last executing test programs:

27.377321485s ago: executing program 0 (id=184):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7c9320631babe739be5ededbe4f010f4546e7eea0fc01886752b519d37906f7ca7140d22bc0584ffac34cf2e1794f444b6776867909c48b7a754ab0d47565e4f2facc05d816537"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3, 0x0, 0x2}, 0x18)
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0xa, 0x300)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_emit_ethernet(0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x4}]}, 0x10)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000040), 0x0, 0x0, 0x0)

27.264414674s ago: executing program 0 (id=185):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126121b2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bd9108c0b0b2ea7e556948f0367aff4fbcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6b9db45bad354fc1a3f20407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41fb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090a34aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5dce4d43f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9050000000000000078db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c2060000000000000034b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e0b1d2d62d1e57c9188e4882634476e62ab1b7415a58208eaaf166d14720092f79a6197fe8b4ea7d5485cc6b3630afed8d3403cfa4d7bf48efb371706e0e65901eea3743c98261cbb7a246cf62f99bbc918741d32539ec0754e7d7f08dd45aaf49623342eabf466e54d8da4346e73da54ba2e4b5e2ae2823864d4147b490e55c9509f75c8828500ac32cab11b0262e75fa9e39e3792d01e0b210fdfb686bfffdc677432f6332c1a27502b43997060acdf7784c79fed0325e06f6b64b6434ebf4730509bcf95b9a1d0ba7c469d55351cc1dce6c90f5872e7ad5eed5f850d9d1f928b4e0263b241e8fe03e5e66252c8a3bd320e8deee5b91c653b8f22f58cff36c2ba4d6774f14229939595d2beb998c9312212de00468fc488591aca07ab75fba4a318d3ee4581711927b77a7f14dbcd639892f8cb0000000000000080411736eb1ee86eec338197a56293c9cdb72e84155681553b896d58b62a96852320e74dc4c9b41d6f90d2353dc573a94a092a84209c12da57f8c78e161b0899eb1c8b694d26c5fbf7f65fefacdbf39151f335dddc3b179a13f6de93ffb338e94738c86e35e9fcc654e4d6618dc1201cbd16e1281df911e6c699da16fbbb7a2e5c77966c98d3e7edd58cabfe6bf1bb7f6329084e3e4a2a36da07bbac3ebc00472f55b7966f250109fcce0ad5d4526d20ef74d1a634d724"], &(0x7f0000000080)='GPL\x00', 0x5, 0x9f, &(0x7f00000002c0)=""/159, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0xfffffffd, 0x5}, 0x10}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r4, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r5}, 0x9)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_ext={0x1c, 0x9, &(0x7f0000000680)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000780)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x12542, r3, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})

27.239420696s ago: executing program 0 (id=186):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYRES64=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r2, &(0x7f0000000380)={0xa, 0x4e22, 0xfffffffe, @empty, 0x4}, 0x1c)
r3 = dup2(r2, r2)
r4 = getpgid(0x0)
syz_pidfd_open(r4, 0x0)
r5 = getpgid(0xffffffffffffffff)
kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r1, &(0x7f0000000000)={r3, r1, 0x6})
write$tun(r3, 0x0, 0x46)

27.205721619s ago: executing program 0 (id=187):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff}, 0x50)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
fremovexattr(0xffffffffffffffff, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00')
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r5, &(0x7f0000004200)='t', 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x18)
eventfd2(0x9, 0x800)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000bc0)='kmem_cache_free\x00', r7, 0x0, 0x2}, 0x18)
r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
write$binfmt_register(r8, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b)
sendfile(r5, r2, 0x0, 0x3ffff)
sendfile(r5, r2, 0x0, 0x7ffff000)
connect$inet(0xffffffffffffffff, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa467", 0xb1, 0x52, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
readahead(r9, 0x7, 0x9)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000140)={0x0, 0x5}, 0x0)
fcntl$F_GET_RW_HINT(r4, 0x40b, &(0x7f0000000040))

26.719340108s ago: executing program 0 (id=196):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r3, 0x0, 0x5}, 0x18)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x150, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x0, 0x0, 0x0, 0x6c, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x0, 0x1}, {}, 0x70bd2c, 0x3500, 0xa, 0x0, 0x0, 0x50}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}]}, 0x150}, 0x1, 0x0, 0x0, 0x880}, 0x2000)

26.248621886s ago: executing program 0 (id=203):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x5c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_AUTORATE={0x8}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x3}, @TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_INGRESS={0x8}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r2, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

26.248086156s ago: executing program 32 (id=203):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x5c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_AUTORATE={0x8}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x3}, @TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_INGRESS={0x8}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r2, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

7.073484488s ago: executing program 2 (id=449):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000009"], 0x64}}, 0x0)

7.060457419s ago: executing program 2 (id=450):
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000028ca00e8c0ee927cca7a5858f2ca504a949b12c60000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000feffffff0000000008000000850000008dba5b00000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000185000000a000000000000000000000095000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x402, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
r4 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
copy_file_range(r4, 0x0, r4, 0x0, 0x101, 0x0)
syz_open_dev$usbfs(0x0, 0x204, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x40081)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
getpeername$inet6(r6, 0x0, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYRESHEX=r2, @ANYRESHEX=r3, @ANYBLOB="fa992c0ea1115528ce2b9c2395c178b46074c53df7352601238e622fa6a1ed4935cb911b3b3fd530f5c4a16082e342baf802d39855412f110fbf17095f2596ac2352172fe6ac906302177f1ec392332f43edd9365d640042eb47690aedb49c89"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r9}, 0x10)
epoll_create(0x2)
r10 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0xf0)
pwritev2(r10, &(0x7f0000000100), 0x0, 0x5412, 0x0, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

6.348406726s ago: executing program 2 (id=458):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f00000011c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095000000000000009957"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)

6.166164241s ago: executing program 2 (id=461):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c094, 0x2, @perf_config_ext={0x9, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@nojournal_checksum}, {@barrier_val={'barrier', 0x3d, 0x10002}}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@dioread_nolock}, {@nobarrier}, {@abort}, {@nogrpid}, {@norecovery}, {@errors_remount}]}, 0x1, 0x57d, &(0x7f0000000580)="$eJzs3d9rW1UcAPDvTX9s66brYAwVkcIenOjStfXHBMH5KDoc6PssbSyj6TKadKx1sO3BvfgiQxBxID74pu8+Dv8B/4qBDoeMog++VG5602ZLsmZZ1mTm84Fbzrk/es43956Tc3NuSAADayL9k4t4PiK+SiIORkSSbRuObOPE5n7r9y7PpUsSGxsf/5VU90vztf9VO25/lnkuIn79IuLVXGO55dW1xdlisbCc5ScrSxcmy6tDcW5pdqGwUDg/PTNz8o2Z6bfferNrsb5y5p9vP7r1/skvj65/8/OdQzeSOBUHsm31cTyGq/WZiZjIXpOROPXAjlNdKKyfJL2uAB0Zytr5SKR9wMEYylo98P93JSI2OvVux0cCfSHpvP0DT7XaOKB2b9+l++Cnxt33Nm+AGuMf3vxsJPZW743G1pP77ozS+93xLpSflvHLHzdvpEt073MIgB1dvRYRJ4aHG/u/JOv/OneijX0eLEP/B7vnVjr+ea3Z+Ce3Nf6JJuOf/U3abid2bv+5O10opqV0/PdO0/Hv1qTV+FCWe6Y65htJPjtXLKR927MRcSxG9qT5h83nnFy/vdFqW/34L13S8mtjwawed4b33H/M/Gxl9nFirnf3WsQLTce/ydb5T5qc//T1ONNmGUcKN19qtW3n+J+sjR8iXm56/rdntJLt+cm1443zk5PV62GydlU0+vv6kd9ald8Y/2jsZvzp+R97ePzjSf18bfnRy/h+77+FVtvuiz/av/5Hk0+q6dFs3aXZSmV5KmI0+bBx/fT2sbV8bf80/mNHH97/Nbv+90XEp23Gf/3wTy+2FX8Prv80/vlHOv+Pnrj9wefftSq/vf7v9WrqWLamnf5vp3qNdXw1AwAAAAAAQP/KRcSBSHL5rXQul89vPt9xOMZyxfHN5z9iPqrflR2PkVxtpvtg3fMQU9nzsLX89AP5mYg4FBFfD+2r5vNzpeJ8r4MHAAAAAAAAAAAAAAAAAACAPrG/xff/U78P9bp2wBPnJ79hcO3Y/rvxS09AX/L+D4NL+4fBpf3D4NL+YXDVtf89vawHsPu8/8Pg0v5hcGn/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0FVnTp9Ol431e5fn0vz8xdWVxdLF4/OF8mJ+aWUuP1davpBfKJUWioX8XGlpp/9XLJUuTE3HyqXJSqFcmSyvrp1dKq2cr5w9tzS7UDhbGNmVqAAAAAAAAAAAAAAAAAAAAODpUl5dW5wtFgvLEhIdJYb7oxqbifSSrltzpZYY7XXFmiT+/LEvqtEq0eueCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2/RcAAP//NFYwZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r0, 0x0)
r1 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x0, 0x1})
io_uring_enter(r2, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

5.381342885s ago: executing program 2 (id=471):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r2}, 0x9)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
r4 = dup2(r3, r3)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})

5.176412132s ago: executing program 2 (id=480):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
socket$rxrpc(0x21, 0x2, 0xa)
r0 = syz_io_uring_setup(0x1185, &(0x7f0000000140)={0x0, 0x7492, 0x800, 0x2, 0x1f7}, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000300))
move_pages(0x0, 0x1ffffffffffffc17, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

2.835863691s ago: executing program 3 (id=513):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018ed8, &(0x7f0000000180)={[{@sysvgroups}, {@noload}, {@nobh}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {@errors_continue}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xcb, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8, r3, 0x7}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x5)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, 0x80500, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6}, 0x100388, 0x10000, 0x8, 0x8, 0x8, 0x20005, 0xb, 0x0, 0x8, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r4, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x4, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x2}]}}, 0x0, 0x2a}, 0x28)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x20, 0x499, 0x6})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x8, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={0x0, 0x7}, 0x1, 0x10008, 0x8, 0x1, 0x8, 0xa0002, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$netlink(0x10, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f0200c00e7f4e32f61bcdf1e422000000000100800000000000001000aadc28da3457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004000000000024c41eea2be949209da9097f3f5cee7e097383ec4bfaf66a24bfff8479b2542b381cf4f9e47caf18278ddcd7ca1cb804816594cf69ba8558c501685b0cb34e4f7c03b5e2ef96ff6cdef9d24035631abde7472a48fc8953f6878d83257c6aade11950535048efd128b5aa6a14d9fa421606c55c7cbc213727eeea1d21e9eb8f25e6d45f632c074f67a186e96da1e87957c45e80c9d9dc40d8e64973d3c5848eb3ca6f8b364d183000a146fb4e02e5dafb1760dc597dc749ea8ec815d65d", @ANYRES32=0x0, @ANYBLOB="0000008000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x50)
r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800180018110000ac00"/20, @ANYRESDEC=r5, @ANYRESDEC=r5], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r7}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.394190566s ago: executing program 3 (id=517):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x2000, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)

