last executing test programs:

2.465016512s ago: executing program 2 (id=582):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x30}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket(0x2, 0x80805, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x28}, [0xffffff00, 0xffffff00, 0x0, 0xff000000], [0xff, 0x0, 0x9f19fd7a5e924fa7, 0xff], 'macvtap0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x2b, 0x7, 0x5, 0x10}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@tcpmss={{0x28}, {0x39d3, 0x9, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000140)={'full'}, 0xfffffdef)
connect$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x2, 0x4, 0x20, 0x2, @multicast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0) (fail_nth: 8)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000000d0800000000000000000100070000"], 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x40004)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd09032800050030000000600000001228290081e949b93897bc3b0000000040007d01ff020000000000000000000000000001"], 0xfdef)
socket$nl_route(0x10, 0x3, 0x0)

1.704840024s ago: executing program 2 (id=591):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0x2, 0x2, 0x700}]}}]}, 0x48}}, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000140)={0x0, 0x1, 0xbc, r4, 0x9}, 0xc)
r5 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
fcntl$setsig(r5, 0xa, 0x13)
fcntl$setlease(r5, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x7f, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_emit_ethernet(0x2e, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @broadcast}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e22, @private=0xa010102}]}, &(0x7f00000002c0)=0x10)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x5}, 0x3}, 0x1c)
shutdown(r2, 0x1)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0xd, 0x10, 0x5, 0x4, 0xff, 0x7, 0x5, 0x7, 0x4c, 0x5, 0x8, 0x6}, 0xe)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x400000000000004)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4)
writev(r7, &(0x7f0000000100)=[{&(0x7f00000001c0)="480000001400190d7ebdeb75fd0d9c562c84d8c033aae421962ea6ff3cd3c461ebe430a2ed7a80ffe0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6", 0x48}], 0x1)

1.704330484s ago: executing program 0 (id=592):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x68f}, 0x18)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

1.649200484s ago: executing program 0 (id=594):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509010000000000852000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2])
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000004c0))

1.547439986s ago: executing program 0 (id=597):
prctl$PR_SET_NAME(0xf, &(0x7f0000000300)='\x04\x00\x00\x00\x00^\xf6jAc')
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xa, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x70, @void, @value}, 0x94)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000007200080025fd8341bd7000fddbdf2507000000", @ANYRES32=r4], 0x18}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r4, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f0000000000), 0x400000000000235, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x70, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fcntl$getflags(0xffffffffffffffff, 0x40a)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r6}, 0x10)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000100023ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000010560100300012800b000100697036746e6c0000200002801400020000000000000000000000ffffac14142a0500090029000000080004000005"], 0x58}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
close_range(r8, 0xffffffffffffffff, 0x0)

1.147311722s ago: executing program 0 (id=602):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x2000000000}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000440)={0x0, r0}, 0x8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x405, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r5, 0x0, 0x200000000000006}, 0x18)
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket(0x10, 0x3, 0x9)
sendmsg$inet(r2, &(0x7f0000000740)={&(0x7f0000000480)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000540)="e7bd92e51ab627cd94de03b1b7af6f4f2da3", 0x12}], 0x1, &(0x7f0000000700)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}], 0x18}, 0x4)
sendmsg$NFT_BATCH(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=ANY=[@ANYBLOB="140000005304"], 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)
r9 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r9, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r9, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c2879", 0x22}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd64", 0xb8}], 0x2}}], 0x2, 0xc0)
setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r9, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

758.515918ms ago: executing program 1 (id=617):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x68f}, 0x18)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

756.973958ms ago: executing program 2 (id=618):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000004c0))

734.641219ms ago: executing program 1 (id=619):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

726.977349ms ago: executing program 4 (id=621):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x5, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b00)=@newtfilter={0x190, 0x2c, 0xd27, 0x70bd25, 0x7ffd, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x160, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x114, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffc1e, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40006}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x0, 0x3, 0xe}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x17}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x22}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x0, 0x2, 0x93}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x2e}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80}, 0x800)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r7, 0x84, 0x1b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0x20d, @dev={0xfe, 0x80, '\x00', 0x40}, 0x6}], 0x1)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4800)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)

704.198309ms ago: executing program 2 (id=622):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x5, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b00)=@newtfilter={0x190, 0x2c, 0xd27, 0x70bd25, 0x7ffd, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x160, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x114, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffc1e, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40006}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x0, 0x3, 0xe}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x17}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x22}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x0, 0x2, 0x93}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x2e}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80}, 0x800)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r7, 0x84, 0x1b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0x20d, @dev={0xfe, 0x80, '\x00', 0x40}, 0x6}], 0x1)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4800)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)

670.956259ms ago: executing program 1 (id=623):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
syz_read_part_table(0x104f, &(0x7f0000001dc0)="$eJzsz7sNwkAQBNA5/JEJ6IGm6AcHtEJACyR0RAcYnX0BDSCE9F6wq52b5MJP3fd1dkmpe0qGJY9Sr/6jdaitea1k17JlyJCpP16nrp6v7TVl3Paz1VqceZ3nfrx0pYUlp9u3/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+AdAAD//zvjCaY=")
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000140)={'netdevsim0\x00', @random="5782c1980277"})
syz_open_dev$vcsu(&(0x7f0000000000), 0x800, 0x20040)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc8}}, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20)
sendmsg$NFT_BATCH(r2, 0x0, 0x880)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'netdevsim0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000b000000010000000200000000000000", @ANYRES32, @ANYBLOB="0007000000e9baed4cd3b1cf7d2d6e48b817b376", @ANYRES32=r5, @ANYRES32, @ANYBLOB="0000000002"], 0x50)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
unshare(0x2c020400)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=<r6=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xffbffc00, 0x0, 0x4)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x2, 0x400000000000003, 0x20, 0x0, 0x13, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x3, 0x0, 0x0, 0x100000000000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @rand_addr=0x64010100}}, @sadb_lifetime={0x4, 0x4, 0x0, 0xfffffffffffffffe}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @broadcast}}, @sadb_x_sec_ctx={0x1, 0x18, 0x5, 0x5f}]}, 0x98}}, 0x0)

552.010272ms ago: executing program 2 (id=626):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x68f}, 0x18)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

524.798112ms ago: executing program 4 (id=627):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x2, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f00000006c0), 0x5, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

518.522052ms ago: executing program 3 (id=628):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r3], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

496.128482ms ago: executing program 2 (id=629):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0x2, 0x2, 0x700}]}}]}, 0x48}}, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000140)={0x0, 0x1, 0xbc, r2, 0x9}, 0xc)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
fcntl$setsig(r3, 0xa, 0x13)
fcntl$setlease(r3, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x7f, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_emit_ethernet(0x2e, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @broadcast}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e22, @private=0xa010102}]}, &(0x7f00000002c0)=0x10)
sendto$inet6(r0, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x5}, 0x3}, 0x1c)

492.444562ms ago: executing program 3 (id=630):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)

452.511043ms ago: executing program 4 (id=631):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000800)=ANY=[@ANYBLOB="4400000010003704000000000000000069000000", @ANYRES32=0x0, @ANYBLOB="8304050000000000240012800e000100697036677265746170000000100002800400120008000d00090000"], 0x44}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
pipe2(&(0x7f0000001cc0), 0x800)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018000000000000000000000080ff00006500000000000000180000000000cd207c0000000000000095000400"/80], &(0x7f0000000000)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x9)
close(0xffffffffffffffff)
socket(0x27, 0x1, 0x8)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r5, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r7}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

409.251663ms ago: executing program 3 (id=632):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000004c0))

388.838894ms ago: executing program 4 (id=633):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYRES64], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x20000026, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000380), 0x14000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r2}, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
move_mount(r3, 0x0, r3, &(0x7f0000000080)='./mnt\x00', 0x154)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x800, 0x1, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0))

347.801375ms ago: executing program 0 (id=634):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='xprtrdma_post_send\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
munlockall()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0)
writev(r1, &(0x7f0000000480)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000140)="139776ff030370", 0x7}, {&(0x7f0000000700)="f34563fad3788f962da090c5ab351de95e6c84c7a02808f6c3794bee057fe9a5c1250a3ffa5c1de06e69f586a1c05938bbe5e16c2bc77e229688c0c6b69d73250823f8a2c9cc3ac7fa9fe023f1be69049a42fcace81df9b9e155407f681b0c49a20941b6d2103b72d4c0d3a7b70e7ac63fa6e25dd0eed08b036069e52abba411cb7992c8955a786ae05912e949fe20be8d454841a652aadc02529f6ccd7982e43d4a45897e36593424a335ff8954de87658b6ffeb2cb40f577277152fd69891184982345dcc03da7c966c70cd5660d8421f11ad86e6b3148054a334b0803e88582", 0xe1}, {&(0x7f0000000240)="a2671b1599b12aa8fac6aef03a233ff1623b7b325b2fbd03755ff609e6a22dd8008a498836e5d797019e65f6597db44ba4", 0x31}, {&(0x7f0000000880)="84bbfcfd856a69ddc567aed96a08a3fd984c86ba2b0801f90549f282c537f9ecc68a2d6f3c242965c92b9958b037eca4d3e06e0646ecf5292c87fc7315a8c4dcedb62e08bec2933e83a225b737e2cb8acce87bc9fe0a89c7688d96bb7becc97c886988ff41e802e5e861a930398807602c0ba4d9d68ec9061c1782aaaec9744264add43aeb2105ae5846b492af2ee499af19c078e176d4bf690c410204dcc1f3ad19054fbccdf49a382f33efb4fedc2d3b85f69391cc8a9be0125ee48e0797cfab0860ed15a56e5f444f550475110874ba9708ad732e542632720c6ffffef486f64b", 0xe2}], 0x5)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0)
syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)
capget(&(0x7f00000014c0)={0x20080522}, &(0x7f0000001500)={0x9, 0x4, 0x2, 0x2, 0x4, 0xe})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x44, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x880)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002000500000014000600ff0100"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

347.370024ms ago: executing program 3 (id=635):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

344.250774ms ago: executing program 1 (id=636):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x10007, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0}) (fail_nth: 4)

271.045456ms ago: executing program 0 (id=637):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x5, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b00)=@newtfilter={0x190, 0x2c, 0xd27, 0x70bd25, 0x7ffd, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x160, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x114, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffc1e, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x40006}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x0, 0x3, 0xe}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x17}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x22}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x0, 0x2, 0x93}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x2e}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80}, 0x800)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r7, 0x84, 0x1b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0x20d, @dev={0xfe, 0x80, '\x00', 0x40}, 0x6}], 0x1)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4800)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)

46.623149ms ago: executing program 1 (id=638):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x2, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f00000006c0), 0x5, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

46.127609ms ago: executing program 3 (id=639):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x68f}, 0x18)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

41.355609ms ago: executing program 4 (id=640):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000000000000000180100", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r3], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

34.307119ms ago: executing program 1 (id=641):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES8=r0], 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000016f92fcff6997300000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd88500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='*\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fcdbdf251100000008000300", @ANYRES32=r5, @ANYBLOB="0c009900020000000b000000"], 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x3a, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYRES8=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffdfc, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$selinux_context(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x1)
r7 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000006c8b, 0x37}, 0x7, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="003d8684540000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r8}, &(0x7f00000003c0), &(0x7f00000001c0)=r7}, 0x20)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x10)
write$selinux_context(r6, &(0x7f00000002c0)='system_u:object_r:crypt_device_t:s0\x00', 0x24)

835.78µs ago: executing program 4 (id=642):
r0 = accept4(0xffffffffffffffff, &(0x7f0000000240)=@nfc, &(0x7f00000002c0)=0x80, 0x80000)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000600)=""/192, 0xc0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0x9}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21045e, &(0x7f0000001400), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000001c0), 0x202, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x5)
keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000020000/0x3000)=nil, 0x3000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

0s ago: executing program 3 (id=643):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1})
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x7})
fcntl$lock(r0, 0x25, &(0x7f0000000140)={0x2, 0x2, 0x5, 0x80000000})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r1}, 0x8)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000fedbdf2508000000180002801400038010000180040003000800010005", @ANYRES32=r6], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

kernel console output (not intermixed with test programs):

