: left allmulticast mode
[  119.151298][ T8597] EXT4-fs: Ignoring removed nomblk_io_submit option
[  119.164468][ T8597] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  119.172935][ T8597] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  119.184655][ T8597] EXT4-fs (loop0): failed to initialize system zone (-117)
[  119.192128][ T8597] EXT4-fs (loop0): mount failed
[  119.273692][ T8603] 8021q: adding VLAN 0 to HW filter on device bond22
[  119.301762][ T8613] 8021q: adding VLAN 0 to HW filter on device bond16
[  119.320142][ T8603] vlan3: entered allmulticast mode
[  119.325348][ T8603] bond22: entered allmulticast mode
[  119.360560][ T8606] vlan4: entered allmulticast mode
[  119.365768][ T8606] bond16: entered allmulticast mode
[  119.385525][ T8622] loop1: detected capacity change from 0 to 512
[  119.408484][ T8622] EXT4-fs (loop1): too many log groups per flexible block group
[  119.423926][ T8622] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  119.458708][ T8622] EXT4-fs (loop1): mount failed
[  119.490521][ T8622] loop1: detected capacity change from 0 to 512
[  119.516209][ T8622] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  119.594240][ T8622] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2019: invalid block
[  119.631908][ T8639] loop2: detected capacity change from 0 to 512
[  119.659805][ T8622] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2019: invalid indirect mapped block 4294967295 (level 1)
[  119.716367][ T8639] EXT4-fs (loop2): too many log groups per flexible block group
[  119.724903][ T8639] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  119.737811][ T8622] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2019: invalid indirect mapped block 4294967295 (level 1)
[  119.755227][ T8639] EXT4-fs (loop2): mount failed
[  119.769294][ T8622] EXT4-fs (loop1): 2 truncates cleaned up
[  119.778962][ T8622] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.856071][ T8647] 9pnet_fd: Insufficient options for proto=fd
[  119.884406][ T8652] loop2: detected capacity change from 0 to 512
[  119.891531][ T8652] EXT4-fs: Ignoring removed mblk_io_submit option
[  119.898201][ T8652] EXT4-fs: Ignoring removed nomblk_io_submit option
[  119.908193][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.917339][ T8652] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  119.925969][ T8652] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  119.944783][ T8652] EXT4-fs (loop2): failed to initialize system zone (-117)
[  119.952105][ T8652] EXT4-fs (loop2): mount failed
[  119.954994][ T8657] validate_nla: 17 callbacks suppressed
[  119.955013][ T8657] netlink: 'syz.0.2031': attribute type 1 has an invalid length.
[  119.977204][ T8658] loop1: detected capacity change from 0 to 512
[  119.991890][ T8653] 8021q: adding VLAN 0 to HW filter on device bond17
[  120.010817][ T8653] vlan4: entered allmulticast mode
[  120.016051][ T8653] bond17: entered allmulticast mode
[  120.023962][ T8658] EXT4-fs (loop1): too many log groups per flexible block group
[  120.032089][ T8658] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  120.039107][ T8658] EXT4-fs (loop1): mount failed
[  120.050619][ T8667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.059597][ T8667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.098075][ T8673] loop0: detected capacity change from 0 to 512
[  120.134711][ T8673] EXT4-fs (loop0): too many log groups per flexible block group
[  120.142547][ T8673] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  120.157612][ T8681] sd 0:0:1:0: device reset
[  120.160266][ T8673] EXT4-fs (loop0): mount failed
[  120.177895][ T8673] loop0: detected capacity change from 0 to 512
[  120.185446][ T8673] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  120.201514][ T8687] loop3: detected capacity change from 0 to 512
[  120.208419][ T8673] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.2038: invalid block
[  120.221406][ T8687] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.228141][ T8690] loop4: detected capacity change from 0 to 512
[  120.228246][ T8687] EXT4-fs: Ignoring removed nomblk_io_submit option
[  120.241226][ T8673] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2038: invalid indirect mapped block 4294967295 (level 1)
[  120.241599][ T8690] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.262134][ T8673] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2038: invalid indirect mapped block 4294967295 (level 1)
[  120.276509][ T8687] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  120.285119][ T8687] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  120.286910][ T8690] EXT4-fs: Ignoring removed nomblk_io_submit option
[  120.301514][ T8673] EXT4-fs (loop0): 2 truncates cleaned up
[  120.308102][ T8673] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.320967][ T8690] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  120.329552][ T8690] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  120.351556][ T8690] EXT4-fs (loop4): failed to initialize system zone (-117)
[  120.357165][ T8687] EXT4-fs (loop3): failed to initialize system zone (-117)
[  120.364094][ T8690] EXT4-fs (loop4): mount failed
[  120.371645][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.372707][ T8687] EXT4-fs (loop3): mount failed
[  120.396717][ T8698] vhci_hcd: invalid port number 254
[  120.453251][ T8705] bridge0: Device is already in use.
[  120.531923][ T8718] loop3: detected capacity change from 0 to 512
[  120.554855][ T8718] EXT4-fs (loop3): too many log groups per flexible block group
[  120.565945][ T8718] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  120.579114][ T8728] loop0: detected capacity change from 0 to 512
[  120.585561][ T8718] EXT4-fs (loop3): mount failed
[  120.601019][ T8728] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.640486][ T8728] EXT4-fs: Ignoring removed nomblk_io_submit option
[  120.657239][ T8728] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  120.665846][ T8728] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  120.680371][ T8738] bridge0: Device is already in use.
[  120.707474][ T8728] EXT4-fs (loop0): failed to initialize system zone (-117)
[  120.742918][ T8728] EXT4-fs (loop0): mount failed
[  120.789484][ T8758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.798407][ T8758] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.877421][ T8742] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  120.918286][ T8742] loop1: detected capacity change from 0 to 4096
[  120.943946][ T8742] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  120.955963][ T8742] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.044575][ T8769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.088270][ T8769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.275511][ T8777] sd 0:0:1:0: device reset
[  121.296357][ T8779] FAULT_INJECTION: forcing a failure.