1.419261755s ago: executing program 3 (id=536):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_ext={0x1c, 0x9, &(0x7f0000000680)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x12542, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
r3 = dup2(r2, r2)
ioctl$BLKTRACESETUP(r3, 0x1276, 0x0)

1.380493478s ago: executing program 3 (id=538):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000380), &(0x7f0000000ac0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

1.379928568s ago: executing program 5 (id=539):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f0000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000380), &(0x7f0000000ac0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

1.373894279s ago: executing program 3 (id=540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0xfd84)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x5c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_AUTORATE={0x8}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x3}, @TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_INGRESS={0x8}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r2, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

1.299831285s ago: executing program 3 (id=541):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x4, 0x0, 0x7ffc1ffb}]})
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
r2 = inotify_init()
r3 = inotify_add_watch(r2, &(0x7f0000000240)='./file0\x00', 0x8c7)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@getneightbl={0x14, 0x42, 0x229}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x18d6, &(0x7f00000006c0)={0x0, 0x3, 0x1, 0xfffefffd, 0xad}, &(0x7f0000000640), &(0x7f0000ffe000))
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="26001f3b1200010a000000000000000007000006"], 0x26}}, 0x0)
r6 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
write$binfmt_elf32(r6, &(0x7f0000000040)=ANY=[@ANYRES64=r3], 0x69)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000200ff05142603600e12080005007a010401a80016002000034004110000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0)
socket$key(0xf, 0x3, 0x2)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
r8 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r8, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x13, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd07e}, [@printk={@p, {0x3, 0x2, 0x3, 0xa, 0x0}, {0x5}, {}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, @printk={@p, {0x3, 0x3, 0x6}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffff9}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.262198078s ago: executing program 5 (id=542):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1)

1.154937797s ago: executing program 5 (id=545):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xfffffffa, 0x3fe, 0x88001, 0x6, 0x3, "04ae080000000000007800000500080100", 0x4, 0x4000200})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x8)

1.10745019s ago: executing program 4 (id=546):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f00000011c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095000000000000009957"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)

1.011931988s ago: executing program 5 (id=548):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018ed8, &(0x7f0000000180)={[{@sysvgroups}, {@noload}, {@nobh}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {@errors_continue}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xcb, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x8, r3, 0x7}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x5)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, 0x80500, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6}, 0x100388, 0x10000, 0x8, 0x8, 0x8, 0x20005, 0xb, 0x0, 0x8, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r4, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x4, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x2}]}}, 0x0, 0x2a}, 0x28)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x20, 0x499, 0x6})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x8, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={0x0, 0x7}, 0x1, 0x10008, 0x8, 0x1, 0x8, 0xa0002, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f0200c00e7f4e32f61bcdf1e422000000000100800000000000001000aadc28da3457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004000000000024c41eea2be949209da9097f3f5cee7e097383ec4bfaf66a24bfff8479b2542b381cf4f9e47caf18278ddcd7ca1cb804816594cf69ba8558c501685b0cb34e4f7c03b5e2ef96ff6cdef9d24035631abde7472a48fc8953f6878d83257c6aade11950535048efd128b5aa6a14d9fa421606c55c7cbc213727eeea1d21e9eb8f25e6d45f632c074f67a186e96da1e87957c45e80c9d9dc40d8e64973d3c5848eb3ca6f8b364d183000a146fb4e02e5dafb1760dc597dc749ea8ec815d65d", @ANYRES32=0x0, @ANYBLOB="0000008000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x50)
r7 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800180018110000ac00"/20, @ANYRESDEC=r5, @ANYRESDEC=r5], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r8}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.011147168s ago: executing program 1 (id=549):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_ext={0x1c, 0x9, &(0x7f0000000680)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x12542, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
r3 = dup2(r2, r2)
ioctl$BLKTRACESETUP(r3, 0x1276, 0x0)

962.900702ms ago: executing program 1 (id=550):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f00000011c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095000000000000009957"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)