v0: Interface activated: batadv_slave_1
[   31.580937][ T3312] veth0_vlan: entered promiscuous mode
[   31.602305][ T3306] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.611190][ T3306] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.619979][ T3306] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.621538][ T3314] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   31.628721][ T3306] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.658458][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.688161][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.703301][ T3477] FAULT_INJECTION: forcing a failure.
[   31.703301][ T3477] name failslab, interval 1, probability 0, space 0, times 1
[   31.707179][ T3312] veth1_vlan: entered promiscuous mode
[   31.716099][ T3477] CPU: 1 UID: 0 PID: 3477 Comm: syz.2.3 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   31.716139][ T3477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   31.716160][ T3477] Call Trace:
[   31.716169][ T3477]  <TASK>
[   31.716179][ T3477]  __dump_stack+0x1d/0x30
[   31.716236][ T3477]  dump_stack_lvl+0xe8/0x140
[   31.716295][ T3477]  dump_stack+0x15/0x1b
[   31.716317][ T3477]  should_fail_ex+0x265/0x280
[   31.716359][ T3477]  should_failslab+0x8c/0xb0
[   31.716391][ T3477]  __kmalloc_noprof+0xa5/0x3e0
[   31.716553][ T3477]  ? memcg_list_lru_alloc+0x195/0x490
[   31.716643][ T3477]  memcg_list_lru_alloc+0x195/0x490
[   31.716693][ T3477]  __memcg_slab_post_alloc_hook+0x1a7/0x580
[   31.716763][ T3477]  kmem_cache_alloc_lru_noprof+0x229/0x310
[   31.716877][ T3477]  ? shmem_alloc_inode+0x34/0x50
[   31.716905][ T3477]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   31.716931][ T3477]  shmem_alloc_inode+0x34/0x50
[   31.716956][ T3477]  alloc_inode+0x3d/0x170
[   31.717000][ T3477]  new_inode+0x1d/0xe0
[   31.717093][ T3477]  shmem_get_inode+0x244/0x750
[   31.717121][ T3477]  __shmem_file_setup+0x113/0x210
[   31.717236][ T3477]  shmem_file_setup+0x3b/0x50
[   31.717297][ T3477]  __se_sys_memfd_create+0x2c3/0x590
[   31.717341][ T3477]  __x64_sys_memfd_create+0x31/0x40
[   31.717383][ T3477]  x64_sys_call+0x122f/0x2fb0
[   31.717427][ T3477]  do_syscall_64+0xd2/0x200
[   31.717472][ T3477]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   31.717508][ T3477]  ? clear_bhb_loop+0x40/0x90
[   31.717527][ T3477]  ? clear_bhb_loop+0x40/0x90
[   31.717547][ T3477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   31.717595][ T3477] RIP: 0033:0x7fe4891ae929
[   31.717624][ T3477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   31.717649][ T3477] RSP: 002b:00007fe487816d68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   31.717679][ T3477] RAX: ffffffffffffffda RBX: 00000000000005df RCX: 00007fe4891ae929
[   31.717696][ T3477] RDX: 00007fe487816dec RSI: 0000000000000000 RDI: 00007fe4892314cc
[   31.717713][ T3477] RBP: 0000200000000000 R08: 00007fe487816b07 R09: 0000000000000000
[   31.717731][ T3477] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[   31.717747][ T3477] R13: 00007fe487816dec R14: 00007fe487816df0 R15: 00007fff45ace228
[   31.717770][ T3477]  </TASK>
[   31.898469][   T29] kauditd_printk_skb: 27 callbacks suppressed
[   31.898548][   T29] audit: type=1326 audit(1749993298.766:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   31.920089][ T3312] veth0_macvtap: entered promiscuous mode
[   31.923751][ T3312] veth1_macvtap: entered promiscuous mode
[   31.965841][   T29] audit: type=1326 audit(1749993298.796:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.019075][   T29] audit: type=1326 audit(1749993298.796:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.042181][   T29] audit: type=1326 audit(1749993298.796:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.068369][   T29] audit: type=1326 audit(1749993298.856:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.072773][ T3311] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.091650][   T29] audit: type=1326 audit(1749993298.856:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.100488][ T3311] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.123517][   T29] audit: type=1326 audit(1749993298.856:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.132376][ T3311] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.155445][   T29] audit: type=1326 audit(1749993298.856:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.164242][ T3311] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.187240][   T29] audit: type=1326 audit(1749993298.856:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.187275][   T29] audit: type=1326 audit(1749993298.856:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe4891ae929 code=0x7ffc0000
[   32.227609][ T3484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8'.
[   32.277941][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.303906][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.328265][ T3312] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.337149][ T3312] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.346077][ T3312] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.354931][ T3312] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.395449][ T3492] tipc: Started in network mode
[   32.400535][ T3492] tipc: Node identity de806547194f, cluster identity 4711
[   32.407790][ T3492] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   32.419311][ T3484] syz.2.8 (3484) used greatest stack depth: 10192 bytes left
[   32.445865][ T3492] syzkaller0: entered promiscuous mode
[   32.451638][ T3492] syzkaller0: entered allmulticast mode
[   32.477697][ T3492] tipc: Resetting bearer <eth:syzkaller0>
[   32.512674][ T3501] FAULT_INJECTION: forcing a failure.
[   32.512674][ T3501] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   32.526213][ T3501] CPU: 1 UID: 0 PID: 3501 Comm: syz.2.10 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   32.526244][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   32.526260][ T3501] Call Trace:
[   32.526266][ T3501]  <TASK>
[   32.526275][ T3501]  __dump_stack+0x1d/0x30
[   32.526330][ T3499] loop0: detected capacity change from 0 to 1024
[   32.526369][ T3501]  dump_stack_lvl+0xe8/0x140
[   32.526396][ T3501]  dump_stack+0x15/0x1b
[   32.526418][ T3501]  should_fail_ex+0x265/0x280
[   32.526463][ T3501]  should_fail+0xb/0x20
[   32.526517][ T3501]  should_fail_usercopy+0x1a/0x20
[   32.526572][ T3501]  strncpy_from_user+0x25/0x230
[   32.526604][ T3501]  ? kmem_cache_alloc_noprof+0x186/0x310
[   32.526703][ T3501]  ? getname_flags+0x80/0x3b0
[   32.526813][ T3501]  getname_flags+0xae/0x3b0
[   32.526844][ T3501]  __x64_sys_link+0x33/0x70
[   32.526942][ T3501]  x64_sys_call+0x2af9/0x2fb0
[   32.526972][ T3501]  do_syscall_64+0xd2/0x200
[   32.526995][ T3501]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   32.527046][ T3501]  ? clear_bhb_loop+0x40/0x90
[   32.527139][ T3501]  ? clear_bhb_loop+0x40/0x90
[   32.527174][ T3501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   32.527204][ T3501] RIP: 0033:0x7fe4891ae929
[   32.527224][ T3501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   32.527282][ T3501] RSP: 002b:00007fe487817038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[   32.527306][ T3501] RAX: ffffffffffffffda RBX: 00007fe4893d5fa0 RCX: 00007fe4891ae929
[   32.527404][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000300
[   32.527419][ T3501] RBP: 00007fe487817090 R08: 0000000000000000 R09: 0000000000000000
[   32.527435][ T3501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   32.527451][ T3501] R13: 0000000000000001 R14: 00007fe4893d5fa0 R15: 00007fff45ace228
[   32.527476][ T3501]  </TASK>
[   32.573385][ T3506] loop2: detected capacity change from 0 to 1024
[   32.587132][ T3499] EXT4-fs: Ignoring removed orlov option
[   32.623021][ T3491] tipc: Resetting bearer <eth:syzkaller0>
[   32.627353][ T3507] Zero length message leads to an empty skb
[   32.631757][ T3506] EXT4-fs: Ignoring removed orlov option
[   32.719470][ T3499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.726430][ T3506] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.776068][ T3491] tipc: Disabling bearer <eth:syzkaller0>
[   32.810559][ T3513] loop1: detected capacity change from 0 to 1024
[   32.843049][ T3513] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.913681][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.966334][    C1] Illegal XDP return value 16128 on prog  (id 11) dev bond_slave_1, expect packet loss!
[   33.170095][ T3532] loop4: detected capacity change from 0 to 512
[   33.185098][ T3532] EXT4-fs: Ignoring removed nomblk_io_submit option
[   33.218296][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.219893][ T3532] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.240822][ T3532] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   33.307683][ T3536] loop1: detected capacity change from 0 to 164
[   33.321877][ T3532] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.19: iget: bad i_size value: 2533274857506816
[   33.354728][ T3536] netlink: 68 bytes leftover after parsing attributes in process `syz.1.18'.
[   33.552161][ T3539] loop3: detected capacity change from 0 to 1024
[   33.587481][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.632018][ T3539] EXT4-fs: Ignoring removed orlov option
[   33.708335][ T3539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.213514][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.227888][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.264912][ T3544] loop0: detected capacity change from 0 to 1024
[   34.298878][ T3546] loop4: detected capacity change from 0 to 164
[   34.319102][ T3544] EXT4-fs: Ignoring removed orlov option
[   34.332953][ T3548] loop3: detected capacity change from 0 to 1024
[   34.354231][ T3546] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   34.385385][ T3544] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.417664][ T3546] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   34.440455][ T3548] EXT4-fs: Ignoring removed orlov option
[   34.458775][ T3546] Symlink component flag not implemented
[   34.464493][ T3546] Symlink component flag not implemented
[   34.494670][ T3548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.548796][ T3546] Symlink component flag not implemented (7)
[   34.554863][ T3546] Symlink component flag not implemented (116)
[   34.851265][ T3562] Unsupported ieee802154 address type: 0
[   35.277335][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.402469][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.436737][ T3585] loop3: detected capacity change from 0 to 1024
[   35.444466][ T3585] EXT4-fs: Ignoring removed orlov option
[   35.454564][ T3583] loop1: detected capacity change from 0 to 512
[   35.463570][ T3583] EXT4-fs: Ignoring removed mblk_io_submit option
[   35.476222][ T3582] loop0: detected capacity change from 0 to 2048
[   35.491610][ T3583] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   35.523289][ T3583] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal
[   35.525073][ T3585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.537884][ T3582] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   35.627677][ T3590] loop2: detected capacity change from 0 to 512
[   35.637561][ T3590] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   35.719546][ T3591] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   35.741008][ T3591] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1040 with error 28
[   35.753737][ T3591] EXT4-fs (loop0): This should not happen!! Data will be lost
[   35.753737][ T3591] 
[   35.763468][ T3591] EXT4-fs (loop0): Total free blocks count 0
[   35.769581][ T3591] EXT4-fs (loop0): Free/Dirty block details
[   35.775494][ T3591] EXT4-fs (loop0): free_blocks=2415919104
[   35.781325][ T3591] EXT4-fs (loop0): dirty_blocks=1056
[   35.786769][ T3591] EXT4-fs (loop0): Block reservation details
[   35.792776][ T3591] EXT4-fs (loop0): i_reserved_data_blocks=66
[   35.838351][ T3590] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.860279][ T3590] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.917726][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.961163][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.970614][ T3598] loop2: detected capacity change from 0 to 2048
[   35.993477][ T3598] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.050348][ T3598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.35'.
[   36.072576][ T3598] netlink: 40 bytes leftover after parsing attributes in process `syz.2.35'.
[   36.206775][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.261582][ T3591] syz.0.33 (3591) used greatest stack depth: 10120 bytes left
[   36.316912][ T3604] loop4: detected capacity change from 0 to 1024
[   36.334607][ T3611] loop2: detected capacity change from 0 to 1024
[   36.341578][ T3542] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[   36.356282][ T3611] EXT4-fs: Ignoring removed orlov option
[   36.362571][ T3604] =======================================================
[   36.362571][ T3604] WARNING: The mand mount option has been deprecated and
[   36.362571][ T3604]          and is ignored by this kernel. Remove the mand
[   36.362571][ T3604]          option from the mount to silence this warning.
[   36.362571][ T3604] =======================================================
[   36.425909][ T3611] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.443672][ T3618] loop3: detected capacity change from 0 to 1024
[   36.501964][ T3618] EXT4-fs: Ignoring removed orlov option
[   36.545644][ T3622] loop0: detected capacity change from 0 to 1024
[   36.580880][ T3622] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   36.591967][ T3622] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   36.602558][ T3604] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.619073][ T3622] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   36.630018][ T3622] JBD2: no valid journal superblock found
[   36.635935][ T3622] EXT4-fs (loop0): Could not load journal inode
[   36.767536][ T3618] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.781319][ T3632] loop1: detected capacity change from 0 to 1024
[   36.785987][ T3604] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.813244][ T3632] EXT4-fs: Ignoring removed orlov option
[   36.868755][ T3632] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.912445][ T3637] loop0: detected capacity change from 0 to 1024
[   36.924217][ T3637] EXT4-fs: Ignoring removed orlov option
[   36.957940][ T3637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.979103][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.115371][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.163220][ T3643] loop2: detected capacity change from 0 to 1024
[   37.194188][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.204054][ T3643] EXT4-fs: Ignoring removed orlov option
[   37.218425][ T3643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.357661][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.385947][ T3646] loop3: detected capacity change from 0 to 1024
[   37.392821][ T3646] EXT4-fs: Ignoring removed orlov option
[   37.510582][ T3646] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.604674][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.665400][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.685028][ T3657] loop1: detected capacity change from 0 to 1024
