last executing test programs:

4m51.311757067s ago: executing program 3 (id=1406):
pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x1403, 0x400, 0x70bd28, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'netpci0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4084891}, 0x4)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x1, 0x40, 0x7f, 0x4c12, r1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x3, 0xd}, 0x50)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80800)
vmsplice(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="e3", 0x1}], 0x1, 0x8)
fcntl$setpipe(r2, 0x407, 0x176)
vmsplice(r3, &(0x7f0000001080)=[{&(0x7f0000000a40)='5', 0x1}], 0x1, 0x8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0}, 0x94)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

4m50.338806096s ago: executing program 3 (id=1422):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r4 = dup(r1)
write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)

4m49.716409058s ago: executing program 3 (id=1432):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f0000000640), 0x1, 0x451, &(0x7f00000001c0)="$eJzs28tvG0UYAPBv7SQlfZBQlUcfQKAgyitp0lJ64AICiQNISHAox5CkVanboCZItKqgRagcUSVOvSAuSEj8BZzggoATEle4I6QK5dLCyWhtb2O7thOnjhfq30/adGZ30vk+7449uxMHMLAm0h9JxPaI+C0ixqrVxgYT1X9urFyY+3vlwlwS5fKbfyWVdtdXLsxlTbPf25ZVhiIKnySxt0W/S+fOn5otlRbO1upTy6ffm1o6d/7Zk6dnTyycWDgzc/To4UPTzx+Zea4neaZ5Xd/z4eK+3a++feX1uWNX3vnpmyTLvymPHpnodPDxcrnH3eVrR105GcoxELpSrA7TGK6M/7EoxurJG4tXPs41OGBTlcvl8n3tD18sA3ewJPKOAMhH9kGf3v9mW5+mHv8J116s3gCled+obdUjQ1GotRluur/tpYmIOHbxny/SLTbnOQQAQIPv0vnPM63mf4Wofy50d20NZTwi7omInRFxJCJ2RcS9EZW290fEA13237xIcuv8pzC8ocTWKZ3/vVBb22qc/2Wzvxgv1mo7KvkPJ8dPlhYO1l6TAzG8Ja1Pd+jj+5d//azdsfr5X7ql/WdzwUvVOP4c2tL4O/Ozy7O3m3fm2qWIPUOt8k9urgQkEbE7IvZssI+TT329r92xTvmvqQfrTOUvI56onv+L0ZR/Jum8Pjl1V5QWDk5lV8Wtfv7l8hvt+r+t/HsgPf9bW17/N/MfT+rXa5e6+d+vPpn+vPz7p23vadbOv/X1P5K81bDvg9nl5bPTESPJa9Wg6/fPNLWbWW2f5n9gf+vxvzNWX4m9EZFexA9GxEMR8XAt9kci4tGI2N/hVfjxpcfe3Xj+myvNf76r879aGInmPa0LxVM/fNvQ6Xg3+afn/3CldKC2Zz3vf+uJq9urGQAAAP6vChGxPZLC5M1yoTA5Wf0b/l2xtVBaXFp++vji+2fmq98RGI/hQvaka6zueeh07bY+q8801Q/Vnht/Xhyt1CfnFkvzeScPA25bm/Gf+qOYtbqaY4TApvJ9LRhcxj8MLuMfBtZXC3lHAORkZbTF5/9oHpEA/ddq/v9RDnEA/dc0/ot5xQH0n+d/MLg2Mv69Z8CdoeNYHulfHEBfLY3G2l+SVxigwmjEui6JKOQeqsImFvJ+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiNfwMAAP//0YXoCg==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r2, r3, 0x0, 0x80000000007)

4m49.476010902s ago: executing program 3 (id=1440):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x800, 0x11c, 0x1}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000005afd0000000000000000112000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
syz_clone(0xd024100, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
read(r3, &(0x7f0000000040)=""/148, 0xffffff96)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0xa54a9d76e5e2e84, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = fsopen(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x18)
poll(0x0, 0x0, 0x9)
r7 = fsmount(r6, 0x0, 0x6)
r8 = creat(&(0x7f0000003440)='./file0\x00', 0x4)
fcntl$setownex(r8, 0xf, &(0x7f00000054c0))
fcntl$getflags(r8, 0xb)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r9}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r10, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
syz_mount_image$ext4(&(0x7f0000000680)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@quota}, {@oldalloc}, {@barrier_val={'barrier', 0x3d, 0x4000003}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000d80)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
r11 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r11, 0x0)

4m48.775574016s ago: executing program 3 (id=1446):
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000020000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7400006e733d66642c7266644b1059", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',version=9p2000.u,\x00'])

4m48.359094984s ago: executing program 3 (id=1453):
r0 = socket(0x840000000002, 0x3, 0xa)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x2, 0x4004040)

4m48.337032775s ago: executing program 32 (id=1453):
r0 = socket(0x840000000002, 0x3, 0xa)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x2, 0x4004040)

4m3.872150029s ago: executing program 1 (id=2021):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x6a040000)
perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0x99, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80040, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0xf}, 0x8781, 0x2000000, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)

4m2.071516474s ago: executing program 1 (id=2026):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
r3 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r3)
waitid(0x0, 0x0, 0x0, 0xe, 0x0) (fail_nth: 7)

4m1.318093119s ago: executing program 1 (id=2037):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

4m1.305472649s ago: executing program 1 (id=2038):
r0 = syz_open_dev$sg(0x0, 0x0, 0x8002)
fcntl$dupfd(r0, 0x0, r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
pipe2$9p(&(0x7f0000002180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB, @ANYRESHEX=r2, @ANYBLOB="2c63616368653d6d7461ce191b69c594f970636c2c64666c747569643d", @ANYRESHEX, @ANYBLOB=',dont_hash,euid>', @ANYRESDEC, @ANYBLOB=',smackfsdef=wfdno,\x00'])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='percpu_free_percpu\x00'}, 0x18)
msgget(0x1, 0x2b0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8943, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a3100000000080041007278650014003300"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0x100000}, 0x10)
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)

3m58.218712169s ago: executing program 1 (id=2072):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000040003"], 0xa8}}, 0x0)

3m58.071634262s ago: executing program 1 (id=2074):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000050f23900000000000900000000000000"], 0x50)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYRES32=r4, @ANYRES32=r3], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff76, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000702f8ffffffb7030ccd78eb0100000000000000000085975f00030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r9 = openat$cgroup_procs(r8, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r9, &(0x7f00000001c0), 0x12)
r10 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r10, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x7c00, 0x0, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000340)='thermal_power_cpu_get_power\x00', r5, 0x0, 0x2}, 0x18)

3m43.024119165s ago: executing program 33 (id=2074):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000050f23900000000000900000000000000"], 0x50)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYRES32=r4, @ANYRES32=r3], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff76, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000702f8ffffffb7030ccd78eb0100000000000000000085975f00030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r9 = openat$cgroup_procs(r8, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r9, &(0x7f00000001c0), 0x12)
r10 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r10, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x7c00, 0x0, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000340)='thermal_power_cpu_get_power\x00', r5, 0x0, 0x2}, 0x18)

3.763542327s ago: executing program 6 (id=5597):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
r4 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)
write$hidraw(r4, &(0x7f00000006c0)="3a04", 0x2)

3.763095917s ago: executing program 6 (id=5598):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r0}, 0x10)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote, 0x4}}}, 0x108)

3.684685569s ago: executing program 6 (id=5599):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[], 0x340a)

2.236122527s ago: executing program 0 (id=5620):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2.151322399s ago: executing program 0 (id=5623):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000130000008500000086000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)

2.134426849s ago: executing program 0 (id=5624):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
quotactl$Q_QUOTAON(0xffffffff80000201, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
waitid(0x0, 0x0, 0x0, 0xe, 0x0)

1.973519732s ago: executing program 6 (id=5631):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, 0x0, 0x340a)

1.737234607s ago: executing program 2 (id=5637):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x100000000000000)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@local, @in6=@mcast2}}, {{@in=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000100)=0xe8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r2], 0x38}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
close(r4)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="30000000101401"], 0x30}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r4, r4}, 0xc)

1.671601118s ago: executing program 2 (id=5639):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)
write$hidraw(r3, &(0x7f00000006c0)="3a04", 0x2)

1.651691189s ago: executing program 2 (id=5641):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[], 0x340a)

1.485054682s ago: executing program 2 (id=5646):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gh/UV7c/0vjvvz5t/zvrmIOZTAi7o6I3RFxT0TsiYh7I/K290fEA6uM5/b+T3pllR+5rKz/91wxt7W4/1f2/mKwp6jtzPPvS45P12sHi//JcPRtyepjy6zjmxd//qTdsub+X/bI1l/2BYs4rvS2DNBNTcxN5J3SDrh6MWJf71L5JzdnApKI2BsR+1b20bvKwvQTX+5v1+jO+S+jA/NMC19k6c1n+c9HS/6lpHl+cvq2+cnRrVGvHRwt94rb/fjTpdfarX9V+XfA1VrjuWn7tzYZTJrna2dXvo5Lv37U9p7mP+7/aX/yRj7PXJ673puYmzszFtGfHM3ri14fv/Xesl62z/b/4QNLH/+7i/dk+T8YEdlO/FBEPBwRjxSxPxoRj0XEgWXy//6F9svK/COtaPtfjJha8vx3c/9v2f4rL/Sc/O7rduv/d9v/cF4aLl7Jz393sFQ42emiNcDV/O8AAADg/yLNvwOfpCM3y2k6MtL4Dv+euCutz8zOPXl85p3TU43vyg9GX1qOdA0U46H16XptLJkvPrExPjpejBWX46WHinHjT3u25fWRyZn6VMW5Q7fb3ub4z/zeU3V0wBrbtuSr4/3rHghQgdZ59HRx9cKr4WQAm5Xfa0P3usPxn65XHMD6c/2H7rXU8X+hpW4uADYn13/oXo5/6FLpt1VHAFTI9R+60mp+17+Gha0bI4xqCht1o+SFiLKQboh4FNaoUPWZCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDP+CQAA//9Chukd")
r0 = semget$private(0x0, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f0000000600)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x18)
ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f0000000080)=0x14)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000007c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0500000000000000df25250000000e0001006e657464657673696d004b000f0002006e09d0a01574ad085a4c73116f927caa5da3648a59e939dfb8b9536198fc93e0cad9bf0204d211572741c1d5b56d34bf5500000000000000f65f3e47ccb45aefaf9c459c1973d99f797732fe15e3e65365ca3b12162196cade03b7d903224ee30e3f1e43148482d74844c45668a2cd3678cc8840bc248a8c206accf17fe9042a89d84ae3fa982d10d3b754a9396d959e8eba4347359104e1dc1225509b03aa7d5798e29ac0d0ca2f"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
close(r1)
semop(r0, &(0x7f00000002c0)=[{0x0, 0xec7b, 0x1000}], 0x1)
semop(r0, &(0x7f0000000000)=[{0x0, 0xffff}, {0x0, 0x8, 0x800}], 0x2)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000200)=[0x3, 0x3])
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r6 = syz_open_procfs(0x0, &(0x7f0000000440)='timerslack_ns\x00')
r7 = syz_open_procfs(0x0, &(0x7f0000000180)='wchan\x00')
pread64(r7, &(0x7f0000001040)=""/102386, 0x18ff2, 0xe289)
pread64(r6, &(0x7f0000000280)=""/177, 0xb1, 0xb0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
faccessat(0xffffffffffffffff, 0x0, 0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x2}, 0x18)
r9 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2781)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
fcntl$dupfd(r9, 0x0, r9)

1.372570624s ago: executing program 5 (id=5647):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000040000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r1)
waitid(0x0, 0x0, 0x0, 0xe, 0x0)

1.289095695s ago: executing program 0 (id=5648):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r1)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)

1.231949056s ago: executing program 5 (id=5649):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
connect$inet6(r1, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c)
connect$pppl2tp(r0, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)

1.210684587s ago: executing program 5 (id=5650):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4084)

1.177658497s ago: executing program 5 (id=5651):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r3, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r3, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60010020, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r5=>0x0})
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xb, 0xd, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000001200000000000000000000850e08005000000018110067239cbfd641de4a2c2465e05fff70480a8ed3ce7cd9a5c3ecbb43e2f7e44600", @ANYRES16=r5, @ANYBLOB="0700000000000000b70800000000ff0f0000f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000095", @ANYRES16=r1, @ANYRESOCT=r0, @ANYRES8], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x68e022)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r7, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r7, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x3498, 0x969, 0x0, 0x0, 0x0)

1.079495759s ago: executing program 4 (id=5652):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a0000000000008500000006000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000840)={0x34, r2, 0x1, 0x0, 0xfffffffc, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1.07690132s ago: executing program 0 (id=5653):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000000240)=""/61}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0xfffffffeffffffff, 0x120741)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x8008551d, &(0x7f0000000780)=ANY=[@ANYBLOB="308c000001"])
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xe, 0xfff2}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x4}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44044}, 0x4048084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000002c0)=ANY=[], 0xff2e)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x10, "0062ba7d82000000000000000000f7ffffff00"})
r7 = syz_open_pts(r6, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x17)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000001100)=0x12)
r9 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
splice(r4, 0x0, r9, 0x0, 0x4ffe6, 0x0)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x5})

1.06031041s ago: executing program 4 (id=5654):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="02000000010004000000000004000500a9930000100000000000000020"], 0x24, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x47f}]}, 0x3c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000040)={'ip6tnl0\x00', 0x0})
open(&(0x7f00000001c0)='./file1\x00', 0x16f07e, 0x88)

977.992072ms ago: executing program 4 (id=5655):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000001880), 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bind$inet6(r0, &(0x7f0000000a00)={0xa, 0x4e20, 0x16b, @empty, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @empty, 0x9f}, 0x1c)

962.242032ms ago: executing program 4 (id=5656):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000040)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@resgid={'resgid', 0x3d, 0xee01}}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r2, &(0x7f00000008c0)="3bf58d7d45d32cfe1da7c797b82fee444b42785c24a868a4046cf670ba8f376c429a424fcc374c08887ba2bb530d843b61bf79a3879fa0", 0x37)
sendfile(r2, r0, 0x0, 0x3ffff)
sendfile(r2, r0, 0x0, 0x7fffeffd)