935.507484ms ago: executing program 4 (id=551):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="060000000400000002000000"], 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002500)={{0x14}, [@NFT_MSG_NEWRULE={0x1530, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1504, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_LIMIT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}}}, {0x14d8, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x14c8, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0x22}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_RANGE_TO_DATA={0x12e0, 0x4, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xd6, 0x1, "1d79e112ea1db0382794a01785e1da6b4ffc3182df44e74ffcc5d7a3af298fa8339395f8bb19eaaafaa376fce305dc956c8b1051b73e658e309bc4cd63ea4b32d7283e1dc4d8d5de7d5b207add3ed8d7d2a35cbbb55e641bd0e5ece3928ed48911b247a44fdedcf047b3ebb84ee4f84a9d1cffccad9f176314e67d0732222408f97f9f1574c960c6c2c9383532056a6a805e1d09f206a6d85fba5ff8b405420d3a49368a051b6c13999efa64fa7f2ff20fa14baf56ec631ed9a6af196fd03954c3f0038fb184da788cd647c8052622a20e9d"}, @NFTA_DATA_VALUE={0xdd, 0x1, "9aa9e9c99b0f1fd25bfef4b88dbf3e0fa9450de8e3c0ed0898cf08e215b80e54b27075798139708a32aef4a4690afb0d9e3112bedf3b76ebefea0dcecd9273daea6842a446b8a31c2982da165de1d1bbc17bfa36fcc1b4cc9e7b1762dea54df61a9587d8bebee06b56538d7b7ea22aadf0176516ce226204a1bd5263831e1411ef9cdc4d99ad676acc75c7ab4a629dde372264d065f6cba0522df29cf3c0f3631af2f9a6714da668bce48b8603ef7f5115dbefe4e8823828471877cc5516f07c532ba9e72d1533389b6153a287c075aaa95b5a6ee65256039c"}, @NFTA_DATA_VALUE={0x1004, 0x1, "21d3231065b156b4e81c4fde9e070ce17dfbdb314e26a386854f6a216143feddc5016679fd46912451a12a864e80f436578b41bed6eb0bbba98cafd315e9870dbc4d04d3a23a10985da80152a51a9ecb7f4d01eca15adc805696b48aa2e7d729a72b7c492eb93533138830a5b2aeff9dcfe4ce354f7ab27981c74a9b5f5f624c00db536b90101484eb0d475f87022ec3bed24b79739fcc9f69129466ac1b2f87232c768e57605f6954b0dd70054d5342068c29c6815424927291827e5b3debcbe1cc093672b0fb3491dc4a7eb8524199afaeb65c6e527e8b1df151e15299b8ea6df03b0a69f2ac12488b232ccb85745f01239bb13765f13728bffb576e2dd59bf88097bd375b54303063b1b37496c636cb246529e8d7e1cfe46317225b72d9a616fbc787db6263319df41ecc3242f1011612bd949cd1861ea017484a4b732812bd35eaf4a76b248f26d03d8a7c5982647a07a7fd6ef146b541315a591bac85ec3885188db07641286dd33bbacf63c7a0870f7e6f338534ff28c249959bd5fbd93879cd98d15e9a84d47fbc02281e9e71f546e83c4f50fe1d1cbb1529753f1083752e48c4faac0f57d2180739d0b7173d26553f346e92d64b593ebdab3d97c02d2d6fcfcd0d39f740bcf46c99dc3d0fa78d5dc73f323465c7d30cf3ac5c5ea037b444358e1b2c33eae2717fcc60f5c465db855551d98b55b1b306de86afe99a854f9dffe84be5cc5b049d87a7a2d1cab4d31ae568232e27f4825d554ea735892a50bd1d0c9b357e4a8bc8ef9d264af12bbbf1ebac6f5d9a8b79b56cea2249336d5541bba4c2b104beb9016aead10ce9d3bc199058dbf9c2282c795acfbd3ff0a4389d180dafc4a52fd29010f960278e03e714b667b354fcc678d7f59dfdcd418da2ee887cb5c5a985a152499716900c52647937a483dc1a43108453d2ecaf2c5abffa198b7660e95bc51e0dbb43130a90d1771ae91fd72d66ee86a2a920a8e0bf68a29e6deea3c5e9d389e470593c359011fca41f48bfb37908068fcbf83e891082e1c8575046b850d51a6c7baf8b215e09ffbea82de8cc9dfc77d72be88f7ce7925114acb138f4a9619076e3d3032ca1127864813c6f773eed861ce2e58d9dac80dc5057181e62b8d0cddc0ea1e8cf38d8061a8b5f19c19b3cddaa4137de355f1bf7fc549f1c6fe3179de1377096a93490f0f3f30ab3e92d7eb459d918a6a7e15354d7c8b42f2af28bdd2dcf668375bcc89dc700e491948992e9b26c6b39cea4ffaf9c92c9178699bb96a428dfeece589f5f83254d3be3499ce99d940a3ea3c9884f6edf0fa86b40134e0fcf2b6f14a66266f8877cbd152a8d20772868c9004315e904cb5f60009a392940710ce84868cee711d2f322a3edac1c1f804655156d09df94757ee24388f8c409b8ea97b07f566b1d17a84e64d50ceb44e1babf0f968d51c4b9553d409eb503b0a8e3ffcda23dd286833f88844de81f3bb37a94315910e14672bb34af3332591ff91ff5342a09481c838b7de636c4c479396d4120837d0d9436b79204a40cbba90b37fb4411e47049d5dff4ce23eaf52491210a1cf8d290d83ed8d60eedcb055cfbaae35a7bfc38bcfaf6db24ad50e12cd404efadc57ae5aa623663dc1f528187d8b75c648996ea5b0cf064a2ff4f2781c672135c23995a0445d752fa9c4b07d46ea0f4115fe318a849d8d1d098ba6e1ecc0f1c134c447a73a84c22ece8ba9e19d750f6cde758cb51b81f5c2678722fc63e3f4e75eb565763c7979ca84440f5b4351052a77ae6418318529825540c4c96f56816f26f796ff6947791aa29f319a788f5c54fe00da73be39082a32e2558add051c4be3545dc407426047158d7cd9095f0b0254355b5008e316eadb73ac2251837a905b70bd19f6cca44cebb51313f28c48ea02a833cb6c21e8430011be4e7929bb3e3d662f81dfb0ed39e2fb360d8f7954dac2e71371115ad5015fb73e7e84188478fdb574d90d5195994f57a2cf0cdbdd42886cc9570097cf7fe18fcfdc3beb7edbb7f81923efa295f48ba9d315ff15d1b47ed148d4e0ef8c0807851a4e1ec1548d565b4bbe15d7903c45b75e83e845085d9dbea0b7b583ae0ac7fd26d0b85111f9acc96f45e1acfa5f5e20e1657a62c0da6144ad97cb1037ae6452edd89bf74b31c30ca552093c1bed939a31c1cc2647cbd54d672f773518dbc384a6b420f52f50965ca12739a43911cdd5866c9bab9992c8d1d57ae3397caf21d74f64dd6ea061d2e22ea2b7e7175f6a67c437a10afe8285b2328e948ba2e19daa79612fae8d4252d7b48f50bff5f22e504cb8dca92685520a9e97c5c839221864eef14538cc6a6bc10b8a9cc495d83485593e00736bd72982374d01b52ff8f58b9f3655d0ede57a59361cb289c809c0bd3a608fab9fbfea0f0ca671deff78332afc1c380fc7914197deccb26e507ad4b7ead9f8ccf6fc3d19e71b5d7399db0143da1bd4273fe4b53c1946eb1bb16fffe015946c2e175a930b6f2004e7f72a545098fddc9b98931406e4f1f5304fd17324c024c29b38613ff49729ff965915694a7c1e82cdf78c901cf4a1b43953e7676d6634293061fdd61311bcb93f66a0a8f0c1fa409082e8482e4811e46d0400f3313292c5e289280046fa6037d1797ca03f31339e326a158a2cb1abd61da65580cf34e1f08c038b433d5b62b868da38d483db29cde8e519d9afce95da261f5eaf853de850403b109fc721147db3bf715be0a7aab18b03b747d6ac3e09a6021bbe189f91c2aebae08dbe14a23eaaccd82b7f0bb39a3ae9cd261990ec576f18d26369388b958cda8a886518f027976fa03213266ee28d45e4b1b1e2e46cf30cd932b402d6f7a169b8417e9329eeaa9ba2efcfcc518fdaf9df52ac3f4ec29aec82c427768813ae5017645cdbd5d1813847668d62eee617288ebc8bb2acf18fc29edcc7ce54539b1b854b30d4aa2552341be48e3e2e953b2a1eb74558f369a39ec4c19a563c6d016ae42cf5c603222c1b7853d119ce8a11144c24a59903ac43bf0d06d1f0fd69d5fe4f62e14c38d0fef969da277355e71fec99d7e4548516f18aa80e6ae076c5578bbdebbf1ab1cf56d54135feea1b56f0b21e02ce79d90b851319d9201858a5b01d99698a6540b9bc979fb62779cf404fe11db8323d7552349cfb287837d85cb0c03bd7b4a156b490812147526a7db451e7465b83efa5c4cd6fa4358b4136e24e546f76e8fef4a99cec0254d1fa68a7d596e411878b55a3b6b46c502a305c0d1f9ae3de5f42b12db2031fbdc043be97db4f91bf43298e3431fc1cff51576babed1355a8a39700108b6ad3d2a6e3928b937fc0b15487cfc5e6c2340bfa229a4cac95bd2a16656ddb50dde3256a9832c805a48efb11e7bb33720d8e9d2405dc69b2725440cbdf9899f569285782e083bb51529e6c5793006234d650d7406bac86491db2acf9910db48d922398d0552107584fd3ec23c10f1ec357c8726881bffdd028c2550d2eb1ba74f1b3591a63a69b1fd597b62b263b5e5002186efb097a5b43db244b13a4f5de3c6d717f039205c141da99eba64a8b7cd3ef30a6854abacdff72871d8c985d59743ecb84ed2602c1f605ac461316f8aaaba89a1af463bd0762c614a23629c9f0708edfeb6bedca96e6ecb0fd6f4baa1036947688e64bd93b7265c7f6c8334125a3e23e2025c039e8e1d1c5079b8803f32d54ad87e57ddb43f55bc14f547e766a6189b203d85ba275468be85959652808b7e3a21a9bf2abe1181d08ebc6e7c93c7bb9740bf002fbf382413edff368c1186c9435e015e7441ed6d69ddf30f1b852a650caef056ef0e7b067d4f805ecfab1434263bdff0cc232723c6cc9a236f33b3a3bbb999c370bc1122c5d77fe00caf5698208854a07cd8c895f4888f254072a57c9ec3fe250f08a37dda318af98cbe758d47bec5f8a575d4cffb659065819d25215152f909091bb700d8545975593d26c9e17ebad35dbc2df8f7f26ab63d0b5323b5eb194c3a40ce8708e56efbb8bfe9d6bb74813344a8b5722b475aeb5f03a9157dbd8e364003b22c8c14bd67e080e855817b9716ca2884d5148be06803190ef2fb97f724e25a0dae97d58caaa222d2ecde9ec342458c2003a5a47ac0a82ea1bd791726e4a8a8730b9dc4c05552c0b3888b8c5536baed906e7e9e27703895c833076dcc3a862d79e9797f25700c79f14ea5cc511afbb9d7d6d81fb5d73c85b9f3677ce4621d4c7d701278eb16d7a6538b8d8df9f7890ce43766d194786aac05e91d98b75ddc31eef27bb901bf2c63c00a8912c9b8ee749a7ea8a9ca9bd5d49798c6d4c418091af9d10dbea1a1576dd3a1a977db1409e71d432628264490018d42ff7224f53d0eba867359a4ce6c230c74aaa49cb0f1ee7d81cbb920bd599b86c1edabaea19058c65f10e6ac02a32c429c1fe5113ae21ffbda9e64de433d78c4d50ecf4ef842ea89de9976bd50f2add39794abdd32f458876ef8bb37294aa92bc0ea945ca0ecb3fbec127c983561ab98e825087ce3785fcecf8b0948f567adfed66b8ee859d5490aadbff856a7b06a6b120b86c5a9efc68336fd6ec60cd7b2928d6fe2510c424f21955c6eb50857c803f415103b0f212fcd4efecfe768aa9e62ebcb4d8d29b6c230f8256607218af07649471ff62c9ec99e58cf6fc91d4556c8cdb87a68b8c7697a17ce29089a46ea09bed3a6c5903b303ec09ea8e110d40a118f5b423b4bd11b09e21aa50933f4e799adcb5312a0cd05a4ae0f037ee44111a0aa38a8caabb9946c58b255b2ac7ccf28cd7fb3a354176428c2c4a14b2da0c84d94ef18ef1b559a20d32ff7d937806342a553c8a2acb470e280d1032cfb5b46d18983adf81873c3df8f5367b6efe8347fe6346cc8a049a12627346c67f7390bc115a5b43ebce62b8c5ae44970287550027f5203a4b382591e1e389f605ac0be5d67aa03aaa704fc741a0b8a18692fa99f702b332596986252c739d62e5e37f9857d0b3bf5e3b7943a6b12bf2439285e27ed77208348164731ae964cd63fb653247eb6135a7d5a18b318d7f4dfd59737a56e99099563729e3f52368300441f00de703ab808e2dcb8a151388abfb8b728959f1c5539c458b65270b3ae1e73e0fad0b74582b0efd2bbf8206810c3ab48011b29bd0260b820531314017df088801467efa144cbad6f113636806542a39b746af60cca2df80273dd46fb563c6a390ea6411778bee0ba6ff756da76d2981e67bb7b2e1f5de907f045ab4873250f8a6ef56d92e30e58f80f00360de06f0b247ba8e0fbb7ee21dbe1052abec28cada13925114ea1fbe79d0b38b895f6ef53089456f11387369f008b6a6dd543b362125b69890487d3114a944f6543d20c9009cfe1aa85871f6d438564c6745bb48ce72734937b607a589121f5f1a6edf487aa226630047cbd4943dd4fb1869e01b68829c41451ea15d7b394349bc0ec8c580c23f4f38176c72a12aa069f211ff36957191361ecaa7ef08788af78d6bbd0a964574318d63cae4fb97013c790312e090210cfd4a426bb28219a6be13e0a1737728ad23b9567d407ddadd1d5df627616aead03c6394716ff140b55f8ec048a3052d2bb71952a198be55f1d065a595b13aabe12f324f8cb177e7348f700fb20a1deb33c7521363725bc21d1c4d7590e0fd4710f97f9ead244bcfbb5352198fa0d11e3df79daf14db057808c0abcc2f14b9ad91dd99e0ba0a963df1bbed58c329c9692419ef6cc271db371bb83d2abc9459ccae5875fc4440698cfe0480fe584"}, @NFTA_DATA_VALUE={0x9a, 0x1, "2014fcb2b03f2e900747b44507891033af24c245b8f85a3c9f0731602799ef477681ae3a065c6e72ef4ac45191a0002f765a7ebf4d15195e46591cc77f078b8170f29537b93745c4adfb87fc88d5fa2c30b908686c89ebbc7007c540a77e68de3a8a2dc661eda2653e4e373850fa0cf39e49b0bf7fff0a5f9e1b2d3f444c201b730c6eb5677c09a70b786a2a238901f3451aeb47dd7f"}, @NFTA_DATA_VALUE={0x20, 0x1, "c5e8cff585b0eb6a92884a75f183a1b545a2deb9ede29e4eac8e74bf"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}, @NFTA_RANGE_FROM_DATA={0x1d4, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x59, 0x1, "554bf9fcf4a79aa88a6432fa9bbd0a8c00d48104251f2db3a7c96441b7edc144abe03e4de61fe89efa9f0b9b93256402fbf4289107b207eb68d524805b4f499cf89d98694e244db025ce9def011a8ccab19e761b88"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xc7, 0x1, "32b834a5a963b8da76e97afde6b81d0f89bd268fee05bccf53f4113dc2fbfdae8ef2975a5b2c447b83bbc85c5ac61e212a5308734753a539ca9a6393f664df52c577b4dcc16d3b603da295d35c5ba50fb7452706b4e49a8cf5b0add186d573c6548d29f62b878038458df4c15408c836b5a131ab578705a2627826f8e00c922eb5158e5506d729b9210a23b7673d5431bfdca105cec5497943c513731be29f8b5f529c79714702210ab92ae141ff787f2272518b5fd1dca5cb1191a21b9dd41b3806a8"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x1558}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

859.576691ms ago: executing program 4 (id=552):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

847.739151ms ago: executing program 1 (id=553):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7c9320631babe739be5ededbe4f010f4546e7eea0fc01886752b519d37906f7ca7140d22bc0584ffac34cf2e1794f444b6776867909c48b7a754ab0d47565e4f2facc05d816537"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000040), 0x0, 0x0, 0x0)

524.662627ms ago: executing program 4 (id=554):
openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
getrandom(0x0, 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = io_uring_setup(0x4d3f, &(0x7f0000000240)={0x0, 0xca6a, 0x40, 0x1, 0x6})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000040)=[@ioring_restriction_sqe_op={0x1, 0x19}, @ioring_restriction_sqe_op={0x1, 0x18}, @ioring_restriction_sqe_flags_required={0x3, 0x13}, @ioring_restriction_sqe_flags_allowed={0x2, 0x17}, @ioring_restriction_sqe_op={0x1, 0x11}, @ioring_restriction_register_op={0x0, 0x12}], 0x6)