[   37.721290][   T29] kauditd_printk_skb: 445 callbacks suppressed
[   37.721305][   T29] audit: type=1400 audit(1749993304.586:554): avc:  denied  { create } for  pid=3658 comm="syz.4.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   37.726694][ T3657] EXT4-fs: Ignoring removed orlov option
[   37.753664][   T29] audit: type=1400 audit(1749993304.616:555): avc:  denied  { getopt } for  pid=3658 comm="syz.4.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   37.776667][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.801586][ T3657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.861337][ T3663] loop3: detected capacity change from 0 to 1024
[   37.883751][   T29] audit: type=1400 audit(1749993304.706:556): avc:  denied  { allowed } for  pid=3667 comm="syz.2.58" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   37.903257][   T29] audit: type=1400 audit(1749993304.706:557): avc:  denied  { create } for  pid=3667 comm="syz.2.58" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   37.924829][   T29] audit: type=1400 audit(1749993304.706:558): avc:  denied  { map } for  pid=3667 comm="syz.2.58" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=4024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   37.936754][ T3663] EXT4-fs: Ignoring removed orlov option
[   37.948892][   T29] audit: type=1400 audit(1749993304.706:559): avc:  denied  { read write } for  pid=3667 comm="syz.2.58" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=4024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   38.058334][ T3676] loop2: detected capacity change from 0 to 164
[   38.104356][ T3676] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   38.120475][ T3663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.135634][ T3677] loop4: detected capacity change from 0 to 1024
[   38.152269][ T3676] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   38.160685][ T3676] Symlink component flag not implemented
[   38.166445][ T3676] Symlink component flag not implemented
[   38.172438][ T3676] Symlink component flag not implemented (7)
[   38.178535][ T3676] Symlink component flag not implemented (116)
[   38.242873][ T3677] EXT4-fs: Ignoring removed orlov option
[   38.251487][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.289108][ T3679] loop2: detected capacity change from 0 to 128
[   38.301240][ T3679] EXT4-fs warning (device loop2): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck.
[   38.315403][ T3679] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (fffc1829)
[   38.338496][ T3677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.399677][ T3682] netlink: 8 bytes leftover after parsing attributes in process `syz.1.62'.
[   38.486749][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.669344][   T29] audit: type=1400 audit(1749993305.536:560): avc:  denied  { create } for  pid=3690 comm="syz.1.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   38.679893][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.753154][ T3693] loop1: detected capacity change from 0 to 128
[   38.768156][ T3693] FAT-fs (loop1): Directory bread(block 32) failed
[   38.784793][ T3693] FAT-fs (loop1): Directory bread(block 33) failed
[   38.804049][ T3693] FAT-fs (loop1): Directory bread(block 34) failed
[   38.816037][   T29] audit: type=1326 audit(1749993305.686:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3692 comm="syz.4.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   38.840114][   T29] audit: type=1326 audit(1749993305.686:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3692 comm="syz.4.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   38.843203][ T3697] loop0: detected capacity change from 0 to 1024
[   38.863842][   T29] audit: type=1326 audit(1749993305.686:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3692 comm="syz.4.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   38.898539][ T3693] FAT-fs (loop1): Directory bread(block 35) failed
[   38.924572][ T3693] FAT-fs (loop1): Directory bread(block 36) failed
[   38.941929][ T3697] EXT4-fs: Ignoring removed orlov option
[   38.944368][ T3693] FAT-fs (loop1): Directory bread(block 37) failed
[   38.954451][ T3693] FAT-fs (loop1): Directory bread(block 38) failed
[   38.968312][ T3693] FAT-fs (loop1): Directory bread(block 39) failed
[   38.977960][ T3693] FAT-fs (loop1): Directory bread(block 40) failed
[   38.984686][ T3693] FAT-fs (loop1): Directory bread(block 41) failed
[   38.993847][ T3697] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.088264][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.131517][ T3691] syz.1.67: attempt to access beyond end of device
[   39.131517][ T3691] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128
[   39.197826][ T3691] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 196)
[   39.206087][ T3691] FAT-fs (loop1): Filesystem has been set read-only
[   39.222686][ T3708] loop3: detected capacity change from 0 to 2048
[   39.255751][ T3710] loop0: detected capacity change from 0 to 8192
[   39.312680][ T3708] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.356302][ T3710] netlink: 'syz.0.72': attribute type 13 has an invalid length.
[   39.383097][ T3708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.71'.
[   39.391920][ T3708] netlink: 40 bytes leftover after parsing attributes in process `syz.3.71'.
[   39.502566][ T3710] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.509961][ T3710] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.534744][ T3717] loop1: detected capacity change from 0 to 512
[   39.556544][ T3717] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   39.604411][ T3710] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   39.617956][ T3710] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   39.623242][ T3717] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.639429][ T3717] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.665521][ T3710] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.674764][ T3710] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.683874][ T3710] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.693430][ T3710] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.703621][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.736633][ T3733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   39.765433][ T3733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   39.789570][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.809583][ T3710] syz.0.72 (3710) used greatest stack depth: 9824 bytes left
[   39.867200][ T3743] futex_wake_op: syz.3.82 tries to shift op by -1; fix this program
[   40.008641][ T3746] loop0: detected capacity change from 0 to 1024
[   40.010507][ T3750] FAULT_INJECTION: forcing a failure.
[   40.010507][ T3750] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   40.028322][ T3750] CPU: 0 UID: 0 PID: 3750 Comm: syz.4.85 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   40.028410][ T3750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   40.028426][ T3750] Call Trace:
[   40.028488][ T3750]  <TASK>
[   40.028495][ T3750]  __dump_stack+0x1d/0x30
[   40.028520][ T3750]  dump_stack_lvl+0xe8/0x140
[   40.028544][ T3750]  dump_stack+0x15/0x1b
[   40.028564][ T3750]  should_fail_ex+0x265/0x280
[   40.028601][ T3750]  should_fail_alloc_page+0xf2/0x100
[   40.028705][ T3750]  __alloc_frozen_pages_noprof+0xff/0x360
[   40.028773][ T3750]  alloc_pages_mpol+0xb3/0x250
[   40.028807][ T3750]  folio_alloc_mpol_noprof+0x39/0x80
[   40.028845][ T3750]  shmem_get_folio_gfp+0x3cf/0xd60
[   40.028971][ T3750]  shmem_write_begin+0xa8/0x190
[   40.029010][ T3750]  generic_perform_write+0x184/0x490
[   40.029079][ T3750]  shmem_file_write_iter+0xc5/0xf0
[   40.029178][ T3750]  do_iter_readv_writev+0x421/0x4c0
[   40.029204][ T3750]  vfs_writev+0x2df/0x8b0
[   40.029235][ T3750]  __se_sys_pwritev2+0xfc/0x1c0
[   40.029262][ T3750]  __x64_sys_pwritev2+0x67/0x80
[   40.029291][ T3750]  x64_sys_call+0x1cea/0x2fb0
[   40.029317][ T3750]  do_syscall_64+0xd2/0x200
[   40.029335][ T3750]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   40.029420][ T3750]  ? clear_bhb_loop+0x40/0x90
[   40.029446][ T3750]  ? clear_bhb_loop+0x40/0x90
[   40.029488][ T3750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.029514][ T3750] RIP: 0033:0x7f6c9fc3e929
[   40.029530][ T3750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.029547][ T3750] RSP: 002b:00007f6c9e2a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   40.029570][ T3750] RAX: ffffffffffffffda RBX: 00007f6c9fe65fa0 RCX: 00007f6c9fc3e929
[   40.029584][ T3750] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[   40.029597][ T3750] RBP: 00007f6c9e2a7090 R08: 0000000030000000 R09: 0000000000000003
[   40.029612][ T3750] R10: 0000000000007c00 R11: 0000000000000246 R12: 0000000000000001
[   40.029626][ T3750] R13: 0000000000000000 R14: 00007f6c9fe65fa0 R15: 00007fff342e4d08
[   40.029650][ T3750]  </TASK>
[   40.032040][ T3746] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   40.167323][ T3753] loop4: detected capacity change from 0 to 512
[   40.171329][ T3746] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   40.277021][ T3746] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   40.285182][ T3753] mmap: syz.4.86 (3753) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   40.287311][ T3746] JBD2: no valid journal superblock found
[   40.304776][ T3746] EXT4-fs (loop0): Could not load journal inode
[   40.341991][ T3753] SELinux:  Context system_u:object_r:hald_sonypic_exec_t:s0 is not valid (left unmapped).
[   40.460398][ T3760] loop4: detected capacity change from 0 to 1024
[   40.486156][ T3760] EXT4-fs: Ignoring removed orlov option
[   40.493815][ T3760] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.640011][ T3775] netlink: 4 bytes leftover after parsing attributes in process `syz.0.94'.
[   40.707741][ T3777] loop1: detected capacity change from 0 to 1024
[   40.715187][ T3777] EXT4-fs: Ignoring removed i_version option
[   40.740969][ T3777] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   40.751200][ T3778] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   40.816723][ T3777] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   40.900677][ T3777] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.95: Invalid block bitmap block 0 in block_group 0
[   40.960312][ T3777] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.95: Failed to acquire dquot type 0
[   41.026456][ T3777] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.95: Freeing blocks not in datazone - block = 0, count = 4096
[   41.078695][ T3777] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.95: Invalid inode bitmap blk 0 in block_group 0
[   41.098344][ T3461] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[   41.120234][ T3777] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[   41.130682][ T3794] loop3: detected capacity change from 0 to 1024
[   41.137724][ T3794] EXT4-fs: Ignoring removed orlov option
[   41.145574][ T3777] EXT4-fs (loop1): 1 orphan inode deleted
[   41.165372][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.170712][ T3777] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.263013][ T3777] syz.1.95 (3777) used greatest stack depth: 9704 bytes left
[   41.278676][ T3794] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.304189][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.322419][ T3806] loop0: detected capacity change from 0 to 1024
[   41.329275][ T3806] EXT4-fs: Ignoring removed orlov option
[   41.339886][ T3806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.399783][ T3812] FAULT_INJECTION: forcing a failure.
[   41.399783][ T3812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.413447][ T3812] CPU: 0 UID: 0 PID: 3812 Comm: syz.2.108 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   41.413571][ T3812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   41.413587][ T3812] Call Trace:
[   41.413595][ T3812]  <TASK>
[   41.413604][ T3812]  __dump_stack+0x1d/0x30
[   41.413630][ T3812]  dump_stack_lvl+0xe8/0x140
[   41.413654][ T3812]  dump_stack+0x15/0x1b
[   41.413727][ T3812]  should_fail_ex+0x265/0x280
[   41.413766][ T3812]  should_fail+0xb/0x20
[   41.413866][ T3812]  should_fail_usercopy+0x1a/0x20
[   41.413907][ T3812]  _copy_from_user+0x1c/0xb0
[   41.413932][ T3812]  ___sys_sendmsg+0xc1/0x1d0
[   41.413969][ T3812]  __x64_sys_sendmsg+0xd4/0x160
[   41.414104][ T3812]  x64_sys_call+0x2999/0x2fb0
[   41.414132][ T3812]  do_syscall_64+0xd2/0x200
[   41.414155][ T3812]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.414240][ T3812]  ? clear_bhb_loop+0x40/0x90
[   41.414260][ T3812]  ? clear_bhb_loop+0x40/0x90
[   41.414284][ T3812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.414352][ T3812] RIP: 0033:0x7fe4891ae929
[   41.414371][ T3812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.414394][ T3812] RSP: 002b:00007fe487817038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   41.414417][ T3812] RAX: ffffffffffffffda RBX: 00007fe4893d5fa0 RCX: 00007fe4891ae929
[   41.414434][ T3812] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000008
[   41.414449][ T3812] RBP: 00007fe487817090 R08: 0000000000000000 R09: 0000000000000000
[   41.414461][ T3812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.414514][ T3812] R13: 0000000000000000 R14: 00007fe4893d5fa0 R15: 00007fff45ace228
[   41.414537][ T3812]  </TASK>
[   41.597019][    C1] hrtimer: interrupt took 27661 ns
[   41.728304][ T3821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.109'.
[   41.741125][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.794531][ T3825] loop0: detected capacity change from 0 to 128
[   41.821748][ T3825] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   41.849074][ T3825] ext4 filesystem being mounted at /20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   41.922775][ T3825] netlink: 132 bytes leftover after parsing attributes in process `syz.0.112'.
[   41.959477][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.033671][ T3836] loop3: detected capacity change from 0 to 164
[   42.049772][ T3306] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   42.084196][ T3836] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   42.119968][ T3838] loop4: detected capacity change from 0 to 1024
[   42.195375][ T3849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3849 comm=syz.0.124
[   42.214675][ T3854] loop3: detected capacity change from 0 to 1024
[   42.221370][ T3838] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   42.250307][ T3854] EXT4-fs: Ignoring removed orlov option
[   42.260375][ T3838] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   42.276381][ T3838] EXT4-fs (loop4): orphan cleanup on readonly fs
[   42.298946][ T3838] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.118: Invalid inode table block 0 in block_group 0
[   42.317903][ T3854] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.371484][ T3838] EXT4-fs (loop4): Remounting filesystem read-only
[   42.403471][ T3838] EXT4-fs (loop4): 1 truncate cleaned up
[   42.409728][ T3838] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   42.423110][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.537000][ T3872] loop3: detected capacity change from 0 to 512
[   42.549917][ T3872] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   42.574203][ T3877] loop1: detected capacity change from 0 to 512