[  121.296357][ T8779] name failslab, interval 1, probability 0, space 0, times 0
[  121.309161][ T8779] CPU: 0 UID: 0 PID: 8779 Comm: syz.2.2082 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  121.309204][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  121.309226][ T8779] Call Trace:
[  121.309234][ T8779]  <TASK>
[  121.309245][ T8779]  __dump_stack+0x1d/0x30
[  121.309276][ T8779]  dump_stack_lvl+0xe8/0x140
[  121.309316][ T8779]  dump_stack+0x15/0x1b
[  121.309337][ T8779]  should_fail_ex+0x265/0x280
[  121.309384][ T8779]  should_failslab+0x8c/0xb0
[  121.309415][ T8779]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  121.309446][ T8779]  ? __alloc_skb+0x101/0x320
[  121.309556][ T8779]  __alloc_skb+0x101/0x320
[  121.309577][ T8779]  ? audit_log_start+0x342/0x720
[  121.309599][ T8779]  audit_log_start+0x3a0/0x720
[  121.309625][ T8779]  ? kstrtouint+0x76/0xc0
[  121.309711][ T8779]  audit_seccomp+0x48/0x100
[  121.309751][ T8779]  ? __seccomp_filter+0x82d/0x1250
[  121.309827][ T8779]  __seccomp_filter+0x83e/0x1250
[  121.309854][ T8779]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  121.309887][ T8779]  ? vfs_write+0x7e8/0x960
[  121.309919][ T8779]  ? __rcu_read_unlock+0x4f/0x70
[  121.309944][ T8779]  ? __fget_files+0x184/0x1c0
[  121.309978][ T8779]  __secure_computing+0x82/0x150
[  121.310019][ T8779]  syscall_trace_enter+0xcf/0x1e0
[  121.310064][ T8779]  do_syscall_64+0xac/0x200
[  121.310095][ T8779]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  121.310247][ T8779]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  121.310273][ T8779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.310295][ T8779] RIP: 0033:0x7f0d4825eec9
[  121.310314][ T8779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.310337][ T8779] RSP: 002b:00007f0d46cbf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  121.310365][ T8779] RAX: ffffffffffffffda RBX: 00007f0d484b5fa0 RCX: 00007f0d4825eec9
[  121.310381][ T8779] RDX: 0000200000000400 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  121.310431][ T8779] RBP: 00007f0d46cbf090 R08: 0000000000000000 R09: 0000000000000000
[  121.310447][ T8779] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  121.310463][ T8779] R13: 00007f0d484b6038 R14: 00007f0d484b5fa0 R15: 00007ffd7c45f648
[  121.310488][ T8779]  </TASK>
[  121.568925][ T8787] sd 0:0:1:0: device reset
[  121.637402][ T8791] loop4: detected capacity change from 0 to 512
[  121.657382][ T8791] EXT4-fs (loop4): too many log groups per flexible block group
[  121.666079][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.675218][ T8791] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  121.682119][ T8791] EXT4-fs (loop4): mount failed
[  121.705323][ T8797] loop3: detected capacity change from 0 to 512
[  121.724745][ T8791] loop4: detected capacity change from 0 to 512
[  121.744031][ T8797] EXT4-fs: Ignoring removed mblk_io_submit option
[  121.750635][ T8797] EXT4-fs: Ignoring removed nomblk_io_submit option
[  121.757411][ T8791] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  121.824947][ T8791] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.2088: invalid block
[  121.837070][ T8797] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  121.845547][ T8797] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  121.861034][ T8791] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2088: invalid indirect mapped block 4294967295 (level 1)
[  121.890464][ T8791] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2088: invalid indirect mapped block 4294967295 (level 1)
[  121.913149][ T8810] macvlan1: entered promiscuous mode
[  121.919639][ T8791] EXT4-fs (loop4): 2 truncates cleaned up
[  121.926917][ T8791] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.940674][ T8797] EXT4-fs (loop3): failed to initialize system zone (-117)
[  121.950411][ T8810] ipvlan0: entered promiscuous mode
[  121.955778][ T8797] EXT4-fs (loop3): mount failed
[  121.956766][ T8810] ipvlan0: left promiscuous mode
[  121.965831][ T8815] sd 0:0:1:0: device reset
[  121.970309][   T29] kauditd_printk_skb: 954 callbacks suppressed
[  121.970315][ T8810] macvlan1: left promiscuous mode
[  121.970326][   T29] audit: type=1326 audit(121.951:24386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe39897d710 code=0x7ffc0000
[  122.004997][   T29] audit: type=1326 audit(121.951:24387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fe39897dc17 code=0x7ffc0000
[  122.027910][   T29] audit: type=1326 audit(121.951:24388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe39897d710 code=0x7ffc0000
[  122.050974][   T29] audit: type=1326 audit(121.951:24389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.074104][   T29] audit: type=1326 audit(121.951:24390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.097214][   T29] audit: type=1326 audit(121.951:24391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.120705][   T29] audit: type=1326 audit(121.951:24392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.143874][   T29] audit: type=1326 audit(121.951:24393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.166884][   T29] audit: type=1326 audit(121.951:24394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.189912][   T29] audit: type=1326 audit(121.951:24395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.4.2088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  122.202917][ T8816] netlink: 'syz.0.2097': attribute type 1 has an invalid length.
[  122.220799][ T8816] netlink: 'syz.0.2097': attribute type 2 has an invalid length.
[  122.317424][ T8819] 9pnet_fd: Insufficient options for proto=fd
[  122.357692][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.496051][ T8839] netlink: 'syz.0.2107': attribute type 1 has an invalid length.
[  122.526192][ T8839] 8021q: adding VLAN 0 to HW filter on device bond18
[  122.553787][ T8839] vlan4: entered allmulticast mode
[  122.559113][ T8839] bond18: entered allmulticast mode
[  122.565902][ T8851] sd 0:0:1:0: device reset
[  122.620939][ T8856] loop1: detected capacity change from 0 to 512
[  122.656336][ T8856] EXT4-fs (loop1): too many log groups per flexible block group
[  122.668231][ T8856] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  122.687903][ T8856] EXT4-fs (loop1): mount failed
[  122.722000][ T8856] loop1: detected capacity change from 0 to 512
[  122.730713][ T8872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.739847][ T8872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.749847][ T8856] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.764828][ T8856] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2114: invalid block
[  122.778841][ T8856] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2114: invalid indirect mapped block 4294967295 (level 1)
[  122.796727][ T8856] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2114: invalid indirect mapped block 4294967295 (level 1)
[  122.812703][ T8856] EXT4-fs (loop1): 2 truncates cleaned up
[  122.819242][ T8856] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.845567][ T8877] syzkaller0: entered promiscuous mode
[  122.851075][ T8877] syzkaller0: entered allmulticast mode
[  122.870502][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.893559][ T8881] loop1: detected capacity change from 0 to 512
[  122.908080][ T8883] sd 0:0:1:0: device reset
[  122.914750][ T8881] EXT4-fs (loop1): too many log groups per flexible block group
[  122.922518][ T8881] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  122.929992][ T8881] EXT4-fs (loop1): mount failed
[  122.971509][ T8889] 9pnet_fd: Insufficient options for proto=fd
[  122.999783][ T8891] netlink: 'syz.0.2129': attribute type 1 has an invalid length.
[  123.031054][ T8891] 8021q: adding VLAN 0 to HW filter on device bond19
[  123.045924][ T8891] vlan4: entered allmulticast mode
[  123.051276][ T8891] bond19: entered allmulticast mode
[  123.088572][ T8908] loop2: detected capacity change from 0 to 512
[  123.114610][ T8908] EXT4-fs (loop2): too many log groups per flexible block group
[  123.123801][ T8908] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  123.130639][ T8908] EXT4-fs (loop2): mount failed
[  123.152198][ T8913] sd 0:0:1:0: device reset
[  123.198345][ T8917] loop0: detected capacity change from 0 to 512
[  123.215690][ T8908] loop2: detected capacity change from 0 to 512
[  123.223068][ T8908] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  123.337787][ T8924] __nla_validate_parse: 52 callbacks suppressed
[  123.337804][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2141'.
[  123.343015][ T8917] EXT4-fs (loop0): too many log groups per flexible block group
[  123.363832][ T8917] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  123.381514][ T8908] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.2136: invalid block
[  123.397502][ T8917] EXT4-fs (loop0): mount failed
[  123.406202][ T8908] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2136: invalid indirect mapped block 4294967295 (level 1)
[  123.417860][ T8927] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2142'.
[  123.421751][ T8908] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2136: invalid indirect mapped block 4294967295 (level 1)
[  123.446657][ T8908] EXT4-fs (loop2): 2 truncates cleaned up
[  123.452752][ T8908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.524369][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.537038][ T8929] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2144'.
[  123.559811][ T8929] 8021q: adding VLAN 0 to HW filter on device bond29
[  123.577164][ T8929] vlan2: entered allmulticast mode
[  123.582375][ T8929] bond29: entered allmulticast mode
[  123.705910][ T8942] FAULT_INJECTION: forcing a failure.
[  123.705910][ T8942] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  123.719402][ T8942] CPU: 1 UID: 0 PID: 8942 Comm: syz.1.2149 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  123.719439][ T8942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  123.719456][ T8942] Call Trace:
[  123.719537][ T8942]  <TASK>
[  123.719548][ T8942]  __dump_stack+0x1d/0x30
[  123.719575][ T8942]  dump_stack_lvl+0xe8/0x140
[  123.719602][ T8942]  dump_stack+0x15/0x1b
[  123.719619][ T8942]  should_fail_ex+0x265/0x280
[  123.719728][ T8942]  should_fail_alloc_page+0xf2/0x100
[  123.719762][ T8942]  __alloc_frozen_pages_noprof+0xff/0x360
[  123.719802][ T8942]  alloc_pages_mpol+0xb3/0x260
[  123.719859][ T8942]  alloc_pages_noprof+0x90/0x130
[  123.719878][ T8942]  get_zeroed_page_noprof+0x1a/0x40
[  123.719957][ T8942]  simple_transaction_get+0x4c/0x130
[  123.719983][ T8942]  selinux_transaction_write+0x9d/0x110
[  123.720080][ T8942]  ? __pfx_selinux_transaction_write+0x10/0x10
[  123.720182][ T8942]  vfs_write+0x269/0x960
[  123.720211][ T8942]  ? __rcu_read_unlock+0x4f/0x70
[  123.720274][ T8942]  ? __fget_files+0x184/0x1c0
[  123.720308][ T8942]  ksys_write+0xda/0x1a0
[  123.720332][ T8942]  __x64_sys_write+0x40/0x50
[  123.720355][ T8942]  x64_sys_call+0x2802/0x3000
[  123.720385][ T8942]  do_syscall_64+0xd2/0x200
[  123.720416][ T8942]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  123.720452][ T8942]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  123.720515][ T8942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.720538][ T8942] RIP: 0033:0x7f13953eeec9
[  123.720554][ T8942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.720578][ T8942] RSP: 002b:00007f1393e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  123.720666][ T8942] RAX: ffffffffffffffda RBX: 00007f1395645fa0 RCX: 00007f13953eeec9
[  123.720683][ T8942] RDX: 000000000000001d RSI: 0000200000000340 RDI: 0000000000000003
[  123.720700][ T8942] RBP: 00007f1393e57090 R08: 0000000000000000 R09: 0000000000000000
[  123.720715][ T8942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.720727][ T8942] R13: 00007f1395646038 R14: 00007f1395645fa0 R15: 00007ffed6681c38
[  123.720747][ T8942]  </TASK>
[  123.746621][ T8945] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2151'.
