last executing test programs:

44.317888394s ago: executing program 3 (id=1460):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
futex(0x0, 0x3, 0x0, &(0x7f0000fd7ff0), 0x0, 0xfffffffd)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r3=>0x0})
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r5=>0x0})
bind$can_raw(r4, &(0x7f0000000000)={0x1d, r5}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x4)

44.231430405s ago: executing program 3 (id=1461):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r2 = epoll_create1(0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @loopback}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000})
r4 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYRES64=r3, @ANYRESHEX=r4], 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000bc0)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYRES64=r5, @ANYBLOB="76ead0a3aedb7776c28531afd030d98dfdcac223e4174fa7c6e0dac8efe9d58780624fd33ddbe26ff622baf4d6195364cea628b2b81aa6c9d04ba098509b71660eca39bdfbf91417ee5aef54d09804be8e0e33107236ae1a3340a1bb2d92662015ff7d8bb1529843d57221882fadadba8cf29fa2f634aea004aca8c22bdef28768cf4cafc5c9ea7d1eb9f4f07c500e6c29cfa0f4615eeef34b6f72b6742b77e53bc02bf8fe37f628628f9bb97b8eb3d3ff79767c905bbe642d3bcfc4038d9d3f0d1fa6c5ae825185816bf244531445c05e693e151e575de27b49b16a16621899f04b3c7a4710d7d635a503a360988866a66650858b7f206d0810825582", @ANYRESDEC=r3], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x4000003, 0xfffffffffffffffd}, 0x0, &(0x7f0000000340)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0xa000000d})
socket$nl_generic(0x10, 0x3, 0x10)
getrlimit(0x2, &(0x7f0000000300))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000400)={0xa})
epoll_pwait(r2, &(0x7f0000000340), 0x0, 0x104, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000380)={0x7, <r7=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000f00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007f30cb3b0ffffffb702000000000000b7030000000000008500000072000000958d90ce7a2fbe20d1eaaba3958017641f788312b1d54a1227af1c5ff30b835e39d53c406b2d4157cc9ac03deacd9988269fee563cc716a77cc00b661536391f7253425b9997acc22613b7957d33e18686bb0454214256d619b13c899ceca23883300954c82a463770c7d7ada0a653f36c5faab41a8dce36"], &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x2, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000180)='kfree\x00', r8}, 0x18)
io_setup(0x2004, &(0x7f0000000680))
io_setup(0xf447, &(0x7f0000000280))
unshare(0x42020180)
r9 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00')
pread64(r9, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
fspick(r9, &(0x7f0000000040)='./file0\x00', 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYRESHEX=r3], 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)

44.014673629s ago: executing program 3 (id=1471):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
futex(0x0, 0x3, 0x0, &(0x7f0000fd7ff0), 0x0, 0xfffffffd)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r3=>0x0})
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r5=>0x0})
bind$can_raw(r4, &(0x7f0000000000)={0x1d, r5}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x4)

43.707248284s ago: executing program 3 (id=1474):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r3, &(0x7f0000000140)='smaps\x00')
timer_create(0x7, &(0x7f0000000040)={0x0, 0x6, 0x4, @tid=r3}, &(0x7f00000000c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
ftruncate(r0, 0x2007ffc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x800000009)

43.427097788s ago: executing program 3 (id=1482):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000640)="980bcfe393059bae3f648ed47a483be27024e4dd506130bdfbcd2df1d38ec7fa1c341ccb083d3ff79d5bc4d28e2a61cc95e5c91b2b508136985bd117c1dff44ccbd4ab6f", 0x44}], 0x1)
r3 = accept4$unix(r0, 0x0, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x4c2103a0)

43.331833409s ago: executing program 3 (id=1485):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'gre0\x00', <r0=>0x0, 0x40, 0x50, 0x1, 0x401, {{0xd, 0x4, 0x3, 0xa, 0x34, 0x67, 0x0, 0x7, 0x29, 0x0, @remote, @private, {[@generic={0x94, 0x2}, @ssrr={0x89, 0x1b, 0x84, [@dev={0xac, 0x14, 0x14, 0x21}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @private=0xa010102, @remote, @multicast2]}]}}}}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@lazytime}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nombcache}, {@quota}, {@quota}]}, 0xff, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")

43.31110836s ago: executing program 32 (id=1485):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'gre0\x00', <r0=>0x0, 0x40, 0x50, 0x1, 0x401, {{0xd, 0x4, 0x3, 0xa, 0x34, 0x67, 0x0, 0x7, 0x29, 0x0, @remote, @private, {[@generic={0x94, 0x2}, @ssrr={0x89, 0x1b, 0x84, [@dev={0xac, 0x14, 0x14, 0x21}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @private=0xa010102, @remote, @multicast2]}]}}}}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@lazytime}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nombcache}, {@quota}, {@quota}]}, 0xff, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")

1.746030863s ago: executing program 2 (id=2267):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x200000, 0xa0)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000140)={<r3=>0x0, 0x8000, 0x10, 0x6}, &(0x7f0000000180)=0x18)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f00000001c0)={r3, 0x1}, 0x8)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40101)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x0, 'client1\x00', 0x0, "d62e980dc09169cf", "20e48560999fd132b6a5426180a8c2360455591fe53251debd51940c0fcd00"})
readv(r2, &(0x7f0000000080)=[{&(0x7f0000000000)=""/109, 0x6d}], 0x1)

1.531744536s ago: executing program 5 (id=2274):
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0xe0}}, 0x0)

1.510374197s ago: executing program 4 (id=2276):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a1c0000000e0a010300000000000000000a0000060800044000000000140000001100010000000000000000000000000ab49745e8d2104501f20739f894d5cf15741e116f01360597934a1fbe1d78278ec63fb461f6ccc4897668b898d1df229db78f05f9136c9c0c7ad123dc0f2546a547b7ae44e671037c3ed5e2061629d005f3c0abeaa9befa41321556a7910e8a4a3dcc3c0009559e3147c393e196109e78763144ab087f95aaa5f2bbaa5fe80f1317182d4b6129c81d0f0d0618c9af292041ebcc4a0c00e4de3db6e8c91455aa546e7a181c9b72a0234c6da8"], 0x44}}, 0x40)
socket$inet6(0xa, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4b, 0x0, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$inet6(r3, 0x0, 0x0, 0x8810, &(0x7f0000000080)={0xa, 0x4ea0, 0x4, @loopback={0xff00000000000000}, 0x5}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000580)=ANY=[], 0x57, 0x2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x7393, &(0x7f0000000180)={0x0, 0x1add, 0x1, 0x2, 0x2e7}, 0x0, 0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000380)={0x2})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4205, r4, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28})
clock_gettime(0x3, &(0x7f0000000140))
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), r1)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000129bd7000fedbdf2d0e00000008000600010000003800038014000200687372300000000000000000000000000600040006000000080005007f000001060007004e2300000efe03000100000083787483c6f66d1f4e3f97ff"], 0xfffffffffffffdc2}, 0x1, 0x0, 0x0, 0x4}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000800)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x8, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
fsopen(&(0x7f0000000400)='hpfs\x00', 0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r5, @ANYRES32=r8, @ANYRESDEC=r4], 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

1.475734747s ago: executing program 5 (id=2277):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3}}, 0x2}}, 0x2e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x23, &(0x7f0000000000), 0x4)
sendmsg$inet(r3, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
recvmsg(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/4098, 0x15}, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x4000043, 0x0, 0x0, 0x3}, 0x10)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
close(r0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2}}, 0x2, 0x0, 0x0, 0x2}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r0, 0x80047453, 0x0)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r9}, 0x10)
getgroups(0x0, 0x0)
sendmmsg$inet6(r7, &(0x7f0000000b40)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000001900)=[{&(0x7f0000000240)="af", 0x1}], 0x1}}], 0x1, 0x20040800)
r10 = socket$netlink(0x10, 0x3, 0x4)
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500))
writev(r10, &(0x7f0000000080)=[{&(0x7f0000000e40)="480000001400190d09004beafd0d36020a8447000b4e230f00000000a2bc560119d7004f19dfb7f393d7359031033f817f00000000000000000101ff05c00e030002000000ffff01", 0x48}], 0x1)

1.439117728s ago: executing program 4 (id=2278):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)

1.438363418s ago: executing program 5 (id=2280):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYBLOB="ebda55f83ecbe5ddee1feb602d20e392aa89a75189a8b8776bef71279423c13cbd85c601adc0", @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_alloc\x00', r1, 0x0, 0x9}, 0x18)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

1.375669229s ago: executing program 5 (id=2283):
unlinkat(0xffffffffffffff9c, 0x0, 0x28c)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x5aa7bac0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x200000, &(0x7f0000000040)={[{@dioread_lock}, {@jqfmt_vfsv1}, {@nouid32}, {@grpquota}]}, 0xfc, 0x580, &(0x7f0000000f80)="$eJzs3UtrXFUcAPD/nUzS9KFJoRR1IYEurNROmsRHBRd1KVos6L4OyTSUTDolMylNLNgu7MaNFEHEgujOhXuXxS/gpyhooUgJunATuZM76bSZaV4zmdT5/eC259xzZ/7nzL3nzLmPIQH0rbH0n1zEyxHxdRIx0lSWj6xwbG27lUc3ptMlidXVT/5KIsnWNbZPsv8PZ5mXIuK3LyNO5TbGrS4tzxXL5dJClh+vzV8dry4tn748X5wtzZauTE5NnX1ravLdd97uWFtfv/DPdx/f++DsVydWvv3lwdE7SZyLI1lZczt24WZzZizGss9kMM49teFEB4LtJ0mvK8CODGT9fDDSMWAkBtZzLayO7HX1gC76Iu3WQJ9K9H/oU415QOPcvkPnwc+Nh++vnQBtbH9+7dpIDNfPhg6tJNn1kDXp+e5oB+KnMX798+6ddInOXYcA2NTNWxFxJp/fOP4l2fi3c2e2sM3TMbL4bS5AAZ10L53/vNFq/pNbn/9Ei/nP4RZ9dyfa9P8muQcdCNNWOv97r+X8d/2m1ehAlnuhPucbTC5dLpfSse3FiDgZgwfS/DPu53yWW7m/2q6wef6XLmn8xlwwq8eD/IEnXzNTrBV31egmD29FvNJy/pus7/+kxf5PP48LW4xxvHT31XZlm7d/XVduMa3+GPFay/2fPBH4Gfcnx+vHw3jjqNjo79vHf28Xfxvt74qHP2eJ9u0fTZrv11a3H+OH4X9L7cp2evwPJZ/W00PZuuvFWm1hImIo+Wjj+snHr23kG9unx//JE88e/1od/wfTjr3F9t8+drt50+Httb+70vbPtD/+Bzbu/+0n7n/4+fft4m9t/79ZT53M1mxl/NtqBXf7+QEAAAAAAMB+kouII5HkCuvpXK5QWHu+41gcypUr1dqpS5XFKzNR/63saAzmGne6R5qeh5jInodt5Cefyk9FxNGI+GbgYD1fmK6UZ3rdeAAAAAAAAAAAAAAAAAAAANgnDkcMt/r9f+qPgV7XDui6fK8rAPRM+/6flXTiLz0B+9KOv/+HO1sPYO+Z/0P/0v+hf+n/0L/0f+hf+j/0r+b+P9TDegB7bzvf/z+d72JFAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/hwvnz6bK68ujGdJqfuba0OFe5dnqmVJ0rzC9OF6YrC1cLs5XKbLlUmK7Mb/Z+5Url6sRkLF4fr5WqtfHq0vLF+crildrFy/PF2dLF0uCetAoAAAAAAAAAAAAAAAAAAACeL9Wl5bliuVxakJDYUSK/P6oh0ZwY2v379HpkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH/gsAAP//3Kw5xQ==")
statfs(&(0x7f0000000000)='./file1\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@noquota}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=")
syz_open_dev$vcsn(&(0x7f00000000c0), 0xa4d, 0x1c5802)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000600000000000000000085"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.136445713s ago: executing program 5 (id=2287):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r3, 0x0, 0x7}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)

980.098785ms ago: executing program 0 (id=2291):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x78}}, 0x0)

961.429465ms ago: executing program 0 (id=2292):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$binfmt_aout(r0, 0x0, 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x12)

899.796806ms ago: executing program 0 (id=2293):
r0 = socket$inet6(0xa, 0x3, 0x20ff)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
preadv(r1, &(0x7f00000010c0)=[{&(0x7f0000001800)=""/245, 0xf5}], 0x1, 0x40000004, 0x3)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000"], 0x50)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000580)}, 0x20)
rt_sigaction(0x19, 0x0, 0x0, 0x8, &(0x7f0000000440))
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x1)
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="050000000f000000400000000300000041000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000003fa44853d00"/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140), &(0x7f0000000040), 0x1003, r6}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
ioctl$SIOCX25SCUDMATCHLEN(0xffffffffffffffff, 0x89e7, &(0x7f0000000100)={0x6d})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='kfree\x00', r9, 0x0, 0x7fffffff}, 0x18)
pipe2(0x0, 0x0)
close_range(0xffffffffffffffff, r8, 0x2)
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, 0x0, 0x400c800)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r1)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX=r5], 0x0, 0x2, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10, 0x0, 0xffffffffffffffff}, 0x13)

899.478676ms ago: executing program 0 (id=2294):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8000000000000001, 0x8}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8000000000000002}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

891.958736ms ago: executing program 2 (id=2295):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="38010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac1414000000000000000000000000000000000000000000000000005aca000000000000000000000000000094feb319000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000048000200636263286165732900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce60b3b0000000000000"], 0x138}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002280)={0x14, 0x26, 0x107, 0x1, 0x0, {0x4, 0x7c}}, 0x14}}, 0x4c000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56c49, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x40, 0x2c, 0xd27, 0xfffffffc, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xc, 0x4}, {}, {0x3, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x9, 0xffe0}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x20040054)

868.409687ms ago: executing program 0 (id=2296):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000100070000000900020073797a3000000000140007800800124040000000080013400000000014000300686173683a69702c706f72742c697000050005000200"], 0x60}}, 0x0)

837.392657ms ago: executing program 2 (id=2297):
unlinkat(0xffffffffffffff9c, 0x0, 0x28c)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x5aa7bac0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x200000, &(0x7f0000000040)={[{@dioread_lock}, {@jqfmt_vfsv1}, {@nouid32}, {@grpquota}]}, 0xfc, 0x580, &(0x7f0000000f80)="$eJzs3UtrXFUcAPD/nUzS9KFJoRR1IYEurNROmsRHBRd1KVos6L4OyTSUTDolMylNLNgu7MaNFEHEgujOhXuXxS/gpyhooUgJunATuZM76bSZaV4zmdT5/eC259xzZ/7nzL3nzLmPIQH0rbH0n1zEyxHxdRIx0lSWj6xwbG27lUc3ptMlidXVT/5KIsnWNbZPsv8PZ5mXIuK3LyNO5TbGrS4tzxXL5dJClh+vzV8dry4tn748X5wtzZauTE5NnX1ravLdd97uWFtfv/DPdx/f++DsVydWvv3lwdE7SZyLI1lZczt24WZzZizGss9kMM49teFEB4LtJ0mvK8CODGT9fDDSMWAkBtZzLayO7HX1gC76Iu3WQJ9K9H/oU415QOPcvkPnwc+Nh++vnQBtbH9+7dpIDNfPhg6tJNn1kDXp+e5oB+KnMX798+6ddInOXYcA2NTNWxFxJp/fOP4l2fi3c2e2sM3TMbL4bS5AAZ10L53/vNFq/pNbn/9Ei/nP4RZ9dyfa9P8muQcdCNNWOv97r+X8d/2m1ehAlnuhPucbTC5dLpfSse3FiDgZgwfS/DPu53yWW7m/2q6wef6XLmn8xlwwq8eD/IEnXzNTrBV31egmD29FvNJy/pus7/+kxf5PP48LW4xxvHT31XZlm7d/XVduMa3+GPFay/2fPBH4Gfcnx+vHw3jjqNjo79vHf28Xfxvt74qHP2eJ9u0fTZrv11a3H+OH4X9L7cp2evwPJZ/W00PZuuvFWm1hImIo+Wjj+snHr23kG9unx//JE88e/1od/wfTjr3F9t8+drt50+Httb+70vbPtD/+Bzbu/+0n7n/4+fft4m9t/79ZT53M1mxl/NtqBXf7+QEAAAAAAMB+kouII5HkCuvpXK5QWHu+41gcypUr1dqpS5XFKzNR/63saAzmGne6R5qeh5jInodt5Cefyk9FxNGI+GbgYD1fmK6UZ3rdeAAAAAAAAAAAAAAAAAAAANgnDkcMt/r9f+qPgV7XDui6fK8rAPRM+/6flXTiLz0B+9KOv/+HO1sPYO+Z/0P/0v+hf+n/0L/0f+hf+j/0r+b+P9TDegB7bzvf/z+d72JFAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/hwvnz6bK68ujGdJqfuba0OFe5dnqmVJ0rzC9OF6YrC1cLs5XKbLlUmK7Mb/Z+5Url6sRkLF4fr5WqtfHq0vLF+crildrFy/PF2dLF0uCetAoAAAAAAAAAAAAAAAAAAACeL9Wl5bliuVxakJDYUSK/P6oh0ZwY2v379HpkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH/gsAAP//3Kw5xQ==")
statfs(&(0x7f0000000000)='./file1\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@noquota}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=")
syz_open_dev$vcsn(&(0x7f00000000c0), 0xa4d, 0x1c5802)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000006000000000000000000850000000700000085"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

795.538278ms ago: executing program 0 (id=2299):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_wakeup_irq', 0x0, 0x120)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='ata_eh_link_autopsy\x00', r1}, 0x18)
finit_module(r0, 0x0, 0x2)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000}, 0x28)
r2 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r3 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
read$hiddev(r3, &(0x7f0000002300)=""/102, 0x66)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_getattr(r4, &(0x7f0000000040)={0x38}, 0x38, 0x0)
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f0000000180), 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x16, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}, @call={0x85, 0x0, 0x0, 0xa6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}}, @ldst={0x0, 0x2, 0x0, 0x3, 0x2, 0x80, 0x4}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r8 = eventfd2(0x0, 0x0)
read$eventfd(r8, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

639.91177ms ago: executing program 1 (id=2301):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000200)={0x1, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x7}, 0xfffffffc}}, {{0xa, 0x4e20, 0xa4fffffb, @loopback, 0xffffffff}}}, 0x108)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffff500000000000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010) (fail_nth: 3)

601.917821ms ago: executing program 1 (id=2302):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x78}}, 0x0)

601.229041ms ago: executing program 4 (id=2303):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$binfmt_aout(r0, 0x0, 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x12)

598.296081ms ago: executing program 1 (id=2304):
r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
pwrite64(r0, &(0x7f0000000100)="00d3c4ded395a5934ba1afebd97a4d9bac53a22cc2177cc6da6e59558401bd9a1fc8314f82df8f21a1610f1b8c", 0x2d, 0x70)
mmap(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x6, 0x100010, r0, 0x5c8f2000)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r6}, 0x18)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c480000", @ANYRES16=0x0, @ANYBLOB="010000000008000000001200000007"], 0x1c}}, 0x0)
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r7], 0x4c}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@local, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r4})

558.984922ms ago: executing program 4 (id=2305):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00'}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x20008040)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0xec, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0xd8, 0x1, [@m_mirred={0xd4, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r6}}]}, {0x87, 0xa, "d8f815a53380a5d9febf7497e6ec1fd8eaf083e39bd2bbb42396b1c11f00fae8ea49d544de8ffccb52adc1f5a8dd91ff34ac4d766bc73e27953ed2bd6b5196e219cb4a27ba4bdfd60547dfea9ad4c9735200000000000000005bc6cfa73116f9567e6743c2d4c43b787de7c15b0d66dab11d3259994f9a77b7037d808d664f02392b74"}, {0xc}, {0xc}}}]}]}, 0xec}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

