last executing test programs:

1m47.66078856s ago: executing program 2 (id=120):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x109801, 0x0)

1m47.66017387s ago: executing program 2 (id=121):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x3c, 0x800, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000001c0)=@buf={0x3f, &(0x7f0000000180)="edfaaa7fad694e66c26db1a5aa46f19e4c07911a65d31a4794a6e1714ef108dc5d41cfe05f3110c528e239d46bf8934b096be60c9eea923a8090ae2b2ba1d9"})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="4000000010000300047ece80b946decd1367b30e946b58ce0f344fd91b2fd73395330eb1815515d246d53105b6bc494e6b7c2e55c2022e0fb364187499934c050362359c4140a340305165877ce6ab08", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRESDEC=r1], 0x40}, 0x1, 0x0, 0x0, 0x884}, 0x4c0b0)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)
io_destroy(0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r5 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
connect$llc(r5, 0x0, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r6, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7, 0x0, 0x2}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x78, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_LABELS={0x14, 0x16, 0x1, 0x0, [0x2, 0x3, 0x6, 0x2000000]}]}, 0x78}}, 0x0)
dup3(r5, r6, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073f97a310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)

1m47.352369085s ago: executing program 2 (id=124):
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000200000000000000000000030000000003000000030000000000000000000000000000010500000010000000000000000000000b02"], 0x0, 0x4e}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000008, &(0x7f0000000300)={[{@grpid}, {@grpjquota}, {@nobarrier}]}, 0x1, 0x521, &(0x7f0000000640)="$eJzs3d9rZFcdAPDvvcmkyW5qpiqyFmyLrewW3ZmksRpF2gqiTwW1vq8xmYSQSSZkJnUTiqb4BwgiKvgH+CL44KMg/RNEWNB3UVFEd/VR98qdudH8mEnGZJJZJ58PnMw598f5nnPJ3Lk/DvcGcG29EBFvRMRYRLwcETPF9LRIsd9J+XKPHr6zlKcksuytvyaRFNMO6srL4xFxs1htMiK++qWIbyQn4zZ399YX6/XadlGutja2qs3dvbtrG4urtdXa5vz83M8j4tWF2axwoX6WI+K1L/zxB9/9yRdf++Unvvm7e3++8628WZ/7UKfdEbF0oQA9dOoutbfFgXwbbV9GsCHJ+1MaG3YrAADoR36M//6I+Gj7+H8mxtpHcwAAAMAoyV6fjn8mERkAAAAwstKImI4krRRjAaYjTSuVzhjeD8aNtN5otj6+0tjZXM7nRZSjlK6s1WuzxVjhcpSSvDxXjLE9KL9yrDwfEc9ExPdnptrlylKjvjzsix8AAABwTdx8/uj5/z9m0nYeAAAAGDHlngUAAABgVDjlBwAAgNHn/B8AAABG2pfffDNP2cF7vJff3t1Zb7x9d7nWXK9s7CxVlhrbW5XVRmO1/cy+jbPqqzcaW5+MzZ371Vat2ao2d/fubTR2Nlv31o68AhsAAAC4Qs88/95vk4jY/+xUO0XxHECAI/4w7AYAgzQ27AYAQzM+7AYAQ1M6cwl7CBh1yRnzTw7e6VwrjF9dTnsAAIDBu/3hk/f/J4p5Z18bAP6fGesDANfP0bt7U0NrB3D1SucdAXhr0C0BhuV9nY+nes3v+fCOPu7/d64xZNm5GgYAAAzMdDslaaU4Tp+ONK1UIp6Ox1k5SsnKWr02W5wf/Gam9FRenmuvmZw5ZhgAAAAAAAAAAAAAAAAAAAAAAAAA6MiyJDIAAABgpEWkf0raT/OPuD3z0vTRqwPH3vr147d+eH+x1dqei5hI/jaTT5qIiNaPiumvZF4JAAAAAMM1lf/pnKcXn3PDbhIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo+bRw3eWDtJVxv3L5yOi3C3+eEy2PyejFBE3/p7E+KH1kogYG0D8/Xcj4la3+Ek8zrKsXLSiW/ypS45fbm+a7vHTiLg5gPhwnb2X73/e6Pb9S+OF9mf37994kS6q9/4v/c/+b6zH/ufpY+Venn3ws2rP+O9GPDveff9zED/pxD8SIi+82Gcfv/61vb2uMw5V2S3+4VjV1sZWtbm7d3dtY3G1tlrbnJ+f+9TCpxdeXZitrqzVa8XfrmG+95FfPD6t/zd6xC8f7f+J7f9SX73P4l8P7j/8QKdQ6hb/zovdf39v9YifFr99Hyvy+fzbB/n9Tv6w53766+dO6/9yj/5PntH/O331Pz7z8le+8/uuc05sDQDgKjR399YX6/Xa9imZyT6W+Z8yERet5/WBtudJyMTZy0w+IU29jEz27c7/48XqueDqJzLZRVYfjwE0Y+LE93QszlthErGf19XnPyQAADBi/nvQf9odJAAAAAAAAAAAAAAAAAAAAOAynfOxZJMR0ffCx2PuD6erAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn+ncAAAD//+8b0g8=")

1m47.120246623s ago: executing program 2 (id=126):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000840)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[], 0x14, 0x2f9, &(0x7f0000000880)="$eJzs3M9P02AYwPFnY8A2AtvBaDQxvNGLXhqYno2LgcS4RILM+CMxKdDpsrqRdcHMGIGTR41/hAfi0RuJ8g9w8aYXL964mHiQg7GmW8vWMWAIrALfT7L0oe/zlLflhTxt2NbvvXlayFlaTq9IOKokJCKyIZKUsHhC7tbZEwqJz6JcHvj55fyd+w9upTOZsUmlxtNTV1JKqaHhj89exNy0lX5ZSz5a/5H6vnZ67ez6n6kneUvlLVUsVZSupkvfKvq0aajZvFXQlJowDd0yVL5oGeX6eKk+njNLc3NVpRdnoyJiWJbSi1VVMKqqUlKVclXpj/V8UWmapgbjcpJFOsrKLk9O6unmPcM7Fyw1xTP/NDF0Xbmc1ntEJLZlJLscyIQAAECgWvv/sNPS79T/S5+vfpf+//2F1crA3Q9Dbv+/0teu/7/6tX4st/9vHHyH/n8wPlfef/+/tSM6+kJ7yN3a/+P48Fa30//H3d/fmqWHtl0L6P8BAAAAAAAAAAAAAAAAAAAAADgKNmw7Ydt2wtt6r34RiYqI93XQ88Th2OPPP9TZ5wrgqGi8cS8yJGK+ms/OZ+tbN2FVREwxZEQS8ru2HlxO7L0XUDmS8slccOsX5rM9tZF0TvK1+lFJSLK13rbHb2bGRlWdv75X4s31KUnIqfb1qbb1fXLpYlO9Jgn5PCMlMWW2tq4b9S9HlbpxO9NSH6vlAQAAAABwHGhqU9v7d03zj/e4dd7zgc3767bPB+r31yNOdT4i/uNH5BwPkwAAAAAA6Aqr+rygm6ZRbhNEZdshfxDuIKfrQWixfoadVnn/yxDInJ1v7rw6SV6SoK5qrHExw52uDV8wLCKm2u80vMdG2+XIxAGdcnivS+LM23e/Du6CX4tEdznTgwpet+7p7fbfIQAAAACHr9H0e3uuBzshAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOoG58elzQ5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8L/4GAAD//wViCTQ=")
r0 = syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESDEC], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r4 = socket(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e24, 0xff, @remote, 0xfff}, 0x1c)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x80000002}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00', <r5=>0x0})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x8010, 0xffffffffffffffff, 0xdbd16000)
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYRESOCT=r5, @ANYBLOB="d9fe27caf8cccd8ed0612aedd7fa1407369f7e6d22b6938f6fa8aa7738513d0111374fede34069c85c62267985611332a7b24e7b48e595501c864e6e1ebb1ce420c3f71f76d5afa848f4dd2564bdadf80efd3f0e545ab405c9316e28a0ea555888251001d009895cefc7ddef4660b4cfaeca6865bea958e3590a5be8d97d9939720eb791e8d05066f7dff24b0be54e3ab5d6fd14c894755f89493244156d73a0213681f29daa9893848416324ea5f5ffb4e09193319170adc33309bf1e2d849363843fe9ec39103116bc32e115d9bfdd9b079008ff9c3e", @ANYRES32=r0, @ANYBLOB="c9fa3f578fbe016418525285a87004620013e68d3fb3968df27b2afff60b6459e17cbcf2244ec96704cf6a948e3e5195d982acb99eb450a0d861a05e6e7b98cef397f499f635252d7e53540622e97630637d7c545561db4e45a32928bf39f3d9b4186054912f7eee6d7c12a736f7c7f33ec2a9322814f0b92ab684263393667071450bc3cf681a609d6ee4f01c11f8fff8ca520f7302d37cf98da5da9a7ed447440e0d1c62569959ef", @ANYRESDEC=0x0, @ANYRES64=r3, @ANYRESOCT=0x0], 0x50)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="1400000010000100000000000000ddd7ae000002000a40000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000001400038008000240000000000800014000000000000100000000000000d813807ac3cab30c2e45c80fd21e3f9b6af580f559a39f5cea8cb334f59379a791678269018b86f8e5b4aa4d8379b38c975590f4955026329bfb5a42e65af524edb80485800b64e43b2821cf70253d80a69fa84c0ddce2f46ca37f1762b976cdd5cb2d1d62c713830901131783238254b4c025777f8cb9a276311c901184392269dcce0fa3f7e0fac1c96f214f0908e8d537e4a4298737a8f804c326172504c8cda9dd4ac0a91159ba7fcaf4acbe9970cf209b86f26422bf40c4f6c0437a76211f6c7bd669887b97f320674326e8cf2deed1e06d45dd000000000000000000"], 0x68}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a48000000160a01080000000000000000020000000900020073797a30000000000900010073797a30000000001c000380180003800d0001006261746164765f736c"], 0x70}}, 0x24040880)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x40, 0x7ffc0002}]})
r8 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x200)
read$usbmon(r8, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000240), 0x10, 0x80100)
syz_open_dev$tty1(0xc, 0x4, 0x4)
getpriority(0x1, r0)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4207, r9)
ptrace$peekuser(0x3, r9, 0x380)

1m45.881691324s ago: executing program 2 (id=145):
writev(0xffffffffffffffff, &(0x7f00000000c0), 0x0)
r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
setreuid(0x0, 0xee00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0])

1m45.533239062s ago: executing program 2 (id=149):
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
r2 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
setsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20044080, &(0x7f0000000040)={0xa, 0xcaa1, 0xffffff7c, @local, 0xd}, 0x1c)
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab968586dd", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={'syzkaller1\x00', {0x2, 0x4e22, @remote}})
ppoll(&(0x7f00000000c0)=[{r0, 0x20}, {0xffffffffffffffff, 0x8004}, {0xffffffffffffffff, 0x126}, {0xffffffffffffffff, 0x2000}, {r4, 0x241}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f00000001c0)={[0x9]}, 0x8)
bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x7, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
socket$pppl2tp(0x18, 0x1, 0x1)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fedbdf250800000018000280140003801000018004000300080001000f0000000c00018008000100", @ANYRES32=r7], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

1m45.471026677s ago: executing program 32 (id=149):
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
r2 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
setsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20044080, &(0x7f0000000040)={0xa, 0xcaa1, 0xffffff7c, @local, 0xd}, 0x1c)
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab968586dd", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={'syzkaller1\x00', {0x2, 0x4e22, @remote}})
ppoll(&(0x7f00000000c0)=[{r0, 0x20}, {0xffffffffffffffff, 0x8004}, {0xffffffffffffffff, 0x126}, {0xffffffffffffffff, 0x2000}, {r4, 0x241}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f00000001c0)={[0x9]}, 0x8)
bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x7, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
socket$pppl2tp(0x18, 0x1, 0x1)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fedbdf250800000018000280140003801000018004000300080001000f0000000c00018008000100", @ANYRES32=r7], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

33.676214376s ago: executing program 5 (id=1100):
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
r2 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b02"], 0x18)
setsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20044080, &(0x7f0000000040)={0xa, 0xcaa1, 0xffffff7c, @local, 0xd}, 0x1c)
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab968586dd", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={'syzkaller1\x00', {0x2, 0x4e22, @remote}})
ppoll(&(0x7f00000000c0)=[{r0, 0x20}, {r5, 0x8004}, {0xffffffffffffffff, 0x126}, {r5, 0x2000}, {r4, 0x241}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f00000001c0)={[0x9]}, 0x8)
bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x7, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
socket$pppl2tp(0x18, 0x1, 0x1)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fedbdf250800000018000280140003801000018004000300080001000f0000000c00018008000100", @ANYRES32=r8], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

32.821711895s ago: executing program 5 (id=1114):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r0 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$selinux_validatetrans(r0, &(0x7f0000001cc0)=ANY=[@ANYBLOB='system_u:object_r:semanage_t system_u:object_r:fixed_disk_device_t:s0 00000000000w'], 0x79)

32.779893998s ago: executing program 5 (id=1116):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
recvmsg(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x40000}, 0x142)

32.473384423s ago: executing program 5 (id=1118):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@abort}]}, 0x1, 0x610, &(0x7f0000000a40)="$eJzs3c9rFGcfAPDvTH6avO+bKC+8rz3UQCkKrYmJWqQUau5F7I9/IDVRxGgkSaFRwQjtsfTSQ6GnHmr/i1borfTQaw+9F0FK8VCL1C2zOxs3m93Nz/3h7ucDa+aZmczznTXfPM88eWY2gJ41kf2TRhyNiJtJxFjFtv7IN06U9nv8x51L2SuJQuH935O4czdZrzxWkn8dzb/577FIfk4jjvRtrXdl7da1ucXFheW8PLV6/ebUytqtk1evz11ZuLJwY+aNmXNnz5w9N31qX+c3UGPdN189Taa//fVCEufjWR5bdl7V+w3tq+bsPZuIQsmTyvXZ+3pun8fuFH+OlX9OnkuqV9CxLud5m+XJ/2Is+ir+N8fi03fbGhzQVIUkym0U0HOSOvn/42yj3wzDTYsHaJVyP6B8bV/rOnirtMm9EqAVHs2WBqRKuT8QEeX87y+NDcZwcWxg5HGyaZwniYj9jcyVZHX89MOFT7JX1BmHA5pj/V55lLu6/U+KuTkew8XSyON0c/6vFwpp3hPI1r+3x/onqsryH1pn/V5E/D9v/wdjx/mf5rlbzv8P91i//AcAAAAAAICD82A2Il6vNf8v3Zj/M1hj/s9oRJw/gPq3//tf+jBfSKp2HTyA6qGnPZqNeKvm/N+NOb7jfXnp38X5ALeTy1cXF05FxH8i4kQMDGXl6arjVs4QPvnZkS/r1V85/y97ZfWX5wLmR3rYX3Uj7vzc6tx+zxuIeHQv4qXi/N9j+ZrN83+y9j+p0f5n+X1zh3UcefX+xXrbts9/oFkKX0ccr9n+P+9uJ42fzzFV7A9MlXsFW718+/Pv6tVfnf9NOEWgjqz9H2mc/0NJ5fN6VnZ3/Owi/fRaf6He9r32/weTD/qiYhDg47nV1eXpiMHkna3rZ3YXM3SrPB+ORZ4vWf6feKXx+N9G/78iDw9FxPoO6hveZrv+P7RPlv/zjdv/8c3t/+4XZu6Pf1+v/os7av/PFNv0E/ka439QaevzOHaaoG0JFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABecGlE/CuSdHJjOU0nJyNGI+K/MZIuLq2svnZ56aMb89m2iPEYSMuf9DtWKiflz/8fryjPVJVPR8ThiPii71CxPHlpaXG+3ScPAAAAAAAAAAAAAAAAAAAAHWK0eM9/Yaj6/v/Mb33tjg5ouv78q3yH3tO/5+8sDB1oIEDL7T3/gRdYds2/i/wfaGYsQBvUz/8nTwtFLQ0HaCH9f+hde8x/fy6ALqD9h161wzG94WbHAbSD9h8AAAAAALrK4WMPfkkiYv3NQ8VXZjDfZrI/dLe03QEAbWMOL/Su/qV2RwC0i2t8INlY+qvmzf71Z/8nzQkIAAAAAAAAAAAAANji+FH3/0Ovanz/v7n90M0a3P9fK/k9LgC6SP2P/tD2Q7dzjQ9s19q7/x8AAAAAAAAAAAAAOsDwrWtzi4sLyytrL97C250Rxu4W1uc6IoxdLBTuRjTe51lzah+IiE55E5ZXsmhaVVf5ERxtPOU2/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2/BMAAP//cdEbCg==")
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0xfdef)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
r2 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000020c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_MADVISE={0x19, 0x19, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x13, 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x3328}], 0x1, 0x0, 0x0, 0x0)
close(r0)
socket$unix(0x1, 0x1, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x84aa5000)
mbind(&(0x7f0000188000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x1, 0x1)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x19, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYRESDEC=r1], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x2}, 0x18)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x5)
r9 = syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r9, 0x1, 0x455b843fbdb64c65)
fchdir(r8)
open(&(0x7f0000000300)='.\x00', 0x0, 0x2)

