last executing test programs:

31.331961805s ago: executing program 4 (id=321):
r0 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e1504511602", 0x10}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f00000003c0)="5825be06000000000000007ca2646314d1787b351f0d5ce5d3eaae4571c85e0d08778cfdacf4db98", 0x28}], 0x1}}], 0x2, 0x4004040)

31.331634984s ago: executing program 4 (id=322):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa1000000"], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r0, 0x0, 0x80000}, 0x18)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

31.296918197s ago: executing program 4 (id=324):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
open$dir(0x0, 0x500, 0x20)
getsockopt$WPAN_SECURITY(r0, 0x0, 0x1, 0x0, &(0x7f0000000080))
r1 = io_uring_setup(0x6ed2, &(0x7f0000000240)={0x0, 0x205f, 0x1, 0x3, 0x185})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYBLOB="010000000000000000001d0000220c000600010000000100000018002f7d08000100000000000c000209"], 0x38}}, 0x0)
r5 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400340008"], 0x2c}}, 0x0)
sendto$inet6(r5, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
eventfd2(0x1, 0x80800)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000080), 0x4)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000008000/0x1000)=nil)
close_range(r1, 0xffffffffffffffff, 0x0)

30.576752135s ago: executing program 4 (id=329):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000040000000a00000040000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000200"/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
iopl(0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000001e40)={'ip6tnl0\x00', &(0x7f0000001dc0)={'syztnl2\x00', <r4=>0x0, 0x2f, 0x8, 0x7, 0x9, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @empty, 0x7800, 0x81, 0x6, 0x8}})
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001e80)='/sys/kernel/cpu_byteorder', 0x8000, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000021c0)={r1, 0xe0, &(0x7f00000020c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000001f00)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000001f40)=[0x0], &(0x7f0000001f80)=[0x0, 0x0, 0x0], <r6=>0x0, 0x3e, &(0x7f0000001fc0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000002000), &(0x7f0000002040), 0x8, 0xa, 0x8, 0x8, &(0x7f0000002080)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000002200)={0x7, 0xc, &(0x7f0000001c80)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x7, 0x1, 0x0, 0xb, 0x1, 0x50, 0x10}], &(0x7f0000000c00)='syzkaller\x00', 0x9, 0x8c, &(0x7f0000001d00)=""/140, 0x41100, 0x20, '\x00', r4, @fallback=0x8, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001ec0)={0x5, 0x6, 0x0, 0x7}, 0x10, r6, r1, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="01002cbd7000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x8880)
sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000640)={&(0x7f00000022c0)=ANY=[@ANYBLOB="000000000004ae464d8c", @ANYRES16=r7, @ANYBLOB="010027bd7000fedbdf25090000000800030008000000080002000100000008000400fbffffff08000200040000001c00068008000300e0000001050002004b000000080003007f000001080004007920d0330800020002000000"], 0x60}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x40)
getpeername$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = getgid()
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000002380), 0x4)
getresgid(&(0x7f0000000c40), &(0x7f0000000140)=<r10=>0x0, &(0x7f0000000240)=<r11=>0x0)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000200)='.\x02\x00', 0x10814, &(0x7f0000000700)=ANY=[@ANYRES8=r10, @ANYRESHEX=r11, @ANYRES32=r10, @ANYRES8=0x0, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=")
lstat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0})
r13 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r13, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r14=>0x0}, &(0x7f00000000c0)=0xc)
mount$bpf(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000006c0), 0x400008, &(0x7f00000023c0)=ANY=[@ANYBLOB="6769643dbded513cbfa6ea2b8d95210abcd142c8fe8fba387489b086f4136d707e289e6517818807428b8ae7288d5bd0708cd92da0eab58176a7271403dfe260472e8a31b35c9d5304cdd116d703d33a6894a57c05018bca64f5741e2e15364638e60ed41560c3ab0f0ed0fdbcecfc0ade1048590e8245207bfb6c78c76cc25de106e72e23f1dcc01aa0cb769323a5e558312c9196ea754ceb1dc6f6d45199dc", @ANYRESHEX=r14, @ANYBLOB=',\x00'])
setgroups(0x4, &(0x7f0000000840)=[r9, r10, r12, r14])
r15 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x26, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx={0x18, 0x1, 0x5, 0x0, 0x4}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @jmp={0x5, 0x0, 0x0, 0xa, 0x9, 0x100, 0xfffffffffffffffc}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x2}, @cb_func={0x18, 0xe, 0x4, 0x0, 0xfffffffffffffff8}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xff}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000a00)='GPL\x00', 0xfffffffa, 0x1000, &(0x7f0000000c80)=""/4096, 0x41100, 0x56, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000a40)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000a80)={0x1, 0x1, 0xe, 0x2}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000ac0)=[r0, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000b00)=[{0x0, 0x5, 0x7, 0x4}, {0x3, 0x4, 0xf, 0x9}, {0x0, 0x3, 0x8, 0xa}, {0x5, 0x4, 0x6, 0x1}], 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r15}, 0x18)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

30.233979673s ago: executing program 4 (id=332):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
kexec_load(0x4, 0xa, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0xf0, 0x30, 0xffff, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x1}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x6c, 0x2, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1b1, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x26e6}}, @TCA_GACT_PROB={0xfffffffffffffe74, 0x3, {0x1, 0x18a8, 0x6}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xf0}}, 0x0)

30.002342742s ago: executing program 4 (id=338):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
ftruncate(r2, 0xc17a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = io_uring_setup(0x7bb2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x3, 0xfffffffc})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0xff01000000000000, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
socket$unix(0x1, 0x1, 0x0)

29.970817374s ago: executing program 32 (id=338):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
ftruncate(r2, 0xc17a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = io_uring_setup(0x7bb2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x3, 0xfffffffc})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0xff01000000000000, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
socket$unix(0x1, 0x1, 0x0)

2.11218471s ago: executing program 0 (id=695):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close_range(r1, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x7fff}, &(0x7f0000000200)=0x8)

1.555133185s ago: executing program 2 (id=700):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x80}}, &(0x7f00000007c0)='GPL\x00', 0x6, 0x0, 0x0, 0x41002, 0x8, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
close(r0)

1.521249427s ago: executing program 2 (id=702):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}, 0x1, 0x0, 0x0, 0x68840}, 0x4)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}}], 0x1, 0x2, 0x0) (fail_nth: 6)

1.279588757s ago: executing program 1 (id=703):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
readlinkat(r7, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=""/147, 0x93)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r9}, 0x3d)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r10}, 0x3d)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r3, r8, 0x0, 0x7fffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000001c0)={'gretap0\x00', <r11=>0x0, 0x8, 0x8000, 0x1ff, 0x1, {{0x12, 0x4, 0x2, 0x1b, 0x48, 0x67, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, {[@noop, @generic={0x83, 0xa, "2d696f3b736330c9"}, @noop, @rr={0x7, 0x7, 0xb7, [@remote]}, @generic={0x94, 0x6, "1e6133f3"}, @timestamp={0x44, 0x18, 0x19, 0x0, 0xb, [0x2, 0x6, 0x7fffffff, 0x401, 0x1]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000004c0)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl0\x00', r11, 0x10, 0x7, 0x8, 0x10000, {{0x10, 0x4, 0x0, 0x3, 0x40, 0x64, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@ssrr={0x89, 0x1b, 0xc8, [@dev={0xac, 0x14, 0x14, 0x25}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback, @remote, @dev={0xac, 0x14, 0x14, 0x14}]}, @lsrr={0x83, 0xb, 0xe6, [@multicast1, @dev={0xac, 0x14, 0x14, 0x2e}]}, @noop, @lsrr={0x83, 0x3, 0x2a}]}}}}})

1.272749107s ago: executing program 2 (id=704):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r1, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}}, 0x40006)

1.219753052s ago: executing program 0 (id=706):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
fsmount(r0, 0x0, 0x0)

1.219324022s ago: executing program 2 (id=708):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xfd, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0xffffff8a)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x6}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x1000000}]}, 0x10)

1.168018896s ago: executing program 0 (id=710):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
getgid()

1.121143729s ago: executing program 2 (id=711):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01030000000000000000010000000800010014000000080003"], 0x30}}, 0x44)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r3)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r3)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r7=>0x0})
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100a57300000000b404000000000000bb1f9190a51c02e0f5ffffff774964b97cc096f16291ef8e5795c4225e490f4c9d9c5a2f362644386e64e9100889d435e77ca14c17ec01db000002008d40b0506005f808f9c07f6dcd1a6e1d179f5a7cdd", @ANYRES32=r7, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e310000000000000000000000140006"], 0x60}}, 0x8000)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r3, &(0x7f00000006c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="040064f1df9966c41827bd7000fbde62adfb", @ANYRES32=r7, @ANYBLOB="0c00990007000000570000000400f4000400f4000400f400"], 0x34}, 0x1, 0x0, 0x0, 0x20004840}, 0x1)
sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x300, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xd0}, 0x1)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x7fff, 0x0)

1.12097267s ago: executing program 3 (id=712):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x80}}, &(0x7f00000007c0)='GPL\x00', 0x6, 0x0, 0x0, 0x41002, 0x8, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
close(r0)

1.11864016s ago: executing program 2 (id=713):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000fc0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xe, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000003d80)=ANY=[@ANYRES64=r2, @ANYRES64=0x0, @ANYRESOCT=r0, @ANYRES32=r1, @ANYBLOB="8190ec87e308603f2ae9d42e10744e60957da896ac0b008bc5da9bf008b827fff5fda14c3b879c464d7ad12c3b912d1abfc05c340bbd8ba5b5422a4f986c0cf9e41ff45b64c73883f7ea5c9dc92c7a37f3902c1da264641e4bc123e7abf04a6bfda8f041ef551f4ae978cfe46f09de6b6cfff7f277319d33f9b1dbb77eebb55ae8a405261ae334161baa9074ac07fa8ff845b9866fed1a82d22720628441222b703973957f404905667ae98d13fe9b43bdc6b5b4a3a42647b07ef477e0bd51fca181514157796ab950b6a9bda6efa5dd61106a718a623d1e1a818b1cd02d9bc114fb7bcbf7c6a31c9f540b8d657575f07e7baa0de136b24b17d6998e3772cdc1f664b46025d4e2f5ba237b83eaaa25f69ec5e77cd7b8ab9cc35f77fe9b2787709e34aed9b051ffb94b1d304b5c9429e258cbf29a6ce625122d1613131c652baa9d70cb185e665d2c0532aae2cad48d170a256b2ef336c53bf43ff0c1c000fa2417b6ef2999e34a5c46456be618fcb89c73cdf3731792e63d51894eb1e0e6cce2c7fbadd708877e6030807627f5a854dd764c675e612f2501eec1919baca29846185c6270169ad26b2937b4556c3282b3852493690d323698053d5137546919bf2ef66c91d9e304170c0f01ff01da37bb696149cb3086ff5077f5453bdb178316e7108cd3a5e3c27974000067c28f4e600eb5c03d7b6e4c46b52f3ccaafbfee5213dbac0b6cf52b72445707ce0753080af6545b153dd5fe717aa2344ce140551aed47d257b52df802f409594a4025db6b1f93748cda370d3398cd5ca15b869934a884b631fa37200337de59e0fb789fd4ae3b4f4ba14c75e1fec0950fbac4340ea7f6ad4e365475f025c96e00360f6190a1bf4c9c35996e0f37e235749f40fbae99141a2efab3d933b822b68a430e008ca22330b895932c33a25ad00e9301a138fc6ba8cc269ab31ceb4a5e5ac826da8bd7447a04d47bb81d2c4c1f5f45b79e805c766582be2c7d1f10d522c04033d586be25e9e4c27717fdc9e8c780eab7351f606e8763af649c1bfa086af143d5a67c5ba196fbc1bf6695a1946384a9e4bbbf99814a407ec474b2c09fbd4fc84b02ab18c9904fb0933ddbf038cee78b5850aa8c4796b38fa88f4e28245fda3c861eb62a57b95cb9f24c128480262977dce7ef669a5f6c537d53ad88a45bc116d17618af52929867ad8238d9d16c9153c9399538629c752083422f0579447fb9e0bbd3d48f738407e2f039509cc70927bd80ffc45099fced3453b92c682d9208c82254798caf861520c6064acb36d3ef6eb89efc6e3b8f1ff2c032664d3d9ae22019ac5e67999c02ecd6a75bdb0b1e5ac24bf142c66e13e71ed8ff639832375cfe53124d50ea7c15a469cfa85f8702a70d159c826cfdf26b41d7477d400fbd283f94ab6cc7cde993d4658adc8ba31793dc1bbfd9be11ad95932b8fcc55ead0b72c9841e32deb5873b45d7af012d611b9e20a30a2845a6933b5ab49ebf138d0c2c314b90cd513c63a8ef806446d5f3af1c09c05c6b72b5f407b6cc01384e7e8b9c63cf5a527d8dadb9fc409ddc46e0a8105238af35c5eff8d921fc68fe0a074e55cd330ea9378d94b1ef5bcd139c625c00efba91ba6e628b2ffe4e543a9e7082f02289f9239dd7334fb68eb87880a8918a2fccbd930bdaabe3523fee4a4ac324b8e4267d94cb9dcdb94d4bef3fb5cf75f172fc1a30bb6d0f078dcfb70c9db412ebc53edb08f63a4ad552e0fe2980cd17858aced27677fe530eed822f25fe9ca10a79ab8bfb225938697747aa24d4ea3beca7790161493f38446f050d53ae66b3e6d67f20453c2e6284eb158dcecb52f8755acf5b748afaa84f1d46d4f12d316448e68c9568c681de14bb27431b2722287f7e274289439c22ad6aaf20eaf5fa20f983df8a65cb2ec1fa6110d55760891cd7485d677ef68569f4f5285a89a14365583b03b5383ac0f92ca6d0fff5ec72ccc35065f7780470781da6d1de1311403abdec42600d4039f1bfe12686569d25fe416f28f3af2a530f188a8f18fe24a215a8ebaac1e6cc82557416efcd05135fffb85247bca75c1d9601dc4da38377b15d71aea03501690bdb2e1b12c9738d303feafbb183d498c50d8000f5a78102a15999bac2679d6ee9405f7f522ed2832d839c9459627fb41448646cadbc8dfe831c4d876d5f7b0b196e05aed4c2ce059412e895faab97267a904004e14f00e24112eda67f945a1c4c54eeec07dccd6147a245a2bea35547ed35eb89330b5416f9b611ba34f3cf67dcc979061867eb2c6f27e2b5716b6b80948804a36de633f46bfbd65b569046247dc0bfdc942977eabce1860b453bfaeede0c43e145901372e8aefe0ef13358a4681967ae0b28b406b05c348e48bdd2c34431b87be25ec4d528b25210c97b612cd80d0b59185b5feedcb267d18ae097d6b55b77607fddd70c61a5bceb50e0e424f0cf856da9614ff5c3b24d2c305aa363e43bc96c6f5d57f400206274e4e521abdc14b41ec97e3839942b7966686573681acca29f5dac69a5a7e677c311fe3e1d71dd95a05bdd724d74748f39919e1ae80a10ebd565e16072188fd82770f391c1714ff321030adfddf9c69dbc78e61c586f4b32710b2dcb6a02522be13ea9d5be7046bd333367e03e52e65d9acba64d0ea021288e136c1641d0560e61d5b6a799e329732a312ca186ece15695a6cb1b30dcccddf6b19546b95f05d812a0bdf28ccce2b77b3460b735ab581d25518a76e4d7158406cef61eae37b9e01408be8901953ea2d95149cf5de1fffabf883861e696dd0233b3a1fca34434fd7b96c32b58cfe202585065ca49c9250622e2c8e554ad1e66573bbc72802081ae9f9c4daadd65a41cefe2c5ea8de2518f8b68840f74baf49f4327c792ea4f4d1724285f21f5cd8ee3826c52bfc9a55038bf7fb95a4bb383b9d353ef4523aaf6233f7e92f726b3283c0e9ee97e90b2037b89ab559c66df0150f8d8841d7137937160141654f598ceba849fedb0f8fdaef68553ae5df9f6d4b35affb166735a907dbafa46a1566ca5d00d40d171aa54c8fbf90d7ced122a332e5469320ef2a9ca87c63a00d76785bbb8d5c38ef69e6ba4a886c605f5efb2a87bea768887b0ebcd12521920e253be401b9c7eaa228dd62a6f517f743f1d8999e200bf853e2b59b84b414fce6cefb756a9965d3b9cb994da3042a781a2095503d347e863e8a2f8b733f7563b7d4d6e14bc717fefc322ec651fe74d6f10ef1f2e200f4ea79b0330346248f6c9b0d781c65db79e77a67faca71ea204b025e75144ef5360336f117f624b899063ee5b1b38e1634493d518e5e822638a1206eb528c949b5bf6dd8eb11478506ecd01787b83101a6710bda1aca0f9e9d5878e6fc24b6e1821099358df6562088391bbdfc79c850f28620edaf7e9da0f49152ebb77587b35feb1539a2a3ce06cfcaf3e5e522d64216f391008b9477700ac465946b2c83cb4039ee908f09795e7309bb476366febbf4266c6daa74957ddf8662f8274e6ce2f0884fbf2d3d49c4518170e12470cc4133d511c1b0ca05df21c6b0f39bc854d5b3ba3e4ebbf6cece0f0aa0e7eec1c7f07b8afa9840b15ec9571dd205452f22b8b779e8e0adccc7918a5c660a61dc1f771490e057cf33af3fa8168b057a483fa01599b2afaa49a22a5753018e5d9539d4fc92a8d284675853e5275b89b6971902d2fb71405aa8477beb134ff7c8f7f7c77514674bfd0409fd0e47e41bc6d0ac637d209fb0ceec3d52239078d4beea5cdda7ae0d338b91824d1b1eddd6f63817fd8ee7d95a9d11b1948a2403be1e3a3671a2f6d42059d95b68bb299061d6fb3263cb58cba47ac3ab79b26f14bf2057d4cdca1b487d6a7e71cf9858e85ab4ae9badb60a8da116b14f45214a9bc9c3844e41ef08a3f50bbcfdda9b1f539384565612d553c43b5e594668802f3c294f5656b10da2232409067f3a2e6e699c1176806f580306095412d67f5b65420ee947e8e9a359a1c64254c1df89cd4e3fa4fffd2a6f677395f354e8c43b8ee5867ae5e2a473ce644bfc4e4ecda3727397de9acab85b3b1dd85ef8a6ceb69dfc326a025f3001ce2e9f07aba7bc51dc2141eaaaf8ebb2efc59b4f4429996aaa555c372bac264bf887997b40d65d9d25efede80de093e1dda02429b04a1b535a038e8a854e4b46cc3867b81f38ea36ab92b9e6e784eb3010cec031a05f62558b40171907fcd8d4d732e66f8a6148d22a5610e3d63857de6351d673c19efa08b316e5d47dff8e34d6f83d1fb35244d67435533f4a38ae2c04414698d9c3cda48f0539b55a996d06665450cfd6ca512ce6c3a755d22196eafb33b22d8264f244e9b5cd0210317596c470b07dea90b605be5e6a5c5629d972f219cf048c181361f9af72af704130008129245ff834098aec82804fceba955fb11d2042ca1c5dd844596158a68a454355d35e89bcc1feec89a242618cba17aaeaafdb6cce3d3118b8e7821d0a220c7c924795cfff83d1aff6afcfa476cbc2c0fea732e31d6b2db09eb34c8222e2dd2589b0248b82032f43afe3ba26a3872046b80c920f009b24fd86a35ab0deaffa00985cccc53a9d6eaa39a707e8c66a7af9748701d2acdc84d94afe15fb40b4e005eb96dd67f50fba18e68a0c1deb7a8e750d31954fd148dc68d932538d75bcdba401259a1ff4427ef735f0db34e7be65c5d20ace137b4f7cc140a5e4fe2aa0ecb233799e319f52fd4b2c436a7c9ebee87f24658761cc2fb200a18821efab9719e115e7258b0166b332b48c34c905831683c5bc877ea660b439c615d1d6a580c73882d62627c1054acc41e06bd8d815e348495e27705f3c1d642e988c894a755d714bb0f1302daec6ff67f78c821a359174f0273ae9b7c3bf60947d29b5871b3f902549a38031ea0f9f243592e74ddb3d1843610f1d3251bacd3fe24dbc86d488ef7458133eb7bced001ec78d05a8ca61e9c534ab10eed30819ff96de3294edb672810e0241a90a79a9c838e622dcd395bda50fc08db11162151c7514916b36c15aad74e9b587bb7e88fb92183b1161edeb73c1563a7f56970a384c0ae331c0933cf7b9795975c322a6175189bb36817e4f0409ec5fd09a5ab1611118e77b2cf2be7861853ab411052636f4c76c2759c31e225b7fff4fcf0a4338ed428f62738a7cd8168c5e48f78d9afc6d6aa4f83c6ac36b3504a98cb44933820ee37b094daca7b9fadb12001541dbc299f4e2b324e8508a1bb47d48400fc0afdaa7fdc34b35129e1487331ec14dace215ccf86f1c7af1ae458c6e9c8fc253f9858e3872921e92eba1ebccde303d44708244da779d7e729f50c4e27be9d5a5e8a1e59727b546f4305b04ab94bf83fec8cf3a55fe56adb41ab3f220add7bb185d15bb0904b9f91e6eca9b4391e15412f8d69bb7198c7d7a664084ea51abb9052b5643f7ea0b6286473f8691d8ee00d1b13f35d04dabba07c4f98c2635f99c6da52d4cca6f178769e6e171e26e8ab2413b6e2f036209a100f00eb056839079de588a813d2903fec443bd7b7342cdc63f3314222a4dc7385d86a72907aec5b9cd40e16c9544e4ee9e3c0967a4fb89ff7677ed8b813af2cdd00d405ca841b216e364e4889f79cc06fd37b0a7b6e4fc73c44ce3a3ad80dacffbcf26922d93d2fb14c1b4ec71783754fdc7d56d4d73e65c0434645e664e55db68f113124a08fc946cdcfc0b8f50d50eca229180f29042e83d9d742400ccb92a371c6a45bc6e541f187bf284c2703de7d2febd33230abc77df4d", @ANYRESOCT=r3, @ANYRESDEC=r0, @ANYBLOB="b6902ae551a6648c340aad40915ab459f678b2f54f00d7d74dc7551b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060500000000000000000001000006050004000100000011000300686173683a69702c706f7274000000000c000780050003000a0000000510050002000000050005000100000012000300686173683a6e65742c706f7274000000"], 0x60}}, 0x4008004)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000140)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x445, &(0x7f0000000200)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240), 0x5a)
write(r7, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c48f52a50185980", 0x30)
sendfile(r7, r5, 0x0, 0x3ffff)
sendfile(r7, r5, 0x0, 0x7fffeffd)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x19, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r8 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$iso9660(&(0x7f0000002900), &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f00000002c0)=ANY=[], 0x1, 0x5b1, &(0x7f0000001000)="$eJzs3MFv29YZAPDHxK4NBwsGFGvSNEDZtIfsEFeSFwdGBywaTdtsJVEg5cI5DcXiZMHsblg2YMmly6VDgQ077bz1utOO+6d62T/ggRLlybIzuWkbZcDvB8TvUfzI9z2C4QcRIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKJks9FoRqGT9Xb34udLNou8e7y0EKbXj/f3rxPNCYsTf0MUQlT9C8vL4eroo6uv/zf2B9WfG+HKaOlKWK6a5fD00hvf/+D1hQvVhotRdCqLl+3xk6e//OTgYP83X2Obo6Ojz6rZfIdpvTTbaS8r86zb3k7jrMzjjfX1xvs7W2W8lXXS8l45SLtxUqTtQV7EN5O7IYSNtThdvZfv9rY32500vpn8MG5ubNy51Wo01uMPV/tpuyjz3vsfrpbJTtbpZL3tYUy1+lbr7XCnOhE/ygbxIG134/jBo4P9tVlJVkHN8wS1ZgW1Gq1Ws9lqNddvb9y+02gs12fr8QcLjSlhepOF+Z+0vHSv1SfKcGF8jXvtW7uIwws6Sv4y7xQAAACA71g0vMceDe/LXx32trJO2jgRcxTNLT0AAADgWzD8an+lvgEQwtUQnf7+DwAAAPx/+/u4c+YzdiGKQtlfisaPqvT33osO21WvfXhx9NHF6T0Otq5Fl+udDJv1hXopSa9Hb46C3hxHf1U3D57/rN8/Q5VHVBSL0bNvlkD4U7g2irl2f9TeH68ZzXZlK+ukq0ne+aAZ2u3LFwbp3uB3nz76fQhFcXTxi173chQePDrYX/35rw7uD3N5Vu3l2WH9C4lTP5Q4mctSmMjlt8fPPdYzvnvyyC8Ob8RUs/6i110ZjduYnP+F0eYXvsb8Pw9vjWLeWhm1Kyfnv1yN2Vw9Y/aTWTT7e+8t1YOdc+ZTWVwfxVy/OTyx3r1Zr1mcyKI1K4vW5PF/oWNxnMW7J7KYPBZrs7JY+4ZZAMzLg+kqdKr+n6q7L3CV+x/VvRqlKuEzq/svZo7yeXhnFPPOtYW6Il0MYeqK3ph1RW+cs66HcHYW/wg3/vbXEHbDjXHw82psNe6fT1TV6PDLaoMvT4/7h1FT/vvhzqWqs3T46/DG4ydPbz06/OTh/sP9T1uttfXGjxqN262wOJxG3ag9AJwhLb6KVgZ/jIoi6/+subHRbA920rjIk4/iItvcTuOsN0iLZKfd207jfpEP8iTvVJ2Ps820jMvdfj+vKklexP28zPaGb36J61e/lGm33RtkSdnvpO0yjZO8N2gng3gzK5O4v/vTTlbupEW8lRdx2U+TbCtL2oMs78Vlvlsk6Wocl2k6EZhtpkefhZBV3V7cL7Juu7gXf5x3drtpvJlW1bI/yKNQ7XA8VtbbyovucLer8z7YAPCKeBzqN9gdv8ru8U/Gq56cWnVmJyzPiJnzFAGAKdNVemneCQEAAAAAAAAAAAAAAKdMPq734/qVPud77O+V7dy9dNaqt+ef2GQnhLDwCqShc87O8quRxmL93/ZF9xOFEGYHf6+KmedVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO9p8AAAD//0n5kWY=")
r9 = socket$unix(0x1, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000280)=[{0x6, 0xbd, 0x0, 0x7fff0006}]})
syz_usbip_server_init(0x1)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x7, 0x0, 0x0, 0x7fff0006}]})
bind$unix(r9, 0x0, 0x0)
sendmsg$netlink(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=r10, @ANYBLOB="02e3275a", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r11 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r11, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)