[   42.583850][ T3872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.617900][ T3872] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.667571][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.693210][ T3877] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.706222][ T3877] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.739424][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.759610][ T3888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.136'.
[   42.826150][ T3897] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[   42.836376][   T29] kauditd_printk_skb: 540 callbacks suppressed
[   42.836389][   T29] audit: type=1400 audit(1749993309.706:1099): avc:  denied  { relabelto } for  pid=3896 comm="syz.3.139" name="20" dev="tmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hwdata_t:s0"
[   42.868359][   T29] audit: type=1400 audit(1749993309.706:1100): avc:  denied  { associate } for  pid=3896 comm="syz.3.139" name="20" dev="tmpfs" ino=127 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hwdata_t:s0"
[   42.908488][   T29] audit: type=1400 audit(1749993309.776:1101): avc:  denied  { append } for  pid=3896 comm="syz.3.139" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   42.947616][   T29] audit: type=1400 audit(1749993309.816:1102): avc:  denied  { remove_name } for  pid=3311 comm="syz-executor" name="binderfs" dev="tmpfs" ino=131 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hwdata_t:s0"
[   43.037560][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.042486][   T29] audit: type=1400 audit(1749993309.816:1103): avc:  denied  { rmdir } for  pid=3311 comm="syz-executor" name="20" dev="tmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:hwdata_t:s0"
[   43.084366][   T29] audit: type=1326 audit(1749993309.946:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   43.107810][   T29] audit: type=1326 audit(1749993309.946:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   43.131191][   T29] audit: type=1326 audit(1749993309.946:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   43.144784][ T3912] 9pnet: Could not find request transport: t
[   43.154932][   T29] audit: type=1326 audit(1749993309.946:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   43.184326][   T29] audit: type=1326 audit(1749993309.946:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   43.218955][ T3916] FAULT_INJECTION: forcing a failure.
[   43.218955][ T3916] name failslab, interval 1, probability 0, space 0, times 0
[   43.231836][ T3916] CPU: 1 UID: 0 PID: 3916 Comm: syz.1.147 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   43.231864][ T3916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.231876][ T3916] Call Trace:
[   43.231883][ T3916]  <TASK>
[   43.231890][ T3916]  __dump_stack+0x1d/0x30
[   43.231915][ T3916]  dump_stack_lvl+0xe8/0x140
[   43.231939][ T3916]  dump_stack+0x15/0x1b
[   43.231980][ T3916]  should_fail_ex+0x265/0x280
[   43.232018][ T3916]  should_failslab+0x8c/0xb0
[   43.232047][ T3916]  kmem_cache_alloc_node_noprof+0x57/0x320
[   43.232085][ T3916]  ? alloc_vmap_area+0x231/0xe50
[   43.232121][ T3916]  alloc_vmap_area+0x231/0xe50
[   43.232188][ T3916]  ? get_page_from_freelist+0x1378/0x13d0
[   43.232227][ T3916]  ? should_failslab+0x8c/0xb0
[   43.232255][ T3916]  ? __kmalloc_cache_node_noprof+0x18a/0x320
[   43.232293][ T3916]  __get_vm_area_node+0x173/0x1d0
[   43.232365][ T3916]  __vmalloc_node_range_noprof+0x273/0xe00
[   43.232470][ T3916]  ? bpf_check+0xe0/0xced0
[   43.232524][ T3916]  ? __alloc_frozen_pages_noprof+0x15f/0x360
[   43.232568][ T3916]  ? __lruvec_stat_mod_folio+0xea/0x120
[   43.232605][ T3916]  ? __kmalloc_large_node_noprof+0x16/0xa0
[   43.232641][ T3916]  ? bpf_check+0xe0/0xced0
[   43.232682][ T3916]  vzalloc_noprof+0x82/0xc0
[   43.232791][ T3916]  ? bpf_check+0xe0/0xced0
[   43.232823][ T3916]  bpf_check+0xe0/0xced0
[   43.232876][ T3916]  ? page_counter_charge+0x207/0x230
[   43.232913][ T3916]  ? __rcu_read_unlock+0x4f/0x70
[   43.232941][ T3916]  ? obj_cgroup_charge_pages+0xf7/0x150
[   43.233111][ T3916]  ? __rcu_read_unlock+0x4f/0x70
[   43.233133][ T3916]  ? __memcg_kmem_charge_page+0xd1/0x170
[   43.233251][ T3916]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   43.233296][ T3916]  ? alloc_pages_bulk_noprof+0x4b8/0x540
[   43.233337][ T3916]  ? __vmap_pages_range_noflush+0xbb3/0xbd0
[   43.233388][ T3916]  ? _find_next_zero_bit+0x64/0xa0
[   43.233422][ T3916]  ? pcpu_block_update+0x24e/0x3b0
[   43.233510][ T3916]  ? pcpu_block_refresh_hint+0x10b/0x170
[   43.233535][ T3916]  ? _find_next_zero_bit+0x29/0xa0
[   43.233567][ T3916]  ? pcpu_block_refresh_hint+0x157/0x170
[   43.233600][ T3916]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[   43.233639][ T3916]  ? mod_memcg_state+0x1eb/0x2c0
[   43.233687][ T3916]  ? __rcu_read_unlock+0x4f/0x70
[   43.233714][ T3916]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[   43.233791][ T3916]  ? should_fail_ex+0xdb/0x280
[   43.233825][ T3916]  ? selinux_bpf_prog_load+0x36/0xf0
[   43.233853][ T3916]  ? should_failslab+0x8c/0xb0
[   43.233880][ T3916]  ? __kmalloc_cache_noprof+0x189/0x320
[   43.233966][ T3916]  ? selinux_bpf_prog_load+0xbf/0xf0
[   43.234043][ T3916]  ? security_bpf_prog_load+0x2c/0xa0
[   43.234079][ T3916]  bpf_prog_load+0xedd/0x1070
[   43.234121][ T3916]  ? security_bpf+0x2b/0x90
[   43.234152][ T3916]  __sys_bpf+0x51d/0x790
[   43.234199][ T3916]  __x64_sys_bpf+0x41/0x50
[   43.234294][ T3916]  x64_sys_call+0x2478/0x2fb0
[   43.234364][ T3916]  do_syscall_64+0xd2/0x200
[   43.234387][ T3916]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   43.234419][ T3916]  ? clear_bhb_loop+0x40/0x90
[   43.234448][ T3916]  ? clear_bhb_loop+0x40/0x90
[   43.234469][ T3916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.234502][ T3916] RIP: 0033:0x7f709011e929
[   43.234521][ T3916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.234544][ T3916] RSP: 002b:00007f708e787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   43.234574][ T3916] RAX: ffffffffffffffda RBX: 00007f7090345fa0 RCX: 00007f709011e929
[   43.234591][ T3916] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[   43.234606][ T3916] RBP: 00007f708e787090 R08: 0000000000000000 R09: 0000000000000000
[   43.234621][ T3916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   43.234636][ T3916] R13: 0000000000000000 R14: 00007f7090345fa0 R15: 00007ffdd46825e8
[   43.234661][ T3916]  </TASK>
[   43.234672][ T3916] syz.1.147: vmalloc error: size 240, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[   43.635584][ T3916] CPU: 1 UID: 0 PID: 3916 Comm: syz.1.147 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   43.635640][ T3916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.635663][ T3916] Call Trace:
[   43.635671][ T3916]  <TASK>
[   43.635680][ T3916]  __dump_stack+0x1d/0x30
[   43.635702][ T3916]  dump_stack_lvl+0xe8/0x140
[   43.635728][ T3916]  dump_stack+0x15/0x1b
[   43.635784][ T3916]  warn_alloc+0x12b/0x1a0
[   43.635829][ T3916]  __vmalloc_node_range_noprof+0x297/0xe00
[   43.635872][ T3916]  ? __alloc_frozen_pages_noprof+0x15f/0x360
[   43.635964][ T3916]  ? __lruvec_stat_mod_folio+0xea/0x120
[   43.636032][ T3916]  ? __kmalloc_large_node_noprof+0x16/0xa0
[   43.636064][ T3916]  ? bpf_check+0xe0/0xced0
[   43.636087][ T3916]  vzalloc_noprof+0x82/0xc0
[   43.636127][ T3916]  ? bpf_check+0xe0/0xced0
[   43.636208][ T3916]  bpf_check+0xe0/0xced0
[   43.636239][ T3916]  ? page_counter_charge+0x207/0x230
[   43.636269][ T3916]  ? __rcu_read_unlock+0x4f/0x70
[   43.636312][ T3916]  ? obj_cgroup_charge_pages+0xf7/0x150
[   43.636348][ T3916]  ? __rcu_read_unlock+0x4f/0x70
[   43.636375][ T3916]  ? __memcg_kmem_charge_page+0xd1/0x170
[   43.636461][ T3916]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   43.636497][ T3916]  ? alloc_pages_bulk_noprof+0x4b8/0x540
[   43.636534][ T3916]  ? __vmap_pages_range_noflush+0xbb3/0xbd0
[   43.636572][ T3916]  ? _find_next_zero_bit+0x64/0xa0
[   43.636652][ T3916]  ? pcpu_block_update+0x24e/0x3b0
[   43.636739][ T3916]  ? pcpu_block_refresh_hint+0x10b/0x170
[   43.636757][ T3916]  ? _find_next_zero_bit+0x29/0xa0
[   43.636787][ T3916]  ? pcpu_block_refresh_hint+0x157/0x170
[   43.636812][ T3916]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[   43.636883][ T3916]  ? mod_memcg_state+0x1eb/0x2c0
[   43.636914][ T3916]  ? __rcu_read_unlock+0x4f/0x70
[   43.636937][ T3916]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[   43.636982][ T3916]  ? should_fail_ex+0xdb/0x280
[   43.637032][ T3916]  ? selinux_bpf_prog_load+0x36/0xf0
[   43.637058][ T3916]  ? should_failslab+0x8c/0xb0
[   43.637079][ T3916]  ? __kmalloc_cache_noprof+0x189/0x320
[   43.637112][ T3916]  ? selinux_bpf_prog_load+0xbf/0xf0
[   43.637166][ T3916]  ? security_bpf_prog_load+0x2c/0xa0
[   43.637250][ T3916]  bpf_prog_load+0xedd/0x1070
[   43.637297][ T3916]  ? security_bpf+0x2b/0x90
[   43.637324][ T3916]  __sys_bpf+0x51d/0x790
[   43.637370][ T3916]  __x64_sys_bpf+0x41/0x50
[   43.637417][ T3916]  x64_sys_call+0x2478/0x2fb0
[   43.637438][ T3916]  do_syscall_64+0xd2/0x200
[   43.637458][ T3916]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   43.637482][ T3916]  ? clear_bhb_loop+0x40/0x90
[   43.637502][ T3916]  ? clear_bhb_loop+0x40/0x90
[   43.637591][ T3916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.637612][ T3916] RIP: 0033:0x7f709011e929
[   43.637645][ T3916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.637674][ T3916] RSP: 002b:00007f708e787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   43.637728][ T3916] RAX: ffffffffffffffda RBX: 00007f7090345fa0 RCX: 00007f709011e929
[   43.637744][ T3916] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[   43.637760][ T3916] RBP: 00007f708e787090 R08: 0000000000000000 R09: 0000000000000000
[   43.637772][ T3916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   43.637783][ T3916] R13: 0000000000000000 R14: 00007f7090345fa0 R15: 00007ffdd46825e8
[   43.637801][ T3916]  </TASK>
[   43.975847][ T3916] Mem-Info:
[   43.978985][ T3916] active_anon:6463 inactive_anon:5 isolated_anon:0
[   43.978985][ T3916]  active_file:18952 inactive_file:2198 isolated_file:0
[   43.978985][ T3916]  unevictable:0 dirty:231 writeback:0
[   43.978985][ T3916]  slab_reclaimable:3020 slab_unreclaimable:30507
[   43.978985][ T3916]  mapped:29350 shmem:193 pagetables:1120
[   43.978985][ T3916]  sec_pagetables:0 bounce:0
[   43.978985][ T3916]  kernel_misc_reclaimable:0
[   43.978985][ T3916]  free:1853751 free_pcp:22476 free_cma:0
[   43.980210][ T3922] FAULT_INJECTION: forcing a failure.
[   43.980210][ T3922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   44.025058][ T3916] Node 0 active_anon:25852kB inactive_anon:20kB active_file:75808kB inactive_file:8792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117400kB dirty:924kB writeback:0kB shmem:772kB writeback_tmp:0kB kernel_stack:3456kB pagetables:4480kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   44.038674][ T3922] CPU: 0 UID: 0 PID: 3922 Comm: syz.4.148 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   44.038826][ T3922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.038842][ T3922] Call Trace:
[   44.038851][ T3922]  <TASK>
[   44.038864][ T3922]  __dump_stack+0x1d/0x30
[   44.038892][ T3922]  dump_stack_lvl+0xe8/0x140
[   44.038919][ T3922]  dump_stack+0x15/0x1b
[   44.038941][ T3922]  should_fail_ex+0x265/0x280
[   44.039058][ T3922]  should_fail+0xb/0x20
[   44.039095][ T3922]  should_fail_usercopy+0x1a/0x20
[   44.039139][ T3922]  _copy_to_user+0x20/0xa0
[   44.039168][ T3922]  simple_read_from_buffer+0xb5/0x130
[   44.039294][ T3922]  proc_fail_nth_read+0x100/0x140
[   44.039322][ T3922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   44.039346][ T3922]  vfs_read+0x1a0/0x6f0
[   44.039425][ T3922]  ? __rcu_read_unlock+0x4f/0x70
[   44.039455][ T3922]  ? __fget_files+0x184/0x1c0
[   44.039495][ T3922]  ksys_read+0xda/0x1a0
[   44.039582][ T3922]  __x64_sys_read+0x40/0x50
[   44.039626][ T3922]  x64_sys_call+0x2d77/0x2fb0
[   44.039654][ T3922]  do_syscall_64+0xd2/0x200
[   44.039728][ T3922]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   44.039799][ T3922]  ? clear_bhb_loop+0x40/0x90
[   44.039828][ T3922]  ? clear_bhb_loop+0x40/0x90
[   44.039931][ T3922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.040006][ T3922] RIP: 0033:0x7f6c9fc3d33c
[   44.040027][ T3922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   44.040056][ T3922] RSP: 002b:00007f6c9e286030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   44.040083][ T3922] RAX: ffffffffffffffda RBX: 00007f6c9fe66080 RCX: 00007f6c9fc3d33c
[   44.040101][ T3922] RDX: 000000000000000f RSI: 00007f6c9e2860a0 RDI: 0000000000000007
[   44.040118][ T3922] RBP: 00007f6c9e286090 R08: 0000000000000000 R09: 0000000000000000
[   44.040200][ T3922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.040217][ T3922] R13: 0000000000000000 R14: 00007f6c9fe66080 R15: 00007fff342e4d08
[   44.040244][ T3922]  </TASK>
[   44.276456][ T3916] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   44.305163][ T3916] lowmem_reserve[]: 0 2882 7860 7860
[   44.310650][ T3916] Node 0 DMA32 free:2947840kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951368kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB
[   44.340891][ T3916] lowmem_reserve[]: 0 0 4978 4978
[   44.345992][ T3916] Node 0 Normal free:4451572kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25504kB inactive_anon:20kB active_file:75808kB inactive_file:8792kB unevictable:0kB writepending:924kB present:5242880kB managed:5098232kB mlocked:0kB bounce:0kB free_pcp:107344kB local_pcp:68824kB free_cma:0kB
[   44.378137][ T3916] lowmem_reserve[]: 0 0 0 0
[   44.382841][ T3916] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   44.395638][ T3916] Node 0 DMA32: 4*4kB (M) 4*8kB (M) 5*16kB (M) 2*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947840kB
[   44.412073][ T3916] Node 0 Normal: 828*4kB (ME) 336*8kB (M) 193*16kB (M) 151*32kB (M) 121*64kB (M) 66*128kB (ME) 33*256kB (UM) 27*512kB (UME) 14*1024kB (ME) 5*2048kB (UM) 1068*4096kB (M) = 4451488kB
[   44.430464][ T3916] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   44.439850][ T3916] 21346 total pagecache pages
[   44.444552][ T3916] 5 pages in swap cache
[   44.448780][ T3916] Free swap  = 124976kB
[   44.452974][ T3916] Total swap = 124996kB
[   44.457203][ T3916] 2097051 pages RAM
[   44.461048][ T3916] 0 pages HighMem/MovableOnly
[   44.465745][ T3916] 80811 pages reserved
[   44.574967][ T3936] capability: warning: `syz.1.156' uses 32-bit capabilities (legacy support in use)
[   44.661676][ T3949] loop1: detected capacity change from 0 to 1024
[   44.675741][ T3949] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   44.676470][ T3951] netlink: 40 bytes leftover after parsing attributes in process `syz.2.161'.
[   44.687128][ T3949] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   44.705842][ T3951] netlink: 40 bytes leftover after parsing attributes in process `syz.2.161'.
[   44.734945][ T3949] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   44.775429][ T3958] SELinux:  policydb string  does not match my string SE Linux
[   44.782608][ T3949] JBD2: no valid journal superblock found
[   44.783167][ T3958] SELinux: failed to load policy
[   44.788820][ T3949] EXT4-fs (loop1): Could not load journal inode
[   44.923576][ T3962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.166'.