[  123.784054][ T8946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2150'.
[  123.791562][ T8938] netlink: 'syz.0.2147': attribute type 1 has an invalid length.
[  123.839737][ T8946] netlink: 'syz.2.2150': attribute type 1 has an invalid length.
[  123.843295][ T8938] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2147'.
[  123.849457][ T8946] netlink: 'syz.2.2150': attribute type 2 has an invalid length.
[  123.856072][ T8950] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2147'.
[  123.994361][ T8945] netlink: 'syz.4.2151': attribute type 1 has an invalid length.
[  124.005008][ T8945] netlink: 'syz.4.2151': attribute type 2 has an invalid length.
[  124.012060][ T8950] 8021q: adding VLAN 0 to HW filter on device bond20
[  124.046050][ T8955] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2154'.
[  124.093764][ T8957] loop2: detected capacity change from 0 to 512
[  124.113230][ T8957] EXT4-fs (loop2): too many log groups per flexible block group
[  124.139450][ T8957] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  124.146687][ T8957] EXT4-fs (loop2): mount failed
[  124.159074][ T8967] sch_tbf: burst 2976 is lower than device lo mtu (65550) !
[  124.219115][ T8979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2165'.
[  124.276592][ T8985] lo speed is unknown, defaulting to 1000
[  124.357627][ T8996] loop2: detected capacity change from 0 to 512
[  124.377222][ T8998] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2174'.
[  124.405956][ T8998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  124.414996][ T8998] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  124.423961][ T8996] EXT4-fs (loop2): too many log groups per flexible block group
[  124.432967][ T8996] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  124.443922][ T8996] EXT4-fs (loop2): mount failed
[  124.516743][ T9010] sd 0:0:1:0: device reset
[  124.620233][ T9023] sd 0:0:1:0: device reset
[  124.807375][ T9046] 8021q: adding VLAN 0 to HW filter on device bond21
[  124.820308][ T9046] vlan4: entered allmulticast mode
[  124.825506][ T9046] bond21: entered allmulticast mode
[  124.834431][ T9058] loop4: detected capacity change from 0 to 512
[  124.854538][ T9058] EXT4-fs (loop4): too many log groups per flexible block group
[  124.862415][ T9058] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  124.869322][ T9058] EXT4-fs (loop4): mount failed
[  124.882888][ T9058] loop4: detected capacity change from 0 to 512
[  124.890337][ T9058] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  124.900516][ T9058] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.2199: invalid block
[  124.912980][ T9058] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2199: invalid indirect mapped block 4294967295 (level 1)
[  124.927357][ T9058] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2199: invalid indirect mapped block 4294967295 (level 1)
[  124.942157][ T9058] EXT4-fs (loop4): 2 truncates cleaned up
[  124.948838][ T9058] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.993671][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.004173][ T9066] validate_nla: 4 callbacks suppressed
[  125.004190][ T9066] netlink: 'syz.2.2201': attribute type 1 has an invalid length.
[  125.017671][ T9066] netlink: 'syz.2.2201': attribute type 2 has an invalid length.
[  125.144861][ T9084] netlink: 'syz.4.2209': attribute type 1 has an invalid length.
[  125.152881][ T9084] netlink: 'syz.4.2209': attribute type 2 has an invalid length.
[  125.186797][ T9087] netlink: 'syz.0.2211': attribute type 1 has an invalid length.
[  125.210591][ T9087] 8021q: adding VLAN 0 to HW filter on device bond22
[  125.224795][ T9087] vlan4: entered allmulticast mode
[  125.229988][ T9087] bond22: entered allmulticast mode
[  125.267136][ T9094] netlink: 'syz.3.2214': attribute type 1 has an invalid length.
[  125.295076][ T9106] netlink: 'syz.4.2218': attribute type 2 has an invalid length.
[  125.309208][ T9094] 8021q: adding VLAN 0 to HW filter on device bond23
[  125.331330][ T9094] vlan3: entered allmulticast mode
[  125.336573][ T9094] bond23: entered allmulticast mode
[  125.477832][ T9124] loop2: detected capacity change from 0 to 128
[  125.508107][ T9124] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  125.517119][ T9124] vhci_hcd: default hub control req: 6003 v00e2 i0002 l0
[  125.564253][ T9129] IPv6: Can't replace route, no match found
[  125.747473][ T9133] netlink: 'syz.1.2231': attribute type 1 has an invalid length.
[  125.765059][ T9133] 8021q: adding VLAN 0 to HW filter on device bond28
[  125.778572][ T9133] vlan4: entered allmulticast mode
[  125.783827][ T9133] bond28: entered allmulticast mode
[  125.871139][ T9137] loop1: detected capacity change from 0 to 512
[  125.894682][ T9137] EXT4-fs (loop1): too many log groups per flexible block group
[  125.902930][ T9137] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  125.911158][ T9137] EXT4-fs (loop1): mount failed
[  125.925338][ T9137] loop1: detected capacity change from 0 to 512
[  125.932681][ T9137] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  125.943588][ T9137] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2232: invalid block
[  125.955959][ T9137] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2232: invalid indirect mapped block 4294967295 (level 1)
[  125.970554][ T9137] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2232: invalid indirect mapped block 4294967295 (level 1)
[  125.988900][ T9137] EXT4-fs (loop1): 2 truncates cleaned up
[  125.995300][ T9137] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.024965][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.125715][ T9154] netlink: 'syz.1.2238': attribute type 27 has an invalid length.
[  126.152501][ T9156] loop1: detected capacity change from 0 to 128
[  126.274589][ T9164] loop1: detected capacity change from 0 to 512
[  126.285452][ T9164] EXT4-fs (loop1): too many log groups per flexible block group
[  126.298608][ T9164] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  126.306258][ T9164] EXT4-fs (loop1): mount failed
[  126.320453][ T9164] loop1: detected capacity change from 0 to 512
[  126.333847][ T9164] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  126.352542][ T9164] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2243: invalid block
[  126.366392][ T9164] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2243: invalid indirect mapped block 4294967295 (level 1)
[  126.381109][ T9164] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2243: invalid indirect mapped block 4294967295 (level 1)
[  126.395555][ T9164] EXT4-fs (loop1): 2 truncates cleaned up
[  126.401708][ T9164] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.432304][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.492643][ T9181] sd 0:0:1:0: device reset
[  126.519451][ T9184] loop1: detected capacity change from 0 to 512
[  126.526808][ T9184] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  126.536868][ T9184] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  126.552646][ T9184] loop1: detected capacity change from 0 to 512
[  126.561230][ T9184] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  126.574253][ T9184] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.2251: bad orphan inode 131083
[  126.585542][ T9184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.611381][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.773480][ T9200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  126.782150][ T9200] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  126.795847][ T9201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  126.804346][ T9201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  127.183957][   T29] kauditd_printk_skb: 947 callbacks suppressed
[  127.183974][   T29] audit: type=1326 audit(127.151:25343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.232844][   T29] audit: type=1326 audit(127.201:25344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.256139][   T29] audit: type=1326 audit(127.201:25345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.279396][   T29] audit: type=1326 audit(127.201:25346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.309000][   T29] audit: type=1326 audit(127.281:25347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.332672][   T29] audit: type=1326 audit(127.281:25348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.355806][   T29] audit: type=1326 audit(127.281:25349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.424774][   T29] audit: type=1326 audit(127.341:25350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.449001][   T29] audit: type=1326 audit(127.341:25351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.458343][ T9227] sd 0:0:1:0: device reset
[  127.472078][   T29] audit: type=1326 audit(127.341:25352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9215 comm="syz.0.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa203e3eec9 code=0x7ffc0000
[  127.546363][ T9230] loop1: detected capacity change from 0 to 4096
[  127.579066][ T9230] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.609625][ T9230] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #15: comm syz.1.2271: corrupted inode contents
[  127.622403][ T9230] EXT4-fs error (device loop1): ext4_dirty_inode:6509: inode #15: comm syz.1.2271: mark_inode_dirty error
[  127.634305][ T9230] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #15: comm syz.1.2271: corrupted inode contents
[  127.646549][ T9230] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #15: comm syz.1.2271: mark_inode_dirty error
[  127.658014][ T9230] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #15: comm syz.1.2271: corrupted inode contents
[  127.676524][ T9230] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #15: comm syz.1.2271: mark_inode_dirty error
[  127.693449][ T9230] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #15: comm syz.1.2271: corrupted inode contents
[  127.724044][ T9230] EXT4-fs error (device loop1): ext4_truncate:4637: inode #15: comm syz.1.2271: mark_inode_dirty error
[  127.764116][ T9230] EXT4-fs error (device loop1) in ext4_setattr:6042: Corrupt filesystem
[  127.800867][ T9256] sd 0:0:1:0: device reset
[  127.818882][ T9258] netlink: 'syz.4.2280': attribute type 1 has an invalid length.