1.11823428s ago: executing program 0 (id=714):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
fsmount(r0, 0x0, 0x0)

1.082834143s ago: executing program 3 (id=716):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close_range(r1, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={r3, 0x7fff}, &(0x7f0000000200)=0x8)

1.058687564s ago: executing program 0 (id=717):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@noload}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@jqfmt_vfsold}, {@journal_dev={'journal_dev', 0x3d, 0x800}}, {@nobh}, {@inlinecrypt}, {@grpquota}, {@init_itable}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x7, 0x8000c64)
write$binfmt_elf64(r0, 0x0, 0x478)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x2000)
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000080))
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x4}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r2, &(0x7f00000003c0)=""/4096, 0x1000)

1.015909868s ago: executing program 3 (id=718):
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000700)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="37cc1e0c0c3384be8a459df4ab852e3dbd3bafb91f6dd8cbfc8d8672f1bdbfbccc39e39a5fb07711ac5f25a70b114839bf4001119a5b1d229685e478bade3fb6ccca5b43acad9e32afa2fef6948376d2768994e4003e95587d4f3ec05ac076dcd387c243ed8a04c86690ce57e3712b5d4024356ca0e61bd6b3b41b8d4dd7d75c10c74bb2a7dc141ee3a543a7bd3091da1d33908763ac4df1c7acf1374922bb9381b2d3f338dc343b690a8047bae074bc83294ca3f9d4f9437e8ff5d09b4f4cd7f21a4da4010bffa68be35ef3de9f5c067ce4650abda7a03b8db42f890dce1d3a7704dc6e2cfdb78f04370f9cc5a0", @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0xfffe}], 0x1}, 0x0)

956.645423ms ago: executing program 3 (id=720):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010024bd7000fedbdf2501000000"], 0x30}, 0x1, 0x0, 0x0, 0x8040}, 0x4000080)

921.818156ms ago: executing program 3 (id=722):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000240)={'ip6tnl0\x00', <r0=>0x0, 0x4, 0x4, 0x8, 0x3, 0x8, @private0, @loopback, 0x700, 0x8000, 0x3, 0x3}})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000a}, 0xff28)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00', r2}, 0x10)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffb, r3, 0x1)
pipe2$9p(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[], 0x15)
r6 = dup(r5)
write$P9_RLERRORu(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r6, &(0x7f0000000340)=ANY=[], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000040000"], 0x0, 0x80000000}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff0000000003000000000000000000000002000000000000000000000000000002030000000000000000000002"], 0x0, 0x56}, 0x20)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r7, 0xffffffffffffffff, 0x18, 0x0, @val=@netfilter={0x2, 0x1, 0x10}}, 0x20)

603.948331ms ago: executing program 3 (id=725):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x21, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/191, 0xcb}], 0x1, 0x0, 0x59}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r3 = socket$netlink(0x10, 0x3, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

447.997824ms ago: executing program 1 (id=726):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
syz_clone(0x300000, &(0x7f0000000e80), 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r0 = inotify_init1(0x800)
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x24000420)
syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000000040))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_open_procfs(0x0, &(0x7f0000000440)='net/tcp\x00')
pread64(r2, &(0x7f0000000000)=""/65, 0x41, 0x96)

389.697639ms ago: executing program 1 (id=728):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close_range(r1, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={r3, 0x7fff}, &(0x7f0000000200)=0x8)

312.249295ms ago: executing program 1 (id=729):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x80}}, &(0x7f00000007c0)='GPL\x00', 0x6, 0x0, 0x0, 0x41002, 0x8, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
close(r0)

272.753838ms ago: executing program 1 (id=730):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='mm_page_alloc\x00', r0, 0x0, 0x5}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x2c, 0x0, 0x8)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xd, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
syz_read_part_table(0x5c0, &(0x7f0000000000)="$eJzs27+KJFUUB+BfVXdXdYNLa2KoDZsYuYHxsKOyOywYLIKZoKmJiGAgKFONookamRj4AptMIBgZD6IvIMIwBoJmIgZq4Fyp/jc1YySNqPB9QXHuufeccxuqwwr/b2U+SkbXkuO6rrbx/I9k+dLTSbtYrSebfH/ghQd37t5b3K+aXa5KfuqSetOnfzTJY7vGWWyiL8b58MHR+x99/FaTLt35cZJPky4p7fZqq9p80vzl0r9V2+b8u564tq52j16XhzNdRbeyectGq3TaPmre23v+ycHp8nYflPXQWXM5Pcnh1dN1jm+uo0l+vsikXuy2Nm/T7fX1rmqTUspk0Gb7L5gMpj315XfHWTbrndGgtnc2S147e/7JatADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/nrKxWhzmkWlSJeN+9dkzVbc+NF5nnm3G6/Xvw6L9nByczt959/U6bx688s2rb39/9OP0lySj3Dp6qLTt7tzLaQdV46S+SPLobN/5Zdv2jReH6UWW+ermt4/Xo5Qyv8xPqv75edLluctaAAAAAAAAAAAAAAAAAAAA2NOdu/cW9+vZ9uv6epsvmSbVtQ/cy6+llMOU5kp2luTr81RJfkiphltNMr+RpP2gyWajS0q5Mf3nfhF/x58BAAD//++eW/s=")
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x1, 0x7fe2, 0x1, 0x12}, 0x48) (fail_nth: 2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000040), &(0x7f0000000080)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r6}, 0x10)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)

151.623458ms ago: executing program 5 (id=731):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r1, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}}, 0x40006)

131.624089ms ago: executing program 5 (id=732):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r2 = io_uring_setup(0x2754, &(0x7f0000000080)={0x0, 0xfffffffc, 0x100, 0xfffffffe, 0x800001b4})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0), 0x0)

85.262793ms ago: executing program 5 (id=733):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010024bd7000fedbdf2501000000"], 0x30}, 0x1, 0x0, 0x0, 0x8040}, 0x4000080)

83.968103ms ago: executing program 0 (id=734):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680), 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9998500000004000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='mm_page_free\x00', r2}, 0x18)
r3 = dup2(r1, r1)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})
ioctl$BLKTRACESETUP(r3, 0x1276, 0x0)

49.946126ms ago: executing program 5 (id=735):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001800dd8d000200000000000002000000000037050000000006001500020000001400168010000880"], 0x38}}, 0x0)

3.87707ms ago: executing program 1 (id=736):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
readlinkat(r7, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=""/147, 0x93)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r9}, 0x3d)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r10}, 0x3d)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r3, r8, 0x0, 0x7fffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000001c0)={'gretap0\x00', <r11=>0x0, 0x8, 0x8000, 0x1ff, 0x1, {{0x12, 0x4, 0x2, 0x1b, 0x48, 0x67, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, {[@noop, @generic={0x83, 0xa, "2d696f3b736330c9"}, @noop, @rr={0x7, 0x7, 0xb7, [@remote]}, @generic={0x94, 0x6, "1e6133f3"}, @timestamp={0x44, 0x18, 0x19, 0x0, 0xb, [0x2, 0x6, 0x7fffffff, 0x401, 0x1]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000004c0)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl0\x00', r11, 0x10, 0x7, 0x8, 0x10000, {{0x10, 0x4, 0x0, 0x3, 0x40, 0x64, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@ssrr={0x89, 0x1b, 0xc8, [@dev={0xac, 0x14, 0x14, 0x25}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback, @remote, @dev={0xac, 0x14, 0x14, 0x14}]}, @lsrr={0x83, 0xb, 0xe6, [@multicast1, @dev={0xac, 0x14, 0x14, 0x2e}]}, @noop, @lsrr={0x83, 0x3, 0x2a}]}}}}})

3.61492ms ago: executing program 5 (id=737):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10)
syz_io_uring_setup(0x5b24, &(0x7f0000000340)={0x0, 0x1b2c, 0x2}, 0x0, 0x0)