558.208831ms ago: executing program 1 (id=2306):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4f3, &(0x7f00000012c0)="$eJzs3F1oXFUeAPD/nXz2a5vd7Xa33e5uut1lwxaTNq02D4JUFHxQECuojyFJS23aSJOCLVWmIPVRCr6Lj7764Kv6UsQnwdf6KEihSF/aCuLInbl3vjKTNJNkxpjfD27mnHtn7jnnnnvunHtO5gawbY2mf5JK+E5E7I2IQvMbRisvD+9fn3l0//pMFEulMz8m5Y89SOOZbDexK4uMFSIK7yW1DXUWr167MD0/P3c5i08sXXxrYvHqtSfOD2drpqaS/g4L1SK9tFwPDr67cOjAC2/cemmmuuc8tfpybJTRGG2VlbL/bnRiPbanLtxxvdF16fmfVtdAuf3vjb5YqfKKXcwZsNlKpVJpqP3mYqnZjWVrgC0rhnudA6A38i/69P43X1p1BAY3p/vRc/dOV26A0nI/zJaIf5VX5uMgA033txtpNCJeL/70UbrEJo1DAADU++J03hNs6v+NVGZGfr5y+5n09Q/ZHMpIRPwxIv4UEX+OiH0R8ZeI2B8Rf42IvzXtvy8iSiukP9oUr6ZfnYQq3N2goraU9v+ezua20qU291UNjfRlsT0ReYd57lh2TMZiYOjs+fm54yuk8eVz337Qblt9/y9d0jzkfcEsH3f7mwboZqeXpjsr7XL3bkQc7K+Vv9L/TfojkupMQBIRByLi4Br2O1IXPv//Tw5VIwON71u9/GWllvNoGzDPVPo44n+V+i9GtfzRMImYNMxPXpw+N3du7tLk1NTJE8dPPTX55MRwzM8dm0jPgmMt0/j6m5svt0t/1fJ/9n3zR54/9fmZrGWtX1r/O+vO/8jnb2vlH0kikup87eLa07j53ftt72k6Pf8Hk1fL4fy+9O3ppaXLxyMGkxeXr5+sfTaPp69RrJR/7Ejz+V9Ot3yNy4/E3yMiPYn/ERH/jModYpr3wxHx74g4skL5v3r2P292Xv7NlZZ/NhrLX6n5hvqvzde3CyTZ3GDDpsFIA30XDt951Obi8Xj1f7IcGsvWtL7+JQ2XiHY5zb/t0jW/rPvoAQAAwNZQiIjddWNJu6NQGB+vjAHti52F+YXFpaNnF65cmk23RYzEQCEf6aqMBw8k+fjnSF18sil+Ihs3/rBvRzk+PrMwP9vTkgO7ym0+KYxHvNZX1/5TP2zMEDPwW+b3WrB9rdT+0078/ltdzAzQVY///X/7nU3NCNB1de2/3S/8ix383xewBbj/B2pWf9CPawZsfSVtGba1NbX/ox4CCL8n/fFKNVzoaU6AbtP/h21p1d/1rytQGmq9aTiWvzmGV95hX3SWjR0t0upJIO1Z9ST1HZ18Kn+aQtv3RGFtOxyKxjWDHdbp2XUejeLlxXP7ayd//myRdR7nUva/8htdg592pZ22CnT9UgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALApfg0AAP//XhrXwA==")
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x0) (fail_nth: 8)

540.524892ms ago: executing program 2 (id=2307):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="38010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac1414000000000000000000000000000000000000000000000000005aca000000000000000000000000000094feb319000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000048000200636263286165732900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce60b3b0000000000000"], 0x138}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002280)={0x14, 0x26, 0x107, 0x1, 0x0, {0x4, 0x7c}}, 0x14}}, 0x4c000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56c49, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x40, 0x2c, 0xd27, 0xfffffffc, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xc, 0x4}, {}, {0x3, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x9, 0xffe0}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x20040054)

473.043103ms ago: executing program 4 (id=2308):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8000000000000001, 0x8}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8000000000000002}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

408.477464ms ago: executing program 2 (id=2309):
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x1008014, &(0x7f00000000c0)=ANY=[], 0x4, 0x7d8, &(0x7f0000000a80)="$eJzs3U1oHOf5APBnFMlx5D/G5F/cYBxn7KTggKOsVolSkUOyWY3kSVa7YndVbEpJTSwHYTkJdkNrXxJTSNrSUnrqoYc019x6aym00EObU6E59NJbIKeSQr9IGwoqsx+yJGsl+Tupfz8hvbMzzzvvM6PVPDuSZjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEiq06XSeBK1vL5wIh2sOt1szG2xvL++X69r1nl23bgRSfEZu3fHJ3/vzvvClcX7iy9H4mD30cHYXTS749Ke/fue/v/hoX7/LRK6Xod3GJdEvFkkdfbU8vLi+WseJnZfc5db53u/vOYu/1opvs5m9bwV+VxlNkvzViOdmpwsPX58ppXO5LWsdbLVzubSajOrtBvN9Gj10XR8amoizcZONhbqs9OVWtaf+dRj5VJpMn1+bD6rNFuN+uPPR6t6PK/V8vpsJ6Zc+mYUMU8VT8QX8nbazipzaXpmaXlxYrtUi6DxzRbc033+HHxk30evf/i3pcXiCTloJUnviVkeHy+XxyefnHryqVJpuFwqr59R2iBWI2Ioooi4JU9aPkdu7gEcbsBQr/5HLfKox0KciHSTj5GoxnQ0oxFzxeM/jlwV0dOv/196/C+/32rctfW/X+UfuLL4QHTq/6Huo0OD6v+mud7OjwtxMS7F2TgVy7Eci3H+jme0zcfQja4hWfvo3/8XEfXIoxWNyGMuKjEbWaS9OWlMxWRMRilejOMxE61IYybyqEUWrTgZrWhH1nlGVaMZWVSiHY1oRhpHoxqPRhrjMRVTMRFpZDEWJ6MRC1GP2ZiOSmctZ2Kps98nNmS5/774xct/+OidYno1aHyrzSpezBVBf90iaCjK11D/V1aK1wsbI9T/u8CurRbegqM4XJ+Vfv0HAAAA/mclnd++F+f/I/FgZ2omr2VfvdNpAQAAADdR5y//B4tmpJh6MJLi/L+0SeQHtz03AAAA4OZIOtfYJRExGg91p87EUrwZi7HZLwEiYt/tThEAAAC4QZ2//x8qmtGINzoz+rdLGXD+DwAAAHzefGfQPfY/7N9jtzV/b/KrkYgYSS7Pn3gkOVcp4irn7un26zVfWV1je+ZAsre3kk4zOXxpTxIRw9XsYNK/++V/7u22H3e+Hhhe7T7oXv9Js7llArF1Ap1H8f043I05fLrT7Ol1GU66o4zO5LVsrNqoPd25JWLx2X79laVvRRSjf7c+tzeJM0vLi2Mvvbp8upPL5aL75XO9GyhedR/FLXJZ6e2BeHDzLR7pXIjRG3e0O25p7fYPdbsPbT1msnbMt+JIN+bIaLcd7S/pjrm7GHN87OnxqFT2DrWzE+3XV9ZsfS+L8dUtH1m75T/Zs8Mtfyse7sY8fPThbrNJFuV1WbxydRbltft/Z/tix1m8c/iNE//8bSPJJrbLYuIasli5J2JjFgB3ypnOXX+uVKH7OlXo05Wuov53625RrCrdgJ4dHGv/cWWU1VcZ/f5rat1wbKzuQ6sHxp1V95XoHtGPdmOOdl9PDB/YpK6UNjmiv7b02u96R/Qn3vvxT7926P2fdca9rrr+Xjzajek1cf9vBtTYYpt/sKGqvlv0eHfguK1audhfEd8491rsv3Dx0mNL5069vPjy4ivl8sRk6YlS6cnyrl7sSOcVwxaZAnD32v49dgZG9OtM8sSGs+o4vb7u3r/6LwVj8VK8GstxOo51rjaIiIc2H3d0zb8hHNvmrHV0zTu8HNvm3PJKbPnq2CQGxE6s2WNf/FGn+eSWfDsA4LY4sk0dTuLI+73QQa8QkmPbnHevr+Ubzo5jcC3fzJdv5c4AgLtE1vw4GW2/nTSb+fyL41NT45X28SxtNqovpM18ejZL83o7a1aPV+qzWTrfbLQb1f4vjqezVtpamJ9vNNvpTKOZxlArP9F55/e099bvrWyuUm/n1dZ8Lau0srTaqLcr1XY6nbeq6fzCc7W8dTxrdjq35rNqPpNXK+28UU9bjYVmNRtL01aWrQnMp7N6O5/Ji8l6Ot/M5yrNyxFRW5jL0umsVW3m8+1Gd4X9sfL6TKM511nt2NWb/+fbvb8B4LPgwsVLZ08tLy+ev76JP+0k+E5vIwCwnioNAAAAAAAAAAAAAACffRcuXjq7O5YXz+/rXwhQzL2BKwKvbeLeuOVD3LUTxTfyM5DGnZ34+jPPnB0U89wbDxzf2Xp6PynDse2lrm/vjdj18x925zw7OPjbvZ+/m7OlH0TEdXRfSTZZ9OlKd2LdYWLX7T8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDV/hsAAP//MMlb4Q==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6)

166.042748ms ago: executing program 1 (id=2310):
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x1)
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x144140, 0x4b)
r1 = openat$incfs(r0, &(0x7f00000000c0)='.pending_reads\x00', 0x8000, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000100)={<r2=>0x0, @in6={{0xa, 0x4e24, 0x4, @loopback, 0x3b}}, 0x1, 0x8, 0x7fff, 0x3ff, 0x8}, &(0x7f00000001c0)=0x98)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000200)={<r3=>0x0, 0x9}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000280)={r2, 0x795, 0x5, 0x2, 0x79bb, 0x1000, 0xffff, 0x1000, {r3, @in6={{0xa, 0x4e24, 0x9, @mcast1, 0x10001}}, 0x3, 0x6, 0xfff, 0x8, 0x65}}, &(0x7f0000000340)=0xb0)
socket$can_bcm(0x1d, 0x2, 0x2)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x801, 0x0)
vmsplice(r4, &(0x7f0000000480)=[{&(0x7f00000003c0)="9042a6db1cbcc1b750051a44db699983194c211b426c54528d76e26e2ca67c38", 0x20}, {&(0x7f0000000400)="e425f6aba069a2403a48a054aa30e7acda5529aa133eadf9ce9d266a7174566360f018941bb60760999b18a1d5588d4c2750db7f7d893a90b4af3ee30ef248b50979cf6765c929981c4d79c5b3b7cc24a784018fed7128fdc50cc8ab6a4a4f7db0", 0x61}], 0x2, 0xe)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000006c0)={<r5=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000740)={0x13, 0x10, 0xfa00, {&(0x7f00000004c0), r5, 0x2}}, 0x18)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000780)='./file0/file0\x00', &(0x7f00000007c0), &(0x7f0000000800), 0x2, 0x1)
sendmsg$key(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x2, 0x16, 0x5, 0x5, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x4000814)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000940)={0x10, 0x30, 0xfa00, {&(0x7f0000000900), 0x0, {0xa, 0x4e22, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, r5}}, 0x38)
mmap$usbfs(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x110, r1, 0x4)
munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000009c0), r4)
sendmsg$TIPC_NL_NAME_TABLE_GET(r4, &(0x7f0000000dc0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000a00)={0x34c, r6, 0x800, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbf84}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xa}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xbbc7}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_MEDIA={0xc4, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xae4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf7d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x790f}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x70a}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x400}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6cc}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4c20}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xec}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x39d5}]}, @TIPC_NLA_LINK={0xb0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x54}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20b6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1a7c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3e3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}, @TIPC_NLA_SOCK={0x40, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6e}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x55}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa95}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x366}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2e}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xe}]}]}, 0x34c}, 0x1, 0x0, 0x0, 0x4000044}, 0x41)
r7 = socket$netlink(0x10, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r8, &(0x7f0000000f80)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000e40)={0xe4, 0x2, 0x2, 0x201, 0x0, 0x0, {0x7, 0x0, 0x4}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x4}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'snmp_trap\x00'}, @CTA_EXPECT_NAT={0x7c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x78, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x25}}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, @CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @multicast2}}}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x4)
syz_emit_ethernet(0x42, &(0x7f0000000fc0)={@remote, @multicast, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x2, @multicast, @private0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}, &(0x7f0000001040)={0x0, 0x1, [0x8a2, 0x914, 0xeb9, 0x804]})
r9 = add_key$fscrypt_provisioning(&(0x7f0000001080), &(0x7f00000010c0)={'syz', 0x2}, &(0x7f0000001100)={0x4, 0x0, @c}, 0x29, 0xfffffffffffffff9)
r10 = add_key$keyring(&(0x7f0000001180), &(0x7f00000011c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r9, &(0x7f0000001140)='.request_key_auth\x00', &(0x7f0000001200)=@keyring={'key_or_keyring:', r10})
munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001300)={r4, 0x58, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
sendmsg$nl_route_sched(r7, &(0x7f00000013c0)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x1080010}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)=@getqdisc={0x2c, 0x26, 0x8, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r11, {0x4, 0xf}, {0xe, 0xfff3}, {0xb, 0x8}}, [{0x4}, {0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x24000001)
modify_ldt$write(0x1, &(0x7f0000001400)={0x5, 0x100000, 0x2000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10)

165.451928ms ago: executing program 5 (id=2311):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x80)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file2\x00', 0x40, &(0x7f0000000340), 0x1, 0x57d, &(0x7f0000001440)="$eJzs3U9oHNUfAPDvzCa//svPVFBQ6aGoUKF0k/SPVk/tVSwUehC8aNhsQ8kmG7IbbUIOyb2IPYhKL/WmB4+KBw/ixaPgSQ+KZ6HYoND2oCv7L0nTTdzEJlsznw9M9r15s/t9b2e/LzvDDhNAZh2t/0kjno6Ii0nE4Jq2vmg1Hm1ud3d5oXBveaGQRK126bckkoi4s7xQaG+ftB4PRcRiRDwVEd/0RxxPH4xbmZufGC2VijOt+lB1cnqoMjd/4srk6HhxvDh16qWXz5w9fWbk5Mjap92rra31b22s136+/u617169ef3Tz44sFt4fTeJcDLTa1o5ja77ftDVpdfTcuvWntxfskZX0ugNsS66V5/VUejIGI9fK+k5qg7vaNWCH1fZF1ICMSuQ/ZFT7e0D9+Le97Ob3j1vn6wcgfY34d1tLs6WveW4i9jeOTQ7+ntx3ZJJELO3fzY6yJy0uRcRwX9+Dn/+k9fnbvuGH0UF21Nfnmzvqwf2frsw/0WH+GWifO/2XmvNf89zq/fPfavxc5/kvLnYZ4883fvlow/hLEc90jJ+sxE86xE8j4q0u4994/cuzG7XVPo44Fp3jtyWbnx8eunylVBxu/u0Y46tjR17ZbPwHN4jfPGe7/3Bs8P5Pdzn+L779/NnFTeK/8Nzm+7/T+38gIt7rMv7jdz55baO2W0vJ7fq3gK3u//q6m13Gf/Hc0Z+63BQAAAAAAAAAANiCtPFbtiTNr5TTNJ9vXsP7RBxMS+VK9fjl8uzUWPM3b4ejP23/0mqwWU/q9ZFGebV+cl39VK4VMHegUc8XyqWxiB97PHwAAAAAAAAAAAAAAAAAAAB4JBxad/3/H7nG9f/rb1cN7FUb3/Ib2OvkP2TX/fmf9KwfwO7z/x8yqyb/IbvkP2SX/Ifskv+QXfIfskv+Q3bJfwAAAAAAAAAAAAAAAAAAAAAAAAAA2BEXL1yoL7V7ywuFen2sb252ovz2ibFiZSI/OVvIF8oz0/nxcnm8VMwXypP/9HpJuTw9HFOzV4eqxUp1qDI3/+ZkeXaqfU/RYv+OjwgAAAAAAAAAAAAAAAAAAAD+ewYaS5LmIyJtlNM0n4/4f0Qcjv7k8pVScTgiHouIH3L9++r1kV53GgAAAAAAAAAAAAAAAAAAAPaYytz8xGipVJzJSKFvKxtHxOLD7Ub9Fbf8rP7WvnpU3kOFLBR6PDEBAAAAAAAAAAAAAAAAAEAGrV702+0z/lotpjvUKQAAAAAAAAAAAAAAAAAAAMic9NckIurLscHnB9a3/i+5m2s8RsQ7Ny59cHW0Wp0Zqa+/vbK++mFr/cle9B/oVjtP23kMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArKrMzU+MlkrFmR0s9HqMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvxdwAAAP//TdjZpg==")
setitimer(0x0, &(0x7f0000000000)={{0xffffffff}, {0x0, 0x82}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
umount2(&(0x7f00000002c0)='./file0\x00', 0x1) (fail_nth: 14)

122.766238ms ago: executing program 4 (id=2312):
r0 = fsopen(&(0x7f0000000100)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000280)={r1}, 0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000078000000090a010400000000000000000100fffd08000a40000000000900020073797a31000000000900010073797a300000000008000540000000253c0011800a0001006c696d69740000002c0002800c000240000000000000000308000440000000010c000140ff"], 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4)
r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
fstat(r2, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
r6 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x759, &(0x7f0000000680)={[{@nouid32}, {@jqfmt_vfsv1}, {@noinit_itable}, {@errors_remount}, {@i_version, 0x0}, {@noload}, {@noquota}, {@grpquota}, {@noload}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@bsdgroups}, {@jqfmt_vfsold}, {@quota}, {@abort}, {@delalloc}], [{@fowner_eq={'fowner', 0x3d, r4}}, {@euid_lt}, {@fscontext={'fscontext', 0x3d, 'root'}}], 0x2c}, 0x0, 0x4f6, &(0x7f0000000c00)="$eJzs3EtvVFUcAPD/nbaUCtiKTx7KKBobjZSW58IFEE3YmJhoDC5rWwhSwNCaAGmkGAOJCw2fwMfOxE/gSjdGjQuNW4lbY0JMN6ALc82duVOnvZ2+mHYs/f2SGc6999w55z/3HuY8ZhrAulXOnpKIzRHxa0R0VzdnZihX/7kzNTH019TEUBJp+tqfSSXf7amJoVrW2nmb8o3eUkTpgyR2FIvtHLt0+czg6OjIhXxH33gpT50dPDVyauTcwOHD+/d1HTo4cKApcWZ1ur39vfM7tx1/88YrQyduvPX9l1l90/x4fRxVPZXnDYsuoa2wpxzlme9lnWcWX/U1YUtdOmnPnkutqwyLlt212eXqqLT/7mirbFV1x8vvt7RywIpK0zTtLOyd/iybTOslSfWENL2aAveAJFpdA6A1ah/0t6eykerEUHEcfG+7dTQqI6As7jv5o3qkvTKCLfdUx0YdK1T+QxFxYvLvT7JHzDkPAQDQXF8fjbh+rNrvqD2qR0rxSF2++/O1oZ6IeCAitkbEg3n/5eGISt5HI+KxunM2L2IVoDxru9j/+bkrT9R3V5sm6/+9mK9tzez/Tde8py3f2lKJvyM5eXp0ZG/+nvRGR2e23V986elptW9e+uXjRuWX6/p/2SMrv9YXzOvxR/usCbrhwfHBu4275tbVyht7pRh/Eu1JLRWxLSK2L+P1s/fs9HNf7Gx0fEb8WZyF+D9q/OLty6jQLOlnEc9Wr/9kzIo/8vW/pLI+efadvrFLl184Xb8+2X/o4MCBvo0xOrK3r3ZXFP3w07VX82RhGDHP9a81jRVdSMuu/31z3v/TK5c9WWp6vXZs6WVcu3m94Zhmuff/huT1Srq2PntxcHz8Qn/EhmSyuH/gv3MvDnbNyJ/F37t77va/NeKfT/PzdkREdhM/HhFPRMSuvO5PRsRTEbF7nvi/O/b0242GkAvHv7Ky+IeXdP0bJY78GDH3obYz335VKPjDciH+jmh0/fdXUr35nuHB8Y0LxTVfTesTd/0GAgAAwBqwqzJPm5T25BNNm6NU2rMnYtP0DMrY+PMnz797brg6n9sTHaXaTFd33Xxofz43nG1nZw3UbWfH91XmjdM0Tbuy7Wz8PrqltaHDurepQfvP/F78SQtwr1nSOlqjX7QBa9Ls9n9z0Wc2/wsZwOpqwvdogDVK+4f1a9Htf6V+BQe0zFzt/0rEnRZUBVhlc7X/Nwp7jqxKXYDVZfwP69fy278vA8Ba5/Mf1qVF/Uh+GYmtx+fJk7SvTKGNE6WY/68A9ETU9tT6NPO/4G+liObUsK2pkXbNuKalOfNsjGaUFaUF87Qv4Q8xrG6i9P+oRjXRGREL3L3TN9uVWuLySles0gg+b+3/TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHfv3wAAAP//C4DT6g==")
ioctl$EXT4_IOC_GETFSUUID(r6, 0x8008662c, &(0x7f0000000200))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x10000, 0x88)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r9, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757813"], 0x65)
r10 = socket(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT=r7, @ANYRES8=r10, @ANYRESDEC=r10, @ANYBLOB="dfffae151e3e1f407997a4122c6d7e6481fbbd1256a2b9c1f73c444e57fb575d8d21d21edf1b209bc19bf4bb", @ANYRES8=r3, @ANYRES8=r7], 0x50)
sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRESHEX=r1, @ANYRESHEX=r5, @ANYRES8=r8], 0x1c}, 0x1, 0x0, 0x0, 0x2404c811}, 0x600c050)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000040)={'team0\x00', <r11=>0x0})
setsockopt$inet_mreqn(r8, 0x0, 0x20, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, r11}, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000100070000000900020073797a3000000000140007800800124040000000080013400000000014000300686173683a69702c706f72742c6970000500050002000000050004"], 0x60}}, 0x0)
write$selinux_user(r3, &(0x7f0000000080)=ANY=[], 0x27)