31.692304466s ago: executing program 5 (id=1128):
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x5d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f0000004200)='t', 0x1)
sendfile(r4, r3, 0x0, 0x3ffff)
sendfile(r4, r3, 0x0, 0x7ffff000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x25}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

31.095260894s ago: executing program 5 (id=1134):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000580)="d8000000180081034e91f783db4cb9040a1d020006007409e8fc55a10a0015000400142603600e120800060000000401a8000800080002000000000004000461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001f", 0x6c}], 0x1}, 0x0)

31.067716926s ago: executing program 33 (id=1134):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000580)="d8000000180081034e91f783db4cb9040a1d020006007409e8fc55a10a0015000400142603600e120800060000000401a8000800080002000000000004000461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001f", 0x6c}], 0x1}, 0x0)

4.860558686s ago: executing program 3 (id=1409):
r0 = syz_io_uring_setup(0x3e, &(0x7f0000000640)={0x0, 0xaddb, 0x10100, 0x1, 0x92}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f00000003c0)=<r2=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f0000000140)={&(0x7f0000000480)=""/234, 0xea, <r5=>0x0, &(0x7f00000000c0)=""/68, 0x44}}, 0x10)
memfd_create(&(0x7f0000000180)='-&:\n\x03\x00\x00\x00\x00\x00\x00\x00V$&\xb8=\x94Z}~\xae\x87\x88\xea\xde\xd9=-\x01\x00\x00\x80=\x1d\x8bl\xd5\xc3DE\xbb0\x8e\xac\xf2r#TZ>\xfb\xdf\xc1\xd4\xd1\xee\x88\xebI\xab\xf6\xab}\x85\x18 \x8a\x8aG:\xacD-\x99JD/~\xd6\xb5m,\x8d\x1d\x1c\xe9\xe5<\xfcP)E\xc1\x8e\xeb\xd0^\x00\x00\x00\x00\x00\x00\x00\xc3\xaa\x9a\x9be\xed\xf2\xde\xccx\x1f\x0fne\xe8G\xe4Y\xc9\vR2fY\x8e\x9d\x97 \x00\x00\x00\xe6JV\x80\xdd\x96F\xc90}SH\xe8\xd4RV\xb6\xc9h\xfb\xf3#\xcb\x14a\xab\bn.\x7f\xb1\xe26~$\xa9\v\x9b|>\xf5G\xb5\xac/\xc3n\x16\xee\xdf\xd0a\xf7\x94\xc0rk\x88r\x94\xb6e\x98\xdf\xf36\x82\x8b\x9a\xb9\x10\xa0q\xd8n\x15\x02\xc2@\xa5\xbe\xab\x83\xf9-\x9f\x19\x05\x12*!>\xde\x18L#8\xa5\b^\x19\xeb\xba\xd7\xbdV\x02\xf2\xcf6w\x86\x01\x81\xe4E\v\xd4\xd9\xe7_\xc2\x80\xea\xf9A\xf0\xef\xde\xe3)\xa8\n\f\xb1\f\x159pV2\xf6FCw\xf3r:y\xb1\xee\xc4!\xbaW\xb8\xb1 \x8e\x98!\xd0LL\xec)N\xa1\xa0\x15\xea\xf8kZ\xca\x1eMU\xf6\xfb\xbd\xb2\xc3\a\xc9\xea\x1db\x9b\xd6\x94\x8em\x1b\xd3T\xef*\x1cI\x17:yu8\xb5\x04\xb4\x9e$\xf0\ruS\xee\t3\xeeUb\x10\xfeP\xb3GQ\xc3\xbfA1\atU\xc1\xd6a\x9f1\xe0\xf8.b\a\xe8v\xf7=\x8e\xf5\xfe\xd8Y\xf8\x99_\xe4%\xc54\x96\xf4\xe9\x80:\x8erg\xd8L\xd1\xe0\xc3\xf5\xfe\xa0Dm\xd8_\xf1\xca\x03\xdc\xad\x91\xa6\x18\t\x00'/450, 0x3)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x2, 0xfffffff8})
r7 = syz_open_pts(r6, 0x101000)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x17)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xf6}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newqdisc={0x80, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @qdisc_kind_options=@q_fq={{0x7}, {0x4c, 0x2, [@TCA_FQ_TIMER_SLACK={0x8, 0xd, 0xfffffff4}, @TCA_FQ_QUANTUM={0x8, 0x3, 0xc}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x9}, @TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x1}, @TCA_FQ_RATE_ENABLE={0x8}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x9}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x615}, @TCA_FQ_QUANTUM={0x8, 0x3, 0xff}, @TCA_FQ_PLIMIT={0x8}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x80002101})
io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r4)

4.012864665s ago: executing program 3 (id=1421):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0})
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_timeval(r4, 0x1, 0x14, &(0x7f00000007c0)={0x0, 0xea60}, 0x10)
recvfrom(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r4)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1a000000080000000200000004000000050000", @ANYRES32, @ANYBLOB="0000080002000000000000000000000000000000d69775c914cbab20851696bb5551ffbd9fba"], 0x50)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4)
close(0xffffffffffffffff)

3.731163028s ago: executing program 3 (id=1423):
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
r2 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
setsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20044080, &(0x7f0000000040)={0xa, 0xcaa1, 0xffffff7c, @local, 0xd}, 0x1c)
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273", 0x7, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={'syzkaller1\x00', {0x2, 0x4e22, @remote}})
ppoll(&(0x7f00000000c0)=[{r0, 0x20}, {r5, 0x8004}, {0xffffffffffffffff, 0x126}, {r5, 0x2000}, {r4, 0x241}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f00000001c0)={[0x9]}, 0x8)
bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x7, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
socket$pppl2tp(0x18, 0x1, 0x1)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fedbdf250800000018000280140003801000018004000300080001000f0000000c00018008000100", @ANYRES32=r8], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)

2.892579926s ago: executing program 3 (id=1431):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wg0\x00', <r2=>0x0})
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r1, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0xac, &(0x7f0000000400)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @local, @val={@void, {0x8100, 0x1, 0x0, 0x1}}, {@mpls_mc={0x8848, {[{0xfff, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0xffff9, 0x0, 0x1}], @ipv4=@icmp={{0x6, 0x4, 0x2, 0x17, 0x82, 0x66, 0x0, 0x10, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @loopback, {[@noop]}}, @echo={0x8, 0x0, 0x0, 0x4, 0x7, "b5503b3088df3178b9a953dbb944dba56444bb70310334e34da87efcf3e77100b13c56db9d817e37224898857983819cf9184974facca8e3f66872f9e213cef0e10998da483f7ecad3f5f9e77bf24ce8b7eb9ccddf1fff3a21dd6f8d2e0637c20c0e"}}}}}}, &(0x7f00000004c0)={0x1, 0x4, [0xe3e, 0x6b3, 0x98d, 0x6de]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r3}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
syz_emit_ethernet(0x5e, &(0x7f0000000380)={@local, @random="c3421183dfff", @val={@void, {0x8100, 0x3, 0x0, 0x4}}, {@mpls_mc={0x8848, {[{0x81, 0x0, 0x1}, {0x3ff, 0x0, 0x1}], @ipv4=@icmp={{0xf, 0x4, 0x1, 0x4, 0x44, 0x68, 0x0, 0x4, 0x1, 0x0, @remote, @empty, {[@lsrr={0x83, 0xf, 0xe8, [@private=0xa010100, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @noop, @ssrr={0x89, 0x7, 0x82, [@loopback]}, @generic={0x86, 0xd, "15f99e53a022a83cd2de49"}, @ra={0x94, 0x4}]}}, @address_request={0x11, 0x0, 0x0, 0x5}}}}}}, 0x0)

2.631358217s ago: executing program 4 (id=1434):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001f27561277f0645fff48696e424548820707ae10ce52f633d12f93d328260f2438c2b011339e8b658a3de44fa4cc2bf29f3287a4bf4efdcb06cf76751fc9e9722cbef45348175ce5c18"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2f}, {[@timestamp_addr={0x44, 0x4, 0x1, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0xffff}}}}}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r4}, 0x10)
r5 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$selinux_validatetrans(r5, &(0x7f0000001cc0)=ANY=[@ANYBLOB='system_u:object_r:semanage_t system_u:object_r:fixed_disk_device_t:s0 00000000000w'], 0x79)
socket$tipc(0x1e, 0x7, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10)
r9 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r9, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @loopback, 0xa39}, {0xa, 0xfffe, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}, 0x1000, {[0x6, 0x0, 0xffffffff, 0xfffffefb, 0x0, 0x1, 0x2]}}, 0x5c)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r11, 0x0, 0x7fffffffffffffff}, 0x18)
open(0x0, 0x11d641, 0xa3)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x8000, &(0x7f0000000580)=ANY=[@ANYBLOB="00ab33cd3e318268ab734c080882896c559e8a9216e8a0393ea04c2f192d9f682203780a724e57f5208ee4feaf20ddbc40f19033eb56859e4a1038b82009215d2a4e8cc8d75827212d6afa0338fa90546fa3b50bc176bff1918081851945d76a5b10c5831b5564e77c2d52e19c5666f0097430758ef552f07b6797ba5a90fd7f78d2b54f3f9627447942c41e00828e917427d97a7e267d2f739a20902308d6a8f126bdcb10edce8af46f3327c014503cd7867fa062f4a68295798ae92bd47f24ee55864456dac7de4dadbc141d8b72bda9c0da1ec6717596e6f0994a0ffc8cf9538d7a0cc1795cb86cd3b918f073c12031ba6a"], 0x1, 0x294, &(0x7f0000000800)="$eJzs3cFqE10UAOCTNG2S8kO6/nEx4MZVUN8gSAQhIESyN1DdtCKkm+jGPIZrlz6MD+BjdCHdjSQzSUxTabXTTGO+D4Y5uWcucyaLuRO4d/L6wbuT4/dnb9Pvn6PRSL61IiZxEXEU1diLTCXfVyOiFqsmAQBsm35/2Pn73p+KLIUiVNabRqPOcPrcVl/LDL5upigAAAAAAAAAAACKdmn+f9Sumf9fiYOV/ub/A8D2ud38f+69ZkSMOsPD/Pltlfn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHku0rSVzrYvjazlv4iYt6WtsusDAIq3HP+v3squDwAo3mL8bxr/AWBX3OL3/94GywQACvTqRz2i1+v2k6QRcT4ZD8aDbJ/ln7/odR8n9SRJkqNlr/PxeLCfx73ukyQTEZWIybRxlj/M+z9d5n/pfxCPHmb5ae7Zy94sPz/JeFCP4019CQAAAAAAAAAAAAAAAAAAAFCydrJwaX1/9nqfdvt3+SzK3g9w1fr+Wvxfyz82N3IpAAAAAAAAAAAAAAAAAAAAsLXOPnw8GZ6evhkJdiSoxvXHNG9wzFrQiPtxgYI/CdL8RrCWutHto3anNycAAAAAAAAAAAAAAAAAANgxi0W/+2VXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADlWfz//x0G83NNyr1UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4B/3MwAA///UpIPg")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='afs_io_error\x00', r6}, 0x69)
syz_clone(0x42080000, 0x0, 0x0, 0x0, 0x0, 0x0)

2.381966727s ago: executing program 0 (id=1436):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\xac\xed\x00\x00')
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x121602, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
pwrite64(0xffffffffffffffff, &(0x7f00000001c0)="1f", 0x1, 0x4)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x6000, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x18, 0x8, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.246366598s ago: executing program 1 (id=1437):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x48)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x5)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0xfffffff8, 0xfffffe00, 0xe57, 0x1, 0x7, "3ce6920887000000000000000d00", 0x4, 0x1ff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x80000001}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee1, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={0x0}}, 0x4004)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000080))

2.108511439s ago: executing program 0 (id=1438):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="0015954d97357ea18147bbbf64fc9943f9ab1d751664006eef4c5dc3db033e7f79eed817d87a283f22a929830c2e04b6df5b86bdf2f9"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0xaa)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000580)='mm_page_alloc\x00', r0}, 0x18)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
unshare(0x68040200)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001ec0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee10426bda42cf18edce3fa0a8ed5441ea27c3a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r4 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000040)={@multicast2, @multicast1, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a", 0x4}, 0x3c)
setsockopt$MRT_DEL_MFC_PROXY(r5, 0x0, 0xd3, &(0x7f0000000100)={@multicast2, @multicast1, 0x4, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x0, 0x200, 0x489c}, 0x3c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='mm_page_alloc\x00', r1, 0x0, 0x3}, 0x18)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r7, 0xc0105500, &(0x7f0000000080)={0x0, 0x9, 0x3, 0x0, 0x0, 0x8, 0x0})
sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x200000000000004d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}, {{&(0x7f0000000240)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000300)="3f99392a8c58f225aefea20fdbef7b1e21b153badb673f19ee2cca5b2327111352868e26385f31bff8027df5bf7f5a82462855ce14aa1010b5213fa0b2a07dca05e7fe31b7083a92d8bcf76e7199361fa85876ab60132bb0b6a8a4c6d432f4698be4f160cd5a650ddcca7048963f64ffd9a199d417400f5dd2d0be41b600bd898cf949387a8c74e0a5fd49742191daec5473bcaf9878c518938ad2860916c65cced3cf499eada24e45b0ae7e105eb278ba2f0655d02f2f62dc0a039ddaded124262e90b5f89ce67aecdb2fa72095408084bea6d96e792532f6ea9309c62b8a65159780a68c561505f0f508b2f84de9be2b0baa0b09aa6c5e622d53865670", 0xfe}], 0x1, &(0x7f0000000900)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x18}, @empty}}}, @ip_retopts={{0xd4, 0x0, 0x7, {[@ssrr={0x89, 0xb, 0x5c, [@broadcast, @loopback]}, @generic={0x83, 0x8, "6f75f5586494"}, @lsrr={0x83, 0xf, 0x26, [@empty, @local, @empty]}, @cipso={0x86, 0x42, 0x0, [{0x7, 0xf, "af6c55689b8557015d169232fe"}, {0x2, 0x7, "0ab151238a"}, {0x2, 0xf, "1e3c74878cbdadc63a420d210a"}, {0x1, 0xc, "65687e447f2522fb8eea"}, {0x1, 0xb, "1a299cc39b06af9679"}]}, @timestamp_prespec={0x44, 0x1c, 0x5d, 0x3, 0xb, [{@dev={0xac, 0x14, 0x14, 0x23}, 0xb}, {@private=0xa010100, 0x5}, {@remote, 0x7fff}]}, @timestamp_addr={0x44, 0x44, 0x74, 0x1, 0x0, [{@dev={0xac, 0x14, 0x14, 0x24}, 0x800}, {@multicast2, 0x1669}, {@multicast2, 0x5}, {@private=0xa010101, 0x1}, {@empty, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff61}, {@broadcast, 0x1}, {@broadcast, 0x9}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfc}}], 0x130}}, {{&(0x7f0000000880)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000f40)=[{&(0x7f0000000a40)="b216c99436e85ad48d921e2bf046df0ff31b5ed644ae1a657aa535abdb4440b2d0d5600b24a47f1c10230a5458166419cfb7bd7d2c20ac9f64e1e4b16800c375a8486b90e692c8b77dba77aa949e2472121e5ec47b46227d9d14ed584eb500ca0c4269ca7a82008be4cb", 0x6a}, {&(0x7f0000000ac0)="a76b12cf3f466876b29468b7d7c12e6cc0c747176ab1fadc6467ead0eb52ee2243a98b291e7d9b17063f7bc9300c9638d80296a16ba927eb7cf9c6589668be5e5a2ac6de818483bb36d39eb2ff921add55adf8c0955d6a3b5b6765024302a19dab50bac41a2ed0e73a6772c7956a844e8a08ca296606e0bc24e3e0aaf5be29c8b333b5a457180d5f43bf3c8a6718b1ceab20dd8ac102c2e1dc64a51470036531118ec746dc998c1e1c57d0cae5f7b23fcafbea07100c260ea934b9bc9a449b0cfeaddb9a5825ddd75554", 0xca}, {&(0x7f0000000c00)="bf90ab5a737bab01b54805c4d7a82496eb96028c8a856f29d442da05fd1b35f70a40bf9daa429f315bd34c0804cf44d757fa79582d5f80b753e299e0eb7ed063f1a8a45892307080100107394b0504d2005ef208c776de90103464c1126321c57f348a085c7eb2740d50dcefa70bf400ede8aaae708750d3", 0x78}, {&(0x7f0000000c80)="e4d6f2c6f84949cca2569ac2a74a94", 0xf}, {&(0x7f0000000cc0)="fde1d00da0696b3c1154e942926f49214f1b1787752702a7dd8267964e95762868d83d380206606dcd99e2d95ea78d92e63fa3288eee78fa33939cbc39", 0x3d}, {&(0x7f0000000d00)}, {&(0x7f0000000d40)="f784a09b600b2fec52f2cce4b15321609c0d7895d981b921b3e6b848facabc853be0c651e3492f2aba56e06bbcb9fb2396d37d8b41c7ca3dbbdc99bd7531222204822616ae571f646d13054d5490219e8875a2d6f63d9c38bd0a2b35da8aae5423fa879fad9e5dfd07a081666e7f747982323fba0afd35e0c2778618fdfca2dbb749bf097261e72efd3d22b3d8afe7e883695fb67d70bf4920f6c62c79901e987013d3af7a6e9d11388997fe6c", 0xad}, {&(0x7f0000000e00)="593c9eab797ccaba9de8e80f6fbabe4da113f037b526da0910c0475f47f5d4a2ff7a6131b2537b05e31ef7d634f13a6e06aab8d08ed1fc0002ae54d4f2f299e5d471da08f60f38420ac5dba054eb7ca76187e9183ed8b41720786fafacb3b6afc8d5da4e9421a08d568d4e3349b496240239b9c94f9d9be7f29b2020bbc160260a896bcf1c0caf360b777ac44b67afb94c5e87b041e61fe34a1a2059fa00983ad4d32e46f4391922274ff069f268002503b986309d3d1a35c5dc278306a470a50663c4828ab4ae6a24154ab6202b19b8158e31ed96a5555bbe9acddb046e74616b", 0xe1}, {&(0x7f0000000f00)="841e639d770301f95bfc46d37e85f6ea3bed99938cfbfbc348ae8728d930b07df1199ff9e485919bceb01c77dcd294cb0bf934", 0x33}], 0x9, &(0x7f0000001000)=ANY=[@ANYBLOB="140000000000000000000000020000000800000000000000110000000000000000000000010000004c0000000000000014000000000000000000000002000000f37400000000000038000000000000000000000007000000014424b9807fffffff000003a600000002000000028000000000008001000000810000000c0000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="e0b24a00"], 0xa0}}], 0x3, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
socket$inet(0x2, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="0100008000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)