624.206408ms ago: executing program 2 (id=5657):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x4c}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
membarrier(0x2, 0x0)

601.219159ms ago: executing program 2 (id=5658):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
quotactl$Q_QUOTAON(0xffffffff80000201, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
waitid(0x0, 0x0, 0x0, 0xe, 0x0)

540.38468ms ago: executing program 6 (id=5659):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x4, 0x7ffc1ffb}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f0000000280)=0x9, 0x4)
bind$inet6(r0, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000ac0)="7e3f180000b1fd319d308a50bef5ebdb90499400382eb7a905412f5673fdc2654db375950a726c017258f045c922bf7128eb161d3db9680923d4a6dfe77e9fa506bd033e455b2e2772e3a92cc96f89e81d893ed8822e1b632331d1d010f9b6eecd641bf6268d031be39afcf5c33a4c1942815e7cab1f2bacfd0a515583bfb61aa9b2bdc98f0ab2165dd526e9d7b3aa97e5647ec9c2d48567110000000000000000000000000000b2cdcac62372f9e7a81aa2d3c207ee5d33451f0a32dda8f6453d0455253b40bb174c651131da32a7fb13264b39e5538c5da23722916d648fba99c8902893cbe91f7b5e9f43e54970dcf7aa2db53d2d4dfa249ed74b3d81a9a7c2189787ee2142add11d167cba4eec07a16880a1317e75117d6a07b96e3e06dcaeb234e757ecc57a620e5e935c8894e3b5d807a910", 0x135, 0x20000844, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8)
r2 = dup(r0)
sendto$inet6(r2, 0x0, 0x0, 0x4041, 0x0, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000080)=0x4, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000054)

539.78452ms ago: executing program 6 (id=5660):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000040)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@resgid={'resgid', 0x3d, 0xee01}}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r2, &(0x7f00000008c0)="3bf58d7d45d32cfe1da7c797b82fee444b42785c24a868a4046cf670ba8f376c429a424fcc374c08887ba2bb530d843b61bf79a3879fa0", 0x37)
sendfile(r2, r0, 0x0, 0x3ffff)
sendfile(r2, r0, 0x0, 0x7fffeffd)

314.796365ms ago: executing program 5 (id=5661):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)

314.354904ms ago: executing program 5 (id=5662):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x2004000, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], 0xfe, 0x1227, &(0x7f00000024c0)="$eJzs3M9rHGUYB/DHTdrUxPxQa7WC9MVe9DIkOXhRkCApSBeUthFaQZiajS4Zd0NmCayI0ZNXL/4BXsWjN0G86SUe/Bu85eLRgzrSnbY2djVotRPD53PZh33nC8+7s7zwLvvO/gsfv7O5UWYb+SBaD7wYra2IyV9SpGjFLR/Es89/8+1Tl69eu7jSbq9eSunCypWl51JKc+e+ev29z5/+ejDz2hdzX07F3sIb+z8u/7B3Zu/s/q9X3u6WqVumXn+Q8nS93x/k14tOWu+Wm1lKrxadvOykbq/sbB8Y3yj6W1vDlPfWZ6e3tjtlmfLeMG12hmnQT4PtYcrfyru9lGVZmp0O7sXaZz9VVRVRVSfiZFRVVT0Y09GKh2I25mI+FuLheCQejdPxWJyJx+OJODu6qum+AQAAAAAAAAAAAAAAAAAA4HgZd/5/5q7z/59EjDv/f67h5gEAAAAAAAAAAAAAAAAAAOCYuHz12sWVdnv1UkqnIoqPdtZ21urXenxlI7pRRCcWYz5+jtHp/1pdn4z26mIaWYgPi92b+d2dtYmD+aXR4wTuyl94ub26VOfTwfxUTN+ZX475OD0+v/yH/PlR/lQ8c/6OfBbz8f2b0Y8i1uNG9vf8+0spvfRK+3b+u7167usN3hcAAAD4N2XptrH79yz7s/E6f9jvAzf214tj9/eT8eRks3Mnohy+u5kXRWe78eJWR/U7uxFxRBr7x0UrIo5AG39RnDj0mpkGGvt0JuIe4hMHvkhH4nP+PxaHrRwT/+m6xP1x86ZPNd0HAAAAAAAAAAAAf8/9+Dth03MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd24FgAAAAAQJi/dRodGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAQAA//+siMjP")
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400"], 0x48)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00'}, 0x18)
mlockall(0x7)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, 0x0, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x20008000)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r4}, 0x10)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x3}, 0x0, 0x0)

134.778388ms ago: executing program 0 (id=5663):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r1)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b000000"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)

43.907809ms ago: executing program 4 (id=5664):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote, 0x4}}}, 0x108)

0s ago: executing program 4 (id=5665):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x17c, r2, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe8, 0xa8, @random="20bac7d291183e959990767bb8b441542323540546ea5de0a3a67cc61535f78e4e1f1caf75bf875745e7583fd92d6769e3127ab10278bc4e87e88fac829748d5f8ac4e79429c9481f9a98e866d4d26e68235d0dceb8d6a643dad161678329dad51a271abce3944758f6f2e22f96d594af0db4e691114e50528c08a5aabd481aac430f35e575ec9ffeee9a1d2b1c25b2db0e7363f04a8978f2d90ae1ec68158fbb3d2e1db2ae7d226accccb31252e15f025b9eb1f0ab8840cc7659e001078c5d6f0e358ea95191159246084d8d1b26e4a14816dd18ae8cc6d05e5f881b95cab2024fc140f"}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xc2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xdd1c}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x6}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x10000}, @handle=@pci={{0x8}, {0x11}}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4001}, 0x51)
socket$packet(0x11, 0x3, 0x300)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

kernel console output (not intermixed with test programs):