[  127.827775][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.881507][ T9267] loop2: detected capacity change from 0 to 128
[  127.933696][ T9265] 8021q: adding VLAN 0 to HW filter on device bond29
[  127.935336][ T9276] FAULT_INJECTION: forcing a failure.
[  127.935336][ T9276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  127.953705][ T9265] vlan4: entered allmulticast mode
[  127.954037][ T9276] CPU: 0 UID: 0 PID: 9276 Comm: syz.4.2291 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  127.954077][ T9276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  127.954095][ T9276] Call Trace:
[  127.954127][ T9276]  <TASK>
[  127.954137][ T9276]  __dump_stack+0x1d/0x30
[  127.954203][ T9276]  dump_stack_lvl+0xe8/0x140
[  127.954281][ T9276]  dump_stack+0x15/0x1b
[  127.954305][ T9276]  should_fail_ex+0x265/0x280
[  127.954353][ T9276]  should_fail+0xb/0x20
[  127.954397][ T9276]  should_fail_usercopy+0x1a/0x20
[  127.954491][ T9276]  _copy_from_user+0x1c/0xb0
[  127.954526][ T9276]  ucma_set_option+0x54/0x7f0
[  127.954563][ T9276]  ? path_openat+0x1bf8/0x2170
[  127.954591][ T9276]  ? _parse_integer_limit+0x170/0x190
[  127.954700][ T9276]  ? iovec_from_user+0x179/0x210
[  127.954738][ T9276]  ? __import_iovec+0x321/0x540
[  127.954786][ T9276]  ? should_fail_ex+0xdb/0x280
[  127.954835][ T9276]  ucma_write+0x1b3/0x250
[  127.954941][ T9276]  vfs_writev+0x403/0x8b0
[  127.954981][ T9276]  ? __pfx_ucma_write+0x10/0x10
[  127.955026][ T9276]  do_writev+0xe7/0x210
[  127.955069][ T9276]  __x64_sys_writev+0x45/0x50
[  127.955160][ T9276]  x64_sys_call+0x1e9a/0x3000
[  127.955191][ T9276]  do_syscall_64+0xd2/0x200
[  127.955224][ T9276]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  127.955271][ T9276]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  127.955300][ T9276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.955330][ T9276] RIP: 0033:0x7fe39897eec9
[  127.955355][ T9276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.955381][ T9276] RSP: 002b:00007fe3973e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  127.955408][ T9276] RAX: ffffffffffffffda RBX: 00007fe398bd5fa0 RCX: 00007fe39897eec9
[  127.955426][ T9276] RDX: 0000000000000003 RSI: 0000200000000000 RDI: 0000000000000006
[  127.955444][ T9276] RBP: 00007fe3973e7090 R08: 0000000000000000 R09: 0000000000000000
[  127.955466][ T9276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.955483][ T9276] R13: 00007fe398bd6038 R14: 00007fe398bd5fa0 R15: 00007fff35c21c08
[  127.955514][ T9276]  </TASK>
[  128.174088][ T9265] bond29: entered allmulticast mode
[  128.219329][ T9290] loop3: detected capacity change from 0 to 512
[  128.230671][ T9285] lo speed is unknown, defaulting to 1000
[  128.255745][ T9290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.309423][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.417763][ T9300] __nla_validate_parse: 39 callbacks suppressed
[  128.417779][ T9300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2300'.
[  128.443698][ T9304] loop2: detected capacity change from 0 to 128
[  128.680058][ T9324] loop2: detected capacity change from 0 to 512
[  128.696236][ T9321] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2308'.
[  128.706999][ T9324] EXT4-fs: Ignoring removed mblk_io_submit option
[  128.713973][ T9321] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2308'.
[  128.737368][ T9324] EXT4-fs (loop2): failed to initialize system zone (-117)
[  128.751731][ T9321] 8021q: adding VLAN 0 to HW filter on device bond24
[  128.758645][ T9324] EXT4-fs (loop2): mount failed
[  128.782583][ T9324] 8021q: adding VLAN 0 to HW filter on device bond20
[  128.794716][ T9321] vlan3: entered allmulticast mode
[  128.799888][ T9321] bond24: entered allmulticast mode
[  128.819316][ T9324] bond20: (slave bridge1): making interface the new active one
[  128.829990][ T9324] bond20: (slave bridge1): Enslaving as an active interface with an up link
[  128.846185][ T9324] bond20: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  129.017699][ T9338] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2315'.
[  129.246271][ T9359] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2325'.
[  129.255505][ T9357] loop3: detected capacity change from 0 to 4096
[  129.259683][ T9361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2326'.
[  129.280194][ T9357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.301632][ T9357] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.2323: corrupted inode contents
[  129.315117][ T9357] EXT4-fs error (device loop3): ext4_dirty_inode:6509: inode #15: comm syz.3.2323: mark_inode_dirty error
[  129.318213][ T9365] loop2: detected capacity change from 0 to 512
[  129.333279][ T9357] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.2323: corrupted inode contents
[  129.345676][ T9357] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.2323: mark_inode_dirty error
[  129.348055][ T9365] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  129.359296][ T9357] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.2323: corrupted inode contents
[  129.379502][ T9357] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.2323: mark_inode_dirty error
[  129.391342][ T9357] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #15: comm syz.3.2323: corrupted inode contents
[  129.403586][ T9357] EXT4-fs error (device loop3): ext4_truncate:4637: inode #15: comm syz.3.2323: mark_inode_dirty error
[  129.415169][ T9357] EXT4-fs error (device loop3) in ext4_setattr:6042: Corrupt filesystem
[  129.424602][ T9365] EXT4-fs (loop2): 1 truncate cleaned up
[  129.431223][ T9369] FAULT_INJECTION: forcing a failure.
[  129.431223][ T9369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.433378][ T9365] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.444347][ T9369] CPU: 0 UID: 0 PID: 9369 Comm: syz.1.2329 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  129.444374][ T9369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  129.444432][ T9369] Call Trace:
[  129.444442][ T9369]  <TASK>
[  129.444469][ T9369]  __dump_stack+0x1d/0x30
[  129.444502][ T9369]  dump_stack_lvl+0xe8/0x140
[  129.444530][ T9369]  dump_stack+0x15/0x1b
[  129.444555][ T9369]  should_fail_ex+0x265/0x280
[  129.444682][ T9369]  should_fail+0xb/0x20
[  129.444725][ T9369]  should_fail_usercopy+0x1a/0x20
[  129.444754][ T9369]  strncpy_from_user+0x25/0x230
[  129.444862][ T9369]  ? kmem_cache_alloc_noprof+0x242/0x480
[  129.444899][ T9369]  ? getname_flags+0x80/0x3b0
[  129.444942][ T9369]  getname_flags+0xae/0x3b0
[  129.445054][ T9369]  user_path_at+0x28/0x130
[  129.445180][ T9369]  bpf_obj_get_user+0x66/0x300
[  129.445218][ T9369]  bpf_obj_get+0xed/0x100
[  129.445242][ T9369]  __sys_bpf+0x5dc/0x7c0
[  129.445304][ T9369]  __x64_sys_bpf+0x41/0x50
[  129.445345][ T9369]  x64_sys_call+0x2aee/0x3000
[  129.445375][ T9369]  do_syscall_64+0xd2/0x200
[  129.445408][ T9369]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  129.445610][ T9369]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  129.445689][ T9369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.445715][ T9369] RIP: 0033:0x7f13953eeec9
[  129.445732][ T9369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.445753][ T9369] RSP: 002b:00007f1393e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  129.445836][ T9369] RAX: ffffffffffffffda RBX: 00007f1395645fa0 RCX: 00007f13953eeec9
[  129.445854][ T9369] RDX: 0000000000000018 RSI: 0000200000000140 RDI: 0000000000000007
[  129.445872][ T9369] RBP: 00007f1393e57090 R08: 0000000000000000 R09: 0000000000000000
[  129.445891][ T9369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.445909][ T9369] R13: 00007f1395646038 R14: 00007f1395645fa0 R15: 00007ffed6681c38
[  129.445938][ T9369]  </TASK>
[  129.480537][ T9372] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2331'.