1.992023899s ago: executing program 3 (id=1439):
r0 = syz_io_uring_setup(0x3e, &(0x7f0000000640)={0x0, 0xaddb, 0x10100, 0x1, 0x92}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f00000003c0)=<r2=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f0000000140)={&(0x7f0000000480)=""/234, 0xea, <r5=>0x0, &(0x7f00000000c0)=""/68, 0x44}}, 0x10)
memfd_create(&(0x7f0000000180)='-&:\n\x03\x00\x00\x00\x00\x00\x00\x00V$&\xb8=\x94Z}~\xae\x87\x88\xea\xde\xd9=-\x01\x00\x00\x80=\x1d\x8bl\xd5\xc3DE\xbb0\x8e\xac\xf2r#TZ>\xfb\xdf\xc1\xd4\xd1\xee\x88\xebI\xab\xf6\xab}\x85\x18 \x8a\x8aG:\xacD-\x99JD/~\xd6\xb5m,\x8d\x1d\x1c\xe9\xe5<\xfcP)E\xc1\x8e\xeb\xd0^\x00\x00\x00\x00\x00\x00\x00\xc3\xaa\x9a\x9be\xed\xf2\xde\xccx\x1f\x0fne\xe8G\xe4Y\xc9\vR2fY\x8e\x9d\x97 \x00\x00\x00\xe6JV\x80\xdd\x96F\xc90}SH\xe8\xd4RV\xb6\xc9h\xfb\xf3#\xcb\x14a\xab\bn.\x7f\xb1\xe26~$\xa9\v\x9b|>\xf5G\xb5\xac/\xc3n\x16\xee\xdf\xd0a\xf7\x94\xc0rk\x88r\x94\xb6e\x98\xdf\xf36\x82\x8b\x9a\xb9\x10\xa0q\xd8n\x15\x02\xc2@\xa5\xbe\xab\x83\xf9-\x9f\x19\x05\x12*!>\xde\x18L#8\xa5\b^\x19\xeb\xba\xd7\xbdV\x02\xf2\xcf6w\x86\x01\x81\xe4E\v\xd4\xd9\xe7_\xc2\x80\xea\xf9A\xf0\xef\xde\xe3)\xa8\n\f\xb1\f\x159pV2\xf6FCw\xf3r:y\xb1\xee\xc4!\xbaW\xb8\xb1 \x8e\x98!\xd0LL\xec)N\xa1\xa0\x15\xea\xf8kZ\xca\x1eMU\xf6\xfb\xbd\xb2\xc3\a\xc9\xea\x1db\x9b\xd6\x94\x8em\x1b\xd3T\xef*\x1cI\x17:yu8\xb5\x04\xb4\x9e$\xf0\ruS\xee\t3\xeeUb\x10\xfeP\xb3GQ\xc3\xbfA1\atU\xc1\xd6a\x9f1\xe0\xf8.b\a\xe8v\xf7=\x8e\xf5\xfe\xd8Y\xf8\x99_\xe4%\xc54\x96\xf4\xe9\x80:\x8erg\xd8L\xd1\xe0\xc3\xf5\xfe\xa0Dm\xd8_\xf1\xca\x03\xdc\xad\x91\xa6\x18\t\x00'/450, 0x3)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x2, 0xfffffff8})
r7 = syz_open_pts(r6, 0x101000)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x17)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xf6}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newqdisc={0x80, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @qdisc_kind_options=@q_fq={{0x7}, {0x4c, 0x2, [@TCA_FQ_TIMER_SLACK={0x8, 0xd, 0xfffffff4}, @TCA_FQ_QUANTUM={0x8, 0x3, 0xc}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x9}, @TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x1}, @TCA_FQ_RATE_ENABLE={0x8}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x9}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x615}, @TCA_FQ_QUANTUM={0x8, 0x3, 0xff}, @TCA_FQ_PLIMIT={0x8}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x80002101})
io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r4)

1.643481747s ago: executing program 6 (id=1442):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0, r1}, 0x18)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x10005, 0xffffffffffffff63)
recvmmsg(r3, &(0x7f0000007280)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x1, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1.615668999s ago: executing program 1 (id=1443):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x7fffffffffffffff}, 0x18)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x63cf80fb, 0x1, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x42080000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.570837783s ago: executing program 6 (id=1444):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200008, &(0x7f0000000380)={[{@nolazytime}, {@auto_da_alloc}, {@sysvgroups}, {@norecovery}, {@jqfmt_vfsv0}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0)
preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)

1.468649731s ago: executing program 6 (id=1445):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
setsockopt$inet6_mtu(r0, 0x29, 0x1e, &(0x7f0000000000)=0x2, 0x4)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d000000140000001100"], 0xa8}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r3, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2, 0x1}, 0x1205, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x40000000000000, 0xffffffffffffffff, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)

1.415127816s ago: executing program 0 (id=1446):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000180)={0x0, 0x4, 0x1000000b, 0x9, 0x4, "00000000000000000000c2041a02003d00"})
syz_open_pts(r0, 0x62080)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x210, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1e0, 0x2, {{0x10000, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xc0, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x7, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb68, 0xf, 0x4}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x1, 0x8, 0x85bc, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x8000000, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x5, 0x7, 0x7}}, @NETEM_LOSS_GE={0x14, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x8, 0x50195274, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0xcc}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x210}}, 0x0)

1.366662259s ago: executing program 4 (id=1447):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r1, &(0x7f0000002700)={&(0x7f0000000080)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000180)="90", 0x1}], 0x1}, 0x8040)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0xd7, 0x0}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="9a", 0x1}], 0x1}, 0x8000)
sendmsg$inet(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d00028422fb564500006e23e3f58e76110165f450e71bfc74e3002500028d459e37000f0000000000bf9367a17e51f60a64c9f4d4938037e786a6d0bdd700000000000000000051fd1f33597225", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x19)

1.262452098s ago: executing program 1 (id=1448):
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', 0x0, 0x9d, &(0x7f0000000300)='trans=rdma,')

1.098984731s ago: executing program 3 (id=1449):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4eb, 0x5, [0x5, 0x8, 0x8, 0x7, 0x3]}, &(0x7f0000000040)=0x12)

1.097412991s ago: executing program 1 (id=1459):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, 0x0, &(0x7f00000006c0)}, 0x20)

1.093643352s ago: executing program 6 (id=1450):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f00000000c0)='./file0\x00', 0x60004ce)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
fdatasync(r2)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000440)={0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
quotactl$Q_SYNC(0xffffffff80000102, 0x110e22ffff, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, 0x0)

909.010326ms ago: executing program 1 (id=1451):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @broadcast}, 0x4}}, 0x26)

880.040509ms ago: executing program 0 (id=1452):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
setsockopt$inet6_mtu(r0, 0x29, 0x1e, &(0x7f0000000000)=0x2, 0x4)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d000000140000001100"], 0xa8}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2, 0x1}, 0x1205, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x40000000000000, 0xffffffffffffffff, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)

792.693716ms ago: executing program 1 (id=1453):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x14, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605b"], 0x0, 0x0, 0x51, 0x0, 0x40f00}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000007000000000000000000008500000023000000", @ANYRES32], &(0x7f00000001c0)='GPL\x00', 0x4}, 0xf5)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="1b00000000000000000000001402000000000000", @ANYRES32, @ANYBLOB="ff00"/20, @ANYBLOB="ee417fad2114e3d52106bc9a70166fd0cac7a969b4ca6872a3957f21e9243d9b8ae96aa78e4ee3d44189a6927451bba203a99d9fd1fe74768e192378a8ebaffffc2c011b505db50593950979c14cf916f7fcf1ac1c196271ea442bc6e22a0b236ee9412f063dfef9877cd1d086487a24ba78d95ab9d64ce4db75e46c16e88dbd1f8a9186fd3a398fcf7e14b97d0347fe22f822dea9", @ANYRES32=r0, @ANYBLOB="0004002c05"], 0x50)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='kfree\x00', r2}, 0x18)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x4, 0x1})
ioctl$BLKTRACESETUP(r1, 0x1276, 0x0)
r3 = syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0xfffffffffffffffe, &(0x7f0000000140)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178c0900000000000000f39ed4b41924dc225ad4028dd63debb87d698be5c749450b350a789dcfc6b2d6a69600026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fbf057bb711116e53eb0b55667f1a28c2d6506cf26422d389b")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010300000000fedbdf2505"], 0x1c}, 0x1, 0x0, 0x0, 0x4004015}, 0x20000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="1400000041f4e488720da6e144fbb588ca05d8c9c1b8a328ec2b4fadb45dc2b1e774ef535ea75bfff500cd348a87a0c6"], 0x14}}, 0x4)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=")
socket$inet_udplite(0x2, 0x2, 0x88)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f00001aa000/0x4000)=nil, 0x4000, 0x300000e, 0x1010, 0xffffffffffffffff, 0x2)
r7 = io_uring_setup(0x1694, &(0x7f0000000000)={0x0, 0x0, 0x80, 0x1, 0x17b})
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

582.399883ms ago: executing program 0 (id=1454):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @broadcast}, 0x4}}, 0x26)

539.961606ms ago: executing program 0 (id=1455):
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x5d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r4, &(0x7f0000004200)='t', 0x1)
sendfile(r4, r3, 0x0, 0x3ffff)
sendfile(r4, r3, 0x0, 0x7ffff000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x25}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4eb, 0x5, [0x5, 0x8, 0x8, 0x7, 0x3]}, &(0x7f0000000040)=0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

481.155411ms ago: executing program 4 (id=1456):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r2}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x48)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x5)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x80000001}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee1, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000005f00)={0x30, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x30}}, 0x4004)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x8)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000080))

369.99374ms ago: executing program 4 (id=1457):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200008, &(0x7f0000000380)={[{@nolazytime}, {@auto_da_alloc}, {@sysvgroups}, {@norecovery}, {@jqfmt_vfsv0}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0)
preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)

291.233637ms ago: executing program 6 (id=1458):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x3c, 0x800, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000001c0)=@buf={0x29, &(0x7f0000000180)="edfaaa7fad694e66c26db1a5aa46f19e4c07911a65d31a4794a6e1714ef108dc5d41cfe05f3110c528"})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x884}, 0x4c0b0)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)
io_destroy(0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r5 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6, 0x0, 0x2}, 0x18)
dup3(0xffffffffffffffff, r5, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073f97a310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)

200.368444ms ago: executing program 4 (id=1460):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0})
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_timeval(r4, 0x1, 0x14, &(0x7f00000007c0)={0x0, 0xea60}, 0x10)
r5 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r5, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4)
close(r5)

1.39799ms ago: executing program 6 (id=1461):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x48)

0s ago: executing program 4 (id=1462):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@errors_continue}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}]}, 0x1, 0x529, &(0x7f0000001c80)="$eJzs3ctvY1cZAPDPTuw8Jm3S0gUgaIc+GNBonMTTRlUXUDYghCohugRpGhJPFMWJo9gpTZhFukbskKjECpb8AeyQukJiyQbBjs0ghMQjAk2QELroXt9knIw9iWYSO41/P+nqnnOP7e87k7nnjE/GPgEMresRsRcR5Yh4LyKm8+uF/Ii320f6uAf795YO9u8tFSJJ3v1HIWtPr0XHc1LX2q/5WvrU73wj4vuFR+M2d3bXFuv12lZen22tb842d3Zvra4vrtRWahvV6sL8wtybt9+onltfX1ov56XP3//d3pd/mKY1lV/p7Md5ane9dBQnNRoR37qIYAMwkvenPOhEeCLFiHg+Il7O7v/pGMl+mgDAVZYk05FMd9YBgKuumK2BFYqVfC1gKorFSqW9hvdCTBbrjWbr5t3G9sZye61sJkrFu6v12ly+VjgTpUJan8/KD+vVE/XbEfFcRPxkbCKrV5Ya9eVB/sMHAIbYtRPz/7/H2vM/AHDFjQ86AQCg78z/ADB8zP8AMHzM/wAwfNrz/8Sg0wAA+sj7fwAYPuZ/ABgq337nnfRIDvLvv15+f2d7rfH+reVac20itpcqS42tzcpKo7GSfWfP+mmvV280Nudfj+0PZr6y2WzNNnd276w3tjdad7Lv9b5TK2WP2utDzwCAXp576eM/FtIZ+a2J7IiOvRxKA80MuGjFQScADMzIoBMABsZuXzC8jr3H/8uTPxX45OqyRe+R3349Sca7fUAoSZLkYtMCLtCNz3RZ/x/5X3Y2wcPV1rH+f6b/BfxjgwJcGdb/YXhZ/4fhlSSFs+75H2d9IABwuVnOA3r8/v/5/PzL/JcD31s++YiPLjIrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNwO9/+t5HuBT0WxWKlEPBMRM1Eq3F2t1+Yi4tmI+MNYaSytzw84ZwDgaRX/Wsj3/7ox/erUsaYXrx0VyxHxg5+9+9MPFlutrd9HlAv/HDu83voov17tf/YAwOkO5+ns3PFG/sH+vaXDo5/5/O1rETHejn+wX46Do/ijMZqdx6MUEZP/KuT1tkLH2sXT2PswIj7drf+FmMrWQNo7n56Mn8Z+pq/xi8fiF7O29jn9s/jUOeQCw+bjdPx5u9v9V4zr2bn7/T+ejVBPLx//0pdaOsjGwIfxD8e/kR7j3/Wzxnj9N99slyYebfsw4rOjEYexDzrGn8P4hR7xXz3xWuUe8f/0uRdf7pVb8vOIG9E9fmes2db65mxzZ/fW6vriSm2ltlGtLswvzL15+43qbLZGPdt7Nvj7Wzef7dWW9n+yR/zxU/r/Ws+Ix/3iv+999wuPif+lV7rFL8YLj4mfzolfPGP8xclfjfdqS+Mv9+j/aT//m2eMf//Pu49sGw4ADE5zZ7e0WK/Xtpo7u2tdC7+e7NmkcKxQjkuRxlUupH9lL0EaXQtf7VescnRv+tEr7Xv6RFOSPFGs4+PEw3eO57HqBlwGRzd9RPxn0MkAAAAAAAAAAAAAAABd9eMTS4PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX/wMAAP//c47TLw==")

kernel console output (not intermixed with test programs):