4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.361913][   T29] audit: type=1326 audit(1758346925.164:24150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.386500][   T29] audit: type=1326 audit(1758346925.164:24151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.388432][T18059] EXT4-fs (loop0): 1 truncate cleaned up
[  390.410294][   T29] audit: type=1326 audit(1758346925.164:24152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.439633][   T29] audit: type=1326 audit(1758346925.164:24153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.464298][   T29] audit: type=1326 audit(1758346925.164:24154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.488994][T18059] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.511493][   T29] audit: type=1326 audit(1758346925.244:24155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18089 comm="syz.2.4836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  390.737728][T12767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.923792][T18103] wireguard0: entered promiscuous mode
[  390.929424][T18103] wireguard0: entered allmulticast mode
[  391.090797][T18115] pim6reg1: entered promiscuous mode
[  391.096251][T18115] pim6reg1: entered allmulticast mode
[  391.124339][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.160324][T18119] loop5: detected capacity change from 0 to 512
[  391.178994][T18119] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  391.186018][T18121] pim6reg1: entered promiscuous mode
[  391.194608][T18121] pim6reg1: entered allmulticast mode
[  391.222298][T18119] EXT4-fs (loop5): 1 truncate cleaned up
[  391.238936][T18119] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  391.468878][T18133] loop6: detected capacity change from 0 to 512
[  391.657549][T18133] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  391.679244][T18133] EXT4-fs (loop6): 1 truncate cleaned up
[  391.688424][T18133] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  391.721011][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.750882][T18133] EXT4-fs error (device loop6): ext4_ext_precache:632: inode #15: comm syz.6.4852: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  391.816694][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.845808][T18146] wireguard2: entered promiscuous mode
[  391.851334][T18146] wireguard2: entered allmulticast mode
[  391.915000][T18156] pim6reg1: entered promiscuous mode
[  391.920575][T18156] pim6reg1: entered allmulticast mode
[  392.004909][T18165] wireguard0: entered promiscuous mode
[  392.010700][T18165] wireguard0: entered allmulticast mode
[  392.090806][T18180] tmpfs: Bad value for 'mpol'
[  392.120434][T18183] 9pnet: Could not find request transport: o=
[  392.128419][T18183] netlink: 'syz.5.4871': attribute type 5 has an invalid length.
[  392.229759][T18198] wireguard0: entered promiscuous mode
[  392.235648][T18198] wireguard0: entered allmulticast mode
[  392.277698][T18183] tipc: Started in network mode
[  392.282793][T18183] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  392.292036][T18183] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  392.300544][T18183] tipc: Enabled bearer <udp:syz1>, priority 10
[  392.363818][T18204] pim6reg1: entered promiscuous mode
[  392.369171][T18204] pim6reg1: entered allmulticast mode
[  392.393463][T18206] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4879'.
[  392.436722][T18212] usb usb1: usbfs: process 18212 (syz.2.4881) did not claim interface 0 before use
[  392.471101][T18215] tmpfs: Bad value for 'mpol'
[  392.542984][T18223] loop2: detected capacity change from 0 to 1024
[  392.554400][T18223] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  392.576783][T18228] FAULT_INJECTION: forcing a failure.
[  392.576783][T18228] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.589996][T18228] CPU: 1 UID: 0 PID: 18228 Comm: syz.5.4888 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  392.590031][T18228] Tainted: [W]=WARN
[  392.590078][T18228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  392.590093][T18228] Call Trace:
[  392.590103][T18228]  <TASK>
[  392.590141][T18228]  __dump_stack+0x1d/0x30
[  392.590169][T18228]  dump_stack_lvl+0xe8/0x140
[  392.590191][T18228]  dump_stack+0x15/0x1b
[  392.590211][T18228]  should_fail_ex+0x265/0x280
[  392.590260][T18228]  should_fail+0xb/0x20
[  392.590286][T18228]  should_fail_usercopy+0x1a/0x20
[  392.590392][T18228]  strncpy_from_user+0x25/0x230
[  392.590421][T18228]  ? kmem_cache_alloc_noprof+0x186/0x310
[  392.590478][T18228]  ? getname_flags+0x80/0x3b0
[  392.590575][T18228]  getname_flags+0xae/0x3b0
[  392.590607][T18228]  __se_sys_newlstat+0x4b/0x280
[  392.590648][T18228]  ? fput+0x8f/0xc0
[  392.590771][T18228]  ? ksys_write+0x192/0x1a0
[  392.590838][T18228]  __x64_sys_newlstat+0x31/0x40
[  392.590866][T18228]  x64_sys_call+0x1b88/0x2ff0
[  392.590891][T18228]  do_syscall_64+0xd2/0x200
[  392.591001][T18228]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  392.591032][T18228]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  392.591069][T18228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.591096][T18228] RIP: 0033:0x7f1ecbacec29
[  392.591175][T18228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.591193][T18228] RSP: 002b:00007f1eca537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  392.591220][T18228] RAX: ffffffffffffffda RBX: 00007f1ecbd15fa0 RCX: 00007f1ecbacec29
[  392.591237][T18228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  392.591278][T18228] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 0000000000000000
[  392.591302][T18228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.591316][T18228] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  392.591334][T18228]  </TASK>
[  392.796330][T18223] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.4887: lblock 1 mapped to illegal pblock 1 (length 1)
[  392.810716][T18223] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.4887: Failed to acquire dquot type 0
[  392.823166][T18223] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.4887: Freeing blocks not in datazone - block = 0, count = 4096
[  392.842388][T18223] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.4887: Invalid inode bitmap blk 0 in block_group 0
[  392.856878][T18223] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  392.865748][ T8580] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:43: lblock 1 mapped to illegal pblock 1 (length 1)
[  392.880788][T18170] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  392.882300][T18223] EXT4-fs (loop2): 1 orphan inode deleted
[  392.894988][T18232] netlink: 'syz.5.4889': attribute type 5 has an invalid length.
[  392.903218][T18230] 9pnet: Could not find request transport: o=
[  392.941856][ T8580] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:43: Failed to release dquot type 0
[  392.942768][T18223] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.972655][T18230] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  393.003971][T18237] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4891'.
[  393.075528][T18241] pim6reg1: entered promiscuous mode
[  393.081302][T18241] pim6reg1: entered allmulticast mode
[  393.123614][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.197731][T18247] loop2: detected capacity change from 0 to 512
[  393.214852][T18247] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  393.251715][T18247] EXT4-fs (loop2): 1 truncate cleaned up
[  393.257946][T18247] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.265110][T18251] loop6: detected capacity change from 0 to 512
[  393.287109][T18253] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4899'.
[  393.353380][T18255] loop5: detected capacity change from 0 to 1024
[  393.360360][T18255] EXT4-fs: Ignoring removed nobh option
[  393.369233][   T23] tipc: Node number set to 1
[  393.452264][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.466158][T18255] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.571240][T18251] EXT4-fs: Ignoring removed mblk_io_submit option
[  393.634322][T18251] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  393.668060][T18251] EXT4-fs (loop6): 1 truncate cleaned up
[  393.808196][T18269] 9pnet: Could not find request transport: o=
[  393.870819][T18264] loop2: detected capacity change from 0 to 512
[  393.877739][T18275] netlink: 'syz.0.4904': attribute type 5 has an invalid length.
[  393.878304][T18264] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  393.897688][T18264] EXT4-fs (loop2): 1 truncate cleaned up
[  394.272486][T18292] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18292 comm=syz.6.4911
[  394.285429][T18292] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=18292 comm=syz.6.4911
[  394.361670][T18297] loop2: detected capacity change from 0 to 1024
[  394.369137][T18297] EXT4-fs: Ignoring removed orlov option
[  394.413380][T18297] ext4 filesystem being mounted at /448/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  394.443063][T18281] loop5: detected capacity change from 0 to 512
[  394.450595][T18281] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  394.482846][T18281] EXT4-fs (loop5): 1 truncate cleaned up
[  394.585522][T18297] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: comm syz.2.4914: lblock 0 mapped to illegal pblock 0 (length 1)
[  394.606324][T18297] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  394.619105][T18297] EXT4-fs (loop2): This should not happen!! Data will be lost
[  394.619105][T18297] 
[  394.692197][T18313] loop0: detected capacity change from 0 to 1024
[  394.699294][T18313] EXT4-fs: Ignoring removed nobh option
[  394.756812][ T8580] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: comm kworker/u8:43: lblock 0 mapped to illegal pblock 0 (length 1)
[  394.842508][ T8580] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  394.855199][ T8580] EXT4-fs (loop2): This should not happen!! Data will be lost
[  394.855199][ T8580] 
[  395.090716][T18318] FAULT_INJECTION: forcing a failure.
[  395.090716][T18318] name failslab, interval 1, probability 0, space 0, times 0
[  395.103557][T18318] CPU: 0 UID: 0 PID: 18318 Comm: syz.6.4920 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  395.103614][T18318] Tainted: [W]=WARN
[  395.103620][T18318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  395.103631][T18318] Call Trace:
[  395.103638][T18318]  <TASK>
[  395.103665][T18318]  __dump_stack+0x1d/0x30
[  395.103690][T18318]  dump_stack_lvl+0xe8/0x140
[  395.103759][T18318]  dump_stack+0x15/0x1b
[  395.103780][T18318]  should_fail_ex+0x265/0x280
[  395.103875][T18318]  should_failslab+0x8c/0xb0
[  395.103942][T18318]  kmem_cache_alloc_node_noprof+0x57/0x320
[  395.104049][T18318]  ? __alloc_skb+0x101/0x320
[  395.104070][T18318]  __alloc_skb+0x101/0x320
[  395.104089][T18318]  ? audit_log_start+0x365/0x6c0
[  395.104177][T18318]  audit_log_start+0x380/0x6c0
[  395.104211][T18318]  audit_seccomp+0x48/0x100
[  395.104239][T18318]  ? __seccomp_filter+0x68c/0x10d0
[  395.104263][T18318]  __seccomp_filter+0x69d/0x10d0
[  395.104334][T18318]  ? _raw_spin_unlock+0x26/0x50
[  395.104426][T18318]  __secure_computing+0x82/0x150
[  395.104452][T18318]  syscall_trace_enter+0xcf/0x1e0
[  395.104478][T18318]  do_syscall_64+0xac/0x200
[  395.104585][T18318]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  395.104607][T18318]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  395.104642][T18318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.104668][T18318] RIP: 0033:0x7f486d7aec29
[  395.104684][T18318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.104716][T18318] RSP: 002b:00007f486c20f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[  395.104776][T18318] RAX: ffffffffffffffda RBX: 00007f486d9f5fa0 RCX: 00007f486d7aec29
[  395.104792][T18318] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000007
[  395.104807][T18318] RBP: 00007f486c20f090 R08: 0000000000000046 R09: 0000000000000000
[  395.104820][T18318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.104908][T18318] R13: 00007f486d9f6038 R14: 00007f486d9f5fa0 R15: 00007fffb6305ac8
[  395.104929][T18318]  </TASK>
[  395.322036][   T29] kauditd_printk_skb: 585 callbacks suppressed
[  395.322057][   T29] audit: type=1326 audit(1758346929.924:24736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18317 comm="syz.6.4920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f486d7ad63c code=0x7ffc0000
[  395.352191][   T29] audit: type=1326 audit(1758346929.924:24737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18317 comm="syz.6.4920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f486d7ad6df code=0x7ffc0000
[  395.376045][   T29] audit: type=1326 audit(1758346929.924:24738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18317 comm="syz.6.4920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f486d7ad88a code=0x7ffc0000
[  395.400134][   T29] audit: type=1326 audit(1758346929.924:24739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18317 comm="syz.6.4920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  395.424926][   T29] audit: type=1326 audit(1758346930.154:24740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18317 comm="syz.6.4920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  395.495753][   T29] audit: type=1326 audit(1758346930.314:24741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18279 comm="syz.4.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  395.520183][   T29] audit: type=1326 audit(1758346930.334:24742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18279 comm="syz.4.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  395.546607][   T29] audit: type=1326 audit(1758346930.364:24743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18279 comm="syz.4.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  395.570940][   T29] audit: type=1326 audit(1758346930.364:24744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18279 comm="syz.4.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  395.613652][   T29] audit: type=1326 audit(1758346930.424:24745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18279 comm="syz.4.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  395.618287][T18325] 9pnet: Could not find request transport: o=
[  395.648310][T18323] FAULT_INJECTION: forcing a failure.
[  395.648310][T18323] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.661965][T18323] CPU: 1 UID: 0 PID: 18323 Comm: syz.6.4923 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  395.662002][T18323] Tainted: [W]=WARN
[  395.662062][T18323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  395.662077][T18323] Call Trace:
[  395.662086][T18323]  <TASK>
[  395.662096][T18323]  __dump_stack+0x1d/0x30
[  395.662117][T18323]  dump_stack_lvl+0xe8/0x140
[  395.662155][T18323]  dump_stack+0x15/0x1b
[  395.662177][T18323]  should_fail_ex+0x265/0x280
[  395.662206][T18323]  should_fail+0xb/0x20
[  395.662231][T18323]  should_fail_usercopy+0x1a/0x20
[  395.662262][T18323]  _copy_from_iter+0xd2/0xe80
[  395.662373][T18323]  ? __build_skb_around+0x1a0/0x200
[  395.662520][T18323]  ? __alloc_skb+0x223/0x320
[  395.662687][T18323]  netlink_sendmsg+0x471/0x6b0
[  395.662728][T18323]  ? __pfx_netlink_sendmsg+0x10/0x10
[  395.662756][T18323]  __sock_sendmsg+0x142/0x180
[  395.662785][T18323]  ____sys_sendmsg+0x31e/0x4e0
[  395.662852][T18323]  ___sys_sendmsg+0x17b/0x1d0
[  395.662888][T18323]  __x64_sys_sendmsg+0xd4/0x160
[  395.662954][T18323]  x64_sys_call+0x191e/0x2ff0
[  395.663067][T18323]  do_syscall_64+0xd2/0x200
[  395.663101][T18323]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  395.663131][T18323]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  395.663225][T18323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.663252][T18323] RIP: 0033:0x7f486d7aec29
[  395.663325][T18323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.663343][T18323] RSP: 002b:00007f486c20f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.663402][T18323] RAX: ffffffffffffffda RBX: 00007f486d9f5fa0 RCX: 00007f486d7aec29
[  395.663417][T18323] RDX: 0000000004000c00 RSI: 0000200000000180 RDI: 000000000000000a
[  395.663454][T18323] RBP: 00007f486c20f090 R08: 0000000000000000 R09: 0000000000000000
[  395.663503][T18323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.663519][T18323] R13: 00007f486d9f6038 R14: 00007f486d9f5fa0 R15: 00007fffb6305ac8
[  395.663541][T18323]  </TASK>
[  395.889512][T18325] netlink: 'syz.0.4922': attribute type 5 has an invalid length.
[  395.921692][T18331] loop2: detected capacity change from 0 to 512
[  396.018634][T18331] ext4 filesystem being mounted at /450/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  396.045623][T18325] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  396.280694][T18353] loop6: detected capacity change from 0 to 512
[  396.288039][T18344] loop0: detected capacity change from 0 to 8192
[  396.323760][T18353] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  396.350795][T18353] EXT4-fs (loop6): 1 truncate cleaned up
[  396.544495][T18357] FAULT_INJECTION: forcing a failure.
[  396.544495][T18357] name failslab, interval 1, probability 0, space 0, times 0
[  396.557405][T18357] CPU: 1 UID: 0 PID: 18357 Comm: syz.2.4924 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  396.557444][T18357] Tainted: [W]=WARN
[  396.557451][T18357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  396.557465][T18357] Call Trace:
[  396.557473][T18357]  <TASK>