0s ago: executing program 5 (id=738):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000fc0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xe, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000003d80)=ANY=[@ANYRES64=r2, @ANYRES64=0x0, @ANYRESOCT=r0, @ANYRES32=r1, @ANYBLOB="8190ec87e308603f2ae9d42e10744e60957da896ac0b008bc5da9bf008b827fff5fda14c3b879c464d7ad12c3b912d1abfc05c340bbd8ba5b5422a4f986c0cf9e41ff45b64c73883f7ea5c9dc92c7a37f3902c1da264641e4bc123e7abf04a6bfda8f041ef551f4ae978cfe46f09de6b6cfff7f277319d33f9b1dbb77eebb55ae8a405261ae334161baa9074ac07fa8ff845b9866fed1a82d22720628441222b703973957f404905667ae98d13fe9b43bdc6b5b4a3a42647b07ef477e0bd51fca181514157796ab950b6a9bda6efa5dd61106a718a623d1e1a818b1cd02d9bc114fb7bcbf7c6a31c9f540b8d657575f07e7baa0de136b24b17d6998e3772cdc1f664b46025d4e2f5ba237b83eaaa25f69ec5e77cd7b8ab9cc35f77fe9b2787709e34aed9b051ffb94b1d304b5c9429e258cbf29a6ce625122d1613131c652baa9d70cb185e665d2c0532aae2cad48d170a256b2ef336c53bf43ff0c1c000fa2417b6ef2999e34a5c46456be618fcb89c73cdf3731792e63d51894eb1e0e6cce2c7fbadd708877e6030807627f5a854dd764c675e612f2501eec1919baca29846185c6270169ad26b2937b4556c3282b3852493690d323698053d5137546919bf2ef66c91d9e304170c0f01ff01da37bb696149cb3086ff5077f5453bdb178316e7108cd3a5e3c27974000067c28f4e600eb5c03d7b6e4c46b52f3ccaafbfee5213dbac0b6cf52b72445707ce0753080af6545b153dd5fe717aa2344ce140551aed47d257b52df802f409594a4025db6b1f93748cda370d3398cd5ca15b869934a884b631fa37200337de59e0fb789fd4ae3b4f4ba14c75e1fec0950fbac4340ea7f6ad4e365475f025c96e00360f6190a1bf4c9c35996e0f37e235749f40fbae99141a2efab3d933b822b68a430e008ca22330b895932c33a25ad00e9301a138fc6ba8cc269ab31ceb4a5e5ac826da8bd7447a04d47bb81d2c4c1f5f45b79e805c766582be2c7d1f10d522c04033d586be25e9e4c27717fdc9e8c780eab7351f606e8763af649c1bfa086af143d5a67c5ba196fbc1bf6695a1946384a9e4bbbf99814a407ec474b2c09fbd4fc84b02ab18c9904fb0933ddbf038cee78b5850aa8c4796b38fa88f4e28245fda3c861eb62a57b95cb9f24c128480262977dce7ef669a5f6c537d53ad88a45bc116d17618af52929867ad8238d9d16c9153c9399538629c752083422f0579447fb9e0bbd3d48f738407e2f039509cc70927bd80ffc45099fced3453b92c682d9208c82254798caf861520c6064acb36d3ef6eb89efc6e3b8f1ff2c032664d3d9ae22019ac5e67999c02ecd6a75bdb0b1e5ac24bf142c66e13e71ed8ff639832375cfe53124d50ea7c15a469cfa85f8702a70d159c826cfdf26b41d7477d400fbd283f94ab6cc7cde993d4658adc8ba31793dc1bbfd9be11ad95932b8fcc55ead0b72c9841e32deb5873b45d7af012d611b9e20a30a2845a6933b5ab49ebf138d0c2c314b90cd513c63a8ef806446d5f3af1c09c05c6b72b5f407b6cc01384e7e8b9c63cf5a527d8dadb9fc409ddc46e0a8105238af35c5eff8d921fc68fe0a074e55cd330ea9378d94b1ef5bcd139c625c00efba91ba6e628b2ffe4e543a9e7082f02289f9239dd7334fb68eb87880a8918a2fccbd930bdaabe3523fee4a4ac324b8e4267d94cb9dcdb94d4bef3fb5cf75f172fc1a30bb6d0f078dcfb70c9db412ebc53edb08f63a4ad552e0fe2980cd17858aced27677fe530eed822f25fe9ca10a79ab8bfb225938697747aa24d4ea3beca7790161493f38446f050d53ae66b3e6d67f20453c2e6284eb158dcecb52f8755acf5b748afaa84f1d46d4f12d316448e68c9568c681de14bb27431b2722287f7e274289439c22ad6aaf20eaf5fa20f983df8a65cb2ec1fa6110d55760891cd7485d677ef68569f4f5285a89a14365583b03b5383ac0f92ca6d0fff5ec72ccc35065f7780470781da6d1de1311403abdec42600d4039f1bfe12686569d25fe416f28f3af2a530f188a8f18fe24a215a8ebaac1e6cc82557416efcd05135fffb85247bca75c1d9601dc4da38377b15d71aea03501690bdb2e1b12c9738d303feafbb183d498c50d8000f5a78102a15999bac2679d6ee9405f7f522ed2832d839c9459627fb41448646cadbc8dfe831c4d876d5f7b0b196e05aed4c2ce059412e895faab97267a904004e14f00e24112eda67f945a1c4c54eeec07dccd6147a245a2bea35547ed35eb89330b5416f9b611ba34f3cf67dcc979061867eb2c6f27e2b5716b6b80948804a36de633f46bfbd65b569046247dc0bfdc942977eabce1860b453bfaeede0c43e145901372e8aefe0ef13358a4681967ae0b28b406b05c348e48bdd2c34431b87be25ec4d528b25210c97b612cd80d0b59185b5feedcb267d18ae097d6b55b77607fddd70c61a5bceb50e0e424f0cf856da9614ff5c3b24d2c305aa363e43bc96c6f5d57f400206274e4e521abdc14b41ec97e3839942b7966686573681acca29f5dac69a5a7e677c311fe3e1d71dd95a05bdd724d74748f39919e1ae80a10ebd565e16072188fd82770f391c1714ff321030adfddf9c69dbc78e61c586f4b32710b2dcb6a02522be13ea9d5be7046bd333367e03e52e65d9acba64d0ea021288e136c1641d0560e61d5b6a799e329732a312ca186ece15695a6cb1b30dcccddf6b19546b95f05d812a0bdf28ccce2b77b3460b735ab581d25518a76e4d7158406cef61eae37b9e01408be8901953ea2d95149cf5de1fffabf883861e696dd0233b3a1fca34434fd7b96c32b58cfe202585065ca49c9250622e2c8e554ad1e66573bbc72802081ae9f9c4daadd65a41cefe2c5ea8de2518f8b68840f74baf49f4327c792ea4f4d1724285f21f5cd8ee3826c52bfc9a55038bf7fb95a4bb383b9d353ef4523aaf6233f7e92f726b3283c0e9ee97e90b2037b89ab559c66df0150f8d8841d7137937160141654f598ceba849fedb0f8fdaef68553ae5df9f6d4b35affb166735a907dbafa46a1566ca5d00d40d171aa54c8fbf90d7ced122a332e5469320ef2a9ca87c63a00d76785bbb8d5c38ef69e6ba4a886c605f5efb2a87bea768887b0ebcd12521920e253be401b9c7eaa228dd62a6f517f743f1d8999e200bf853e2b59b84b414fce6cefb756a9965d3b9cb994da3042a781a2095503d347e863e8a2f8b733f7563b7d4d6e14bc717fefc322ec651fe74d6f10ef1f2e200f4ea79b0330346248f6c9b0d781c65db79e77a67faca71ea204b025e75144ef5360336f117f624b899063ee5b1b38e1634493d518e5e822638a1206eb528c949b5bf6dd8eb11478506ecd01787b83101a6710bda1aca0f9e9d5878e6fc24b6e1821099358df6562088391bbdfc79c850f28620edaf7e9da0f49152ebb77587b35feb1539a2a3ce06cfcaf3e5e522d64216f391008b9477700ac465946b2c83cb4039ee908f09795e7309bb476366febbf4266c6daa74957ddf8662f8274e6ce2f0884fbf2d3d49c4518170e12470cc4133d511c1b0ca05df21c6b0f39bc854d5b3ba3e4ebbf6cece0f0aa0e7eec1c7f07b8afa9840b15ec9571dd205452f22b8b779e8e0adccc7918a5c660a61dc1f771490e057cf33af3fa8168b057a483fa01599b2afaa49a22a5753018e5d9539d4fc92a8d284675853e5275b89b6971902d2fb71405aa8477beb134ff7c8f7f7c77514674bfd0409fd0e47e41bc6d0ac637d209fb0ceec3d52239078d4beea5cdda7ae0d338b91824d1b1eddd6f63817fd8ee7d95a9d11b1948a2403be1e3a3671a2f6d42059d95b68bb299061d6fb3263cb58cba47ac3ab79b26f14bf2057d4cdca1b487d6a7e71cf9858e85ab4ae9badb60a8da116b14f45214a9bc9c3844e41ef08a3f50bbcfdda9b1f539384565612d553c43b5e594668802f3c294f5656b10da2232409067f3a2e6e699c1176806f580306095412d67f5b65420ee947e8e9a359a1c64254c1df89cd4e3fa4fffd2a6f677395f354e8c43b8ee5867ae5e2a473ce644bfc4e4ecda3727397de9acab85b3b1dd85ef8a6ceb69dfc326a025f3001ce2e9f07aba7bc51dc2141eaaaf8ebb2efc59b4f4429996aaa555c372bac264bf887997b40d65d9d25efede80de093e1dda02429b04a1b535a038e8a854e4b46cc3867b81f38ea36ab92b9e6e784eb3010cec031a05f62558b40171907fcd8d4d732e66f8a6148d22a5610e3d63857de6351d673c19efa08b316e5d47dff8e34d6f83d1fb35244d67435533f4a38ae2c04414698d9c3cda48f0539b55a996d06665450cfd6ca512ce6c3a755d22196eafb33b22d8264f244e9b5cd0210317596c470b07dea90b605be5e6a5c5629d972f219cf048c181361f9af72af704130008129245ff834098aec82804fceba955fb11d2042ca1c5dd844596158a68a454355d35e89bcc1feec89a242618cba17aaeaafdb6cce3d3118b8e7821d0a220c7c924795cfff83d1aff6afcfa476cbc2c0fea732e31d6b2db09eb34c8222e2dd2589b0248b82032f43afe3ba26a3872046b80c920f009b24fd86a35ab0deaffa00985cccc53a9d6eaa39a707e8c66a7af9748701d2acdc84d94afe15fb40b4e005eb96dd67f50fba18e68a0c1deb7a8e750d31954fd148dc68d932538d75bcdba401259a1ff4427ef735f0db34e7be65c5d20ace137b4f7cc140a5e4fe2aa0ecb233799e319f52fd4b2c436a7c9ebee87f24658761cc2fb200a18821efab9719e115e7258b0166b332b48c34c905831683c5bc877ea660b439c615d1d6a580c73882d62627c1054acc41e06bd8d815e348495e27705f3c1d642e988c894a755d714bb0f1302daec6ff67f78c821a359174f0273ae9b7c3bf60947d29b5871b3f902549a38031ea0f9f243592e74ddb3d1843610f1d3251bacd3fe24dbc86d488ef7458133eb7bced001ec78d05a8ca61e9c534ab10eed30819ff96de3294edb672810e0241a90a79a9c838e622dcd395bda50fc08db11162151c7514916b36c15aad74e9b587bb7e88fb92183b1161edeb73c1563a7f56970a384c0ae331c0933cf7b9795975c322a6175189bb36817e4f0409ec5fd09a5ab1611118e77b2cf2be7861853ab411052636f4c76c2759c31e225b7fff4fcf0a4338ed428f62738a7cd8168c5e48f78d9afc6d6aa4f83c6ac36b3504a98cb44933820ee37b094daca7b9fadb12001541dbc299f4e2b324e8508a1bb47d48400fc0afdaa7fdc34b35129e1487331ec14dace215ccf86f1c7af1ae458c6e9c8fc253f9858e3872921e92eba1ebccde303d44708244da779d7e729f50c4e27be9d5a5e8a1e59727b546f4305b04ab94bf83fec8cf3a55fe56adb41ab3f220add7bb185d15bb0904b9f91e6eca9b4391e15412f8d69bb7198c7d7a664084ea51abb9052b5643f7ea0b6286473f8691d8ee00d1b13f35d04dabba07c4f98c2635f99c6da52d4cca6f178769e6e171e26e8ab2413b6e2f036209a100f00eb056839079de588a813d2903fec443bd7b7342cdc63f3314222a4dc7385d86a72907aec5b9cd40e16c9544e4ee9e3c0967a4fb89ff7677ed8b813af2cdd00d405ca841b216e364e4889f79cc06fd37b0a7b6e4fc73c44ce3a3ad80dacffbcf26922d93d2fb14c1b4ec71783754fdc7d56d4d73e65c0434645e664e55db68f113124a08fc946cdcfc0b8f50d50eca229180f29042e83d9d742400ccb92a371c6a45bc6e541f187bf284c2703de7d2febd33230abc77df4d", @ANYRESOCT=r3, @ANYRESDEC=r0, @ANYBLOB="b6902ae551a6648c340aad40915ab459f678b2f54f00d7d74dc7551b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060500000000000000000001000006050004000100000011000300686173683a69702c706f7274000000000c000780050003000a0000000510050002000000050005000100000012000300686173683a6e65742c706f7274000000"], 0x60}}, 0x4008004)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000140)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x445, &(0x7f0000000200)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240), 0x5a)
write(r7, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c48f52a50185980", 0x30)
sendfile(r7, r5, 0x0, 0x3ffff)
sendfile(r7, r5, 0x0, 0x7fffeffd)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x19, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r8 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$iso9660(&(0x7f0000002900), &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f00000002c0)=ANY=[], 0x1, 0x5b1, &(0x7f0000001000)="$eJzs3MFv29YZAPDHxK4NBwsGFGvSNEDZtIfsEFeSFwdGBywaTdtsJVEg5cI5DcXiZMHsblg2YMmly6VDgQ077bz1utOO+6d62T/ggRLlybIzuWkbZcDvB8TvUfzI9z2C4QcRIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKJks9FoRqGT9Xb34udLNou8e7y0EKbXj/f3rxPNCYsTf0MUQlT9C8vL4eroo6uv/zf2B9WfG+HKaOlKWK6a5fD00hvf/+D1hQvVhotRdCqLl+3xk6e//OTgYP83X2Obo6Ojz6rZfIdpvTTbaS8r86zb3k7jrMzjjfX1xvs7W2W8lXXS8l45SLtxUqTtQV7EN5O7IYSNtThdvZfv9rY32500vpn8MG5ubNy51Wo01uMPV/tpuyjz3vsfrpbJTtbpZL3tYUy1+lbr7XCnOhE/ygbxIG134/jBo4P9tVlJVkHN8wS1ZgW1Gq1Ws9lqNddvb9y+02gs12fr8QcLjSlhepOF+Z+0vHSv1SfKcGF8jXvtW7uIwws6Sv4y7xQAAACA71g0vMceDe/LXx32trJO2jgRcxTNLT0AAADgWzD8an+lvgEQwtUQnf7+DwAAAPx/+/u4c+YzdiGKQtlfisaPqvT33osO21WvfXhx9NHF6T0Otq5Fl+udDJv1hXopSa9Hb46C3hxHf1U3D57/rN8/Q5VHVBSL0bNvlkD4U7g2irl2f9TeH68ZzXZlK+ukq0ne+aAZ2u3LFwbp3uB3nz76fQhFcXTxi173chQePDrYX/35rw7uD3N5Vu3l2WH9C4lTP5Q4mctSmMjlt8fPPdYzvnvyyC8Ob8RUs/6i110ZjduYnP+F0eYXvsb8Pw9vjWLeWhm1Kyfnv1yN2Vw9Y/aTWTT7e+8t1YOdc+ZTWVwfxVy/OTyx3r1Zr1mcyKI1K4vW5PF/oWNxnMW7J7KYPBZrs7JY+4ZZAMzLg+kqdKr+n6q7L3CV+x/VvRqlKuEzq/svZo7yeXhnFPPOtYW6Il0MYeqK3ph1RW+cs66HcHYW/wg3/vbXEHbDjXHw82psNe6fT1TV6PDLaoMvT4/7h1FT/vvhzqWqs3T46/DG4ydPbz06/OTh/sP9T1uttfXGjxqN262wOJxG3ag9AJwhLb6KVgZ/jIoi6/+subHRbA920rjIk4/iItvcTuOsN0iLZKfd207jfpEP8iTvVJ2Ps820jMvdfj+vKklexP28zPaGb36J61e/lGm33RtkSdnvpO0yjZO8N2gng3gzK5O4v/vTTlbupEW8lRdx2U+TbCtL2oMs78Vlvlsk6Wocl2k6EZhtpkefhZBV3V7cL7Juu7gXf5x3drtpvJlW1bI/yKNQ7XA8VtbbyovucLer8z7YAPCKeBzqN9gdv8ru8U/Gq56cWnVmJyzPiJnzFAGAKdNVemneCQEAAAAAAAAAAAAAAKdMPq734/qVPud77O+V7dy9dNaqt+ef2GQnhLDwCqShc87O8quRxmL93/ZF9xOFEGYHf6+KmedVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO9p8AAAD//0n5kWY=")
r9 = socket$unix(0x1, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000280)=[{0x6, 0xbd, 0x0, 0x7fff0006}]})
syz_usbip_server_init(0x1)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x7, 0x0, 0x0, 0x7fff0006}]})
bind$unix(r9, 0x0, 0x0)
sendmsg$netlink(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=r10, @ANYBLOB="02e3275a", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r11 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r11, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)

kernel console output (not intermixed with test programs):