xt4_do_update_inode:5653: inode #16: comm syz.5.907: corrupted inode contents
[  101.893672][ T6405] EXT4-fs (loop4): 1 orphan inode deleted
[  101.899894][ T6405] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.913461][   T52] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:4: Failed to release dquot type 1
[  101.926942][ T6402] EXT4-fs (loop5): Remounting filesystem read-only
[  101.936165][ T6402] EXT4-fs (loop5): 1 truncate cleaned up
[  101.941861][ T6405] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.943141][ T6413] bio_check_eod: 193 callbacks suppressed
[  101.943156][ T6413] syz.3.910: attempt to access beyond end of device
[  101.943156][ T6413] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128
[  101.954361][   T12] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  101.960467][ T6413] syz.3.910: attempt to access beyond end of device
[  101.960467][ T6413] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128
[  101.975322][   T12] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  101.987224][   T12] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  102.002169][ T6413] syz.3.910: attempt to access beyond end of device
[  102.002169][ T6413] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128
[  102.044027][ T6402] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.045323][ T6413] syz.3.910: attempt to access beyond end of device
[  102.045323][ T6413] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128
[  102.059775][ T6402] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.074152][ T6413] syz.3.910: attempt to access beyond end of device
[  102.074152][ T6413] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128
[  102.099349][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.142394][ T6413] syz.3.910: attempt to access beyond end of device
[  102.142394][ T6413] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128
[  102.158629][ T6413] syz.3.910: attempt to access beyond end of device
[  102.158629][ T6413] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128
[  102.174000][ T6413] syz.3.910: attempt to access beyond end of device
[  102.174000][ T6413] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128
[  102.190182][ T6413] syz.3.910: attempt to access beyond end of device
[  102.190182][ T6413] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128
[  102.208995][ T6413] syz.3.910: attempt to access beyond end of device
[  102.208995][ T6413] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128
[  102.251868][ T6421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.911'.
[  102.262629][ T6421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.911'.
[  102.298189][ T6424] netlink: 8 bytes leftover after parsing attributes in process `syz.5.912'.
[  102.314531][ T6427] netlink: 32 bytes leftover after parsing attributes in process `syz.4.913'.
[  102.408950][ T6432] loop5: detected capacity change from 0 to 512
[  102.432083][ T6432] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  102.444136][ T6432] EXT4-fs (loop5): orphan cleanup on readonly fs
[  102.465789][ T6432] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.912: corrupted inode contents
[  102.516745][ T6432] EXT4-fs (loop5): Remounting filesystem read-only
[  102.525852][ T6432] EXT4-fs (loop5): 1 truncate cleaned up
[  102.536936][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.550301][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.598177][ T6441] loop0: detected capacity change from 0 to 2048
[  102.605060][   T31] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  102.616954][ T6432] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.632206][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.688456][ T6432] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.704305][ T6443] loop4: detected capacity change from 0 to 512
[  102.711866][ T6443] EXT4-fs: Ignoring removed orlov option
[  102.793704][ T6443] EXT4-fs error (device loop4): dx_probe:791: inode #2: comm syz.4.915: Attempting to read directory block (0) that is past i_size (256)
[  102.809576][ T6443] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  102.818758][ T6443] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.835652][ T3293]  loop0: p2 p3 p7
[  102.851332][ T6441]  loop0: p2 p3 p7
[  103.091079][ T6449] loop0: detected capacity change from 0 to 512
[  103.107217][ T6449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  103.165067][ T6449] EXT4-fs (loop0): 1 orphan inode deleted
[  103.206593][ T6449] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.224721][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.5.922'.
[  103.259680][ T6449] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.285644][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.5.922'.
[  103.542750][ T6458] loop5: detected capacity change from 0 to 128
[  103.596397][   T31] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u8:1: Failed to release dquot type 1
[  103.634878][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.054756][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.129484][ T6462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'.
[  104.161503][ T6463] loop0: detected capacity change from 0 to 512
[  104.185372][ T6463] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  104.201410][ T6463] EXT4-fs (loop0): orphan cleanup on readonly fs
[  104.209747][ T6470] netlink: 44 bytes leftover after parsing attributes in process `syz.4.926'.
[  104.220479][ T6470] netem: unknown loss type 12
[  104.226024][ T6470] netem: change failed
[  104.232995][ T6463] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.923: corrupted inode contents
[  104.243976][ T6462] loop1: detected capacity change from 0 to 512
[  104.266181][ T6470] loop4: detected capacity change from 0 to 512
[  104.283811][ T6463] EXT4-fs (loop0): Remounting filesystem read-only
[  104.293515][ T6462] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  104.316016][ T6470] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  104.333514][ T6463] EXT4-fs (loop0): 1 truncate cleaned up
[  104.339697][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  104.351614][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  104.366309][ T6462] EXT4-fs (loop1): orphan cleanup on readonly fs
[  104.413583][ T6462] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.917: corrupted inode contents
[  104.437374][   T12] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  104.452974][ T6462] EXT4-fs (loop1): Remounting filesystem read-only
[  104.459820][ T6462] EXT4-fs (loop1): 1 truncate cleaned up
[  104.475690][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  104.488200][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  104.511015][   T12] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  104.524658][ T6462] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  104.539568][ T6470] EXT4-fs (loop4): mount failed
[  104.545479][ T6463] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  104.551619][ T6462] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.560425][ T6463] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.843063][ T6481] loop5: detected capacity change from 0 to 1024
[  104.851176][ T6481] EXT4-fs: Ignoring removed orlov option
[  104.872214][ T6481] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.958433][ T6493] loop0: detected capacity change from 0 to 512
[  104.982302][ T6493] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  104.985440][ T6495] netem: unknown loss type 12
[  104.996489][ T6495] netem: change failed
[  105.001231][ T6493] EXT4-fs (loop0): orphan cleanup on readonly fs
[  105.010428][ T6493] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.932: corrupted inode contents
[  105.044020][ T6495] loop1: detected capacity change from 0 to 512
[  105.062581][ T6493] EXT4-fs (loop0): Remounting filesystem read-only
[  105.070077][ T6493] EXT4-fs (loop0): 1 truncate cleaned up
[  105.076912][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  105.089179][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  105.122243][ T6495] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  105.152730][   T12] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  105.163211][   T12] __quota_error: 55 callbacks suppressed
[  105.163229][   T12] Quota error (device loop0): v2_write_file_info: Can't write info structure
[  105.198610][   T12] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  105.211436][ T6495] EXT4-fs (loop1): mount failed
[  105.220745][ T6493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  105.236450][ T6493] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.405417][ T6506] netlink: 'syz.1.935': attribute type 21 has an invalid length.
[  105.519065][ T6511] program syz.1.937 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  105.649273][ T3933] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.680413][ T6519] __nla_validate_parse: 2 callbacks suppressed
[  105.680437][ T6519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.941'.
[  105.714257][   T29] audit: type=1326 audit(1755942399.121:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff246eebe9 code=0x7ffc0000
[  105.741872][ T6519] loop4: detected capacity change from 0 to 1024
[  105.777651][   T29] audit: type=1326 audit(1755942399.131:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7eff246eebe9 code=0x7ffc0000
[  105.802032][   T29] audit: type=1326 audit(1755942399.131:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7eff246eec23 code=0x7ffc0000
[  105.827270][   T29] audit: type=1326 audit(1755942399.131:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7eff246ed69f code=0x7ffc0000
[  105.855718][   T29] audit: type=1326 audit(1755942399.141:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7eff246eec77 code=0x7ffc0000
[  105.882663][   T29] audit: type=1326 audit(1755942399.151:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7eff246ed550 code=0x7ffc0000
[  105.908215][   T29] audit: type=1326 audit(1755942399.151:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7eff246ee7eb code=0x7ffc0000
[  105.934215][   T29] audit: type=1326 audit(1755942399.181:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6518 comm="syz.4.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7eff246ed84a code=0x7ffc0000
[  105.964704][ T6519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.013558][ T6534] FAULT_INJECTION: forcing a failure.
[  106.013558][ T6534] name fail_futex, interval 1, probability 0, space 0, times 1
[  106.029554][ T6534] CPU: 1 UID: 0 PID: 6534 Comm: syz.5.942 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  106.029653][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  106.029668][ T6534] Call Trace:
[  106.029676][ T6534]  <TASK>
[  106.029687][ T6534]  __dump_stack+0x1d/0x30
[  106.029714][ T6534]  dump_stack_lvl+0xe8/0x140
[  106.029807][ T6534]  dump_stack+0x15/0x1b
[  106.029823][ T6534]  should_fail_ex+0x265/0x280
[  106.029902][ T6534]  should_fail+0xb/0x20
[  106.029922][ T6534]  get_futex_key+0x130/0xbd0
[  106.029952][ T6534]  futex_wake+0x7d/0x360
[  106.030001][ T6534]  ? __rcu_read_unlock+0x4f/0x70
[  106.030028][ T6534]  do_futex+0x323/0x380
[  106.030056][ T6534]  mm_release+0xb2/0x1e0
[  106.030159][ T6534]  exit_mm_release+0x25/0x30
[  106.030183][ T6534]  exit_mm+0x38/0x190
[  106.030211][ T6534]  do_exit+0x417/0x15c0
[  106.030320][ T6534]  do_group_exit+0xff/0x140
[  106.030351][ T6534]  ? get_signal+0xe51/0xf70
[  106.030442][ T6534]  get_signal+0xe59/0xf70
[  106.030478][ T6534]  arch_do_signal_or_restart+0x96/0x480
[  106.030538][ T6534]  exit_to_user_mode_loop+0x7a/0x100
[  106.030559][ T6534]  do_syscall_64+0x1d6/0x200
[  106.030611][ T6534]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  106.030634][ T6534]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  106.030740][ T6534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.030783][ T6534] RIP: 0033:0x7f3a24c2ebe9
[  106.030800][ T6534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.030820][ T6534] RSP: 002b:00007f3a23655038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  106.030898][ T6534] RAX: fffffffffffffe00 RBX: 00007f3a24e56180 RCX: 00007f3a24c2ebe9
[  106.030994][ T6534] RDX: 0000000000001b00 RSI: 0000200000001480 RDI: 0000000000000008
[  106.031077][ T6534] RBP: 00007f3a23655090 R08: 0000000000000000 R09: 0000000000000000
[  106.031090][ T6534] R10: 0000000000010022 R11: 0000000000000246 R12: 0000000000000001
[  106.031102][ T6534] R13: 00007f3a24e56218 R14: 00007f3a24e56180 R15: 00007ffed5f7cf28
[  106.031120][ T6534]  </TASK>
[  106.279282][ T6528] syzkaller0: entered promiscuous mode
[  106.279307][ T6528] syzkaller0: entered allmulticast mode
[  106.289208][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.603518][ T6567] netlink: 32 bytes leftover after parsing attributes in process `syz.3.953'.
[  106.647502][ T6567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.953'.
[  106.715154][ T6573] program syz.5.956 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  106.743763][ T6571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.955'.
[  106.767823][ T6565] loop4: detected capacity change from 0 to 1024
[  106.779215][ T6571] loop3: detected capacity change from 0 to 512
[  106.791547][ T6565] EXT4-fs: Ignoring removed orlov option
[  106.846793][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.958'.
[  106.862153][ T6565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.862181][ T6571] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  107.011118][ T6571] EXT4-fs (loop3): orphan cleanup on readonly fs
[  107.045942][ T6586] netlink: 4 bytes leftover after parsing attributes in process `syz.1.958'.
[  107.114923][ T6585] netlink: 4 bytes leftover after parsing attributes in process `syz.5.957'.
[  107.172112][ T6571] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.955: corrupted inode contents
[  107.214392][ T6585] loop5: detected capacity change from 0 to 1024
[  107.265065][ T6571] EXT4-fs (loop3): Remounting filesystem read-only
[  107.272941][ T6571] EXT4-fs (loop3): 1 truncate cleaned up
[  107.310303][   T52] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  107.322445][   T52] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  107.381712][ T6585] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.421414][   T52] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  107.484470][ T3933] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.484680][ T6571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  107.511636][ T6571] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.586781][ T6607] netlink: 32 bytes leftover after parsing attributes in process `syz.1.965'.
[  107.656451][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.732195][ T6614] program syz.1.968 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  107.753517][ T6613] loop4: detected capacity change from 0 to 128
[  107.838953][ T6620] bio_check_eod: 6528 callbacks suppressed
[  107.838978][ T6620] syz.4.966: attempt to access beyond end of device
[  107.838978][ T6620] loop4: rw=2049, sector=145, nr_sectors = 16 limit=128
[  107.873258][ T6622] loop5: detected capacity change from 0 to 512
[  107.893267][ T6620] syz.4.966: attempt to access beyond end of device
[  107.893267][ T6620] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  107.941520][ T6622] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  107.975426][ T6620] syz.4.966: attempt to access beyond end of device
[  107.975426][ T6620] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[  108.015577][ T6622] EXT4-fs (loop5): mount failed
[  108.051908][ T6631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'.
[  108.071061][ T6620] syz.4.966: attempt to access beyond end of device
[  108.071061][ T6620] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[  108.114215][ T6633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'.
[  108.165188][ T6620] syz.4.966: attempt to access beyond end of device
[  108.165188][ T6620] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[  108.252539][ T6620] syz.4.966: attempt to access beyond end of device
[  108.252539][ T6620] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[  108.351951][ T6620] syz.4.966: attempt to access beyond end of device
[  108.351951][ T6620] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[  108.420467][ T6620] syz.4.966: attempt to access beyond end of device
[  108.420467][ T6620] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[  108.492018][ T6620] syz.4.966: attempt to access beyond end of device
[  108.492018][ T6620] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[  108.582609][ T6648] loop5: detected capacity change from 0 to 512
[  108.595709][ T6620] syz.4.966: attempt to access beyond end of device
[  108.595709][ T6620] loop4: rw=2049, sector=297, nr_sectors = 8 limit=128
[  108.631249][ T6648] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  108.640393][ T6648] EXT4-fs (loop5): orphan cleanup on readonly fs
[  108.742342][ T6648] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.980: corrupted inode contents
[  108.793303][ T6648] EXT4-fs (loop5): Remounting filesystem read-only
[  108.806296][ T6658] loop0: detected capacity change from 0 to 2048
[  108.831131][ T6648] EXT4-fs (loop5): 1 truncate cleaned up
[  108.838294][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  108.851146][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  108.879971][   T31] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  108.892575][ T6648] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  108.958056][ T6648] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.997921][ T3293]  loop0: p2 p3 p7
[  109.031928][ T6658]  loop0: p2 p3 p7
[  109.056847][ T6641] loop1: detected capacity change from 0 to 1024
[  109.076538][ T2993]  loop0: p2 p3 p7
[  109.150008][ T6641] EXT4-fs: Ignoring removed orlov option
[  109.205881][ T6678] loop3: detected capacity change from 0 to 512
[  109.249664][ T6678] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  109.300787][ T6641] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.343335][ T6678] EXT4-fs (loop3): mount failed
[  109.410868][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  109.430286][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[  109.443489][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  109.512814][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  109.526199][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  109.537261][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[  109.810739][ T6699] loop5: detected capacity change from 0 to 128
[  109.822172][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.919848][ T6703] loop4: detected capacity change from 0 to 512
[  109.981242][ T6703] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  109.989983][ T6706] loop3: detected capacity change from 0 to 2048
[  110.045439][ T3522]  loop3: p2 p3 p7
[  110.261244][ T6703] EXT4-fs (loop4): 1 orphan inode deleted
[  110.273080][   T29] kauditd_printk_skb: 76 callbacks suppressed
[  110.273100][   T29] audit: type=1400 audit(1755942403.681:1474): avc:  denied  { ioctl } for  pid=6711 comm="syz.5.1004" path="socket:[16490]" dev="sockfs" ino=16490 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  110.275006][ T6706]  loop3: p2 p3 p7
[  110.312704][   T52] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  110.319623][ T6703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.323380][   T52] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:4: Failed to release dquot type 1
[  110.458648][ T6732] program syz.5.1008 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  110.546617][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  110.547043][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  110.582089][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  110.651830][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  110.677264][ T6703] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.714242][ T6742] program syz.3.1013 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  110.899923][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.974916][   T29] audit: type=1400 audit(1755942404.381:1475): avc:  denied  { relabelfrom } for  pid=6753 comm="syz.3.1019" name="" dev="pipefs" ino=16561 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  110.982991][ T6758] __nla_validate_parse: 9 callbacks suppressed
[  110.983012][ T6758] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1017'.
[  111.053544][ T6759] loop1: detected capacity change from 0 to 512
[  111.073570][ T6759] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  111.122334][ T6759] EXT4-fs (loop1): orphan cleanup on readonly fs
[  111.153442][ T6735] loop5: detected capacity change from 0 to 1024
[  111.202454][ T6767] program syz.4.1021 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  111.257430][ T6759] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1020: corrupted inode contents
[  111.272290][ T6735] EXT4-fs: Ignoring removed orlov option
[  111.339810][ T6735] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.401189][ T6759] EXT4-fs (loop1): Remounting filesystem read-only
[  111.408223][ T6759] EXT4-fs (loop1): 1 truncate cleaned up
[  111.421269][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  111.432900][   T12] Quota error (device loop1): write_blk: dquota write failed
[  111.441132][   T12] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  111.451514][   T12] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  111.463160][   T12] Quota error (device loop1): write_blk: dquota write failed
[  111.471687][   T12] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  111.780948][   T12] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  111.791716][   T12] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  111.861130][   T12] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  111.870531][ T6778] SELinux:  Context Ôw&² is not valid (left unmapped).