62.979549ms ago: executing program 2 (id=2313):
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x1008014, &(0x7f00000000c0)=ANY=[], 0x4, 0x7d8, &(0x7f0000000a80)="$eJzs3U1oHOf5APBnFMlx5D/G5F/cYBxn7KTggKOsVolSkUOyWY3kSVa7YndVbEpJTSwHYTkJdkNrXxJTSNrSUnrqoYc019x6aym00EObU6E59NJbIKeSQr9IGwoqsx+yJGsl+Tupfz8hvbMzzzvvM6PVPDuSZjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEiq06XSeBK1vL5wIh2sOt1szG2xvL++X69r1nl23bgRSfEZu3fHJ3/vzvvClcX7iy9H4mD30cHYXTS749Ke/fue/v/hoX7/LRK6Xod3GJdEvFkkdfbU8vLi+WseJnZfc5db53u/vOYu/1opvs5m9bwV+VxlNkvzViOdmpwsPX58ppXO5LWsdbLVzubSajOrtBvN9Gj10XR8amoizcZONhbqs9OVWtaf+dRj5VJpMn1+bD6rNFuN+uPPR6t6PK/V8vpsJ6Zc+mYUMU8VT8QX8nbazipzaXpmaXlxYrtUi6DxzRbc033+HHxk30evf/i3pcXiCTloJUnviVkeHy+XxyefnHryqVJpuFwqr59R2iBWI2Ioooi4JU9aPkdu7gEcbsBQr/5HLfKox0KciHSTj5GoxnQ0oxFzxeM/jlwV0dOv/196/C+/32rctfW/X+UfuLL4QHTq/6Huo0OD6v+mud7OjwtxMS7F2TgVy7Eci3H+jme0zcfQja4hWfvo3/8XEfXIoxWNyGMuKjEbWaS9OWlMxWRMRilejOMxE61IYybyqEUWrTgZrWhH1nlGVaMZWVSiHY1oRhpHoxqPRhrjMRVTMRFpZDEWJ6MRC1GP2ZiOSmctZ2Kps98nNmS5/774xct/+OidYno1aHyrzSpezBVBf90iaCjK11D/V1aK1wsbI9T/u8CurRbegqM4XJ+Vfv0HAAAA/mclnd++F+f/I/FgZ2omr2VfvdNpAQAAADdR5y//B4tmpJh6MJLi/L+0SeQHtz03AAAA4OZIOtfYJRExGg91p87EUrwZi7HZLwEiYt/tThEAAAC4QZ2//x8qmtGINzoz+rdLGXD+DwAAAHzefGfQPfY/7N9jtzV/b/KrkYgYSS7Pn3gkOVcp4irn7un26zVfWV1je+ZAsre3kk4zOXxpTxIRw9XsYNK/++V/7u22H3e+Hhhe7T7oXv9Js7llArF1Ap1H8f043I05fLrT7Ol1GU66o4zO5LVsrNqoPd25JWLx2X79laVvRRSjf7c+tzeJM0vLi2Mvvbp8upPL5aL75XO9GyhedR/FLXJZ6e2BeHDzLR7pXIjRG3e0O25p7fYPdbsPbT1msnbMt+JIN+bIaLcd7S/pjrm7GHN87OnxqFT2DrWzE+3XV9ZsfS+L8dUtH1m75T/Zs8Mtfyse7sY8fPThbrNJFuV1WbxydRbltft/Z/tix1m8c/iNE//8bSPJJrbLYuIasli5J2JjFgB3ypnOXX+uVKH7OlXo05Wuov53625RrCrdgJ4dHGv/cWWU1VcZ/f5rat1wbKzuQ6sHxp1V95XoHtGPdmOOdl9PDB/YpK6UNjmiv7b02u96R/Qn3vvxT7926P2fdca9rrr+Xjzajek1cf9vBtTYYpt/sKGqvlv0eHfguK1audhfEd8491rsv3Dx0mNL5069vPjy4ivl8sRk6YlS6cnyrl7sSOcVwxaZAnD32v49dgZG9OtM8sSGs+o4vb7u3r/6LwVj8VK8GstxOo51rjaIiIc2H3d0zb8hHNvmrHV0zTu8HNvm3PJKbPnq2CQGxE6s2WNf/FGn+eSWfDsA4LY4sk0dTuLI+73QQa8QkmPbnHevr+Ubzo5jcC3fzJdv5c4AgLtE1vw4GW2/nTSb+fyL41NT45X28SxtNqovpM18ejZL83o7a1aPV+qzWTrfbLQb1f4vjqezVtpamJ9vNNvpTKOZxlArP9F55/e099bvrWyuUm/n1dZ8Lau0srTaqLcr1XY6nbeq6fzCc7W8dTxrdjq35rNqPpNXK+28UU9bjYVmNRtL01aWrQnMp7N6O5/Ji8l6Ot/M5yrNyxFRW5jL0umsVW3m8+1Gd4X9sfL6TKM511nt2NWb/+fbvb8B4LPgwsVLZ08tLy+ev76JP+0k+E5vIwCwnioNAAAAAAAAAAAAAACffRcuXjq7O5YXz+/rXwhQzL2BKwKvbeLeuOVD3LUTxTfyM5DGnZ34+jPPnB0U89wbDxzf2Xp6PynDse2lrm/vjdj18x925zw7OPjbvZ+/m7OlH0TEdXRfSTZZ9OlKd2LdYWLX7T8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDV/hsAAP//MMlb4Q==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6) (fail_nth: 3)

0s ago: executing program 1 (id=2314):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)

kernel console output (not intermixed with test programs):