484.351151ms ago: executing program 4 (id=555):
r0 = creat(&(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x48)
ioctl$KDADDIO(r0, 0x4b34, 0x4)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYRES64, @ANYRES32=r1, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=<r5=>r3, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=<r6=>0xffffffffffffffff, @ANYRES16=r5], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r8, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r9 = dup(r8)
write$P9_RLERRORu(r9, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r10 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_VIF(r10, 0x0, 0xcb, &(0x7f0000000580)={0xffffffffffffffff, 0x8, 0xfe, 0x43, @vifc_lcl_ifindex, @broadcast}, 0x10)
write$RDMA_USER_CM_CMD_SET_OPTION(r9, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES8=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
write$binfmt_elf64(r9, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r9])
open(&(0x7f00000001c0)='./file0\x00', 0x300, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_setup(0x0, 0xfffffffffffffffe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000040)='xen_cpu_write_idt_entry\x00', r11}, 0x18)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000003f80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
rename(&(0x7f0000000180)='./file2\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

482.093911ms ago: executing program 1 (id=556):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x109)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
sendfile(r0, r0, 0x0, 0xb)

481.558641ms ago: executing program 5 (id=557):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x4400, 0x0) (fail_nth: 8)

348.781852ms ago: executing program 1 (id=558):
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="b4050000000000007112180000000000bc2010000000a4219500000000000000dc4ac0a0a4ae4cda3898b8d7bffbb1096bd8cc7db4f70a82c93917f92bf81924b3416933cf0627d329c38d34965100"/90], &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
epoll_create1(0x80000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000004000000450000008814"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x20044000}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB='\a\x00', @ANYRES32, @ANYBLOB="08000400000000000c0003000000000000000100080005000000000008000100", @ANYRES32=0x0, @ANYBLOB="0800020000000000060006"], 0x50}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)

66.372475ms ago: executing program 5 (id=559):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
lstat(0x0, &(0x7f0000000100))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, 0x0, 0x0}, 0x20)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="160000000000000008000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x3, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800160bdf70020b970aead9000000000000000000000b00181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b01010000000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, 0x94)
dup3(r1, r2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvtap0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000840)=@newqdisc={0x124, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0xc, 0xffff}}, [@TCA_STAB={0x100, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xb2, 0x8001, 0x4, 0x1, 0x7, 0x40008, 0x6}}, {0x10, 0x2, [0xb63, 0x4, 0x2, 0x854c, 0xd, 0x6]}}, {{0x1c, 0x1, {0x40, 0xe, 0x7, 0x4, 0x2, 0x85d7, 0xffffffc0, 0x4}}, {0xc, 0x2, [0x4, 0xedb5, 0x5, 0x3]}}, {{0x1c, 0x1, {0xc1, 0x7, 0x5, 0xd, 0x1, 0x1000, 0x7f, 0x8}}, {0x14, 0x2, [0x2, 0x400, 0xfff, 0x19, 0x3, 0x6, 0xfff, 0x0]}}, {{0x1c, 0x1, {0xb, 0x2, 0x1ff, 0x7080, 0x1, 0x3, 0x5, 0x7}}, {0x12, 0x2, [0xfff, 0x2, 0x8000, 0x5, 0x2, 0x7, 0x3]}}, {{0x1c, 0x1, {0x4, 0x9, 0x5d3d, 0x0, 0x0, 0xffffffff, 0x3, 0x2}}, {0x8, 0x2, [0xb, 0x3]}}, {{0x1c, 0x1, {0x5, 0x3, 0x8, 0x2, 0x2, 0x40, 0x3, 0x1}}, {0x6, 0x2, [0x2]}}]}]}, 0x124}}, 0x44080)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
socket$inet(0x2, 0x6, 0x3)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000500)={0x0, 0xb, 0x5})
ioctl$KDSKBMODE(r5, 0x4b45, &(0x7f00000005c0)=0x1)
sync()
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000240), &(0x7f0000000280)=r7}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000400000100c280000700030004"], 0x48}}, 0x0)
sync()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0x8000000000000}, 0x18)

63.407725ms ago: executing program 1 (id=560):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)

0s ago: executing program 4 (id=561):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, 0x0, 0x800)
r4 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x54, 0x2, [@TCA_BASIC_ACT={0x50, 0x3, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0xffff, 0x3f, 0x2, 0x6}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x78, 0xfa}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

kernel console output (not intermixed with test programs):