[  111.891900][ T3933] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.905875][ T6759] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  111.927058][   T29] audit: type=1400 audit(1755942405.331:1476): avc:  denied  { create } for  pid=6777 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  112.001694][ T6759] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.025517][ T6789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1027'.
[  112.059639][ T6785] loop0: detected capacity change from 0 to 1024
[  112.112464][ T6785] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.193743][ T6798] loop3: detected capacity change from 0 to 512
[  112.242073][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.271269][ T6798] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  112.372439][ T6798] EXT4-fs (loop3): 1 orphan inode deleted
[  112.381832][ T6798] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.396629][  T558] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:5: Failed to release dquot type 1
[  112.427797][ T6805] program syz.0.1030 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  112.444467][ T6798] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  112.518811][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.994408][ T6834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1041'.
[  113.091105][ T6834] loop1: detected capacity change from 0 to 1024
[  113.141874][ T6834] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.215786][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.482271][ T6853] loop3: detected capacity change from 0 to 512
[  113.502282][ T6816] loop5: detected capacity change from 0 to 1024
[  113.536846][ T6853] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  113.570028][ T6816] EXT4-fs: Ignoring removed orlov option
[  113.611554][ T6816] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.627154][ T6853] EXT4-fs (loop3): 1 orphan inode deleted
[  113.636210][ T6853] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.653931][  T558] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:5: Failed to release dquot type 1
[  113.672146][ T6858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1045'.
[  113.721306][ T6853] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.776791][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.873452][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1045'.
[  113.954174][ T6861] loop3: detected capacity change from 0 to 2048
[  114.025551][ T3293]  loop3: p2 p3 p7
[  114.045571][ T6861]  loop3: p2 p3 p7
[  114.060449][ T6866] loop0: detected capacity change from 0 to 512
[  114.131675][ T3933] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.153476][ T6866] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  114.166023][ T6866] EXT4-fs (loop0): orphan cleanup on readonly fs
[  114.199792][ T6866] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1048: corrupted inode contents
[  114.215802][ T6866] EXT4-fs (loop0): Remounting filesystem read-only
[  114.227580][ T6866] EXT4-fs (loop0): 1 truncate cleaned up
[  114.241397][   T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  114.252864][   T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  114.360031][   T51] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  114.367873][ T6882] program syz.3.1053 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  114.387387][ T6866] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  114.409848][ T6881] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1054'.
[  114.425823][ T6866] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.426546][ T6881] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1054'.
[  114.594186][ T6893] loop3: detected capacity change from 0 to 512
[  114.673121][ T6893] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  114.735481][ T6893] EXT4-fs (loop3): mount failed
[  114.885586][ T6905] FAULT_INJECTION: forcing a failure.
[  114.885586][ T6905] name failslab, interval 1, probability 0, space 0, times 0
[  114.899540][ T6905] CPU: 1 UID: 0 PID: 6905 Comm: syz.0.1059 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  114.899569][ T6905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  114.899584][ T6905] Call Trace:
[  114.899593][ T6905]  <TASK>
[  114.899603][ T6905]  __dump_stack+0x1d/0x30
[  114.899683][ T6905]  dump_stack_lvl+0xe8/0x140
[  114.899703][ T6905]  dump_stack+0x15/0x1b
[  114.899718][ T6905]  should_fail_ex+0x265/0x280
[  114.899739][ T6905]  should_failslab+0x8c/0xb0
[  114.899803][ T6905]  kmem_cache_alloc_noprof+0x50/0x310
[  114.899883][ T6905]  ? alloc_vfsmnt+0x2d/0x300
[  114.899919][ T6905]  alloc_vfsmnt+0x2d/0x300
[  114.899946][ T6905]  vfs_create_mount+0x3b/0x240
[  114.899973][ T6905]  __se_sys_fsmount+0x2d9/0x580
[  114.900164][ T6905]  __x64_sys_fsmount+0x43/0x50
[  114.900191][ T6905]  x64_sys_call+0x2ab3/0x2ff0
[  114.900217][ T6905]  do_syscall_64+0xd2/0x200
[  114.900290][ T6905]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  114.900328][ T6905]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  114.900434][ T6905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.900468][ T6905] RIP: 0033:0x7f657e5aebe9
[  114.900487][ T6905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.900504][ T6905] RSP: 002b:00007f657d017038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b0
[  114.900524][ T6905] RAX: ffffffffffffffda RBX: 00007f657e7d5fa0 RCX: 00007f657e5aebe9
[  114.900537][ T6905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  114.900647][ T6905] RBP: 00007f657d017090 R08: 0000000000000000 R09: 0000000000000000
[  114.900660][ T6905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.900673][ T6905] R13: 00007f657e7d6038 R14: 00007f657e7d5fa0 R15: 00007fff189ffee8
[  114.900763][ T6905]  </TASK>
[  115.151967][ T6907] loop0: detected capacity change from 0 to 2048
[  115.202479][ T3293]  loop0: p2 p3 p7
[  115.222531][ T6907]  loop0: p2 p3 p7
[  115.277662][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  115.277662][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[  115.281783][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  115.365418][ T6914] loop3: detected capacity change from 0 to 128
[  115.443852][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  115.444358][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  115.457508][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[  115.482138][ T6919] bio_check_eod: 50 callbacks suppressed
[  115.482158][ T6919] syz.3.1064: attempt to access beyond end of device
[  115.482158][ T6919] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128
[  115.555207][ T6919] syz.3.1064: attempt to access beyond end of device
[  115.555207][ T6919] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128
[  115.590616][ T6924] program syz.5.1066 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  115.615573][ T6919] syz.3.1064: attempt to access beyond end of device
[  115.615573][ T6919] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128
[  115.640780][ T6919] syz.3.1064: attempt to access beyond end of device
[  115.640780][ T6919] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128
[  115.795743][ T6919] syz.3.1064: attempt to access beyond end of device
[  115.795743][ T6919] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128
[  115.829595][ T6910] loop0: detected capacity change from 0 to 1024
[  115.861362][ T6910] EXT4-fs: Ignoring removed orlov option
[  115.917503][ T6919] syz.3.1064: attempt to access beyond end of device
[  115.917503][ T6919] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128
[  115.953783][ T6910] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.044455][ T6919] syz.3.1064: attempt to access beyond end of device
[  116.044455][ T6919] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128
[  116.151143][ T6919] syz.3.1064: attempt to access beyond end of device
[  116.151143][ T6919] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128
[  116.194319][ T6919] syz.3.1064: attempt to access beyond end of device
[  116.194319][ T6919] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128
[  116.291591][ T6943] loop4: detected capacity change from 0 to 512
[  116.299681][ T6943] EXT4-fs: Ignoring removed orlov option
[  116.345127][ T6942] loop5: detected capacity change from 0 to 2048
[  116.362977][ T6919] syz.3.1064: attempt to access beyond end of device
[  116.362977][ T6919] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128
[  116.379745][ T6943] EXT4-fs error (device loop4): dx_probe:791: inode #2: comm syz.4.1068: Attempting to read directory block (0) that is past i_size (256)
[  116.396067][ T6943] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  116.405987][ T6943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.519565][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.582808][ T3522]  loop5: p2 p3 p7
[  117.236825][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  117.250167][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  117.353488][ T6962] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1075'.
[  117.398225][   T29] kauditd_printk_skb: 62 callbacks suppressed
[  117.398245][   T29] audit: type=1326 audit(1755942410.801:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a24c2ebe9 code=0x7ffc0000
[  117.437750][ T6958] loop5: detected capacity change from 0 to 1024
[  117.512108][ T6965] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1076'.
[  117.535613][ T6958] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.573205][   T29] audit: type=1326 audit(1755942410.841:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3a24c2ebe9 code=0x7ffc0000
[  117.599744][   T29] audit: type=1326 audit(1755942410.841:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3a24c2ec23 code=0x7ffc0000
[  117.625593][   T29] audit: type=1326 audit(1755942410.841:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3a24c2d69f code=0x7ffc0000
[  117.651243][   T29] audit: type=1326 audit(1755942410.841:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f3a24c2ec77 code=0x7ffc0000
[  117.676868][   T29] audit: type=1326 audit(1755942410.841:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3a24c2d550 code=0x7ffc0000
[  117.703068][   T29] audit: type=1326 audit(1755942410.841:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a24c2e7eb code=0x7ffc0000
[  117.729565][   T29] audit: type=1326 audit(1755942410.901:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3a24c2d84a code=0x7ffc0000
[  117.756805][   T29] audit: type=1326 audit(1755942410.901:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3a24c2d84a code=0x7ffc0000
[  117.783615][   T29] audit: type=1326 audit(1755942410.901:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6956 comm="syz.5.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3a24c2d457 code=0x7ffc0000
[  117.816722][ T6965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1076'.
[  118.050828][ T3933] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.087536][ T6969] loop3: detected capacity change from 0 to 256
[  118.223215][ T6973] program syz.3.1079 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  118.341909][ T6975] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1081'.
[  118.421213][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1081'.
[  118.521265][ T6983] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1083'.
[  118.574815][ T6983] loop5: detected capacity change from 0 to 512
[  118.632192][ T6983] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  118.663732][ T6983] EXT4-fs (loop5): orphan cleanup on readonly fs
[  118.697928][ T6983] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.1083: corrupted inode contents
[  118.749233][ T6983] EXT4-fs (loop5): Remounting filesystem read-only
[  118.779276][ T6983] EXT4-fs (loop5): 1 truncate cleaned up
[  119.187948][ T3436] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.189679][ T3488] udevd[3488]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[  119.200464][ T3436] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.390982][ T3436] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  119.481894][ T6983] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  119.520997][ T6935] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 255: padding at end of block bitmap is not set
[  119.540658][ T7001] loop0: detected capacity change from 0 to 512
[  119.567678][ T6983] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.802767][ T7001] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  119.855639][ T7001] EXT4-fs (loop0): orphan cleanup on readonly fs
[  119.880447][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.925586][ T7001] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1087: corrupted inode contents
[  120.032277][ T7011] loop4: detected capacity change from 0 to 128
[  120.111147][ T7001] EXT4-fs (loop0): Remounting filesystem read-only
[  120.118213][ T7001] EXT4-fs (loop0): 1 truncate cleaned up
[  120.124629][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  120.135695][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  120.191639][ T7015] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1090'.
[  120.208753][   T37] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  120.284226][ T7015] loop3: detected capacity change from 0 to 512
[  120.344755][ T7015] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  120.413102][ T7015] EXT4-fs (loop3): orphan cleanup on readonly fs
[  120.470702][ T7015] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1090: corrupted inode contents
[  120.569938][ T7015] EXT4-fs (loop3): Remounting filesystem read-only
[  120.591499][ T7015] EXT4-fs (loop3): 1 truncate cleaned up
[  120.597908][ T3436] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  120.609134][ T3436] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  120.664684][ T3436] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  120.723694][ T7029] loop0: detected capacity change from 0 to 512
[  120.765756][ T7036] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1095'.
[  120.778815][ T7029] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  120.815392][ T7036] loop4: detected capacity change from 0 to 1024
[  120.841039][ T7029] EXT4-fs (loop0): mount failed
[  121.045167][ T7048] program syz.3.1099 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  121.137723][ T7058] loop3: detected capacity change from 0 to 512
[  121.174222][ T7058] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  121.215775][ T7066] loop1: detected capacity change from 0 to 512
[  121.227148][ T7058] EXT4-fs (loop3): mount failed
[  121.240015][ T7066] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  121.271443][ T7066] EXT4-fs (loop1): 1 orphan inode deleted
[  121.288055][ T7066] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.311010][ T3436] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:7: Failed to release dquot type 1
[  121.356980][ T7073] loop3: detected capacity change from 0 to 512
[  121.404610][ T7073] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  121.422749][ T7073] EXT4-fs (loop3): orphan cleanup on readonly fs
[  121.432018][ T7073] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1105: corrupted inode contents
[  121.455624][ T7073] EXT4-fs (loop3): Remounting filesystem read-only
[  121.477700][ T7073] EXT4-fs (loop3): 1 truncate cleaned up
[  121.487028][ T7080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1107'.
[  121.498023][   T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  121.509904][   T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  121.513410][ T7080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1107'.
[  121.533896][   T37] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  122.214172][ T7104] loop4: detected capacity change from 0 to 512
[  122.242020][ T7104] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.264679][ T7106] loop5: detected capacity change from 0 to 1024
[  122.285991][ T7104] EXT4-fs (loop4): 1 orphan inode deleted
[  122.293001][ T7104] ext4 filesystem being mounted at /245/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.311159][   T37] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 1
[  122.331349][ T7106] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  122.342607][ T7106] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  122.450862][ T7106] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  122.540775][ T7106] EXT4-fs error (device loop5): ext4_get_journal_inode:5800: inode #5: comm syz.5.1118: unexpected bad inode w/o EXT4_IGET_BAD
[  122.556138][ T7106] EXT4-fs (loop5): no journal found
[  122.561643][ T7106] EXT4-fs (loop5): can't get journal size
[  122.833454][ T7119] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1120'.
[  122.894109][ T7119] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1120'.
[  122.970941][   T29] kauditd_printk_skb: 72 callbacks suppressed
[  122.970962][   T29] audit: type=1400 audit(1755942416.371:1584): avc:  denied  { mount } for  pid=7105 comm="syz.5.1118" name="/" dev="configfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  123.035023][ T3933] EXT4-fs error (device loop5): __ext4_iget:5464: inode #15: block 1803188595: comm syz-executor: invalid block
[  123.058622][   T29] audit: type=1400 audit(1755942416.421:1585): avc:  denied  { search } for  pid=7105 comm="syz.5.1118" name="/" dev="configfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  123.082808][   T29] audit: type=1400 audit(1755942416.421:1586): avc:  denied  { search } for  pid=7105 comm="syz.5.1118" name="/" dev="configfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  123.110274][   T29] audit: type=1400 audit(1755942416.421:1587): avc:  denied  { read open } for  pid=7105 comm="syz.5.1118" path="/" dev="configfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  123.136098][ T3933] EXT4-fs error (device loop5): __ext4_iget:5464: inode #15: block 1803188595: comm syz-executor: invalid block
[  123.156224][ T7143] loop4: detected capacity change from 0 to 128
[  123.197377][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1130'.
[  123.223728][ T7145] loop1: detected capacity change from 0 to 512
[  123.234621][ T7149] bio_check_eod: 114 callbacks suppressed
[  123.234644][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.234644][ T7149] loop4: rw=2049, sector=145, nr_sectors = 16 limit=128
[  123.278606][ T7145] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  123.297881][ T7145] EXT4-fs (loop1): orphan cleanup on readonly fs
[  123.305217][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.305217][ T7149] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  123.328067][ T7145] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1130: corrupted inode contents
[  123.346082][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.346082][ T7149] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[  123.363398][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.363398][ T7149] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[  123.379056][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.379056][ T7149] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[  123.381509][ T7145] EXT4-fs (loop1): Remounting filesystem read-only
[  123.394303][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.394303][ T7149] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[  123.416188][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.416188][ T7149] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[  123.431451][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.431451][ T7149] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[  123.446037][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.446037][ T7149] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[  123.461367][ T7145] EXT4-fs (loop1): 1 truncate cleaned up
[  123.468703][ T3436] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  123.480374][ T3436] Quota error (device loop1): write_blk: dquota write failed
[  123.489239][ T3436] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  123.493969][ T7149] syz.4.1129: attempt to access beyond end of device
[  123.493969][ T7149] loop4: rw=2049, sector=297, nr_sectors = 8 limit=128
[  123.501578][ T3436] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  123.529064][ T3436] Quota error (device loop1): write_blk: dquota write failed
[  123.537110][ T3436] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  123.549834][ T3436] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  123.560752][ T3436] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  123.571094][ T3436] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  123.606697][   T37] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.664710][   T37] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.694231][ T7160] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1136'.
[  123.733878][   T37] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.753394][ T7160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1136'.
[  123.804981][   T37] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.862933][ T7177] FAULT_INJECTION: forcing a failure.
[  123.862933][ T7177] name failslab, interval 1, probability 0, space 0, times 0
[  123.877028][ T7177] CPU: 1 UID: 0 PID: 7177 Comm: syz.3.1140 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  123.877074][ T7177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  123.877086][ T7177] Call Trace:
[  123.877093][ T7177]  <TASK>
[  123.877100][ T7177]  __dump_stack+0x1d/0x30
[  123.877125][ T7177]  dump_stack_lvl+0xe8/0x140
[  123.877158][ T7177]  dump_stack+0x15/0x1b
[  123.877185][ T7177]  should_fail_ex+0x265/0x280