  T29] audit: type=1326 audit(1754806681.208:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3903 comm="syz.3.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.770331][   T29] audit: type=1326 audit(1754806681.408:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.793742][   T29] audit: type=1326 audit(1754806681.408:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.817019][   T29] audit: type=1326 audit(1754806681.408:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.837553][ T3922] loop3: detected capacity change from 0 to 512
[   42.840255][   T29] audit: type=1326 audit(1754806681.408:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.869761][   T29] audit: type=1326 audit(1754806681.408:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.893040][   T29] audit: type=1326 audit(1754806681.408:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.895137][ T3922] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   42.916187][   T29] audit: type=1326 audit(1754806681.408:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3917 comm="syz.3.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   42.962042][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.979149][ T3922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   42.998524][ T3922] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.073529][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   43.091424][ T3940] loop0: detected capacity change from 0 to 1024
[   43.091712][ T3942] sctp: [Deprecated]: syz.1.165 (pid 3942) Use of struct sctp_assoc_value in delayed_ack socket option.
[   43.091712][ T3942] Use struct sctp_sack_info instead
[   43.119752][ T3940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.136171][ T3940] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.163076][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.240492][ T3955] tipc: Started in network mode
[   43.245443][ T3955] tipc: Node identity ac14140f, cluster identity 4711
[   43.262534][ T3955] tipc: New replicast peer: 255.255.255.255
[   43.268713][ T3955] tipc: Enabled bearer <udp:syz2>, priority 10
[   43.421338][ T3964] sd 0:0:1:0: device reset
[   43.484269][ T3967] loop3: detected capacity change from 0 to 256
[   43.608185][ T3973] Invalid option length (0) for dns_resolver key
[   43.633736][ T3973] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   43.724388][ T3970] lo speed is unknown, defaulting to 1000
[   43.785615][ T3981] sctp: [Deprecated]: syz.3.178 (pid 3981) Use of struct sctp_assoc_value in delayed_ack socket option.
[   43.785615][ T3981] Use struct sctp_sack_info instead
[   43.843833][ T3970] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.916727][ T3987] syzkaller1: entered promiscuous mode
[   43.922326][ T3987] syzkaller1: entered allmulticast mode
[   44.149862][ T3994] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=108 sclass=netlink_audit_socket pid=3994 comm=syz.3.181
[   44.164579][ T3996] netlink: 36 bytes leftover after parsing attributes in process `syz.4.183'.
[   44.180253][ T3996] loop4: detected capacity change from 0 to 512
[   44.198666][ T3996] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   44.209939][ T3996] EXT4-fs (loop4): 1 truncate cleaned up
[   44.215965][ T3996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.361671][ T4003] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[   44.368330][ T4003] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   44.375930][ T4003] vhci_hcd vhci_hcd.0: Device attached
[   44.397220][ T1033] tipc: Node number set to 2886997007
[   44.427665][ T4003] netlink: 'syz.4.183': attribute type 27 has an invalid length.
[   44.661419][ T3403] usb 9-1: new low-speed USB device number 3 using vhci_hcd
[   44.856720][ T4024] netlink: 'syz.2.192': attribute type 21 has an invalid length.
[   44.898248][ T4024] loop2: detected capacity change from 0 to 2048
[   44.928722][ T4024] EXT4-fs (loop2): failed to initialize system zone (-117)
[   44.938901][ T4024] EXT4-fs (loop2): mount failed
[   44.965251][ T4024] rdma_op ffff8881231c7180 conn xmit_rdma 0000000000000000
[   45.010112][ T4033] loop3: detected capacity change from 0 to 512
[   45.017316][ T4004] vhci_hcd: connection reset by peer
[   45.022866][  T294] vhci_hcd: stop threads
[   45.027323][  T294] vhci_hcd: release socket
[   45.031814][  T294] vhci_hcd: disconnect device
[   45.038763][ T4033] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.051497][ T4035] loop2: detected capacity change from 0 to 1024
[   45.058109][ T4033] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   45.068956][ T4035] EXT4-fs: Ignoring removed nobh option
[   45.074629][ T4035] EXT4-fs: inline encryption not supported
[   45.211160][ T4035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.226201][ T4035] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.196: Allocating blocks 385-513 which overlap fs metadata
[   45.341934][ T4041] lo speed is unknown, defaulting to 1000
[   45.611442][ T4041] netlink: 32 bytes leftover after parsing attributes in process `syz.3.195'.
[   45.814021][ T4047] loop1: detected capacity change from 0 to 1024
[   45.836158][ T4047] EXT4-fs: Ignoring removed nobh option
[   45.841890][ T4047] EXT4-fs: inline encryption not supported
[   45.849370][ T4047] /dev/loop1: Can't open blockdev
[   45.875233][ T4034] EXT4-fs (loop2): pa ffff888106dd0b60: logic 16, phys. 129, len 24
[   45.883290][ T4034] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   45.915561][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.937433][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.954965][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.100458][ T4067] geneve2: entered promiscuous mode
[   46.105732][ T4067] geneve2: entered allmulticast mode
[   46.136525][ T4073] netlink: 28 bytes leftover after parsing attributes in process `syz.4.209'.
[   46.149478][ T4073] sd 0:0:1:0: device reset
[   46.180553][ T4077] loop0: detected capacity change from 0 to 1024
[   46.187761][ T4077] EXT4-fs: Ignoring removed nobh option
[   46.193388][ T4077] EXT4-fs: inline encryption not supported
[   46.200016][ T4079] netlink: 36 bytes leftover after parsing attributes in process `syz.4.212'.
[   46.209338][ T4077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.222252][ T4079] loop4: detected capacity change from 0 to 512
[   46.227571][ T4077] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.211: Allocating blocks 385-513 which overlap fs metadata
[   46.229332][ T4079] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   46.255230][ T4079] EXT4-fs (loop4): 1 truncate cleaned up
[   46.261642][ T4079] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.392105][ T4084] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[   46.398741][ T4084] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   46.406307][ T4084] vhci_hcd vhci_hcd.0: Device attached
[   46.413135][ T4084] netlink: 'syz.4.212': attribute type 27 has an invalid length.
[   47.007858][ T4075] EXT4-fs (loop0): pa ffff888106dd0a80: logic 16, phys. 129, len 24
[   47.015929][ T4075] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   47.052870][ T4085] vhci_hcd: connection closed
[   47.055795][   T51] vhci_hcd: stop threads
[   47.064888][   T51] vhci_hcd: release socket
[   47.069417][   T51] vhci_hcd: disconnect device
[   47.118343][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.471293][ T4124] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4124 comm=syz.0.227
[   47.532434][ T4130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.229'.
[   47.565644][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.607353][   T29] kauditd_printk_skb: 244 callbacks suppressed
[   47.607373][   T29] audit: type=1326 audit(1754806686.248:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.1.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   47.637109][   T29] audit: type=1326 audit(1754806686.248:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.1.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   47.668267][ T4138] netlink: 'syz.0.233': attribute type 13 has an invalid length.
[   47.680903][ T4138] gretap0: refused to change device tx_queue_len
[   47.687861][ T4138] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   47.709615][   T29] audit: type=1326 audit(1754806686.348:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4139 comm="syz.1.234" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f172e53ebe9 code=0x0
[   47.759963][ T4144] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   47.843941][   T29] audit: type=1400 audit(1754806686.478:827): avc:  denied  { connect } for  pid=4139 comm="syz.1.234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   48.064038][ T4153] loop2: detected capacity change from 0 to 512
[   48.072745][ T4151] netlink: 24 bytes leftover after parsing attributes in process `syz.0.238'.
[   48.091555][ T4153] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[   48.099884][ T4156] FAULT_INJECTION: forcing a failure.
[   48.099884][ T4156] name failslab, interval 1, probability 0, space 0, times 0
[   48.100047][ T4153] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #13: comm syz.2.239: iget: bad i_size value: 12154757448730
[   48.112565][ T4156] CPU: 1 UID: 0 PID: 4156 Comm: syz.3.240 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   48.112601][ T4156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   48.112619][ T4156] Call Trace:
[   48.112629][ T4156]  <TASK>
[   48.112642][ T4156]  __dump_stack+0x1d/0x30
[   48.112673][ T4156]  dump_stack_lvl+0xe8/0x140
[   48.112771][ T4156]  dump_stack+0x15/0x1b
[   48.112793][ T4156]  should_fail_ex+0x265/0x280
[   48.112823][ T4156]  should_failslab+0x8c/0xb0
[   48.112859][ T4156]  __kvmalloc_node_noprof+0x123/0x4e0
[   48.112912][ T4156]  ? alloc_fdtable+0xbd/0x1d0
[   48.112955][ T4156]  ? __kmalloc_cache_noprof+0x22e/0x320
[   48.112998][ T4156]  alloc_fdtable+0xbd/0x1d0
[   48.113045][ T4156]  dup_fd+0x4c7/0x540
[   48.113126][ T4156]  copy_files+0x98/0xf0
[   48.113166][ T4156]  copy_process+0xc5b/0x2000
[   48.113275][ T4156]  kernel_clone+0x16c/0x5c0
[   48.113318][ T4156]  __se_sys_clone3+0x1c2/0x200
[   48.113374][ T4156]  __x64_sys_clone3+0x31/0x40
[   48.113504][ T4156]  x64_sys_call+0x1fc9/0x2ff0
[   48.113596][ T4156]  do_syscall_64+0xd2/0x200
[   48.113635][ T4156]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.113671][ T4156]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   48.113744][ T4156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.113774][ T4156] RIP: 0033:0x7f6b1967ebe9
[   48.113795][ T4156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.113820][ T4156] RSP: 002b:00007f6b180def08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[   48.113847][ T4156] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f6b1967ebe9
[   48.113865][ T4156] RDX: 00007f6b180def20 RSI: 0000000000000058 RDI: 00007f6b180def20
[   48.113914][ T4156] RBP: 00007f6b180df090 R08: 0000000000000000 R09: 0000000000000058
[   48.113932][ T4156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   48.113949][ T4156] R13: 00007f6b198a6038 R14: 00007f6b198a5fa0 R15: 00007ffdc86fa598
[   48.113975][ T4156]  </TASK>
[   48.171171][ T4158] netlink: 36 bytes leftover after parsing attributes in process `syz.3.241'.
[   48.177034][ T4153] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.239: couldn't read orphan inode 13 (err -117)
[   48.187012][ T4158] loop3: detected capacity change from 0 to 512
[   48.192914][ T4153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.198771][ T4158] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   48.209463][   T29] audit: type=1400 audit(1754806686.838:828): avc:  denied  { create } for  pid=4152 comm="syz.2.239" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   48.396144][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.407379][ T4158] EXT4-fs (loop3): 1 truncate cleaned up
[   48.413374][ T4158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.435262][   T29] audit: type=1326 audit(1754806687.068:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4162 comm="syz.4.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   48.458624][   T29] audit: type=1326 audit(1754806687.068:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4162 comm="syz.4.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   48.481949][   T29] audit: type=1326 audit(1754806687.078:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4162 comm="syz.4.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   48.505215][   T29] audit: type=1326 audit(1754806687.078:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4162 comm="syz.4.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   48.528471][   T29] audit: type=1326 audit(1754806687.078:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4162 comm="syz.4.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   48.575532][ T4167] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[   48.575678][ T4172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[   48.582188][ T4167] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   48.582335][ T4167] vhci_hcd vhci_hcd.0: Device attached
[   48.642131][ T4181] loop1: detected capacity change from 0 to 512
[   48.650257][ T4167] netlink: 'syz.3.241': attribute type 27 has an invalid length.
[   48.670501][ T4181] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.688021][ T4181] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.741509][ T4173] vhci_hcd: connection closed
[   48.741685][   T51] vhci_hcd: stop threads
[   48.746265][ T4186] netlink: 4 bytes leftover after parsing attributes in process `syz.0.249'.
[   48.746414][   T51] vhci_hcd: release socket
[   48.756941][ T4186] bridge0: entered promiscuous mode
[   48.759509][   T51] vhci_hcd: disconnect device
[   48.765567][ T4186] bridge0: port 3(macvlan2) entered blocking state
[   48.780537][ T4186] bridge0: port 3(macvlan2) entered disabled state
[   48.787208][ T3383] vhci_hcd: vhci_device speed not set
[   48.796760][ T4186] macvlan2: entered allmulticast mode
[   48.802213][ T4186] bridge0: entered allmulticast mode
[   48.809063][ T4186] macvlan2: left allmulticast mode
[   48.814197][ T4186] bridge0: left allmulticast mode
[   48.822808][ T4186] bridge0: left promiscuous mode
[   48.939846][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.268064][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.348275][ T4244] netlink: 36 bytes leftover after parsing attributes in process `syz.2.253'.
[   49.360136][ T4244] loop2: detected capacity change from 0 to 512
[   49.367265][ T4244] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   49.379049][ T4244] EXT4-fs (loop2): 1 truncate cleaned up
[   49.385438][ T4244] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.519273][ T4249] netlink: 'syz.2.253': attribute type 27 has an invalid length.
[   49.746959][ T3403] usb 9-1: enqueue for inactive port 0
[   49.752674][ T3403] usb 9-1: enqueue for inactive port 0
[   49.838445][ T3403] vhci_hcd: vhci_device speed not set
[   50.011439][ T4264] FAULT_INJECTION: forcing a failure.
[   50.011439][ T4264] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.024637][ T4264] CPU: 1 UID: 0 PID: 4264 Comm: syz.1.260 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   50.024671][ T4264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   50.024740][ T4264] Call Trace:
[   50.024747][ T4264]  <TASK>
[   50.024756][ T4264]  __dump_stack+0x1d/0x30
[   50.024781][ T4264]  dump_stack_lvl+0xe8/0x140
[   50.024803][ T4264]  dump_stack+0x15/0x1b
[   50.024821][ T4264]  should_fail_ex+0x265/0x280
[   50.024923][ T4264]  should_fail+0xb/0x20
[   50.024942][ T4264]  should_fail_usercopy+0x1a/0x20
[   50.024966][ T4264]  _copy_to_user+0x20/0xa0
[   50.024997][ T4264]  simple_read_from_buffer+0xb5/0x130
[   50.025088][ T4264]  proc_fail_nth_read+0x10e/0x150
[   50.025124][ T4264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   50.025161][ T4264]  vfs_read+0x1a8/0x770
[   50.025183][ T4264]  ? __rcu_read_unlock+0x4f/0x70
[   50.025206][ T4264]  ? __fget_files+0x184/0x1c0
[   50.025234][ T4264]  ksys_read+0xda/0x1a0
[   50.025289][ T4264]  __x64_sys_read+0x40/0x50
[   50.025348][ T4264]  x64_sys_call+0x27bc/0x2ff0
[   50.025376][ T4264]  do_syscall_64+0xd2/0x200
[   50.025412][ T4264]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.025441][ T4264]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   50.025474][ T4264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.025550][ T4264] RIP: 0033:0x7f172e53d5fc
[   50.025566][ T4264] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   50.025588][ T4264] RSP: 002b:00007f172cfa7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   50.025612][ T4264] RAX: ffffffffffffffda RBX: 00007f172e765fa0 RCX: 00007f172e53d5fc
[   50.025626][ T4264] RDX: 000000000000000f RSI: 00007f172cfa70a0 RDI: 0000000000000005
[   50.025638][ T4264] RBP: 00007f172cfa7090 R08: 0000000000000000 R09: 0000000000000000
[   50.025689][ T4264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.025705][ T4264] R13: 00007f172e766038 R14: 00007f172e765fa0 R15: 00007ffe3370b3f8
[   50.025729][ T4264]  </TASK>
[   50.272982][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.508946][ T4284] netlink: 32 bytes leftover after parsing attributes in process `syz.2.267'.
[   50.731664][ T4297] netlink: 36 bytes leftover after parsing attributes in process `syz.0.273'.
[   50.760004][ T4297] loop0: detected capacity change from 0 to 512
[   50.775652][ T4303] netlink: 28 bytes leftover after parsing attributes in process `syz.4.276'.
[   50.781765][ T4297] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   50.798620][ T4305] loop2: detected capacity change from 0 to 128
[   50.817398][ T4297] EXT4-fs (loop0): 1 truncate cleaned up
[   50.823578][ T4297] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.826671][ T4305] tmpfs: Unknown parameter 's´Ñ²î^ '
[   50.955711][ T4313] netlink: 'syz.0.273': attribute type 27 has an invalid length.
[   50.997901][ T4315] FAULT_INJECTION: forcing a failure.
[   50.997901][ T4315] name failslab, interval 1, probability 0, space 0, times 0
[   51.010605][ T4315] CPU: 0 UID: 0 PID: 4315 Comm: syz.2.279 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   51.010640][ T4315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   51.010656][ T4315] Call Trace:
[   51.010663][ T4315]  <TASK>
[   51.010671][ T4315]  __dump_stack+0x1d/0x30
[   51.010697][ T4315]  dump_stack_lvl+0xe8/0x140
[   51.010733][ T4315]  dump_stack+0x15/0x1b
[   51.010747][ T4315]  should_fail_ex+0x265/0x280
[   51.010766][ T4315]  should_failslab+0x8c/0xb0
[   51.010788][ T4315]  kmem_cache_alloc_node_noprof+0x57/0x320
[   51.010814][ T4315]  ? __alloc_skb+0x101/0x320
[   51.010944][ T4315]  __alloc_skb+0x101/0x320
[   51.011009][ T4315]  netlink_alloc_large_skb+0xba/0xf0
[   51.011095][ T4315]  netlink_sendmsg+0x3cf/0x6b0
[   51.011239][ T4315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   51.011257][ T4315]  __sock_sendmsg+0x142/0x180
[   51.011282][ T4315]  ____sys_sendmsg+0x31e/0x4e0
[   51.011392][ T4315]  ___sys_sendmsg+0x17b/0x1d0
[   51.011424][ T4315]  __x64_sys_sendmsg+0xd4/0x160
[   51.011447][ T4315]  x64_sys_call+0x191e/0x2ff0
[   51.011544][ T4315]  do_syscall_64+0xd2/0x200
[   51.011567][ T4315]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   51.011588][ T4315]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.011610][ T4315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.011716][ T4315] RIP: 0033:0x7fe260b0ebe9
[   51.011729][ T4315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.011744][ T4315] RSP: 002b:00007fe25f56f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   51.011760][ T4315] RAX: ffffffffffffffda RBX: 00007fe260d35fa0 RCX: 00007fe260b0ebe9
[   51.011771][ T4315] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[   51.011790][ T4315] RBP: 00007fe25f56f090 R08: 0000000000000000 R09: 0000000000000000
[   51.011800][ T4315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.011810][ T4315] R13: 00007fe260d36038 R14: 00007fe260d35fa0 R15: 00007ffdf20a7a18
[   51.011871][ T4315]  </TASK>
[   51.425899][ T4335] netlink: 28 bytes leftover after parsing attributes in process `syz.3.289'.
[   51.450647][ T4337] FAULT_INJECTION: forcing a failure.
[   51.450647][ T4337] name failslab, interval 1, probability 0, space 0, times 0
[   51.463360][ T4337] CPU: 1 UID: 0 PID: 4337 Comm: syz.1.288 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   51.463399][ T4337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   51.463415][ T4337] Call Trace:
[   51.463421][ T4337]  <TASK>
[   51.463430][ T4337]  __dump_stack+0x1d/0x30
[   51.463455][ T4337]  dump_stack_lvl+0xe8/0x140
[   51.463479][ T4337]  dump_stack+0x15/0x1b
[   51.463548][ T4337]  should_fail_ex+0x265/0x280
[   51.463572][ T4337]  should_failslab+0x8c/0xb0
[   51.463603][ T4337]  kmem_cache_alloc_noprof+0x50/0x310
[   51.463684][ T4337]  ? audit_log_start+0x365/0x6c0
[   51.463782][ T4337]  audit_log_start+0x365/0x6c0
[   51.463816][ T4337]  audit_seccomp+0x48/0x100
[   51.463842][ T4337]  ? __seccomp_filter+0x68c/0x10d0
[   51.463863][ T4337]  __seccomp_filter+0x69d/0x10d0
[   51.463928][ T4337]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   51.463956][ T4337]  ? vfs_write+0x7e8/0x960
[   51.463977][ T4337]  ? __rcu_read_unlock+0x4f/0x70
[   51.464006][ T4337]  ? __fget_files+0x184/0x1c0
[   51.464090][ T4337]  __secure_computing+0x82/0x150
[   51.464111][ T4337]  syscall_trace_enter+0xcf/0x1e0
[   51.464136][ T4337]  do_syscall_64+0xac/0x200
[   51.464233][ T4337]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   51.464277][ T4337]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.464301][ T4337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.464323][ T4337] RIP: 0033:0x7f172e53ebe9