ELinux: failed to load policy
[  135.373229][ T8991] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  135.419973][ T8995] loop0: detected capacity change from 0 to 1024
[  135.423156][ T8997] netlink: 'syz.4.1752': attribute type 4 has an invalid length.
[  135.431045][ T8995] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.447468][ T8995] ext4 filesystem being mounted at /344/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.463421][ T8995] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1751: bg 0: block 393: padding at end of block bitmap is not set
[  135.466545][ T9001] loop4: detected capacity change from 0 to 128
[  135.478653][ T8995] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  135.496803][ T8995] EXT4-fs (loop0): This should not happen!! Data will be lost
[  135.496803][ T8995] 
[  135.516814][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.555669][ T9005] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1755'.
[  135.565787][   T29] audit: type=1400 audit(2000000062.900:4550): avc:  denied  { map } for  pid=9004 comm="syz.4.1755" path="socket:[21155]" dev="sockfs" ino=21155 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  135.590224][   T29] audit: type=1400 audit(2000000062.900:4551): avc:  denied  { read } for  pid=9004 comm="syz.4.1755" path="socket:[21155]" dev="sockfs" ino=21155 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  135.590412][ T9005] loop4: detected capacity change from 0 to 1024
[  135.767635][ T8963] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  135.785908][ T8154] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.874129][ T9020] loop5: detected capacity change from 0 to 512
[  135.881319][ T9020] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  135.892272][ T9020] EXT4-fs (loop5): orphan cleanup on readonly fs
[  135.898736][ T9020] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.1762: bad orphan inode 458763
[  135.909458][ T9020] EXT4-fs (loop5): Remounting filesystem read-only
[  135.916433][ T9020] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  135.940942][ T8154] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.962940][ T9025] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  135.975757][ T9025] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  135.980797][ T9027] loop2: detected capacity change from 0 to 1024
[  135.995769][   T29] audit: type=1400 audit(2000000063.330:4552): avc:  denied  { name_bind } for  pid=9024 comm="syz.5.1764" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  136.020310][ T9027] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.033351][ T9027] ext4 filesystem being mounted at /362/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.045824][ T9027] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1765: bg 0: block 393: padding at end of block bitmap is not set
[  136.061820][ T9027] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  136.074545][ T9027] EXT4-fs (loop2): This should not happen!! Data will be lost
[  136.074545][ T9027] 
[  136.084733][   T29] audit: type=1326 audit(2000000063.410:4553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9030 comm="syz.5.1766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  136.108474][   T29] audit: type=1326 audit(2000000063.410:4554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9030 comm="syz.5.1766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  136.132399][   T29] audit: type=1326 audit(2000000063.410:4555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9030 comm="syz.5.1766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  136.156034][   T29] audit: type=1326 audit(2000000063.410:4556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9030 comm="syz.5.1766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  136.181416][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.688742][ T9125] loop4: detected capacity change from 0 to 512
[  136.696230][ T9125] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  136.708256][ T9125] EXT4-fs (loop4): orphan cleanup on readonly fs
[  136.714703][ T9125] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.1774: bad orphan inode 458763
[  136.726522][ T9125] EXT4-fs (loop4): Remounting filesystem read-only
[  136.734333][ T9125] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  136.763746][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.844545][ T9151] loop4: detected capacity change from 0 to 1024
[  136.862328][ T9151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.876425][ T9151] ext4 filesystem being mounted at /344/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.975617][ T9175] loop1: detected capacity change from 0 to 1024
[  136.992292][ T9151] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1777: bg 0: block 393: padding at end of block bitmap is not set
[  137.007344][ T9151] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  137.008485][ T9175] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.020089][ T9151] EXT4-fs (loop4): This should not happen!! Data will be lost
[  137.020089][ T9151] 
[  137.049191][ T9175] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  137.095812][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.102767][ T9182] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1781'.
[  137.126008][ T9182] loop5: detected capacity change from 0 to 512
[  137.129123][ T9184] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1779: bg 0: block 393: padding at end of block bitmap is not set
[  137.136242][ T9182] EXT4-fs: Ignoring removed i_version option
[  137.153435][ T9182] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  137.164837][ T9184] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1840 with error 117
[  137.165444][ T9185] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1783'.
[  137.177526][ T9184] EXT4-fs (loop1): This should not happen!! Data will be lost
[  137.177526][ T9184] 
[  137.191498][ T9184] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28
[  137.198127][ T9182] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  137.208709][ T9184] EXT4-fs (loop1): This should not happen!! Data will be lost
[  137.208709][ T9184] 
[  137.226519][ T9184] EXT4-fs (loop1): Total free blocks count 0
[  137.227129][ T9182] System zones: 
[  137.232540][ T9184] EXT4-fs (loop1): Free/Dirty block details
[  137.232558][ T9184] EXT4-fs (loop1): free_blocks=0
[  137.232573][ T9184] EXT4-fs (loop1): dirty_blocks=32
[  137.232585][ T9184] EXT4-fs (loop1): Block reservation details
[  137.258322][ T9182] 1-12
[  137.280483][ T9185] loop2: detected capacity change from 0 to 512
[  137.287318][ T9185] EXT4-fs: Ignoring removed i_version option
[  137.295018][ T9185] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  137.310676][ T9182] EXT4-fs (loop5): orphan cleanup on readonly fs
[  137.313848][ T9188] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1782'.
[  137.328245][ T9182] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1781: invalid indirect mapped block 12 (level 1)
[  137.349068][ T9185] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  137.360491][ T9185] System zones: 1-12
[  137.364673][ T9185] EXT4-fs (loop2): orphan cleanup on readonly fs
[  137.380190][ T9185] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1783: invalid indirect mapped block 12 (level 1)
[  137.395786][ T9182] EXT4-fs (loop5): Remounting filesystem read-only
[  137.402570][ T9199] loop0: detected capacity change from 0 to 1024
[  137.409919][ T9199] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  137.423490][ T9201] loop4: detected capacity change from 0 to 1024
[  137.430881][ T9182] EXT4-fs (loop5): 1 truncate cleaned up
[  137.437382][ T9182] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  137.441158][ T9204] loop0: detected capacity change from 0 to 128
[  137.456155][ T9204] EXT4-fs: Ignoring removed nobh option
[  137.458302][ T9185] EXT4-fs (loop2): Remounting filesystem read-only
[  137.469222][ T9204] ext4: Unknown parameter 'nouser_xattr'
[  137.471240][ T9201] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.481015][ T9185] EXT4-fs (loop2): 1 truncate cleaned up
[  137.492392][ T9201] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  137.494185][ T9182] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  137.505020][ T9185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  137.512072][ T9182] SELinux: failed to load policy
[  137.538243][ T9185] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  137.546020][ T9185] SELinux: failed to load policy
[  137.567808][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.569407][ T9182] SELinux: syz.5.1781 (9182) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  137.590975][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  137.622082][ T8154] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  137.878759][ T9244] loop5: detected capacity change from 0 to 512
[  137.885716][ T9244] EXT4-fs: Ignoring removed i_version option
[  137.892160][ T9244] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  137.902468][ T9244] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  137.910674][ T9244] System zones: 1-12
[  137.914789][ T9244] EXT4-fs (loop5): orphan cleanup on readonly fs
[  137.921457][ T9244] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1799: invalid indirect mapped block 12 (level 1)
[  137.934970][ T9244] EXT4-fs (loop5): Remounting filesystem read-only
[  137.941652][ T9244] EXT4-fs (loop5): 1 truncate cleaned up
[  137.947741][ T9244] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  137.962630][ T9244] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  137.970328][ T9244] SELinux: failed to load policy
[  137.984964][ T8154] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  138.209473][ T9262] usb usb8: usbfs: process 9262 (syz.5.1806) did not claim interface 0 before use
[  138.603266][ T9272] SELinux: security policydb version 18 (MLS) not backwards compatible
[  138.611918][ T9272] SELinux: failed to load policy
[  138.672390][ T9280] loop4: detected capacity change from 0 to 128
[  138.871206][ T9285] loop4: detected capacity change from 0 to 1024
[  138.880381][ T9285] ext4 filesystem being mounted at /355/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.934996][ T9285] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1816: bg 0: block 393: padding at end of block bitmap is not set
[  138.950011][ T9285] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  138.962781][ T9285] EXT4-fs (loop4): This should not happen!! Data will be lost
[  138.962781][ T9285] 
[  139.010101][ T9291] loop4: detected capacity change from 0 to 2048
[  139.043616][ T9291] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  139.058476][ T9291] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  139.070791][ T9291] EXT4-fs (loop4): This should not happen!! Data will be lost
[  139.070791][ T9291] 
[  139.080583][ T9291] EXT4-fs (loop4): Total free blocks count 0
[  139.086794][ T9291] EXT4-fs (loop4): Free/Dirty block details
[  139.092832][ T9291] EXT4-fs (loop4): free_blocks=2415919504
[  139.098776][ T9291] EXT4-fs (loop4): dirty_blocks=16
[  139.104023][ T9291] EXT4-fs (loop4): Block reservation details
[  139.110172][ T9291] EXT4-fs (loop4): i_reserved_data_blocks=1
[  139.126749][ T9296] loop5: detected capacity change from 0 to 512
[  139.134049][ T9296] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  139.150862][ T9296] EXT4-fs (loop5): orphan cleanup on readonly fs
[  139.157421][ T9296] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.1818: bad orphan inode 458763
[  139.171771][ T9296] EXT4-fs (loop5): Remounting filesystem read-only
[  139.323146][ T9314] netdevsim netdevsim5: Direct firmware load for ./file0 failed with error -2
[  139.422179][ T9320] loop5: detected capacity change from 0 to 128
[  139.430391][ T9320] ext4 filesystem being mounted at /74/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  139.539200][ T9323] SELinux: syz.2.1827 (9323) set checkreqprot to 1. This is no longer supported.
[  139.576644][ T9325] loop2: detected capacity change from 0 to 1024
[  139.584103][ T9327] loop1: detected capacity change from 0 to 2048
[  139.591325][ T9325] ext4 filesystem being mounted at /372/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.604885][ T9325] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1828: bg 0: block 393: padding at end of block bitmap is not set
[  139.620089][ T9325] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  139.632790][ T9325] EXT4-fs (loop2): This should not happen!! Data will be lost
[  139.632790][ T9325] 
[  139.667898][ T9327] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  139.668560][ T9333] loop2: detected capacity change from 0 to 512
[  139.684272][ T9327] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  139.690951][ T9333] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  139.701375][ T9327] EXT4-fs (loop1): This should not happen!! Data will be lost
[  139.701375][ T9327] 
[  139.701395][ T9327] EXT4-fs (loop1): Total free blocks count 0
[  139.710030][ T9333] EXT4-fs (loop2): orphan cleanup on readonly fs
[  139.719253][ T9327] EXT4-fs (loop1): Free/Dirty block details
[  139.725691][ T9333] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.1830: iget: bad i_size value: 38620345925642
[  139.731608][ T9327] EXT4-fs (loop1): free_blocks=2415919504
[  139.740394][ T9333] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1830: couldn't read orphan inode 15 (err -117)
[  139.750409][ T9327] EXT4-fs (loop1): dirty_blocks=16
[  139.773431][ T9327] EXT4-fs (loop1): Block reservation details
[  139.779574][ T9327] EXT4-fs (loop1): i_reserved_data_blocks=1
[  139.932623][ T9352] netlink: 'syz.1.1838': attribute type 4 has an invalid length.
[  139.992879][ T9358] smc: net device bond0 applied user defined pnetid SYZ2
[  139.995414][ T9360] loop2: detected capacity change from 0 to 512
[  140.000473][ T9358] smc: net device bond0 erased user defined pnetid SYZ2
[  140.007853][ T9360] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  140.022702][ T9360] EXT4-fs (loop2): orphan cleanup on readonly fs
[  140.029603][ T9360] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.1842: iget: bad i_size value: 38620345925642
[  140.043678][ T9360] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1842: couldn't read orphan inode 15 (err -117)
[  140.058364][ T9358] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=9358 comm=syz.1.1841
[  140.103556][ T9363] loop4: detected capacity change from 0 to 2048
[  140.127420][ T9369] loop2: detected capacity change from 0 to 512
[  140.134321][ T9365] loop0: detected capacity change from 0 to 8192
[  140.134987][ T9369] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  140.148801][ T9371] loop1: detected capacity change from 0 to 1024
[  140.153183][ T9369] EXT4-fs (loop2): 1 truncate cleaned up
[  140.164742][ T9371] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  140.217052][ T9378] SELinux: security policydb version 18 (MLS) not backwards compatible
[  140.226528][ T9378] SELinux: failed to load policy
[  140.260630][ T9378] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  140.265150][ T9382] __nla_validate_parse: 8 callbacks suppressed
[  140.265169][ T9382] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1850'.
[  140.285430][ T9363] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  140.305421][ T9382] loop5: detected capacity change from 0 to 512
[  140.319326][ T9382] EXT4-fs: Ignoring removed i_version option
[  140.321665][ T9363] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  140.328059][ T9382] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  140.337656][ T9363] EXT4-fs (loop4): This should not happen!! Data will be lost
[  140.337656][ T9363] 
[  140.349261][ T9382] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  140.356999][ T9363] EXT4-fs (loop4): Total free blocks count 0
[  140.370999][ T9363] EXT4-fs (loop4): Free/Dirty block details
[  140.371411][ T9382] System zones: 
[  140.377249][ T9363] EXT4-fs (loop4): free_blocks=2415919504
[  140.377270][ T9363] EXT4-fs (loop4): dirty_blocks=16
[  140.380849][ T9382] 1-12
[  140.386546][ T9363] EXT4-fs (loop4): Block reservation details
[  140.391694][ T9382] 
[  140.391837][ T9382] EXT4-fs (loop5): orphan cleanup on readonly fs
[  140.394395][ T9363] EXT4-fs (loop4): i_reserved_data_blocks=1
[  140.416901][ T9382] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1850: invalid indirect mapped block 12 (level 1)
[  140.434831][ T9382] EXT4-fs (loop5): Remounting filesystem read-only
[  140.441596][   T29] kauditd_printk_skb: 145 callbacks suppressed
[  140.441610][   T29] audit: type=1400 audit(2000000067.770:4702): avc:  denied  { bind } for  pid=9387 comm="syz.0.1853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  140.452517][ T9388] 9pnet_fd: Insufficient options for proto=fd
[  140.474460][ T9382] EXT4-fs (loop5): 1 truncate cleaned up
[  140.480497][   T29] audit: type=1326 audit(2000000067.790:4703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb64ace929 code=0x7ffc0000
[  140.504200][   T29] audit: type=1326 audit(2000000067.790:4704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb64ace929 code=0x7ffc0000
[  140.506749][ T9382] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  140.527690][   T29] audit: type=1326 audit(2000000067.790:4705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fcb64ace929 code=0x7ffc0000
[  140.527736][   T29] audit: type=1326 audit(2000000067.790:4706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb64ace929 code=0x7ffc0000
[  140.537623][ T9382] SELinux: failed to load policy
[  140.559297][   T29] audit: type=1326 audit(2000000067.790:4707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb64ace929 code=0x7ffc0000
[  140.559350][   T29] audit: type=1326 audit(2000000067.790:4708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fcb64ad07bc code=0x7ffc0000
[  140.634842][   T29] audit: type=1326 audit(2000000067.790:4709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fcb64ad06f4 code=0x7ffc0000
[  140.658248][   T29] audit: type=1326 audit(2000000067.790:4710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fcb64ad06f4 code=0x7ffc0000
[  140.682179][   T29] audit: type=1326 audit(2000000067.790:4711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9387 comm="syz.0.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb64ace929 code=0x7ffc0000
[  140.741047][ T9394] loop4: detected capacity change from 0 to 2048
[  140.773840][ T9400] loop5: detected capacity change from 0 to 512
[  140.781488][ T9400] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  140.789751][ T9400] EXT4-fs (loop5): orphan cleanup on readonly fs
[  140.796372][ T9400] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.1858: iget: bad i_size value: 38620345925642
[  140.810001][ T9400] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1858: couldn't read orphan inode 15 (err -117)
[  140.854690][ T9407] loop4: detected capacity change from 0 to 1024
[  140.861588][ T9407] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  140.912122][ T9416] loop5: detected capacity change from 0 to 2048
[  140.913489][ T9413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1863'.
[  140.945779][ T9369] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  140.979858][ T9422] loop4: detected capacity change from 0 to 1024
[  140.991105][ T9416] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  141.008358][ T9416] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  141.020670][ T9416] EXT4-fs (loop5): This should not happen!! Data will be lost
[  141.020670][ T9416] 
[  141.030366][ T9416] EXT4-fs (loop5): Total free blocks count 0
[  141.033767][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1868'.
[  141.036361][ T9416] EXT4-fs (loop5): Free/Dirty block details
[  141.036379][ T9416] EXT4-fs (loop5): free_blocks=2415919504
[  141.048339][ T9422] ext4 filesystem being mounted at /362/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.051343][ T9416] EXT4-fs (loop5): dirty_blocks=16
[  141.051361][ T9416] EXT4-fs (loop5): Block reservation details
[  141.051375][ T9416] EXT4-fs (loop5): i_reserved_data_blocks=1
[  141.090372][ T9432] loop2: detected capacity change from 0 to 512
[  141.097345][ T9432] EXT4-fs: Ignoring removed i_version option
[  141.104349][ T9432] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  141.116219][ T9432] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  141.125099][ T9432] System zones: 1-12
[  141.131611][ T9432] EXT4-fs (loop2): orphan cleanup on readonly fs
[  141.138522][ T9432] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1868: invalid indirect mapped block 12 (level 1)
[  141.152518][ T9432] EXT4-fs (loop2): Remounting filesystem read-only
[  141.170912][ T9439] loop5: detected capacity change from 0 to 1024
[  141.178296][ T9432] EXT4-fs (loop2): 1 truncate cleaned up
[  141.187955][ T9428] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  141.195716][ T9428] SELinux: failed to load policy
[  141.197235][ T9439] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.201659][ T9428] SELinux: syz.2.1868 (9428) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  141.267401][ T9439] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1870: bg 0: block 393: padding at end of block bitmap is not set
[  141.282901][ T9439] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  141.288256][ T9446] netlink: 'syz.1.1873': attribute type 4 has an invalid length.
[  141.295622][ T9439] EXT4-fs (loop5): This should not happen!! Data will be lost
[  141.295622][ T9439] 
[  141.359748][ T9451] loop5: detected capacity change from 0 to 128
[  141.360553][ T9450] loop1: detected capacity change from 0 to 512
[  141.394016][ T9450] ext4 filesystem being mounted at /365/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  141.407721][ T9456] FAULT_INJECTION: forcing a failure.
[  141.407721][ T9456] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  141.421225][ T9456] CPU: 1 UID: 0 PID: 9456 Comm: syz.5.1877 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  141.421256][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.421270][ T9456] Call Trace:
[  141.421275][ T9456]  <TASK>
[  141.421320][ T9456]  __dump_stack+0x1d/0x30
[  141.421342][ T9456]  dump_stack_lvl+0xe8/0x140
[  141.421374][ T9456]  dump_stack+0x15/0x1b
[  141.421404][ T9456]  should_fail_ex+0x265/0x280
[  141.421445][ T9456]  should_fail_alloc_page+0xf2/0x100
[  141.421527][ T9456]  __alloc_frozen_pages_noprof+0xff/0x360
[  141.421607][ T9456]  alloc_pages_mpol+0xb3/0x250
[  141.421642][ T9456]  vma_alloc_folio_noprof+0x1aa/0x300
[  141.421683][ T9456]  handle_mm_fault+0xec2/0x2be0
[  141.421738][ T9456]  ? mas_walk+0xf2/0x120
[  141.421804][ T9456]  do_user_addr_fault+0x636/0x1090
[  141.421858][ T9456]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  141.421950][ T9456]  exc_page_fault+0x62/0xa0
[  141.421982][ T9456]  asm_exc_page_fault+0x26/0x30
[  141.422008][ T9456] RIP: 0033:0x7f413eb60ca3
[  141.422023][ T9456] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  141.422041][ T9456] RSP: 002b:00007f413d3064a0 EFLAGS: 00010202
[  141.422059][ T9456] RAX: 000000000000c000 RBX: 00007f413d306540 RCX: 00007f4134ee7000
[  141.422072][ T9456] RDX: 00007f413d3066e0 RSI: 0000000000000011 RDI: 00007f413d3065e0