[  396.557483][T18357]  __dump_stack+0x1d/0x30
[  396.557560][T18357]  dump_stack_lvl+0xe8/0x140
[  396.557584][T18357]  dump_stack+0x15/0x1b
[  396.557603][T18357]  should_fail_ex+0x265/0x280
[  396.557653][T18357]  should_failslab+0x8c/0xb0
[  396.557682][T18357]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  396.557739][T18357]  ? ext4_alloc_inode+0x38/0x310
[  396.557764][T18357]  ? __pfx_ext4_alloc_inode+0x10/0x10
[  396.557805][T18357]  ext4_alloc_inode+0x38/0x310
[  396.557836][T18357]  ? __pfx_ext4_alloc_inode+0x10/0x10
[  396.557859][T18357]  alloc_inode+0x40/0x170
[  396.557885][T18357]  iget_locked+0xf4/0x5c0
[  396.557966][T18357]  __ext4_iget+0x152/0x2240
[  396.558006][T18357]  ? may_create+0x26e/0x2b0
[  396.558040][T18357]  ext4_lookup+0x161/0x390
[  396.558069][T18357]  ? __pfx_ext4_lookup+0x10/0x10
[  396.558091][T18357]  path_openat+0xcf3/0x2170
[  396.558120][T18357]  do_filp_open+0x109/0x230
[  396.558198][T18357]  do_sys_openat2+0xa6/0x110
[  396.558302][T18357]  __x64_sys_openat+0xf2/0x120
[  396.558450][T18357]  x64_sys_call+0x2e9c/0x2ff0
[  396.558473][T18357]  do_syscall_64+0xd2/0x200
[  396.558502][T18357]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  396.558526][T18357]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  396.558619][T18357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.558640][T18357] RIP: 0033:0x7f3107a9ec29
[  396.558656][T18357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.558675][T18357] RSP: 002b:00007f30fe0c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  396.558706][T18357] RAX: ffffffffffffffda RBX: 00007f3107ce6180 RCX: 00007f3107a9ec29
[  396.558722][T18357] RDX: 0000000000181242 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  396.558752][T18357] RBP: 00007f30fe0c5090 R08: 0000000000000000 R09: 0000000000000000
[  396.558764][T18357] R10: 0000000000000148 R11: 0000000000000246 R12: 0000000000000001
[  396.558778][T18357] R13: 00007f3107ce6218 R14: 00007f3107ce6180 R15: 00007ffc53235ec8
[  396.558806][T18357]  </TASK>
[  396.811867][T18344]  loop0: p1 p2 p3 p4
[  396.832067][T18344] loop0: p2 start 151000334 is beyond EOD, truncated
[  396.838937][T18344] loop0: p3 start 331777 is beyond EOD, truncated
[  396.845507][T18344] loop0: p4 size 263168 extends beyond EOD, truncated
[  397.166054][T18370] loop5: detected capacity change from 0 to 512
[  397.219965][T18370] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  397.245459][T18370] EXT4-fs (loop5): 1 truncate cleaned up
[  397.272626][T18378] 9pnet: Could not find request transport: o=
[  397.419629][T18391] pim6reg1: entered promiscuous mode
[  397.425290][T18391] pim6reg1: entered allmulticast mode
[  397.435041][T18378] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  397.619124][T18407] loop0: detected capacity change from 0 to 512
[  397.635964][T18401] loop6: detected capacity change from 0 to 512
[  397.663336][T18407] EXT4-fs: Ignoring removed mblk_io_submit option
[  397.670269][T18407] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  397.681374][T18401] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  397.723671][T18407] EXT4-fs (loop0): 1 truncate cleaned up
[  397.758355][T18401] EXT4-fs (loop6): 1 truncate cleaned up
[  397.907952][T18425] loop5: detected capacity change from 0 to 512
[  397.925338][T18425] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  398.069236][T18425] EXT4-fs (loop5): 1 truncate cleaned up
[  398.077746][T18431] 9pnet: Could not find request transport: o=
[  398.180634][T18433] loop2: detected capacity change from 0 to 1024
[  398.188014][T18433] EXT4-fs: Ignoring removed nobh option
[  398.358914][T18436] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  398.631637][T18442] wireguard2: entered promiscuous mode
[  398.637187][T18442] wireguard2: entered allmulticast mode
[  398.664525][T18447] 9pnet_fd: Insufficient options for proto=fd
[  398.876029][T18463] 9pnet: Could not find request transport: o=
[  398.890916][T18463] netlink: 'syz.0.4972': attribute type 5 has an invalid length.
[  398.905994][T18471] loop2: detected capacity change from 0 to 512
[  398.912829][T18468] pim6reg1: entered promiscuous mode
[  398.918226][T18468] pim6reg1: entered allmulticast mode
[  398.933460][T18472] rdma_rxe: rxe_newlink: failed to add lo
[  398.962818][T18471] EXT4-fs: Ignoring removed mblk_io_submit option
[  399.001457][T18471] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  399.061845][T18471] EXT4-fs (loop2): 1 truncate cleaned up
[  399.111046][T18479] 9pnet_fd: Insufficient options for proto=fd
[  399.230204][T18463] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  399.649973][T18488] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4979'.
[  399.882775][T18494] FAULT_INJECTION: forcing a failure.
[  399.882775][T18494] name failslab, interval 1, probability 0, space 0, times 0
[  399.896467][T18494] CPU: 1 UID: 0 PID: 18494 Comm: syz.2.4982 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  399.896507][T18494] Tainted: [W]=WARN
[  399.896549][T18494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  399.896564][T18494] Call Trace:
[  399.896573][T18494]  <TASK>
[  399.896583][T18494]  __dump_stack+0x1d/0x30
[  399.896609][T18494]  dump_stack_lvl+0xe8/0x140
[  399.896632][T18494]  dump_stack+0x15/0x1b
[  399.896699][T18494]  should_fail_ex+0x265/0x280
[  399.896722][T18494]  should_failslab+0x8c/0xb0
[  399.896748][T18494]  kmem_cache_alloc_node_noprof+0x57/0x320
[  399.896822][T18494]  ? __alloc_skb+0x101/0x320
[  399.896877][T18494]  __alloc_skb+0x101/0x320
[  399.896900][T18494]  netlink_alloc_large_skb+0xba/0xf0
[  399.896923][T18494]  netlink_sendmsg+0x3cf/0x6b0
[  399.897030][T18494]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.897056][T18494]  __sock_sendmsg+0x142/0x180
[  399.897123][T18494]  ____sys_sendmsg+0x31e/0x4e0
[  399.897149][T18494]  ___sys_sendmsg+0x17b/0x1d0
[  399.897257][T18494]  __x64_sys_sendmsg+0xd4/0x160
[  399.897351][T18494]  x64_sys_call+0x191e/0x2ff0
[  399.897371][T18494]  do_syscall_64+0xd2/0x200
[  399.897436][T18494]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  399.897459][T18494]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  399.897512][T18494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.897538][T18494] RIP: 0033:0x7f3107a9ec29
[  399.897557][T18494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.897579][T18494] RSP: 002b:00007f3106507038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  399.897611][T18494] RAX: ffffffffffffffda RBX: 00007f3107ce5fa0 RCX: 00007f3107a9ec29
[  399.897634][T18494] RDX: 0000000000000018 RSI: 0000200000000540 RDI: 0000000000000005
[  399.897647][T18494] RBP: 00007f3106507090 R08: 0000000000000000 R09: 0000000000000000
[  399.897658][T18494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.897677][T18494] R13: 00007f3107ce6038 R14: 00007f3107ce5fa0 R15: 00007ffc53235ec8
[  399.897694][T18494]  </TASK>
[  400.225057][T18486] loop6: detected capacity change from 0 to 512
[  400.242782][T18498] loop2: detected capacity change from 0 to 1024
[  400.253537][T18486] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  400.282326][T18486] EXT4-fs (loop6): 1 truncate cleaned up
[  400.294506][T18498] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  400.333097][   T29] kauditd_printk_skb: 193 callbacks suppressed
[  400.333131][   T29] audit: type=1326 audit(1758346935.154:24939): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.392831][   T29] audit: type=1326 audit(1758346935.194:24940): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.407370][T18508] pim6reg1: entered promiscuous mode
[  400.416992][   T29] audit: type=1326 audit(1758346935.194:24941): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.417027][   T29] audit: type=1326 audit(1758346935.194:24942): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.422580][T18508] pim6reg1: entered allmulticast mode
[  400.446865][   T29] audit: type=1326 audit(1758346935.194:24943): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.446898][   T29] audit: type=1326 audit(1758346935.194:24944): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.554486][   T29] audit: type=1326 audit(1758346935.374:24945): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.579305][   T29] audit: type=1326 audit(1758346935.374:24946): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18485 comm="syz.6.4978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.604003][   T29] audit: type=1400 audit(1758346935.394:24947): avc:  denied  { connect } for  pid=18505 comm="syz.0.4987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  400.696776][   T29] audit: type=1326 audit(1758346935.504:24948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18513 comm="syz.6.4990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  400.724529][T18514] unsupported nla_type 52263
[  400.744502][T18516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4991'.
[  400.784217][T18522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4994'.
[  400.803502][T18524] 9pnet: Could not find request transport: o=
[  400.816548][T18527] loop6: detected capacity change from 0 to 512
[  400.823991][T18524] netlink: 'syz.0.4995': attribute type 5 has an invalid length.
[  400.835683][T18527] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  400.859166][T18529] loop2: detected capacity change from 0 to 1024
[  400.882129][T18527] EXT4-fs (loop6): 1 truncate cleaned up
[  400.888811][T18527] EXT4-fs mount: 31 callbacks suppressed
[  400.888828][T18527] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  400.922549][T18529] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  400.939697][T18527] EXT4-fs error (device loop6): ext4_ext_precache:632: inode #15: comm syz.6.4996: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  400.944622][T18529] ext4 filesystem being mounted at /467/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  400.969709][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.065498][T18524] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  401.075704][T18529] netlink: 'syz.2.4997': attribute type 16 has an invalid length.
[  401.083635][T18529] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4997'.
[  401.132170][ T8564] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm kworker/u8:27: bg 0: block 393: padding at end of block bitmap is not set
[  401.151049][ T8564] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[  401.164007][ T8564] EXT4-fs (loop2): This should not happen!! Data will be lost
[  401.164007][ T8564] 
[  401.179078][T18547] pim6reg1: entered promiscuous mode
[  401.184574][T18547] pim6reg1: entered allmulticast mode
[  401.190280][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.241818][T18555] netlink: 'syz.6.5006': attribute type 10 has an invalid length.
[  401.255072][T18555] team0: Port device dummy0 added
[  401.261778][T18555] FAULT_INJECTION: forcing a failure.
[  401.261778][T18555] name failslab, interval 1, probability 0, space 0, times 0
[  401.274879][T18555] CPU: 1 UID: 0 PID: 18555 Comm: syz.6.5006 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  401.274972][T18555] Tainted: [W]=WARN
[  401.275049][T18555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  401.275060][T18555] Call Trace:
[  401.275067][T18555]  <TASK>
[  401.275074][T18555]  __dump_stack+0x1d/0x30
[  401.275098][T18555]  dump_stack_lvl+0xe8/0x140
[  401.275115][T18555]  dump_stack+0x15/0x1b
[  401.275181][T18555]  should_fail_ex+0x265/0x280
[  401.275206][T18555]  should_failslab+0x8c/0xb0
[  401.275235][T18555]  kmem_cache_alloc_noprof+0x50/0x310
[  401.275265][T18555]  ? skb_clone+0x151/0x1f0
[  401.275372][T18555]  skb_clone+0x151/0x1f0
[  401.275411][T18555]  __netlink_deliver_tap+0x2c9/0x500
[  401.275502][T18555]  netlink_unicast+0x66b/0x690
[  401.275528][T18555]  netlink_sendmsg+0x58b/0x6b0
[  401.275554][T18555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.275623][T18555]  __sock_sendmsg+0x142/0x180
[  401.275663][T18555]  ____sys_sendmsg+0x31e/0x4e0
[  401.275690][T18555]  ___sys_sendmsg+0x17b/0x1d0
[  401.275743][T18555]  __x64_sys_sendmsg+0xd4/0x160
[  401.275794][T18555]  x64_sys_call+0x191e/0x2ff0
[  401.275815][T18555]  do_syscall_64+0xd2/0x200
[  401.275846][T18555]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  401.275875][T18555]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  401.275905][T18555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.275927][T18555] RIP: 0033:0x7f486d7aec29
[  401.275945][T18555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.275964][T18555] RSP: 002b:00007f486c20f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  401.275986][T18555] RAX: ffffffffffffffda RBX: 00007f486d9f5fa0 RCX: 00007f486d7aec29
[  401.276002][T18555] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  401.276015][T18555] RBP: 00007f486c20f090 R08: 0000000000000000 R09: 0000000000000000
[  401.276044][T18555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.276058][T18555] R13: 00007f486d9f6038 R14: 00007f486d9f5fa0 R15: 00007fffb6305ac8
[  401.276090][T18555]  </TASK>
[  401.277559][T18555] netlink: 'syz.6.5006': attribute type 10 has an invalid length.
[  401.288593][T18557] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5007'.
[  401.508456][T18555] team0: Port device dummy0 removed
[  401.525016][T18555] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  401.536980][T18563] loop2: detected capacity change from 0 to 512
[  401.550445][T18563] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  401.569954][T18563] EXT4-fs (loop2): 1 truncate cleaned up
[  401.597647][T18563] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.709922][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.871055][T18578] loop6: detected capacity change from 0 to 1024
[  401.877860][T18578] EXT4-fs: Ignoring removed nobh option
[  402.650427][T18581] loop2: detected capacity change from 0 to 1024
[  402.657538][T18581] EXT4-fs: Ignoring removed nobh option
[  402.734356][T18578] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.750794][T18581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.812616][T18590] wireguard0: entered promiscuous mode
[  402.818311][T18590] wireguard0: entered allmulticast mode
[  402.855971][T18593] loop0: detected capacity change from 0 to 8192
[  402.987597][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.015879][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.069309][T18598] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5021'.
[  403.164790][T18606] loop6: detected capacity change from 0 to 512
[  403.177341][T18606] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  403.201350][T18609] netlink: 'syz.2.5026': attribute type 13 has an invalid length.
[  403.204519][T18606] EXT4-fs (loop6): 1 truncate cleaned up
[  403.247662][T18606] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.286706][T18615] FAULT_INJECTION: forcing a failure.
[  403.286706][T18615] name failslab, interval 1, probability 0, space 0, times 0
[  403.299691][T18615] CPU: 1 UID: 0 PID: 18615 Comm: syz.5.5028 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  403.299731][T18615] Tainted: [W]=WARN
[  403.299739][T18615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  403.299831][T18615] Call Trace:
[  403.299839][T18615]  <TASK>
[  403.299847][T18615]  __dump_stack+0x1d/0x30
[  403.299871][T18615]  dump_stack_lvl+0xe8/0x140
[  403.299954][T18615]  dump_stack+0x15/0x1b
[  403.299973][T18615]  should_fail_ex+0x265/0x280
[  403.300000][T18615]  should_failslab+0x8c/0xb0
[  403.300055][T18615]  kmem_cache_alloc_noprof+0x50/0x310
[  403.300087][T18615]  ? getname_flags+0x80/0x3b0
[  403.300120][T18615]  getname_flags+0x80/0x3b0
[  403.300151][T18615]  do_sys_openat2+0x60/0x110
[  403.300197][T18615]  __x64_sys_openat+0xf2/0x120
[  403.300235][T18615]  x64_sys_call+0x2e9c/0x2ff0
[  403.300259][T18615]  do_syscall_64+0xd2/0x200
[  403.300334][T18615]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  403.300362][T18615]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  403.300416][T18615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.300441][T18615] RIP: 0033:0x7f1ecbacec29
[  403.300459][T18615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.300480][T18615] RSP: 002b:00007f1eca537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  403.300503][T18615] RAX: ffffffffffffffda RBX: 00007f1ecbd15fa0 RCX: 00007f1ecbacec29
[  403.300521][T18615] RDX: 0000000000084d03 RSI: 0000200000000380 RDI: ffffffffffffff9c
[  403.300535][T18615] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 0000000000000000
[  403.300550][T18615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.300564][T18615] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  403.300584][T18615]  </TASK>
[  403.303287][T18609] gretap0: refused to change device tx_queue_len
[  403.472659][T18622] loop5: detected capacity change from 0 to 1024
[  403.473769][T18609] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  403.618120][T18622] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  403.661951][T18622] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.5030: Allocating blocks 385-513 which overlap fs metadata
[  403.709668][T18622] EXT4-fs (loop5): pa ffff888107219a10: logic 16, phys. 129, len 24
[  403.717787][T18622] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  403.777352][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.790661][T18622] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  403.803722][T18622] EXT4-fs (loop5): This should not happen!! Data will be lost