[   51.464337][ T4337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.464359][ T4337] RSP: 002b:00007f172cfa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   51.464379][ T4337] RAX: ffffffffffffffda RBX: 00007f172e765fa0 RCX: 00007f172e53ebe9
[   51.464392][ T4337] RDX: 0000000000000084 RSI: 0000000000000084 RDI: 0000000000000003
[   51.464420][ T4337] RBP: 00007f172cfa7090 R08: 0000000000000090 R09: 0000000000000000
[   51.464432][ T4337] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000001
[   51.464474][ T4337] R13: 00007f172e766038 R14: 00007f172e765fa0 R15: 00007ffe3370b3f8
[   51.464493][ T4337]  </TASK>
[   51.759319][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.827823][ T4360] FAULT_INJECTION: forcing a failure.
[   51.827823][ T4360] name failslab, interval 1, probability 0, space 0, times 0
[   51.840629][ T4360] CPU: 1 UID: 0 PID: 4360 Comm: syz.2.301 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   51.840707][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   51.840723][ T4360] Call Trace:
[   51.840731][ T4360]  <TASK>
[   51.840739][ T4360]  __dump_stack+0x1d/0x30
[   51.840789][ T4360]  dump_stack_lvl+0xe8/0x140
[   51.840820][ T4360]  dump_stack+0x15/0x1b
[   51.840840][ T4360]  should_fail_ex+0x265/0x280
[   51.840865][ T4360]  should_failslab+0x8c/0xb0
[   51.840893][ T4360]  kmem_cache_alloc_noprof+0x50/0x310
[   51.840924][ T4360]  ? __anon_vma_prepare+0xcd/0x2f0
[   51.840942][ T4360]  __anon_vma_prepare+0xcd/0x2f0
[   51.841014][ T4360]  handle_mm_fault+0x1d58/0x2c20
[   51.841050][ T4360]  do_user_addr_fault+0x636/0x1090
[   51.841090][ T4360]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   51.841145][ T4360]  exc_page_fault+0x62/0xa0
[   51.841254][ T4360]  asm_exc_page_fault+0x26/0x30
[   51.841278][ T4360] RIP: 0033:0x7fe2609d0ba3
[   51.841296][ T4360] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   51.841319][ T4360] RSP: 002b:00007fe25f56e4a0 EFLAGS: 00010202
[   51.841338][ T4360] RAX: 0000000000008000 RBX: 00007fe25f56e540 RCX: 00007fe25714f000
[   51.841415][ T4360] RDX: 00007fe25f56e6e0 RSI: 000000000000002e RDI: 00007fe25f56e5e0
[   51.841428][ T4360] RBP: 0000000000000102 R08: 0000000000000006 R09: 000000000000000d
[   51.841443][ T4360] R10: 000000000000001a R11: 00007fe25f56e540 R12: 0000000000000001
[   51.841458][ T4360] R13: 00007fe260bad980 R14: 0000000000000001 R15: 00007fe25f56e5e0
[   51.841480][ T4360]  </TASK>
[   51.841493][ T4360] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   51.929186][ T4364] netlink: 20 bytes leftover after parsing attributes in process `syz.1.300'.
[   51.957978][ T4360] loop2: detected capacity change from 0 to 164
[   51.993243][ T4363] lo speed is unknown, defaulting to 1000
[   52.013373][ T4364] sd 0:0:1:0: device reset
[   52.043652][ T4366] netlink: 'syz.3.303': attribute type 13 has an invalid length.
[   52.088216][ T4366] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   52.132968][ T4372] netlink: 36 bytes leftover after parsing attributes in process `syz.2.305'.
[   52.167589][ T4372] loop2: detected capacity change from 0 to 512
[   52.175742][ T4372] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   52.203758][ T4372] EXT4-fs (loop2): 1 truncate cleaned up
[   52.210874][ T4372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.322022][ T4397] loop1: detected capacity change from 0 to 512
[   52.330375][ T4397] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.360521][ T4397] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   52.373376][ T4400] netlink: 'syz.2.305': attribute type 27 has an invalid length.
[   52.375705][ T4397] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.429507][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   52.443720][ T4408] FAULT_INJECTION: forcing a failure.
[   52.443720][ T4408] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   52.456985][ T4408] CPU: 0 UID: 0 PID: 4408 Comm: syz.4.320 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   52.457015][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.457029][ T4408] Call Trace:
[   52.457036][ T4408]  <TASK>
[   52.457044][ T4408]  __dump_stack+0x1d/0x30
[   52.457088][ T4408]  dump_stack_lvl+0xe8/0x140
[   52.457111][ T4408]  dump_stack+0x15/0x1b
[   52.457175][ T4408]  should_fail_ex+0x265/0x280
[   52.457198][ T4408]  should_fail+0xb/0x20
[   52.457212][ T4408]  should_fail_usercopy+0x1a/0x20
[   52.457250][ T4408]  _copy_from_user+0x1c/0xb0
[   52.457278][ T4408]  memdup_user+0x5e/0xd0
[   52.457307][ T4408]  strndup_user+0x68/0xb0
[   52.457331][ T4408]  __se_sys_mount+0x4d/0x2e0
[   52.457395][ T4408]  ? fput+0x8f/0xc0
[   52.457428][ T4408]  ? ksys_write+0x192/0x1a0
[   52.457454][ T4408]  __x64_sys_mount+0x67/0x80
[   52.457480][ T4408]  x64_sys_call+0x2b4d/0x2ff0
[   52.457595][ T4408]  do_syscall_64+0xd2/0x200
[   52.457672][ T4408]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.457711][ T4408]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   52.457736][ T4408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.457762][ T4408] RIP: 0033:0x7f1fb50febe9
[   52.457863][ T4408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.457887][ T4408] RSP: 002b:00007f1fb3b67038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   52.457911][ T4408] RAX: ffffffffffffffda RBX: 00007f1fb5325fa0 RCX: 00007f1fb50febe9
[   52.457927][ T4408] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[   52.457942][ T4408] RBP: 00007f1fb3b67090 R08: 0000200000000340 R09: 0000000000000000
[   52.457958][ T4408] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[   52.457974][ T4408] R13: 00007f1fb5326038 R14: 00007f1fb5325fa0 R15: 00007ffce5549e38
[   52.458055][ T4408]  </TASK>
[   52.730544][ T4416] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   52.742027][   T29] kauditd_printk_skb: 355 callbacks suppressed
[   52.742041][   T29] audit: type=1400 audit(1754806691.378:1185): avc:  denied  { create } for  pid=4417 comm="syz.4.324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   52.777041][ T4416] FAULT_INJECTION: forcing a failure.
[   52.777041][ T4416] name failslab, interval 1, probability 0, space 0, times 0
[   52.789735][ T4416] CPU: 1 UID: 0 PID: 4416 Comm: syz.0.323 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   52.789773][ T4416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.789789][ T4416] Call Trace:
[   52.789798][ T4416]  <TASK>
[   52.789808][ T4416]  __dump_stack+0x1d/0x30
[   52.789909][ T4416]  dump_stack_lvl+0xe8/0x140
[   52.789947][ T4416]  dump_stack+0x15/0x1b
[   52.789963][ T4416]  should_fail_ex+0x265/0x280
[   52.790064][ T4416]  ? fifo_create_dflt+0xe8/0x1a0
[   52.790170][ T4416]  should_failslab+0x8c/0xb0
[   52.790205][ T4416]  __kmalloc_cache_noprof+0x4c/0x320
[   52.790245][ T4416]  ? qdisc_create_dflt+0x1c0/0x2d0
[   52.790297][ T4416]  fifo_create_dflt+0xe8/0x1a0
[   52.790351][ T4416]  tbf_change+0x636/0xcd0
[   52.790395][ T4416]  ? __list_add_valid_or_report+0x38/0xe0
[   52.790437][ T4416]  ? rtnetlink_rcv+0x1c/0x30
[   52.790476][ T4416]  ? netlink_unicast+0x5c0/0x690
[   52.790524][ T4416]  ? netlink_sendmsg+0x58b/0x6b0
[   52.790548][ T4416]  ? __sock_sendmsg+0x142/0x180
[   52.790584][ T4416]  ? read_tsc+0x9/0x20
[   52.790651][ T4416]  ? __pfx_tbf_init+0x10/0x10
[   52.790722][ T4416]  tbf_init+0x72/0x90
[   52.790756][ T4416]  qdisc_create+0x591/0x9e0
[   52.790782][ T4416]  tc_modify_qdisc+0xf2e/0x1420
[   52.790849][ T4416]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   52.790889][ T4416]  rtnetlink_rcv_msg+0x657/0x6d0
[   52.790971][ T4416]  netlink_rcv_skb+0x120/0x220
[   52.790993][ T4416]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   52.791107][ T4416]  rtnetlink_rcv+0x1c/0x30
[   52.791129][ T4416]  netlink_unicast+0x5c0/0x690
[   52.791162][ T4416]  netlink_sendmsg+0x58b/0x6b0
[   52.791245][ T4416]  ? __pfx_netlink_sendmsg+0x10/0x10
[   52.791270][ T4416]  __sock_sendmsg+0x142/0x180
[   52.791303][ T4416]  ____sys_sendmsg+0x31e/0x4e0
[   52.791333][ T4416]  ___sys_sendmsg+0x17b/0x1d0
[   52.791390][ T4416]  __x64_sys_sendmsg+0xd4/0x160
[   52.791414][ T4416]  x64_sys_call+0x191e/0x2ff0
[   52.791440][ T4416]  do_syscall_64+0xd2/0x200
[   52.791607][ T4416]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.791637][ T4416]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   52.791659][ T4416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.791756][ T4416] RIP: 0033:0x7fd3b43cebe9
[   52.791775][ T4416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.791798][ T4416] RSP: 002b:00007fd3b2e2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   52.791846][ T4416] RAX: ffffffffffffffda RBX: 00007fd3b45f5fa0 RCX: 00007fd3b43cebe9
[   52.791857][ T4416] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000006
[   52.791870][ T4416] RBP: 00007fd3b2e2f090 R08: 0000000000000000 R09: 0000000000000000
[   52.791967][ T4416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.791979][ T4416] R13: 00007fd3b45f6038 R14: 00007fd3b45f5fa0 R15: 00007ffec07484d8
[   52.792002][ T4416]  </TASK>
[   52.797924][ T4418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.324'.
[   52.821929][   T29] audit: type=1400 audit(1754806691.428:1186): avc:  denied  { getopt } for  pid=4417 comm="syz.4.324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   52.838645][ T4422] FAULT_INJECTION: forcing a failure.
[   52.838645][ T4422] name failslab, interval 1, probability 0, space 0, times 0
[   52.891487][ T4418] netlink: 27 bytes leftover after parsing attributes in process `syz.4.324'.
[   52.892777][ T4422] CPU: 0 UID: 0 PID: 4422 Comm: syz.1.326 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   52.892809][ T4422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.892834][ T4422] Call Trace:
[   52.892842][ T4422]  <TASK>
[   52.892851][ T4422]  __dump_stack+0x1d/0x30
[   52.892880][ T4422]  dump_stack_lvl+0xe8/0x140
[   52.892907][ T4422]  dump_stack+0x15/0x1b
[   52.892928][ T4422]  should_fail_ex+0x265/0x280
[   52.893004][ T4422]  should_failslab+0x8c/0xb0
[   52.893036][ T4422]  kmem_cache_alloc_noprof+0x50/0x310
[   52.893074][ T4422]  ? __anon_vma_prepare+0x70/0x2f0
[   52.893097][ T4422]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   52.893183][ T4422]  __anon_vma_prepare+0x70/0x2f0
[   52.893283][ T4422]  do_wp_page+0x1926/0x24e0
[   52.893311][ T4422]  ? __lruvec_stat_mod_folio+0xd6/0x120
[   52.893349][ T4422]  ? css_rstat_updated+0xb7/0x240
[   52.893393][ T4422]  ? __rcu_read_lock+0x37/0x50
[   52.893424][ T4422]  handle_mm_fault+0x77d/0x2c20
[   52.893510][ T4422]  do_user_addr_fault+0x636/0x1090
[   52.893557][ T4422]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   52.893656][ T4422]  exc_page_fault+0x62/0xa0
[   52.893722][ T4422]  asm_exc_page_fault+0x26/0x30
[   52.893748][ T4422] RIP: 0033:0x7f172e400ba3
[   52.893768][ T4422] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   52.893790][ T4422] RSP: 002b:00007f172cfa64a0 EFLAGS: 00010202
[   52.893810][ T4422] RAX: 0000000000000400 RBX: 00007f172cfa6540 RCX: 00007f1724b87000
[   52.893826][ T4422] RDX: 00007f172cfa66e0 RSI: 0000000000000001 RDI: 00007f172cfa65e0
[   52.893842][ T4422] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000ac
[   52.893930][ T4422] R10: 00000000000000c0 R11: 00007f172cfa6540 R12: 0000000000000001
[   52.893945][ T4422] R13: 00007f172e5dd980 R14: 0000000000000020 R15: 00007f172cfa65e0
[   52.893969][ T4422]  </TASK>
[   52.893981][ T4422] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   53.338988][ T4422] loop1: detected capacity change from 0 to 1024
[   53.347342][ T4422] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   53.355986][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.359242][ T4422] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #3: block 1: comm syz.1.326: lblock 1 mapped to illegal pblock 1 (length 1)
[   53.380839][ T4422] Quota error (device loop1): write_blk: dquota write failed
[   53.388357][ T4422] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   53.400204][ T4422] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.326: Failed to acquire dquot type 0
[   53.403138][ T4425] loop0: detected capacity change from 0 to 512
[   53.411814][ T4422] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.326: Freeing blocks not in datazone - block = 0, count = 4096
[   53.432272][ T4422] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.326: Invalid inode bitmap blk 0 in block_group 0
[   53.445265][ T4422] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[   53.454150][ T4197] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:11: lblock 1 mapped to illegal pblock 1 (length 1)
[   53.470053][ T4197] Quota error (device loop1): remove_tree: Can't read quota data block 1
[   53.478540][ T4197] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:11: Failed to release dquot type 0
[   53.480679][ T4422] EXT4-fs (loop1): 1 orphan inode deleted
[   53.495976][ T4429] loop2: detected capacity change from 0 to 1024
[   53.502907][ T4429] EXT4-fs: Ignoring removed nobh option
[   53.503185][ T4422] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.508541][ T4429] EXT4-fs: inline encryption not supported
[   53.527415][ T4425] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   53.529289][ T4429] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.537370][ T4422] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.553469][ T4429] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.327: Allocating blocks 385-513 which overlap fs metadata
[   53.570298][   T29] audit: type=1326 audit(1754806692.198:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   53.594296][   T29] audit: type=1326 audit(1754806692.198:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   53.617604][   T29] audit: type=1326 audit(1754806692.198:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   53.641025][   T29] audit: type=1326 audit(1754806692.198:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   53.662216][ T4434] lo speed is unknown, defaulting to 1000
[   53.664446][   T29] audit: type=1326 audit(1754806692.198:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.4.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fb50febe9 code=0x7ffc0000
[   53.704901][ T4427] loop4: detected capacity change from 0 to 256
[   53.714888][ T4425] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   53.729353][ T4425] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.740736][ T4427] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   53.756370][ T4427] bpf: Bad value for 'gid'
[   53.778607][ T4442] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   53.791217][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   53.845772][ T4448] loop1: detected capacity change from 0 to 512
[   53.852856][ T4448] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   53.864431][ T4448] EXT4-fs (loop1): 1 orphan inode deleted
[   53.870216][ T4448] EXT4-fs (loop1): 1 truncate cleaned up
[   53.876376][ T4448] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.921096][ T4448] EXT4-fs error (device loop1): ext4_lookup:1787: inode #14: comm syz.1.335: invalid fast symlink length 39
[   53.933325][ T4448] EXT4-fs (loop1): Remounting filesystem read-only
[   53.953987][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.971207][ T4453] netlink: 4 bytes leftover after parsing attributes in process `syz.1.336'.
[   53.980045][ T4453] tipc: Enabling of bearer <et:s> rejected, media not registered
[   54.029149][ T4457] netlink: 'syz.1.339': attribute type 1 has an invalid length.
[   54.126283][ T4469] loop1: detected capacity change from 0 to 512
[   54.133645][ T4469] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   54.151668][ T4469] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   54.164471][ T4469] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   54.187186][ T4461] lo speed is unknown, defaulting to 1000
[   54.194229][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   54.289392][ T4461] chnl_net:caif_netlink_parms(): no params data found
[   54.302061][ T4428] EXT4-fs (loop2): pa ffff888106dd09a0: logic 16, phys. 129, len 24
[   54.310263][ T4428] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   54.352351][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.355054][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.368606][ T4461] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.375897][ T4461] bridge_slave_0: entered allmulticast mode
[   54.382510][ T4461] bridge_slave_0: entered promiscuous mode
[   54.389516][ T4461] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.396588][ T4461] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.403922][ T4461] bridge_slave_1: entered allmulticast mode
[   54.410583][ T4461] bridge_slave_1: entered promiscuous mode
[   54.433289][ T4461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.443840][ T4461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.457563][ T4504] loop2: detected capacity change from 0 to 512
[   54.465179][ T4504] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   54.481509][ T4461] team0: Port device team_slave_0 added
[   54.483698][ T4504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   54.501201][ T4461] team0: Port device team_slave_1 added
[   54.507088][ T4504] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   54.507276][ T4506] 
: renamed from bond0 (while UP)
[   54.559631][ T4461] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.567005][ T4461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.568364][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   54.593155][ T4461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.613626][ T4461] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.620711][ T4461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.627193][ T4513] netlink: 36 bytes leftover after parsing attributes in process `syz.3.358'.
[   54.646741][ T4461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.674096][ T4513] loop3: detected capacity change from 0 to 512
[   54.687242][ T4513] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   54.708708][ T4513] EXT4-fs (loop3): 1 truncate cleaned up
[   54.714893][ T4513] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.731330][ T4521] FAULT_INJECTION: forcing a failure.
[   54.731330][ T4521] name failslab, interval 1, probability 0, space 0, times 0
[   54.732867][ T4461] hsr_slave_0: entered promiscuous mode
[   54.743988][ T4521] CPU: 0 UID: 0 PID: 4521 Comm: syz.2.357 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   54.744076][ T4521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.744091][ T4521] Call Trace:
[   54.744099][ T4521]  <TASK>
[   54.744109][ T4521]  __dump_stack+0x1d/0x30
[   54.744138][ T4521]  dump_stack_lvl+0xe8/0x140
[   54.744166][ T4521]  dump_stack+0x15/0x1b
[   54.744191][ T4521]  should_fail_ex+0x265/0x280
[   54.744227][ T4521]  should_failslab+0x8c/0xb0
[   54.744262][ T4521]  kmem_cache_alloc_node_noprof+0x57/0x320
[   54.744340][ T4521]  ? __alloc_skb+0x101/0x320
[   54.744454][ T4521]  __alloc_skb+0x101/0x320
[   54.744507][ T4521]  netlink_alloc_large_skb+0xba/0xf0
[   54.744707][ T4521]  netlink_sendmsg+0x3cf/0x6b0
[   54.744739][ T4521]  ? __pfx_netlink_sendmsg+0x10/0x10
[   54.744772][ T4521]  __sock_sendmsg+0x142/0x180
[   54.744809][ T4521]  ____sys_sendmsg+0x31e/0x4e0
[   54.744852][ T4521]  ___sys_sendmsg+0x17b/0x1d0
[   54.744900][ T4521]  __x64_sys_sendmsg+0xd4/0x160
[   54.744944][ T4521]  x64_sys_call+0x191e/0x2ff0
[   54.744993][ T4521]  do_syscall_64+0xd2/0x200
[   54.745071][ T4521]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.745105][ T4521]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.745139][ T4521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.745173][ T4521] RIP: 0033:0x7fe260b0ebe9
[   54.745211][ T4521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.745236][ T4521] RSP: 002b:00007fe25f56f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   54.745342][ T4521] RAX: ffffffffffffffda RBX: 00007fe260d35fa0 RCX: 00007fe260b0ebe9
[   54.745360][ T4521] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[   54.745377][ T4521] RBP: 00007fe25f56f090 R08: 0000000000000000 R09: 0000000000000000
[   54.745393][ T4521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.745410][ T4521] R13: 00007fe260d36038 R14: 00007fe260d35fa0 R15: 00007ffdf20a7a18
[   54.745482][ T4521]  </TASK>
[   55.007772][ T4461] hsr_slave_1: entered promiscuous mode
[   55.013590][ T4523] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[   55.020311][ T4523] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   55.027864][ T4523] vhci_hcd vhci_hcd.0: Device attached
[   55.029773][ T4461] debugfs: 'hsr0' already exists in 'hsr'
[   55.039176][ T4461] Cannot create hsr debugfs directory
[   55.065103][ T4523] netlink: 'syz.3.358': attribute type 27 has an invalid length.
[   55.188201][ T4532] loop0: detected capacity change from 0 to 1024
[   55.197853][ T4203] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.228223][ T4461] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   55.237934][ T4461] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   55.259301][ T4461] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   55.266812][ T4532] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.278970][ T3406] usb 7-1: new low-speed USB device number 3 using vhci_hcd
[   55.404923][ T4461] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   55.432259][ T4203] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.448220][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.480420][ T4203] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.492640][ T4549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.362'.