[   42.822711][ T3682]  ? ext4_get_branch+0x321/0x3a0
[   42.822740][ T3682]  ext4_ind_map_blocks+0xb86/0x14f0
[   42.822896][ T3682]  ext4_map_blocks+0x598/0xd00
[   42.822957][ T3682]  ? __account_obj_stock+0x211/0x350
[   42.822986][ T3682]  _ext4_get_block+0x10a/0x350
[   42.823095][ T3682]  ext4_get_block+0x39/0x50
[   42.823120][ T3682]  ext4_block_write_begin+0x5e5/0xc00
[   42.823240][ T3682]  ? __pfx_ext4_get_block+0x10/0x10
[   42.823271][ T3682]  ? folio_mapping+0xb9/0x120
[   42.823456][ T3682]  ext4_write_begin+0x647/0xeb0
[   42.823494][ T3682]  generic_perform_write+0x184/0x490
[   42.823529][ T3682]  ext4_buffered_write_iter+0x1ee/0x3c0
[   42.823563][ T3682]  ext4_file_write_iter+0x383/0xf00
[   42.823654][ T3682]  ? kstrtouint_from_user+0x9f/0xf0
[   42.823684][ T3682]  ? avc_policy_seqno+0x15/0x30
[   42.823780][ T3682]  ? selinux_file_permission+0x1e4/0x320
[   42.823811][ T3682]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   42.823851][ T3682]  vfs_write+0x52a/0x960
[   42.823896][ T3682]  ksys_write+0xda/0x1a0
[   42.823937][ T3682]  __x64_sys_write+0x40/0x50
[   42.824000][ T3682]  x64_sys_call+0x27fe/0x2ff0
[   42.824028][ T3682]  do_syscall_64+0xd2/0x200
[   42.824058][ T3682]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   42.824124][ T3682]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   42.824150][ T3682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.824218][ T3682] RIP: 0033:0x7fca7347ebe9
[   42.824244][ T3682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.824333][ T3682] RSP: 002b:00007fca71edf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   42.824356][ T3682] RAX: ffffffffffffffda RBX: 00007fca736b5fa0 RCX: 00007fca7347ebe9
[   42.824370][ T3682] RDX: 000000000208e24b RSI: 0000200000000000 RDI: 0000000000000004
[   42.824384][ T3682] RBP: 00007fca71edf090 R08: 0000000000000000 R09: 0000000000000000
[   42.824406][ T3682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.824420][ T3682] R13: 00007fca736b6038 R14: 00007fca736b5fa0 R15: 00007ffd58aee5f8
[   42.824442][ T3682]  </TASK>
[   42.834028][ T3686] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.57: casefold flag without casefold feature
[   43.116614][ T3686] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.57: couldn't read orphan inode 15 (err -117)
[   43.132249][ T3686] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.137070][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.155994][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.223539][ T3700] loop3: detected capacity change from 0 to 128
[   43.260631][ T3705] loop1: detected capacity change from 0 to 1024
[   43.278152][ T3700] EXT4-fs error (device loop3): __ext4_fill_super:5504: inode #2: comm syz.3.59: iget: checksum invalid
[   43.298699][ T3705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.304917][ T3707] syzkaller0: entered promiscuous mode
[   43.316435][ T3707] syzkaller0: entered allmulticast mode
[   43.386890][ T3700] EXT4-fs (loop3): get root inode failed
[   43.392813][ T3700] EXT4-fs (loop3): mount failed
[   43.515338][ T3718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66'.
[   43.532507][ T3699] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.58: Allocating blocks 449-513 which overlap fs metadata
[   43.568245][ T3698] EXT4-fs (loop1): pa ffff8881071b5000: logic 48, phys. 177, len 21
[   43.581313][ T3698] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4
[   43.621968][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.700086][ T3728] loop2: detected capacity change from 0 to 512
[   43.708062][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.717251][ T3728] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.70: casefold flag without casefold feature
[   43.759839][ T3728] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.70: couldn't read orphan inode 15 (err -117)
[   43.785682][ T3728] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.871472][   T29] kauditd_printk_skb: 339 callbacks suppressed
[   43.871490][   T29] audit: type=1326 audit(1756587007.896:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   43.918718][   T29] audit: type=1326 audit(1756587007.926:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   43.941835][   T29] audit: type=1326 audit(1756587007.926:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   43.965026][   T29] audit: type=1326 audit(1756587007.926:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   43.988400][   T29] audit: type=1326 audit(1756587007.926:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   44.011790][   T29] audit: type=1326 audit(1756587007.926:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   44.034971][   T29] audit: type=1326 audit(1756587007.926:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   44.058480][   T29] audit: type=1326 audit(1756587007.926:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   44.082413][   T29] audit: type=1326 audit(1756587007.926:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   44.105636][   T29] audit: type=1326 audit(1756587007.926:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3726 comm="syz.2.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   44.137454][ T3735] loop1: detected capacity change from 0 to 512
[   44.148557][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.167063][ T3735] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   44.197811][ T3735] EXT4-fs (loop1): orphan cleanup on readonly fs
[   44.303255][ T3745] loop2: detected capacity change from 0 to 1024
[   44.332355][ T3735] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.69: Failed to acquire dquot type 1
[   44.377173][ T3745] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   44.388329][ T3745] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   44.389789][ T3735] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.69: bg 0: block 40: padding at end of block bitmap is not set
[   44.431526][ T3745] EXT4-fs (loop2): filesystem has both journal inode and journal device!
[   44.525957][ T3735] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   44.540442][ T3749] netlink: 12 bytes leftover after parsing attributes in process `syz.2.75'.
[   44.574285][ T3735] EXT4-fs (loop1): 1 truncate cleaned up
[   44.638271][ T3735] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   44.764056][ T3758] loop4: detected capacity change from 0 to 1024
[   44.824051][ T3758] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.090715][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.127663][ T3763] capability: warning: `syz.2.80' uses deprecated v2 capabilities in a way that may be insecure
[   45.142021][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.263309][ T3773] loop0: detected capacity change from 0 to 1024
[   45.296474][ T3773] EXT4-fs: Ignoring removed nobh option
[   45.311577][ T3773] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   45.339378][ T3773] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.84: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   45.380471][ T3773] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.84: couldn't read orphan inode 11 (err -117)
[   45.393991][ T3773] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.571967][ T3777] loop1: detected capacity change from 0 to 512
[   45.596056][ T3777] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   45.608897][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.623317][ T3777] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.639585][ T3777] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.690893][ T3777] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.85: corrupted xattr block 19: overlapping e_value 
[   45.724899][ T3777] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   45.751500][ T3777] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.85: corrupted xattr block 19: overlapping e_value 
[   45.809708][ T3777] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   45.830378][ T3777] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.85: corrupted xattr block 19: overlapping e_value 
[   45.905914][ T3788] can0: slcan on ttyS3.
[   45.971807][ T3788] can0 (unregistered): slcan off ttyS3.
[   46.021518][ T3796] can0: slcan on ttyS3.
[   46.079546][ T3796] can0 (unregistered): slcan off ttyS3.
[   46.152317][ T3812] netlink: 12 bytes leftover after parsing attributes in process `syz.0.90'.
[   46.166567][ T3812] FAULT_INJECTION: forcing a failure.
[   46.166567][ T3812] name failslab, interval 1, probability 0, space 0, times 0
[   46.179368][ T3812] CPU: 1 UID: 0 PID: 3812 Comm: syz.0.90 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   46.179462][ T3812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   46.179475][ T3812] Call Trace:
[   46.179484][ T3812]  <TASK>
[   46.179494][ T3812]  __dump_stack+0x1d/0x30
[   46.179521][ T3812]  dump_stack_lvl+0xe8/0x140
[   46.179545][ T3812]  dump_stack+0x15/0x1b
[   46.179566][ T3812]  should_fail_ex+0x265/0x280
[   46.179601][ T3812]  should_failslab+0x8c/0xb0
[   46.179632][ T3812]  kmem_cache_alloc_node_noprof+0x57/0x320
[   46.179685][ T3812]  ? __alloc_skb+0x101/0x320
[   46.179703][ T3812]  __alloc_skb+0x101/0x320
[   46.179779][ T3812]  netlink_ack+0xfd/0x500
[   46.179808][ T3812]  netlink_rcv_skb+0x192/0x220
[   46.179832][ T3812]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   46.179941][ T3812]  nfnetlink_rcv+0x16b/0x1690
[   46.180038][ T3812]  ? nlmon_xmit+0x4f/0x60
[   46.180069][ T3812]  ? consume_skb+0x49/0x150
[   46.180167][ T3812]  ? nlmon_xmit+0x4f/0x60
[   46.180232][ T3812]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   46.180260][ T3812]  ? __dev_queue_xmit+0x1200/0x2000
[   46.180301][ T3812]  ? __dev_queue_xmit+0x182/0x2000
[   46.180326][ T3812]  ? ref_tracker_free+0x37d/0x3e0
[   46.180350][ T3812]  ? __netlink_deliver_tap+0x4dc/0x500
[   46.180375][ T3812]  netlink_unicast+0x5bd/0x690
[   46.180400][ T3812]  netlink_sendmsg+0x58b/0x6b0
[   46.180500][ T3812]  ? __pfx_netlink_sendmsg+0x10/0x10
[   46.180524][ T3812]  __sock_sendmsg+0x145/0x180
[   46.180559][ T3812]  ____sys_sendmsg+0x31e/0x4e0
[   46.180591][ T3812]  ___sys_sendmsg+0x17b/0x1d0
[   46.180668][ T3812]  __x64_sys_sendmsg+0xd4/0x160
[   46.180702][ T3812]  x64_sys_call+0x191e/0x2ff0
[   46.180740][ T3812]  do_syscall_64+0xd2/0x200
[   46.180767][ T3812]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.180793][ T3812]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   46.180821][ T3812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.180894][ T3812] RIP: 0033:0x7f969a3aebe9
[   46.180912][ T3812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   46.180934][ T3812] RSP: 002b:00007f9698e17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   46.180956][ T3812] RAX: ffffffffffffffda RBX: 00007f969a5e5fa0 RCX: 00007f969a3aebe9
[   46.180971][ T3812] RDX: 0000000020000010 RSI: 0000200000000080 RDI: 0000000000000003
[   46.181030][ T3812] RBP: 00007f9698e17090 R08: 0000000000000000 R09: 0000000000000000
[   46.181045][ T3812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.181060][ T3812] R13: 00007f969a5e6038 R14: 00007f969a5e5fa0 R15: 00007ffcf44af738
[   46.181082][ T3812]  </TASK>
[   46.531905][ T3823] loop0: detected capacity change from 0 to 1024
[   46.559586][ T3825] netlink: 12 bytes leftover after parsing attributes in process `syz.2.93'.
[   46.575850][ T3823] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.665736][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.439500][ T3585] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   47.558623][ T3840] netlink: 'syz.3.96': attribute type 21 has an invalid length.
[   47.566558][ T3840] netlink: 132 bytes leftover after parsing attributes in process `syz.3.96'.
[   47.651626][ T3843] loop0: detected capacity change from 0 to 1024
[   47.679895][ T3843] bridge_slave_0: left allmulticast mode
[   47.685617][ T3843] bridge_slave_0: left promiscuous mode
[   47.691366][ T3843] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.702672][ T3843] bridge_slave_1: left allmulticast mode
[   47.708418][ T3843] bridge_slave_1: left promiscuous mode
[   47.714179][ T3843] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.724383][ T3843] bond0: (slave bond_slave_0): Releasing backup interface
[   47.742722][ T3843] bond0: (slave bond_slave_1): Releasing backup interface
[   47.754670][ T3843] team0: Port device team_slave_0 removed
[   47.763386][ T3843] team0: Port device team_slave_1 removed
[   47.770227][ T3843] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   47.777709][ T3843] batman_adv: batadv0: Removing interface: batadv_slave_0
[   47.786273][ T3843] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   47.793789][ T3843] batman_adv: batadv0: Removing interface: batadv_slave_1
[   47.871539][ T3858] loop2: detected capacity change from 0 to 1024
[   47.878284][ T3860] loop0: detected capacity change from 0 to 1024