[  129.577937][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.632685][ T9381] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2334'.
[  129.692203][ T9381] veth3: entered allmulticast mode
[  129.776315][ T9388] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2335'.
[  129.797149][ T9395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.817340][ T9395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.859009][ T9405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2344'.
[  129.891354][ T9407] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  129.901080][ T9407] bridge_slave_1: left allmulticast mode
[  129.906842][ T9407] bridge_slave_1: left promiscuous mode
[  129.912710][ T9407] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.920888][ T9407] bridge_slave_0: left allmulticast mode
[  129.927099][ T9407] bridge_slave_0: left promiscuous mode
[  129.933004][ T9407] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.946267][ T9407] bond0: (slave bridge0): Releasing backup interface
[  129.956877][ T9410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9410 comm=syz.1.2345
[  130.061144][ T9412] FAULT_INJECTION: forcing a failure.
[  130.061144][ T9412] name failslab, interval 1, probability 0, space 0, times 0
[  130.074118][ T9412] CPU: 0 UID: 0 PID: 9412 Comm: syz.1.2346 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  130.074147][ T9412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  130.074160][ T9412] Call Trace:
[  130.074167][ T9412]  <TASK>
[  130.074175][ T9412]  __dump_stack+0x1d/0x30
[  130.074215][ T9412]  dump_stack_lvl+0xe8/0x140
[  130.074235][ T9412]  dump_stack+0x15/0x1b
[  130.074252][ T9412]  should_fail_ex+0x265/0x280
[  130.074352][ T9412]  ? alloc_bprm+0x5c/0x350
[  130.074372][ T9412]  should_failslab+0x8c/0xb0
[  130.074407][ T9412]  __kmalloc_cache_noprof+0x4c/0x4a0
[  130.074471][ T9412]  alloc_bprm+0x5c/0x350
[  130.074493][ T9412]  do_execveat_common+0x12e/0x750
[  130.074518][ T9412]  ? getname_flags+0x154/0x3b0
[  130.074548][ T9412]  __x64_sys_execveat+0x73/0x90
[  130.074616][ T9412]  x64_sys_call+0x1fec/0x3000
[  130.074641][ T9412]  do_syscall_64+0xd2/0x200
[  130.074691][ T9412]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  130.074718][ T9412]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  130.074798][ T9412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.074859][ T9412] RIP: 0033:0x7f13953eeec9
[  130.074875][ T9412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.074893][ T9412] RSP: 002b:00007f1393e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  130.074913][ T9412] RAX: ffffffffffffffda RBX: 00007f1395645fa0 RCX: 00007f13953eeec9
[  130.074926][ T9412] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  130.074938][ T9412] RBP: 00007f1393e57090 R08: 0000000000001000 R09: 0000000000000000
[  130.074951][ T9412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.074983][ T9412] R13: 00007f1395646038 R14: 00007f1395645fa0 R15: 00007ffed6681c38
[  130.075005][ T9412]  </TASK>
[  130.292412][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 18: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=26022, size=1024 fake=0
[  130.325053][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  130.348223][ T3317] EXT4-fs error (device loop2): ext4_empty_dir:3120: inode #11: block 18: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=26022, size=1024 fake=0
[  130.367746][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 18: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=26022, size=1024 fake=0
[  130.390211][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  130.413526][ T3317] EXT4-fs error (device loop2): ext4_empty_dir:3120: inode #11: block 18: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=26022, size=1024 fake=0
[  130.446671][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 18: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=26022, size=1024 fake=0
[  130.468019][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  130.491798][ T3317] EXT4-fs error (device loop2): ext4_empty_dir:3120: inode #11: block 18: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=26022, size=1024 fake=0
[  130.511947][ T3317] EXT4-fs error (device loop2): ext4_readdir:264: inode #11: block 18: comm syz-executor: path /497/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=26022, size=1024 fake=0
[  130.622946][ T9376] syz_tun (unregistering): left allmulticast mode
[  130.765726][   T52] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.765846][ T9376] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.865432][   T52] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.900601][ T9424] loop3: detected capacity change from 0 to 32768
[  130.925017][   T52] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.947160][ T9433] FAULT_INJECTION: forcing a failure.
[  130.947160][ T9433] name failslab, interval 1, probability 0, space 0, times 0
[  130.959969][ T9433] CPU: 0 UID: 0 PID: 9433 Comm: syz.3.2352 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  130.960001][ T9433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  130.960020][ T9433] Call Trace:
[  130.960027][ T9433]  <TASK>
[  130.960035][ T9433]  __dump_stack+0x1d/0x30
[  130.960061][ T9433]  dump_stack_lvl+0xe8/0x140
[  130.960085][ T9433]  dump_stack+0x15/0x1b
[  130.960102][ T9433]  should_fail_ex+0x265/0x280
[  130.960135][ T9433]  ? audit_log_d_path+0x8d/0x150
[  130.960234][ T9433]  should_failslab+0x8c/0xb0
[  130.960341][ T9433]  __kmalloc_cache_noprof+0x4c/0x4a0
[  130.960372][ T9433]  audit_log_d_path+0x8d/0x150
[  130.960392][ T9433]  audit_log_d_path_exe+0x42/0x70
[  130.960414][ T9433]  audit_log_task+0x1e9/0x250
[  130.960515][ T9433]  ? kstrtouint+0x76/0xc0
[  130.960577][ T9433]  audit_seccomp+0x61/0x100
[  130.960638][ T9433]  ? __seccomp_filter+0x82d/0x1250
[  130.960675][ T9433]  __seccomp_filter+0x83e/0x1250
[  130.960791][ T9433]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  130.960868][ T9433]  ? vfs_write+0x7e8/0x960
[  130.960891][ T9433]  ? __rcu_read_unlock+0x4f/0x70
[  130.960922][ T9433]  ? __fget_files+0x184/0x1c0
[  130.960957][ T9433]  __secure_computing+0x82/0x150
[  130.961074][ T9433]  syscall_trace_enter+0xcf/0x1e0
[  130.961113][ T9433]  do_syscall_64+0xac/0x200
[  130.961216][ T9433]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  130.961297][ T9433]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  130.961336][ T9433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.961399][ T9433] RIP: 0033:0x7f052e11eec9
[  130.961420][ T9433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.961445][ T9433] RSP: 002b:00007f052cb65e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  130.961472][ T9433] RAX: ffffffffffffffda RBX: 00000000000002a8 RCX: 00007f052e11eec9
[  130.961489][ T9433] RDX: 00007f052cb65ef0 RSI: 0000000000000000 RDI: 00007f052e1a2960
[  130.961545][ T9433] RBP: 0000200000000280 R08: 00007f052cb65bb7 R09: 00007f052cb65e40
[  130.961561][ T9433] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000000c0
[  130.961577][ T9433] R13: 00007f052cb65ef0 R14: 00007f052cb65eb0 R15: 0000200000000100
[  130.961603][ T9433]  </TASK>
[  130.963157][ T9424]  loop3: p1 p3 < >
[  131.236684][ T9424] lo speed is unknown, defaulting to 1000
[  131.287943][   T52] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.335904][ T9430] lo speed is unknown, defaulting to 1000
[  132.892322][   T29] kauditd_printk_skb: 459 callbacks suppressed
[  132.892339][   T29] audit: type=1326 audit(132.861:25810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  132.936452][   T52] bridge_slave_1: left allmulticast mode
[  132.942177][   T52] bridge_slave_1: left promiscuous mode
[  132.947972][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.972617][   T29] audit: type=1326 audit(132.891:25811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  132.996190][   T29] audit: type=1326 audit(132.901:25812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.019301][   T29] audit: type=1326 audit(132.901:25813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.042604][   T29] audit: type=1326 audit(132.901:25814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.065688][   T29] audit: type=1326 audit(132.901:25815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.088866][   T29] audit: type=1326 audit(132.901:25816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.111927][   T29] audit: type=1326 audit(132.901:25817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.134790][   T29] audit: type=1326 audit(132.901:25818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.158157][   T29] audit: type=1326 audit(132.901:25819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9461 comm="syz.4.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe39897eec9 code=0x7ffc0000
[  133.183263][   T52] bridge_slave_0: left allmulticast mode
[  133.188985][   T52] bridge_slave_0: left promiscuous mode
[  133.194811][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.243448][ T3370] SELinux: failure in sel_netif_sid_slow(), invalid network interface (115)
[  133.278997][ T9475] FAULT_INJECTION: forcing a failure.