[  403.803722][T18622] 
[  403.813478][T18622] EXT4-fs (loop5): Total free blocks count 0
[  403.819780][T18622] EXT4-fs (loop5): Free/Dirty block details
[  403.825761][T18622] EXT4-fs (loop5): free_blocks=128
[  403.830926][T18622] EXT4-fs (loop5): dirty_blocks=0
[  403.836123][T18622] EXT4-fs (loop5): Block reservation details
[  403.842271][T18622] EXT4-fs (loop5): i_reserved_data_blocks=0
[  403.966741][T18632] wireguard1: entered promiscuous mode
[  403.972326][T18632] wireguard1: entered allmulticast mode
[  404.342471][T18654] loop2: detected capacity change from 0 to 8192
[  404.412644][T18654]  loop2: p1 p2 p3 p4
[  404.421690][T18654] loop2: p2 start 151000334 is beyond EOD, truncated
[  404.428555][T18654] loop2: p3 start 331777 is beyond EOD, truncated
[  404.435393][T18654] loop2: p4 size 263168 extends beyond EOD, truncated
[  404.596315][T18667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5047'.
[  404.677997][T18669] loop0: detected capacity change from 0 to 512
[  404.705212][T18669] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  404.718682][T18669] EXT4-fs (loop0): 1 truncate cleaned up
[  404.727438][T18669] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.898020][T18656] loop6: detected capacity change from 0 to 512
[  404.906910][T18656] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  404.910900][T12767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.937174][T18680] loop2: detected capacity change from 0 to 512
[  404.944008][T18656] EXT4-fs (loop6): 1 truncate cleaned up
[  404.945984][T18680] EXT4-fs: Ignoring removed mblk_io_submit option
[  404.957972][T18656] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.973703][T18656] EXT4-fs error (device loop6): ext4_ext_precache:632: inode #15: comm syz.6.5043: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  404.981015][T18680] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  405.056298][T18685] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5054'.
[  405.086850][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.108959][T18680] EXT4-fs (loop2): 1 truncate cleaned up
[  405.118227][T18680] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  405.153010][T18688] random: crng reseeded on system resumption
[  405.204003][T18694] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5058'.
[  405.274255][T18699] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5060'.
[  405.529672][T18711] loop0: detected capacity change from 0 to 1024
[  405.566079][T18711] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  405.604460][T18711] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.5065: Allocating blocks 385-513 which overlap fs metadata
[  405.626271][T18711] EXT4-fs (loop0): pa ffff888107219a10: logic 16, phys. 129, len 24
[  405.634436][T18711] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  405.646140][T18711] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  405.658989][T18711] EXT4-fs (loop0): This should not happen!! Data will be lost
[  405.658989][T18711] 
[  405.668891][T18711] EXT4-fs (loop0): Total free blocks count 0
[  405.675315][T18711] EXT4-fs (loop0): Free/Dirty block details
[  405.681519][T18711] EXT4-fs (loop0): free_blocks=128
[  405.686737][T18711] EXT4-fs (loop0): dirty_blocks=0
[  405.692235][T18711] EXT4-fs (loop0): Block reservation details
[  405.698661][T18711] EXT4-fs (loop0): i_reserved_data_blocks=0
[  405.743189][   T29] kauditd_printk_skb: 248 callbacks suppressed
[  405.743205][   T29] audit: type=1326 audit(1758346940.564:25197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.774192][   T29] audit: type=1326 audit(1758346940.564:25198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.823044][   T29] audit: type=1326 audit(1758346940.564:25199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.847411][   T29] audit: type=1326 audit(1758346940.564:25200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.871972][   T29] audit: type=1326 audit(1758346940.564:25201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.895807][   T29] audit: type=1326 audit(1758346940.564:25202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.920448][   T29] audit: type=1326 audit(1758346940.564:25203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.944577][   T29] audit: type=1326 audit(1758346940.564:25204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  405.968863][   T29] audit: type=1326 audit(1758346940.614:25205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18717 comm="syz.4.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  406.008863][T18726] FAULT_INJECTION: forcing a failure.
[  406.008863][T18726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.023003][T18726] CPU: 0 UID: 0 PID: 18726 Comm: syz.5.5071 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  406.023039][T18726] Tainted: [W]=WARN
[  406.023047][T18726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  406.023061][T18726] Call Trace:
[  406.023069][T18726]  <TASK>
[  406.023079][T18726]  __dump_stack+0x1d/0x30
[  406.023171][T18726]  dump_stack_lvl+0xe8/0x140
[  406.023193][T18726]  dump_stack+0x15/0x1b
[  406.023213][T18726]  should_fail_ex+0x265/0x280
[  406.023240][T18726]  should_fail+0xb/0x20
[  406.023294][T18726]  should_fail_usercopy+0x1a/0x20
[  406.023367][T18726]  strncpy_from_user+0x25/0x230
[  406.023400][T18726]  ? __rcu_read_unlock+0x4f/0x70
[  406.023437][T18726]  path_removexattrat+0x82/0x570
[  406.023533][T18726]  __x64_sys_fremovexattr+0x35/0x40
[  406.023605][T18726]  x64_sys_call+0x4e0/0x2ff0
[  406.023630][T18726]  do_syscall_64+0xd2/0x200
[  406.023661][T18726]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  406.023688][T18726]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  406.023770][T18726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.023879][T18726] RIP: 0033:0x7f1ecbacec29
[  406.023907][T18726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.023925][T18726] RSP: 002b:00007f1eca537038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c7
[  406.023948][T18726] RAX: ffffffffffffffda RBX: 00007f1ecbd15fa0 RCX: 00007f1ecbacec29
[  406.023960][T18726] RDX: 0000000000000000 RSI: 0000200000001380 RDI: 0000000000000004
[  406.023986][T18726] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 0000000000000000
[  406.024027][T18726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.024042][T18726] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  406.024065][T18726]  </TASK>
[  406.028190][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.095086][T18735] loop5: detected capacity change from 0 to 512
[  406.131127][   T29] audit: type=1400 audit(1758346940.944:25206): avc:  denied  { create } for  pid=18727 comm="syz.4.5073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  406.135797][T18735] EXT4-fs: Ignoring removed mblk_io_submit option
[  406.160333][T18728] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5073'.
[  406.194588][T18735] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  406.303120][T18735] EXT4-fs (loop5): 1 truncate cleaned up
[  406.310431][T18735] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  406.515313][T18750] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5081'.
[  406.803820][T18748] loop0: detected capacity change from 0 to 512
[  406.864111][T18748] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  406.877458][T18748] EXT4-fs (loop0): 1 truncate cleaned up
[  406.884985][T18748] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.902871][T18748] EXT4-fs error (device loop0): ext4_ext_precache:632: inode #15: comm syz.0.5080: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  407.240575][T12767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.376757][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.405964][T18767] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5087'.
[  407.422337][T18769] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5088'.
[  407.536350][T18772] syzkaller1: entered promiscuous mode
[  407.542009][T18772] syzkaller1: entered allmulticast mode
[  407.550515][T18772] netlink: 14 bytes leftover after parsing attributes in process `syz.5.5089'.
[  407.573475][T18786] loop2: detected capacity change from 0 to 512
[  407.580451][T18786] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  407.604648][T18786] EXT4-fs (loop2): 1 truncate cleaned up
[  407.648204][T18786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.685414][T18791] wireguard0: entered promiscuous mode
[  407.691012][T18791] wireguard0: entered allmulticast mode
[  407.723777][T18794] loop0: detected capacity change from 0 to 512
[  407.741006][T18798] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5099'.
[  407.755730][T18794] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.5098: Failed to acquire dquot type 1
[  407.785730][T18794] EXT4-fs (loop0): 1 truncate cleaned up
[  407.792224][T18794] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.805465][T18794] ext4 filesystem being mounted at /458/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  407.843353][T18802] pim6reg1: entered promiscuous mode
[  407.848698][T18802] pim6reg1: entered allmulticast mode
[  407.932024][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.558180][T18825] loop5: detected capacity change from 0 to 512
[  408.574444][T12767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.587106][T18825] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  408.619945][T18825] EXT4-fs (loop5): 1 truncate cleaned up
[  408.626517][T18825] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  408.838715][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.855959][T18836] loop2: detected capacity change from 0 to 512
[  408.885293][T18836] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  408.938463][T18836] EXT4-fs (loop2): 1 truncate cleaned up
[  408.944634][T18836] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.019036][T18829] loop6: detected capacity change from 0 to 512
[  409.027959][T18829] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  409.048965][T18829] EXT4-fs (loop6): 1 truncate cleaned up
[  409.058721][T18829] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.077929][T18856] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=18856 comm=syz.4.5121
[  409.106621][T18856] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5121'.
[  409.148879][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.185511][T18862] wireguard1: entered promiscuous mode
[  409.191097][T18862] wireguard1: entered allmulticast mode
[  409.293291][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.379800][T18873] loop6: detected capacity change from 0 to 512
[  409.387830][T18873] EXT4-fs: Ignoring removed mblk_io_submit option
[  409.395664][T18873] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  409.412216][T18873] EXT4-fs (loop6): 1 truncate cleaned up
[  409.418394][T18873] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  409.573179][T18892] loop5: detected capacity change from 0 to 512
[  409.583374][T18892] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.5134: Failed to acquire dquot type 1
[  409.624546][T18892] EXT4-fs (loop5): 1 truncate cleaned up
[  409.630629][T18892] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.644410][T18892] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  409.791766][T18846] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  410.371189][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.468077][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.621197][T18950] wireguard0: entered promiscuous mode
[  410.621218][T18950] wireguard0: entered allmulticast mode
[  410.784141][T18964] random: crng reseeded on system resumption
[  410.954465][   T29] kauditd_printk_skb: 436 callbacks suppressed
[  410.954482][   T29] audit: type=1326 audit(1758346945.774:25639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.954779][   T29] audit: type=1326 audit(1758346945.774:25640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.954890][   T29] audit: type=1326 audit(1758346945.774:25641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.961484][   T29] audit: type=1326 audit(1758346945.774:25642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.961772][   T29] audit: type=1326 audit(1758346945.784:25643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.961988][   T29] audit: type=1326 audit(1758346945.784:25644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.964022][   T29] audit: type=1326 audit(1758346945.784:25645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.964286][   T29] audit: type=1326 audit(1758346945.784:25646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18983 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3107ad14e5 code=0x7ffc0000
[  410.965357][   T29] audit: type=1326 audit(1758346945.784:25647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  410.965417][   T29] audit: type=1326 audit(1758346945.784:25648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18981 comm="syz.2.5174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  411.265005][T18987] pim6reg1: entered promiscuous mode
[  411.270358][T18987] pim6reg1: entered allmulticast mode
[  411.394295][T18993] loop6: detected capacity change from 0 to 512
[  411.401354][T18993] EXT4-fs: Ignoring removed mblk_io_submit option
[  411.410017][T18993] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  411.422902][T18993] EXT4-fs (loop6): 1 truncate cleaned up
[  411.429235][T18993] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  411.452468][T18996] rdma_rxe: rxe_newlink: failed to add lo
[  411.802793][T19011] loop5: detected capacity change from 0 to 2048
[  411.869912][T19011] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  411.901729][T19011] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  411.986914][T19017] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5186: bg 0: block 345: padding at end of block bitmap is not set
[  412.011740][T19017] EXT4-fs (loop5): Remounting filesystem read-only
[  412.018553][ T8582] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  412.144311][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.437872][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.524654][T19048] random: crng reseeded on system resumption
[  412.602764][T19064] loop6: detected capacity change from 0 to 512
[  412.610896][T19064] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  412.628270][T19064] EXT4-fs (loop6): 1 truncate cleaned up
[  412.634449][T19064] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  412.780356][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.177264][T19084] __nla_validate_parse: 1 callbacks suppressed
[  413.177283][T19084] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5210'.
[  413.253082][T19089] loop6: detected capacity change from 0 to 512
[  413.254868][T19089] EXT4-fs (loop6): orphan cleanup on readonly fs
[  413.268889][T19089] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.5215: iget: bad extended attribute block 1
[  413.272320][T19082] random: crng reseeded on system resumption
[  413.284470][T19089] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.5215: couldn't read orphan inode 15 (err -117)
[  413.301285][T19089] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  413.431230][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.168388][T19115] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5226'.
[  414.240892][T19117] random: crng reseeded on system resumption
[  414.315361][T19123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5230'.
[  414.492816][T19133] loop5: detected capacity change from 0 to 1024
[  414.499935][T19133] EXT4-fs: Ignoring removed nobh option
[  414.713334][T19138] pim6reg1: entered promiscuous mode
[  414.718717][T19138] pim6reg1: entered allmulticast mode
[  414.882252][T19133] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  414.930407][T19146] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5238'.
[  415.154272][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.173994][T19171] pim6reg1: entered promiscuous mode
[  415.179435][T19171] pim6reg1: entered allmulticast mode
[  415.231980][T19180] wireguard1: entered promiscuous mode
[  415.237627][T19180] wireguard1: entered allmulticast mode
[  415.341690][T19196] wireguard2: entered promiscuous mode
[  415.347560][T19196] wireguard2: entered allmulticast mode
[  415.413085][T19211] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5266'.
[  415.421851][T19213] pim6reg1: entered promiscuous mode
[  415.428080][T19213] pim6reg1: entered allmulticast mode
[  415.541883][T19225] sch_fq: defrate 8 ignored.
[  415.562209][T19225] loop5: detected capacity change from 0 to 512
[  415.577068][T19225] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5273: bg 0: block 393: padding at end of block bitmap is not set
[  415.591992][T19225] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  415.601680][T19225] EXT4-fs (loop5): 2 truncates cleaned up
[  415.608176][T19225] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  415.667475][T19239] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5279'.
[  415.703003][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.744018][T19243] random: crng reseeded on system resumption
[  415.782599][T19249] loop2: detected capacity change from 0 to 512