[   47.892960][ T3858] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.906330][ T3860] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.932005][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.987534][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.077806][ T3872] FAULT_INJECTION: forcing a failure.
[   48.077806][ T3872] name failslab, interval 1, probability 0, space 0, times 0
[   48.090570][ T3872] CPU: 0 UID: 0 PID: 3872 Comm: syz.2.109 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   48.090595][ T3872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   48.090607][ T3872] Call Trace:
[   48.090612][ T3872]  <TASK>
[   48.090619][ T3872]  __dump_stack+0x1d/0x30
[   48.090644][ T3872]  dump_stack_lvl+0xe8/0x140
[   48.090666][ T3872]  dump_stack+0x15/0x1b
[   48.090681][ T3872]  should_fail_ex+0x265/0x280
[   48.090701][ T3872]  should_failslab+0x8c/0xb0
[   48.090730][ T3872]  kmem_cache_alloc_noprof+0x50/0x310
[   48.090759][ T3872]  ? mas_alloc_nodes+0x265/0x520
[   48.090794][ T3872]  mas_alloc_nodes+0x265/0x520
[   48.090829][ T3872]  mas_preallocate+0x33e/0x520
[   48.090859][ T3872]  __split_vma+0x240/0x650
[   48.090892][ T3872]  ? obj_cgroup_charge_account+0xba/0x1a0
[   48.090931][ T3872]  ? should_fail_ex+0x30/0x280
[   48.090954][ T3872]  ? __rcu_read_unlock+0x4f/0x70
[   48.090982][ T3872]  vms_gather_munmap_vmas+0x17a/0x7b0
[   48.091013][ T3872]  ? avc_has_perm+0xf7/0x180
[   48.091044][ T3872]  do_vmi_align_munmap+0x1a4/0x3d0
[   48.091076][ T3872]  do_vmi_munmap+0x1db/0x220
[   48.091104][ T3872]  do_munmap+0x8a/0xc0
[   48.091131][ T3872]  mremap_to+0x1a4/0x440
[   48.091161][ T3872]  ? check_prep_vma+0x5d6/0x660
[   48.091198][ T3872]  __se_sys_mremap+0x65a/0xb50
[   48.091239][ T3872]  ? fput+0x8f/0xc0
[   48.091273][ T3872]  ? ksys_write+0x192/0x1a0
[   48.091299][ T3872]  __x64_sys_mremap+0x67/0x80
[   48.091332][ T3872]  x64_sys_call+0x2a24/0x2ff0
[   48.091357][ T3872]  do_syscall_64+0xd2/0x200
[   48.091390][ T3872]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.091418][ T3872]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   48.091449][ T3872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.091473][ T3872] RIP: 0033:0x7f40320febe9
[   48.091491][ T3872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.091511][ T3872] RSP: 002b:00007f4030b5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[   48.091532][ T3872] RAX: ffffffffffffffda RBX: 00007f4032335fa0 RCX: 00007f40320febe9
[   48.091548][ T3872] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000200000003000
[   48.091561][ T3872] RBP: 00007f4030b5f090 R08: 0000200000009000 R09: 0000000000000000
[   48.091572][ T3872] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[   48.091583][ T3872] R13: 00007f4032336038 R14: 00007f4032335fa0 R15: 00007ffcb2a3ae48
[   48.091602][ T3872]  </TASK>
[   48.454413][ T3906] netlink: 'syz.3.111': attribute type 83 has an invalid length.
[   48.509424][ T3928] FAULT_INJECTION: forcing a failure.
[   48.509424][ T3928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   48.522600][ T3928] CPU: 0 UID: 0 PID: 3928 Comm: syz.4.113 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   48.522628][ T3928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   48.522700][ T3928] Call Trace:
[   48.522708][ T3928]  <TASK>
[   48.522717][ T3928]  __dump_stack+0x1d/0x30
[   48.522773][ T3928]  dump_stack_lvl+0xe8/0x140
[   48.522792][ T3928]  dump_stack+0x15/0x1b
[   48.522807][ T3928]  should_fail_ex+0x265/0x280
[   48.522835][ T3928]  should_fail+0xb/0x20
[   48.522858][ T3928]  should_fail_usercopy+0x1a/0x20
[   48.522885][ T3928]  _copy_from_user+0x1c/0xb0
[   48.522978][ T3928]  ___sys_sendmsg+0xc1/0x1d0
[   48.523024][ T3928]  __x64_sys_sendmsg+0xd4/0x160
[   48.523058][ T3928]  x64_sys_call+0x191e/0x2ff0
[   48.523123][ T3928]  do_syscall_64+0xd2/0x200
[   48.523156][ T3928]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.523251][ T3928]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   48.523285][ T3928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.523312][ T3928] RIP: 0033:0x7f918d4aebe9
[   48.523330][ T3928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.523425][ T3928] RSP: 002b:00007f918bf0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.523449][ T3928] RAX: ffffffffffffffda RBX: 00007f918d6e5fa0 RCX: 00007f918d4aebe9
[   48.523465][ T3928] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[   48.523542][ T3928] RBP: 00007f918bf0f090 R08: 0000000000000000 R09: 0000000000000000
[   48.523556][ T3928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.523576][ T3928] R13: 00007f918d6e6038 R14: 00007f918d6e5fa0 R15: 00007ffeff3ba468
[   48.523600][ T3928]  </TASK>
[   48.802366][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.860210][ T3957] loop1: detected capacity change from 0 to 1024
[   48.867267][ T3957] EXT4-fs: Ignoring removed nobh option
[   48.881324][ T3957] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   48.905312][ T3957] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #11: comm syz.1.116: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   48.958479][   T29] kauditd_printk_skb: 328 callbacks suppressed
[   48.958538][   T29] audit: type=1400 audit(1756587012.976:787): avc:  denied  { read write } for  pid=3963 comm="syz.4.118" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   48.988893][   T29] audit: type=1400 audit(1756587012.976:788): avc:  denied  { open } for  pid=3963 comm="syz.4.118" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   49.018421][ T3964] bridge0: entered promiscuous mode
[   49.020676][ T3957] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.116: couldn't read orphan inode 11 (err -117)
[   49.031551][ T3964] bridge0: port 3(macvtap1) entered blocking state
[   49.042082][ T3964] bridge0: port 3(macvtap1) entered disabled state
[   49.049425][ T3957] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.062274][ T3964] macvtap1: entered allmulticast mode
[   49.067679][ T3964] bridge0: entered allmulticast mode
[   49.074041][ T3964] macvtap1: left allmulticast mode
[   49.079189][ T3964] bridge0: left allmulticast mode
[   49.089792][ T3964] bridge0: left promiscuous mode
[   49.095646][   T29] audit: type=1326 audit(1756587013.116:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.119462][   T29] audit: type=1326 audit(1756587013.116:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.145829][   T29] audit: type=1326 audit(1756587013.166:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.169285][   T29] audit: type=1326 audit(1756587013.166:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.192583][   T29] audit: type=1326 audit(1756587013.166:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.215953][   T29] audit: type=1326 audit(1756587013.166:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.239480][   T29] audit: type=1326 audit(1756587013.166:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.262699][   T29] audit: type=1326 audit(1756587013.166:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3956 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   49.306478][ T3973] netlink: 28 bytes leftover after parsing attributes in process `syz.0.120'.
[   49.315462][ T3973] netlink: 28 bytes leftover after parsing attributes in process `syz.0.120'.
[   49.330207][ T3973] FAULT_INJECTION: forcing a failure.
[   49.330207][ T3973] name failslab, interval 1, probability 0, space 0, times 0
[   49.342925][ T3973] CPU: 1 UID: 0 PID: 3973 Comm: syz.0.120 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.342952][ T3973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.342964][ T3973] Call Trace:
[   49.343000][ T3973]  <TASK>
[   49.343010][ T3973]  __dump_stack+0x1d/0x30
[   49.343034][ T3973]  dump_stack_lvl+0xe8/0x140
[   49.343058][ T3973]  dump_stack+0x15/0x1b
[   49.343081][ T3973]  should_fail_ex+0x265/0x280
[   49.343108][ T3973]  should_failslab+0x8c/0xb0
[   49.343136][ T3973]  __kmalloc_noprof+0xa5/0x3e0
[   49.343169][ T3973]  ? tcf_idr_create+0x41/0x4a0
[   49.343200][ T3973]  tcf_idr_create+0x41/0x4a0
[   49.343240][ T3973]  tcf_ife_init+0x441/0x880
[   49.343362][ T3973]  tcf_action_init_1+0x367/0x4a0
[   49.343396][ T3973]  tcf_action_init+0x267/0x6d0
[   49.343423][ T3973]  ? __pfx_min_vruntime_cb_rotate+0x10/0x10
[   49.343482][ T3973]  tc_ctl_action+0x291/0x830
[   49.343614][ T3973]  ? __pfx_tc_ctl_action+0x10/0x10
[   49.343643][ T3973]  rtnetlink_rcv_msg+0x65a/0x6d0
[   49.343709][ T3973]  netlink_rcv_skb+0x123/0x220
[   49.343741][ T3973]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   49.343802][ T3973]  rtnetlink_rcv+0x1c/0x30
[   49.343830][ T3973]  netlink_unicast+0x5bd/0x690
[   49.343853][ T3973]  netlink_sendmsg+0x58b/0x6b0
[   49.343938][ T3973]  ? __pfx_netlink_sendmsg+0x10/0x10
[   49.343963][ T3973]  __sock_sendmsg+0x145/0x180
[   49.343997][ T3973]  ____sys_sendmsg+0x31e/0x4e0
[   49.344061][ T3973]  ___sys_sendmsg+0x17b/0x1d0
[   49.344171][ T3973]  __x64_sys_sendmsg+0xd4/0x160
[   49.344197][ T3973]  x64_sys_call+0x191e/0x2ff0
[   49.344217][ T3973]  do_syscall_64+0xd2/0x200
[   49.344278][ T3973]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.344305][ T3973]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.344334][ T3973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.344396][ T3973] RIP: 0033:0x7f969a3aebe9
[   49.344412][ T3973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.344431][ T3973] RSP: 002b:00007f9698e17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   49.344450][ T3973] RAX: ffffffffffffffda RBX: 00007f969a5e5fa0 RCX: 00007f969a3aebe9
[   49.344461][ T3973] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[   49.344515][ T3973] RBP: 00007f9698e17090 R08: 0000000000000000 R09: 0000000000000000
[   49.344527][ T3973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.344539][ T3973] R13: 00007f969a5e6038 R14: 00007f969a5e5fa0 R15: 00007ffcf44af738
[   49.344560][ T3973]  </TASK>
[   49.348105][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.358713][ T3976] FAULT_INJECTION: forcing a failure.
[   49.358713][ T3976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.619562][ T3976] CPU: 0 UID: 0 PID: 3976 Comm: syz.2.121 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.619638][ T3976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.619650][ T3976] Call Trace:
[   49.619657][ T3976]  <TASK>
[   49.619665][ T3976]  __dump_stack+0x1d/0x30
[   49.619702][ T3976]  dump_stack_lvl+0xe8/0x140
[   49.619727][ T3976]  dump_stack+0x15/0x1b
[   49.619743][ T3976]  should_fail_ex+0x265/0x280
[   49.619764][ T3976]  should_fail+0xb/0x20
[   49.619837][ T3976]  should_fail_usercopy+0x1a/0x20
[   49.619861][ T3976]  strncpy_from_user+0x25/0x230
[   49.619894][ T3976]  strncpy_from_bpfptr+0x43/0x50
[   49.619955][ T3976]  bpf_prog_load+0x884/0x1070
[   49.619993][ T3976]  ? security_bpf+0x2b/0x90
[   49.620027][ T3976]  __sys_bpf+0x462/0x7b0
[   49.620165][ T3976]  __x64_sys_bpf+0x41/0x50
[   49.620214][ T3976]  x64_sys_call+0x2aea/0x2ff0
[   49.620239][ T3976]  do_syscall_64+0xd2/0x200
[   49.620336][ T3976]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.620360][ T3976]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.620385][ T3976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.620405][ T3976] RIP: 0033:0x7f40320febe9
[   49.620420][ T3976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.620551][ T3976] RSP: 002b:00007f4030b5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   49.620583][ T3976] RAX: ffffffffffffffda RBX: 00007f4032335fa0 RCX: 00007f40320febe9
[   49.620595][ T3976] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[   49.620607][ T3976] RBP: 00007f4030b5f090 R08: 0000000000000000 R09: 0000000000000000
[   49.620619][ T3976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.620630][ T3976] R13: 00007f4032336038 R14: 00007f4032335fa0 R15: 00007ffcb2a3ae48
[   49.620664][ T3976]  </TASK>
[   49.831188][ T3977] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   49.858353][ T3987] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   49.871297][ T3985] syzkaller1: entered promiscuous mode
[   49.876842][ T3985] syzkaller1: entered allmulticast mode
[   49.902119][ T3977] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.042954][ T3977] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.093967][ T3977] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.169193][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.198429][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.207022][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.216705][   T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.302447][ T4024] FAULT_INJECTION: forcing a failure.
[   50.302447][ T4024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.315688][ T4024] CPU: 1 UID: 0 PID: 4024 Comm: syz.1.134 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   50.315794][ T4024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   50.315809][ T4024] Call Trace:
[   50.315817][ T4024]  <TASK>
[   50.315826][ T4024]  __dump_stack+0x1d/0x30
[   50.315853][ T4024]  dump_stack_lvl+0xe8/0x140
[   50.315884][ T4024]  dump_stack+0x15/0x1b
[   50.315967][ T4024]  should_fail_ex+0x265/0x280