[   44.959095][ T3966] vcan0: entered allmulticast mode
[   44.970244][ T3966] vcan0: left allmulticast mode
[   45.527737][ T3985] loop1: detected capacity change from 0 to 128
[   45.570539][ T3985] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   45.635994][ T3985] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   45.759177][ T3312] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   45.828928][ T4000] loop1: detected capacity change from 0 to 1024
[   45.847180][ T4000] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   45.871607][ T4003] loop0: detected capacity change from 0 to 512
[   45.889831][ T4000] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   45.899880][ T4003] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   45.910657][ T4000] EXT4-fs (loop1): orphan cleanup on readonly fs
[   45.931016][ T4003] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.946164][ T4003] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.966711][ T4000] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.179: Invalid inode table block 0 in block_group 0
[   46.030228][ T4000] EXT4-fs (loop1): Remounting filesystem read-only
[   46.049678][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.061182][ T4000] EXT4-fs (loop1): 1 truncate cleaned up
[   46.075530][ T4000] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   46.153792][ T4015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.184'.
[   46.283685][ T4019] netlink: 8 bytes leftover after parsing attributes in process `syz.2.186'.
[   46.513751][ T4029] netlink: 68 bytes leftover after parsing attributes in process `syz.2.187'.
[   46.523395][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.566615][ T4029] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   46.583441][ T4031] netlink: 32 bytes leftover after parsing attributes in process `syz.4.189'.
[   46.598416][ T4034] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   46.601397][ T4031] netlink: 32 bytes leftover after parsing attributes in process `syz.4.189'.
[   46.626049][ T4034] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   46.670273][ T4031] FAULT_INJECTION: forcing a failure.
[   46.670273][ T4031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   46.683430][ T4031] CPU: 1 UID: 0 PID: 4031 Comm: syz.4.189 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   46.683460][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   46.683549][ T4031] Call Trace:
[   46.683556][ T4031]  <TASK>
[   46.683563][ T4031]  __dump_stack+0x1d/0x30
[   46.683584][ T4031]  dump_stack_lvl+0xe8/0x140
[   46.683606][ T4031]  dump_stack+0x15/0x1b
[   46.683626][ T4031]  should_fail_ex+0x265/0x280
[   46.683928][ T4031]  should_fail+0xb/0x20
[   46.683963][ T4031]  should_fail_usercopy+0x1a/0x20
[   46.684004][ T4031]  _copy_to_iter+0x24b/0xe30
[   46.684152][ T4031]  ? xas_load+0x413/0x430
[   46.684207][ T4031]  ? __pfx_simple_copy_to_iter+0x10/0x10
[   46.684233][ T4031]  __skb_datagram_iter+0x2f4/0x690
[   46.684258][ T4031]  ? __pfx_simple_copy_to_iter+0x10/0x10
[   46.684343][ T4031]  skb_copy_datagram_iter+0x3d/0x110
[   46.684364][ T4031]  tcp_recvmsg_locked+0xa68/0x1fd0
[   46.684407][ T4031]  ? xa_load+0xb1/0xe0
[   46.684437][ T4031]  ? avc_has_perm_noaudit+0x1b1/0x200
[   46.684556][ T4031]  ? __rcu_read_unlock+0x4f/0x70
[   46.684621][ T4031]  ? avc_has_perm_noaudit+0x1b1/0x200
[   46.684719][ T4031]  ? _raw_spin_unlock_bh+0x36/0x40
[   46.684741][ T4031]  ? lock_sock_nested+0x112/0x140
[   46.684767][ T4031]  ? avc_has_perm+0xd3/0x150
[   46.684865][ T4031]  tcp_recvmsg+0x12e/0x490
[   46.684891][ T4031]  ? selinux_socket_recvmsg+0x175/0x1b0
[   46.684933][ T4031]  ? __pfx_tcp_recvmsg+0x10/0x10
[   46.685029][ T4031]  inet6_recvmsg+0xb7/0x290
[   46.685049][ T4031]  sock_recvmsg+0x95/0x170
[   46.685080][ T4031]  ____sys_recvmsg+0xf5/0x280
[   46.685123][ T4031]  ___sys_recvmsg+0x11f/0x370
[   46.685150][ T4031]  __x64_sys_recvmsg+0xd1/0x160
[   46.685248][ T4031]  x64_sys_call+0xf19/0x2fb0
[   46.685272][ T4031]  do_syscall_64+0xd2/0x200
[   46.685311][ T4031]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.685344][ T4031]  ? clear_bhb_loop+0x40/0x90
[   46.685395][ T4031]  ? clear_bhb_loop+0x40/0x90
[   46.685420][ T4031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.685440][ T4031] RIP: 0033:0x7f6c9fc3e929
[   46.685462][ T4031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   46.685484][ T4031] RSP: 002b:00007f6c9e2a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   46.685506][ T4031] RAX: ffffffffffffffda RBX: 00007f6c9fe65fa0 RCX: 00007f6c9fc3e929
[   46.685587][ T4031] RDX: 0000000040000110 RSI: 00002000000008c0 RDI: 000000000000000a
[   46.685600][ T4031] RBP: 00007f6c9e2a7090 R08: 0000000000000000 R09: 0000000000000000
[   46.685633][ T4031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.685648][ T4031] R13: 0000000000000000 R14: 00007f6c9fe65fa0 R15: 00007fff342e4d08
[   46.685672][ T4031]  </TASK>
[   46.970350][ T4022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   46.981258][ T4037] loop1: detected capacity change from 0 to 2048
[   46.990962][ T4022] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   47.006528][ T4039] vxcan2: entered promiscuous mode
[   47.011770][ T4039] vxcan2: entered allmulticast mode
[   47.078903][ T3553]  loop1: p1 < > p4
[   47.103629][ T3553] loop1: p4 size 8388608 extends beyond EOD, truncated
[   47.154822][ T4037]  loop1: p1 < > p4
[   47.165455][ T4037] loop1: p4 size 8388608 extends beyond EOD, truncated
[   47.202413][ T2998]  loop1: p1 < > p4
[   47.208564][ T2998] loop1: p4 size 8388608 extends beyond EOD, truncated
[   47.293912][ T4061] netlink: 4 bytes leftover after parsing attributes in process `syz.0.199'.
[   47.295285][ T4058] loop4: detected capacity change from 0 to 2048
[   47.309516][ T4060] loop0: detected capacity change from 0 to 2048
[   47.321972][ T4060] ext4: Unknown parameter '#'
[   47.379283][ T4058] EXT4-fs (loop4): failed to initialize system zone (-117)
[   47.393913][ T4058] EXT4-fs (loop4): mount failed
[   47.419993][ T4058] FAULT_INJECTION: forcing a failure.
[   47.419993][ T4058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   47.433403][ T4058] CPU: 0 UID: 0 PID: 4058 Comm: syz.4.200 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   47.433434][ T4058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   47.433448][ T4058] Call Trace:
[   47.433456][ T4058]  <TASK>
[   47.433466][ T4058]  __dump_stack+0x1d/0x30
[   47.433515][ T4058]  dump_stack_lvl+0xe8/0x140
[   47.433539][ T4058]  dump_stack+0x15/0x1b
[   47.433559][ T4058]  should_fail_ex+0x265/0x280
[   47.433603][ T4058]  should_fail+0xb/0x20
[   47.433636][ T4058]  should_fail_usercopy+0x1a/0x20
[   47.433675][ T4058]  _copy_to_iter+0x24b/0xe30
[   47.433756][ T4058]  ? should_fail_ex+0xdb/0x280
[   47.433792][ T4058]  copy_page_to_iter+0x18f/0x2d0
[   47.433845][ T4058]  process_vm_rw+0x672/0x950
[   47.433907][ T4058]  __x64_sys_process_vm_readv+0x78/0x90
[   47.433946][ T4058]  x64_sys_call+0x2978/0x2fb0
[   47.433971][ T4058]  do_syscall_64+0xd2/0x200
[   47.434040][ T4058]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   47.434071][ T4058]  ? clear_bhb_loop+0x40/0x90
[   47.434150][ T4058]  ? clear_bhb_loop+0x40/0x90
[   47.434177][ T4058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.434203][ T4058] RIP: 0033:0x7f6c9fc3e929
[   47.434249][ T4058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.434272][ T4058] RSP: 002b:00007f6c9e2a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[   47.434293][ T4058] RAX: ffffffffffffffda RBX: 00007f6c9fe65fa0 RCX: 00007f6c9fc3e929
[   47.434305][ T4058] RDX: 0000000000000002 RSI: 0000200000008400 RDI: 0000000000000074
[   47.434317][ T4058] RBP: 00007f6c9e2a7090 R08: 0000000000000286 R09: 0000000000000000
[   47.434328][ T4058] R10: 0000200000008640 R11: 0000000000000246 R12: 0000000000000002
[   47.434399][ T4058] R13: 0000000000000000 R14: 00007f6c9fe65fa0 R15: 00007fff342e4d08
[   47.434419][ T4058]  </TASK>
[   47.711085][ T4080] vxcan2: entered promiscuous mode
[   47.716344][ T4080] vxcan2: entered allmulticast mode
[   47.757121][ T4086] loop0: detected capacity change from 0 to 512
[   47.765982][ T2998]  loop1: p1 < > p4
[   47.782244][ T2998] loop1: p4 size 8388608 extends beyond EOD, truncated
[   47.792253][ T4086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.829375][ T4086] ext4 filesystem being mounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   47.918776][   T29] kauditd_printk_skb: 471 callbacks suppressed
[   47.918794][   T29] audit: type=1326 audit(1749993314.786:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   47.948466][   T29] audit: type=1326 audit(1749993314.786:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   47.987771][   T29] audit: type=1326 audit(1749993314.786:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   48.012101][   T29] audit: type=1326 audit(1749993314.786:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   48.035609][   T29] audit: type=1326 audit(1749993314.786:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4093 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c9fc3e929 code=0x7ffc0000
[   48.105609][ T4106] loop1: detected capacity change from 0 to 1024
[   48.146314][ T4106] EXT4-fs: Ignoring removed orlov option
[   48.157344][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.195968][   T29] audit: type=1400 audit(1749993314.856:1583): avc:  denied  { unmount } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   48.216487][   T29] audit: type=1326 audit(1749993314.966:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4104 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   48.240059][   T29] audit: type=1326 audit(1749993314.966:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4104 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   48.264168][   T29] audit: type=1326 audit(1749993314.986:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4104 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=52 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   48.287661][   T29] audit: type=1326 audit(1749993314.986:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4104 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f435e7de929 code=0x7ffc0000
[   48.318044][ T4106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.352754][ T4122] netlink: 12 bytes leftover after parsing attributes in process `syz.4.219'.
[   48.409649][ T4118] loop3: detected capacity change from 0 to 512
[   48.430429][ T4118] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.437699][ T4127] hub 1-0:1.0: USB hub found
[   48.448116][ T4127] hub 1-0:1.0: 8 ports detected
[   48.455076][ T4130] syz.0.215 uses obsolete (PF_INET,SOCK_PACKET)
[   48.586008][ T4118] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   48.778253][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.828467][ T4135] loop1: detected capacity change from 0 to 1024
[   48.847720][ T4135] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   48.858910][ T4135] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   48.874518][ T4135] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   48.885183][ T4135] JBD2: no valid journal superblock found
[   48.891124][ T4135] EXT4-fs (loop1): Could not load journal inode
[   48.910603][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.041949][ T4143] program syz.3.224 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   49.101703][ T4149] loop1: detected capacity change from 0 to 1024
[   49.116084][ T4149] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   49.173507][ T4149] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   49.182235][ T4149] EXT4-fs (loop1): orphan cleanup on readonly fs
[   49.227496][ T4149] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.227: Invalid inode table block 0 in block_group 0
[   49.250979][ T4154] SELinux:  Context system_u:object is not valid (left unmapped).
[   49.274477][ T4154] loop4: detected capacity change from 0 to 1024
[   49.282620][ T4154] EXT4-fs: Ignoring removed nobh option
[   49.288358][ T4154] EXT4-fs: Ignoring removed bh option
[   49.294255][ T4149] EXT4-fs (loop1): Remounting filesystem read-only
[   49.309532][ T4149] EXT4-fs (loop1): 1 truncate cleaned up
[   49.322496][ T4149] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   49.393291][ T4160] vxcan2: entered promiscuous mode
[   49.399117][ T4160] vxcan2: entered allmulticast mode
[   49.406342][ T4154] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.485255][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.609472][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.668141][ T4183] vxcan2: entered promiscuous mode
[   49.673333][ T4183] vxcan2: entered allmulticast mode
[   49.713379][ T4181] syzkaller0: entered allmulticast mode
[   49.724062][ T4186] __nla_validate_parse: 1 callbacks suppressed
[   49.724076][ T4186] netlink: 24 bytes leftover after parsing attributes in process `syz.3.242'.
[   49.777125][ T4181] SELinux: ebitmap: truncated map
[   49.786411][ T4181] SELinux: failed to load policy
[   49.807353][ T4181] syzkaller0 (unregistering): left allmulticast mode
[   49.824214][ T4191] loop4: detected capacity change from 0 to 1024
[   49.853894][ T4193] vxcan2: entered promiscuous mode
[   49.859123][ T4193] vxcan2: entered allmulticast mode
[   49.865443][ T4191] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   49.876495][ T4191] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   49.888313][ T4191] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   49.899783][ T4191] JBD2: no valid journal superblock found
[   49.905609][ T4191] EXT4-fs (loop4): Could not load journal inode
[   49.983800][ T4198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.247'.
[   50.003060][ T4203] loop3: detected capacity change from 0 to 1024
[   50.025996][ T4198] IPVS: Error joining to the multicast group
[   50.027842][ T4203] EXT4-fs: Ignoring removed orlov option
[   50.063095][ T4203] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.134435][ T4199] hub 4-0:1.0: USB hub found
[   50.139210][ T4199] hub 4-0:1.0: 8 ports detected
[   50.158722][ T4199] loop4: detected capacity change from 0 to 1024
[   50.168342][ T4213] vxcan2: entered promiscuous mode
[   50.173648][ T4213] vxcan2: entered allmulticast mode
[   50.178792][ T4199] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869)
[   50.190737][ T4199] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002]
[   50.191152][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.216374][ T4199] System zones: 0-1, 3-36
[   50.221157][ T4199] EXT4-fs (loop4): orphan cleanup on readonly fs
[   50.231641][ T4199] EXT4-fs (loop4): 1 orphan inode deleted
[   50.242385][ T4199] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   50.301843][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.329433][ T4221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.256'.
[   50.348941][ T4223] loop1: detected capacity change from 0 to 512
[   50.374205][ T4223] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   50.425397][ T4223] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.446427][ T4227] loop4: detected capacity change from 0 to 1024
[   50.479528][ T4234] netlink: 'syz.2.261': attribute type 1 has an invalid length.