[  123.877271][ T7177]  should_failslab+0x8c/0xb0
[  123.877310][ T7177]  kmem_cache_alloc_noprof+0x50/0x310
[  123.877394][ T7177]  ? prepare_creds+0x37/0x4c0
[  123.877438][ T7177]  prepare_creds+0x37/0x4c0
[  123.877464][ T7177]  __sys_setuid+0x67/0x310
[  123.877498][ T7177]  __x64_sys_setuid+0x1e/0x30
[  123.877553][ T7177]  x64_sys_call+0x1a84/0x2ff0
[  123.877589][ T7177]  do_syscall_64+0xd2/0x200
[  123.877617][ T7177]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  123.877698][ T7177]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  123.877726][ T7177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.877751][ T7177] RIP: 0033:0x7f6e11f8ebe9
[  123.877768][ T7177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.877788][ T7177] RSP: 002b:00007f6e109ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000069
[  123.877895][ T7177] RAX: ffffffffffffffda RBX: 00007f6e121b5fa0 RCX: 00007f6e11f8ebe9
[  123.877910][ T7177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  123.877924][ T7177] RBP: 00007f6e109ef090 R08: 0000000000000000 R09: 0000000000000000
[  123.877969][ T7177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.878043][ T7177] R13: 00007f6e121b6038 R14: 00007f6e121b5fa0 R15: 00007ffdc15e2de8
[  123.878065][ T7177]  </TASK>
[  124.141983][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1143'.
[  124.206185][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1143'.
[  124.324403][   T37] bond0 (unregistering): Released all slaves
[  124.422654][   T37] tipc: Disabling bearer <udp:syz0>
[  124.431204][   T37] tipc: Left network mode
[  124.453046][   T37] hsr_slave_0: left promiscuous mode
[  124.471632][   T37] hsr_slave_1: left promiscuous mode
[  124.499830][   T37] veth1_macvtap: left promiscuous mode
[  124.516845][   T37] veth0_macvtap: left promiscuous mode
[  124.535354][   T37] veth1_vlan: left promiscuous mode
[  124.560585][   T37] veth0_vlan: left promiscuous mode
[  124.561724][ T7220] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1148'.
[  124.646021][ T7228] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  124.646021][ T7228]    program syz.3.1150 not setting count and/or reply_len properly
[  124.663906][ T7230] loop1: detected capacity change from 0 to 512
[  124.675649][ T7231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1148'.
[  124.705919][ T7230] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  124.739802][ T7230] EXT4-fs (loop1): orphan cleanup on readonly fs
[  124.766661][ T7230] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1151: corrupted inode contents
[  124.797312][ T7230] EXT4-fs (loop1): Remounting filesystem read-only
[  124.806976][ T7235] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  124.806976][ T7235] The task syz.3.1150 (7235) triggered the difference, watch for misbehavior.
[  124.826150][ T7230] EXT4-fs (loop1): 1 truncate cleaned up
[  124.836300][ T3436] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  124.848361][ T3436] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  124.863590][ T3436] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  124.877045][ T7224] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1151'.
[  124.941526][ T7237] loop0: detected capacity change from 0 to 2048
[  124.982768][ T3522]  loop0: p2 p3 p7
[  125.014331][ T7237]  loop0: p2 p3 p7
[  125.024968][ T7163] chnl_net:caif_netlink_parms(): no params data found
[  125.078660][ T7242] loop4: detected capacity change from 0 to 1024
[  125.087813][ T7242] EXT4-fs: Ignoring removed orlov option
[  125.322712][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[  125.325563][   T37] IPVS: stop unused estimator thread 0...
[  125.334836][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  125.347745][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  125.433866][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[  125.436425][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  125.448024][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  125.474147][ T7163] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.483722][ T7163] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.535668][ T7163] bridge_slave_0: entered allmulticast mode
[  125.558465][ T7163] bridge_slave_0: entered promiscuous mode
[  125.586123][ T7163] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.593856][ T7163] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.603700][ T7163] bridge_slave_1: entered allmulticast mode
[  125.611341][ T7163] bridge_slave_1: entered promiscuous mode
[  125.623851][ T7279] loop0: detected capacity change from 0 to 512
[  125.673698][ T7279] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  125.720710][ T7279] EXT4-fs (loop0): orphan cleanup on readonly fs
[  125.752768][ T7163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.763049][ T7293] FAULT_INJECTION: forcing a failure.
[  125.763049][ T7293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  125.777923][ T7293] CPU: 0 UID: 0 PID: 7293 Comm: syz.1.1162 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  125.777952][ T7293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  125.777964][ T7293] Call Trace:
[  125.777972][ T7293]  <TASK>
[  125.777981][ T7293]  __dump_stack+0x1d/0x30
[  125.778006][ T7293]  dump_stack_lvl+0xe8/0x140
[  125.778096][ T7293]  dump_stack+0x15/0x1b
[  125.778116][ T7293]  should_fail_ex+0x265/0x280
[  125.778139][ T7293]  should_fail+0xb/0x20
[  125.778174][ T7293]  should_fail_usercopy+0x1a/0x20
[  125.778200][ T7293]  _copy_to_user+0x20/0xa0
[  125.778226][ T7293]  simple_read_from_buffer+0xb5/0x130
[  125.778298][ T7293]  proc_fail_nth_read+0x10e/0x150
[  125.778340][ T7293]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  125.778362][ T7293]  vfs_read+0x1a5/0x770
[  125.778413][ T7293]  ? kmem_cache_free+0x162/0x300
[  125.778483][ T7293]  ? percpu_counter_add_batch+0xb6/0x130
[  125.778504][ T7293]  ? xfd_validate_state+0x45/0xf0
[  125.778551][ T7293]  ksys_read+0xda/0x1a0
[  125.778575][ T7293]  __x64_sys_read+0x40/0x50
[  125.778598][ T7293]  x64_sys_call+0x27bc/0x2ff0
[  125.778618][ T7293]  do_syscall_64+0xd2/0x200
[  125.778686][ T7293]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  125.778748][ T7293]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  125.778770][ T7293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.778793][ T7293] RIP: 0033:0x7f7e4e83d5fc
[  125.778877][ T7293] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  125.778897][ T7293] RSP: 002b:00007f7e4d2a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  125.778920][ T7293] RAX: ffffffffffffffda RBX: 00007f7e4ea65fa0 RCX: 00007f7e4e83d5fc
[  125.778932][ T7293] RDX: 000000000000000f RSI: 00007f7e4d2a70a0 RDI: 0000000000000008
[  125.778944][ T7293] RBP: 00007f7e4d2a7090 R08: 0000000000000000 R09: 0000000000000000
[  125.778955][ T7293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.778967][ T7293] R13: 00007f7e4ea66038 R14: 00007f7e4ea65fa0 R15: 00007ffcc6cdcb88
[  125.778989][ T7293]  </TASK>
[  126.043170][ T7163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.059781][ T7279] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1158: corrupted inode contents
[  126.114396][ T7279] EXT4-fs (loop0): Remounting filesystem read-only
[  126.122592][ T7279] EXT4-fs (loop0): 1 truncate cleaned up
[  126.134412][ T7296] loop4: detected capacity change from 0 to 2048
[  126.138341][   T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  126.154800][   T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  126.155777][ T7163] team0: Port device team_slave_0 added
[  126.179492][   T51] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  126.186368][ T7163] team0: Port device team_slave_1 added
[  126.219668][ T3293]  loop4: p2 p3 p7
[  126.231686][ T7298] loop1: detected capacity change from 0 to 1024
[  126.349309][ T7296]  loop4: p2 p3 p7
[  126.375387][ T7163] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.383242][ T7163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.412446][ T7163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.486907][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory
[  126.489018][ T7315] loop1: detected capacity change from 0 to 1024
[  126.499480][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  126.517824][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  126.552104][ T7163] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.560096][ T7163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.589599][ T7163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.602710][ T7334] tmpfs: Unsupported parameter 'huge'
[  126.612949][ T7335] loop0: detected capacity change from 0 to 512
[  126.615038][ T7329] lo speed is unknown, defaulting to 1000
[  126.622837][   T10] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=10 comm=kworker/0:1
[  126.660660][ T7329] lo speed is unknown, defaulting to 1000
[  126.669386][ T7335] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  126.686678][ T7335] EXT4-fs (loop0): orphan cleanup on readonly fs
[  126.689830][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  126.723906][ T7334] 9pnet: p9_errstr2errno: server reported unknown error 18446744
[  126.727643][ T7335] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1167: corrupted inode contents
[  126.751923][ T7329] lo speed is unknown, defaulting to 1000
[  126.760701][ T7163] hsr_slave_0: entered promiscuous mode
[  126.769329][ T7335] EXT4-fs (loop0): Remounting filesystem read-only
[  126.770475][ T7163] hsr_slave_1: entered promiscuous mode
[  126.783373][ T7329] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  126.790832][ T7335] EXT4-fs (loop0): 1 truncate cleaned up
[  126.793640][ T7329] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  126.805085][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  126.816730][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  126.840547][   T37] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  126.852876][ T7329] lo speed is unknown, defaulting to 1000
[  126.889688][ T7329] lo speed is unknown, defaulting to 1000
[  126.914825][ T7329] lo speed is unknown, defaulting to 1000
[  126.916005][ T7349] FAULT_INJECTION: forcing a failure.
[  126.916005][ T7349] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  126.933671][ T7329] lo speed is unknown, defaulting to 1000
[  126.936116][ T7349] CPU: 1 UID: 0 PID: 7349 Comm: syz.1.1172 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  126.936145][ T7349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  126.936157][ T7349] Call Trace:
[  126.936164][ T7349]  <TASK>
[  126.936172][ T7349]  __dump_stack+0x1d/0x30
[  126.936197][ T7349]  dump_stack_lvl+0xe8/0x140
[  126.936492][ T7349]  dump_stack+0x15/0x1b
[  126.936509][ T7349]  should_fail_ex+0x265/0x280
[  126.936531][ T7349]  should_fail+0xb/0x20
[  126.936549][ T7349]  should_fail_usercopy+0x1a/0x20
[  126.936598][ T7349]  _copy_from_user+0x1c/0xb0
[  126.936626][ T7349]  ___sys_sendmsg+0xc1/0x1d0
[  126.936660][ T7349]  __x64_sys_sendmsg+0xd4/0x160
[  126.936685][ T7349]  x64_sys_call+0x191e/0x2ff0
[  126.936763][ T7349]  do_syscall_64+0xd2/0x200
[  126.936789][ T7349]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  126.936852][ T7349]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  126.936877][ T7349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.936899][ T7349] RIP: 0033:0x7f7e4e83ebe9
[  126.936953][ T7349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.936971][ T7349] RSP: 002b:00007f7e4d2a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  126.936993][ T7349] RAX: ffffffffffffffda RBX: 00007f7e4ea65fa0 RCX: 00007f7e4e83ebe9
[  126.937007][ T7349] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000004
[  126.937019][ T7349] RBP: 00007f7e4d2a7090 R08: 0000000000000000 R09: 0000000000000000
[  126.937032][ T7349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  126.937079][ T7349] R13: 00007f7e4ea66038 R14: 00007f7e4ea65fa0 R15: 00007ffcc6cdcb88
[  126.937096][ T7349]  </TASK>
[  127.156164][ T7329] lo speed is unknown, defaulting to 1000
[  127.195479][ T7329] lo speed is unknown, defaulting to 1000
[  127.248286][ T7360] loop4: detected capacity change from 0 to 512
[  127.278657][ T7163] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  127.293155][ T7360] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  127.425422][ T7360] EXT4-fs (loop4): 1 orphan inode deleted
[  127.433000][ T7360] ext4 filesystem being mounted at /263/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.515315][ T7163] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  127.527253][ T7163] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  127.543815][ T7163] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  127.768824][ T7376] loop3: detected capacity change from 0 to 512
[  127.821607][   T12] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:0: Failed to release dquot type 1
[  127.842560][ T7376] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  127.884958][ T7384] __nla_validate_parse: 4 callbacks suppressed
[  127.884978][ T7384] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1179'.
[  127.929128][ T7376] EXT4-fs (loop3): orphan cleanup on readonly fs
[  127.944523][ T7163] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.965378][ T7384] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1179'.
[  127.989955][ T7163] 8021q: adding VLAN 0 to HW filter on device team0
[  128.002327][ T7376] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1177: corrupted inode contents
[  128.045372][ T3436] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.052743][ T3436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.069931][ T7390] FAULT_INJECTION: forcing a failure.
[  128.069931][ T7390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.075246][ T3436] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.085444][ T7390] CPU: 0 UID: 0 PID: 7390 Comm: syz.4.1182 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  128.085472][ T7390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  128.085485][ T7390] Call Trace:
[  128.085535][ T7390]  <TASK>
[  128.085544][ T7390]  __dump_stack+0x1d/0x30
[  128.085569][ T7390]  dump_stack_lvl+0xe8/0x140
[  128.085645][ T7390]  dump_stack+0x15/0x1b
[  128.085668][ T7390]  should_fail_ex+0x265/0x280
[  128.085743][ T7390]  should_fail+0xb/0x20
[  128.085760][ T7390]  should_fail_usercopy+0x1a/0x20
[  128.085782][ T7390]  _copy_to_user+0x20/0xa0
[  128.085810][ T7390]  simple_read_from_buffer+0xb5/0x130
[  128.085883][ T7390]  proc_fail_nth_read+0x10e/0x150
[  128.085976][ T7390]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  128.086001][ T7390]  vfs_read+0x1a5/0x770
[  128.086020][ T7390]  ? __rcu_read_unlock+0x4f/0x70
[  128.086040][ T7390]  ? __fget_files+0x184/0x1c0
[  128.086145][ T7390]  ksys_read+0xda/0x1a0
[  128.086168][ T7390]  __x64_sys_read+0x40/0x50
[  128.086189][ T7390]  x64_sys_call+0x27bc/0x2ff0
[  128.086211][ T7390]  do_syscall_64+0xd2/0x200
[  128.086282][ T7390]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  128.086315][ T7390]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  128.086414][ T7390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.086437][ T7390] RIP: 0033:0x7eff246ed5fc
[  128.086455][ T7390] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  128.086530][ T7390] RSP: 002b:00007eff2314f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  128.086552][ T7390] RAX: ffffffffffffffda RBX: 00007eff24915fa0 RCX: 00007eff246ed5fc
[  128.086564][ T7390] RDX: 000000000000000f RSI: 00007eff2314f0a0 RDI: 0000000000000005
[  128.086577][ T7390] RBP: 00007eff2314f090 R08: 0000000000000000 R09: 0000000000000000
[  128.086589][ T7390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.086601][ T7390] R13: 00007eff24916038 R14: 00007eff24915fa0 R15: 00007ffd5412ebf8
[  128.086625][ T7390]  </TASK>
[  128.111366][ T7391] loop1: detected capacity change from 0 to 128
[  128.116346][ T3436] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.171532][ T7376] EXT4-fs (loop3): Remounting filesystem read-only
[  128.209132][ T7163] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  128.241202][ T7391] bio_check_eod: 481 callbacks suppressed
[  128.241226][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.241226][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.241296][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.241296][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.264998][ T7376] EXT4-fs (loop3): 1 truncate cleaned up
[  128.282084][   T12] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  128.301127][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.301127][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.301259][   T12] __quota_error: 126 callbacks suppressed
[  128.301307][   T12] Quota error (device loop3): write_blk: dquota write failed
[  128.310069][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.310069][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.318977][   T12] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries
[  128.390857][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.390857][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.395797][   T12] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  128.451429][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.451429][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.460254][   T12] Quota error (device loop3): write_blk: dquota write failed
[  128.484683][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.484683][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.487966][   T12] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list
[  128.502575][ T7163] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.516220][   T12] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  128.542222][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.542222][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.552165][   T12] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  128.599224][   T12] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  128.640670][ T7408] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1186'.
[  128.651961][ T7408] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1186'.
[  128.652280][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.652280][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.678857][ T7407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1187'.
[  128.697272][ T7407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1187'.
[  128.709852][ T7408] lo speed is unknown, defaulting to 1000
[  128.740631][ T7391] syz.1.1181: attempt to access beyond end of device
[  128.740631][ T7391] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[  128.787082][ T7407] lo speed is unknown, defaulting to 1000
[  128.949116][ T7416] loop0: detected capacity change from 0 to 512
[  128.980682][ T7422] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1190'.
[  128.991617][ T3436] Buffer I/O error on dev loop1, logical block 920, lost async page write
[  128.994674][ T7422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1190'.
[  129.017040][ T7416] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  129.059925][ T7416] EXT4-fs (loop0): 1 orphan inode deleted
[  129.067890][ T7416] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.079444][   T12] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  129.091947][   T12] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u8:0: Failed to release dquot type 1
[  129.176891][ T7163] veth0_vlan: entered promiscuous mode
[  129.189156][ T7435] loop3: detected capacity change from 0 to 1024
[  129.225878][ T7163] veth1_vlan: entered promiscuous mode
[  129.254712][ T7435] EXT4-fs: Ignoring removed orlov option
[  129.402909][ T7163] veth0_macvtap: entered promiscuous mode
[  129.435247][   T29] audit: type=1400 audit(1755942422.841:1695): avc:  denied  { write } for  pid=7441 comm="syz.0.1196" path="socket:[18529]" dev="sockfs" ino=18529 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  129.462336][ T7163] veth1_macvtap: entered promiscuous mode
[  129.474070][ T7163] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.485892][ T7163] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.502091][  T558] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.532157][  T558] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.548191][  T558] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.605516][  T558] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.666734][ T7450] netlink: 'syz.0.1197': attribute type 13 has an invalid length.
[  129.675455][ T7450] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1197'.
[  129.714698][   T29] audit: type=1400 audit(1755942423.121:1696): avc:  denied  { read } for  pid=7446 comm="syz.0.1197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  129.779857][   T29] audit: type=1400 audit(1755942423.171:1697): avc:  denied  { write } for  pid=7446 comm="syz.0.1197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  129.783870][ T7454] lo speed is unknown, defaulting to 1000
[  130.426735][ T7468] loop1: detected capacity change from 0 to 512
[  130.459445][ T7471] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1203'.
[  130.516875][ T7468] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  130.621528][ T7468] EXT4-fs (loop1): mount failed
[  130.820282][ T7487] lo speed is unknown, defaulting to 1000
[  131.450176][ T7497] loop3: detected capacity change from 0 to 512
[  131.477212][ T7497] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  131.532415][ T7497] EXT4-fs (loop3): mount failed
[  132.045240][ T7514] wg2: entered promiscuous mode
[  132.052318][ T7514] wg2: entered allmulticast mode
[  132.104022][ T7518] loop6: detected capacity change from 0 to 512