[   50.315988][ T4024]  should_fail+0xb/0x20
[   50.316010][ T4024]  should_fail_usercopy+0x1a/0x20
[   50.316043][ T4024]  _copy_from_user+0x1c/0xb0
[   50.316079][ T4024]  ___sys_sendmsg+0xc1/0x1d0
[   50.316139][ T4024]  __x64_sys_sendmsg+0xd4/0x160
[   50.316173][ T4024]  x64_sys_call+0x191e/0x2ff0
[   50.316198][ T4024]  do_syscall_64+0xd2/0x200
[   50.316232][ T4024]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.316319][ T4024]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   50.316352][ T4024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.316437][ T4024] RIP: 0033:0x7f76c580ebe9
[   50.316453][ T4024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.316508][ T4024] RSP: 002b:00007f76c4277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.316531][ T4024] RAX: ffffffffffffffda RBX: 00007f76c5a45fa0 RCX: 00007f76c580ebe9
[   50.316548][ T4024] RDX: 0000000000000800 RSI: 0000200000000140 RDI: 0000000000000004
[   50.316623][ T4024] RBP: 00007f76c4277090 R08: 0000000000000000 R09: 0000000000000000
[   50.316636][ T4024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.316648][ T4024] R13: 00007f76c5a46038 R14: 00007f76c5a45fa0 R15: 00007ffd6b25c438
[   50.316666][ T4024]  </TASK>
[   50.535546][ T4032] netlink: 12 bytes leftover after parsing attributes in process `syz.1.138'.
[   50.565529][ T4032] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   50.572064][ T4032] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   50.578574][ T4032] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   50.585062][ T4032] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   50.591615][ T4032] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   50.597993][ T4032] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   50.604437][ T4032] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   50.610912][ T4032] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   50.617417][ T4032] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   50.623934][ T4032] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   50.809003][ T4052] loop2: detected capacity change from 0 to 512
[   50.856071][ T4056] loop1: detected capacity change from 0 to 4096
[   50.860797][ T4050] syzkaller0: entered promiscuous mode
[   50.867995][ T4050] syzkaller0: entered allmulticast mode
[   50.881018][ T4056] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   50.897570][ T4058] netlink: 96 bytes leftover after parsing attributes in process `syz.4.148'.
[   50.909731][ T4056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.943883][ T4052] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   50.962537][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.985584][ T4052] EXT4-fs (loop2): orphan cleanup on readonly fs
[   51.011562][ T4052] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.139: Failed to acquire dquot type 1
[   51.023697][ T4052] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.139: bg 0: block 40: padding at end of block bitmap is not set
[   51.039110][ T4066] netlink: 12 bytes leftover after parsing attributes in process `syz.0.151'.
[   51.054488][ T4052] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   51.114515][ T4052] EXT4-fs (loop2): 1 truncate cleaned up
[   51.142482][ T4052] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   51.145170][ T4068] netlink: 'syz.1.149': attribute type 7 has an invalid length.
[   51.158890][ T4064] loop4: detected capacity change from 0 to 4096
[   51.162784][ T4068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.149'.
[   51.205134][ T4071] ip6gre1: entered allmulticast mode
[   51.222792][ T4064] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   51.257967][ T4064] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.276487][ T4071] lo speed is unknown, defaulting to 1000
[   51.282919][ T4071] lo speed is unknown, defaulting to 1000
[   51.308142][ T4071] lo speed is unknown, defaulting to 1000
[   51.331223][ T4071] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   51.381217][ T4071] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   51.433334][ T4071] lo speed is unknown, defaulting to 1000
[   51.441458][ T4071] lo speed is unknown, defaulting to 1000
[   51.447787][ T4071] lo speed is unknown, defaulting to 1000
[   51.469682][ T4071] lo speed is unknown, defaulting to 1000
[   51.475794][ T4071] lo speed is unknown, defaulting to 1000
[   51.502756][ T4079] loop1: detected capacity change from 0 to 512
[   51.526993][ T4079] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   51.549254][ T4079] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.563446][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.608491][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.629346][ T4079] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.647918][ T4079] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.153: corrupted xattr block 19: overlapping e_value 
[   51.685849][ T4079] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   51.736216][ T4079] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.153: corrupted xattr block 19: overlapping e_value 
[   51.757195][ T4079] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   51.767950][ T4079] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.153: corrupted xattr block 19: overlapping e_value 
[   51.810458][ T4097] netlink: 'syz.0.161': attribute type 3 has an invalid length.
[   51.876260][ T4103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.162'.
[   52.014753][ T4111] loop0: detected capacity change from 0 to 1024
[   52.056960][ T4111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   52.130422][ T4111] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.264006][ T3923] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm kworker/u8:44: lblock 0 mapped to illegal pblock 0 (length 1)
[   52.282951][ T3923] EXT4-fs (loop0): Remounting filesystem read-only
[   52.326047][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   52.356972][ T4128] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4128 comm=syz.2.173
[   52.444014][ T4137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'.
[   52.523079][ T4142] loop2: detected capacity change from 0 to 512
[   52.569723][ T4142] EXT4-fs: Ignoring removed mblk_io_submit option
[   52.618616][ T4146] can0: slcan on ttyS3.
[   52.626819][ T4142] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   52.639054][ T4150] loop0: detected capacity change from 0 to 1024
[   52.666143][ T4142] EXT4-fs (loop2): orphan cleanup on readonly fs
[   52.679785][ T4146] can0 (unregistered): slcan off ttyS3.
[   52.718444][ T4150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.733037][ T4142] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   52.753953][ T4150] FAULT_INJECTION: forcing a failure.
[   52.753953][ T4150] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   52.767285][ T4150] CPU: 1 UID: 0 PID: 4150 Comm: syz.0.181 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   52.767320][ T4150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.767358][ T4150] Call Trace:
[   52.767367][ T4150]  <TASK>
[   52.767377][ T4150]  __dump_stack+0x1d/0x30
[   52.767453][ T4150]  dump_stack_lvl+0xe8/0x140
[   52.767478][ T4150]  dump_stack+0x15/0x1b
[   52.767498][ T4150]  should_fail_ex+0x265/0x280
[   52.767606][ T4150]  should_fail+0xb/0x20
[   52.767629][ T4150]  should_fail_usercopy+0x1a/0x20
[   52.767657][ T4150]  strncpy_from_user+0x25/0x230
[   52.767692][ T4150]  ? kmem_cache_alloc_noprof+0x186/0x310
[   52.767721][ T4150]  ? getname_flags+0x80/0x3b0
[   52.767802][ T4150]  getname_flags+0xae/0x3b0
[   52.767829][ T4150]  path_setxattrat+0x223/0x310
[   52.767934][ T4150]  __x64_sys_setxattr+0x6e/0x90
[   52.767965][ T4150]  x64_sys_call+0xad2/0x2ff0
[   52.767991][ T4150]  do_syscall_64+0xd2/0x200
[   52.768024][ T4150]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.768056][ T4150]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   52.768083][ T4150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.768131][ T4150] RIP: 0033:0x7f969a3aebe9
[   52.768168][ T4150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.768191][ T4150] RSP: 002b:00007f9698e17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   52.768214][ T4150] RAX: ffffffffffffffda RBX: 00007f969a5e5fa0 RCX: 00007f969a3aebe9
[   52.768229][ T4150] RDX: 0000200000000140 RSI: 0000200000000080 RDI: 0000200000000000
[   52.768244][ T4150] RBP: 00007f9698e17090 R08: 0000000000000001 R09: 0000000000000000
[   52.768258][ T4150] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000001
[   52.768273][ T4150] R13: 00007f969a5e6038 R14: 00007f969a5e5fa0 R15: 00007ffcf44af738
[   52.768297][ T4150]  </TASK>
[   52.962809][ T4142] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   52.989169][ T4142] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.178: bg 0: block 40: padding at end of block bitmap is not set
[   53.005732][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.021496][ T4142] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   53.031757][ T4142] EXT4-fs (loop2): 1 truncate cleaned up
[   53.085072][ T4142] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   53.125551][ T4142] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.178: iget: bad i_size value: 360287970189639690
[   53.224912][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.257378][ T4170] loop0: detected capacity change from 0 to 1024
[   53.295704][ T4170] EXT4-fs: Ignoring removed orlov option
[   53.319048][ T4174] netlink: 12 bytes leftover after parsing attributes in process `syz.2.189'.
[   53.339855][ T4170] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.400252][ T4181] FAULT_INJECTION: forcing a failure.
[   53.400252][ T4181] name failslab, interval 1, probability 0, space 0, times 0
[   53.413025][ T4181] CPU: 1 UID: 0 PID: 4181 Comm: syz.2.192 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   53.413112][ T4181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   53.413129][ T4181] Call Trace:
[   53.413136][ T4181]  <TASK>
[   53.413145][ T4181]  __dump_stack+0x1d/0x30
[   53.413171][ T4181]  dump_stack_lvl+0xe8/0x140
[   53.413196][ T4181]  dump_stack+0x15/0x1b
[   53.413215][ T4181]  should_fail_ex+0x265/0x280
[   53.413247][ T4181]  ? ceph_key_preparse+0x96/0x140
[   53.413271][ T4181]  should_failslab+0x8c/0xb0
[   53.413371][ T4181]  __kmalloc_cache_noprof+0x4c/0x320
[   53.413555][ T4181]  ceph_key_preparse+0x96/0x140
[   53.413586][ T4181]  __key_create_or_update+0x28b/0x750
[   53.413624][ T4181]  ? key_validate+0xad/0xd0
[   53.413742][ T4181]  key_create_or_update+0x42/0x60
[   53.413781][ T4181]  __se_sys_add_key+0x296/0x350
[   53.413811][ T4181]  __x64_sys_add_key+0x67/0x80
[   53.413836][ T4181]  x64_sys_call+0x28c4/0x2ff0
[   53.413921][ T4181]  do_syscall_64+0xd2/0x200
[   53.414032][ T4181]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.414157][ T4181]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   53.414189][ T4181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.414214][ T4181] RIP: 0033:0x7f40320febe9
[   53.414233][ T4181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.414255][ T4181] RSP: 002b:00007f4030b5f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   53.414314][ T4181] RAX: ffffffffffffffda RBX: 00007f4032335fa0 RCX: 00007f40320febe9
[   53.414330][ T4181] RDX: 0000200000000840 RSI: 0000000000000000 RDI: 00002000000001c0
[   53.414345][ T4181] RBP: 00007f4030b5f090 R08: ffffffffffffffff R09: 0000000000000000
[   53.414363][ T4181] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[   53.414378][ T4181] R13: 00007f4032336038 R14: 00007f4032335fa0 R15: 00007ffcb2a3ae48
[   53.414400][ T4181]  </TASK>
[   53.636394][ T4187] can0: slcan on ttyS3.
[   53.679657][ T4187] can0 (unregistered): slcan off ttyS3.
[   53.694027][ T3304] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[   53.718777][ T3304] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[   53.793386][ T4196] FAULT_INJECTION: forcing a failure.
[   53.793386][ T4196] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   53.806659][ T4196] CPU: 0 UID: 0 PID: 4196 Comm: syz.4.199 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   53.806824][ T4196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   53.806838][ T4196] Call Trace:
[   53.806845][ T4196]  <TASK>
[   53.806853][ T4196]  __dump_stack+0x1d/0x30
[   53.806874][ T4196]  dump_stack_lvl+0xe8/0x140
[   53.806933][ T4196]  dump_stack+0x15/0x1b
[   53.806954][ T4196]  should_fail_ex+0x265/0x280
[   53.806978][ T4196]  should_fail+0xb/0x20
[   53.806995][ T4196]  should_fail_usercopy+0x1a/0x20
[   53.807016][ T4196]  _copy_from_user+0x1c/0xb0
[   53.807081][ T4196]  copy_clone_args_from_user+0x14f/0x490
[   53.807123][ T4196]  ? kstrtouint+0x76/0xc0
[   53.807150][ T4196]  __se_sys_clone3+0x6f/0x200
[   53.807201][ T4196]  __x64_sys_clone3+0x31/0x40
[   53.807235][ T4196]  x64_sys_call+0x1fc9/0x2ff0
[   53.807263][ T4196]  do_syscall_64+0xd2/0x200