[  415.789634][T19249] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  415.800695][T19249] EXT4-fs (loop2): 1 truncate cleaned up
[  415.808139][T19249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  415.920052][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  416.022901][T19270] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5292'.
[  416.041163][   T29] kauditd_printk_skb: 622 callbacks suppressed
[  416.041181][   T29] audit: type=1326 audit(1758346950.854:26271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.0.5285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f1771aaec29 code=0x7ffc0000
[  416.052708][   T29] audit: type=1326 audit(1758346950.874:26272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19253 comm="syz.0.5285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1771aaec29 code=0x7ffc0000
[  416.099604][   T29] audit: type=1326 audit(1758346950.874:26273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19253 comm="syz.0.5285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1771aaec29 code=0x7ffc0000
[  416.132456][T19275] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19275 comm=syz.2.5291
[  416.162990][T19267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5291'.
[  416.190837][T19281] FAULT_INJECTION: forcing a failure.
[  416.190837][T19281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.190907][T19281] CPU: 0 UID: 0 PID: 19281 Comm: syz.2.5296 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  416.190952][T19281] Tainted: [W]=WARN
[  416.190959][T19281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  416.190971][T19281] Call Trace:
[  416.190977][T19281]  <TASK>
[  416.190985][T19281]  __dump_stack+0x1d/0x30
[  416.191008][T19281]  dump_stack_lvl+0xe8/0x140
[  416.191028][T19281]  dump_stack+0x15/0x1b
[  416.191068][T19281]  should_fail_ex+0x265/0x280
[  416.191099][T19281]  should_fail+0xb/0x20
[  416.191125][T19281]  should_fail_usercopy+0x1a/0x20
[  416.191217][T19281]  _copy_from_user+0x1c/0xb0
[  416.191248][T19281]  ___sys_sendmsg+0xc1/0x1d0
[  416.191298][T19281]  __sys_sendmmsg+0x178/0x300
[  416.191355][T19281]  __x64_sys_sendmmsg+0x57/0x70
[  416.191396][T19281]  x64_sys_call+0x1c4a/0x2ff0
[  416.191468][T19281]  do_syscall_64+0xd2/0x200
[  416.191476][   T29] audit: type=1400 audit(1758346951.014:26274): avc:  denied  { create } for  pid=19279 comm="syz.2.5296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  416.191503][T19281]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  416.191509][   T29] audit: type=1400 audit(1758346951.014:26275): avc:  denied  { bind } for  pid=19279 comm="syz.2.5296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  416.191535][T19281]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  416.191564][T19281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.191537][   T29] audit: type=1400 audit(1758346951.014:26276): avc:  denied  { listen } for  pid=19279 comm="syz.2.5296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  416.191624][T19281] RIP: 0033:0x7f3107a9ec29
[  416.191631][   T29] audit: type=1400 audit(1758346951.014:26277): avc:  denied  { connect } for  pid=19279 comm="syz.2.5296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  416.191696][T19281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.191726][   T29] audit: type=1400 audit(1758346951.014:26278): avc:  denied  { write } for  pid=19279 comm="syz.2.5296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  416.191787][T19281] RSP: 002b:00007f3106507038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  416.191871][T19281] RAX: ffffffffffffffda RBX: 00007f3107ce5fa0 RCX: 00007f3107a9ec29
[  416.191875][   T29] audit: type=1400 audit(1758346951.014:26279): avc:  denied  { setopt } for  pid=19279 comm="syz.2.5296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  416.191888][T19281] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000005
[  416.191903][T19281] RBP: 00007f3106507090 R08: 0000000000000000 R09: 0000000000000000
[  416.191916][T19281] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000001
[  416.191928][T19281] R13: 00007f3107ce6038 R14: 00007f3107ce5fa0 R15: 00007ffc53235ec8
[  416.191950][T19281]  </TASK>
[  416.650739][   T29] audit: type=1326 audit(1758346951.454:26280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19298 comm="syz.2.5303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  416.773648][T19297] random: crng reseeded on system resumption
[  416.880980][T19312] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5310'.
[  417.410039][T19335] loop5: detected capacity change from 0 to 1024
[  417.417356][T19335] EXT4-fs: Ignoring removed nobh option
[  417.569613][T19335] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.875206][T19347] wireguard2: entered promiscuous mode
[  417.880715][T19347] wireguard2: entered allmulticast mode
[  418.076193][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.158574][T19326] loop2: detected capacity change from 0 to 512
[  418.167563][T19326] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  418.180938][T19326] EXT4-fs (loop2): 1 truncate cleaned up
[  418.199129][T19326] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  418.300076][T19369] FAULT_INJECTION: forcing a failure.
[  418.300076][T19369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.313329][T19369] CPU: 1 UID: 0 PID: 19369 Comm: syz.5.5332 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  418.313433][T19369] Tainted: [W]=WARN
[  418.313441][T19369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  418.313455][T19369] Call Trace:
[  418.313471][T19369]  <TASK>
[  418.313482][T19369]  __dump_stack+0x1d/0x30
[  418.313504][T19369]  dump_stack_lvl+0xe8/0x140
[  418.313526][T19369]  dump_stack+0x15/0x1b
[  418.313601][T19369]  should_fail_ex+0x265/0x280
[  418.313625][T19369]  should_fail+0xb/0x20
[  418.313645][T19369]  should_fail_usercopy+0x1a/0x20
[  418.313676][T19369]  _copy_from_user+0x1c/0xb0
[  418.313734][T19369]  proc_submiturb+0x43/0xa0
[  418.313772][T19369]  usbdev_ioctl+0xcc2/0x1710
[  418.313801][T19369]  ? __pfx_usbdev_ioctl+0x10/0x10
[  418.313839][T19369]  __se_sys_ioctl+0xce/0x140
[  418.313930][T19369]  __x64_sys_ioctl+0x43/0x50
[  418.313949][T19369]  x64_sys_call+0x1816/0x2ff0
[  418.314115][T19369]  do_syscall_64+0xd2/0x200
[  418.314152][T19369]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  418.314182][T19369]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  418.314294][T19369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.314316][T19369] RIP: 0033:0x7f1ecbacec29
[  418.314332][T19369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.314354][T19369] RSP: 002b:00007f1eca537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  418.314404][T19369] RAX: ffffffffffffffda RBX: 00007f1ecbd15fa0 RCX: 00007f1ecbacec29
[  418.314417][T19369] RDX: 0000200000000400 RSI: 000000008038550a RDI: 0000000000000005
[  418.314429][T19369] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 0000000000000000
[  418.314440][T19369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.314452][T19369] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  418.314470][T19369]  </TASK>
[  418.661950][T19375] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5335'.
[  418.716937][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.756353][T19379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5338'.
[  419.028406][T19394] loop6: detected capacity change from 0 to 1024
[  419.043703][T19394] SELinux: security_context_str_to_sid (syst) failed with errno=-22
[  419.068304][T19394] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5344'.
[  419.148464][T19398] rdma_rxe: rxe_newlink: failed to add lo
[  419.355509][T19401] lo speed is unknown, defaulting to 1000
[  419.412998][T19401] lo speed is unknown, defaulting to 1000
[  419.801305][T19407] loop2: detected capacity change from 0 to 128
[  419.865951][T19409] random: crng reseeded on system resumption
[  420.207179][T19413] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.281668][T19407] FAULT_INJECTION: forcing a failure.
[  420.281668][T19407] name failslab, interval 1, probability 0, space 0, times 0
[  420.295025][T19407] CPU: 1 UID: 0 PID: 19407 Comm: syz.2.5348 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  420.295062][T19407] Tainted: [W]=WARN
[  420.295071][T19407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  420.295162][T19407] Call Trace:
[  420.295170][T19407]  <TASK>
[  420.295180][T19407]  __dump_stack+0x1d/0x30
[  420.295204][T19407]  dump_stack_lvl+0xe8/0x140
[  420.295291][T19407]  dump_stack+0x15/0x1b
[  420.295318][T19407]  should_fail_ex+0x265/0x280
[  420.295347][T19407]  should_failslab+0x8c/0xb0
[  420.295407][T19407]  __kmalloc_noprof+0xa5/0x3e0
[  420.295439][T19407]  ? alloc_pipe_info+0x1c9/0x350
[  420.295539][T19407]  alloc_pipe_info+0x1c9/0x350
[  420.295568][T19407]  splice_direct_to_actor+0x592/0x680
[  420.295592][T19407]  ? kstrtouint_from_user+0x9f/0xf0
[  420.295645][T19407]  ? __pfx_direct_splice_actor+0x10/0x10
[  420.295665][T19407]  ? htab_map_hash+0x15f/0x1d0
[  420.295698][T19407]  ? avc_policy_seqno+0x15/0x30
[  420.295726][T19407]  ? selinux_file_permission+0x1e4/0x320
[  420.295752][T19407]  do_splice_direct+0xda/0x150
[  420.295840][T19407]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  420.295909][T19407]  do_sendfile+0x380/0x650
[  420.295941][T19407]  __x64_sys_sendfile64+0x105/0x150
[  420.296002][T19407]  x64_sys_call+0x2bb0/0x2ff0
[  420.296027][T19407]  do_syscall_64+0xd2/0x200
[  420.296064][T19407]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  420.296092][T19407]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  420.296341][T19407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.296362][T19407] RIP: 0033:0x7f3107a9ec29
[  420.296443][T19407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.296509][T19407] RSP: 002b:00007f3106507038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  420.296534][T19407] RAX: ffffffffffffffda RBX: 00007f3107ce5fa0 RCX: 00007f3107a9ec29
[  420.296549][T19407] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  420.296564][T19407] RBP: 00007f3106507090 R08: 0000000000000000 R09: 0000000000000000
[  420.296579][T19407] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001
[  420.296593][T19407] R13: 00007f3107ce6038 R14: 00007f3107ce5fa0 R15: 00007ffc53235ec8
[  420.296681][T19407]  </TASK>
[  420.689870][T19413] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.703992][T19422] loop2: detected capacity change from 0 to 8192
[  420.790804][T19413] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.850373][T19422] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.904580][T19433] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5357'.
[  420.919945][T19413] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.983095][T19437] wireguard2: entered promiscuous mode
[  420.988835][T19437] wireguard2: entered allmulticast mode
[  421.005253][T19422] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  421.035739][ T8582] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  421.048481][ T8582] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  421.062127][ T8582] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  421.073572][ T8582] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  421.083493][T19422] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  421.143815][T19422] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  421.169971][T19445] loop6: detected capacity change from 0 to 512
[  421.177283][T19445] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  421.190849][T19445] EXT4-fs (loop6): 1 truncate cleaned up
[  421.198475][T19445] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  421.213777][   T29] kauditd_printk_skb: 260 callbacks suppressed
[  421.213796][   T29] audit: type=1326 audit(1758346956.024:26541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.244153][   T29] audit: type=1326 audit(1758346956.024:26542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.269088][   T29] audit: type=1326 audit(1758346956.024:26543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.276210][T19445] EXT4-fs error (device loop6): ext4_ext_precache:632: inode #15: comm syz.6.5361: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  421.293248][   T29] audit: type=1326 audit(1758346956.024:26544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.335305][   T29] audit: type=1326 audit(1758346956.024:26545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.359072][   T29] audit: type=1326 audit(1758346956.024:26546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.383258][   T29] audit: type=1326 audit(1758346956.024:26547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.407139][   T29] audit: type=1326 audit(1758346956.024:26548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.431110][   T29] audit: type=1326 audit(1758346956.024:26549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.455116][   T29] audit: type=1326 audit(1758346956.024:26550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19448 comm="syz.4.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  421.482337][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.504398][ T8582] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  421.523247][ T8582] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  421.539768][T19458] loop5: detected capacity change from 0 to 512
[  421.547048][T19458] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  421.559918][T19458] EXT4-fs (loop5): 1 truncate cleaned up
[  421.566106][T19458] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  421.567207][ T8582] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  421.589027][T19458] EXT4-fs error (device loop5): ext4_ext_precache:632: inode #15: comm syz.5.5367: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  421.622668][ T8582] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  421.660004][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.681668][T19473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5373'.
[  421.719717][T19471] loop2: detected capacity change from 0 to 8192
[  421.767596][T19481] FAULT_INJECTION: forcing a failure.
[  421.767596][T19481] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.781425][T19481] CPU: 1 UID: 0 PID: 19481 Comm: syz.5.5375 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  421.781547][T19481] Tainted: [W]=WARN
[  421.781554][T19481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  421.781566][T19481] Call Trace:
[  421.781573][T19481]  <TASK>
[  421.781581][T19481]  __dump_stack+0x1d/0x30
[  421.781603][T19481]  dump_stack_lvl+0xe8/0x140
[  421.781627][T19481]  dump_stack+0x15/0x1b
[  421.781685][T19481]  should_fail_ex+0x265/0x280
[  421.781714][T19481]  should_fail+0xb/0x20
[  421.781738][T19481]  should_fail_usercopy+0x1a/0x20
[  421.781767][T19481]  _copy_from_user+0x1c/0xb0
[  421.781797][T19481]  ___sys_sendmsg+0xc1/0x1d0
[  421.781843][T19481]  __x64_sys_sendmsg+0xd4/0x160
[  421.781874][T19481]  x64_sys_call+0x191e/0x2ff0
[  421.781897][T19481]  do_syscall_64+0xd2/0x200
[  421.781931][T19481]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  421.781960][T19481]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  421.782025][T19481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.782048][T19481] RIP: 0033:0x7f1ecbacec29
[  421.782066][T19481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.782085][T19481] RSP: 002b:00007f1eca537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  421.782108][T19481] RAX: ffffffffffffffda RBX: 00007f1ecbd15fa0 RCX: 00007f1ecbacec29
[  421.782170][T19481] RDX: 0000000000000044 RSI: 00002000000007c0 RDI: 0000000000000004
[  421.782185][T19481] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 0000000000000000
[  421.782200][T19481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.782213][T19481] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  421.782234][T19481]  </TASK>
[  421.783083][T19481] sd 0:0:1:0: device reset
[  421.971126][T19471] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  421.990410][T19485] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5378'.
[  422.033793][T19471] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.153622][T19471] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.165903][T19507] loop5: detected capacity change from 0 to 512
[  422.173734][T19507] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  422.185250][T19507] EXT4-fs (loop5): 1 truncate cleaned up
[  422.202441][T19507] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  422.274017][T19471] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.325618][T19507] EXT4-fs error (device loop5): ext4_ext_precache:632: inode #15: comm syz.5.5384: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  422.387724][T19518] 9pnet_fd: Insufficient options for proto=fd
[  422.468522][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.684762][T19533] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5397'.
[  422.749527][T19537] pim6reg1: entered promiscuous mode
[  422.755250][T19537] pim6reg1: entered allmulticast mode
[  422.972887][T19531] loop5: detected capacity change from 0 to 512
[  422.980237][T19531] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  422.996918][T19531] EXT4-fs (loop5): 1 truncate cleaned up
[  423.024728][T19555] loop6: detected capacity change from 0 to 1024
[  423.053689][T19555] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.5406: Allocating blocks 385-513 which overlap fs metadata