[  132.118258][ T7518] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  132.153339][ T7518] EXT4-fs (loop6): 1 orphan inode deleted
[  132.160252][ T7518] EXT4-fs mount: 36 callbacks suppressed
[  132.160269][ T7518] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.180859][ T3436] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:7: Failed to release dquot type 1
[  132.181401][ T7518] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  132.277358][ T7163] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.313786][ T7531] loop6: detected capacity change from 0 to 2048
[  132.356437][ T3293]  loop6: p2 p3 p7
[  132.370312][ T7531]  loop6: p2 p3 p7
[  135.356547][ T7541] loop4: detected capacity change from 0 to 1024
[  135.366595][ T7542] __nla_validate_parse: 1 callbacks suppressed
[  135.366613][ T7542] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1224'.
[  135.408971][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  135.421504][ T3488] udevd[3488]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory
[  135.432402][ T7536] loop6: detected capacity change from 0 to 512
[  135.439356][ T7541] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  135.450377][ T7541] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  135.463269][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  135.503588][ T7541] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  135.508480][ T7547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1227'.
[  135.528252][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory
[  135.529887][ T7548] loop1: detected capacity change from 0 to 2048
[  135.540252][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  135.546540][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  135.567285][ T7541] EXT4-fs error (device loop4): ext4_get_journal_inode:5800: inode #5: comm syz.4.1225: unexpected bad inode w/o EXT4_IGET_BAD
[  135.581689][ T7547] loop0: detected capacity change from 0 to 512
[  135.583727][ T7541] EXT4-fs (loop4): no journal found
[  135.594237][ T7541] EXT4-fs (loop4): can't get journal size
[  135.607770][ T7536] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  135.617020][ T7536] EXT4-fs (loop6): orphan cleanup on readonly fs
[  135.626863][ T7541] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  135.628466][ T3522]  loop1: p2 p3 p7
[  135.657816][ T7547] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  135.669116][ T7536] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.1224: corrupted inode contents
[  135.683716][ T7547] EXT4-fs (loop0): orphan cleanup on readonly fs
[  135.692133][ T7536] EXT4-fs (loop6): Remounting filesystem read-only
[  135.706024][ T7536] EXT4-fs (loop6): 1 truncate cleaned up
[  135.712737][ T3436] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  135.723708][ T3436] __quota_error: 6 callbacks suppressed
[  135.723727][ T3436] Quota error (device loop6): write_blk: dquota write failed
[  135.737275][ T3436] Quota error (device loop6): remove_free_dqentry: Can't write block (5) with free entries
[  135.748134][ T3436] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  135.760129][ T3436] Quota error (device loop6): write_blk: dquota write failed
[  135.760967][ T7548]  loop1: p2 p3 p7
[  135.768217][ T3436] Quota error (device loop6): free_dqentry: Can't move quota data block (5) to free list
[  135.786640][ T3436] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  135.797104][ T3436] Quota error (device loop6): v2_write_file_info: Can't write info structure
[  135.800843][ T2993]  loop1: p2 p3 p7
[  135.807457][ T3436] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  135.823513][ T7536] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  135.823914][ T7547] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1227: corrupted inode contents
[  135.845785][ T7536] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.881021][ T7547] EXT4-fs (loop0): Remounting filesystem read-only
[  135.888836][ T7547] EXT4-fs (loop0): 1 truncate cleaned up
[  135.896525][   T31] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  135.908335][   T31] Quota error (device loop0): write_blk: dquota write failed
[  135.915986][   T31] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries
[  135.927532][   T31] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  135.938982][   T31] Quota error (device loop0): write_blk: dquota write failed
[  135.946853][   T31] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list
[  135.957712][   T31] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  135.970510][ T7547] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  136.020095][ T7547] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.056586][ T3295] printk: udevd: 81 output lines suppressed due to ratelimiting
[  136.080596][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.099876][ T7569] sctp: [Deprecated]: syz.1.1241 (pid 7569) Use of struct sctp_assoc_value in delayed_ack socket option.
[  136.099876][ T7569] Use struct sctp_sack_info instead
[  136.165302][ T7569] loop1: detected capacity change from 0 to 8192
[  136.365014][ T7588] loop1: detected capacity change from 0 to 2048
[  136.372329][ T7590] loop0: detected capacity change from 0 to 512
[  136.383056][ T7590] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  136.400083][ T7590] EXT4-fs (loop0): mount failed
[  136.417325][ T7588]  loop1: p2 p3 p7
[  136.447496][ T7596] loop3: detected capacity change from 0 to 512
[  136.462350][ T7596] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  136.479705][ T7596] EXT4-fs (loop3): mount failed
[  136.573191][ T7608] netlink: 'syz.3.1242': attribute type 10 has an invalid length.
[  136.582295][ T7608] ipvlan0: entered allmulticast mode
[  136.588227][ T7608] veth0_vlan: entered allmulticast mode
[  137.053944][ T7616] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1244'.
[  137.069005][ T7616] loop4: detected capacity change from 0 to 512
[  137.073348][ T7619] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1245'.
[  137.090849][ T7619] loop6: detected capacity change from 0 to 512
[  137.093025][ T7616] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  137.107916][ T7616] EXT4-fs (loop4): orphan cleanup on readonly fs
[  137.117171][ T7616] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1244: corrupted inode contents
[  137.131345][ T7616] EXT4-fs (loop4): Remounting filesystem read-only
[  137.138980][ T7616] EXT4-fs (loop4): 1 truncate cleaned up
[  137.139276][ T7619] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  137.145538][   T31] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.155757][ T7619] EXT4-fs (loop6): orphan cleanup on readonly fs
[  137.165539][   T31] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.174695][ T7619] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.1245: corrupted inode contents
[  137.185648][   T31] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  137.200296][ T7619] EXT4-fs (loop6): Remounting filesystem read-only
[  137.211984][ T7616] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  137.218405][ T7619] EXT4-fs (loop6): 1 truncate cleaned up
[  137.234511][ T7616] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.250211][   T12] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.260846][   T12] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.272487][   T12] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  137.285054][ T7619] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  137.299172][ T7619] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.494652][ T7629] vhci_hcd: invalid port number 96
[  137.500141][ T7629] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  137.713589][ T7635] loop4: detected capacity change from 0 to 512
[  137.742469][ T7635] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  137.743565][ T7637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'.
[  137.777821][ T7637] loop0: detected capacity change from 0 to 512
[  137.784864][ T7635] EXT4-fs (loop4): mount failed
[  137.813133][ T7637] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  137.835501][ T7637] EXT4-fs (loop0): orphan cleanup on readonly fs
[  137.844987][ T7637] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1259: corrupted inode contents
[  137.858648][ T7637] EXT4-fs (loop0): Remounting filesystem read-only
[  137.858996][ T7648] loop6: detected capacity change from 0 to 2048
[  137.866566][ T7637] EXT4-fs (loop0): 1 truncate cleaned up
[  137.878418][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.890617][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  137.902383][   T12] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  137.907223][ T7648]  loop6: p2 p3 p7
[  137.914495][ T7637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  137.931344][ T7637] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.037541][ T7659] loop6: detected capacity change from 0 to 128
[  138.145807][ T7659] bio_check_eod: 1268 callbacks suppressed
[  138.145885][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.145885][ T7659] loop6: rw=2049, sector=145, nr_sectors = 16 limit=128
[  138.167181][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.167181][ T7659] loop6: rw=2049, sector=169, nr_sectors = 8 limit=128
[  138.181682][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.181682][ T7659] loop6: rw=2049, sector=185, nr_sectors = 8 limit=128
[  138.198061][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.198061][ T7659] loop6: rw=2049, sector=201, nr_sectors = 8 limit=128
[  138.213294][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.213294][ T7659] loop6: rw=2049, sector=217, nr_sectors = 8 limit=128
[  138.227808][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.227808][ T7659] loop6: rw=2049, sector=233, nr_sectors = 8 limit=128
[  138.242313][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.242313][ T7659] loop6: rw=2049, sector=249, nr_sectors = 8 limit=128
[  138.256481][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.256481][ T7659] loop6: rw=2049, sector=265, nr_sectors = 8 limit=128
[  138.271654][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.271654][ T7659] loop6: rw=2049, sector=281, nr_sectors = 8 limit=128
[  138.287168][ T7659] syz.6.1253: attempt to access beyond end of device
[  138.287168][ T7659] loop6: rw=2049, sector=297, nr_sectors = 8 limit=128
[  138.326481][ T7664] loop1: detected capacity change from 0 to 128
[  138.336083][ T7666] lo speed is unknown, defaulting to 1000
[  138.456644][ T7677] loop3: detected capacity change from 0 to 512
[  138.474886][ T7678] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1263'.
[  138.475239][ T7680] loop0: detected capacity change from 0 to 128
[  138.529648][ T7682] loop6: detected capacity change from 0 to 512
[  138.542087][ T7682] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  138.561288][ T7682] EXT4-fs (loop6): orphan cleanup on readonly fs
[  138.580634][ T7682] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.1263: corrupted inode contents
[  138.604389][ T7682] EXT4-fs (loop6): Remounting filesystem read-only
[  138.614631][ T7682] EXT4-fs (loop6): 1 truncate cleaned up
[  138.732421][ T7677] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  138.846585][ T7677] EXT4-fs (loop3): 1 orphan inode deleted
[  138.853636][ T7677] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.868782][ T7677] ext4 filesystem being mounted at /271/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.978081][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1266'.
[  138.991912][ T7692] loop4: detected capacity change from 0 to 512
[  139.032197][ T7692] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  139.047552][ T7692] EXT4-fs (loop4): orphan cleanup on readonly fs
[  139.121009][   T12] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  139.132520][   T12] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  139.132855][ T7692] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1266: corrupted inode contents
[  139.201234][ T7692] EXT4-fs (loop4): Remounting filesystem read-only
[  139.208779][ T7692] EXT4-fs (loop4): 1 truncate cleaned up
[  139.324604][ T7698] lo speed is unknown, defaulting to 1000
[  139.336569][   T12] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  139.361483][   T12] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:0: Failed to release dquot type 1
[  139.374261][   T12] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  139.385451][   T12] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  139.417013][   T12] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  139.441630][ T7682] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  139.455386][ T7692] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  139.455806][ T7682] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.478382][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.478642][ T7692] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.608579][ T7703] lo speed is unknown, defaulting to 1000
[  139.639380][ T7707] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1271'.
[  139.671131][ T7709] lo speed is unknown, defaulting to 1000
[  139.711337][ T7710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1271'.
[  139.939556][ T7720] sctp: [Deprecated]: syz.3.1276 (pid 7720) Use of struct sctp_assoc_value in delayed_ack socket option.
[  139.939556][ T7720] Use struct sctp_sack_info instead
[  139.986341][ T7718] loop1: detected capacity change from 0 to 128
[  140.022500][ T7723] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1278'.
[  140.085050][ T7726] lo speed is unknown, defaulting to 1000
[  140.144861][ T7728] netlink: 'syz.6.1277': attribute type 10 has an invalid length.
[  140.153494][ T7728] ipvlan0: entered allmulticast mode
[  140.159257][ T7728] veth0_vlan: entered allmulticast mode
[  140.194848][ T7728] team0: Device ipvlan0 failed to register rx_handler
[  140.204154][ T7720] loop3: detected capacity change from 0 to 8192
[  140.470449][ T7739] loop4: detected capacity change from 0 to 1024
[  140.498566][ T7747] __nla_validate_parse: 1 callbacks suppressed
[  140.498586][ T7747] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1285'.
[  140.505959][ T7739] EXT4-fs: Ignoring removed orlov option
[  140.594903][ T7747] bridge_slave_0: left allmulticast mode
[  140.600784][ T7747] bridge_slave_0: left promiscuous mode
[  140.607103][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.623991][ T7747] bridge_slave_1: left allmulticast mode
[  140.630436][ T7747] bridge_slave_1: left promiscuous mode
[  140.637556][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.654872][ T7748] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1285'.
[  140.674389][ T7747] bond0: (slave bond_slave_0): Releasing backup interface
[  140.684197][ T7739] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.704688][ T7747] bond0: (slave bond_slave_1): Releasing backup interface
[  140.759451][ T7747] team0: Port device team_slave_0 removed
[  140.817094][ T7747] team0: Port device team_slave_1 removed
[  140.846024][ T7747] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.855115][ T7747] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.898074][ T7762] loop3: detected capacity change from 0 to 512
[  140.912031][ T7762] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  140.922436][ T7762] EXT4-fs (loop3): orphan cleanup on readonly fs
[  140.933142][ T7747] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.941531][ T7747] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.962727][ T7762] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1288: corrupted inode contents
[  140.981336][ T7765] netlink: 'syz.4.1283': attribute type 1 has an invalid length.
[  141.021727][ T7762] EXT4-fs (loop3): Remounting filesystem read-only
[  141.053292][ T7762] EXT4-fs (loop3): 1 truncate cleaned up
[  141.059416][   T51] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  141.070984][   T51] __quota_error: 43 callbacks suppressed
[  141.071003][   T51] Quota error (device loop3): write_blk: dquota write failed
[  141.085297][   T51] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries
[  141.096889][   T51] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  141.108198][   T51] Quota error (device loop3): write_blk: dquota write failed
[  141.116702][   T51] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list
[  141.129829][ T7756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1288'.
[  141.139599][   T51] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  141.151222][   T51] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  141.161042][   T51] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  141.173160][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1283'.
[  141.174803][ T7762] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  141.211527][ T7765] 8021q: adding VLAN 0 to HW filter on device bond1
[  141.246999][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.258159][ T7762] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.269273][   T29] audit: type=1326 audit(1755942434.671:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7770 comm="syz.6.1292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e125ebe9 code=0x7ffc0000
[  141.369734][ T7774] loop6: detected capacity change from 0 to 2048
[  141.377673][   T29] audit: type=1326 audit(1755942434.711:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7770 comm="syz.6.1292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e125ebe9 code=0x7ffc0000
[  141.403559][   T29] audit: type=1326 audit(1755942434.711:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7770 comm="syz.6.1292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4e125ebe9 code=0x7ffc0000
[  141.429465][   T29] audit: type=1326 audit(1755942434.711:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7770 comm="syz.6.1292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e125ebe9 code=0x7ffc0000
[  141.496393][ T7777] loop4: detected capacity change from 0 to 512
[  141.505196][ T7777] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  141.516907][ T7774] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.567254][ T7771] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  141.615434][ T7771] EXT4-fs (loop6): Remounting filesystem read-only
[  141.630582][ T7782] netlink: 'syz.1.1294': attribute type 10 has an invalid length.
[  141.642941][ T7777] EXT4-fs (loop4): 1 orphan inode deleted
[  141.660795][ T7777] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.675458][ T3436] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:7: Failed to release dquot type 1
[  141.723229][ T7782] ipvlan0: entered allmulticast mode
[  141.728597][ T7782] veth0_vlan: entered allmulticast mode
[  141.734436][ T7782] team0: Device ipvlan0 is VLAN challenged and team device has VLAN set up
[  141.761490][ T7163] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.773719][ T7777] ext4 filesystem being mounted at /284/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.823566][ T7796] sctp: [Deprecated]: syz.6.1297 (pid 7796) Use of struct sctp_assoc_value in delayed_ack socket option.
[  141.823566][ T7796] Use struct sctp_sack_info instead
[  141.922988][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.979876][ T7814] loop3: detected capacity change from 0 to 128
[  142.011778][ T7796] loop6: detected capacity change from 0 to 8192
[  142.033557][ T7812] lo speed is unknown, defaulting to 1000
[  142.188754][ T7822] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1303'.
[  142.232666][ T7822] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1303'.
[  142.947609][ T7836] loop0: detected capacity change from 0 to 512
[  142.962194][ T7836] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  142.970677][ T7836] EXT4-fs (loop0): orphan cleanup on readonly fs
[  142.984527][ T7836] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1307: corrupted inode contents
[  143.012979][ T7836] EXT4-fs (loop0): Remounting filesystem read-only
[  143.020305][ T7836] EXT4-fs (loop0): 1 truncate cleaned up
[  143.021851][ T7840] loop4: detected capacity change from 0 to 8192
[  143.033344][ T3436] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  143.033774][ T7844] loop3: detected capacity change from 0 to 512
[  143.044530][ T3436] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  143.063349][ T7844] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  143.063575][ T3436] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  143.083329][ T7836] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  143.096405][ T7840]  loop4: p1 p2[DM] p4
[  143.096806][ T7836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.100750][ T7840] loop4: p1 size 196608 extends beyond EOD, truncated
[  143.119577][ T7840] loop4: p2 start 4292936063 is beyond EOD, truncated
[  143.126827][ T7840] loop4: p4 size 50331648 extends beyond EOD, truncated
[  143.136043][ T7844] EXT4-fs (loop3): 1 orphan inode deleted
[  143.142877][ T7844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.157067][   T31] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:1: Failed to release dquot type 1
[  143.169379][ T7844] ext4 filesystem being mounted at /282/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.196495][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.235158][ T7849] lo speed is unknown, defaulting to 1000
[  143.559608][ T7860] lo speed is unknown, defaulting to 1000
[  143.638024][ T7864] lo speed is unknown, defaulting to 1000
[  143.732426][ T7868] netlink: 'syz.3.1320': attribute type 13 has an invalid length.
[  143.740998][ T7868] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1320'.
[  143.791898][ T7873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1322'.
[  143.807136][ T7873] loop0: detected capacity change from 0 to 512
[  143.838665][ T7873] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  143.854600][ T7873] EXT4-fs (loop0): orphan cleanup on readonly fs