[  141.422148][ T9456] RBP: 00000000000000b4 R08: 0000000000000007 R09: 0000000000000044
[  141.422165][ T9456] R10: 0000000000000052 R11: 00007f413d306540 R12: 0000000000000001
[  141.422198][ T9456] R13: 00007f413ed3c200 R14: 0000000000000002 R15: 00007f413d3065e0
[  141.422302][ T9456]  </TASK>
[  141.422325][ T9456] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  141.606308][ T9456] loop5: detected capacity change from 0 to 1024
[  141.613408][ T9456] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  141.624484][ T9456] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  141.641674][ T9456] JBD2: no valid journal superblock found
[  141.647719][ T9456] EXT4-fs (loop5): Could not load journal inode
[  141.673420][ T9465] sd 0:0:1:0: device reset
[  141.684671][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1879'.
[  141.722095][ T9471] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1883'.
[  141.751339][ T9471] loop2: detected capacity change from 0 to 512
[  141.757802][ T9475] loop5: detected capacity change from 0 to 1024
[  141.758171][ T9471] EXT4-fs: Ignoring removed i_version option
[  141.772596][ T9471] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  141.784538][ T9475] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.795017][ T9471] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  141.803308][ T9471] System zones: 1-12
[  141.807405][ T9471] EXT4-fs (loop2): orphan cleanup on readonly fs
[  141.814679][ T9471] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1883: invalid indirect mapped block 12 (level 1)
[  141.828200][ T9471] EXT4-fs (loop2): Remounting filesystem read-only
[  141.835775][ T9471] EXT4-fs (loop2): 1 truncate cleaned up
[  141.843855][ T9471] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  141.852397][ T9471] SELinux: failed to load policy
[  141.874333][ T9475] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1885: bg 0: block 393: padding at end of block bitmap is not set
[  141.889613][ T9475] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  141.902298][ T9475] EXT4-fs (loop5): This should not happen!! Data will be lost
[  141.902298][ T9475] 
[  141.919964][ T9487] loop1: detected capacity change from 0 to 1024
[  141.948978][ T9487] ext4 filesystem being mounted at /370/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.968458][ T9487] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1888: bg 0: block 393: padding at end of block bitmap is not set
[  141.968604][ T9495] FAULT_INJECTION: forcing a failure.
[  141.968604][ T9495] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  141.996357][ T9495] CPU: 1 UID: 0 PID: 9495 Comm: syz.2.1892 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  141.996490][ T9495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.996505][ T9495] Call Trace:
[  141.996513][ T9495]  <TASK>
[  141.996574][ T9495]  __dump_stack+0x1d/0x30
[  141.996599][ T9495]  dump_stack_lvl+0xe8/0x140
[  141.996624][ T9495]  dump_stack+0x15/0x1b
[  141.996647][ T9495]  should_fail_ex+0x265/0x280
[  141.996685][ T9495]  should_fail_alloc_page+0xf2/0x100
[  141.996722][ T9495]  __alloc_frozen_pages_noprof+0xff/0x360
[  141.996760][ T9495]  alloc_pages_mpol+0xb3/0x250
[  141.996880][ T9495]  vma_alloc_folio_noprof+0x1aa/0x300
[  141.996925][ T9495]  handle_mm_fault+0xec2/0x2be0
[  141.996956][ T9495]  ? mas_walk+0xf2/0x120
[  141.996980][ T9487] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  141.997003][ T9495]  do_user_addr_fault+0x636/0x1090
[  141.997055][ T9495]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  141.997130][ T9495]  exc_page_fault+0x62/0xa0
[  141.997173][ T9495]  asm_exc_page_fault+0x26/0x30
[  141.997203][ T9495] RIP: 0033:0x7f90be680ca3
[  141.997227][ T9495] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  141.997254][ T9495] RSP: 002b:00007f90bce264a0 EFLAGS: 00010206
[  141.997278][ T9495] RAX: 0000000000020000 RBX: 00007f90bce26540 RCX: 00007f90b4a07000
[  141.997306][ T9495] RDX: 00007f90bce266e0 RSI: 0000000000000017 RDI: 00007f90bce265e0
[  141.997323][ T9495] RBP: 000000000000005f R08: 0000000000000009 R09: 00000000000001aa
[  141.997340][ T9495] R10: 00000000000001c0 R11: 00007f90bce26540 R12: 0000000000000001
[  141.997427][ T9495] R13: 00007f90be85c200 R14: 0000000000000050 R15: 00007f90bce265e0
[  141.997454][ T9495]  </TASK>
[  141.997486][ T9495] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  142.009642][ T9487] EXT4-fs (loop1): This should not happen!! Data will be lost
[  142.009642][ T9487] 
[  142.029485][ T9495] loop2: detected capacity change from 0 to 2048
[  142.205578][ T9495] ext4: Unknown parameter 'dont_appraise'
[  142.390649][ T9510] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1898'.
[  142.404093][ T9510] loop5: detected capacity change from 0 to 512
[  142.416237][ T9503] loop4: detected capacity change from 0 to 1024
[  142.470483][ T9512] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1896'.
[  142.485056][ T9503] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  142.496954][ T9503] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  142.497646][ T9510] EXT4-fs: Ignoring removed i_version option
[  142.505020][ T9503] EXT4-fs (loop4): orphan cleanup on readonly fs
[  142.506990][ T9503] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1894: bg 0: block 10: padding at end of block bitmap is not set
[  142.536517][ T9510] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  142.547903][ T9503] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1894: Failed to acquire dquot type 0
[  142.560118][ T9503] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1894: Failed to acquire dquot type 0
[  142.572192][ T9510] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  142.580363][ T9503] EXT4-fs error (device loop4): ext4_free_blocks:6587: comm syz.4.1894: Freeing blocks not in datazone - block = 0, count = 4096
[  142.594413][ T9503] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1894: Failed to acquire dquot type 0
[  142.606396][ T9503] EXT4-fs (loop4): 1 orphan inode deleted
[  142.618292][ T9510] System zones: 1-12
[  142.644794][ T9510] EXT4-fs (loop5): orphan cleanup on readonly fs
[  142.696677][ T9510] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1898: invalid indirect mapped block 12 (level 1)
[  142.757094][ T9510] EXT4-fs (loop5): Remounting filesystem read-only
[  142.764038][ T9510] EXT4-fs (loop5): 1 truncate cleaned up
[  142.780590][ T9510] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  142.788506][ T9510] SELinux: failed to load policy
[  142.923086][ T9527] loop0: detected capacity change from 0 to 512
[  142.937977][ T9527] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  142.951224][ T9527] EXT4-fs (loop0): 1 truncate cleaned up
[  142.967908][ T9531] loop5: detected capacity change from 0 to 1024
[  142.974936][ T9531] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  143.005159][ T9535] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1907'.
[  143.234006][ T9550] loop5: detected capacity change from 0 to 1024
[  143.251915][ T9550] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.334136][ T9550] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1912: bg 0: block 393: padding at end of block bitmap is not set
[  143.348846][ T9550] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  143.361772][ T9550] EXT4-fs (loop5): This should not happen!! Data will be lost
[  143.361772][ T9550] 
[  143.426525][ T9566] loop5: detected capacity change from 0 to 2048
[  143.437664][ T9566] EXT4-fs error (device loop5): ext4_read_inline_dir:1502: inode #12: block 9: comm syz.5.1918: path /90/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=13, rec_len=21, size=80 fake=0
[  143.463055][ T9566] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1918'.
[  143.485964][ T9564] loop4: detected capacity change from 0 to 2048
[  143.552348][ T9574] netlink: 'syz.4.1921': attribute type 4 has an invalid length.
[  143.622983][ T9582] loop5: detected capacity change from 0 to 1024
[  143.642019][ T9582] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.684915][ T9590] geneve1: entered promiscuous mode
[  143.692373][ T9588] geneve1: left promiscuous mode
[  143.742907][ T9598] loop4: detected capacity change from 0 to 1024
[  143.749692][ T9598] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  143.752599][ T9527] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  143.788692][ T9600] netlink: 'syz.4.1933': attribute type 4 has an invalid length.
[  143.815832][ T9604] SELinux: security policydb version 18 (MLS) not backwards compatible
[  143.824547][ T9604] SELinux: failed to load policy
[  143.831074][ T9604] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  143.874986][ T9607] FAULT_INJECTION: forcing a failure.
[  143.874986][ T9607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.888182][ T9607] CPU: 0 UID: 0 PID: 9607 Comm: syz.1.1932 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  143.888279][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.888292][ T9607] Call Trace:
[  143.888298][ T9607]  <TASK>
[  143.888306][ T9607]  __dump_stack+0x1d/0x30
[  143.888337][ T9607]  dump_stack_lvl+0xe8/0x140
[  143.888360][ T9607]  dump_stack+0x15/0x1b
[  143.888383][ T9607]  should_fail_ex+0x265/0x280
[  143.888419][ T9607]  should_fail+0xb/0x20
[  143.888449][ T9607]  should_fail_usercopy+0x1a/0x20
[  143.888560][ T9607]  _copy_from_user+0x1c/0xb0
[  143.888587][ T9607]  kstrtouint_from_user+0x69/0xf0
[  143.888682][ T9607]  ? 0xffffffff81000000
[  143.888696][ T9607]  ? selinux_file_permission+0x1e4/0x320
[  143.888727][ T9607]  proc_fail_nth_write+0x50/0x160
[  143.888773][ T9607]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  143.888868][ T9607]  vfs_write+0x266/0x8e0
[  143.888906][ T9607]  ? vfs_read+0x47f/0x6f0
[  143.888949][ T9607]  ? __rcu_read_unlock+0x4f/0x70
[  143.888978][ T9607]  ? __fget_files+0x184/0x1c0
[  143.889088][ T9607]  ksys_write+0xda/0x1a0
[  143.889133][ T9607]  __x64_sys_write+0x40/0x50
[  143.889192][ T9607]  x64_sys_call+0x2cdd/0x2fb0
[  143.889221][ T9607]  do_syscall_64+0xd2/0x200
[  143.889246][ T9607]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  143.889335][ T9607]  ? clear_bhb_loop+0x40/0x90
[  143.889361][ T9607]  ? clear_bhb_loop+0x40/0x90
[  143.889382][ T9607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.889405][ T9607] RIP: 0033:0x7f6c17ecd3df
[  143.889467][ T9607] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  143.889490][ T9607] RSP: 002b:00007f6c16516030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  143.889515][ T9607] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c17ecd3df
[  143.889530][ T9607] RDX: 0000000000000001 RSI: 00007f6c165160a0 RDI: 000000000000000a
[  143.889546][ T9607] RBP: 00007f6c16516090 R08: 0000000000000000 R09: 0000000000000000
[  143.889562][ T9607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  143.889578][ T9607] R13: 0000000000000001 R14: 00007f6c180f6080 R15: 00007ffe5afd1e98
[  143.889602][ T9607]  </TASK>
[  144.127411][ T9608] loop4: detected capacity change from 0 to 1024
[  144.135928][ T9610] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  144.149764][ T9608] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.163507][ T9608] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1936: bg 0: block 393: padding at end of block bitmap is not set
[  144.178327][ T9608] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  144.191085][ T9608] EXT4-fs (loop4): This should not happen!! Data will be lost
[  144.191085][ T9608] 
[  144.344649][ T9618] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1930'.
[  144.732145][ T9627] loop0: detected capacity change from 0 to 512
[  144.754960][ T9627] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  144.791570][ T9627] netlink: 'syz.0.1941': attribute type 2 has an invalid length.
[  144.799405][ T9627] netlink: 'syz.0.1941': attribute type 1 has an invalid length.
[  144.912154][ T9627] loop0: detected capacity change from 0 to 512
[  144.965274][ T9627] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1941: bg 0: block 5: invalid block bitmap
[  144.977771][ T9645] loop4: detected capacity change from 0 to 1024
[  144.987037][ T9627] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  144.996296][ T9627] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1941: invalid indirect mapped block 3 (level 2)
[  144.998300][ T9645] ext4 filesystem being mounted at /389/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.011479][ T9627] EXT4-fs (loop0): 2 truncates cleaned up
[  145.101322][ T5305] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u8:29: bg 0: block 393: padding at end of block bitmap is not set
[  145.117182][ T5305] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  145.129952][ T5305] EXT4-fs (loop4): This should not happen!! Data will be lost
[  145.129952][ T5305] 
[  145.313863][ T9663] __nla_validate_parse: 1 callbacks suppressed
[  145.313883][ T9663] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1955'.
[  145.415787][ T9674] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  145.469279][ T9679] loop0: detected capacity change from 0 to 1024
[  145.486896][ T9682] sg_write: data in/out 2012/14 bytes for SCSI command 0x0-- guessing data in;
[  145.486896][ T9682]    program syz.2.1962 not setting count and/or reply_len properly
[  145.511283][ T9679] ext4 filesystem being mounted at /375/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.588121][ T9689] loop2: detected capacity change from 0 to 1024
[  145.609931][ T9689] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  145.621270][ T9689] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  145.640540][ T5315] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm kworker/u8:38: bg 0: block 393: padding at end of block bitmap is not set
[  145.656068][ T5315] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  145.668818][ T5315] EXT4-fs (loop0): This should not happen!! Data will be lost
[  145.668818][ T5315] 
[  145.689902][ T9689] JBD2: no valid journal superblock found
[  145.695756][ T9689] EXT4-fs (loop2): Could not load journal inode
[  145.726386][ T9689] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  145.745473][   T29] kauditd_printk_skb: 301 callbacks suppressed
[  145.745491][   T29] audit: type=1400 audit(2000000073.080:5004): avc:  denied  { create } for  pid=9691 comm="syz.1.1966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  145.775117][ T9694] netlink: 'syz.0.1965': attribute type 4 has an invalid length.
[  145.890619][   T29] audit: type=1400 audit(2000000073.110:5005): avc:  denied  { setopt } for  pid=9691 comm="syz.1.1966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  145.910232][   T29] audit: type=1400 audit(2000000073.230:5006): avc:  denied  { name_bind } for  pid=9698 comm="syz.0.1968" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  145.932094][   T29] audit: type=1400 audit(2000000073.230:5007): avc:  denied  { node_bind } for  pid=9698 comm="syz.0.1968" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  145.953642][ T9699] FAULT_INJECTION: forcing a failure.
[  145.953642][ T9699] name failslab, interval 1, probability 0, space 0, times 0
[  145.966386][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: syz.0.1968 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  145.966488][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.966503][ T9699] Call Trace:
[  145.966512][ T9699]  <TASK>
[  145.966521][ T9699]  __dump_stack+0x1d/0x30
[  145.966547][ T9699]  dump_stack_lvl+0xe8/0x140
[  145.966571][ T9699]  dump_stack+0x15/0x1b
[  145.966636][ T9699]  should_fail_ex+0x265/0x280
[  145.966674][ T9699]  should_failslab+0x8c/0xb0
[  145.966728][ T9699]  kmem_cache_alloc_noprof+0x50/0x310
[  145.966756][ T9699]  ? security_file_alloc+0x32/0x100
[  145.966817][ T9699]  security_file_alloc+0x32/0x100
[  145.966839][ T9699]  init_file+0x5c/0x1d0
[  145.966865][ T9699]  alloc_empty_file+0x8b/0x200
[  145.966968][ T9699]  alloc_file_pseudo+0xc6/0x160
[  145.967000][ T9699]  sock_alloc_file+0x9c/0x1e0
[  145.967030][ T9699]  do_accept+0x1e4/0x3a0
[  145.967135][ T9699]  __sys_accept4+0xbf/0x140
[  145.967173][ T9699]  __x64_sys_accept+0x42/0x50
[  145.967210][ T9699]  x64_sys_call+0x2f50/0x2fb0
[  145.967239][ T9699]  do_syscall_64+0xd2/0x200
[  145.967269][ T9699]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  145.967298][ T9699]  ? clear_bhb_loop+0x40/0x90
[  145.967321][ T9699]  ? clear_bhb_loop+0x40/0x90
[  145.967372][ T9699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.967394][ T9699] RIP: 0033:0x7fcb64ace929
[  145.967410][ T9699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.967429][ T9699] RSP: 002b:00007fcb63137038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  145.967449][ T9699] RAX: ffffffffffffffda RBX: 00007fcb64cf5fa0 RCX: 00007fcb64ace929
[  145.967462][ T9699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  145.967548][ T9699] RBP: 00007fcb63137090 R08: 0000000000000000 R09: 0000000000000000
[  145.967561][ T9699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.967574][ T9699] R13: 0000000000000000 R14: 00007fcb64cf5fa0 R15: 00007ffecff29078
[  145.967596][ T9699]  </TASK>
[  146.191400][ T9701] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1969'.
[  146.248962][ T9706] loop0: detected capacity change from 0 to 1024
[  146.257427][ T9704] loop1: detected capacity change from 0 to 1024
[  146.303273][ T9706] ext4 filesystem being mounted at /379/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.315336][ T9704] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.1971: Allocating blocks 385-513 which overlap fs metadata
[  146.416002][   T29] audit: type=1400 audit(2000000073.750:5008): avc:  denied  { mounton } for  pid=9703 comm="syz.1.1971" path="/382/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  146.440864][ T9704] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  146.472606][   T29] audit: type=1400 audit(2000000073.780:5009): avc:  denied  { mount } for  pid=9703 comm="syz.1.1971" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  146.494925][   T29] audit: type=1400 audit(2000000073.780:5010): avc:  denied  { mac_admin } for  pid=9703 comm="syz.1.1971" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  146.516140][   T29] audit: type=1400 audit(2000000073.790:5011): avc:  denied  { relabelto } for  pid=9703 comm="syz.1.1971" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  146.548993][ T9704] EXT4-fs (loop1): pa ffff888106999a10: logic 16, phys. 129, len 24
[  146.557243][ T9704] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  146.620443][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1977'.
[  146.675114][   T29] audit: type=1400 audit(2000000073.890:5012): avc:  denied  { ioctl } for  pid=9728 comm="syz.0.1977" path="socket:[23284]" dev="sockfs" ino=23284 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.699858][   T29] audit: type=1400 audit(2000000073.960:5013): avc:  denied  { bind } for  pid=9728 comm="syz.0.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.736942][ T9738] netlink: 'syz.0.1980': attribute type 4 has an invalid length.
[  146.780743][ T9742] netlink: 'syz.1.1981': attribute type 4 has an invalid length.
[  146.808209][ T9749] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1983'.
[  146.856630][ T9757] loop0: detected capacity change from 0 to 1024
[  146.894742][ T9763] loop4: detected capacity change from 0 to 512
[  146.902411][ T9765] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  146.914600][ T9763] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  146.925163][ T9757] ext4 filesystem being mounted at /383/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.964527][ T9763] EXT4-fs (loop4): 1 truncate cleaned up
[  147.069653][ T9767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1990'.
[  147.090444][ T9779] loop0: detected capacity change from 0 to 1024
[  147.132144][ T9779] ext4 filesystem being mounted at /385/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.146260][ T9786] loop2: detected capacity change from 0 to 764
[  147.157254][ T9786] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  147.207189][ T9786] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1996'.
[  147.724817][ T9763] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  147.889844][ T9796] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1999'.
[  147.916500][ T9802] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2001'.
[  147.937400][ T9802] batadv1: entered promiscuous mode
[  147.942815][ T9802] batadv1: entered allmulticast mode
[  147.952828][ T9805] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  148.107490][ T9833] loop0: detected capacity change from 0 to 1024
[  148.126791][ T9833] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.154857][ T9833] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2014: bg 0: block 393: padding at end of block bitmap is not set
[  148.170418][ T9833] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  148.183135][ T9833] EXT4-fs (loop0): This should not happen!! Data will be lost
[  148.183135][ T9833] 
[  148.246347][ T9841] loop4: detected capacity change from 0 to 164
[  148.296047][ T9848] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2018'.
[  148.317880][ T9850] loop0: detected capacity change from 0 to 1024
[  148.335352][ T9850] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  148.403745][ T9859] netlink: 'syz.2.2022': attribute type 29 has an invalid length.
[  148.411886][ T9859] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2022'.
[  148.541535][ T9859] loop2: detected capacity change from 0 to 8192
[  148.700590][ T3401] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  148.712733][ T3401] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  148.797875][ T9873] loop5: detected capacity change from 0 to 512
[  148.805745][ T9873] EXT4-fs: Ignoring removed i_version option
[  148.823804][ T9873] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  148.842971][ T9873] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  148.851796][ T9873] System zones: 1-12
[  148.855167][ T9876] FAULT_INJECTION: forcing a failure.
[  148.855167][ T9876] name failslab, interval 1, probability 0, space 0, times 0
[  148.856173][ T9873] EXT4-fs (loop5): orphan cleanup on readonly fs
[  148.868450][ T9876] CPU: 0 UID: 0 PID: 9876 Comm: syz.2.2026 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  148.868556][ T9876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  148.868575][ T9876] Call Trace:
[  148.868584][ T9876]  <TASK>
[  148.868597][ T9876]  __dump_stack+0x1d/0x30
[  148.868629][ T9876]  dump_stack_lvl+0xe8/0x140
[  148.868655][ T9876]  dump_stack+0x15/0x1b
[  148.868729][ T9876]  should_fail_ex+0x265/0x280
[  148.868818][ T9876]  should_failslab+0x8c/0xb0
[  148.868852][ T9876]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  148.868901][ T9876]  ? sidtab_sid2str_get+0xa0/0x130
[  148.868950][ T9876]  kmemdup_noprof+0x2b/0x70
[  148.868985][ T9876]  sidtab_sid2str_get+0xa0/0x130
[  148.869062][ T9876]  security_sid_to_context_core+0x1eb/0x2e0
[  148.869098][ T9876]  security_sid_to_context+0x27/0x40
[  148.869185][ T9876]  selinux_lsmprop_to_secctx+0x67/0xf0
[  148.869220][ T9876]  security_lsmprop_to_secctx+0x43/0x80
[  148.869270][ T9876]  audit_log_task_context+0x77/0x190