[   55.570615][ T4203] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.600132][ T4527] vhci_hcd: connection reset by peer
[   55.606299][   T12] vhci_hcd: stop threads
[   55.610612][   T12] vhci_hcd: release socket
[   55.615043][   T12] vhci_hcd: disconnect device
[   55.619880][ T4461] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.642264][ T4556] loop0: detected capacity change from 0 to 512
[   55.646525][ T4461] 8021q: adding VLAN 0 to HW filter on device team0
[   55.655566][ T4556] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   55.681807][ T4556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   55.699652][ T4195] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.706843][ T4195] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.721360][ T4203] bridge_slave_1: left allmulticast mode
[   55.727152][ T4203] bridge_slave_1: left promiscuous mode
[   55.732812][ T4203] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.744778][ T4556] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.751304][ T4562] netlink: 8 bytes leftover after parsing attributes in process `syz.2.369'.
[   55.765103][ T4203] bridge_slave_0: left allmulticast mode
[   55.770832][ T4203] bridge_slave_0: left promiscuous mode
[   55.776594][ T4203] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.873929][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   55.891864][ T4203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   55.903714][ T4203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   55.922012][ T4203] bond0 (unregistering): Released all slaves
[   55.934455][ T4195] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.941582][ T4195] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.040959][ T4203] hsr_slave_0: left promiscuous mode
[   56.048716][ T4203] hsr_slave_1: left promiscuous mode
[   56.054295][ T4203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   56.061846][ T4203] batman_adv: batadv0: Removing interface: batadv_slave_0
[   56.071778][ T4203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   56.079259][ T4203] batman_adv: batadv0: Removing interface: batadv_slave_1
[   56.100236][ T4203] veth1_macvtap: left promiscuous mode
[   56.106150][ T4203] veth0_macvtap: left promiscuous mode
[   56.126953][ T4203] veth1_vlan: left promiscuous mode
[   56.133155][ T4203] veth0_vlan: left promiscuous mode
[   56.134351][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.161456][ T4571] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   56.201062][ T4571] loop3: detected capacity change from 0 to 1024
[   56.214255][ T4571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.249146][ T4571] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.260136][ T4203] team0 (unregistering): Port device team_slave_1 removed
[   56.270185][ T4203] team0 (unregistering): Port device team_slave_0 removed
[   56.314206][ T4575] loop1: detected capacity change from 0 to 1024
[   56.322717][ T4575] EXT4-fs: Ignoring removed orlov option
[   56.332736][   T23] lo speed is unknown, defaulting to 1000
[   56.338611][   T23] infiniband syz2: ib_query_port failed (-19)
[   56.340122][ T4575] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.378937][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.419582][ T4461] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.624412][ T4461] veth0_vlan: entered promiscuous mode
[   56.640029][ T4461] veth1_vlan: entered promiscuous mode
[   56.727456][ T4461] veth0_macvtap: entered promiscuous mode
[   56.737322][ T4461] veth1_macvtap: entered promiscuous mode
[   56.763917][ T4461] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.771855][ T4608] loop3: detected capacity change from 0 to 512
[   56.775582][ T4461] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.793986][ T4199] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.803257][ T4608] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   56.827038][ T4199] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.842603][ T4588] netlink: 'syz.1.373': attribute type 21 has an invalid length.
[   56.842879][ T4608] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   56.850518][ T4588] netlink: 156 bytes leftover after parsing attributes in process `syz.1.373'.
[   56.856088][ T4588] netlink: 'syz.1.373': attribute type 1 has an invalid length.
[   56.869945][ T4199] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.889131][ T4608] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.911679][ T4199] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.934527][ T4615] netlink: 36 bytes leftover after parsing attributes in process `syz.0.381'.
[   56.948539][ T4588] bond1: entered promiscuous mode
[   56.953595][ T4588] bond1: entered allmulticast mode
[   56.964778][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   56.984367][ T4615] loop0: detected capacity change from 0 to 512
[   56.991835][ T4575] netlink: 28 bytes leftover after parsing attributes in process `syz.1.373'.
[   57.003935][ T4615] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   57.057613][ T4615] EXT4-fs (loop0): 1 truncate cleaned up
[   57.075284][ T4615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.215747][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.253626][ T4628] netlink: 'syz.0.381': attribute type 27 has an invalid length.
[   57.377457][ T4637] loop3: detected capacity change from 0 to 512
[   57.399333][ T4637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.413148][ T4637] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.471107][ T4644] bond0: entered promiscuous mode
[   57.476196][ T4644] bond0: entered allmulticast mode
[   57.481795][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.500873][ T4644] bond0 (unregistering): Released all slaves
[   57.609459][ T4651] loop5: detected capacity change from 0 to 512
[   57.623250][ T4651] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   57.639369][ T4651] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.878988][   T29] kauditd_printk_skb: 258 callbacks suppressed
[   57.879006][   T29] audit: type=1400 audit(1754806696.518:1450): avc:  denied  { setopt } for  pid=4659 comm="syz.0.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   57.906824][ T4660] loop0: detected capacity change from 0 to 128
[   57.916727][   T29] audit: type=1400 audit(1754806696.558:1451): avc:  denied  { mount } for  pid=4659 comm="syz.0.393" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   57.946294][   T29] audit: type=1400 audit(1754806696.578:1452): avc:  denied  { ioctl } for  pid=4661 comm="syz.2.394" path="socket:[9588]" dev="sockfs" ino=9588 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   57.976992][   T29] audit: type=1400 audit(1754806696.608:1453): avc:  denied  { write } for  pid=4659 comm="syz.0.393" path="socket:[9582]" dev="sockfs" ino=9582 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   58.008970][ T4664] netlink: 'syz.2.395': attribute type 1 has an invalid length.
[   58.059387][ T4668] bridge_slave_0: left allmulticast mode
[   58.065176][ T4668] bridge_slave_0: left promiscuous mode
[   58.071064][ T4668] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.081155][ T4668] bridge_slave_1: left allmulticast mode
[   58.087018][ T4668] bridge_slave_1: left promiscuous mode
[   58.092676][ T4668] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.106429][   T29] audit: type=1400 audit(1754806696.738:1454): avc:  denied  { unmount } for  pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   58.130105][ T4668] bond0: (slave bond_slave_0): Releasing backup interface
[   58.152671][ T4668] bond0: (slave bond_slave_1): Releasing backup interface
[   58.164803][ T4669] netlink: 132 bytes leftover after parsing attributes in process `syz.2.396'.
[   58.174855][ T4675] FAULT_INJECTION: forcing a failure.
[   58.174855][ T4675] name failslab, interval 1, probability 0, space 0, times 0
[   58.186947][   T29] audit: type=1326 audit(1754806696.808:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4672 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3b43cebe9 code=0x7ffc0000
[   58.187739][ T4675] CPU: 0 UID: 0 PID: 4675 Comm: syz.1.399 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   58.187810][ T4675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.187826][ T4675] Call Trace:
[   58.187905][ T4675]  <TASK>
[   58.187914][ T4675]  __dump_stack+0x1d/0x30
[   58.187940][ T4675]  dump_stack_lvl+0xe8/0x140
[   58.187965][ T4675]  dump_stack+0x15/0x1b
[   58.187987][ T4675]  should_fail_ex+0x265/0x280
[   58.188014][ T4675]  should_failslab+0x8c/0xb0
[   58.188075][ T4675]  __kmalloc_noprof+0xa5/0x3e0
[   58.188130][ T4675]  ? alloc_pipe_info+0x1c9/0x350
[   58.188163][ T4675]  alloc_pipe_info+0x1c9/0x350
[   58.188194][ T4675]  splice_direct_to_actor+0x592/0x680
[   58.188231][ T4675]  ? __pfx_direct_splice_actor+0x10/0x10
[   58.188258][ T4675]  ? selinux_file_permission+0x2f0/0x320
[   58.188405][ T4675]  do_splice_direct+0xda/0x150
[   58.188429][ T4675]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   58.188472][ T4675]  do_sendfile+0x380/0x650
[   58.188513][ T4675]  __x64_sys_sendfile64+0x105/0x150
[   58.188563][ T4675]  x64_sys_call+0x2bb0/0x2ff0
[   58.188591][ T4675]  do_syscall_64+0xd2/0x200
[   58.188626][ T4675]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.188656][ T4675]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.188729][ T4675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.188756][ T4675] RIP: 0033:0x7f172e53ebe9
[   58.188787][ T4675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.188810][ T4675] RSP: 002b:00007f172cfa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   58.188836][ T4675] RAX: ffffffffffffffda RBX: 00007f172e765fa0 RCX: 00007f172e53ebe9
[   58.188852][ T4675] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[   58.188868][ T4675] RBP: 00007f172cfa7090 R08: 0000000000000000 R09: 0000000000000000
[   58.188883][ T4675] R10: 7fffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[   58.188899][ T4675] R13: 00007f172e766038 R14: 00007f172e765fa0 R15: 00007ffe3370b3f8
[   58.188923][ T4675]  </TASK>
[   58.328890][    C0] hrtimer: interrupt took 28550 ns
[   58.334427][   T29] audit: type=1326 audit(1754806696.808:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4672 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3b43cebe9 code=0x7ffc0000
[   58.346586][ T4678] loop0: detected capacity change from 0 to 1024
[   58.366391][   T29] audit: type=1326 audit(1754806696.918:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4672 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd3b43cebe9 code=0x7ffc0000
[   58.381217][ T4668] team0: Port device team_slave_0 removed
[   58.389082][   T29] audit: type=1326 audit(1754806696.918:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4672 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3b43cebe9 code=0x7ffc0000
[   58.389115][   T29] audit: type=1326 audit(1754806696.918:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4672 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3b43cebe9 code=0x7ffc0000
[   58.417897][ T4678] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   58.546574][ T4668] team0: Port device team_slave_1 removed
[   58.555919][ T4668] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.563510][ T4668] batman_adv: batadv0: Removing interface: batadv_slave_0
[   58.569957][ T4678] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #3: block 1: comm syz.0.400: lblock 1 mapped to illegal pblock 1 (length 1)
[   58.586244][ T4668] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   58.591020][ T4689] loop5: detected capacity change from 0 to 512
[   58.593730][ T4668] batman_adv: batadv0: Removing interface: batadv_slave_1
[   58.601887][ T4678] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.400: Failed to acquire dquot type 0
[   58.619070][ T4678] EXT4-fs error (device loop0): ext4_free_blocks:6696: comm syz.0.400: Freeing blocks not in datazone - block = 0, count = 4096
[   58.633857][ T4678] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.400: Invalid inode bitmap blk 0 in block_group 0
[   58.651679][ T4689] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   58.662117][ T4214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:28: lblock 1 mapped to illegal pblock 1 (length 1)
[   58.670427][ T4678] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[   58.678160][ T4214] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:28: Failed to release dquot type 0
[   58.685640][ T4678] EXT4-fs (loop0): 1 orphan inode deleted
[   58.711761][ T4689] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.779867][ T4696] loop3: detected capacity change from 0 to 512
[   58.826496][ T4696] ext4 filesystem being mounted at /81/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   58.826517][ T4700] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.900562][ T4711] loop0: detected capacity change from 0 to 512
[   58.916121][ T4711] EXT4-fs: Ignoring removed i_version option
[   58.924232][ T4711] EXT4-fs (loop0): orphan cleanup on readonly fs
[   58.939644][ T4700] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.966667][ T4718] FAULT_INJECTION: forcing a failure.
[   58.966667][ T4718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.967927][ T4711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.411: bg 0: block 131: padding at end of block bitmap is not set
[   58.979894][ T4718] CPU: 0 UID: 0 PID: 4718 Comm: syz.2.412 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   58.979923][ T4718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.979937][ T4718] Call Trace:
[   58.979946][ T4718]  <TASK>
[   58.979956][ T4718]  __dump_stack+0x1d/0x30
[   58.980047][ T4718]  dump_stack_lvl+0xe8/0x140
[   58.980073][ T4718]  dump_stack+0x15/0x1b
[   58.980099][ T4718]  should_fail_ex+0x265/0x280
[   58.980128][ T4718]  ? __pfx_do_pagemap_cmd+0x10/0x10
[   58.980164][ T4718]  should_fail+0xb/0x20
[   58.980188][ T4718]  should_fail_usercopy+0x1a/0x20
[   58.980288][ T4718]  _copy_from_user+0x1c/0xb0
[   58.980338][ T4718]  do_pagemap_cmd+0x77/0x9c0
[   58.980454][ T4718]  ? do_vfs_ioctl+0x7ca/0xe10
[   58.980487][ T4718]  ? __pfx_do_pagemap_cmd+0x10/0x10
[   58.980522][ T4718]  __se_sys_ioctl+0xce/0x140
[   58.980640][ T4718]  __x64_sys_ioctl+0x43/0x50
[   58.980688][ T4718]  x64_sys_call+0x1816/0x2ff0
[   58.980718][ T4718]  do_syscall_64+0xd2/0x200
[   58.980833][ T4718]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.980868][ T4718]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.980903][ T4718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.980934][ T4718] RIP: 0033:0x7fe260b0ebe9
[   58.980990][ T4718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.981015][ T4718] RSP: 002b:00007fe25f56f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.981064][ T4718] RAX: ffffffffffffffda RBX: 00007fe260d35fa0 RCX: 00007fe260b0ebe9
[   58.981083][ T4718] RDX: 0000200000000100 RSI: 00000000c0606610 RDI: 0000000000000004
[   58.981101][ T4718] RBP: 00007fe25f56f090 R08: 0000000000000000 R09: 0000000000000000
[   58.981116][ T4718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.981148][ T4718] R13: 00007fe260d36038 R14: 00007fe260d35fa0 R15: 00007ffdf20a7a18
[   58.981174][ T4718]  </TASK>
[   59.051063][ T4711] EXT4-fs (loop0): Remounting filesystem read-only
[   59.195810][ T4719] netlink: 32 bytes leftover after parsing attributes in process `syz.3.404'.
[   59.208760][ T4711] EXT4-fs (loop0): 1 truncate cleaned up
[   59.290531][ T4700] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.426546][ T4721] loop5: detected capacity change from 0 to 512
[   59.468847][ T4700] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.507844][ T4721] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   59.618428][ T4224] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.627021][ T4224] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.635982][ T4224] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.644635][ T4224] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.670336][ T4721] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.684335][ T4729] 9pnet_fd: Insufficient options for proto=fd
[   59.717812][ T4731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.417'.
[   59.954611][ T4741] loop0: detected capacity change from 0 to 512
[   59.961392][ T4741] EXT4-fs: Ignoring removed i_version option
[   60.131087][ T4750] netlink: 28 bytes leftover after parsing attributes in process `syz.3.422'.
[   60.307297][ T3406] usb 7-1: enqueue for inactive port 0
[   60.314747][ T3406] usb 7-1: enqueue for inactive port 0
[   60.831901][ T4759] loop2: detected capacity change from 0 to 512
[   61.359336][ T3406] vhci_hcd: vhci_device speed not set
[   63.325362][ T4741] EXT4-fs: error -4 creating inode table initialization thread
[   63.333072][ T4741] EXT4-fs (loop0): mount failed
[   63.363652][ T4759] EXT4-fs (loop2): 1 orphan inode deleted
[   63.376576][ T4759] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.465053][ T4767] netlink: 28 bytes leftover after parsing attributes in process `syz.5.426'.
[   63.475035][ T4759] EXT4-fs (loop2): resizing filesystem from 64 to 1 blocks
[   63.482332][ T4759] EXT4-fs warning (device loop2): ext4_resize_fs:2042: can't shrink FS - resize aborted
[   63.644322][ T4769] loop0: detected capacity change from 0 to 4096
[   63.764849][ T4769] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.427: corrupted inode contents
[   63.786857][ T4769] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #15: comm syz.0.427: mark_inode_dirty error
[   63.813005][ T4769] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.427: corrupted inode contents
[   63.833488][ T4769] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #15: comm syz.0.427: mark_inode_dirty error
[   63.885446][ T4769] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.427: corrupted inode contents
[   63.899100][   T29] kauditd_printk_skb: 50 callbacks suppressed
[   63.899115][   T29] audit: type=1400 audit(1754806702.518:1507): avc:  denied  { remove_name } for  pid=4768 comm="syz.0.427" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   63.927790][   T29] audit: type=1400 audit(1754806702.518:1508): avc:  denied  { rename } for  pid=4768 comm="syz.0.427" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   63.950021][   T29] audit: type=1400 audit(1754806702.518:1509): avc:  denied  { unlink } for  pid=4768 comm="syz.0.427" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   63.972350][   T29] audit: type=1400 audit(1754806702.518:1510): avc:  denied  { rename } for  pid=4768 comm="syz.0.427" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   63.994640][   T29] audit: type=1400 audit(1754806702.518:1511): avc:  denied  { rmdir } for  pid=4768 comm="syz.0.427" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   64.052227][ T4789] netlink: 28 bytes leftover after parsing attributes in process `syz.1.433'.
[   64.061615][ T4769] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #15: comm syz.0.427: mark_inode_dirty error
[   64.091253][ T4791] netlink: 36 bytes leftover after parsing attributes in process `syz.1.434'.
[   64.111613][ T4769] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.427: corrupted inode contents
[   64.134397][ T4791] loop1: detected capacity change from 0 to 512
[   64.153518][ T4769] EXT4-fs error (device loop0): ext4_truncate:4666: inode #15: comm syz.0.427: mark_inode_dirty error
[   64.167639][ T4791] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   64.177941][ T4769] EXT4-fs error (device loop0) in ext4_setattr:6071: Corrupt filesystem
[   64.181645][ T4791] EXT4-fs (loop1): 1 truncate cleaned up
[   64.202520][ T4786] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.427: corrupted inode contents
[   64.243534][ T4801] netlink: 'syz.2.437': attribute type 21 has an invalid length.
[   64.274538][ T4807] netlink: 36 bytes leftover after parsing attributes in process `syz.0.438'.
[   64.295413][ T4807] loop0: detected capacity change from 0 to 512
[   64.302496][ T4807] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   64.324815][ T4812] netlink: 'syz.1.434': attribute type 27 has an invalid length.
[   64.332906][ T4807] EXT4-fs (loop0): 1 truncate cleaned up
[   64.460838][ T4816] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[   64.467468][ T4816] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   64.475064][ T4816] vhci_hcd vhci_hcd.0: Device attached
[   64.497262][ T4816] netlink: 'syz.0.438': attribute type 27 has an invalid length.
[   64.716965][ T3390] usb 1-1: new low-speed USB device number 2 using vhci_hcd
[   65.049843][ T4822] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   65.057463][ T4822] batman_adv: batadv0: Removing interface: batadv_slave_0
[   65.068201][ T4820] sd 0:0:1:0: device reset
[   65.087104][ T4822] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   65.094514][ T4822] batman_adv: batadv0: Removing interface: batadv_slave_1
[   65.160344][ T4817] vhci_hcd: connection reset by peer
[   65.167614][   T29] audit: type=1400 audit(1754806703.808:1512): avc:  denied  { bind } for  pid=4827 comm="syz.5.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   65.187077][   T29] audit: type=1400 audit(1754806703.808:1513): avc:  denied  { listen } for  pid=4827 comm="syz.5.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   65.213398][ T4201] vhci_hcd: stop threads
[   65.217776][ T4201] vhci_hcd: release socket
[   65.222280][ T4201] vhci_hcd: disconnect device
[   65.380215][ T4842] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   65.398266][ T4842] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[   65.418674][ T4844] netlink: 'syz.5.450': attribute type 1 has an invalid length.
[   65.591070][ T4846] infiniband syz1: set active