[  133.278997][ T9475] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.292592][ T9475] CPU: 1 UID: 0 PID: 9475 Comm: syz.0.2369 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  133.292626][ T9475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  133.292639][ T9475] Call Trace:
[  133.292721][ T9475]  <TASK>
[  133.292728][ T9475]  __dump_stack+0x1d/0x30
[  133.292748][ T9475]  dump_stack_lvl+0xe8/0x140
[  133.292833][ T9475]  dump_stack+0x15/0x1b
[  133.292848][ T9475]  should_fail_ex+0x265/0x280
[  133.292889][ T9475]  should_fail+0xb/0x20
[  133.292918][ T9475]  should_fail_usercopy+0x1a/0x20
[  133.292936][ T9475]  _copy_from_iter+0xd2/0xe80
[  133.292956][ T9475]  ? __build_skb_around+0x1ab/0x200
[  133.292980][ T9475]  ? __alloc_skb+0x223/0x320
[  133.293035][ T9475]  netlink_sendmsg+0x471/0x6b0
[  133.293066][ T9475]  ? __pfx_netlink_sendmsg+0x10/0x10
[  133.293093][ T9475]  __sock_sendmsg+0x145/0x180
[  133.293189][ T9475]  sock_write_iter+0x1a7/0x1f0
[  133.293266][ T9475]  ? __pfx_sock_write_iter+0x10/0x10
[  133.293296][ T9475]  vfs_write+0x52a/0x960
[  133.293396][ T9475]  ksys_write+0xda/0x1a0
[  133.293429][ T9475]  __x64_sys_write+0x40/0x50
[  133.293455][ T9475]  x64_sys_call+0x2802/0x3000
[  133.293533][ T9475]  do_syscall_64+0xd2/0x200
[  133.293562][ T9475]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  133.293598][ T9475]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  133.293622][ T9475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.293695][ T9475] RIP: 0033:0x7fa203e3eec9
[  133.293711][ T9475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.293728][ T9475] RSP: 002b:00007fa202886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  133.293806][ T9475] RAX: ffffffffffffffda RBX: 00007fa204096090 RCX: 00007fa203e3eec9
[  133.293818][ T9475] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000005
[  133.293829][ T9475] RBP: 00007fa202886090 R08: 0000000000000000 R09: 0000000000000000
[  133.293840][ T9475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.293851][ T9475] R13: 00007fa204096128 R14: 00007fa204096090 R15: 00007ffea4008aa8
[  133.293869][ T9475]  </TASK>
[  133.584947][   T52] bond20 (unregistering): (slave bridge1): Releasing active interface
[  133.635337][   T52] bond1 (unregistering): Released all slaves
[  133.643953][   T52] bond2 (unregistering): Released all slaves
[  133.652808][   T52] bond3 (unregistering): Released all slaves
[  133.661185][   T52] bond4 (unregistering): Released all slaves
[  133.669948][   T52] bond5 (unregistering): Released all slaves
[  133.678552][   T52] bond6 (unregistering): Released all slaves
[  133.687961][   T52] bond7 (unregistering): Released all slaves
[  133.696944][   T52] bond8 (unregistering): Released all slaves
[  133.705787][   T52] bond9 (unregistering): Released all slaves
[  133.714808][   T52] bond10 (unregistering): Released all slaves
[  133.723564][   T52] bond11 (unregistering): Released all slaves
[  133.732509][   T52] bond12 (unregistering): Released all slaves
[  133.742123][   T52] bond13 (unregistering): Released all slaves
[  133.751060][   T52] bond14 (unregistering): Released all slaves
[  133.759829][   T52] bond15 (unregistering): Released all slaves
[  133.768624][   T52] bond16 (unregistering): Released all slaves
[  133.777549][   T52] bond17 (unregistering): Released all slaves
[  133.786428][   T52] bond0 (unregistering): Released all slaves
[  133.795523][   T52] bond18 (unregistering): Released all slaves
[  133.804390][   T52] bond19 (unregistering): Released all slaves
[  133.813419][   T52] bond20 (unregistering): Released all slaves
[  133.864446][ T9479] __nla_validate_parse: 2 callbacks suppressed
[  133.864467][ T9479] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2371'.
[  133.923047][ T9479] validate_nla: 15 callbacks suppressed
[  133.923066][ T9479] netlink: 'syz.0.2371': attribute type 1 has an invalid length.
[  133.936451][ T9479] netlink: 'syz.0.2371': attribute type 2 has an invalid length.
[  134.019552][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.027181][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  134.036836][ T9483] FAULT_INJECTION: forcing a failure.
[  134.036836][ T9483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.051342][ T9483] CPU: 0 UID: 0 PID: 9483 Comm: syz.1.2373 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  134.051371][ T9483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  134.051384][ T9483] Call Trace:
[  134.051391][ T9483]  <TASK>
[  134.051407][ T9483]  __dump_stack+0x1d/0x30
[  134.051453][ T9483]  dump_stack_lvl+0xe8/0x140
[  134.051479][ T9483]  dump_stack+0x15/0x1b
[  134.051501][ T9483]  should_fail_ex+0x265/0x280
[  134.051544][ T9483]  should_fail+0xb/0x20
[  134.051575][ T9483]  should_fail_usercopy+0x1a/0x20
[  134.051662][ T9483]  strncpy_from_user+0x25/0x230
[  134.051699][ T9483]  ? should_failslab+0x8c/0xb0
[  134.051736][ T9483]  setxattr_copy+0x4c/0x160
[  134.051838][ T9483]  io_setxattr_prep+0x123/0x1d0
[  134.051868][ T9483]  io_submit_sqes+0x5ec/0x1060
[  134.051930][ T9483]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  134.051971][ T9483]  ? 0xffffffff81000000
[  134.052052][ T9483]  ? __rcu_read_unlock+0x4f/0x70
[  134.052078][ T9483]  ? get_pid_task+0x96/0xd0
[  134.052101][ T9483]  ? proc_fail_nth_write+0x13b/0x160
[  134.052158][ T9483]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  134.052187][ T9483]  ? vfs_write+0x7e8/0x960
[  134.052213][ T9483]  ? __rcu_read_unlock+0x4f/0x70
[  134.052305][ T9483]  ? __fget_files+0x184/0x1c0
[  134.052332][ T9483]  ? fput+0x8f/0xc0
[  134.052419][ T9483]  __x64_sys_io_uring_enter+0x78/0x90
[  134.052473][ T9483]  x64_sys_call+0x2df0/0x3000
[  134.052495][ T9483]  do_syscall_64+0xd2/0x200
[  134.052519][ T9483]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  134.052613][ T9483]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  134.052679][ T9483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.052706][ T9483] RIP: 0033:0x7f13953eeec9
[  134.052722][ T9483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.052747][ T9483] RSP: 002b:00007f1393e57038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  134.052771][ T9483] RAX: ffffffffffffffda RBX: 00007f1395645fa0 RCX: 00007f13953eeec9
[  134.052788][ T9483] RDX: 0000000000000003 RSI: 00000000000046bc RDI: 0000000000000003
[  134.052881][ T9483] RBP: 00007f1393e57090 R08: 0000000000000000 R09: 0000000000000020
[  134.052898][ T9483] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001
[  134.052914][ T9483] R13: 00007f1395646038 R14: 00007f1395645fa0 R15: 00007ffed6681c38
[  134.052942][ T9483]  </TASK>
[  134.289407][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.297175][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.304826][ T9485] loop4: detected capacity change from 0 to 4096
[  134.324598][   T52] veth1_macvtap: left promiscuous mode
[  134.330316][   T52] veth0_macvtap: left promiscuous mode
[  134.343760][   T52] veth1_vlan: left promiscuous mode
[  134.349204][   T52] veth0_vlan: left promiscuous mode
[  134.361762][ T9485] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  134.450409][ T9485] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.533295][   T52] team0 (unregistering): Port device team_slave_1 removed
[  134.544866][   T52] team0 (unregistering): Port device team_slave_0 removed
[  134.689009][ T3391] lo speed is unknown, defaulting to 1000
[  134.695059][ T3391] infiniband syz0: ib_query_port failed (-19)
[  134.716353][ T9430] chnl_net:caif_netlink_parms(): no params data found
[  134.804113][ T9501] xt_CT: You must specify a L4 protocol and not use inversions on it
[  134.866552][ T9430] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.881902][ T9430] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.912235][ T9484] syz.4.2370 (9484) used greatest stack depth: 7032 bytes left
[  134.942407][ T9430] bridge_slave_0: entered allmulticast mode
[  134.950442][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.961271][ T9430] bridge_slave_0: entered promiscuous mode
[  134.974520][ T9430] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.981818][ T9430] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.998997][ T9430] bridge_slave_1: entered allmulticast mode
[  135.005939][ T9430] bridge_slave_1: entered promiscuous mode
[  135.029709][ T9430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  135.054721][ T9430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.077187][ T9518] team_slave_0: entered promiscuous mode
[  135.082925][ T9518] team_slave_1: entered promiscuous mode
[  135.099628][ T9518] veth4: entered promiscuous mode
[  135.104859][ T9518] veth4: entered allmulticast mode
[  135.119913][ T9518] veth5: entered promiscuous mode
[  135.125068][ T9518] veth5: entered allmulticast mode
[  135.133793][ T9430] team0: Port device team_slave_0 added
[  135.141336][   T52] IPVS: stop unused estimator thread 0...