[  148.869321][ T9876]  audit_log_task+0xf4/0x250
[  148.869435][ T9876]  audit_seccomp+0x61/0x100
[  148.869473][ T9876]  ? __seccomp_filter+0x68c/0x10d0
[  148.869507][ T9876]  __seccomp_filter+0x69d/0x10d0
[  148.869542][ T9876]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  148.869593][ T9876]  ? vfs_write+0x75e/0x8e0
[  148.869638][ T9876]  ? __rcu_read_unlock+0x4f/0x70
[  148.869703][ T9876]  ? __fget_files+0x184/0x1c0
[  148.869735][ T9876]  __secure_computing+0x82/0x150
[  148.869768][ T9876]  syscall_trace_enter+0xcf/0x1e0
[  148.869803][ T9876]  do_syscall_64+0xac/0x200
[  148.869892][ T9876]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  148.869929][ T9876]  ? clear_bhb_loop+0x40/0x90
[  148.869961][ T9876]  ? clear_bhb_loop+0x40/0x90
[  148.869994][ T9876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.870026][ T9876] RIP: 0033:0x7f90be7be929
[  148.870166][ T9876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.870193][ T9876] RSP: 002b:00007f90bce27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  148.870219][ T9876] RAX: ffffffffffffffda RBX: 00007f90be9e5fa0 RCX: 00007f90be7be929
[  148.870237][ T9876] RDX: 0000000000000000 RSI: c9028ba210c11f8b RDI: 00002000000000c0
[  148.870255][ T9876] RBP: 00007f90bce27090 R08: 0000000000000000 R09: 0000000000000000
[  148.870273][ T9876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.870291][ T9876] R13: 0000000000000000 R14: 00007f90be9e5fa0 R15: 00007ffd8720a798
[  148.870318][ T9876]  </TASK>
[  148.977318][ T9878] loop2: detected capacity change from 0 to 1024
[  149.122351][ T9884] netlink: 'syz.1.2028': attribute type 4 has an invalid length.
[  149.134985][ T9873] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2025: invalid indirect mapped block 12 (level 1)
[  149.147202][ T9878] ext4 filesystem being mounted at /416/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.156092][ T9873] EXT4-fs (loop5): Remounting filesystem read-only
[  149.172233][ T9873] EXT4-fs (loop5): 1 truncate cleaned up
[  149.184456][ T9878] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2027: bg 0: block 393: padding at end of block bitmap is not set
[  149.201189][ T9878] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  149.202603][ T9873] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  149.213983][ T9878] EXT4-fs (loop2): This should not happen!! Data will be lost
[  149.213983][ T9878] 
[  149.231881][ T9873] SELinux: failed to load policy
[  149.242992][ T9873] SELinux: syz.5.2025 (9873) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  149.558183][ T9917] loop1: detected capacity change from 0 to 1024
[  149.574492][ T9917] ext4 filesystem being mounted at /395/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.592610][ T9917] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2039: bg 0: block 393: padding at end of block bitmap is not set
[  149.608210][ T9917] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  149.620843][ T9917] EXT4-fs (loop1): This should not happen!! Data will be lost
[  149.620843][ T9917] 
[  149.950899][ T9915] Set syz1 is full, maxelem 65536 reached
[  150.041837][ T9934] netlink: 'syz.2.2045': attribute type 1 has an invalid length.
[  150.055697][ T9934] 8021q: adding VLAN 0 to HW filter on device bond1
[  150.070687][ T9934] SELinux:  Context  is not valid (left unmapped).
[  150.132994][ T9939] loop4: detected capacity change from 0 to 512
[  150.140335][ T9939] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  150.153349][ T9939] EXT4-fs (loop4): orphan cleanup on readonly fs
[  150.160014][ T9939] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2047: bad orphan inode 458763
[  150.172220][ T9939] EXT4-fs (loop4): Remounting filesystem read-only
[  150.212110][ T9950] loop2: detected capacity change from 0 to 512
[  150.219408][ T9950] EXT4-fs: Ignoring removed i_version option
[  150.225902][ T9950] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  150.236371][ T9950] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  150.239671][ T9952] loop4: detected capacity change from 0 to 512
[  150.244768][ T9950] System zones: 1-12
[  150.254872][ T9950] EXT4-fs (loop2): orphan cleanup on readonly fs
[  150.261975][ T9952] EXT4-fs: Ignoring removed i_version option
[  150.269777][ T9950] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2050: invalid indirect mapped block 12 (level 1)
[  150.286579][ T9952] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  150.296339][ T9950] EXT4-fs (loop2): Remounting filesystem read-only
[  150.301950][ T9952] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  150.303056][ T9950] EXT4-fs (loop2): 1 truncate cleaned up
[  150.327884][ T9952] System zones: 1-12
[  150.336264][ T9952] EXT4-fs (loop4): orphan cleanup on readonly fs
[  150.341338][ T9950] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  150.350276][ T9950] SELinux: failed to load policy
[  150.356663][ T9950] SELinux: syz.2.2050 (9950) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  150.370351][ T9952] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2051: invalid indirect mapped block 12 (level 1)
[  150.384214][ T9952] EXT4-fs (loop4): Remounting filesystem read-only
[  150.392859][ T9952] EXT4-fs (loop4): 1 truncate cleaned up
[  150.413272][ T9952] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  150.421378][ T9952] SELinux: failed to load policy
[  150.427150][ T9952] SELinux: syz.4.2051 (9952) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  150.535824][ T9982] loop0: detected capacity change from 0 to 512
[  150.562893][ T9982] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  150.574444][ T9982] EXT4-fs (loop0): orphan cleanup on readonly fs
[  150.577063][ T9991] FAULT_INJECTION: forcing a failure.
[  150.577063][ T9991] name failslab, interval 1, probability 0, space 0, times 0
[  150.580940][ T9982] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.2060: bad orphan inode 458763
[  150.593539][ T9991] CPU: 0 UID: 0 PID: 9991 Comm: syz.4.2065 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  150.593640][ T9991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.593659][ T9991] Call Trace:
[  150.593670][ T9991]  <TASK>
[  150.593681][ T9991]  __dump_stack+0x1d/0x30
[  150.593712][ T9991]  dump_stack_lvl+0xe8/0x140
[  150.593741][ T9991]  dump_stack+0x15/0x1b
[  150.593790][ T9991]  should_fail_ex+0x265/0x280
[  150.593835][ T9991]  should_failslab+0x8c/0xb0
[  150.593946][ T9991]  __kmalloc_noprof+0xa5/0x3e0
[  150.593983][ T9991]  ? copy_splice_read+0xc2/0x5f0
[  150.594088][ T9991]  copy_splice_read+0xc2/0x5f0
[  150.594167][ T9991]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  150.594201][ T9991]  splice_direct_to_actor+0x290/0x680
[  150.594292][ T9991]  ? __pfx_direct_splice_actor+0x10/0x10
[  150.594342][ T9991]  do_splice_direct+0xda/0x150
[  150.594383][ T9991]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  150.594494][ T9991]  do_sendfile+0x380/0x650
[  150.594533][ T9991]  __x64_sys_sendfile64+0x105/0x150
[  150.594569][ T9991]  x64_sys_call+0xb39/0x2fb0
[  150.594664][ T9991]  do_syscall_64+0xd2/0x200
[  150.594690][ T9991]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  150.594727][ T9991]  ? clear_bhb_loop+0x40/0x90
[  150.594758][ T9991]  ? clear_bhb_loop+0x40/0x90
[  150.594814][ T9991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.594844][ T9991] RIP: 0033:0x7fcc4e2ce929
[  150.594865][ T9991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.594892][ T9991] RSP: 002b:00007fcc4c937038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  150.594919][ T9991] RAX: ffffffffffffffda RBX: 00007fcc4e4f5fa0 RCX: 00007fcc4e2ce929
[  150.594937][ T9991] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[  150.594955][ T9991] RBP: 00007fcc4c937090 R08: 0000000000000000 R09: 0000000000000000
[  150.595053][ T9991] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000001
[  150.595071][ T9991] R13: 0000000000000000 R14: 00007fcc4e4f5fa0 R15: 00007ffcd6ec01d8
[  150.595101][ T9991]  </TASK>
[  150.681556][ T9995] __nla_validate_parse: 12 callbacks suppressed
[  150.681577][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2063'.
[  150.710728][ T9982] EXT4-fs (loop0): Remounting filesystem read-only
[  150.713295][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2063'.
[  150.776954][   T29] kauditd_printk_skb: 240 callbacks suppressed
[  150.777025][   T29] audit: type=1400 audit(2000000078.110:5251): avc:  denied  { mounton } for  pid=9996 comm="syz.4.2066" path="/407/file0" dev="tmpfs" ino=2216 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  150.780341][ T9998] 9pnet_fd: Insufficient options for proto=fd
[  150.790380][ T9999] 9pnet_fd: Insufficient options for proto=fd
[  150.896492][T10001] FAULT_INJECTION: forcing a failure.
[  150.896492][T10001] name failslab, interval 1, probability 0, space 0, times 0
[  150.909183][T10001] CPU: 1 UID: 0 PID: 10001 Comm: syz.1.2068 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  150.909225][T10001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.909241][T10001] Call Trace:
[  150.909247][T10001]  <TASK>
[  150.909255][T10001]  __dump_stack+0x1d/0x30
[  150.909348][T10001]  dump_stack_lvl+0xe8/0x140
[  150.909373][T10001]  dump_stack+0x15/0x1b
[  150.909454][T10003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2067'.
[  150.909393][T10001]  should_fail_ex+0x265/0x280
[  150.909504][T10001]  ? tcf_action_init_1+0x11e/0x4a0
[  150.909540][T10001]  should_failslab+0x8c/0xb0
[  150.909576][T10001]  __kmalloc_cache_noprof+0x4c/0x320
[  150.909698][T10001]  tcf_action_init_1+0x11e/0x4a0
[  150.909795][T10001]  tcf_action_init+0x267/0x6d0
[  150.909833][T10001]  ? __alloc_frozen_pages_noprof+0x15f/0x360
[  150.909912][T10001]  tc_ctl_action+0x291/0x830
[  150.909991][T10001]  ? __pfx_tc_ctl_action+0x10/0x10
[  150.910113][T10001]  rtnetlink_rcv_msg+0x657/0x6d0
[  150.910152][T10001]  netlink_rcv_skb+0x123/0x220
[  150.910198][T10001]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  150.910355][T10001]  rtnetlink_rcv+0x1c/0x30
[  150.910384][T10001]  netlink_unicast+0x59e/0x670
[  150.910430][T10001]  netlink_sendmsg+0x58b/0x6b0
[  150.910461][T10001]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.910489][T10001]  __sock_sendmsg+0x145/0x180
[  150.910587][T10001]  ____sys_sendmsg+0x31e/0x4e0
[  150.910639][T10001]  ___sys_sendmsg+0x17b/0x1d0
[  150.910706][T10001]  __x64_sys_sendmsg+0xd4/0x160
[  150.910922][T10001]  x64_sys_call+0x2999/0x2fb0
[  150.910953][T10001]  do_syscall_64+0xd2/0x200
[  150.910980][T10001]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  150.911030][T10001]  ? clear_bhb_loop+0x40/0x90
[  150.911074][T10001]  ? clear_bhb_loop+0x40/0x90
[  150.911106][T10001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.911138][T10001] RIP: 0033:0x7f6c17ece929
[  150.911159][T10001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.911236][T10001] RSP: 002b:00007f6c16537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  150.911263][T10001] RAX: ffffffffffffffda RBX: 00007f6c180f5fa0 RCX: 00007f6c17ece929
[  150.911281][T10001] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  150.911299][T10001] RBP: 00007f6c16537090 R08: 0000000000000000 R09: 0000000000000000
[  150.911317][T10001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.911335][T10001] R13: 0000000000000000 R14: 00007f6c180f5fa0 R15: 00007ffe5afd1e98
[  150.911362][T10001]  </TASK>
[  151.069804][T10009] loop0: detected capacity change from 0 to 512
[  151.091231][T10010] loop2: detected capacity change from 0 to 512
[  151.100211][T10009] EXT4-fs: Ignoring removed i_version option
[  151.115525][   T29] audit: type=1326 audit(2000000078.420:5252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.153057][T10011] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2069'.
[  151.155710][   T29] audit: type=1326 audit(2000000078.420:5253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.155739][   T29] audit: type=1326 audit(2000000078.420:5254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.155765][   T29] audit: type=1326 audit(2000000078.420:5255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.164314][T10009] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  151.166801][   T29] audit: type=1326 audit(2000000078.420:5256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.293516][T10022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2073'.
[  151.297692][   T29] audit: type=1326 audit(2000000078.420:5257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.333264][T10022] loop1: detected capacity change from 0 to 1024
[  151.353361][   T29] audit: type=1326 audit(2000000078.420:5258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.362089][T10022] EXT4-fs: Ignoring removed nobh option
[  151.383257][   T29] audit: type=1326 audit(2000000078.420:5259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.383295][   T29] audit: type=1326 audit(2000000078.420:5260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10004 comm="syz.2.2070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90be7be929 code=0x7ffc0000
[  151.388949][T10022] EXT4-fs: Ignoring removed mblk_io_submit option
[  151.415055][T10009] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  151.435889][T10022] EXT4-fs: Ignoring removed bh option
[  151.450495][T10010] EXT4-fs (loop2): too many log groups per flexible block group
[  151.455936][T10009] System zones: 
[  151.463611][T10010] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  151.467783][T10010] EXT4-fs (loop2): mount failed
[  151.474216][T10009] 1-12
[  151.482765][T10022] EXT4-fs: Mount option(s) incompatible with ext3
[  151.483513][T10009] EXT4-fs (loop0): orphan cleanup on readonly fs
[  151.496000][T10009] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2067: invalid indirect mapped block 12 (level 1)
[  151.509796][T10009] EXT4-fs (loop0): Remounting filesystem read-only
[  151.516528][T10009] EXT4-fs (loop0): 1 truncate cleaned up
[  151.530603][T10003] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  151.531797][T10025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.538345][T10003] SELinux: failed to load policy
[  151.546847][T10025] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.570282][T10025] loop5: detected capacity change from 0 to 2048
[  151.581044][T10025] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[  151.591410][T10003] SELinux: syz.0.2067 (10003) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  151.630607][T10032] loop0: detected capacity change from 0 to 164
[  151.660384][T10040] pim6reg: entered allmulticast mode
[  151.675772][T10040] pim6reg: left allmulticast mode
[  151.822118][T10051] IPv6: Can't replace route, no match found
[  151.853739][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2083'.
[  151.900133][T10059] netlink: 'syz.1.2085': attribute type 4 has an invalid length.
[  151.949868][T10062] loop1: detected capacity change from 0 to 512
[  151.960508][T10062] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  151.975680][T10062] EXT4-fs (loop1): mount failed
[  152.023423][T10072] syz!: rxe_newlink: already configured on team_slave_0
[  152.036164][T10072] loop2: detected capacity change from 0 to 512
[  152.051205][T10072] ext4 filesystem being mounted at /438/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.115066][T10085] loop4: detected capacity change from 0 to 1024
[  152.129373][T10085] /dev/loop4: Can't open blockdev
[  152.227647][T10094] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  152.261511][T10101] netlink: 'syz.4.2097': attribute type 4 has an invalid length.
[  152.781185][T10115] loop1: detected capacity change from 0 to 1024
[  152.790494][T10115] ext4 filesystem being mounted at /409/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.239472][T10130] FAULT_INJECTION: forcing a failure.
[  153.239472][T10130] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  153.252687][T10130] CPU: 0 UID: 0 PID: 10130 Comm: syz.4.2107 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  153.252722][T10130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.252739][T10130] Call Trace:
[  153.252745][T10130]  <TASK>
[  153.252753][T10130]  __dump_stack+0x1d/0x30
[  153.252778][T10130]  dump_stack_lvl+0xe8/0x140
[  153.252802][T10130]  dump_stack+0x15/0x1b
[  153.252877][T10130]  should_fail_ex+0x265/0x280
[  153.252980][T10130]  should_fail+0xb/0x20
[  153.253008][T10130]  should_fail_usercopy+0x1a/0x20
[  153.253047][T10130]  copy_fpstate_to_sigframe+0x628/0x7d0
[  153.253087][T10130]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  153.253143][T10130]  ? x86_task_fpu+0x36/0x60
[  153.253176][T10130]  get_sigframe+0x34d/0x490
[  153.253196][T10130]  ? get_signal+0xdc8/0xf70
[  153.253386][T10130]  x64_setup_rt_frame+0xa8/0x580
[  153.253411][T10130]  arch_do_signal_or_restart+0x27c/0x480
[  153.253436][T10130]  exit_to_user_mode_loop+0x7a/0x100
[  153.253477][T10130]  do_syscall_64+0x1d6/0x200
[  153.253495][T10130]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  153.253527][T10130]  ? clear_bhb_loop+0x40/0x90
[  153.253554][T10130]  ? clear_bhb_loop+0x40/0x90
[  153.253622][T10130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.253704][T10130] RIP: 0033:0x7fcc4e2ce927
[  153.253720][T10130] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  153.253744][T10130] RSP: 002b:00007fcc4c937038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  153.253766][T10130] RAX: 00000000000000ca RBX: 00007fcc4e4f5fa0 RCX: 00007fcc4e2ce929
[  153.253782][T10130] RDX: 0000000000000000 RSI: 000080000000000b RDI: 000020000000cffc
[  153.253797][T10130] RBP: 00007fcc4c937090 R08: 0000200000048000 R09: 0000000000000300
[  153.253810][T10130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  153.253863][T10130] R13: 0000000000000000 R14: 00007fcc4e4f5fa0 R15: 00007ffcd6ec01d8
[  153.253887][T10130]  </TASK>
[  153.497533][T10132] loop2: detected capacity change from 0 to 256
[  153.511806][T10132] FAT-fs (loop2): Directory bread(block 64) failed
[  153.518582][T10132] FAT-fs (loop2): Directory bread(block 65) failed
[  153.526214][T10132] FAT-fs (loop2): Directory bread(block 66) failed
[  153.560470][T10132] FAT-fs (loop2): Directory bread(block 67) failed
[  153.580555][T10132] FAT-fs (loop2): Directory bread(block 68) failed
[  153.591978][T10132] FAT-fs (loop2): Directory bread(block 69) failed
[  153.598628][T10132] FAT-fs (loop2): Directory bread(block 70) failed
[  153.605276][T10132] FAT-fs (loop2): Directory bread(block 71) failed
[  153.611969][T10132] FAT-fs (loop2): Directory bread(block 72) failed
[  153.618574][T10132] FAT-fs (loop2): Directory bread(block 73) failed
[  153.636023][T10132] bio_check_eod: 25164 callbacks suppressed
[  153.636042][T10132] syz.2.2108: attempt to access beyond end of device
[  153.636042][T10132] loop2: rw=524288, sector=1800, nr_sectors = 20 limit=256
[  153.656178][T10132] syz.2.2108: attempt to access beyond end of device
[  153.656178][T10132] loop2: rw=0, sector=1800, nr_sectors = 8 limit=256
[  153.661908][T10147] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2114'.
[  153.677690][T10145] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2113'.
[  153.697900][T10147] loop4: detected capacity change from 0 to 512
[  153.706633][T10147] EXT4-fs: Ignoring removed i_version option
[  153.713397][T10147] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  153.731002][T10147] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  153.739520][T10147] System zones: 1-12
[  153.743877][T10147] EXT4-fs (loop4): orphan cleanup on readonly fs
[  153.751269][T10147] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2114: invalid indirect mapped block 12 (level 1)
[  153.762428][T10152] loop2: detected capacity change from 0 to 512
[  153.765302][T10147] EXT4-fs (loop4): Remounting filesystem read-only
[  153.777455][T10147] EXT4-fs (loop4): 1 truncate cleaned up
[  153.784568][T10152] EXT4-fs: Ignoring removed mblk_io_submit option
[  153.792594][T10152] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  153.804285][T10147] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  153.807221][T10154] netlink: 'syz.1.2117': attribute type 4 has an invalid length.
[  153.811988][T10147] SELinux: failed to load policy
[  153.822135][T10152] EXT4-fs (loop2): 1 truncate cleaned up
[  153.826920][T10147] SELinux: syz.4.2114 (10147) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  153.865611][T10152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.875232][T10152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.897356][T10161] loop4: detected capacity change from 0 to 2048
[  153.904865][T10161] EXT4-fs: Ignoring removed nobh option
[  154.052153][T10183] loop1: detected capacity change from 0 to 512
[  154.060878][T10183] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  154.072335][T10183] EXT4-fs (loop1): orphan cleanup on readonly fs
[  154.078728][T10183] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.2127: bad orphan inode 458763
[  154.090120][T10183] EXT4-fs (loop1): Remounting filesystem read-only
[  154.116618][T10188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2129'.
[  154.130749][T10188] loop1: detected capacity change from 0 to 512
[  154.132058][T10190] netlink: 'syz.4.2130': attribute type 4 has an invalid length.
[  154.137613][T10188] EXT4-fs: Ignoring removed i_version option
[  154.152601][T10188] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  154.163349][T10188] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  154.172655][T10188] System zones: 1-12
[  154.176763][T10188] EXT4-fs (loop1): orphan cleanup on readonly fs
[  154.179480][T10193] netlink: 12 bytes leftover after parsing attributes in process `wg1'.
[  154.192727][T10188] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2129: invalid indirect mapped block 12 (level 1)
[  154.206542][T10188] EXT4-fs (loop1): Remounting filesystem read-only
[  154.214266][T10188] EXT4-fs (loop1): 1 truncate cleaned up
[  154.224494][T10188] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  154.232374][ T3408] Process accounting resumed
[  154.233271][T10188] SELinux: failed to load policy
[  154.243338][T10188] SELinux: syz.1.2129 (10188) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  154.282284][T10194] Process accounting resumed
[  154.295675][T10199] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=10199 comm=syz.4.2134
[  154.350007][T10197] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  154.396422][T10203] ip6gre1: entered allmulticast mode
[  154.454965][T10209] loop2: detected capacity change from 0 to 512
[  154.463151][T10209] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  154.475651][T10209] EXT4-fs (loop2): orphan cleanup on readonly fs
[  154.482278][T10209] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.2139: bad orphan inode 458763
[  154.496213][T10209] EXT4-fs (loop2): Remounting filesystem read-only
[  154.513197][T10214] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  154.532095][T10216] loop1: detected capacity change from 0 to 512
[  154.542852][T10216] EXT4-fs: Ignoring removed i_version option
[  154.550453][T10216] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  154.557236][T10220] loop0: detected capacity change from 0 to 512
[  154.561245][T10216] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  154.574740][T10216] System zones: 1-12