[   65.595795][ T4846] infiniband syz1: added syz_tun
[   65.613537][ T4846] RDS/IB: syz1: added
[   65.617945][ T4846] smc: adding ib device syz1 with port count 1
[   65.624382][ T4846] smc:    ib device syz1 port 1 has pnetid 
[   66.081647][ T4852] Set syz1 is full, maxelem 65536 reached
[   66.153391][   T29] audit: type=1400 audit(1754806704.788:1514): avc:  denied  { unmount } for  pid=4461 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   66.210928][   T29] audit: type=1326 audit(1754806704.848:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4868 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   66.248949][ T4872] pim6reg1: entered promiscuous mode
[   66.254289][ T4872] pim6reg1: entered allmulticast mode
[   66.263401][   T29] audit: type=1326 audit(1754806704.878:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4868 comm="syz.3.455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   66.624688][ T4891] netlink: 'syz.0.457': attribute type 21 has an invalid length.
[   66.634446][ T4891] netlink: 132 bytes leftover after parsing attributes in process `syz.0.457'.
[   67.015961][ T4902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.461'.
[   67.059315][ T4906] netlink: 36 bytes leftover after parsing attributes in process `syz.2.463'.
[   67.088485][ T4906] netlink: 'syz.2.463': attribute type 10 has an invalid length.
[   67.199554][ T4911] netlink: 32 bytes leftover after parsing attributes in process `syz.5.465'.
[   67.291308][ T4917] loop5: detected capacity change from 0 to 2048
[   67.415077][ T4930] loop3: detected capacity change from 0 to 128
[   67.438545][ T4930] syz.3.473: attempt to access beyond end of device
[   67.438545][ T4930] loop3: rw=2049, sector=129, nr_sectors = 1 limit=128
[   67.451981][ T4930] Buffer I/O error on dev loop3, logical block 129, lost async page write
[   67.462193][ T4930] syz.3.473: attempt to access beyond end of device
[   67.462193][ T4930] loop3: rw=2049, sector=130, nr_sectors = 1 limit=128
[   67.475545][ T4930] Buffer I/O error on dev loop3, logical block 130, lost async page write
[   67.497097][ T4930] syz.3.473: attempt to access beyond end of device
[   67.497097][ T4930] loop3: rw=2049, sector=139, nr_sectors = 1 limit=128
[   67.510561][ T4930] Buffer I/O error on dev loop3, logical block 139, lost async page write
[   67.519469][ T4930] syz.3.473: attempt to access beyond end of device
[   67.519469][ T4930] loop3: rw=2049, sector=140, nr_sectors = 1 limit=128
[   67.532847][ T4930] Buffer I/O error on dev loop3, logical block 140, lost async page write
[   67.541876][ T4930] syz.3.473: attempt to access beyond end of device
[   67.541876][ T4930] loop3: rw=2049, sector=141, nr_sectors = 1 limit=128
[   67.555276][ T4930] Buffer I/O error on dev loop3, logical block 141, lost async page write
[   67.567798][ T4930] syz.3.473: attempt to access beyond end of device
[   67.567798][ T4930] loop3: rw=2049, sector=142, nr_sectors = 1 limit=128
[   67.581247][ T4930] Buffer I/O error on dev loop3, logical block 142, lost async page write
[   67.584929][ T4936] loop0: detected capacity change from 0 to 1024
[   67.590291][ T4930] syz.3.473: attempt to access beyond end of device
[   67.590291][ T4930] loop3: rw=2049, sector=143, nr_sectors = 1 limit=128
[   67.598971][ T4936] EXT4-fs: Ignoring removed nobh option
[   67.609689][ T4930] Buffer I/O error on dev loop3, logical block 143, lost async page write
[   67.615228][ T4936] EXT4-fs: inline encryption not supported
[   67.629628][ T4930] syz.3.473: attempt to access beyond end of device
[   67.629628][ T4930] loop3: rw=2049, sector=144, nr_sectors = 1 limit=128
[   67.642998][ T4930] Buffer I/O error on dev loop3, logical block 144, lost async page write
[   67.652360][ T4930] syz.3.473: attempt to access beyond end of device
[   67.652360][ T4930] loop3: rw=2049, sector=147, nr_sectors = 1 limit=128
[   67.665759][ T4930] Buffer I/O error on dev loop3, logical block 147, lost async page write
[   67.679689][ T4930] syz.3.473: attempt to access beyond end of device
[   67.679689][ T4930] loop3: rw=2049, sector=148, nr_sectors = 1 limit=128
[   67.693059][ T4930] Buffer I/O error on dev loop3, logical block 148, lost async page write
[   67.695461][ T4936] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.474: Allocating blocks 385-513 which overlap fs metadata
[   67.716614][ T4934] FAULT_INJECTION: forcing a failure.
[   67.716614][ T4934] name failslab, interval 1, probability 0, space 0, times 0
[   67.729292][ T4934] CPU: 1 UID: 0 PID: 4934 Comm: syz.3.473 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   67.729321][ T4934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   67.729334][ T4934] Call Trace:
[   67.729341][ T4934]  <TASK>
[   67.729348][ T4934]  __dump_stack+0x1d/0x30
[   67.729444][ T4934]  dump_stack_lvl+0xe8/0x140
[   67.729470][ T4934]  dump_stack+0x15/0x1b
[   67.729492][ T4934]  should_fail_ex+0x265/0x280
[   67.729547][ T4934]  should_failslab+0x8c/0xb0
[   67.729579][ T4934]  kmem_cache_alloc_noprof+0x50/0x310
[   67.729618][ T4934]  ? fat_cache_add+0x1ef/0x4a0
[   67.729715][ T4934]  ? fat32_ent_get+0x52/0x80
[   67.729751][ T4934]  fat_cache_add+0x1ef/0x4a0
[   67.729841][ T4934]  fat_get_cluster+0x5a9/0x7b0
[   67.729884][ T4934]  fat_chain_add+0xc1/0x440
[   67.729921][ T4934]  fat_add_cluster+0x77/0xe0
[   67.729947][ T4934]  fat_fallocate+0x11e/0x1c0
[   67.729972][ T4934]  vfs_fallocate+0x3b6/0x400
[   67.730053][ T4934]  __x64_sys_fallocate+0x7a/0xd0
[   67.730088][ T4934]  x64_sys_call+0x2514/0x2ff0
[   67.730117][ T4934]  do_syscall_64+0xd2/0x200
[   67.730152][ T4934]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   67.730255][ T4934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.730283][ T4934] RIP: 0033:0x7f6b1967ebe9
[   67.730302][ T4934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.730326][ T4934] RSP: 002b:00007f6b180be038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   67.730350][ T4934] RAX: ffffffffffffffda RBX: 00007f6b198a6090 RCX: 00007f6b1967ebe9
[   67.730366][ T4934] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006
[   67.730382][ T4934] RBP: 00007f6b180be090 R08: 0000000000000000 R09: 0000000000000000
[   67.730417][ T4934] R10: 00000000001001f0 R11: 0000000000000246 R12: 0000000000000001
[   67.730430][ T4934] R13: 00007f6b198a6128 R14: 00007f6b198a6090 R15: 00007ffdc86fa598
[   67.730507][ T4934]  </TASK>
[   67.995108][ T4948] netlink: 28 bytes leftover after parsing attributes in process `syz.5.479'.
[   68.112263][ T4956] loop5: detected capacity change from 0 to 512
[   68.121118][ T4956] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 4294967295: comm syz.5.481: invalid block
[   68.134574][ T4956] EXT4-fs (loop5): Remounting filesystem read-only
[   68.141306][ T4956] EXT4-fs (loop5): 2 truncates cleaned up
[   68.207399][ T4946] netlink: 24 bytes leftover after parsing attributes in process `syz.3.477'.
[   68.343851][ T4967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4967 comm=syz.1.485
[   68.401040][ T4935] EXT4-fs (loop0): pa ffff888106dd0150: logic 16, phys. 129, len 24
[   68.409115][ T4935] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   68.444008][ T4971] loop1: detected capacity change from 0 to 512
[   68.451747][ T4971] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   68.575316][ T4969] loop5: detected capacity change from 0 to 32768
[   68.575739][ T4971] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.625904][ T4969] SELinux:  policydb magic number 0x7cff8c4f does not match expected magic number 0xf97cff8c
[   68.644696][ T4969] SELinux: failed to load policy
[   68.714600][ T4982] netlink: 36 bytes leftover after parsing attributes in process `syz.1.491'.
[   68.749500][ T4982] netlink: 'syz.1.491': attribute type 10 has an invalid length.
[   68.881561][ T4999] netlink: 'syz.0.497': attribute type 13 has an invalid length.
[   68.881740][ T4995] loop2: detected capacity change from 0 to 164
[   68.894553][ T4998] loop5: detected capacity change from 0 to 512
[   68.903523][ T4999] gretap0: refused to change device tx_queue_len
[   68.926575][   T29] kauditd_printk_skb: 129 callbacks suppressed
[   68.926591][   T29] audit: type=1400 audit(1754806707.558:1646): avc:  denied  { mount } for  pid=4994 comm="syz.2.496" name="/" dev="loop2" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   68.957895][ T4999] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   68.991605][ T4998] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.001405][   T29] audit: type=1400 audit(1754806707.628:1647): avc:  denied  { unmount } for  pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   69.021582][   T29] audit: type=1326 audit(1754806707.648:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.045037][   T29] audit: type=1326 audit(1754806707.648:1649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.068556][   T29] audit: type=1326 audit(1754806707.648:1650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.091887][   T29] audit: type=1326 audit(1754806707.648:1651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.115266][   T29] audit: type=1326 audit(1754806707.648:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.142904][   T29] audit: type=1326 audit(1754806707.648:1653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.148619][ T4998] EXT4-fs mount: 30 callbacks suppressed
[   69.148638][ T4998] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   69.166280][   T29] audit: type=1326 audit(1754806707.648:1654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.207673][   T29] audit: type=1326 audit(1754806707.648:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.3.499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1967ebe9 code=0x7ffc0000
[   69.231529][ T4998] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.258633][ T5009] netlink: 36 bytes leftover after parsing attributes in process `syz.0.502'.
[   69.270721][ T5009] loop0: detected capacity change from 0 to 512
[   69.278912][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   69.293101][ T5009] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   69.316115][ T5011] netlink: 28 bytes leftover after parsing attributes in process `syz.3.504'.
[   69.326666][ T5009] EXT4-fs (loop0): 1 truncate cleaned up
[   69.386325][ T5009] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.470922][ T5032] loop3: detected capacity change from 0 to 512
[   69.474031][ T5030] netlink: 12 bytes leftover after parsing attributes in process `syz.2.510'.
[   69.489350][ T5032] EXT4-fs: Ignoring removed mblk_io_submit option
[   69.495985][ T5032] EXT4-fs: Ignoring removed nomblk_io_submit option
[   69.504218][ T5032] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.512859][ T5032] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   69.526547][ T5035] sd 0:0:1:0: device reset
[   69.574713][ T5032] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.511: Allocating blocks 41-42 which overlap fs metadata
[   69.579907][ T5041] loop5: detected capacity change from 0 to 512
[   69.605116][ T5030] sd 0:0:1:0: device reset
[   69.613055][ T5041] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.626459][ T5032] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.511: Failed to acquire dquot type 1
[   69.639307][ T5037] netlink: 'syz.0.502': attribute type 27 has an invalid length.
[   69.649575][ T5032] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[   69.664294][ T5032] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.511: corrupted inode contents
[   69.680274][ T5041] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   69.680715][ T5032] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.511: mark_inode_dirty error
[   69.704581][ T5041] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.715538][ T5045] loop2: detected capacity change from 0 to 4096
[   69.733660][ T5032] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.511: corrupted inode contents
[   69.749919][ T5045] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.752887][ T3390] usb 1-1: enqueue for inactive port 0
[   69.768184][ T3390] usb 1-1: enqueue for inactive port 0
[   69.770771][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   69.782874][ T5032] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.511: mark_inode_dirty error
[   69.838956][ T3390] vhci_hcd: vhci_device speed not set
[   69.895483][ T5032] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.511: corrupted inode contents
[   69.909496][ T5032] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[   69.924033][ T5032] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.511: corrupted inode contents
[   69.936900][ T5032] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.511: mark_inode_dirty error
[   69.948234][ T5032] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[   69.996682][ T5032] EXT4-fs (loop3): 1 truncate cleaned up
[   70.825124][ T5032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.951983][ T4202] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:16: Failed to release dquot type 1
[   70.973851][ T5055] bridge0: entered promiscuous mode
[   70.988101][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.998946][ T5055] bridge0: port 3(macvlan2) entered blocking state
[   71.005589][ T5055] bridge0: port 3(macvlan2) entered disabled state
[   71.013179][ T5055] macvlan2: entered allmulticast mode
[   71.013547][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.018615][ T5055] bridge0: entered allmulticast mode
[   71.048544][ T5055] macvlan2: left allmulticast mode
[   71.053719][ T5055] bridge0: left allmulticast mode
[   71.075067][ T5055] bridge0: left promiscuous mode
[   71.100427][ T5075] sd 0:0:1:0: device reset
[   71.176511][ T5077] loop5: detected capacity change from 0 to 512
[   71.183529][ T5077] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   71.195803][ T5077] EXT4-fs (loop5): 1 truncate cleaned up
[   71.201816][ T5077] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.380403][ T5090] netlink: 'syz.5.527': attribute type 27 has an invalid length.
[   71.397731][ T5095] loop0: detected capacity change from 0 to 512
[   71.439755][ T5095] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   71.472582][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.508461][ T5095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   71.529873][ T5095] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.581786][ T5110] sd 0:0:1:0: device reset
[   71.588519][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   71.603322][ T5111] loop1: detected capacity change from 0 to 512
[   71.611992][ T5111] ext4: Unknown parameter 'euid<00000000000000000000'
[   72.245346][ T5133] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   72.257649][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.411231][ T5165] loop1: detected capacity change from 0 to 512
[   72.457909][ T5165] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.477182][ T5165] ext4 filesystem being mounted at /133/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   72.595270][ T5178] __nla_validate_parse: 4 callbacks suppressed
[   72.595285][ T5178] netlink: 12 bytes leftover after parsing attributes in process `syz.5.564'.
[   72.639075][ T5178] sd 0:0:1:0: device reset
[   72.728837][ T5183] netlink: 32 bytes leftover after parsing attributes in process `syz.1.560'.
[   72.819860][ T5186] FAULT_INJECTION: forcing a failure.
[   72.819860][ T5186] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.833008][ T5186] CPU: 1 UID: 0 PID: 5186 Comm: syz.5.566 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   72.833041][ T5186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.833057][ T5186] Call Trace:
[   72.833065][ T5186]  <TASK>
[   72.833123][ T5186]  __dump_stack+0x1d/0x30
[   72.833150][ T5186]  dump_stack_lvl+0xe8/0x140
[   72.833181][ T5186]  dump_stack+0x15/0x1b
[   72.833200][ T5186]  should_fail_ex+0x265/0x280
[   72.833289][ T5186]  should_fail+0xb/0x20
[   72.833311][ T5186]  should_fail_usercopy+0x1a/0x20
[   72.833378][ T5186]  _copy_from_user+0x1c/0xb0
[   72.833468][ T5186]  perf_copy_attr+0x145/0x610
[   72.833504][ T5186]  __se_sys_perf_event_open+0x67/0x11c0
[   72.833552][ T5186]  __x64_sys_perf_event_open+0x67/0x80
[   72.833639][ T5186]  x64_sys_call+0x7bd/0x2ff0
[   72.833665][ T5186]  do_syscall_64+0xd2/0x200
[   72.833698][ T5186]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   72.833722][ T5186]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.833780][ T5186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.833806][ T5186] RIP: 0033:0x7f7870e5ebe9
[   72.833824][ T5186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.833880][ T5186] RSP: 002b:00007f786f885038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[   72.833903][ T5186] RAX: ffffffffffffffda RBX: 00007f7871086180 RCX: 00007f7870e5ebe9
[   72.833918][ T5186] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000180
[   72.833929][ T5186] RBP: 00007f786f885090 R08: 0000000000000000 R09: 0000000000000000
[   72.833939][ T5186] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[   72.833950][ T5186] R13: 00007f7871086218 R14: 00007f7871086180 R15: 00007ffc7cb254c8
[   72.833970][ T5186]  </TASK>
[   73.295542][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.456713][ T5204] loop2: detected capacity change from 0 to 512
[   73.468758][ T5204] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   73.500918][ T5204] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   73.524256][ T5204] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.571042][ T5215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.576'.
[   73.598172][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   73.677227][ T5219] loop1: detected capacity change from 0 to 1024
[   73.687452][ T5219] EXT4-fs: Ignoring removed nobh option
[   73.693055][ T5219] EXT4-fs: inline encryption not supported
[   73.716097][ T5227] loop2: detected capacity change from 0 to 512
[   73.741459][ T5227] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   73.757990][ T5219] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.777951][ T5231] netlink: 12 bytes leftover after parsing attributes in process `syz.5.583'.
[   73.789368][ T5219] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.578: Allocating blocks 385-513 which overlap fs metadata
[   73.807477][ T5231] sd 0:0:1:0: device reset
[   73.906793][ T5227] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   73.926017][ T5227] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.037714][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   74.201044][ T5245] loop5: detected capacity change from 0 to 512
[   74.225130][ T5245] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   74.278625][ T5245] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   74.301233][ T5245] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.317674][   T29] kauditd_printk_skb: 475 callbacks suppressed
[   74.317690][   T29] audit: type=1326 audit(1754806712.958:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.351890][   T29] audit: type=1326 audit(1754806712.958:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.375283][   T29] audit: type=1326 audit(1754806712.958:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.398638][   T29] audit: type=1326 audit(1754806712.958:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.422157][   T29] audit: type=1326 audit(1754806712.958:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.445619][   T29] audit: type=1326 audit(1754806712.958:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.469382][   T29] audit: type=1326 audit(1754806712.958:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.492828][   T29] audit: type=1326 audit(1754806712.958:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.495786][ T5218] EXT4-fs (loop1): pa ffff888106e495b0: logic 16, phys. 129, len 24
[   74.516109][   T29] audit: type=1326 audit(1754806712.958:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.524030][ T5218] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   74.547319][   T29] audit: type=1326 audit(1754806712.958:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5250 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe260b0ebe9 code=0x7ffc0000
[   74.668461][ T5253] netlink: 28 bytes leftover after parsing attributes in process `syz.2.591'.
[   74.688629][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   74.698004][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.769542][ T5266] netlink: 12 bytes leftover after parsing attributes in process `syz.5.594'.
[   74.778708][ T5263] syzkaller1: entered promiscuous mode
[   74.783978][ T5268] netlink: 36 bytes leftover after parsing attributes in process `syz.1.597'.
[   74.784205][ T5263] syzkaller1: entered allmulticast mode
[   74.801263][ T5266] sd 0:0:1:0: device reset
[   74.804963][ T5268] loop1: detected capacity change from 0 to 512
[   74.831540][ T5268] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   74.835530][ T5273] netlink: 36 bytes leftover after parsing attributes in process `syz.5.599'.
[   74.855074][ T5268] EXT4-fs (loop1): 1 truncate cleaned up
[   74.861003][ T5273] loop5: detected capacity change from 0 to 512
[   74.867874][ T5268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.881590][ T5273] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   74.900271][ T5273] EXT4-fs (loop5): 1 truncate cleaned up
[   74.906626][ T5273] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.923072][ T5281] netlink: 36 bytes leftover after parsing attributes in process `syz.3.602'.
[   74.937937][ T5281] loop3: detected capacity change from 0 to 512
[   74.944936][ T5281] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   74.972066][ T5284] loop2: detected capacity change from 0 to 1024