[  423.054760][T19557] lo speed is unknown, defaulting to 1000
[  423.088758][T19555] EXT4-fs (loop6): pa ffff88810723f7e0: logic 16, phys. 129, len 24
[  423.096850][T19555] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  423.103254][T19557] lo speed is unknown, defaulting to 1000
[  423.127515][T19555] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  423.140825][T19555] EXT4-fs (loop6): This should not happen!! Data will be lost
[  423.140825][T19555] 
[  423.150987][T19555] EXT4-fs (loop6): Total free blocks count 0
[  423.157223][T19555] EXT4-fs (loop6): Free/Dirty block details
[  423.163751][T19555] EXT4-fs (loop6): free_blocks=128
[  423.168894][T19555] EXT4-fs (loop6): dirty_blocks=0
[  423.174414][T19555] EXT4-fs (loop6): Block reservation details
[  423.180420][T19555] EXT4-fs (loop6): i_reserved_data_blocks=0
[  423.244781][T19564] $Hÿ: renamed from bond0 (while UP)
[  423.263485][T19564] $Hÿ: entered promiscuous mode
[  423.268564][T19564] bond_slave_0: entered promiscuous mode
[  423.274444][T19564] bond_slave_1: entered promiscuous mode
[  423.299344][T19564] dummy0: entered promiscuous mode
[  424.787993][T19596] rdma_rxe: rxe_newlink: failed to add lo
[  425.110540][T19614] loop6: detected capacity change from 0 to 1024
[  425.117649][T19614] EXT4-fs: Ignoring removed nobh option
[  425.392458][T19618] FAULT_INJECTION: forcing a failure.
[  425.392458][T19618] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.405708][T19618] CPU: 1 UID: 0 PID: 19618 Comm: syz.5.5429 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  425.405744][T19618] Tainted: [W]=WARN
[  425.405751][T19618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  425.405762][T19618] Call Trace:
[  425.405768][T19618]  <TASK>
[  425.405776][T19618]  __dump_stack+0x1d/0x30
[  425.405801][T19618]  dump_stack_lvl+0xe8/0x140
[  425.405867][T19618]  dump_stack+0x15/0x1b
[  425.405882][T19618]  should_fail_ex+0x265/0x280
[  425.405909][T19618]  should_fail+0xb/0x20
[  425.405946][T19618]  should_fail_usercopy+0x1a/0x20
[  425.406012][T19618]  strncpy_from_user+0x25/0x230
[  425.406105][T19618]  ? kstrtouint+0x76/0xc0
[  425.406130][T19618]  strncpy_from_user_nofault+0x68/0xf0
[  425.406156][T19618]  bpf_probe_read_compat_str+0xb4/0x130
[  425.406189][T19618]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  425.406214][T19618]  bpf_trace_run4+0x114/0x1d0
[  425.406244][T19618]  __traceiter_sched_switch+0x3f/0x60
[  425.406273][T19618]  __schedule+0xa17/0xb30
[  425.406354][T19618]  schedule+0x5f/0xd0
[  425.406373][T19618]  exit_to_user_mode_loop+0x51/0x100
[  425.406394][T19618]  do_syscall_64+0x1d6/0x200
[  425.406475][T19618]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  425.406503][T19618]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  425.406533][T19618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.406553][T19618] RIP: 0033:0x7f1ecbacd6df
[  425.406632][T19618] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  425.406649][T19618] RSP: 002b:00007f1eca537030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  425.406680][T19618] RAX: 0000000000000001 RBX: 0000000000000005 RCX: 00007f1ecbacd6df
[  425.406741][T19618] RDX: 0000000000000001 RSI: 00007f1eca537090 RDI: 0000000000000005
[  425.406753][T19618] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 00007f1eca536df7
[  425.406765][T19618] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  425.406777][T19618] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  425.406794][T19618]  </TASK>
[  426.158996][T19646] loop6: detected capacity change from 0 to 1024
[  426.176384][T19646] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.5442: Allocating blocks 385-513 which overlap fs metadata
[  426.194024][T19646] EXT4-fs (loop6): pa ffff88810723f000: logic 16, phys. 129, len 24
[  426.202106][T19646] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  426.224550][T19646] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  426.237349][T19646] EXT4-fs (loop6): This should not happen!! Data will be lost
[  426.237349][T19646] 
[  426.247205][T19646] EXT4-fs (loop6): Total free blocks count 0
[  426.253401][T19646] EXT4-fs (loop6): Free/Dirty block details
[  426.259327][T19646] EXT4-fs (loop6): free_blocks=128
[  426.264661][T19646] EXT4-fs (loop6): dirty_blocks=0
[  426.269947][T19646] EXT4-fs (loop6): Block reservation details
[  426.276192][T19646] EXT4-fs (loop6): i_reserved_data_blocks=0
[  426.347540][T19657] loop6: detected capacity change from 0 to 128
[  426.399002][   T29] kauditd_printk_skb: 517 callbacks suppressed
[  426.399023][   T29] audit: type=1326 audit(1758346961.214:27068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.429593][   T29] audit: type=1326 audit(1758346961.214:27069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.453533][   T29] audit: type=1326 audit(1758346961.214:27070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.477577][   T29] audit: type=1326 audit(1758346961.214:27071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.501496][   T29] audit: type=1326 audit(1758346961.214:27072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.525525][   T29] audit: type=1326 audit(1758346961.214:27073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.549099][   T29] audit: type=1326 audit(1758346961.214:27074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.572995][   T29] audit: type=1326 audit(1758346961.214:27075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.596885][   T29] audit: type=1326 audit(1758346961.214:27076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.620687][   T29] audit: type=1326 audit(1758346961.214:27077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19658 comm="syz.6.5448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f486d7aec29 code=0x7ffc0000
[  426.955272][ T8550] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  426.971547][ T8568] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  426.996462][ T8568] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  427.020568][ T8568] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  427.046555][T19677] wireguard0: entered promiscuous mode
[  427.052238][T19677] wireguard0: entered allmulticast mode
[  427.187195][T19687] loop2: detected capacity change from 0 to 512
[  427.216132][T19687] EXT4-fs: Ignoring removed mblk_io_submit option
[  427.223018][T19687] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  427.238391][T19687] EXT4-fs (loop2): 1 truncate cleaned up
[  427.246272][T19695] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5459'.
[  427.396314][T19708] loop6: detected capacity change from 0 to 512
[  427.405051][T19708] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  427.426423][T19708] EXT4-fs (loop6): 1 truncate cleaned up
[  428.070755][T19722] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5471'.
[  428.939292][T19729] loop5: detected capacity change from 0 to 512
[  428.957161][T19729] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  429.022629][T19729] EXT4-fs (loop5): 1 truncate cleaned up
[  429.061816][T19729] EXT4-fs error (device loop5): ext4_ext_precache:632: inode #15: comm syz.5.5476: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  429.207667][T19770] wireguard1: entered promiscuous mode
[  429.213392][T19770] wireguard1: entered allmulticast mode
[  429.383164][T19779] loop6: detected capacity change from 0 to 1024
[  429.390041][T19779] EXT4-fs: Ignoring removed nobh option
[  429.765119][T19784] loop2: detected capacity change from 0 to 512
[  429.773512][T19784] EXT4-fs (loop2): orphan cleanup on readonly fs
[  429.791650][T19784] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.5495: bad orphan inode 13
[  429.841246][T19784] ext4_test_bit(bit=12, block=18) = 1
[  429.846812][T19784] is_bad_inode(inode)=0
[  429.850998][T19784] NEXT_ORPHAN(inode)=2130706432
[  429.855961][T19784] max_ino=32
[  429.859165][T19784] i_nlink=1
[  429.891209][T19784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5495'.
[  429.939629][T19784] hsr_slave_1 (unregistering): left promiscuous mode
[  430.264573][T19812] random: crng reseeded on system resumption
[  430.682312][T19824] loop2: detected capacity change from 0 to 512
[  430.687255][T19824] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  430.712550][T19824] EXT4-fs (loop2): 1 truncate cleaned up
[  430.720049][T19824] EXT4-fs error (device loop2): ext4_ext_precache:632: inode #15: comm syz.2.5510: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  430.908689][T19792] syz.4.5498 (19792) used greatest stack depth: 6120 bytes left
[  431.024161][T19841] random: crng reseeded on system resumption
[  431.054397][T19843] loop5: detected capacity change from 0 to 512
[  431.061406][T19843] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  431.081720][T19843] EXT4-fs (loop5): 1 truncate cleaned up
[  431.088081][T19843] EXT4-fs mount: 20 callbacks suppressed
[  431.088100][T19843] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  431.150918][T19849] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5520'.
[  431.358959][T19856] loop6: detected capacity change from 0 to 512
[  431.392500][T19856] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  431.412376][T19862] loop2: detected capacity change from 0 to 1024
[  431.451517][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.473119][T19856] EXT4-fs (loop6): 1 truncate cleaned up
[  431.479171][T19856] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  431.503195][T19862] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  431.536583][T19856] EXT4-fs error (device loop6): ext4_ext_precache:632: inode #15: comm syz.6.5523: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  431.564907][T19862] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.5526: Allocating blocks 385-513 which overlap fs metadata
[  431.623313][T10766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.659579][T19862] EXT4-fs (loop2): pa ffff8881072199a0: logic 16, phys. 129, len 24
[  431.668061][T19862] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  431.732501][   T29] kauditd_printk_skb: 277 callbacks suppressed
[  431.732521][   T29] audit: type=1326 audit(1758346966.554:27355): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  431.792669][T19862] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  431.805022][T19862] EXT4-fs (loop2): This should not happen!! Data will be lost
[  431.805022][T19862] 
[  431.814729][T19862] EXT4-fs (loop2): Total free blocks count 0
[  431.821153][T19862] EXT4-fs (loop2): Free/Dirty block details
[  431.827217][T19862] EXT4-fs (loop2): free_blocks=128
[  431.832484][T19862] EXT4-fs (loop2): dirty_blocks=0
[  431.837535][T19862] EXT4-fs (loop2): Block reservation details
[  431.843714][T19862] EXT4-fs (loop2): i_reserved_data_blocks=0
[  431.852653][T19865] rdma_rxe: rxe_newlink: failed to add lo
[  431.902298][   T29] audit: type=1326 audit(1758346966.584:27356): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  431.926777][   T29] audit: type=1326 audit(1758346966.584:27357): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  431.951233][   T29] audit: type=1326 audit(1758346966.584:27358): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  431.975442][   T29] audit: type=1326 audit(1758346966.584:27359): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0e82faec63 code=0x7ffc0000
[  431.999756][   T29] audit: type=1326 audit(1758346966.584:27360): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0e82fad6df code=0x7ffc0000
[  432.024390][   T29] audit: type=1326 audit(1758346966.584:27361): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0e82faecb7 code=0x7ffc0000
[  432.048655][   T29] audit: type=1326 audit(1758346966.584:27362): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0e82fad590 code=0x7ffc0000
[  432.073173][   T29] audit: type=1326 audit(1758346966.584:27363): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0e82fad88a code=0x7ffc0000
[  432.075245][T19881] smc: net device bond0 applied user defined pnetid SYZ0
[  432.097372][   T29] audit: type=1326 audit(1758346966.584:27364): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19835 comm="syz.4.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82faec29 code=0x7ffc0000
[  432.148814][T19881] FAULT_INJECTION: forcing a failure.
[  432.148814][T19881] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.162119][T19881] CPU: 0 UID: 0 PID: 19881 Comm: syz.5.5531 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  432.162234][T19881] Tainted: [W]=WARN
[  432.162242][T19881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  432.162257][T19881] Call Trace:
[  432.162265][T19881]  <TASK>
[  432.162273][T19881]  __dump_stack+0x1d/0x30
[  432.162354][T19881]  dump_stack_lvl+0xe8/0x140
[  432.162376][T19881]  dump_stack+0x15/0x1b
[  432.162423][T19881]  should_fail_ex+0x265/0x280
[  432.162452][T19881]  should_fail+0xb/0x20
[  432.162496][T19881]  should_fail_usercopy+0x1a/0x20
[  432.162525][T19881]  _copy_from_user+0x1c/0xb0
[  432.162616][T19881]  ___sys_sendmsg+0xc1/0x1d0
[  432.162660][T19881]  __x64_sys_sendmsg+0xd4/0x160
[  432.162690][T19881]  x64_sys_call+0x191e/0x2ff0
[  432.162777][T19881]  do_syscall_64+0xd2/0x200
[  432.162813][T19881]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  432.162842][T19881]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  432.162881][T19881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.162912][T19881] RIP: 0033:0x7f1ecbacec29
[  432.162963][T19881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.162983][T19881] RSP: 002b:00007f1eca537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  432.163006][T19881] RAX: ffffffffffffffda RBX: 00007f1ecbd15fa0 RCX: 00007f1ecbacec29
[  432.163022][T19881] RDX: 0000000000004084 RSI: 0000200000000080 RDI: 0000000000000008
[  432.163037][T19881] RBP: 00007f1eca537090 R08: 0000000000000000 R09: 0000000000000000
[  432.163049][T19881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.163061][T19881] R13: 00007f1ecbd16038 R14: 00007f1ecbd15fa0 R15: 00007ffc055bea48
[  432.163137][T19881]  </TASK>
[  432.394231][T19874] lo speed is unknown, defaulting to 1000
[  432.477703][T19874] lo speed is unknown, defaulting to 1000
[  432.547561][T19898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5537'.
[  432.567888][ T8575] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.636721][ T8575] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.678006][ T8575] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.761163][ T8575] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.785376][T19874] chnl_net:caif_netlink_parms(): no params data found
[  432.857036][T19914] loop2: detected capacity change from 0 to 1024
[  432.907493][T19914] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  432.925260][T19914] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.5542: Allocating blocks 385-513 which overlap fs metadata
[  432.925428][T19874] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.946268][T19874] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.954157][T19874] bridge_slave_0: entered allmulticast mode
[  432.961019][T19874] bridge_slave_0: entered promiscuous mode
[  432.967858][ T8575] bridge_slave_1: left allmulticast mode
[  432.967851][T19914] EXT4-fs (loop2): pa ffff88810723f070: logic 16, phys. 129, len 24
[  432.967891][T19914] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, 
[  432.973547][ T8575] bridge_slave_1: left promiscuous mode
[  432.973710][ T8575] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.981747][T19914] free 0, pa_free 8
[  433.007252][T19890] loop5: detected capacity change from 0 to 512
[  433.014543][ T8575] bridge_slave_0: left allmulticast mode
[  433.020389][ T8575] bridge_slave_0: left promiscuous mode
[  433.020847][T19914] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28
[  433.026195][ T8575] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.038388][T19914] EXT4-fs (loop2): This should not happen!! Data will be lost
[  433.038388][T19914] 
[  433.054712][T19890] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  433.055293][T19914] EXT4-fs (loop2): Total free blocks count 0
[  433.071246][T19914] EXT4-fs (loop2): Free/Dirty block details
[  433.077250][T19914] EXT4-fs (loop2): free_blocks=128
[  433.082516][T19914] EXT4-fs (loop2): dirty_blocks=0
[  433.087710][T19914] EXT4-fs (loop2): Block reservation details
[  433.094266][T19914] EXT4-fs (loop2): i_reserved_data_blocks=0
[  433.103106][T19890] EXT4-fs (loop5): 1 truncate cleaned up
[  433.109227][T19890] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  433.185956][T19890] EXT4-fs error (device loop5): ext4_ext_precache:632: inode #15: comm syz.5.5534: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  433.294072][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  433.325992][ T8575] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  433.335096][ T8575] bond_slave_0: left promiscuous mode
[  433.341873][ T8575] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  433.355482][ T8575] bond_slave_1: left promiscuous mode
[  433.366850][ T8575] $Hÿ (unregistering): (slave dummy0): Releasing backup interface
[  433.376496][ T8575] dummy0: left promiscuous mode
[  433.384886][ T8575] $Hÿ (unregistering): Released all slaves
[  433.397836][T19874] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.405156][T19874] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.414127][T19874] bridge_slave_1: entered allmulticast mode