[   50.487561][ T4234] netlink: 224 bytes leftover after parsing attributes in process `syz.2.261'.
[   50.499490][ T4223] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.500549][ T4227] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   50.521031][ T4227] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   50.532675][ T4227] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   50.546861][ T4227] JBD2: no valid journal superblock found
[   50.552672][ T4227] EXT4-fs (loop4): Could not load journal inode
[   50.604763][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.636508][ T4240] loop0: detected capacity change from 0 to 1024
[   50.668021][ T4240] EXT4-fs: Ignoring removed orlov option
[   50.701471][ T4240] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.732990][ T4250] vxcan2: entered promiscuous mode
[   50.736136][ T4246] loop4: detected capacity change from 0 to 1024
[   50.738297][ T4250] vxcan2: entered allmulticast mode
[   50.745002][ T4246] EXT4-fs: Ignoring removed orlov option
[   50.779055][ T4246] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.818451][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.957285][ T4270] loop3: detected capacity change from 0 to 1024
[   50.994317][ T4270] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   51.005583][ T4270] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   51.029603][ T4270] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   51.046636][ T4270] JBD2: no valid journal superblock found
[   51.052467][ T4270] EXT4-fs (loop3): Could not load journal inode
[   51.065535][ T4279] loop1: detected capacity change from 0 to 1024
[   51.074916][ T4279] EXT4-fs: Ignoring removed orlov option
[   51.100748][ T4279] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.164484][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.327845][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.372268][ T4311] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[   51.379104][ T4311] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   51.386962][ T4311] vhci_hcd vhci_hcd.0: Device attached
[   51.418258][ T4311] program syz.4.290 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   51.474645][ T4311] netlink: 52 bytes leftover after parsing attributes in process `syz.4.290'.
[   51.490807][ T4312] vhci_hcd: connection closed
[   51.490990][   T37] vhci_hcd: stop threads
[   51.500510][   T37] vhci_hcd: release socket
[   51.505135][   T37] vhci_hcd: disconnect device
[   51.529506][ T4318] FAULT_INJECTION: forcing a failure.
[   51.529506][ T4318] name failslab, interval 1, probability 0, space 0, times 0
[   51.542291][ T4318] CPU: 1 UID: 0 PID: 4318 Comm: syz.3.294 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   51.542326][ T4318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   51.542341][ T4318] Call Trace:
[   51.542349][ T4318]  <TASK>
[   51.542358][ T4318]  __dump_stack+0x1d/0x30
[   51.542385][ T4318]  dump_stack_lvl+0xe8/0x140
[   51.542405][ T4318]  dump_stack+0x15/0x1b
[   51.542422][ T4318]  should_fail_ex+0x265/0x280
[   51.542452][ T4318]  should_failslab+0x8c/0xb0
[   51.542474][ T4318]  kmem_cache_alloc_bulk_noprof+0x5b/0x410
[   51.542512][ T4318]  ? kmem_cache_alloc_noprof+0x186/0x310
[   51.542545][ T4318]  ? mas_dup_build+0x1f6/0xd30
[   51.542573][ T4318]  mas_dup_build+0x6df/0xd30
[   51.542606][ T4318]  __mt_dup+0xc6/0x180
[   51.542638][ T4318]  dup_mmap+0x266/0xf20
[   51.542656][ T4318]  ? __list_add_valid_or_report+0x38/0xe0
[   51.542693][ T4318]  copy_mm+0x11a/0x370
[   51.542718][ T4318]  copy_process+0xcf1/0x1fe0
[   51.542749][ T4318]  kernel_clone+0x16c/0x5b0
[   51.542772][ T4318]  ? vfs_write+0x75e/0x8e0
[   51.542816][ T4318]  __x64_sys_clone+0xe6/0x120
[   51.542859][ T4318]  x64_sys_call+0x2c59/0x2fb0
[   51.542886][ T4318]  do_syscall_64+0xd2/0x200
[   51.542907][ T4318]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   51.542937][ T4318]  ? clear_bhb_loop+0x40/0x90
[   51.542956][ T4318]  ? clear_bhb_loop+0x40/0x90
[   51.542976][ T4318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.542995][ T4318] RIP: 0033:0x7f435e7de929
[   51.543011][ T4318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.543032][ T4318] RSP: 002b:00007f435ce46fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   51.543054][ T4318] RAX: ffffffffffffffda RBX: 00007f435ea05fa0 RCX: 00007f435e7de929
[   51.543069][ T4318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000400a1400
[   51.543089][ T4318] RBP: 00007f435ce47090 R08: 0000000000000000 R09: 0000000000000000
[   51.543100][ T4318] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   51.543111][ T4318] R13: 0000000000000000 R14: 00007f435ea05fa0 R15: 00007ffda56edf28
[   51.543129][ T4318]  </TASK>
[   51.761251][ T2958] vhci_hcd: vhci_device speed not set
[   51.791982][ T4319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'.
[   51.994309][ T4342] netlink: 8 bytes leftover after parsing attributes in process `syz.2.298'.
[   52.066583][ T4352] netlink: 8 bytes leftover after parsing attributes in process `syz.1.302'.
[   52.167229][ T4362] loop0: detected capacity change from 0 to 1024
[   52.220399][ T4362] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   52.231390][ T4362] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   52.274207][ T4362] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   52.289813][ T4362] JBD2: no valid journal superblock found
[   52.295865][ T4362] EXT4-fs (loop0): Could not load journal inode
[   52.462155][ T4396] loop0: detected capacity change from 0 to 512
[   52.478363][ T4396] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.491459][ T4395] loop1: detected capacity change from 0 to 512
[   52.504572][ T4395] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.533242][ T4396] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   52.639279][ T4404] loop3: detected capacity change from 0 to 1024
[   52.649874][ T4404] EXT4-fs: Ignoring removed mblk_io_submit option
[   52.657965][ T4395] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.673255][ T4404] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=2040c018, mo2=0002]
[   52.687520][ T4395] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.698009][ T4404] System zones: 0-1, 3-12
[   52.702978][ T4404] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.792752][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.912796][ T4402] netlink: 12 bytes leftover after parsing attributes in process `syz.3.319'.
[   52.948212][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.081940][ T4425] netlink: 4 bytes leftover after parsing attributes in process `syz.1.326'.
[   53.096865][   T29] kauditd_printk_skb: 833 callbacks suppressed
[   53.096959][   T29] audit: type=1326 audit(1749993319.966:2419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.105870][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.134545][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.175103][   T29] audit: type=1400 audit(1749993319.966:2420): avc:  denied  { write } for  pid=4401 comm="syz.3.319" path="/60/file1/bus" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   53.198009][   T29] audit: type=1326 audit(1749993320.016:2421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.221517][   T29] audit: type=1326 audit(1749993320.016:2422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.245136][   T29] audit: type=1326 audit(1749993320.016:2423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.268892][   T29] audit: type=1326 audit(1749993320.016:2424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.292564][   T29] audit: type=1326 audit(1749993320.016:2425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.316334][   T29] audit: type=1326 audit(1749993320.016:2426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.339900][   T29] audit: type=1326 audit(1749993320.016:2427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.363432][   T29] audit: type=1326 audit(1749993320.016:2428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc9fafe929 code=0x7ffc0000
[   53.394180][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.401814][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.409611][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.460424][ T4432] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO
[   53.517826][ T4430] loop0: detected capacity change from 0 to 512
[   53.537913][ T4430] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   53.551168][ T4430] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   53.582823][ T4430] EXT4-fs (loop0): 1 truncate cleaned up
[   53.590467][ T4430] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.620165][ T4443] capability: warning: `syz.4.335' uses deprecated v2 capabilities in a way that may be insecure
[   53.679068][ T4445] loop3: detected capacity change from 0 to 1024
[   53.688871][ T4430] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.720174][ T4445] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   53.731243][ T4445] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   53.766620][ T4445] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   53.785702][ T4445] JBD2: no valid journal superblock found
[   53.791662][ T4445] EXT4-fs (loop3): Could not load journal inode
[   53.851502][ T4459] loop0: detected capacity change from 0 to 1024
[   53.861311][ T4456] loop4: detected capacity change from 0 to 1024
[   53.869229][ T4459] EXT4-fs: Ignoring removed nobh option
[   53.874904][ T4459] EXT4-fs: Ignoring removed bh option
[   53.897256][ T4456] EXT4-fs: Ignoring removed orlov option
[   53.930495][ T4456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.985478][ T4459] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.012798][ T4459] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4459 comm=syz.0.342
[   54.140105][ T4479] unsupported nla_type 65024
[   54.171925][ T4481] vhci_hcd: invalid port number 96
[   54.177151][ T4481] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[   54.281161][ T4475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   54.294328][ T4475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   54.355884][ T4495] loop4: detected capacity change from 0 to 164
[   54.367914][ T4495] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   54.782207][ T4538] __nla_validate_parse: 3 callbacks suppressed
[   54.782226][ T4538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[   54.797287][ T4538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[   54.902297][ T4549] loop1: detected capacity change from 0 to 512
[   54.912561][ T4538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[   54.959100][ T4549] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   55.020851][ T4561] FAULT_INJECTION: forcing a failure.
[   55.020851][ T4561] name failslab, interval 1, probability 0, space 0, times 0
[   55.033566][ T4561] CPU: 0 UID: 0 PID: 4561 Comm: syz.4.379 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   55.033596][ T4561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.033612][ T4561] Call Trace:
[   55.033620][ T4561]  <TASK>
[   55.033630][ T4561]  __dump_stack+0x1d/0x30
[   55.033656][ T4561]  dump_stack_lvl+0xe8/0x140
[   55.033731][ T4561]  dump_stack+0x15/0x1b
[   55.033752][ T4561]  should_fail_ex+0x265/0x280
[   55.033787][ T4561]  should_failslab+0x8c/0xb0
[   55.033843][ T4561]  kmem_cache_alloc_node_noprof+0x57/0x320
[   55.033883][ T4561]  ? __alloc_skb+0x101/0x320
[   55.033923][ T4561]  __alloc_skb+0x101/0x320
[   55.034018][ T4561]  ? audit_log_start+0x365/0x6c0
[   55.034097][ T4561]  audit_log_start+0x380/0x6c0
[   55.034132][ T4561]  audit_seccomp+0x48/0x100
[   55.034240][ T4561]  ? __seccomp_filter+0x68c/0x10d0
[   55.034290][ T4561]  __seccomp_filter+0x69d/0x10d0
[   55.034313][ T4561]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   55.034332][ T4561]  ? vfs_write+0x75e/0x8e0
[   55.034400][ T4561]  ? __rcu_read_unlock+0x4f/0x70
[   55.034461][ T4561]  ? __fget_files+0x184/0x1c0
[   55.034488][ T4561]  __secure_computing+0x82/0x150
[   55.034510][ T4561]  syscall_trace_enter+0xcf/0x1e0
[   55.034589][ T4561]  do_syscall_64+0xac/0x200
[   55.034612][ T4561]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.034644][ T4561]  ? clear_bhb_loop+0x40/0x90
[   55.034679][ T4561]  ? clear_bhb_loop+0x40/0x90
[   55.034779][ T4561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.034800][ T4561] RIP: 0033:0x7f6c9fc3e929
[   55.034820][ T4561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.034842][ T4561] RSP: 002b:00007f6c9e2a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   55.034982][ T4561] RAX: ffffffffffffffda RBX: 00007f6c9fe65fa0 RCX: 00007f6c9fc3e929
[   55.034998][ T4561] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000005
[   55.035013][ T4561] RBP: 00007f6c9e2a7090 R08: 0000000000000000 R09: 0000000000000000
[   55.035028][ T4561] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.035043][ T4561] R13: 0000000000000000 R14: 00007f6c9fe65fa0 R15: 00007fff342e4d08
[   55.035069][ T4561]  </TASK>
[   55.295735][ T4561] netlink: 28 bytes leftover after parsing attributes in process `syz.4.379'.
[   55.369281][ T4565] netlink: 28 bytes leftover after parsing attributes in process `syz.3.382'.
[   55.785468][ T4587] loop0: detected capacity change from 0 to 2048
[   55.945672][ T4595] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   55.996507][ T4595] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 600 with error 28
[   56.008972][ T4595] EXT4-fs (loop0): This should not happen!! Data will be lost
[   56.008972][ T4595] 
[   56.018853][ T4595] EXT4-fs (loop0): Total free blocks count 0
[   56.024874][ T4595] EXT4-fs (loop0): Free/Dirty block details
[   56.030842][ T4595] EXT4-fs (loop0): free_blocks=2415919104
[   56.036653][ T4595] EXT4-fs (loop0): dirty_blocks=608
[   56.042018][ T4595] EXT4-fs (loop0): Block reservation details
[   56.048112][ T4595] EXT4-fs (loop0): i_reserved_data_blocks=38
[   56.082061][ T4605] loop4: detected capacity change from 0 to 1024
[   56.089985][ T4605] EXT4-fs: Ignoring removed nobh option
[   56.095779][ T4605] EXT4-fs: Ignoring removed bh option
[   56.188067][ T4605] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4605 comm=syz.4.395
[   56.219550][ T4611] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   56.262271][ T4616] loop3: detected capacity change from 0 to 1024
[   56.304631][ T4616] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   56.353452][ T4616] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   56.369444][ T4627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.404'.
[   56.378718][ T4616] EXT4-fs (loop3): orphan cleanup on readonly fs
[   56.412532][ T4616] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.399: Invalid inode table block 0 in block_group 0
[   56.449798][ T4616] EXT4-fs (loop3): Remounting filesystem read-only
[   56.456544][ T4616] EXT4-fs (loop3): 1 truncate cleaned up
[   56.576474][ T3453] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[   56.589099][ T3453] EXT4-fs (loop0): This should not happen!! Data will be lost
[   56.589099][ T3453] 
[   56.715366][ T4650] loop4: detected capacity change from 0 to 512
[   56.743568][ T4650] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   56.790495][ T4650] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.803127][ T4653] syzkaller1: entered promiscuous mode