[   74.987462][ T5284] EXT4-fs: Ignoring removed nobh option
[   74.993083][ T5284] EXT4-fs: inline encryption not supported
[   75.006116][ T5281] EXT4-fs (loop3): 1 truncate cleaned up
[   75.021490][ T5281] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.037746][ T5287] netlink: 'syz.1.597': attribute type 27 has an invalid length.
[   75.047257][ T5284] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.067521][ T5284] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.603: Allocating blocks 385-513 which overlap fs metadata
[   75.073197][ T5290] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[   75.087858][ T5290] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   75.095445][ T5290] vhci_hcd vhci_hcd.0: Device attached
[   75.177274][ T5290] netlink: 'syz.5.599': attribute type 27 has an invalid length.
[   75.307465][ T5295] netlink: 'syz.3.602': attribute type 27 has an invalid length.
[   75.336973][ T3383] usb 11-1: new low-speed USB device number 2 using vhci_hcd
[   75.682212][ T5291] vhci_hcd: connection reset by peer
[   75.708166][ T4195] vhci_hcd: stop threads
[   75.712461][ T4195] vhci_hcd: release socket
[   75.716953][ T4195] vhci_hcd: disconnect device
[   75.792980][ T5283] EXT4-fs (loop2): pa ffff888106e49540: logic 16, phys. 129, len 24
[   75.801118][ T5283] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   75.859378][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.902765][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.924562][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.930994][ T5301] netlink: 28 bytes leftover after parsing attributes in process `syz.0.606'.
[   75.960676][ T5303] loop1: detected capacity change from 0 to 512
[   75.969133][ T5303] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   75.986138][ T5307] sd 0:0:1:0: device reset
[   75.995851][ T5303] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   76.009634][ T5303] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.070107][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   76.222950][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.551473][ T5349] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   76.929982][ T5368] loop1: detected capacity change from 0 to 512
[   76.936842][ T5368] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   76.948563][ T5368] EXT4-fs (loop1): 1 truncate cleaned up
[   76.954777][ T5368] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.088325][ T5371] netlink: 'syz.1.630': attribute type 27 has an invalid length.
[   77.193129][ T5375] loop5: detected capacity change from 0 to 512
[   77.200119][ T5375] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   77.219736][ T5375] EXT4-fs (loop5): 1 truncate cleaned up
[   77.225961][ T5375] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.324686][ T5383] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   77.379735][ T5384] netlink: 'syz.5.632': attribute type 27 has an invalid length.
[   77.603349][ T5402] loop0: detected capacity change from 0 to 512
[   77.673995][ T5402] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.715578][ T5410] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   77.717119][ T5402] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.896096][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.951023][ T5415] __nla_validate_parse: 5 callbacks suppressed
[   77.951046][ T5415] netlink: 32 bytes leftover after parsing attributes in process `syz.0.643'.
[   78.135895][ T5420] netlink: 132 bytes leftover after parsing attributes in process `syz.1.649'.
[   78.378306][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.463482][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.523270][ T5439] loop0: detected capacity change from 0 to 1024
[   78.530433][ T5439] EXT4-fs: Ignoring removed nobh option
[   78.536026][ T5439] EXT4-fs: inline encryption not supported
[   78.554436][ T5439] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.579783][ T5439] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.657: Allocating blocks 385-513 which overlap fs metadata
[   78.694527][ T5447] netlink: 36 bytes leftover after parsing attributes in process `syz.5.659'.
[   78.706399][ T5447] loop5: detected capacity change from 0 to 512
[   78.713226][ T5447] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   78.724761][ T5447] EXT4-fs (loop5): 1 truncate cleaned up
[   78.731696][ T5447] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.886320][ T5458] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[   78.892983][ T5458] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   78.900588][ T5458] vhci_hcd vhci_hcd.0: Device attached
[   78.921881][ T5461] netlink: 12 bytes leftover after parsing attributes in process `syz.3.662'.
[   78.927710][ T5458] netlink: 'syz.5.659': attribute type 27 has an invalid length.
[   78.960820][ T5463] loop3: detected capacity change from 0 to 512
[   78.979417][ T5463] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.993142][ T5463] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   79.207821][ T5467] netlink: 32 bytes leftover after parsing attributes in process `syz.3.663'.
[   79.333592][   T29] kauditd_printk_skb: 92 callbacks suppressed
[   79.333610][   T29] audit: type=1326 audit(1754806717.968:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.365538][ T5438] EXT4-fs (loop0): pa ffff888106e49070: logic 16, phys. 129, len 24
[   79.373596][ T5438] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   79.549720][   T29] audit: type=1326 audit(1754806718.028:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.573174][   T29] audit: type=1326 audit(1754806718.028:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.596583][   T29] audit: type=1326 audit(1754806718.028:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.620059][   T29] audit: type=1326 audit(1754806718.028:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.643369][   T29] audit: type=1326 audit(1754806718.028:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.666685][   T29] audit: type=1326 audit(1754806718.038:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.690117][   T29] audit: type=1326 audit(1754806718.038:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.713438][   T29] audit: type=1326 audit(1754806718.038:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.736820][   T29] audit: type=1326 audit(1754806718.038:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5468 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f172e53ebe9 code=0x7ffc0000
[   79.760761][ T5459] vhci_hcd: connection closed
[   79.767147][ T4228] vhci_hcd: stop threads
[   79.776714][ T4228] vhci_hcd: release socket
[   79.781211][ T4228] vhci_hcd: disconnect device
[   79.839956][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.849478][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.922213][ T5484] loop2: detected capacity change from 0 to 512
[   80.057357][ T5484] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.074243][ T5484] ext4 filesystem being mounted at /127/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   80.097710][ T5494] usb usb8: usbfs: process 5494 (syz.0.673) did not claim interface 7 before use
[   80.229765][ T5501] loop0: detected capacity change from 0 to 1024
[   80.247752][ T5501] EXT4-fs: Ignoring removed nobh option
[   80.253437][ T5501] EXT4-fs: inline encryption not supported
[   80.263205][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.280734][ T5501] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.377577][ T5510] netlink: 32 bytes leftover after parsing attributes in process `syz.2.671'.
[   80.397034][ T3383] usb 11-1: enqueue for inactive port 0
[   81.051042][ T5513] netlink: 84 bytes leftover after parsing attributes in process `syz.1.679'.
[   81.090870][ T5501] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.676: Allocating blocks 385-513 which overlap fs metadata
[   81.109708][ T5513] loop1: detected capacity change from 0 to 512
[   81.125614][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.139630][ T5513] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   81.186631][ T5513] EXT4-fs error (device loop1): xattr_find_entry:333: inode #15: comm syz.1.679: corrupted xattr entries
[   81.200680][ T5513] EXT4-fs (loop1): 1 truncate cleaned up
[   81.211932][ T5513] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.226106][ T3383] usb 11-1: enqueue for inactive port 0
[   81.296976][ T3383] vhci_hcd: vhci_device speed not set
[   81.392299][ T5500] EXT4-fs (loop0): pa ffff888106e49310: logic 16, phys. 129, len 24
[   81.392337][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.400506][ T5500] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   81.419612][ T5527] netlink: 64 bytes leftover after parsing attributes in process `syz.2.684'.
[   81.476676][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.486826][ T5536] netlink: 'syz.5.687': attribute type 1 has an invalid length.
[   81.582984][ T5541] netlink: 36 bytes leftover after parsing attributes in process `syz.5.690'.
[   81.596230][ T5541] loop5: detected capacity change from 0 to 512
[   81.616312][ T5545] loop1: detected capacity change from 0 to 128
[   81.629871][ T5544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.688'.
[   81.630550][ T5541] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   81.657023][ T5541] EXT4-fs (loop5): 1 truncate cleaned up
[   81.664525][ T5541] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.686290][ T5549] loop2: detected capacity change from 0 to 512
[   81.705085][ T5549] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   81.727155][ T5550] bio_check_eod: 21 callbacks suppressed
[   81.727226][ T5550] syz.1.689: attempt to access beyond end of device
[   81.727226][ T5550] loop1: rw=2049, sector=153, nr_sectors = 8 limit=128
[   81.760123][ T5549] EXT4-fs (loop2): 1 truncate cleaned up
[   81.760307][ T5550] syz.1.689: attempt to access beyond end of device
[   81.760307][ T5550] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128
[   81.783664][ T5549] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.801373][ T5550] syz.1.689: attempt to access beyond end of device
[   81.801373][ T5550] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128
[   81.818624][ T5550] syz.1.689: attempt to access beyond end of device
[   81.818624][ T5550] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128
[   81.832178][ T5550] syz.1.689: attempt to access beyond end of device
[   81.832178][ T5550] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128
[   81.845706][ T5550] syz.1.689: attempt to access beyond end of device
[   81.845706][ T5550] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128
[   81.867623][ T5550] syz.1.689: attempt to access beyond end of device
[   81.867623][ T5550] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128
[   81.882057][ T5550] syz.1.689: attempt to access beyond end of device
[   81.882057][ T5550] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128
[   81.898318][ T5555] loop3: detected capacity change from 0 to 512
[   81.902006][ T5559] netlink: 'syz.5.690': attribute type 27 has an invalid length.
[   81.913631][ T5550] syz.1.689: attempt to access beyond end of device
[   81.913631][ T5550] loop1: rw=2049, sector=281, nr_sectors = 8 limit=128
[   81.933656][ T5565] netlink: 'syz.2.691': attribute type 27 has an invalid length.
[   81.944541][ T5555] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.947547][ T5550] syz.1.689: attempt to access beyond end of device
[   81.947547][ T5550] loop1: rw=2049, sector=297, nr_sectors = 8 limit=128
[   81.957254][ T5555] ext4 filesystem being mounted at /143/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   82.028923][ T5569] loop1: detected capacity change from 0 to 1024
[   82.036103][ T5569] EXT4-fs: Ignoring removed nobh option
[   82.042685][ T5569] EXT4-fs: Ignoring removed bh option
[   82.063701][ T5569] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.180883][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.465861][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.504541][ T5589] FAULT_INJECTION: forcing a failure.
[   82.504541][ T5589] name failslab, interval 1, probability 0, space 0, times 0
[   82.517284][ T5589] CPU: 0 UID: 0 PID: 5589 Comm: syz.2.702 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   82.517321][ T5589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   82.517344][ T5589] Call Trace:
[   82.517350][ T5589]  <TASK>
[   82.517357][ T5589]  __dump_stack+0x1d/0x30
[   82.517378][ T5589]  dump_stack_lvl+0xe8/0x140
[   82.517403][ T5589]  dump_stack+0x15/0x1b
[   82.517424][ T5589]  should_fail_ex+0x265/0x280
[   82.517467][ T5589]  should_failslab+0x8c/0xb0
[   82.517506][ T5589]  kmem_cache_alloc_noprof+0x50/0x310
[   82.517535][ T5589]  ? skb_clone+0x151/0x1f0
[   82.517557][ T5589]  skb_clone+0x151/0x1f0
[   82.517585][ T5589]  __netlink_deliver_tap+0x2c9/0x500
[   82.517618][ T5589]  netlink_dump+0x836/0x8a0
[   82.517651][ T5589]  netlink_recvmsg+0x420/0x550
[   82.517681][ T5589]  ? __pfx_netlink_recvmsg+0x10/0x10
[   82.517800][ T5589]  sock_recvmsg+0x139/0x170
[   82.517842][ T5589]  ____sys_recvmsg+0xf5/0x280
[   82.517916][ T5589]  ___sys_recvmsg+0x11f/0x370
[   82.517947][ T5589]  do_recvmmsg+0x1ef/0x540
[   82.517975][ T5589]  ? fput+0x8f/0xc0
[   82.518084][ T5589]  __x64_sys_recvmmsg+0xe5/0x170
[   82.518109][ T5589]  x64_sys_call+0x27a6/0x2ff0
[   82.518130][ T5589]  do_syscall_64+0xd2/0x200
[   82.518210][ T5589]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   82.518235][ T5589]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   82.518259][ T5589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.518308][ T5589] RIP: 0033:0x7fe260b0ebe9
[   82.518322][ T5589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.518341][ T5589] RSP: 002b:00007fe25f56f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   82.518361][ T5589] RAX: ffffffffffffffda RBX: 00007fe260d35fa0 RCX: 00007fe260b0ebe9
[   82.518374][ T5589] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003
[   82.518419][ T5589] RBP: 00007fe25f56f090 R08: 0000000000000000 R09: 0000000000000000
[   82.518431][ T5589] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[   82.518444][ T5589] R13: 00007fe260d36038 R14: 00007fe260d35fa0 R15: 00007ffdf20a7a18
[   82.518462][ T5589]  </TASK>
[   82.778248][ T4461] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.789155][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.921226][ T5614] loop2: detected capacity change from 0 to 512
[   82.946223][ T5614] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   82.979144][ T5614] EXT4-fs (loop2): 1 truncate cleaned up
[   82.985015][ T5623] loop0: detected capacity change from 0 to 1024
[   82.985293][ T5614] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.006199][ T5623] EXT4-fs: Ignoring removed nobh option
[   83.011887][ T5623] EXT4-fs: inline encryption not supported
[   83.064133][ T5623] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.090419][ T5635] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   83.099002][ T5623] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.717: Allocating blocks 385-513 which overlap fs metadata
[   83.131149][ T5640] FAULT_INJECTION: forcing a failure.
[   83.131149][ T5640] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   83.144280][ T5640] CPU: 1 UID: 0 PID: 5640 Comm: syz.5.723 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   83.144328][ T5640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   83.144340][ T5640] Call Trace:
[   83.144347][ T5640]  <TASK>
[   83.144353][ T5640]  __dump_stack+0x1d/0x30
[   83.144375][ T5640]  dump_stack_lvl+0xe8/0x140
[   83.144395][ T5640]  dump_stack+0x15/0x1b
[   83.144443][ T5640]  should_fail_ex+0x265/0x280
[   83.144466][ T5640]  should_fail+0xb/0x20
[   83.144527][ T5640]  should_fail_usercopy+0x1a/0x20
[   83.144550][ T5640]  _copy_from_user+0x1c/0xb0
[   83.144590][ T5640]  ___sys_recvmsg+0xaa/0x370
[   83.144613][ T5640]  ? 0xffffffff81000000
[   83.144626][ T5640]  ? __rcu_read_unlock+0x4f/0x70
[   83.144658][ T5640]  __x64_sys_recvmsg+0xd1/0x160
[   83.144728][ T5640]  x64_sys_call+0x2b42/0x2ff0
[   83.144750][ T5640]  do_syscall_64+0xd2/0x200
[   83.144783][ T5640]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   83.144808][ T5640]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   83.144837][ T5640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.144859][ T5640] RIP: 0033:0x7f7870e5ebe9
[   83.144874][ T5640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.144893][ T5640] RSP: 002b:00007f786f8c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   83.144912][ T5640] RAX: ffffffffffffffda RBX: 00007f7871085fa0 RCX: 00007f7870e5ebe9
[   83.144925][ T5640] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[   83.145051][ T5640] RBP: 00007f786f8c7090 R08: 0000000000000000 R09: 0000000000000000
[   83.145064][ T5640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   83.145076][ T5640] R13: 00007f7871086038 R14: 00007f7871085fa0 R15: 00007ffc7cb254c8
[   83.145096][ T5640]  </TASK>
[   83.329191][ T5638] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[   83.335846][ T5638] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   83.343401][ T5638] vhci_hcd vhci_hcd.0: Device attached
[   83.348961][ T5644] netlink: 'syz.2.713': attribute type 27 has an invalid length.
[   83.459055][ T5648] __nla_validate_parse: 3 callbacks suppressed
[   83.459075][ T5648] netlink: 12 bytes leftover after parsing attributes in process `syz.5.724'.
[   83.513109][ T5648] sd 0:0:1:0: device reset
[   83.597379][ T3383] usb 5-1: new low-speed USB device number 3 using vhci_hcd
[   83.804294][ T5619] EXT4-fs (loop0): pa ffff888106dd0850: logic 16, phys. 129, len 24
[   83.812400][ T5619] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   83.837582][ T5641] vhci_hcd: connection reset by peer
[   83.843977][ T4231] vhci_hcd: stop threads
[   83.848356][ T4231] vhci_hcd: release socket
[   83.852802][ T4231] vhci_hcd: disconnect device
[   83.852885][ T5664] loop1: detected capacity change from 0 to 2048
[   83.908325][ T5664]  loop1: p3 < > p4 < >
[   83.912627][ T5664] loop1: partition table partially beyond EOD, truncated
[   83.927424][ T5664] loop1: p3 start 4284289 is beyond EOD, truncated
[   83.937027][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.037707][ T5682] netlink: 36 bytes leftover after parsing attributes in process `syz.5.738'.
[   84.053484][ T5682] loop5: detected capacity change from 0 to 512
[   84.061340][ T5682] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   84.080915][ T5682] EXT4-fs (loop5): 1 truncate cleaned up
[   84.087522][ T5682] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.268618][ T5682] ==================================================================
[   84.276750][ T5682] BUG: KCSAN: data-race in page_cache_sync_ra / page_cache_sync_ra
[   84.284700][ T5682] 
[   84.287036][ T5682] write to 0xffff8881227add50 of 8 bytes by task 5685 on cpu 0:
[   84.294677][ T5682]  page_cache_sync_ra+0x434/0x6c0
[   84.299737][ T5682]  filemap_get_pages+0x2d0/0x1150
[   84.304769][ T5682]  filemap_splice_read+0x3a9/0x740
[   84.309891][ T5682]  ext4_file_splice_read+0x8f/0xb0
[   84.315024][ T5682]  splice_direct_to_actor+0x26f/0x680
[   84.320494][ T5682]  do_splice_direct+0xda/0x150
[   84.325287][ T5682]  do_sendfile+0x380/0x650
[   84.329722][ T5682]  __x64_sys_sendfile64+0x105/0x150
[   84.334951][ T5682]  x64_sys_call+0x2bb0/0x2ff0
[   84.339635][ T5682]  do_syscall_64+0xd2/0x200
[   84.344160][ T5682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.350066][ T5682] 
[   84.352396][ T5682] write to 0xffff8881227add50 of 8 bytes by task 5682 on cpu 1:
[   84.360025][ T5682]  page_cache_sync_ra+0x434/0x6c0
[   84.365069][ T5682]  filemap_get_pages+0x2d0/0x1150
[   84.370105][ T5682]  filemap_splice_read+0x3a9/0x740
[   84.375222][ T5682]  ext4_file_splice_read+0x8f/0xb0
[   84.380355][ T5682]  splice_direct_to_actor+0x26f/0x680
[   84.385737][ T5682]  do_splice_direct+0xda/0x150
[   84.390508][ T5682]  do_sendfile+0x380/0x650
[   84.394950][ T5682]  __x64_sys_sendfile64+0x105/0x150
[   84.400160][ T5682]  x64_sys_call+0x2bb0/0x2ff0
[   84.404851][ T5682]  do_syscall_64+0xd2/0x200
[   84.409372][ T5682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.415275][ T5682] 
[   84.417596][ T5682] value changed: 0x0000000000000000 -> 0x0000000000000001
[   84.424704][ T5682] 
[   84.427025][ T5682] Reported by Kernel Concurrency Sanitizer on:
[   84.433175][ T5682] CPU: 1 UID: 0 PID: 5682 Comm: syz.5.738 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[   84.445165][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   84.455224][ T5682] ==================================================================
[   84.493888][ T5687] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[   84.500535][ T5687] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   84.508078][ T5687] vhci_hcd vhci_hcd.0: Device attached
[   84.517392][ T5687] netlink: 'syz.5.738': attribute type 27 has an invalid length.
[   84.756925][ T3390] usb 11-1: new low-speed USB device number 3 using vhci_hcd
[   84.882283][ T5688] vhci_hcd: connection reset by peer
[   84.896945][ T4207] vhci_hcd: stop threads
[   84.901257][ T4207] vhci_hcd: release socket
[   84.905737][ T4207] vhci_hcd: disconnect device
[   88.627265][ T3383] usb 5-1: enqueue for inactive port 0
[   88.632898][ T3383] usb 5-1: enqueue for inactive port 0
[   88.706986][ T3383] vhci_hcd: vhci_device speed not set
[   89.826945][ T3390] usb 11-1: enqueue for inactive port 0
[   89.832544][ T3390] usb 11-1: enqueue for inactive port 0
[   89.907312][ T3390] vhci_hcd: vhci_device speed not set