[  143.909491][ T7873] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1322: corrupted inode contents
[  143.985242][ T7882] lo speed is unknown, defaulting to 1000
[  143.991905][ T7873] EXT4-fs (loop0): Remounting filesystem read-only
[  144.013103][ T7873] EXT4-fs (loop0): 1 truncate cleaned up
[  144.019596][   T52] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  144.032505][   T52] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  144.081375][   T52] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  144.113998][ T7873] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  144.144705][ T7891] loop1: detected capacity change from 0 to 2048
[  144.156593][ T7873] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.198596][ T7891]  loop1: p2 p3 p7
[  144.267746][ T7898] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1332'.
[  144.317597][ T7898] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1332'.
[  144.422477][ T7904] netlink: 'syz.4.1333': attribute type 13 has an invalid length.
[  144.595241][ T7903] lo speed is unknown, defaulting to 1000
[  144.720775][ T7909] netlink: 'syz.3.1335': attribute type 13 has an invalid length.
[  145.203598][ T7925] loop4: detected capacity change from 0 to 2048
[  145.235095][ T7925] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.248509][ T7929] lo speed is unknown, defaulting to 1000
[  145.284345][ T7925] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  145.342231][ T7925] EXT4-fs (loop4): Remounting filesystem read-only
[  145.416436][ T7936] loop6: detected capacity change from 0 to 2048
[  145.450849][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.533744][ T7936]  loop6: p2 p3 p7
[  145.556575][ T7946] __nla_validate_parse: 4 callbacks suppressed
[  145.556598][ T7946] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1346'.
[  145.609812][ T7951] loop0: detected capacity change from 0 to 1024
[  145.621601][ T7946] loop3: detected capacity change from 0 to 512
[  145.651679][ T7951] EXT4-fs: Ignoring removed orlov option
[  145.660403][ T7946] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  145.673112][ T7951] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.691374][ T7946] EXT4-fs (loop3): orphan cleanup on readonly fs
[  145.722022][ T7962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1351'.
[  145.735414][ T7962] loop6: detected capacity change from 0 to 512
[  145.746255][ T7946] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1346: corrupted inode contents
[  145.776063][ T7962] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  145.782142][ T7946] EXT4-fs (loop3): Remounting filesystem read-only
[  145.787311][ T7962] EXT4-fs (loop6): orphan cleanup on readonly fs
[  145.802529][ T7946] EXT4-fs (loop3): 1 truncate cleaned up
[  145.808928][   T31] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  145.820041][   T31] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  145.841467][   T31] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  145.852597][ T7946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  145.867803][ T7946] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.878954][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.888473][ T7962] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.1351: corrupted inode contents
[  145.903288][ T7962] EXT4-fs (loop6): Remounting filesystem read-only
[  145.910729][ T7962] EXT4-fs (loop6): 1 truncate cleaned up
[  145.917216][   T52] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  145.929818][   T52] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  145.944864][   T52] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  145.963514][ T7962] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  145.980345][ T7973] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1353'.
[  145.996288][ T7973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1353'.
[  146.006518][ T7962] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.366447][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1354'.
[  146.382054][ T7980] loop3: detected capacity change from 0 to 512
[  146.460940][ T7980] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  146.468507][ T7986] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1357'.
[  146.470618][ T7980] EXT4-fs (loop3): orphan cleanup on readonly fs
[  146.523831][ T7986] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1357'.
[  146.585957][ T7980] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1354: corrupted inode contents
[  146.630315][ T7980] EXT4-fs (loop3): Remounting filesystem read-only
[  146.652045][ T7980] EXT4-fs (loop3): 1 truncate cleaned up
[  146.658452][  T558] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  146.670618][  T558] __quota_error: 266 callbacks suppressed
[  146.670635][  T558] Quota error (device loop3): write_blk: dquota write failed
[  146.684870][  T558] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries
[  146.696035][  T558] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  146.707760][  T558] Quota error (device loop3): write_blk: dquota write failed
[  146.715968][  T558] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list
[  146.735290][  T558] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  146.746762][  T558] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  146.757425][  T558] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  146.770578][ T7980] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  146.785590][ T7980] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.807276][ T8001] lo speed is unknown, defaulting to 1000
[  146.992446][ T7976] loop0: detected capacity change from 0 to 1024
[  147.000190][ T7976] EXT4-fs: Ignoring removed orlov option
[  147.012313][ T7976] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.335354][ T8029] netlink: 'syz.3.1374': attribute type 13 has an invalid length.
[  147.343496][ T8029] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1374'.
[  147.361767][ T8031] loop1: detected capacity change from 0 to 2048
[  147.378169][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.415636][ T8031]  loop1: p2 p3 p7
[  147.469435][ T8041] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1376'.
[  147.494095][ T8041] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1376'.
[  147.536313][ T8046] lo speed is unknown, defaulting to 1000
[  147.575253][   T29] audit: type=1326 audit(1755942440.981:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8045 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e4e83ebe9 code=0x7ffc0000
[  147.625388][ T8041] lo speed is unknown, defaulting to 1000
[  147.632974][   T29] audit: type=1326 audit(1755942440.981:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8045 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e4e83ebe9 code=0x7ffc0000
[  147.658132][   T29] audit: type=1326 audit(1755942440.981:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8045 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f7e4e83ebe9 code=0x7ffc0000
[  147.684677][   T29] audit: type=1326 audit(1755942441.011:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8045 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7e4e83ec23 code=0x7ffc0000
[  148.308903][ T8077] loop1: detected capacity change from 0 to 512
[  148.353980][ T8077] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  148.400861][ T8077] EXT4-fs (loop1): orphan cleanup on readonly fs
[  148.450670][ T8077] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1389: corrupted inode contents
[  148.523143][ T8077] EXT4-fs (loop1): Remounting filesystem read-only
[  148.542404][ T8083] loop6: detected capacity change from 0 to 512
[  148.554415][ T8083] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  148.571178][ T8077] EXT4-fs (loop1): 1 truncate cleaned up
[  148.579304][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  148.591877][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  148.607192][ T8083] EXT4-fs (loop6): 1 orphan inode deleted
[  148.631551][ T8083] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.646851][   T31] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  148.685287][ T8083] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.837768][   T31] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:1: Failed to release dquot type 1
[  148.869292][ T7163] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.880262][ T8077] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  148.901761][ T8077] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.929598][ T8088] lo speed is unknown, defaulting to 1000
[  149.017660][ T8093] loop0: detected capacity change from 0 to 1024
[  149.036283][ T8095] loop3: detected capacity change from 0 to 512
[  149.074951][ T8095] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  149.088862][ T8093] EXT4-fs: Ignoring removed orlov option
[  149.101234][ T8095] EXT4-fs (loop3): orphan cleanup on readonly fs
[  149.120819][ T8095] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1396: corrupted inode contents
[  149.175125][ T8101] lo speed is unknown, defaulting to 1000
[  149.201837][ T8095] EXT4-fs (loop3): Remounting filesystem read-only
[  149.209838][ T8095] EXT4-fs (loop3): 1 truncate cleaned up
[  149.217067][  T558] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  149.228307][  T558] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  149.252634][ T8103] loop6: detected capacity change from 0 to 2048
[  149.259778][  T558] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  149.282563][ T8093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.296631][ T8095] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  149.311712][ T8095] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.444039][ T8110] loop1: detected capacity change from 0 to 512
[  149.454047][ T8103]  loop6: p2 p3 p7
[  149.504273][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.519370][ T8110] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  149.571224][ T8110] EXT4-fs (loop1): orphan cleanup on readonly fs
[  149.592606][ T8120] loop0: detected capacity change from 0 to 128
[  149.623094][ T8110] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1400: corrupted inode contents
[  149.691125][ T8110] EXT4-fs (loop1): Remounting filesystem read-only
[  149.711265][ T8110] EXT4-fs (loop1): 1 truncate cleaned up
[  149.717940][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  149.730574][   T31] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  149.784964][ T8126] netem: unknown loss type 12
[  149.790053][ T8126] netem: change failed
[  149.815806][   T31] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  149.851060][ T8126] loop4: detected capacity change from 0 to 512
[  149.864904][ T8110] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  149.937994][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.947682][ T8126] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  149.966786][ T8129] loop6: detected capacity change from 0 to 2048
[  149.979674][ T8137] netlink: 'syz.3.1409': attribute type 13 has an invalid length.
[  150.036956][ T8129]  loop6: p2 p3 p7
[  150.049588][ T8126] EXT4-fs (loop4): mount failed
[  150.084580][ T8139] lo speed is unknown, defaulting to 1000
[  150.465770][ T8162] loop4: detected capacity change from 0 to 512
[  150.522181][ T8160] loop1: detected capacity change from 0 to 2048
[  150.530237][ T8162] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  150.570413][ T8162] EXT4-fs (loop4): orphan cleanup on readonly fs
[  150.589347][ T8160]  loop1: p2 p3 p7
[  150.604070][ T8162] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1419: corrupted inode contents
[  150.736139][ T8162] EXT4-fs (loop4): Remounting filesystem read-only
[  150.752136][ T8162] EXT4-fs (loop4): 1 truncate cleaned up
[  150.758553][   T12] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  150.769895][   T12] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  150.820940][   T12] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  150.823962][ T8175] vhci_hcd: invalid port number 96
[  150.837937][ T8175] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  150.851502][ T8162] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  150.905806][ T8162] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.339957][ T8177] loop0: detected capacity change from 0 to 1024
[  151.348662][ T8177] EXT4-fs: Ignoring removed orlov option
[  151.361125][ T8177] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.427058][ T8196] __nla_validate_parse: 8 callbacks suppressed
[  151.427080][ T8196] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1425'.
[  151.490535][ T8200] loop6: detected capacity change from 0 to 512
[  151.571326][ T8200] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  151.630689][ T8200] EXT4-fs (loop6): orphan cleanup on readonly fs
[  151.704566][ T8200] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.1425: corrupted inode contents
[  151.753005][ T8200] EXT4-fs (loop6): Remounting filesystem read-only
[  151.821210][ T8200] EXT4-fs (loop6): 1 truncate cleaned up
[  151.827954][ T8209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1430'.
[  151.831235][  T558] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  151.849271][  T558] __quota_error: 57 callbacks suppressed
[  151.849288][  T558] Quota error (device loop6): write_blk: dquota write failed
[  151.864368][  T558] Quota error (device loop6): remove_free_dqentry: Can't write block (5) with free entries
[  151.876277][  T558] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  151.887806][  T558] Quota error (device loop6): write_blk: dquota write failed
[  151.895921][  T558] Quota error (device loop6): free_dqentry: Can't move quota data block (5) to free list
[  151.949427][  T558] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  151.960788][  T558] Quota error (device loop6): v2_write_file_info: Can't write info structure
[  152.006214][  T558] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  152.032646][ T8200] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  152.036657][ T8198] loop1: detected capacity change from 0 to 1024
[  152.089282][ T8198] EXT4-fs: Ignoring removed orlov option
[  152.132558][ T8198] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.339073][ T8221] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1434'.
[  152.349267][ T7163] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.368090][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.389592][ T8221] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1434'.
[  152.450729][ T8225] loop0: detected capacity change from 0 to 2048
[  152.451801][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.533161][ T8226] loop4: detected capacity change from 0 to 512
[  152.544924][ T8226] FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 4)
[  152.549947][ T8225]  loop0: p2 p3 p7
[  152.586914][ T8226] FAT-fs (loop4): FAT read failed (blocknr 52768)
[  152.704708][ T8226] lo speed is unknown, defaulting to 1000
[  152.801873][   T29] audit: type=1326 audit(1755942446.211:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8230 comm="syz.0.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f657e5aebe9 code=0x7ffc0000
[  152.890608][ T8237] netlink: 'syz.3.1439': attribute type 13 has an invalid length.
[  152.899889][ T8237] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1439'.
[  152.900213][   T29] audit: type=1326 audit(1755942446.231:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8230 comm="syz.0.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f657e5aebe9 code=0x7ffc0000
[  152.934044][   T29] audit: type=1326 audit(1755942446.241:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8230 comm="syz.0.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f657e5aebe9 code=0x7ffc0000
[  152.959692][   T29] audit: type=1326 audit(1755942446.241:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8230 comm="syz.0.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f657e5aec23 code=0x7ffc0000
[  153.001257][ T8231] lo speed is unknown, defaulting to 1000
[  153.191360][ T8251] loop6: detected capacity change from 0 to 1024
[  153.206574][ T8248] lo speed is unknown, defaulting to 1000
[  153.206930][ T8251] EXT4-fs: Ignoring removed orlov option
[  153.403858][ T8256] lo speed is unknown, defaulting to 1000
[  153.404109][ T8260] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1446'.
[  153.420713][ T8260] netem: unknown loss type 12
[  153.425801][ T8260] netem: change failed
[  153.670646][ T8268] loop3: detected capacity change from 0 to 1024
[  153.699094][ T8268] EXT4-fs: Ignoring removed orlov option
[  153.992236][ T8280] lo speed is unknown, defaulting to 1000
[  154.296298][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1453'.
[  154.413663][ T8292] loop1: detected capacity change from 0 to 512
[  154.416323][ T8296] loop4: detected capacity change from 0 to 1024
[  154.462638][ T8296] EXT4-fs: Ignoring removed orlov option
[  154.623801][ T8306] vhci_hcd: invalid port number 96
[  154.629569][ T8306] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  154.647961][ T8292] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  154.658766][ T8300] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1458'.
[  154.668337][ T8289] loop0: detected capacity change from 0 to 1024
[  154.676972][ T8289] EXT4-fs: Ignoring removed orlov option
[  154.753233][ T8292] EXT4-fs (loop1): orphan cleanup on readonly fs
[  154.813868][ T3310] ==================================================================
[  154.822564][ T3310] BUG: KCSAN: data-race in find_get_block_common / has_bh_in_lru
[  154.831732][ T3310] 
[  154.834319][ T3310] read-write to 0xffff888237c26f50 of 8 bytes by task 8297 on cpu 0:
[  154.843199][ T3310]  find_get_block_common+0x4f0/0x960
[  154.849221][ T3310]  bdev_getblk+0x83/0x3b0
[  154.853680][ T3310]  __ext4_get_inode_loc+0x303/0x930
[  154.859130][ T3310]  ext4_get_inode_loc+0x66/0xe0
[  154.864625][ T3310]  ext4_xattr_ibody_get+0x92/0x2c0
[  154.870482][ T3310]  ext4_update_inline_data+0x18b/0x310
[  154.876317][ T3310]  ext4_prepare_inline_data+0xdc/0x140
[  154.882470][ T3310]  ext4_generic_write_inline_data+0x167/0x740
[  154.889113][ T3310]  ext4_try_to_write_inline_data+0x74/0x90
[  154.895226][ T3310]  ext4_write_begin+0x1b3/0xeb0
[  154.900448][ T3310]  generic_perform_write+0x184/0x490
[  154.905853][ T3310]  ext4_buffered_write_iter+0x1ee/0x3c0
[  154.911705][ T3310]  ext4_file_write_iter+0x383/0xf00
[  154.917301][ T3310]  iter_file_splice_write+0x666/0xa60
[  154.922883][ T3310]  direct_splice_actor+0x156/0x2a0
[  154.928293][ T3310]  splice_direct_to_actor+0x312/0x680
[  154.933941][ T3310]  do_splice_direct+0xda/0x150
[  154.939451][ T3310]  do_sendfile+0x380/0x650
[  154.944144][ T3310]  __x64_sys_sendfile64+0x105/0x150
[  154.949537][ T3310]  x64_sys_call+0x2bb0/0x2ff0
[  154.955089][ T3310]  do_syscall_64+0xd2/0x200
[  154.960566][ T3310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.966730][ T3310] 
[  154.969533][ T3310] read to 0xffff888237c26f50 of 8 bytes by task 3310 on cpu 1:
[  154.978015][ T3310]  has_bh_in_lru+0x35/0x1f0
[  154.983056][ T3310]  __lru_add_drain_all+0x234/0x3f0
[  154.988612][ T3310]  lru_add_drain_all+0x10/0x20
[  154.993552][ T3310]  invalidate_bdev+0x47/0x70
[  154.998254][ T3310]  ext4_put_super+0x624/0x7d0
[  155.003639][ T3310]  generic_shutdown_super+0xe6/0x210
[  155.009064][ T3310]  kill_block_super+0x2a/0x70
[  155.014383][ T3310]  ext4_kill_sb+0x42/0x80
[  155.019428][ T3310]  deactivate_locked_super+0x75/0x1c0
[  155.024991][ T3310]  deactivate_super+0x97/0xa0
[  155.029966][ T3310]  cleanup_mnt+0x269/0x2e0
[  155.035005][ T3310]  __cleanup_mnt+0x19/0x20
[  155.040137][ T3310]  task_work_run+0x131/0x1a0
[  155.044915][ T3310]  exit_to_user_mode_loop+0xe4/0x100
[  155.050293][ T3310]  do_syscall_64+0x1d6/0x200
[  155.055420][ T3310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.061495][ T3310] 
[  155.064087][ T3310] value changed: 0x0000000000000000 -> 0xffff888100610410
[  155.071725][ T3310] 
[  155.074141][ T3310] Reported by Kernel Concurrency Sanitizer on:
[  155.080826][ T3310] CPU: 1 UID: 0 PID: 3310 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  155.093166][ T3310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  155.103510][ T3310] ==================================================================
[  155.143245][ T8315] loop4: detected capacity change from 0 to 512
[  155.148877][ T8292] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1453: corrupted inode contents
[  155.189282][ T8315] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  155.210312][ T8292] EXT4-fs (loop1): Remounting filesystem read-only
[  155.249051][ T8321] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1463'.
[  155.259574][ T8315] EXT4-fs (loop4): mount failed
[  155.287014][ T8292] EXT4-fs (loop1): 1 truncate cleaned up
[  155.294164][ T3436] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  155.306323][ T3436] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  155.346015][ T8321] loop6: detected capacity change from 0 to 512
[  155.358712][ T3436] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  155.387591][ T8321] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  155.396464][ T8321] EXT4-fs (loop6): orphan cleanup on readonly fs
[  155.421065][ T8321] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.1463: corrupted inode contents
[  155.451139][ T8321] EXT4-fs (loop6): Remounting filesystem read-only
[  155.458039][ T8321] EXT4-fs (loop6): 1 truncate cleaned up
[  155.464283][   T51] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  155.475845][   T51] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  155.511925][   T51] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started