[   56.808911][ T4653] syzkaller1: entered allmulticast mode
[   56.886149][ T4653] loop1: detected capacity change from 0 to 164
[   56.933993][ T4653] iso9660: Unknown parameter ''
[   56.987742][ T4672] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1546 sclass=netlink_route_socket pid=4672 comm=syz.3.423
[   57.227118][ T4681] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.246116][ T4683] loop3: detected capacity change from 0 to 1024
[   57.419285][ T4683] EXT4-fs: Ignoring removed nobh option
[   57.424960][ T4683] EXT4-fs: Ignoring removed bh option
[   57.802528][ T4697] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   57.825556][ T4699] hub 6-0:1.0: USB hub found
[   57.839226][ T4699] hub 6-0:1.0: 8 ports detected
[   57.901336][   T29] kauditd_printk_skb: 617 callbacks suppressed
[   57.901350][   T29] audit: type=1326 audit(1749995628.984:3040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   57.931147][   T29] audit: type=1326 audit(1749995628.984:3041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   57.954554][   T29] audit: type=1326 audit(1749995628.984:3042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.006813][   T29] audit: type=1326 audit(1749995629.068:3043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.030373][   T29] audit: type=1326 audit(1749995629.068:3044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.054230][   T29] audit: type=1326 audit(1749995629.068:3045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.077589][   T29] audit: type=1326 audit(1749995629.079:3046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.101092][   T29] audit: type=1326 audit(1749995629.079:3047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.124666][   T29] audit: type=1326 audit(1749995629.079:3048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.148029][   T29] audit: type=1326 audit(1749995629.079:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4702 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   58.180552][ T4699] loop0: detected capacity change from 0 to 512
[   58.187680][ T4699] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   58.214324][ T4699] EXT4-fs (loop0): 1 truncate cleaned up
[   58.249318][ T4723] loop4: detected capacity change from 0 to 1024
[   58.256126][ T4723] EXT4-fs: Ignoring removed orlov option
[   58.435249][ T4737] loop0: detected capacity change from 0 to 1024
[   58.478108][ T4737] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.494963][ T4737] FAULT_INJECTION: forcing a failure.
[   58.494963][ T4737] name failslab, interval 1, probability 0, space 0, times 0
[   58.507725][ T4737] CPU: 0 UID: 0 PID: 4737 Comm: syz.0.447 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   58.507813][ T4737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   58.507825][ T4737] Call Trace:
[   58.507831][ T4737]  <TASK>
[   58.507840][ T4737]  __dump_stack+0x1d/0x30
[   58.507895][ T4737]  dump_stack_lvl+0xe8/0x140
[   58.507913][ T4737]  dump_stack+0x15/0x1b
[   58.507933][ T4737]  should_fail_ex+0x265/0x280
[   58.507971][ T4737]  ? do_inotify_init+0x93/0x270
[   58.507994][ T4737]  should_failslab+0x8c/0xb0
[   58.508029][ T4737]  __kmalloc_cache_noprof+0x4c/0x320
[   58.508058][ T4737]  do_inotify_init+0x93/0x270
[   58.508075][ T4737]  __x64_sys_inotify_init1+0x1e/0x30
[   58.508127][ T4737]  x64_sys_call+0x2ce8/0x2fb0
[   58.508154][ T4737]  do_syscall_64+0xd2/0x200
[   58.508176][ T4737]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.508221][ T4737]  ? clear_bhb_loop+0x40/0x90
[   58.508242][ T4737]  ? clear_bhb_loop+0x40/0x90
[   58.508291][ T4737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.508318][ T4737] RIP: 0033:0x7efc9fafe929
[   58.508338][ T4737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.508364][ T4737] RSP: 002b:00007efc9e167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126
[   58.508461][ T4737] RAX: ffffffffffffffda RBX: 00007efc9fd25fa0 RCX: 00007efc9fafe929
[   58.508473][ T4737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   58.508488][ T4737] RBP: 00007efc9e167090 R08: 0000000000000000 R09: 0000000000000000
[   58.508503][ T4737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.508519][ T4737] R13: 0000000000000000 R14: 00007efc9fd25fa0 R15: 00007ffc73dc5428
[   58.508542][ T4737]  </TASK>
[   58.997590][ T4774] loop1: detected capacity change from 0 to 1024
[   59.010800][ T4774] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   59.024726][ T4774] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   59.061184][ T4774] EXT4-fs (loop1): orphan cleanup on readonly fs
[   59.072811][ T4774] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.462: Invalid inode table block 0 in block_group 0
[   59.087478][ T4774] EXT4-fs (loop1): Remounting filesystem read-only
[   59.096502][ T4777] netlink: 12 bytes leftover after parsing attributes in process `syz.2.463'.
[   59.138546][ T4774] EXT4-fs (loop1): 1 truncate cleaned up
[   59.316270][ T4788] loop3: detected capacity change from 0 to 1024
[   59.334939][ T4788] EXT4-fs: Ignoring removed orlov option
[   59.708109][ T4807] loop1: detected capacity change from 0 to 1024
[   59.727725][ T4807] EXT4-fs: Ignoring removed nobh option
[   59.733480][ T4807] EXT4-fs: Ignoring removed bh option
[   59.800781][ T4821] loop0: detected capacity change from 0 to 1024
[   59.809071][ T4821] EXT4-fs: inline encryption not supported
[   59.815163][ T4821] EXT4-fs: Ignoring removed bh option
[   59.850830][ T4826] loop3: detected capacity change from 0 to 1024
[   59.860343][ T4826] EXT4-fs: Ignoring removed orlov option
[   59.872711][ T4828] loop4: detected capacity change from 0 to 1024
[   59.887522][ T4828] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   59.924996][ T4828] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   59.933173][ T4828] EXT4-fs (loop4): orphan cleanup on readonly fs
[   59.950586][ T4828] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.485: Invalid inode table block 0 in block_group 0
[   59.963611][ T4828] EXT4-fs (loop4): Remounting filesystem read-only
[   59.970183][ T4828] EXT4-fs (loop4): 1 truncate cleaned up
[   59.993582][ T4839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'.
[   60.176114][ T4856] netlink: 20 bytes leftover after parsing attributes in process `syz.2.498'.
[   60.227104][ T4860] loop1: detected capacity change from 0 to 1024
[   60.235504][ T4858] loop0: detected capacity change from 0 to 512
[   60.263047][ T4860] EXT4-fs: Ignoring removed orlov option
[   60.277252][ T4858] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   60.290982][ T4864] netlink: 8 bytes leftover after parsing attributes in process `syz.2.501'.
[   60.309799][ T4858] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.499295][ T4889] netlink: 20 bytes leftover after parsing attributes in process `syz.4.511'.
[   60.548024][ T4886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.509'.
[   60.558702][ T4886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.509'.
[   60.575417][ T4886] bond_slave_0: entered promiscuous mode
[   60.581146][ T4886] bond_slave_1: entered promiscuous mode
[   60.589296][ T4896] loop1: detected capacity change from 0 to 1024
[   60.596248][ T4896] EXT4-fs: Ignoring removed orlov option
[   60.602263][ T4886] macvlan2: entered promiscuous mode
[   60.607630][ T4886] bond0: entered promiscuous mode
[   60.636919][ T4886] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   60.659751][ T4902] FAULT_INJECTION: forcing a failure.
[   60.659751][ T4902] name failslab, interval 1, probability 0, space 0, times 0
[   60.672567][ T4902] CPU: 1 UID: 0 PID: 4902 Comm: syz.4.515 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   60.672600][ T4902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   60.672691][ T4902] Call Trace:
[   60.672698][ T4902]  <TASK>
[   60.672705][ T4902]  __dump_stack+0x1d/0x30
[   60.672738][ T4902]  dump_stack_lvl+0xe8/0x140
[   60.672763][ T4902]  dump_stack+0x15/0x1b
[   60.672781][ T4902]  should_fail_ex+0x265/0x280
[   60.672813][ T4902]  should_failslab+0x8c/0xb0
[   60.672836][ T4902]  kmem_cache_alloc_noprof+0x50/0x310
[   60.672877][ T4902]  ? audit_log_start+0x365/0x6c0
[   60.672969][ T4902]  audit_log_start+0x365/0x6c0
[   60.673006][ T4902]  audit_seccomp+0x48/0x100
[   60.673097][ T4902]  ? __seccomp_filter+0x68c/0x10d0
[   60.673127][ T4902]  __seccomp_filter+0x69d/0x10d0
[   60.673157][ T4902]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   60.673263][ T4902]  ? vfs_write+0x75e/0x8e0
[   60.673303][ T4902]  ? __rcu_read_unlock+0x4f/0x70
[   60.673328][ T4902]  ? __fget_files+0x184/0x1c0
[   60.673363][ T4902]  __secure_computing+0x82/0x150
[   60.673393][ T4902]  syscall_trace_enter+0xcf/0x1e0
[   60.673451][ T4902]  do_syscall_64+0xac/0x200
[   60.673468][ T4902]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   60.673492][ T4902]  ? clear_bhb_loop+0x40/0x90
[   60.673515][ T4902]  ? clear_bhb_loop+0x40/0x90
[   60.673543][ T4902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.673569][ T4902] RIP: 0033:0x7f6c9fc3e929
[   60.673589][ T4902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.673648][ T4902] RSP: 002b:00007f6c9e2a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[   60.673665][ T4902] RAX: ffffffffffffffda RBX: 00007f6c9fe65fa0 RCX: 00007f6c9fc3e929
[   60.673793][ T4902] RDX: 0000000000000040 RSI: 0000000000011000 RDI: 0000000000000000
[   60.673805][ T4902] RBP: 00007f6c9e2a7090 R08: 0000000000000000 R09: 0000000000000000
[   60.673894][ T4902] R10: 0000200000fec000 R11: 0000000000000246 R12: 0000000000000001
[   60.673908][ T4902] R13: 0000000000000000 R14: 00007f6c9fe65fa0 R15: 00007fff342e4d08
[   60.673932][ T4902]  </TASK>
[   60.908747][ T4907] loop1: detected capacity change from 0 to 128
[   60.928675][ T4907] FAT-fs (loop1): bogus number of reserved sectors
[   60.936010][ T4907] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[   60.945436][ T4907] FAT-fs (loop1): Can't find a valid FAT filesystem
[   60.953053][ T4911] syz.0.517 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   61.071303][ T4917] xt_CT: No such helper "netbios-ns"
[   61.096649][ T4928] loop3: detected capacity change from 0 to 764
[   61.107982][ T4928] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   61.111084][ T4929] loop4: detected capacity change from 0 to 1024
[   61.168120][ T4929] EXT4-fs: Ignoring removed orlov option
[   61.178247][ T4933] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=4933 comm=syz.1.529
[   61.225471][ T4941] FAULT_INJECTION: forcing a failure.
[   61.225471][ T4941] name failslab, interval 1, probability 0, space 0, times 0
[   61.238377][ T4941] CPU: 1 UID: 0 PID: 4941 Comm: syz.4.531 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   61.238410][ T4941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   61.238425][ T4941] Call Trace:
[   61.238432][ T4941]  <TASK>
[   61.238490][ T4941]  __dump_stack+0x1d/0x30
[   61.238515][ T4941]  dump_stack_lvl+0xe8/0x140
[   61.238540][ T4941]  dump_stack+0x15/0x1b
[   61.238584][ T4941]  should_fail_ex+0x265/0x280
[   61.238615][ T4941]  ? resv_map_alloc+0x32/0x190
[   61.238641][ T4941]  should_failslab+0x8c/0xb0
[   61.238700][ T4941]  __kmalloc_cache_noprof+0x4c/0x320
[   61.238732][ T4941]  ? vfs_write+0x75e/0x8e0
[   61.238809][ T4941]  resv_map_alloc+0x32/0x190
[   61.238851][ T4941]  hugetlbfs_get_inode+0x67/0x370
[   61.238883][ T4941]  hugetlb_file_setup+0x192/0x3d0
[   61.238921][ T4941]  ksys_mmap_pgoff+0x157/0x310
[   61.239020][ T4941]  x64_sys_call+0x1602/0x2fb0
[   61.239046][ T4941]  do_syscall_64+0xd2/0x200
[   61.239069][ T4941]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   61.239099][ T4941]  ? clear_bhb_loop+0x40/0x90
[   61.239169][ T4941]  ? clear_bhb_loop+0x40/0x90
[   61.239238][ T4941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.239258][ T4941] RIP: 0033:0x7f6c9fc3e929
[   61.239275][ T4941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.239296][ T4941] RSP: 002b:00007f6c9e2a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   61.239313][ T4941] RAX: ffffffffffffffda RBX: 00007f6c9fe65fa0 RCX: 00007f6c9fc3e929
[   61.239361][ T4941] RDX: 0000000000000000 RSI: 0000000001400000 RDI: 0000200000000000
[   61.239376][ T4941] RBP: 00007f6c9e2a7090 R08: ffffffffffffffff R09: 0000000000000000
[   61.239390][ T4941] R10: 00000000000c3072 R11: 0000000000000246 R12: 0000000000000001
[   61.239405][ T4941] R13: 0000000000000000 R14: 00007f6c9fe65fa0 R15: 00007fff342e4d08
[   61.239429][ T4941]  </TASK>
[   61.541181][ T4948] loop1: detected capacity change from 0 to 8192
[   61.597824][ T4948]  loop1: p1 p4 < >
[   61.604475][ T4948] loop1: p1 start 4261412864 is beyond EOD, truncated
[   61.686139][ T4948] serio: Serial port ptm0
[   61.856252][ T4975] loop0: detected capacity change from 0 to 1024
[   61.871692][ T4974] hub 6-0:1.0: USB hub found
[   61.880357][ T4974] hub 6-0:1.0: 8 ports detected
[   61.902131][ T4977] loop3: detected capacity change from 0 to 1024
[   61.935691][ T4981] loop1: detected capacity change from 0 to 512
[   61.944930][ T4977] EXT4-fs: Ignoring removed orlov option
[   61.972683][ T4967] xt_CT: No such helper "netbios-ns"
[   61.984740][ T4985] loop4: detected capacity change from 0 to 512
[   61.997276][ T4990] netlink: 'syz.2.551': attribute type 1 has an invalid length.
[   62.005069][ T4990] netlink: 'syz.2.551': attribute type 2 has an invalid length.
[   62.012987][ T4990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.551'.
[   62.048486][ T4981] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   62.068696][ T4985] ext4 filesystem being mounted at /111/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   62.070329][ T4967] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 16: block 145:freeing already freed block (bit 9); block bitmap corrupt.
[   62.242676][ T5007] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[   62.292300][ T5009] netlink: 8 bytes leftover after parsing attributes in process `syz.1.557'.
[   62.406103][ T5018] netlink: 36 bytes leftover after parsing attributes in process `syz.4.561'.
[   62.583496][ T5032] loop4: detected capacity change from 0 to 1024
[   62.590618][ T5032] EXT4-fs: Ignoring removed nobh option
[   62.596389][ T5032] EXT4-fs: Ignoring removed bh option
[   62.695215][ T5040] 9pnet_fd: Insufficient options for proto=fd
[   62.724861][ T5042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.572'.
[   62.745207][ T5042] hsr_slave_1 (unregistering): left promiscuous mode
[   62.756217][   T29] kauditd_printk_skb: 853 callbacks suppressed
[   62.756234][   T29] audit: type=1400 audit(1749997938.091:3897): avc:  denied  { mount } for  pid=5043 comm="syz.2.574" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   62.786544][   T29] audit: type=1326 audit(1749997938.091:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5047 comm="syz.1.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   62.810669][   T29] audit: type=1326 audit(1749997938.091:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5047 comm="syz.1.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   62.846102][ T5050] loop4: detected capacity change from 0 to 512
[   62.856467][ T5050] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   62.872735][ T5052] FAULT_INJECTION: forcing a failure.
[   62.872735][ T5052] name failslab, interval 1, probability 0, space 0, times 0