[  154.578959][T10216] EXT4-fs (loop1): orphan cleanup on readonly fs
[  154.586183][T10216] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2142: invalid indirect mapped block 12 (level 1)
[  154.609234][T10220] EXT4-fs: Ignoring removed i_version option
[  154.625667][T10220] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  154.626580][T10216] EXT4-fs (loop1): Remounting filesystem read-only
[  154.649062][T10216] EXT4-fs (loop1): 1 truncate cleaned up
[  154.685506][T10216] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  154.695304][T10216] SELinux: failed to load policy
[  154.701846][T10216] SELinux: syz.1.2142 (10216) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  154.703779][T10220] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  154.724035][T10220] System zones: 1-12
[  154.728315][T10220] EXT4-fs (loop0): orphan cleanup on readonly fs
[  154.735099][T10220] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2144: invalid indirect mapped block 12 (level 1)
[  154.741035][T10229] syzkaller0: tun_chr_ioctl cmd 1074025677
[  154.749978][T10220] EXT4-fs (loop0): Remounting filesystem read-only
[  154.761201][T10220] EXT4-fs (loop0): 1 truncate cleaned up
[  154.772461][T10229] syzkaller0: linktype set to 6
[  154.774385][T10220] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  154.785311][T10220] SELinux: failed to load policy
[  154.792050][T10220] SELinux: syz.0.2144 (10220) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  154.817437][T10231] netlink: 'syz.1.2147': attribute type 4 has an invalid length.
[  154.837600][T10235] IPv6: sit1: Disabled Multicast RS
[  154.891996][T10237] FAULT_INJECTION: forcing a failure.
[  154.891996][T10237] name failslab, interval 1, probability 0, space 0, times 0
[  154.904724][T10237] CPU: 0 UID: 0 PID: 10237 Comm: syz.1.2149 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  154.904754][T10237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.904769][T10237] Call Trace:
[  154.904776][T10237]  <TASK>
[  154.904784][T10237]  __dump_stack+0x1d/0x30
[  154.904826][T10237]  dump_stack_lvl+0xe8/0x140
[  154.904847][T10237]  dump_stack+0x15/0x1b
[  154.904865][T10237]  should_fail_ex+0x265/0x280
[  154.904930][T10237]  should_failslab+0x8c/0xb0
[  154.904956][T10237]  kmem_cache_alloc_node_noprof+0x57/0x320
[  154.904987][T10237]  ? __alloc_skb+0x101/0x320
[  154.905122][T10237]  __alloc_skb+0x101/0x320
[  154.905153][T10237]  netlink_alloc_large_skb+0xba/0xf0
[  154.905188][T10237]  netlink_sendmsg+0x3cf/0x6b0
[  154.905211][T10237]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.905307][T10237]  __sock_sendmsg+0x145/0x180
[  154.905334][T10237]  ____sys_sendmsg+0x31e/0x4e0
[  154.905375][T10237]  ___sys_sendmsg+0x17b/0x1d0
[  154.905467][T10237]  __x64_sys_sendmsg+0xd4/0x160
[  154.905508][T10237]  x64_sys_call+0x2999/0x2fb0
[  154.905531][T10237]  do_syscall_64+0xd2/0x200
[  154.905596][T10237]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  154.905624][T10237]  ? clear_bhb_loop+0x40/0x90
[  154.905650][T10237]  ? clear_bhb_loop+0x40/0x90
[  154.905778][T10237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.905802][T10237] RIP: 0033:0x7f6c17ece929
[  154.905820][T10237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.905839][T10237] RSP: 002b:00007f6c16537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.905859][T10237] RAX: ffffffffffffffda RBX: 00007f6c180f5fa0 RCX: 00007f6c17ece929
[  154.905873][T10237] RDX: 0000000004000000 RSI: 0000200000000000 RDI: 0000000000000006
[  154.905907][T10237] RBP: 00007f6c16537090 R08: 0000000000000000 R09: 0000000000000000
[  154.905920][T10237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.905933][T10237] R13: 0000000000000000 R14: 00007f6c180f5fa0 R15: 00007ffe5afd1e98
[  154.905954][T10237]  </TASK>
[  155.221747][T10262] loop5: detected capacity change from 0 to 512
[  155.228802][T10262] EXT4-fs: Ignoring removed i_version option
[  155.236570][T10262] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  155.261526][T10262] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  155.273343][T10262] System zones: 1-12
[  155.277475][T10262] EXT4-fs (loop5): orphan cleanup on readonly fs
[  155.287132][T10268] FAULT_INJECTION: forcing a failure.
[  155.287132][T10268] name failslab, interval 1, probability 0, space 0, times 0
[  155.299884][T10268] CPU: 1 UID: 0 PID: 10268 Comm: syz.2.2161 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  155.299946][T10268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.299960][T10268] Call Trace:
[  155.299966][T10268]  <TASK>
[  155.299973][T10268]  __dump_stack+0x1d/0x30
[  155.299997][T10268]  dump_stack_lvl+0xe8/0x140
[  155.300024][T10268]  dump_stack+0x15/0x1b
[  155.300046][T10268]  should_fail_ex+0x265/0x280
[  155.300098][T10268]  should_failslab+0x8c/0xb0
[  155.300169][T10268]  kmem_cache_alloc_node_noprof+0x57/0x320
[  155.300208][T10268]  ? __alloc_skb+0x101/0x320
[  155.300303][T10268]  __alloc_skb+0x101/0x320
[  155.300338][T10268]  tca_action_gd+0x77d/0x1290
[  155.300400][T10268]  ? __nla_validate_parse+0x1652/0x1d00
[  155.300454][T10268]  ? __nla_parse+0x40/0x60
[  155.300481][T10268]  tc_ctl_action+0x208/0x830
[  155.300564][T10268]  ? __pfx_cmp_ex_search+0x10/0x10
[  155.300593][T10268]  ? copy_from_kernel_nofault+0x6a/0x200
[  155.300638][T10268]  ? copy_from_kernel_nofault+0x6a/0x200
[  155.300721][T10268]  ? copy_from_kernel_nofault+0x6a/0x200
[  155.300788][T10268]  ? __kfree_skb+0x109/0x150
[  155.300828][T10268]  ? kmem_cache_free+0xdf/0x300
[  155.300941][T10268]  ? __kfree_skb+0x109/0x150
[  155.300997][T10268]  ? nlmon_xmit+0x4f/0x60
[  155.301027][T10268]  ? consume_skb+0x49/0x150
[  155.301066][T10268]  ? nlmon_xmit+0x4f/0x60
[  155.301138][T10268]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  155.301186][T10268]  ? __dev_queue_xmit+0x11c0/0x1fb0
[  155.301245][T10268]  ? __pfx_tc_ctl_action+0x10/0x10
[  155.301280][T10268]  rtnetlink_rcv_msg+0x657/0x6d0
[  155.301317][T10268]  netlink_rcv_skb+0x123/0x220
[  155.301393][T10268]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  155.301433][T10268]  rtnetlink_rcv+0x1c/0x30
[  155.301492][T10268]  netlink_unicast+0x59e/0x670
[  155.301536][T10268]  netlink_sendmsg+0x58b/0x6b0
[  155.301571][T10268]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.301591][T10268]  __sock_sendmsg+0x145/0x180
[  155.301648][T10268]  ____sys_sendmsg+0x31e/0x4e0
[  155.301698][T10268]  ___sys_sendmsg+0x17b/0x1d0
[  155.301769][T10268]  __x64_sys_sendmsg+0xd4/0x160
[  155.301892][T10268]  x64_sys_call+0x2999/0x2fb0
[  155.301979][T10268]  do_syscall_64+0xd2/0x200
[  155.302003][T10268]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  155.302036][T10268]  ? clear_bhb_loop+0x40/0x90
[  155.302065][T10268]  ? clear_bhb_loop+0x40/0x90
[  155.302135][T10268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.302168][T10268] RIP: 0033:0x7f90be7be929
[  155.302239][T10268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.302264][T10268] RSP: 002b:00007f90bce27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.302289][T10268] RAX: ffffffffffffffda RBX: 00007f90be9e5fa0 RCX: 00007f90be7be929
[  155.302306][T10268] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  155.302322][T10268] RBP: 00007f90bce27090 R08: 0000000000000000 R09: 0000000000000000
[  155.302339][T10268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.302466][T10268] R13: 0000000000000000 R14: 00007f90be9e5fa0 R15: 00007ffd8720a798
[  155.302493][T10268]  </TASK>
[  155.312538][T10264] loop4: detected capacity change from 0 to 512
[  155.334867][T10264] EXT4-fs: Ignoring removed i_version option
[  155.350120][T10262] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2159: invalid indirect mapped block 12 (level 1)
[  155.351796][T10264] EXT4-fs: Ignoring removed mblk_io_submit option
[  155.364422][T10269] loop0: detected capacity change from 0 to 1024
[  155.371845][T10264] journal_path: Lookup failure for './file2'
[  155.380263][T10262] EXT4-fs (loop5): Remounting filesystem read-only
[  155.382604][T10264] EXT4-fs: error: could not find journal device path
[  155.386539][T10262] EXT4-fs (loop5): 1 truncate cleaned up
[  155.402510][T10262] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  155.466900][T10269] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  155.530219][T10262] SELinux: failed to load policy
[  155.533127][T10275] SELinux: syz.5.2159 (10275) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  155.601368][T10277] loop4: detected capacity change from 0 to 512
[  155.737924][T10277] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  155.779630][   T29] kauditd_printk_skb: 156 callbacks suppressed
[  155.779676][   T29] audit: type=1326 audit(2000000083.120:5416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.813745][   T29] audit: type=1326 audit(2000000083.150:5417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.816462][T10291] $Hÿ: renamed from bond0 (while UP)
[  155.837258][   T29] audit: type=1326 audit(2000000083.150:5418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.844296][T10277] EXT4-fs (loop4): 1 truncate cleaned up
[  155.866267][   T29] audit: type=1326 audit(2000000083.150:5419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.895443][   T29] audit: type=1326 audit(2000000083.150:5420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.919019][   T29] audit: type=1326 audit(2000000083.150:5421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.942744][   T29] audit: type=1326 audit(2000000083.150:5422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  155.953095][T10294] __nla_validate_parse: 9 callbacks suppressed
[  155.953117][T10294] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2167'.
[  155.966651][   T29] audit: type=1326 audit(2000000083.150:5423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  156.005175][   T29] audit: type=1326 audit(2000000083.150:5424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  156.028751][   T29] audit: type=1326 audit(2000000083.150:5425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10290 comm="syz.5.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f413ec9e929 code=0x7ffc0000
[  156.054463][T10291] $Hÿ: entered promiscuous mode
[  156.059673][T10291] bond_slave_0: entered promiscuous mode
[  156.065446][T10291] bond_slave_1: entered promiscuous mode
[  156.071303][T10291] batadv0: entered promiscuous mode
[  156.121651][T10304] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  156.135317][T10306] loop2: detected capacity change from 0 to 512
[  156.151016][T10306] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  156.167519][T10308] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  156.180927][T10312] loop5: detected capacity change from 0 to 164
[  156.192051][T10306] EXT4-fs (loop2): orphan cleanup on readonly fs
[  156.198509][T10306] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.2172: bad orphan inode 458763
[  156.209610][T10306] EXT4-fs (loop2): Remounting filesystem read-only
[  156.225916][T10312] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  156.235384][T10312] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  156.248189][T10318] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2176'.
[  156.264664][T10318] loop4: detected capacity change from 0 to 512
[  156.272326][T10312] Symlink component flag not implemented
[  156.277992][T10312] Symlink component flag not implemented
[  156.280022][T10318] EXT4-fs: Ignoring removed i_version option
[  156.284593][T10312] Symlink component flag not implemented (7)
[  156.294962][T10318] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  156.295768][T10312] Symlink component flag not implemented (116)
[  156.311495][T10323] loop0: detected capacity change from 0 to 1024
[  156.327557][T10318] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  156.337549][T10318] System zones: 1-12
[  156.342222][T10318] EXT4-fs (loop4): orphan cleanup on readonly fs
[  156.342953][T10323] EXT4-fs (loop0): orphan cleanup on readonly fs
[  156.355045][T10318] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2176: invalid indirect mapped block 12 (level 1)
[  156.368813][T10318] EXT4-fs (loop4): Remounting filesystem read-only
[  156.376473][T10318] EXT4-fs (loop4): 1 truncate cleaned up
[  156.376494][T10323] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.2178: Failed to acquire dquot type 0
[  156.385873][T10318] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  156.403219][T10318] SELinux: failed to load policy
[  156.410216][T10323] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  156.419516][T10318] SELinux: syz.4.2176 (10318) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  156.426493][T10323] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.2178: corrupted inode contents
[  156.452854][T10323] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #13: comm syz.0.2178: mark_inode_dirty error
[  156.465265][T10323] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.2178: corrupted inode contents
[  156.477650][T10323] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.2178: mark_inode_dirty error
[  156.490320][T10323] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.2178: corrupted inode contents
[  156.505040][T10323] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[  156.516213][T10331] ip6tnl2: entered promiscuous mode
[  156.521482][T10331] ip6tnl2: entered allmulticast mode
[  156.530105][T10331] team0: Device ip6tnl2 is up. Set it down before adding it as a team port
[  156.542253][T10323] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.2178: corrupted inode contents
[  156.572669][T10323] EXT4-fs error (device loop0): ext4_truncate:4597: inode #13: comm syz.0.2178: mark_inode_dirty error
[  156.587494][T10323] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[  156.597865][T10323] EXT4-fs (loop0): 1 truncate cleaned up
[  156.609227][T10323] FAULT_INJECTION: forcing a failure.
[  156.609227][T10323] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.622474][T10323] CPU: 1 UID: 0 PID: 10323 Comm: syz.0.2178 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  156.622500][T10323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.622512][T10323] Call Trace:
[  156.622518][T10323]  <TASK>
[  156.622542][T10323]  __dump_stack+0x1d/0x30
[  156.622614][T10323]  dump_stack_lvl+0xe8/0x140
[  156.622652][T10323]  dump_stack+0x15/0x1b
[  156.622667][T10323]  should_fail_ex+0x265/0x280
[  156.622697][T10323]  should_fail+0xb/0x20
[  156.622729][T10323]  should_fail_usercopy+0x1a/0x20
[  156.622799][T10323]  _copy_from_iter+0xcf/0xe40
[  156.622829][T10323]  ? __build_skb_around+0x1a0/0x200
[  156.622858][T10323]  ? __alloc_skb+0x223/0x320
[  156.622919][T10323]  netlink_sendmsg+0x471/0x6b0
[  156.622960][T10323]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.622979][T10323]  __sock_sendmsg+0x145/0x180
[  156.623001][T10323]  ____sys_sendmsg+0x31e/0x4e0
[  156.623035][T10323]  ___sys_sendmsg+0x17b/0x1d0
[  156.623089][T10323]  __x64_sys_sendmsg+0xd4/0x160
[  156.623198][T10323]  x64_sys_call+0x2999/0x2fb0
[  156.623224][T10323]  do_syscall_64+0xd2/0x200
[  156.623246][T10323]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  156.623277][T10323]  ? clear_bhb_loop+0x40/0x90
[  156.623374][T10323]  ? clear_bhb_loop+0x40/0x90
[  156.623401][T10323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.623428][T10323] RIP: 0033:0x7fcb64ace929
[  156.623446][T10323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.623469][T10323] RSP: 002b:00007fcb63137038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.623492][T10323] RAX: ffffffffffffffda RBX: 00007fcb64cf5fa0 RCX: 00007fcb64ace929
[  156.623521][T10323] RDX: 000000003004408c RSI: 0000200000000080 RDI: 0000000000000005
[  156.623536][T10323] RBP: 00007fcb63137090 R08: 0000000000000000 R09: 0000000000000000
[  156.623550][T10323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.623565][T10323] R13: 0000000000000000 R14: 00007fcb64cf5fa0 R15: 00007ffecff29078
[  156.623588][T10323]  </TASK>
[  156.839860][T10338] netlink: 'syz.4.2182': attribute type 10 has an invalid length.
[  156.847822][T10338] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2182'.
[  156.866690][T10338] dummy0: entered promiscuous mode
[  156.872874][T10338] bridge0: port 3(dummy0) entered blocking state
[  156.879364][T10338] bridge0: port 3(dummy0) entered disabled state
[  156.885887][T10338] dummy0: entered allmulticast mode
[  156.893746][T10338] bridge0: port 3(dummy0) entered blocking state
[  156.900287][T10338] bridge0: port 3(dummy0) entered forwarding state
[  156.916647][T10338] loop4: detected capacity change from 0 to 512
[  156.926312][T10338] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  156.943401][T10338] ext4 filesystem being mounted at /435/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.050671][T10350] FAULT_INJECTION: forcing a failure.
[  157.050671][T10350] name failslab, interval 1, probability 0, space 0, times 0
[  157.063513][T10350] CPU: 1 UID: 0 PID: 10350 Comm: syz.1.2185 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  157.063548][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  157.063601][T10350] Call Trace:
[  157.063608][T10350]  <TASK>
[  157.063617][T10350]  __dump_stack+0x1d/0x30
[  157.063644][T10350]  dump_stack_lvl+0xe8/0x140
[  157.063730][T10350]  dump_stack+0x15/0x1b
[  157.063789][T10350]  should_fail_ex+0x265/0x280
[  157.063830][T10350]  ? rtnl_newlink+0x5c/0x12d0
[  157.063899][T10350]  should_failslab+0x8c/0xb0
[  157.063929][T10350]  __kmalloc_cache_noprof+0x4c/0x320
[  157.063966][T10350]  ? exc_page_fault+0x7b/0xa0
[  157.064006][T10350]  rtnl_newlink+0x5c/0x12d0
[  157.064113][T10350]  ? 0xffffffffa0205288
[  157.064132][T10350]  ? copy_from_kernel_nofault+0x60/0x200
[  157.064179][T10350]  ? x86_call_depth_emit_accounting+0x128/0x2e0
[  157.064213][T10350]  ? copy_from_kernel_nofault+0x188/0x200
[  157.064305][T10350]  ? xas_load+0x413/0x430
[  157.064420][T10350]  ? xas_load+0x413/0x430
[  157.064456][T10350]  ? cmp_ex_search+0x25/0x40
[  157.064478][T10350]  ? bsearch+0x95/0xc0
[  157.064501][T10350]  ? __pfx_cmp_ex_search+0x10/0x10
[  157.064527][T10350]  ? copy_from_kernel_nofault+0x6a/0x200
[  157.064580][T10350]  ? search_extable+0x53/0x80
[  157.064606][T10350]  ? copy_from_kernel_nofault+0x6a/0x200
[  157.064724][T10350]  ? avc_has_perm_noaudit+0xa8/0x200
[  157.064775][T10350]  ? __rcu_read_unlock+0x4f/0x70
[  157.064823][T10350]  ? avc_has_perm_noaudit+0x1b1/0x200
[  157.064873][T10350]  ? selinux_capable+0x1f9/0x270
[  157.064919][T10350]  ? security_capable+0x83/0x90
[  157.064947][T10350]  ? ns_capable+0x7d/0xb0
[  157.065101][T10350]  ? __pfx_rtnl_newlink+0x10/0x10
[  157.065124][T10350]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  157.065152][T10350]  netlink_rcv_skb+0x123/0x220
[  157.065263][T10350]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  157.065293][T10350]  rtnetlink_rcv+0x1c/0x30
[  157.065313][T10350]  netlink_unicast+0x59e/0x670
[  157.065352][T10350]  netlink_sendmsg+0x58b/0x6b0
[  157.065378][T10350]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.065398][T10350]  __sock_sendmsg+0x145/0x180
[  157.065426][T10350]  ____sys_sendmsg+0x31e/0x4e0
[  157.065604][T10350]  ___sys_sendmsg+0x17b/0x1d0
[  157.065664][T10350]  __x64_sys_sendmsg+0xd4/0x160
[  157.065715][T10350]  x64_sys_call+0x2999/0x2fb0
[  157.065810][T10350]  do_syscall_64+0xd2/0x200
[  157.065880][T10350]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  157.065915][T10350]  ? clear_bhb_loop+0x40/0x90
[  157.065943][T10350]  ? clear_bhb_loop+0x40/0x90
[  157.066033][T10350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.066062][T10350] RIP: 0033:0x7f6c17ece929
[  157.066081][T10350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.066106][T10350] RSP: 002b:00007f6c16537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  157.066167][T10350] RAX: ffffffffffffffda RBX: 00007f6c180f5fa0 RCX: 00007f6c17ece929
[  157.066208][T10350] RDX: 0000000000008044 RSI: 0000200000000440 RDI: 0000000000000007
[  157.066221][T10350] RBP: 00007f6c16537090 R08: 0000000000000000 R09: 0000000000000000
[  157.066233][T10350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.066283][T10350] R13: 0000000000000000 R14: 00007f6c180f5fa0 R15: 00007ffe5afd1e98
[  157.066308][T10350]  </TASK>
[  157.425699][T10354] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  157.427316][T10355] loop5: detected capacity change from 0 to 1024
[  157.472653][T10355] EXT4-fs: inline encryption not supported
[  157.494924][T10356] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2188'.
[  157.524554][T10369] netlink: 'syz.1.2193': attribute type 4 has an invalid length.
[  157.556908][T10355] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  157.588555][T10363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2192'.
[  157.654684][T10382] loop1: detected capacity change from 0 to 1024
[  157.676311][T10382] ext4 filesystem being mounted at /431/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.718922][ T5315] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm kworker/u8:38: bg 0: block 393: padding at end of block bitmap is not set
[  157.739504][T10385] loop4: detected capacity change from 0 to 512
[  157.747402][ T5315] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117
[  157.760036][ T5315] EXT4-fs (loop1): This should not happen!! Data will be lost
[  157.760036][ T5315] 
[  157.790403][T10385] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  157.798597][T10385] EXT4-fs (loop4): orphan cleanup on readonly fs
[  157.806393][T10385] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.2196: corrupted inode contents
[  157.819921][T10385] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #16: comm syz.4.2196: mark_inode_dirty error
[  157.842364][T10385] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.2196: corrupted inode contents
[  157.854678][T10385] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.2196: mark_inode_dirty error
[  157.879292][T10385] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.2196: corrupted inode contents
[  157.891624][T10385] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  157.900445][T10385] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.2196: corrupted inode contents
[  157.913430][T10385] EXT4-fs error (device loop4): ext4_truncate:4597: inode #16: comm syz.4.2196: mark_inode_dirty error
[  157.925571][T10385] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  157.935251][T10385] EXT4-fs (loop4): 1 truncate cleaned up
[  157.941918][ T5317] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:40: Failed to release dquot type 1
[  158.229022][T10404] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  158.296182][T10412] netlink: 'syz.5.2205': attribute type 4 has an invalid length.
[  158.373323][T10413] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  158.399496][ T3419] IPVS: starting estimator thread 0...
[  158.431357][T10415] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2206'.
[  158.527672][T10432] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2208'.
[  158.536696][T10432] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2208'.
[  158.671924][T10421] IPVS: using max 1824 ests per chain, 91200 per kthread
[  158.773122][T10439] loop1: detected capacity change from 0 to 128