[  135.149476][ T9430] team0: Port device team_slave_1 added
[  135.161412][ T9517] team_slave_0: left promiscuous mode
[  135.166964][ T9517] team_slave_1: left promiscuous mode
[  135.201326][ T9430] batman_adv: batadv0: Adding interface: batadv_slave_0
[  135.208503][ T9430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  135.234743][ T9430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  135.246442][ T9430] batman_adv: batadv0: Adding interface: batadv_slave_1
[  135.253458][ T9430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  135.279709][ T9430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  135.321038][ T9533] loop1: detected capacity change from 0 to 512
[  135.331600][ T9430] hsr_slave_0: entered promiscuous mode
[  135.338139][ T9430] hsr_slave_1: entered promiscuous mode
[  135.356754][ T9533] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  135.395777][ T9533] EXT4-fs (loop1): orphan cleanup on readonly fs
[  135.412356][ T9533] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #16: comm syz.1.2390: corrupted inode contents
[  135.431603][ T9533] EXT4-fs (loop1): Remounting filesystem read-only
[  135.441441][ T9533] EXT4-fs (loop1): 1 truncate cleaned up
[  135.447439][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  135.458207][   T37] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  135.484094][   T37] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  135.529105][ T9533] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  135.545058][ T9430] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  135.571105][ T9430] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  135.603379][ T9430] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  135.614160][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.636447][ T9430] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  135.664371][ T9545] xt_CT: You must specify a L4 protocol and not use inversions on it
[  135.742956][ T9430] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.781177][ T9430] 8021q: adding VLAN 0 to HW filter on device team0
[  135.809100][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.816239][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.835917][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.843132][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.977189][ T9558] netlink: 'syz.0.2397': attribute type 1 has an invalid length.
[  135.985017][ T9558] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2397'.
[  135.994929][ T9558] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2397'.
[  136.015528][ T9558] 8021q: adding VLAN 0 to HW filter on device bond23
[  136.046329][ T9430] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.292124][ T9430] veth0_vlan: entered promiscuous mode
[  136.307811][ T9591] netlink: 'syz.0.2402': attribute type 1 has an invalid length.
[  136.315663][ T9591] netlink: 'syz.0.2402': attribute type 2 has an invalid length.
[  136.320004][ T9430] veth1_vlan: entered promiscuous mode
[  136.362094][ T9430] veth0_macvtap: entered promiscuous mode
[  136.377490][ T9430] veth1_macvtap: entered promiscuous mode
[  136.411111][ T9430] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.436251][ T9430] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.451277][   T37] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.461260][   T37] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.493896][   T37] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.508802][   T37] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.554784][ T9600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2355'.
[  136.761527][ T9603] 9pnet_fd: Insufficient options for proto=fd
[  136.802408][ T9598] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2407'.
[  136.811615][ T9598] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.819123][ T9598] batadv0: mtu less than device minimum
[  136.825225][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.836144][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.847108][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.857993][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.868742][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.879709][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.891261][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.902321][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.913242][ T9598] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  136.951125][ T9598] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.050939][ T9605] loop5: detected capacity change from 0 to 512
[  137.084594][ T9605] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  137.092771][ T9605] EXT4-fs (loop5): orphan cleanup on readonly fs
[  137.126275][ T9605] EXT4-fs error (device loop5): ext4_do_update_inode:5624: inode #16: comm syz.5.2409: corrupted inode contents
[  137.158603][ T9605] EXT4-fs (loop5): Remounting filesystem read-only
[  137.203741][ T9605] EXT4-fs (loop5): 1 truncate cleaned up
[  137.209654][   T52] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.220406][   T52] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.263631][   T52] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  137.292766][ T9605] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  137.326291][ T9430] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.344878][ T9609] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2410'.
[  137.445404][ T9609] netlink: 'syz.4.2410': attribute type 1 has an invalid length.
[  137.453193][ T9609] netlink: 'syz.4.2410': attribute type 2 has an invalid length.
[  137.520346][ T9622] loop1: detected capacity change from 0 to 512
[  137.538913][ T9625] netlink: 'syz.3.2419': attribute type 1 has an invalid length.
[  137.547085][ T9625] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2419'.
[  137.557269][ T9625] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2419'.
[  137.590290][ T9625] 8021q: adding VLAN 0 to HW filter on device bond25
[  137.610729][ T9622] EXT4-fs (loop1): too many log groups per flexible block group
[  137.634337][ T9625] vlan3: entered allmulticast mode
[  137.639760][ T9625] bond25: entered allmulticast mode
[  137.643589][ T9622] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  137.654611][ T9622] EXT4-fs (loop1): mount failed
[  137.662068][ T9631] netlink: 'syz.0.2416': attribute type 1 has an invalid length.
[  137.670060][ T9631] netlink: 'syz.0.2416': attribute type 2 has an invalid length.
[  137.685850][ T9622] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2417'.
[  137.782232][ T9622] loop1: detected capacity change from 0 to 512
[  137.817349][ T9622] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  137.846319][ T9622] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2417: invalid block
[  137.859034][ T9622] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2417: invalid indirect mapped block 4294967295 (level 1)
[  137.874635][ T9622] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2417: invalid indirect mapped block 4294967295 (level 1)
[  137.890231][ T9622] EXT4-fs (loop1): 2 truncates cleaned up
[  137.896936][ T9622] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  137.911619][   T29] kauditd_printk_skb: 327 callbacks suppressed
[  137.911637][   T29] audit: type=1326 audit(137.881:26135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f13953ed710 code=0x7ffc0000
[  137.943726][ T9642] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2422'.
[  137.953627][   T29] audit: type=1326 audit(137.881:26136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f13953edc17 code=0x7ffc0000
[  137.977165][   T29] audit: type=1326 audit(137.881:26137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f13953ed710 code=0x7ffc0000
[  138.000367][   T29] audit: type=1326 audit(137.881:26138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.023530][   T29] audit: type=1326 audit(137.881:26139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.046521][   T29] audit: type=1326 audit(137.881:26140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.069782][   T29] audit: type=1326 audit(137.881:26141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.093022][   T29] audit: type=1326 audit(137.881:26142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.116136][   T29] audit: type=1326 audit(137.881:26143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.139391][   T29] audit: type=1326 audit(137.881:26144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9617 comm="syz.1.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13953eeec9 code=0x7ffc0000
[  138.166352][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.931651][ T9679] validate_nla: 2 callbacks suppressed
[  138.931666][ T9679] netlink: 'syz.3.2436': attribute type 1 has an invalid length.