[   62.885477][ T5052] CPU: 0 UID: 0 PID: 5052 Comm: syz.1.575 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   62.885505][ T5052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   62.885518][ T5052] Call Trace:
[   62.885525][ T5052]  <TASK>
[   62.885534][ T5052]  __dump_stack+0x1d/0x30
[   62.885560][ T5052]  dump_stack_lvl+0xe8/0x140
[   62.885601][ T5052]  dump_stack+0x15/0x1b
[   62.885622][ T5052]  should_fail_ex+0x265/0x280
[   62.885657][ T5052]  should_failslab+0x8c/0xb0
[   62.885687][ T5052]  kmem_cache_alloc_noprof+0x50/0x310
[   62.885744][ T5052]  ? getname_flags+0x80/0x3b0
[   62.885774][ T5052]  getname_flags+0x80/0x3b0
[   62.885881][ T5052]  getname_uflags+0x21/0x30
[   62.885908][ T5052]  __x64_sys_execveat+0x5d/0x90
[   62.885949][ T5052]  x64_sys_call+0x2dae/0x2fb0
[   62.886007][ T5052]  do_syscall_64+0xd2/0x200
[   62.886025][ T5052]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   62.886051][ T5052]  ? clear_bhb_loop+0x40/0x90
[   62.886087][ T5052]  ? clear_bhb_loop+0x40/0x90
[   62.886178][ T5052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.886204][ T5052] RIP: 0033:0x7f709011e929
[   62.886220][ T5052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.886257][ T5052] RSP: 002b:00007f708e766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[   62.886279][ T5052] RAX: ffffffffffffffda RBX: 00007f7090346080 RCX: 00007f709011e929
[   62.886299][ T5052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[   62.886386][ T5052] RBP: 00007f708e766090 R08: 0000000000001000 R09: 0000000000000000
[   62.886402][ T5052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.886414][ T5052] R13: 0000000000000000 R14: 00007f7090346080 R15: 00007ffdd46825e8
[   62.886502][ T5052]  </TASK>
[   63.224106][ T5050] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   63.315134][ T5045] netlink: 'syz.2.574': attribute type 21 has an invalid length.
[   63.323119][ T5045] IPv6: NLM_F_CREATE should be specified when creating new route
[   63.373827][   T29] audit: type=1326 audit(1749997938.522:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5047 comm="syz.1.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.397564][   T29] audit: type=1326 audit(1749997938.522:3901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5047 comm="syz.1.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.421159][   T29] audit: type=1326 audit(1749997938.522:3902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5047 comm="syz.1.575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.482720][   T29] audit: type=1326 audit(1749997938.742:3903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5060 comm="syz.1.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.506652][   T29] audit: type=1326 audit(1749997938.742:3904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5060 comm="syz.1.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.530156][   T29] audit: type=1326 audit(1749997938.742:3905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5060 comm="syz.1.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.553675][   T29] audit: type=1326 audit(1749997938.742:3906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5060 comm="syz.1.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f709011e929 code=0x7ffc0000
[   63.702874][ T5072] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[   63.778169][ T5085] FAULT_INJECTION: forcing a failure.
[   63.778169][ T5085] name failslab, interval 1, probability 0, space 0, times 0
[   63.791166][ T5085] CPU: 1 UID: 0 PID: 5085 Comm: syz.0.586 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   63.791201][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   63.791221][ T5085] Call Trace:
[   63.791235][ T5085]  <TASK>
[   63.791243][ T5085]  __dump_stack+0x1d/0x30
[   63.791315][ T5085]  dump_stack_lvl+0xe8/0x140
[   63.791421][ T5085]  dump_stack+0x15/0x1b
[   63.791439][ T5085]  should_fail_ex+0x265/0x280
[   63.791473][ T5085]  should_failslab+0x8c/0xb0
[   63.791496][ T5085]  kmem_cache_alloc_noprof+0x50/0x310
[   63.791559][ T5085]  ? locks_get_lock_context+0x89/0x210
[   63.791595][ T5085]  locks_get_lock_context+0x89/0x210
[   63.791630][ T5085]  generic_setlease+0x27a/0xe40
[   63.791733][ T5085]  ? __srcu_read_unlock+0x1f/0x40
[   63.791762][ T5085]  vfs_setlease+0x1e8/0x200
[   63.791800][ T5085]  fcntl_setlease+0x259/0x300
[   63.791880][ T5085]  do_fcntl+0x524/0xdf0
[   63.791943][ T5085]  ? selinux_file_fcntl+0x1b4/0x1e0
[   63.791982][ T5085]  __se_sys_fcntl+0xb1/0x120
[   63.792010][ T5085]  __x64_sys_fcntl+0x43/0x50
[   63.792065][ T5085]  x64_sys_call+0x1f1d/0x2fb0
[   63.792085][ T5085]  do_syscall_64+0xd2/0x200
[   63.792102][ T5085]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   63.792130][ T5085]  ? clear_bhb_loop+0x40/0x90
[   63.792214][ T5085]  ? clear_bhb_loop+0x40/0x90
[   63.792314][ T5085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.792336][ T5085] RIP: 0033:0x7efc9fafe929
[   63.792400][ T5085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.792419][ T5085] RSP: 002b:00007efc9e167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[   63.792438][ T5085] RAX: ffffffffffffffda RBX: 00007efc9fd25fa0 RCX: 00007efc9fafe929
[   63.792452][ T5085] RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000004
[   63.792463][ T5085] RBP: 00007efc9e167090 R08: 0000000000000000 R09: 0000000000000000
[   63.792474][ T5085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.792506][ T5085] R13: 0000000000000000 R14: 00007efc9fd25fa0 R15: 00007ffc73dc5428
[   63.792618][ T5085]  </TASK>
[   64.014277][ T5072] FAULT_INJECTION: forcing a failure.
[   64.014277][ T5072] name failslab, interval 1, probability 0, space 0, times 0
[   64.027118][ T5087] loop1: detected capacity change from 0 to 1024
[   64.033646][ T5072] CPU: 1 UID: 0 PID: 5072 Comm: syz.2.582 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   64.033679][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   64.033720][ T5072] Call Trace:
[   64.033728][ T5072]  <TASK>
[   64.033738][ T5072]  __dump_stack+0x1d/0x30
[   64.033765][ T5072]  dump_stack_lvl+0xe8/0x140
[   64.033789][ T5072]  dump_stack+0x15/0x1b
[   64.033873][ T5072]  should_fail_ex+0x265/0x280
[   64.033907][ T5072]  ? sctp_add_bind_addr+0x71/0x1e0
[   64.033932][ T5072]  should_failslab+0x8c/0xb0
[   64.033962][ T5072]  __kmalloc_cache_noprof+0x4c/0x320
[   64.034006][ T5072]  sctp_add_bind_addr+0x71/0x1e0
[   64.034115][ T5072]  sctp_copy_local_addr_list+0x199/0x220
[   64.034147][ T5072]  sctp_copy_one_addr+0x7f/0x280
[   64.034176][ T5072]  sctp_bind_addr_copy+0x79/0x290
[   64.034204][ T5072]  sctp_assoc_set_bind_addr_from_ep+0xce/0xe0
[   64.034244][ T5072]  sctp_connect_new_asoc+0x1c3/0x3a0
[   64.034286][ T5072]  sctp_sendmsg+0xf10/0x18d0
[   64.034385][ T5072]  ? selinux_socket_sendmsg+0x161/0x1b0
[   64.034426][ T5072]  ? __pfx_sctp_sendmsg+0x10/0x10
[   64.034523][ T5072]  inet_sendmsg+0xc5/0xd0
[   64.034542][ T5072]  __sock_sendmsg+0x102/0x180
[   64.034568][ T5072]  ____sys_sendmsg+0x345/0x4e0
[   64.034656][ T5072]  ___sys_sendmsg+0x17b/0x1d0
[   64.034698][ T5072]  __sys_sendmmsg+0x178/0x300
[   64.034734][ T5072]  __x64_sys_sendmmsg+0x57/0x70
[   64.034802][ T5072]  x64_sys_call+0x2f2f/0x2fb0
[   64.034823][ T5072]  do_syscall_64+0xd2/0x200
[   64.034845][ T5072]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   64.034870][ T5072]  ? clear_bhb_loop+0x40/0x90
[   64.034889][ T5072]  ? clear_bhb_loop+0x40/0x90
[   64.034955][ T5072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.034978][ T5072] RIP: 0033:0x7fe4891ae929
[   64.034997][ T5072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.035019][ T5072] RSP: 002b:00007fe487817038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   64.035048][ T5072] RAX: ffffffffffffffda RBX: 00007fe4893d5fa0 RCX: 00007fe4891ae929
[   64.035064][ T5072] RDX: 0000000000000002 RSI: 0000200000000880 RDI: 000000000000000b
[   64.035151][ T5072] RBP: 00007fe487817090 R08: 0000000000000000 R09: 0000000000000000
[   64.035163][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.035175][ T5072] R13: 0000000000000000 R14: 00007fe4893d5fa0 R15: 00007fff45ace228
[   64.035193][ T5072]  </TASK>
[   64.282225][ T5081] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[   64.285470][ T5087] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   64.338484][ T5087] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   64.359206][ T5087] EXT4-fs (loop1): orphan cleanup on readonly fs
[   64.378033][ T5087] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.587: Invalid inode table block 0 in block_group 0
[   64.392100][ T5087] EXT4-fs (loop1): Remounting filesystem read-only
[   64.398811][ T5087] EXT4-fs (loop1): 1 truncate cleaned up
[   64.503923][ T5107] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.669083][ T3393] IPVS: starting estimator thread 0...
[   64.691370][ T5124] loop1: detected capacity change from 0 to 1024
[   64.703891][ T5124] EXT4-fs: Ignoring removed orlov option
[   64.719358][ T5126] loop3: detected capacity change from 0 to 1024
[   64.737533][ T5126] EXT4-fs: Ignoring removed nobh option
[   64.743300][ T5126] EXT4-fs: Ignoring removed bh option
[   64.763129][ T5122] IPVS: using max 2160 ests per chain, 108000 per kthread
[   64.851311][ T5107] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.928588][ T5107] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.981838][ T5139] __nla_validate_parse: 4 callbacks suppressed
[   64.981854][ T5139] netlink: 20 bytes leftover after parsing attributes in process `syz.3.603'.
[   65.006658][ T5107] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.065145][ T5143] hub 6-0:1.0: USB hub found
[   65.075261][ T5143] hub 6-0:1.0: 8 ports detected
[   65.086554][ T5149] 9pnet_fd: Insufficient options for proto=fd
[   65.105115][ T5107] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.122581][ T5151] loop4: detected capacity change from 0 to 512
[   65.141368][ T5107] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.151529][ T5151] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   65.169121][ T5107] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.198183][ T5107] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.216161][ T5151] ext4 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.227277][ T5157] netlink: 12 bytes leftover after parsing attributes in process `syz.1.612'.
[   65.402193][ T5176] netlink: 36 bytes leftover after parsing attributes in process `+}[@'.
[   65.411036][ T5177] loop4: detected capacity change from 0 to 2048
[   65.459221][ T5177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.621'.
[   65.489305][ T5177] netlink: 40 bytes leftover after parsing attributes in process `syz.4.621'.
[   65.498413][ T5183] loop1: detected capacity change from 0 to 8192
[   65.543892][ T3551]  loop1: p1 p4 < >
[   65.547813][ T3551] loop1: p1 start 4261412864 is beyond EOD, truncated
[   65.572254][ T5183]  loop1: p1 p4 < >
[   65.576255][ T5183] loop1: p1 start 4261412864 is beyond EOD, truncated
[   65.618408][ T5183] serio: Serial port ptm0
[   65.762872][ T5210] netlink: 8 bytes leftover after parsing attributes in process `+}[@'.
[   65.784908][ T5212] FAULT_INJECTION: forcing a failure.
[   65.784908][ T5212] name failslab, interval 1, probability 0, space 0, times 0
[   65.797759][ T5212] CPU: 0 UID: 0 PID: 5212 Comm: syz.1.636 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   65.797830][ T5212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   65.797844][ T5212] Call Trace:
[   65.797862][ T5212]  <TASK>
[   65.797869][ T5212]  __dump_stack+0x1d/0x30
[   65.797889][ T5212]  dump_stack_lvl+0xe8/0x140
[   65.797914][ T5212]  dump_stack+0x15/0x1b
[   65.797936][ T5212]  should_fail_ex+0x265/0x280
[   65.797972][ T5212]  ? alloc_async+0x2d/0x90
[   65.798047][ T5212]  should_failslab+0x8c/0xb0
[   65.798073][ T5212]  __kmalloc_cache_noprof+0x4c/0x320
[   65.798135][ T5212]  alloc_async+0x2d/0x90
[   65.798158][ T5212]  proc_do_submiturb+0x76d/0x1d00
[   65.798186][ T5212]  proc_submiturb+0x7b/0xa0
[   65.798225][ T5212]  usbdev_ioctl+0xcc2/0x1710
[   65.798265][ T5212]  ? __pfx_usbdev_ioctl+0x10/0x10
[   65.798368][ T5212]  __se_sys_ioctl+0xcb/0x140
[   65.798403][ T5212]  __x64_sys_ioctl+0x43/0x50
[   65.798481][ T5212]  x64_sys_call+0x19a8/0x2fb0
[   65.798512][ T5212]  do_syscall_64+0xd2/0x200
[   65.798534][ T5212]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   65.798574][ T5212]  ? clear_bhb_loop+0x40/0x90
[   65.798594][ T5212]  ? clear_bhb_loop+0x40/0x90
[   65.798614][ T5212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.798652][ T5212] RIP: 0033:0x7f709011e929
[   65.798671][ T5212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.798692][ T5212] RSP: 002b:00007f708e787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.798739][ T5212] RAX: ffffffffffffffda RBX: 00007f7090345fa0 RCX: 00007f709011e929
[   65.798755][ T5212] RDX: 0000200000000000 RSI: 000000008038550a RDI: 0000000000000004
[   65.798771][ T5212] RBP: 00007f708e787090 R08: 0000000000000000 R09: 0000000000000000
[   65.798786][ T5212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.798848][ T5212] R13: 0000000000000000 R14: 00007f7090345fa0 R15: 00007ffdd46825e8
[   65.798867][ T5212]  </TASK>
[   66.071305][ T5215] loop0: detected capacity change from 0 to 2048
[   66.112128][ T5230] loop4: detected capacity change from 0 to 512
[   66.124204][   T23] ==================================================================
[   66.132322][   T23] BUG: KCSAN: data-race in kick_pool / wq_worker_running
[   66.139359][   T23] 
[   66.141697][   T23] read-write to 0xffff888237c2b664 of 4 bytes by task 3412 on cpu 0:
[   66.149779][   T23]  wq_worker_running+0x95/0x120
[   66.154728][   T23]  schedule_timeout+0xb7/0x170
[   66.159512][   T23]  msleep+0x50/0x90
[   66.163326][   T23]  nsim_fib_event_work+0x14a2/0x21a0
[   66.168622][   T23]  process_scheduled_works+0x4ce/0x9d0
[   66.174093][   T23]  worker_thread+0x582/0x770
[   66.178699][   T23]  kthread+0x486/0x510
[   66.182774][   T23]  ret_from_fork+0xda/0x150
[   66.187454][   T23]  ret_from_fork_asm+0x1a/0x30
[   66.192227][   T23] 
[   66.194552][   T23] read to 0xffff888237c2b664 of 4 bytes by task 23 on cpu 1:
[   66.201936][   T23]  kick_pool+0x49/0x2d0
[   66.206103][   T23]  __queue_work+0x8d6/0xb60
[   66.210615][   T23]  queue_work_on+0xd1/0x160
[   66.215123][   T23]  process_srcu+0x999/0xbc0
[   66.219645][   T23]  process_scheduled_works+0x4ce/0x9d0
[   66.225117][   T23]  worker_thread+0x582/0x770
[   66.229726][   T23]  kthread+0x486/0x510
[   66.233797][   T23]  ret_from_fork+0xda/0x150
[   66.238305][   T23]  ret_from_fork_asm+0x1a/0x30
[   66.243094][   T23] 
[   66.245435][   T23] value changed: 0x00000000 -> 0x00000001
[   66.251149][   T23] 
[   66.253471][   T23] Reported by Kernel Concurrency Sanitizer on:
[   66.259639][   T23] CPU: 1 UID: 0 PID: 23 Comm: kworker/1:0 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(voluntary) 
[   66.271968][   T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   66.282122][   T23] Workqueue: rcu_gp process_srcu
[   66.287072][   T23] ==================================================================
[   66.313089][ T5232] netlink: 12 bytes leftover after parsing attributes in process `syz.3.643'.
[   66.362153][ T5230] ext4 filesystem being mounted at /131/bus supports timestamps until 2038-01-19 (0x7fffffff)