[  158.779990][T10439] vfat: Unknown parameter ''
[  159.011770][T10448] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  159.080297][T10450] vhci_hcd: invalid port number 96
[  159.085496][T10450] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  159.127487][T10452] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2217'.
[  159.423184][T10467] loop0: detected capacity change from 0 to 764
[  159.719105][T10476] loop1: detected capacity change from 0 to 1024
[  159.734485][T10476] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  159.745473][T10476] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  159.763553][T10468] serio: Serial port ptm0
[  159.789614][T10476] JBD2: no valid journal superblock found
[  159.795423][T10476] EXT4-fs (loop1): Could not load journal inode
[  159.921787][T10480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2224'.
[  160.246103][T10496] loop4: detected capacity change from 0 to 1024
[  160.262744][T10496] ext4 filesystem being mounted at /442/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.457729][T10496] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2231: bg 0: block 393: padding at end of block bitmap is not set
[  160.504041][T10496] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  160.516763][T10496] EXT4-fs (loop4): This should not happen!! Data will be lost
[  160.516763][T10496] 
[  160.573273][T10520] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  160.634831][T10527] loop4: detected capacity change from 0 to 164
[  160.720077][T10531] loop5: detected capacity change from 0 to 1024
[  160.768595][T10531] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.784779][T10531] FAULT_INJECTION: forcing a failure.
[  160.784779][T10531] name failslab, interval 1, probability 0, space 0, times 0
[  160.797713][T10531] CPU: 0 UID: 0 PID: 10531 Comm: syz.5.2241 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  160.797755][T10531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  160.797773][T10531] Call Trace:
[  160.797782][T10531]  <TASK>
[  160.797793][T10531]  __dump_stack+0x1d/0x30
[  160.797877][T10531]  dump_stack_lvl+0xe8/0x140
[  160.797902][T10531]  dump_stack+0x15/0x1b
[  160.797950][T10531]  should_fail_ex+0x265/0x280
[  160.797984][T10531]  should_failslab+0x8c/0xb0
[  160.798017][T10531]  __kmalloc_noprof+0xa5/0x3e0
[  160.798054][T10531]  ? unix_bind+0x1a0/0x920
[  160.798092][T10531]  unix_bind+0x1a0/0x920
[  160.798130][T10531]  __sys_bind+0x1ce/0x2a0
[  160.798175][T10531]  __x64_sys_bind+0x3f/0x50
[  160.798238][T10531]  x64_sys_call+0x2086/0x2fb0
[  160.798268][T10531]  do_syscall_64+0xd2/0x200
[  160.798293][T10531]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  160.798330][T10531]  ? clear_bhb_loop+0x40/0x90
[  160.798478][T10531]  ? clear_bhb_loop+0x40/0x90
[  160.798515][T10531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.798546][T10531] RIP: 0033:0x7f413ec9e929
[  160.798568][T10531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.798651][T10531] RSP: 002b:00007f413d307038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  160.798675][T10531] RAX: ffffffffffffffda RBX: 00007f413eec5fa0 RCX: 00007f413ec9e929
[  160.798693][T10531] RDX: 000000000000006e RSI: 0000200000003000 RDI: 0000000000000007
[  160.798711][T10531] RBP: 00007f413d307090 R08: 0000000000000000 R09: 0000000000000000
[  160.798729][T10531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.798742][T10531] R13: 0000000000000000 R14: 00007f413eec5fa0 R15: 00007ffe2e5681c8
[  160.798761][T10531]  </TASK>
[  161.005634][ T8154] EXT4-fs unmount: 129 callbacks suppressed
[  161.005658][ T8154] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  161.023797][   T29] kauditd_printk_skb: 240 callbacks suppressed
[  161.023812][   T29] audit: type=1326 audit(2000000088.360:5663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc4e2ce929 code=0x0
[  161.058804][   T29] audit: type=1400 audit(2000000088.390:5664): avc:  denied  { setopt } for  pid=10551 comm="syz.5.2246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  161.081896][   T29] audit: type=1326 audit(2000000088.420:5665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.162377][T10555] SELinux:  Context system_u:object is not valid (left unmapped).
[  161.195501][   T29] audit: type=1326 audit(2000000088.420:5666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.219229][   T29] audit: type=1326 audit(2000000088.420:5667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.230016][T10560] loop5: detected capacity change from 0 to 164
[  161.242984][   T29] audit: type=1326 audit(2000000088.420:5668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.272901][   T29] audit: type=1326 audit(2000000088.420:5669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.296472][   T29] audit: type=1326 audit(2000000088.420:5670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.320102][   T29] audit: type=1326 audit(2000000088.420:5671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.343762][   T29] audit: type=1326 audit(2000000088.420:5672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10549 comm="syz.4.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc4e2ce929 code=0x7ffc0000
[  161.384097][T10568] netlink: 'syz.5.2251': attribute type 4 has an invalid length.
[  161.423785][T10571] __nla_validate_parse: 4 callbacks suppressed
[  161.423802][T10571] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2255'.
[  161.490630][T10580] FAULT_INJECTION: forcing a failure.
[  161.490630][T10580] name failslab, interval 1, probability 0, space 0, times 0
[  161.503383][T10580] CPU: 1 UID: 0 PID: 10580 Comm: syz.5.2256 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  161.503440][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.503514][T10580] Call Trace:
[  161.503522][T10580]  <TASK>
[  161.503547][T10580]  __dump_stack+0x1d/0x30
[  161.503574][T10580]  dump_stack_lvl+0xe8/0x140
[  161.503600][T10580]  dump_stack+0x15/0x1b
[  161.503623][T10580]  should_fail_ex+0x265/0x280
[  161.503689][T10580]  should_failslab+0x8c/0xb0
[  161.503797][T10580]  kmem_cache_alloc_noprof+0x50/0x310
[  161.503835][T10580]  ? skb_clone+0x151/0x1f0
[  161.503862][T10580]  skb_clone+0x151/0x1f0
[  161.503887][T10580]  __netlink_deliver_tap+0x2c9/0x500
[  161.503965][T10580]  netlink_unicast+0x64c/0x670
[  161.504003][T10580]  netlink_sendmsg+0x58b/0x6b0
[  161.504112][T10580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.504137][T10580]  __sock_sendmsg+0x145/0x180
[  161.504171][T10580]  ____sys_sendmsg+0x31e/0x4e0
[  161.504273][T10580]  ___sys_sendmsg+0x17b/0x1d0
[  161.504335][T10580]  __x64_sys_sendmsg+0xd4/0x160
[  161.504463][T10580]  x64_sys_call+0x2999/0x2fb0
[  161.504503][T10580]  do_syscall_64+0xd2/0x200
[  161.504532][T10580]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  161.504573][T10580]  ? clear_bhb_loop+0x40/0x90
[  161.504639][T10580]  ? clear_bhb_loop+0x40/0x90
[  161.504662][T10580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.504703][T10580] RIP: 0033:0x7f413ec9e929
[  161.504723][T10580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.504748][T10580] RSP: 002b:00007f413d307038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  161.504772][T10580] RAX: ffffffffffffffda RBX: 00007f413eec5fa0 RCX: 00007f413ec9e929
[  161.504792][T10580] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000007
[  161.504809][T10580] RBP: 00007f413d307090 R08: 0000000000000000 R09: 0000000000000000
[  161.504825][T10580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  161.504842][T10580] R13: 0000000000000000 R14: 00007f413eec5fa0 R15: 00007ffe2e5681c8
[  161.504867][T10580]  </TASK>
[  161.505504][T10580] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  161.553087][T10582] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2257'.
[  161.784016][T10594] loop1: detected capacity change from 0 to 164
[  161.836664][T10600] netdevsim netdevsim5: Direct firmware load for ./file0 failed with error -2
[  161.906030][T10605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2262'.
[  161.980192][T10617] loop1: detected capacity change from 0 to 2048
[  161.996026][T10622] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2271'.
[  162.011955][T10617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.061186][T10617] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  162.062696][T10628] netlink: 'syz.5.2272': attribute type 4 has an invalid length.
[  162.077566][T10617] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  162.096214][T10617] EXT4-fs (loop1): This should not happen!! Data will be lost
[  162.096214][T10617] 
[  162.105976][T10617] EXT4-fs (loop1): Total free blocks count 0
[  162.112043][T10617] EXT4-fs (loop1): Free/Dirty block details
[  162.117986][T10617] EXT4-fs (loop1): free_blocks=2415919504
[  162.123973][T10617] EXT4-fs (loop1): dirty_blocks=16
[  162.129145][T10617] EXT4-fs (loop1): Block reservation details
[  162.135302][T10617] EXT4-fs (loop1): i_reserved_data_blocks=1
[  162.162795][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.287648][T10656] loop5: detected capacity change from 0 to 1024
[  162.300650][T10656] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.322176][T10660] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2284'.
[  162.351773][T10656] vhci_hcd: invalid port number 96
[  162.357065][T10656] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  162.388182][T10664] netlink: 'syz.1.2285': attribute type 4 has an invalid length.
[  162.426235][T10666] loop1: detected capacity change from 0 to 2048
[  162.441880][T10666] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.485751][T10666] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  162.502233][T10666] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  162.514806][T10666] EXT4-fs (loop1): This should not happen!! Data will be lost
[  162.514806][T10666] 
[  162.524683][T10666] EXT4-fs (loop1): Total free blocks count 0
[  162.530807][T10666] EXT4-fs (loop1): Free/Dirty block details
[  162.536986][T10666] EXT4-fs (loop1): free_blocks=2415919504
[  162.543030][T10666] EXT4-fs (loop1): dirty_blocks=16
[  162.548220][T10666] EXT4-fs (loop1): Block reservation details
[  162.554348][T10666] EXT4-fs (loop1): i_reserved_data_blocks=1
[  162.561553][ T8154] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.583493][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.640634][T10675] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2287'.
[  162.649624][T10675] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2287'.
[  162.665620][T10679] SELinux: security policydb version 18 (MLS) not backwards compatible
[  162.676660][T10679] SELinux: failed to load policy
[  162.792514][T10693] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2295'.
[  162.823253][T10697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2296'.
[  162.847518][T10699] loop2: detected capacity change from 0 to 1024
[  162.862770][T10699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.912605][T10699] vhci_hcd: invalid port number 96
[  162.918096][T10699] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  163.124521][T10723] loop1: detected capacity change from 0 to 512
[  163.132373][T10723] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  163.134324][T10722] netlink: 'syz.4.2305': attribute type 4 has an invalid length.
[  163.144282][T10723] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.2306: invalid block
[  163.149773][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.161748][T10723] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2306: invalid indirect mapped block 4294967295 (level 1)
[  163.184774][T10723] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2306: invalid indirect mapped block 4294967295 (level 1)
[  163.206713][T10723] EXT4-fs (loop1): 2 truncates cleaned up
[  163.213147][T10728] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2307'.
[  163.223359][T10723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.237823][T10723] FAULT_INJECTION: forcing a failure.
[  163.237823][T10723] name failslab, interval 1, probability 0, space 0, times 0
[  163.250517][T10723] CPU: 0 UID: 0 PID: 10723 Comm: syz.1.2306 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  163.250583][T10723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.250599][T10723] Call Trace:
[  163.250607][T10723]  <TASK>
[  163.250616][T10723]  __dump_stack+0x1d/0x30
[  163.250642][T10723]  dump_stack_lvl+0xe8/0x140
[  163.250664][T10723]  dump_stack+0x15/0x1b
[  163.250686][T10723]  should_fail_ex+0x265/0x280
[  163.250745][T10723]  ? inode_doinit_use_xattr+0x3c/0x2d0
[  163.250777][T10723]  should_failslab+0x8c/0xb0
[  163.250808][T10723]  __kmalloc_cache_noprof+0x4c/0x320
[  163.250848][T10723]  inode_doinit_use_xattr+0x3c/0x2d0
[  163.250953][T10723]  inode_doinit_with_dentry+0x596/0x7a0
[  163.250997][T10723]  selinux_d_instantiate+0x27/0x40
[  163.251103][T10723]  security_d_instantiate+0x7a/0xa0
[  163.251134][T10723]  d_splice_alias+0x50/0x280
[  163.251162][T10723]  ext4_lookup+0x194/0x390
[  163.251232][T10723]  __lookup_slow+0x190/0x250
[  163.251269][T10723]  lookup_slow+0x3c/0x60
[  163.251371][T10723]  walk_component+0x1ec/0x220
[  163.251402][T10723]  path_lookupat+0xfe/0x2a0
[  163.251437][T10723]  filename_lookup+0x147/0x340
[  163.251503][T10723]  filename_getxattr+0x54/0x180
[  163.251533][T10723]  __x64_sys_lgetxattr+0x10f/0x140
[  163.251579][T10723]  x64_sys_call+0x1b0e/0x2fb0
[  163.251696][T10723]  do_syscall_64+0xd2/0x200
[  163.251714][T10723]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.251741][T10723]  ? clear_bhb_loop+0x40/0x90
[  163.251762][T10723]  ? clear_bhb_loop+0x40/0x90
[  163.251791][T10723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.251865][T10723] RIP: 0033:0x7f6c17ece929
[  163.251886][T10723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.251904][T10723] RSP: 002b:00007f6c16537038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  163.251945][T10723] RAX: ffffffffffffffda RBX: 00007f6c180f5fa0 RCX: 00007f6c17ece929
[  163.251961][T10723] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000
[  163.251976][T10723] RBP: 00007f6c16537090 R08: 0000000000000000 R09: 0000000000000000
[  163.251992][T10723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.252008][T10723] R13: 0000000000000000 R14: 00007f6c180f5fa0 R15: 00007ffe5afd1e98
[  163.252033][T10723]  </TASK>
[  163.500485][T10735] loop2: detected capacity change from 0 to 764
[  163.510629][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.520162][T10735] Symlink component flag not implemented
[  163.526248][T10735] Symlink component flag not implemented (116)
[  163.543807][T10738] loop5: detected capacity change from 0 to 1024
[  163.557703][T10740] loop4: detected capacity change from 0 to 512
[  163.564720][T10738] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2311: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  163.565659][T10740] EXT4-fs: Ignoring removed i_version option
[  163.583975][T10738] EXT4-fs (loop5): get root inode failed
[  163.591537][T10740] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  163.594559][T10738] EXT4-fs (loop5): mount failed
[  163.606783][T10740] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e02c, mo2=0002]
[  163.621961][T10740] System zones: 1-12
[  163.626192][T10740] EXT4-fs (loop4): orphan cleanup on readonly fs
[  163.637544][T10740] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2312: invalid indirect mapped block 12 (level 1)
[  163.645045][T10738] FAULT_INJECTION: forcing a failure.
[  163.645045][T10738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.663945][T10738] CPU: 1 UID: 0 PID: 10738 Comm: syz.5.2311 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  163.664061][T10738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.664068][T10748] loop2: detected capacity change from 0 to 764
[  163.664200][T10738] ==================================================================
[  163.664245][T10738] BUG: KCSAN: data-race in data_push_tail / vsnprintf
[  163.664310][T10738] 
[  163.664318][T10738] write to 0xffffffff88e541f7 of 32 bytes by task 10748 on cpu 0:
[  163.664339][T10738]  vsnprintf+0x2ce/0x890
[  163.664370][T10738]  vscnprintf+0x41/0x90
[  163.664400][T10738]  printk_sprint+0x30/0x2d0
[  163.664425][T10738]  vprintk_store+0x599/0x860
[  163.664447][T10738]  vprintk_emit+0x178/0x650
[  163.664472][T10738]  vprintk_default+0x26/0x30
[  163.664497][T10738]  vprintk+0x1d/0x30
[  163.664529][T10738]  _printk+0x79/0xa0
[  163.664568][T10738]  set_capacity_and_notify+0x14c/0x1f0
[  163.664615][T10738]  loop_set_size+0x2e/0x70
[  163.664637][T10738]  loop_configure+0x8d3/0xa50
[  163.664680][T10738]  lo_ioctl+0x559/0x15d0
[  163.664721][T10738]  blkdev_ioctl+0x34f/0x440
[  163.664760][T10738]  __se_sys_ioctl+0xce/0x140
[  163.664798][T10738]  __x64_sys_ioctl+0x43/0x50
[  163.664834][T10738]  x64_sys_call+0x19a8/0x2fb0
[  163.664865][T10738]  do_syscall_64+0xd2/0x200
[  163.664887][T10738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.664915][T10738] 
[  163.664923][T10738] read to 0xffffffff88e54208 of 8 bytes by task 10738 on cpu 1:
[  163.664943][T10738]  data_push_tail+0xfd/0x420
[  163.664987][T10738]  data_alloc+0xbf/0x2b0
[  163.665026][T10738]  prb_reserve+0x808/0xaf0
[  163.665065][T10738]  vprintk_store+0x56d/0x860
[  163.665089][T10738]  vprintk_emit+0x178/0x650
[  163.665108][T10738]  vprintk_default+0x26/0x30
[  163.665129][T10738]  vprintk+0x1d/0x30
[  163.665162][T10738]  _printk+0x79/0xa0
[  163.665199][T10738]  dump_stack_print_info+0x1a0/0x1b0
[  163.665223][T10738]  __dump_stack+0x11/0x30
[  163.665244][T10738]  dump_stack_lvl+0xe8/0x140
[  163.665274][T10738]  dump_stack+0x15/0x1b
[  163.665296][T10738]  should_fail_ex+0x265/0x280
[  163.665336][T10738]  should_fail+0xb/0x20
[  163.665373][T10738]  should_fail_usercopy+0x1a/0x20
[  163.665419][T10738]  _copy_to_user+0x20/0xa0
[  163.665444][T10738]  simple_read_from_buffer+0xb5/0x130
[  163.665485][T10738]  proc_fail_nth_read+0x100/0x140
[  163.665531][T10738]  vfs_read+0x1a0/0x6f0
[  163.665572][T10738]  ksys_read+0xda/0x1a0
[  163.665615][T10738]  __x64_sys_read+0x40/0x50
[  163.665660][T10738]  x64_sys_call+0x2d77/0x2fb0
[  163.665690][T10738]  do_syscall_64+0xd2/0x200
[  163.665712][T10738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.665742][T10738] 
[  163.665746][T10738] value changed: 0x00000000fffff56e -> 0x2065676e61686320
[  163.665761][T10738] 
[  163.665765][T10738] Reported by Kernel Concurrency Sanitizer on:
[  163.665779][T10738] CPU: 1 UID: 0 PID: 10738 Comm: syz.5.2311 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  163.665816][T10738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.665834][T10738] ==================================================================
[  163.665872][T10738] Call Trace:
[  163.665948][T10738]  <TASK>
[  163.665958][T10738]  __dump_stack+0x1d/0x30
[  163.665984][T10738]  dump_stack_lvl+0xe8/0x140
[  163.666012][T10738]  dump_stack+0x15/0x1b
[  163.666037][T10738]  should_fail_ex+0x265/0x280
[  163.666080][T10738]  should_fail+0xb/0x20
[  163.666164][T10738]  should_fail_usercopy+0x1a/0x20
[  163.666210][T10738]  _copy_to_user+0x20/0xa0
[  163.666263][T10738]  simple_read_from_buffer+0xb5/0x130
[  163.666310][T10738]  proc_fail_nth_read+0x100/0x140
[  163.666360][T10738]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  163.666464][T10738]  vfs_read+0x1a0/0x6f0
[  163.666508][T10738]  ? __rcu_read_unlock+0x4f/0x70
[  163.666541][T10738]  ? __fget_files+0x184/0x1c0
[  163.666573][T10738]  ksys_read+0xda/0x1a0
[  163.666621][T10738]  __x64_sys_read+0x40/0x50
[  163.666696][T10738]  x64_sys_call+0x2d77/0x2fb0
[  163.666728][T10738]  do_syscall_64+0xd2/0x200
[  163.666753][T10738]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.666857][T10738]  ? clear_bhb_loop+0x40/0x90
[  163.666889][T10738]  ? clear_bhb_loop+0x40/0x90
[  163.666920][T10738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.666952][T10738] RIP: 0033:0x7f413ec9d33c
[  163.666973][T10738] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  163.667029][T10738] RSP: 002b:00007f413d307030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  163.667057][T10738] RAX: ffffffffffffffda RBX: 00007f413eec5fa0 RCX: 00007f413ec9d33c
[  163.667075][T10738] RDX: 000000000000000f RSI: 00007f413d3070a0 RDI: 0000000000000004
[  163.667095][T10738] RBP: 00007f413d307090 R08: 0000000000000000 R09: 0000000000000000
[  163.667113][T10738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  163.667144][T10738] R13: 0000000000000000 R14: 00007f413eec5fa0 R15: 00007ffe2e5681c8
[  163.667195][T10738]  </TASK>
[  163.679208][T10740] EXT4-fs (loop4): Remounting filesystem read-only
[  163.702749][T10740] EXT4-fs (loop4): 1 truncate cleaned up
[  163.723117][T10748] FAULT_INJECTION: forcing a failure.
[  163.723117][T10748] name failslab, interval 1, probability 0, space 0, times 0
[  163.728154][T10740] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  163.731576][T10748] CPU: 0 UID: 0 PID: 10748 Comm: syz.2.2313 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(voluntary) 
[  163.731614][T10748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.731633][T10748] Call Trace:
[  163.731642][T10748]  <TASK>
[  163.731654][T10748]  __dump_stack+0x1d/0x30
[  163.731758][T10748]  dump_stack_lvl+0xe8/0x140
[  163.731787][T10748]  dump_stack+0x15/0x1b
[  163.731889][T10748]  should_fail_ex+0x265/0x280
[  163.731935][T10748]  should_failslab+0x8c/0xb0
[  163.732038][T10748]  kmem_cache_alloc_noprof+0x50/0x310
[  163.732078][T10748]  ? alloc_empty_file+0x76/0x200
[  163.732171][T10748]  ? mntput+0x4b/0x80
[  163.732208][T10748]  alloc_empty_file+0x76/0x200
[  163.732245][T10748]  path_openat+0x68/0x2170
[  163.732286][T10748]  ? _parse_integer_limit+0x170/0x190
[  163.732348][T10748]  ? kstrtoull+0x111/0x140
[  163.732387][T10748]  ? kstrtouint+0x76/0xc0
[  163.732429][T10748]  do_filp_open+0x109/0x230
[  163.732554][T10748]  do_sys_openat2+0xa6/0x110
[  163.732606][T10748]  __x64_sys_openat+0xf2/0x120
[  163.732694][T10748]  x64_sys_call+0x1af/0x2fb0
[  163.732726][T10748]  do_syscall_64+0xd2/0x200
[  163.732753][T10748]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.732814][T10748]  ? clear_bhb_loop+0x40/0x90
[  163.732844][T10748]  ? clear_bhb_loop+0x40/0x90
[  163.732878][T10748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.732908][T10748] RIP: 0033:0x7f90be7be929
[  163.732977][T10748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.733011][T10748] RSP: 002b:00007f90bce27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  163.733039][T10748] RAX: ffffffffffffffda RBX: 00007f90be9e5fa0 RCX: 00007f90be7be929
[  163.733057][T10748] RDX: 0000000000000042 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  163.733133][T10748] RBP: 00007f90bce27090 R08: 0000000000000000 R09: 0000000000000000
[  163.733152][T10748] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[  163.733170][T10748] R13: 0000000000000000 R14: 00007f90be9e5fa0 R15: 00007ffd8720a798
[  163.733197][T10748]  </TASK>
[  164.411908][T10740] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  164.422183][T10740] SELinux: failed to load policy
[  164.427960][T10740] SELinux: syz.4.2312 (10740) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  164.454659][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.