[  138.946099][ T9679] netlink: 'syz.3.2436': attribute type 2 has an invalid length.
[  138.992595][ T9686] __nla_validate_parse: 3 callbacks suppressed
[  138.992615][ T9686] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2440'.
[  139.008361][ T9686] netlink: 196 bytes leftover after parsing attributes in process `syz.4.2440'.
[  139.019681][ T9686] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2440'.
[  139.029489][ T9686] netlink: 196 bytes leftover after parsing attributes in process `syz.4.2440'.
[  139.546562][ T9700] netlink: 'syz.5.2445': attribute type 1 has an invalid length.
[  139.554436][ T9700] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2445'.
[  139.564394][ T9700] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2445'.
[  139.592409][ T9700] vlan2: entered allmulticast mode
[  139.598073][ T9700] veth1: entered allmulticast mode
[  139.747483][ T9707] netlink: 'syz.4.2448': attribute type 1 has an invalid length.
[  139.756425][ T9707] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2448'.
[  139.767333][ T9707] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2448'.
[  139.813990][ T9707] 8021q: adding VLAN 0 to HW filter on device bond30
[  139.863604][ T9707] vlan2: entered allmulticast mode
[  139.869049][ T9707] bond30: entered allmulticast mode
[  140.006343][ T9728] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2456'.
[  140.015478][ T9728] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2456'.
[  140.294045][ T9737] netlink: 'syz.4.2458': attribute type 4 has an invalid length.
[  140.422037][ T9746] 8021q: adding VLAN 0 to HW filter on device bond31
[  140.448799][ T9749] netlink: 'syz.5.2461': attribute type 1 has an invalid length.
[  140.456797][ T9749] netlink: 'syz.5.2461': attribute type 2 has an invalid length.
[  140.514755][ T9746] vlan2: entered allmulticast mode
[  140.520089][ T9746] bond31: entered allmulticast mode
[  140.563951][ T9758] netlink: 'syz.1.2469': attribute type 10 has an invalid length.
[  141.419760][ T9792] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  141.495439][ T9792] block device autoloading is deprecated and will be removed.
[  141.571159][ T9799] 8021q: adding VLAN 0 to HW filter on device bond30
[  141.679233][ T9797] vlan4: entered allmulticast mode
[  141.684629][ T9797] bond30: entered allmulticast mode
[  141.939798][ T9810] netlink: 'syz.1.2490': attribute type 1 has an invalid length.
[  141.947773][ T9810] netlink: 'syz.1.2490': attribute type 2 has an invalid length.
[  142.462702][ T9832] xt_CT: You must specify a L4 protocol and not use inversions on it
[  143.211977][ T9875] 8021q: VLANs not supported on ip6_vti0
[  143.232135][   T29] kauditd_printk_skb: 375 callbacks suppressed
[  143.232153][   T29] audit: type=1400 audit(143.201:26520): avc:  denied  { block_suspend } for  pid=9874 comm="syz.5.2517" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  143.301834][   T29] audit: type=1326 audit(143.271:26521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.325278][   T29] audit: type=1326 audit(143.271:26522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.350014][   T29] audit: type=1326 audit(143.271:26523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.373979][   T29] audit: type=1326 audit(143.271:26524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.398132][   T29] audit: type=1326 audit(143.271:26525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.426073][   T29] audit: type=1326 audit(143.271:26526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.426375][ T9881] loop1: detected capacity change from 0 to 1024
[  143.450696][   T29] audit: type=1326 audit(143.271:26527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.458123][ T9881] EXT4-fs: Ignoring removed orlov option
[  143.481683][   T29] audit: type=1326 audit(143.271:26528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.522927][ T9881] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.575692][   T29] audit: type=1326 audit(143.271:26529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9876 comm="syz.3.2518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f052e11eec9 code=0x7ffc0000
[  143.755477][ T9888] loop4: detected capacity change from 0 to 512
[  143.916749][ T9881] ==================================================================
[  143.925375][ T9881] BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark
[  143.933771][ T9881] 
[  143.936205][ T9881] write to 0xffff88811a07cf94 of 4 bytes by task 9873 on cpu 1:
[  143.944400][ T9881]  xas_set_mark+0x12b/0x140
[  143.948950][ T9881]  tag_pages_for_writeback+0xc2/0x290
[  143.954620][ T9881]  ext4_do_writepages+0x6b2/0x2750
[  143.959981][ T9881]  ext4_writepages+0x176/0x300
[  143.965139][ T9881]  do_writepages+0x1c3/0x310
[  143.970642][ T9881]  file_write_and_wait_range+0x156/0x2c0
[  143.976533][ T9881]  generic_buffers_fsync_noflush+0x45/0x120
[  143.982473][ T9881]  ext4_sync_file+0x1ab/0x690
[  143.987355][ T9881]  vfs_fsync_range+0x10a/0x130
[  143.992162][ T9881]  ext4_buffered_write_iter+0x34f/0x3c0
[  143.997765][ T9881]  ext4_file_write_iter+0x387/0xf60
[  144.003332][ T9881]  iter_file_splice_write+0x666/0xa60
[  144.008860][ T9881]  direct_splice_actor+0x156/0x2a0
[  144.014109][ T9881]  splice_direct_to_actor+0x312/0x680
[  144.014323][ T9888] EXT4-fs (loop4): too many log groups per flexible block group
[  144.019649][ T9881]  do_splice_direct+0xda/0x150
[  144.019681][ T9881]  do_sendfile+0x380/0x650
[  144.039413][ T9881]  __x64_sys_sendfile64+0x105/0x150
[  144.046158][ T9881]  x64_sys_call+0x2bb4/0x3000
[  144.051479][ T9881]  do_syscall_64+0xd2/0x200
[  144.056734][ T9881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.062747][ T9881] 
[  144.065095][ T9881] read to 0xffff88811a07cf94 of 4 bytes by task 9881 on cpu 0:
[  144.072832][ T9881]  file_write_and_wait_range+0x10e/0x2c0
[  144.078695][ T9881]  generic_buffers_fsync_noflush+0x45/0x120
[  144.084730][ T9881]  ext4_sync_file+0x1ab/0x690
[  144.089530][ T9881]  vfs_fsync_range+0x10a/0x130
[  144.094440][ T9881]  ext4_buffered_write_iter+0x34f/0x3c0
[  144.100363][ T9881]  ext4_file_write_iter+0x387/0xf60
[  144.106061][ T9881]  iter_file_splice_write+0x666/0xa60
[  144.111573][ T9881]  direct_splice_actor+0x156/0x2a0
[  144.116769][ T9881]  splice_direct_to_actor+0x312/0x680
[  144.122171][ T9881]  do_splice_direct+0xda/0x150
[  144.127085][ T9881]  do_sendfile+0x380/0x650
[  144.131636][ T9881]  __x64_sys_sendfile64+0x105/0x150
[  144.137174][ T9881]  x64_sys_call+0x2bb4/0x3000
[  144.142238][ T9881]  do_syscall_64+0xd2/0x200
[  144.146780][ T9881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.152707][ T9881] 
[  144.155041][ T9881] value changed: 0x02000021 -> 0x04000021
[  144.160944][ T9881] 
[  144.163289][ T9881] Reported by Kernel Concurrency Sanitizer on:
[  144.169674][ T9881] CPU: 0 UID: 0 PID: 9881 Comm: syz.1.2515 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  144.179701][ T9881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  144.189965][ T9881] ==================================================================
[  144.203494][ T9888] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  144.214436][ T9888] EXT4-fs (loop4): mount failed
[  144.246910][ T9888] __nla_validate_parse: 11 callbacks suppressed
[  144.246926][ T9888] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2521'.
[  144.307478][ T9895] loop4: detected capacity change from 0 to 512
[  144.315047][ T9895] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  144.332462][ T9895] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.2521: invalid block
[  144.344994][ T9895] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2521: invalid indirect mapped block 4294967295 (level 1)
[  144.359501][ T9895] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2521: invalid indirect mapped block 4294967295 (level 1)
[  144.374318][ T9895] EXT4-fs (loop4): 2 truncates cleaned up
[  144.380649][ T9895] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.445968][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.468845][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.