[  433.421323][T19874] bridge_slave_1: entered promiscuous mode
[  433.438861][T19932] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5545'.
[  433.456309][ T8575] tipc: Disabling bearer <udp:syz1>
[  433.461628][ T8575] tipc: Left network mode
[  433.470816][T19935] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5547'.
[  433.483918][T19874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  433.511186][T19874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  433.608639][ T8575] hsr_slave_0: left promiscuous mode
[  433.619997][ T8575] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  433.627516][ T8575] batman_adv: batadv0: Removing interface: batadv_slave_0
[  433.664748][ T8575] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.672501][ T8575] batman_adv: batadv0: Removing interface: batadv_slave_1
[  433.701540][ T8575] veth1_macvtap: left promiscuous mode
[  433.707238][ T8575] veth0_macvtap: left promiscuous mode
[  433.721101][ T8575] veth1_vlan: left promiscuous mode
[  433.733138][ T8575] veth0_vlan: left promiscuous mode
[  433.869946][ T8575] team0 (unregistering): Port device team_slave_1 removed
[  433.889744][ T8575] team0 (unregistering): Port device team_slave_0 removed
[  433.928599][T19874] team0: Port device team_slave_0 added
[  433.936252][T19874] team0: Port device team_slave_1 added
[  433.967202][T19962] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5558'.
[  433.996600][T19874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.003791][T19874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.029952][T19874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  434.082279][T19874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  434.089269][T19874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.115596][T19874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.182284][T19874] hsr_slave_0: entered promiscuous mode
[  434.221919][T19874] hsr_slave_1: entered promiscuous mode
[  434.232398][T19874] debugfs: 'hsr0' already exists in 'hsr'
[  434.238335][T19874] Cannot create hsr debugfs directory
[  434.248206][T19964] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.317797][T19974] loop5: detected capacity change from 0 to 512
[  434.333359][T19964] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.343558][T19974] EXT4-fs: Ignoring removed mblk_io_submit option
[  434.350400][T19974] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  434.410818][T19974] EXT4-fs (loop5): 1 truncate cleaned up
[  434.422376][T19974] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  434.450271][T19964] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.480145][T19956] loop2: detected capacity change from 0 to 512
[  434.487647][T19956] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  434.507101][T19956] EXT4-fs (loop2): 1 truncate cleaned up
[  434.513835][T19956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  434.543068][T19964] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.664312][ T8581] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  434.674117][ T8581] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  434.702092][ T8581] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  434.710548][ T8581] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  434.780471][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  434.803070][T19874] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  434.817163][T19874] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  434.829800][T19874] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  434.873613][T19874] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  434.972636][T19874] 8021q: adding VLAN 0 to HW filter on device bond0
[  434.985506][T19874] 8021q: adding VLAN 0 to HW filter on device team0
[  435.098151][T20016] rdma_rxe: rxe_newlink: failed to add lo
[  435.119480][T20014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5571'.
[  435.132311][ T8575] bridge0: port 1(bridge_slave_0) entered blocking state
[  435.139656][ T8575] bridge0: port 1(bridge_slave_0) entered forwarding state
[  435.149557][ T8575] bridge0: port 2(bridge_slave_1) entered blocking state
[  435.156910][ T8575] bridge0: port 2(bridge_slave_1) entered forwarding state
[  435.333153][T19874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  435.342297][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  435.373988][T20034] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5580'.
[  435.399964][T20027] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.422929][T20037] loop5: detected capacity change from 0 to 512
[  435.429994][T20037] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  435.443665][T20027] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.443928][T20037] EXT4-fs (loop5): 1 truncate cleaned up
[  435.460197][T20037] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.478725][T20037] EXT4-fs error (device loop5): ext4_ext_precache:632: inode #15: comm syz.5.5581: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  435.510536][T17399] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  435.529822][T20027] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.571096][T19874] veth0_vlan: entered promiscuous mode
[  435.579428][T19874] veth1_vlan: entered promiscuous mode
[  435.586775][T20027] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.608424][T19874] veth0_macvtap: entered promiscuous mode
[  435.615830][T19874] veth1_macvtap: entered promiscuous mode
[  435.631355][T19874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  435.661221][T19874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  435.672927][ T8573] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  435.685088][ T8573] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  435.698453][ T8589] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  435.715899][ T8553] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  435.844931][T20069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5590'.
[  435.882638][T20071] smc: net device bond0 erased user defined pnetid SYZ0
[  435.886163][T20072] loop6: detected capacity change from 0 to 512
[  435.898397][T20072] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  435.913501][T20072] EXT4-fs (loop6): 1 truncate cleaned up
[  435.919969][T20072] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.936111][T20072] EXT4-fs error (device loop6): ext4_ext_precache:632: inode #15: comm syz.6.5591: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964)
[  435.976345][T19874] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  436.014932][T20081] FAULT_INJECTION: forcing a failure.
[  436.014932][T20081] name failslab, interval 1, probability 0, space 0, times 0
[  436.027712][T20081] CPU: 1 UID: 0 PID: 20081 Comm: syz.6.5595 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  436.027862][T20081] Tainted: [W]=WARN
[  436.027870][T20081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  436.027883][T20081] Call Trace:
[  436.027891][T20081]  <TASK>
[  436.027899][T20081]  __dump_stack+0x1d/0x30
[  436.027923][T20081]  dump_stack_lvl+0xe8/0x140
[  436.027994][T20081]  dump_stack+0x15/0x1b
[  436.028013][T20081]  should_fail_ex+0x265/0x280
[  436.028041][T20081]  should_failslab+0x8c/0xb0
[  436.028108][T20081]  kmem_cache_alloc_node_noprof+0x57/0x320
[  436.028151][T20081]  ? __alloc_skb+0x101/0x320
[  436.028210][T20081]  __alloc_skb+0x101/0x320
[  436.028235][T20081]  netlink_alloc_large_skb+0xba/0xf0
[  436.028261][T20081]  netlink_sendmsg+0x3cf/0x6b0
[  436.028450][T20081]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.028488][T20081]  __sock_sendmsg+0x142/0x180
[  436.028523][T20081]  ____sys_sendmsg+0x31e/0x4e0
[  436.028550][T20081]  ___sys_sendmsg+0x17b/0x1d0
[  436.028671][T20081]  __x64_sys_sendmsg+0xd4/0x160
[  436.028704][T20081]  x64_sys_call+0x191e/0x2ff0
[  436.028794][T20081]  do_syscall_64+0xd2/0x200
[  436.028829][T20081]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  436.028862][T20081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.028887][T20081] RIP: 0033:0x7f5afbe8ec29
[  436.028964][T20081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.029071][T20081] RSP: 002b:00007f5afa8ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  436.029093][T20081] RAX: ffffffffffffffda RBX: 00007f5afc0d5fa0 RCX: 00007f5afbe8ec29
[  436.029107][T20081] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000005
[  436.029122][T20081] RBP: 00007f5afa8ef090 R08: 0000000000000000 R09: 0000000000000000
[  436.029135][T20081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.029149][T20081] R13: 00007f5afc0d6038 R14: 00007f5afc0d5fa0 R15: 00007ffe9a70b998
[  436.029231][T20081]  </TASK>
[  436.419066][T20093] 9pnet_fd: Insufficient options for proto=fd
[  436.751097][   T29] kauditd_printk_skb: 227 callbacks suppressed
[  436.751117][   T29] audit: type=1326 audit(1758346971.564:27592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.782649][   T29] audit: type=1326 audit(1758346971.564:27593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.806322][   T29] audit: type=1326 audit(1758346971.564:27594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.830328][   T29] audit: type=1326 audit(1758346971.564:27595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.854057][   T29] audit: type=1326 audit(1758346971.564:27596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.877827][   T29] audit: type=1326 audit(1758346971.564:27597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.901786][   T29] audit: type=1326 audit(1758346971.564:27598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.925440][   T29] audit: type=1326 audit(1758346971.564:27599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.949255][   T29] audit: type=1326 audit(1758346971.564:27600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  436.973192][   T29] audit: type=1326 audit(1758346971.564:27601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20116 comm="syz.2.5610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=247 compat=0 ip=0x7f3107a9ec29 code=0x7ffc0000
[  437.438709][T20120] pim6reg1: entered promiscuous mode
[  437.444237][T20120] pim6reg1: entered allmulticast mode
[  437.500544][T20122] FAULT_INJECTION: forcing a failure.
[  437.500544][T20122] name failslab, interval 1, probability 0, space 0, times 0
[  437.513516][T20122] CPU: 1 UID: 0 PID: 20122 Comm: syz.0.5612 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  437.513628][T20122] Tainted: [W]=WARN
[  437.513634][T20122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  437.513642][T20122] Call Trace:
[  437.513646][T20122]  <TASK>
[  437.513651][T20122]  __dump_stack+0x1d/0x30
[  437.513667][T20122]  dump_stack_lvl+0xe8/0x140
[  437.513680][T20122]  dump_stack+0x15/0x1b
[  437.513768][T20122]  should_fail_ex+0x265/0x280
[  437.513785][T20122]  should_failslab+0x8c/0xb0
[  437.513801][T20122]  kmem_cache_alloc_noprof+0x50/0x310
[  437.513819][T20122]  ? skb_clone+0x151/0x1f0
[  437.513837][T20122]  skb_clone+0x151/0x1f0
[  437.513928][T20122]  __netlink_deliver_tap+0x2c9/0x500
[  437.513948][T20122]  netlink_unicast+0x66b/0x690
[  437.513964][T20122]  netlink_sendmsg+0x58b/0x6b0
[  437.513982][T20122]  ? __pfx_netlink_sendmsg+0x10/0x10
[  437.514016][T20122]  __sock_sendmsg+0x142/0x180
[  437.514036][T20122]  ____sys_sendmsg+0x31e/0x4e0
[  437.514055][T20122]  ___sys_sendmsg+0x17b/0x1d0
[  437.514086][T20122]  __x64_sys_sendmsg+0xd4/0x160
[  437.514106][T20122]  x64_sys_call+0x191e/0x2ff0
[  437.514120][T20122]  do_syscall_64+0xd2/0x200
[  437.514201][T20122]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  437.514217][T20122]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  437.514240][T20122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.514254][T20122] RIP: 0033:0x7f1771aaec29
[  437.514266][T20122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.514278][T20122] RSP: 002b:00007f177050f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  437.514302][T20122] RAX: ffffffffffffffda RBX: 00007f1771cf5fa0 RCX: 00007f1771aaec29
[  437.514311][T20122] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000008
[  437.514399][T20122] RBP: 00007f177050f090 R08: 0000000000000000 R09: 0000000000000000
[  437.514413][T20122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.514421][T20122] R13: 00007f1771cf6038 R14: 00007f1771cf5fa0 R15: 00007fff57b3c208
[  437.514433][T20122]  </TASK>
[  437.749584][T20124] 9pnet_fd: Insufficient options for proto=fd
[  437.814751][T20137] smc: net device bond0 applied user defined pnetid SYZ1
[  437.822708][T20137] smc: net device bond0 erased user defined pnetid SYZ1
[  437.976030][T20150] pim6reg1: entered promiscuous mode
[  437.981624][T20150] pim6reg1: entered allmulticast mode
[  438.117180][T20159] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5629'.
[  438.148743][T20168] smc: net device bond0 applied user defined pnetid SYZ1
[  438.157432][T20168] smc: net device bond0 erased user defined pnetid SYZ1
[  438.346475][ T8589] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  438.357561][T20177] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5637'.
[  438.375293][ T8589] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  438.393105][ T8589] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  438.404879][ T8589] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  438.417672][T20179] pim6reg1: entered promiscuous mode
[  438.423095][T20179] pim6reg1: entered allmulticast mode
[  438.454467][T20187] rdma_rxe: rxe_newlink: failed to add lo
[  438.594473][T20194] loop2: detected capacity change from 0 to 512
[  438.602210][T20194] EXT4-fs (loop2): orphan cleanup on readonly fs
[  438.609323][T20194] EXT4-fs warning (device loop2): ext4_xattr_inode_get:556: inode #11: comm syz.2.5646: EA inode hash validation failed
[  438.623759][T20194] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  438.637455][T20194] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.5646: corrupted inode contents
[  438.651265][T20194] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #15: comm syz.2.5646: mark_inode_dirty error
[  438.663469][T20194] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.5646: corrupted inode contents
[  438.675904][T20194] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2991: inode #15: comm syz.2.5646: mark_inode_dirty error
[  438.688387][T20194] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2994: inode #15: comm syz.2.5646: mark inode dirty (error -117)
[  438.701228][T20194] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[  438.710426][T20194] EXT4-fs (loop2): 1 orphan inode deleted
[  438.716874][T20194] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  438.869236][T20208] smc: net device bond0 applied user defined pnetid SYZ1
[  438.878819][T20208] smc: net device bond0 erased user defined pnetid SYZ1
[  439.439327][T12171] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.541176][T20234] loop6: detected capacity change from 0 to 512
[  439.548074][T20234] EXT4-fs: Ignoring removed mblk_io_submit option
[  439.555108][T20234] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  439.574867][T20234] EXT4-fs (loop6): 1 truncate cleaned up
[  439.581657][T20234] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  439.841257][T20241] loop5: detected capacity change from 0 to 8192
[  440.098941][T20234] ==================================================================
[  440.107085][T20234] BUG: KCSAN: data-race in touch_atime / touch_atime
[  440.113991][T20234] 
[  440.116422][T20234] write to 0xffff8881198ad2e0 of 4 bytes by task 20237 on cpu 0:
[  440.124587][T20234]  touch_atime+0x1e8/0x340
[  440.129047][T20234]  filemap_splice_read+0x6ba/0x740
[  440.134266][T20234]  ext4_file_splice_read+0x8f/0xb0
[  440.139416][T20234]  splice_direct_to_actor+0x26c/0x680
[  440.144978][T20234]  do_splice_direct+0xda/0x150
[  440.149767][T20234]  do_sendfile+0x380/0x650
[  440.154208][T20234]  __x64_sys_sendfile64+0x105/0x150
[  440.159696][T20234]  x64_sys_call+0x2bb0/0x2ff0
[  440.164572][T20234]  do_syscall_64+0xd2/0x200
[  440.169119][T20234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.175128][T20234] 
[  440.177469][T20234] read to 0xffff8881198ad2e0 of 4 bytes by task 20234 on cpu 1:
[  440.185194][T20234]  touch_atime+0x194/0x340
[  440.189994][T20234]  filemap_splice_read+0x6ba/0x740
[  440.195140][T20234]  ext4_file_splice_read+0x8f/0xb0
[  440.200377][T20234]  splice_direct_to_actor+0x26c/0x680
[  440.205773][T20234]  do_splice_direct+0xda/0x150
[  440.210565][T20234]  do_sendfile+0x380/0x650
[  440.215022][T20234]  __x64_sys_sendfile64+0x105/0x150
[  440.220258][T20234]  x64_sys_call+0x2bb0/0x2ff0
[  440.224964][T20234]  do_syscall_64+0xd2/0x200
[  440.229537][T20234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.235601][T20234] 
[  440.237939][T20234] value changed: 0x35ead87c -> 0x36836efc
[  440.243673][T20234] 
[  440.246004][T20234] Reported by Kernel Concurrency Sanitizer on:
[  440.252514][T20234] CPU: 1 UID: 0 PID: 20234 Comm: syz.6.5660 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  440.264005][T20234] Tainted: [W]=WARN
[  440.267823][T20234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  440.278067][T20234] ==================================================================
[  440.288496][T20248] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  440.583305][T19874] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.