[   53.807291][ T4196]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.807372][ T4196]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   53.807398][ T4196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.807424][ T4196] RIP: 0033:0x7f918d4aebe9
[   53.807442][ T4196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.807483][ T4196] RSP: 002b:00007f918bf0ef08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[   53.807501][ T4196] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f918d4aebe9
[   53.807513][ T4196] RDX: 00007f918bf0ef20 RSI: 0000000000000058 RDI: 00007f918bf0ef20
[   53.807524][ T4196] RBP: 00007f918bf0f090 R08: 0000000000000000 R09: 0000000000000058
[   53.807535][ T4196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.807546][ T4196] R13: 00007f918d6e6038 R14: 00007f918d6e5fa0 R15: 00007ffeff3ba468
[   53.807568][ T4196]  </TASK>
[   54.032720][   T29] kauditd_printk_skb: 164 callbacks suppressed
[   54.032736][   T29] audit: type=1400 audit(1756587018.056:958): avc:  denied  { watch } for  pid=4202 comm="syz.2.201" path="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   54.062973][ T4201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.202'.
[   54.071285][   T29] audit: type=1400 audit(1756587018.086:959): avc:  denied  { bind } for  pid=4200 comm="syz.4.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   54.111511][   T29] audit: type=1400 audit(1756587018.116:960): avc:  denied  { ioctl } for  pid=4197 comm="syz.3.200" path="/dev/nvram" dev="devtmpfs" ino=98 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[   54.136408][   T29] audit: type=1400 audit(1756587018.136:961): avc:  denied  { append } for  pid=4202 comm="syz.2.201" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   54.194227][ T4209] loop4: detected capacity change from 0 to 1024
[   54.215216][ T4209] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.231886][   T29] audit: type=1400 audit(1756587018.256:962): avc:  denied  { mounton } for  pid=4215 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   54.281998][   T29] audit: type=1400 audit(1756587018.276:963): avc:  denied  { setattr } for  pid=4200 comm="syz.4.202" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   54.325696][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.442675][ T4232] can0: slcan on ttyS3.
[   54.449031][ T4215] lo speed is unknown, defaulting to 1000
[   54.456979][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.510757][ T4232] can0 (unregistered): slcan off ttyS3.
[   54.526624][   T29] audit: type=1326 audit(1756587018.546:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4234 comm="syz.1.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   54.549918][   T29] audit: type=1326 audit(1756587018.546:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4234 comm="syz.1.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   54.573217][   T29] audit: type=1326 audit(1756587018.546:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4234 comm="syz.1.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76c580ebe9 code=0x7ffc0000
[   54.703797][ T4247] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[   54.725019][ T4215] chnl_net:caif_netlink_parms(): no params data found
[   54.790582][ T4253] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   54.848310][ T4259] loop3: detected capacity change from 0 to 512
[   54.856268][ T4261] sctp: [Deprecated]: syz.1.214 (pid 4261) Use of int in max_burst socket option deprecated.
[   54.856268][ T4261] Use struct sctp_assoc_value instead
[   54.874650][ T4259] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   54.889812][ T4259] EXT4-fs (loop3): orphan cleanup on readonly fs
[   54.902210][ T4259] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.212: Block bitmap for bg 0 marked uninitialized
[   54.916690][ T4259] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   54.926962][ T4259] EXT4-fs (loop3): 1 orphan inode deleted
[   54.933517][ T4259] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   55.009980][ T4215] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.017192][ T4215] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.030068][ T4259] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.212: Block bitmap for bg 0 marked uninitialized
[   55.045929][ T4215] bridge_slave_0: entered allmulticast mode
[   55.076894][ T4215] bridge_slave_0: entered promiscuous mode
[   55.105218][ T4215] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.112335][ T4215] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.149411][ T4215] bridge_slave_1: entered allmulticast mode
[   55.155978][ T4215] bridge_slave_1: entered promiscuous mode
[   55.194432][ T4215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.215103][ T4215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.275315][ T4215] team0: Port device team_slave_0 added
[   55.285697][ T4215] team0: Port device team_slave_1 added
[   55.329014][ T4215] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.336092][ T4215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.362080][ T4215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.409526][ T4253] netlink: 'syz.2.213': attribute type 3 has an invalid length.
[   55.413065][ T4215] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.417238][ T4253] netlink: 132 bytes leftover after parsing attributes in process `syz.2.213'.
[   55.424282][ T4215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.424313][ T4215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.493260][ T4215] hsr_slave_0: entered promiscuous mode
[   55.501964][ T4215] hsr_slave_1: entered promiscuous mode
[   55.508288][ T4215] debugfs: 'hsr0' already exists in 'hsr'
[   55.514084][ T4215] Cannot create hsr debugfs directory
[   55.544233][ T3880] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.565816][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.636698][ T4294] unsupported nla_type 52263
[   55.662400][ T3880] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.696216][ T4296] loop2: detected capacity change from 0 to 1024
[   55.721844][ T4296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   55.721963][ T4298] can0: slcan on ttyS3.
[   55.750679][ T4296] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.768369][ T3880] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.834981][ T3880] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.845976][ T4297] can0 (unregistered): slcan off ttyS3.
[   55.864526][ T3885] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: comm kworker/u8:14: lblock 0 mapped to illegal pblock 0 (length 1)
[   55.917408][ T3885] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[   55.929803][ T3885] EXT4-fs (loop2): This should not happen!! Data will be lost
[   55.929803][ T3885] 
[   55.962163][ T4215] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   55.980293][ T4286] netlink: 'syz.1.217': attribute type 3 has an invalid length.
[   55.984384][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   55.988005][ T4286] netlink: 132 bytes leftover after parsing attributes in process `syz.1.217'.
[   56.261451][ T3880] bond0 (unregistering): Released all slaves
[   56.281342][ T4215] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   56.313088][ T4215] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   56.349079][ T4347] FAULT_INJECTION: forcing a failure.
[   56.349079][ T4347] name failslab, interval 1, probability 0, space 0, times 0
[   56.359751][ T4215] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   56.361969][ T4347] CPU: 0 UID: 0 PID: 4347 Comm: syz.2.228 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   56.362006][ T4347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   56.362023][ T4347] Call Trace:
[   56.362032][ T4347]  <TASK>
[   56.362041][ T4347]  __dump_stack+0x1d/0x30
[   56.362130][ T4347]  dump_stack_lvl+0xe8/0x140
[   56.362165][ T4347]  dump_stack+0x15/0x1b
[   56.362187][ T4347]  should_fail_ex+0x265/0x280
[   56.362256][ T4347]  should_failslab+0x8c/0xb0
[   56.362289][ T4347]  __kmalloc_noprof+0xa5/0x3e0
[   56.362326][ T4347]  ? io_cache_alloc_new+0x2a/0xb0
[   56.362375][ T4347]  io_cache_alloc_new+0x2a/0xb0
[   56.362412][ T4347]  io_sqe_buffer_register+0xf2/0x1430
[   56.362456][ T4347]  ? __memcg_slab_post_alloc_hook+0x44c/0x580
[   56.362542][ T4347]  ? __kvmalloc_node_noprof+0x398/0x4e0
[   56.362617][ T4347]  ? io_sqe_buffers_register+0xc2/0x530
[   56.362661][ T4347]  io_sqe_buffers_register+0x2ac/0x530
[   56.362703][ T4347]  __se_sys_io_uring_register+0xa9f/0xeb0
[   56.362770][ T4347]  ? fput+0x8f/0xc0
[   56.362855][ T4347]  ? ksys_write+0x192/0x1a0
[   56.362898][ T4347]  __x64_sys_io_uring_register+0x55/0x70
[   56.362936][ T4347]  x64_sys_call+0x18a3/0x2ff0
[   56.362964][ T4347]  do_syscall_64+0xd2/0x200
[   56.363061][ T4347]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   56.363095][ T4347]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   56.363131][ T4347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.363264][ T4347] RIP: 0033:0x7f40320febe9
[   56.363287][ T4347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.363310][ T4347] RSP: 002b:00007f4030b5f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   56.363336][ T4347] RAX: ffffffffffffffda RBX: 00007f4032335fa0 RCX: 00007f40320febe9
[   56.363363][ T4347] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000005
[   56.363451][ T4347] RBP: 00007f4030b5f090 R08: 0000000000000000 R09: 0000000000000000
[   56.363468][ T4347] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[   56.363485][ T4347] R13: 00007f4032336038 R14: 00007f4032335fa0 R15: 00007ffcb2a3ae48
[   56.363511][ T4347]  </TASK>
[   56.598994][ T3880] hsr_slave_0: left promiscuous mode
[   56.615948][ T3880] hsr_slave_1: left promiscuous mode
[   56.640380][ T3880] veth1_macvtap: left promiscuous mode
[   56.656092][ T3880] veth0_macvtap: left promiscuous mode
[   56.669994][ T3880] veth1_vlan: left promiscuous mode
[   56.675280][ T3880] veth0_vlan: left promiscuous mode
[   56.746451][ T4359] netlink: 'syz.1.230': attribute type 3 has an invalid length.
[   56.754205][ T4359] netlink: 132 bytes leftover after parsing attributes in process `syz.1.230'.
[   56.938600][ T3411] lo speed is unknown, defaulting to 1000
[   56.940557][ T4363] can0: slcan on ttyS3.
[   56.944476][ T3411] infiniband syz0: ib_query_port failed (-19)
[   57.009898][ T4362] can0 (unregistered): slcan off ttyS3.
[   57.036849][ T4215] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.052654][ T4215] 8021q: adding VLAN 0 to HW filter on device team0
[   57.073360][ T3923] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.080586][ T3923] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.111015][ T3923] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.118180][ T3923] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.154441][ T4375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.234'.
[   57.176606][ T4215] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.307767][ T4215] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.318982][ T4397] loop3: detected capacity change from 0 to 4096
[   57.356492][ T4397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.427165][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.522260][ T4372] netlink: 'syz.1.233': attribute type 3 has an invalid length.
[   57.529991][ T4372] netlink: 132 bytes leftover after parsing attributes in process `syz.1.233'.
[   57.672970][ T4432] loop2: detected capacity change from 0 to 256
[   57.723924][ T4215] veth0_vlan: entered promiscuous mode
[   57.746541][ T4437] loop1: detected capacity change from 0 to 128
[   57.762463][ T4215] veth1_vlan: entered promiscuous mode
[   57.766889][ T4438] loop2: detected capacity change from 0 to 2048
[   57.809935][ T4215] veth0_macvtap: entered promiscuous mode
[   57.825467][ T4438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.848883][ T4215] veth1_macvtap: entered promiscuous mode
[   57.893837][ T4215] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.928798][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.940466][ T4215] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.991377][ T3905] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.024659][ T3905] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.049402][ T3905] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.067729][ T3905] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.230030][ T4474] lo speed is unknown, defaulting to 1000
[   58.235951][ T4474] lo speed is unknown, defaulting to 1000
[   58.241993][ T4474] lo speed is unknown, defaulting to 1000
[   58.252276][ T4474] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   58.266736][ T4474] lo speed is unknown, defaulting to 1000
[   58.276810][ T4480] can0: slcan on ttyS3.
[   58.304179][ T4474] lo speed is unknown, defaulting to 1000
[   58.310554][ T4485] SELinux: failed to load policy
[   58.316313][ T4474] lo speed is unknown, defaulting to 1000
[   58.323659][ T4474] lo speed is unknown, defaulting to 1000
[   58.329585][ T4480] can0 (unregistered): slcan off ttyS3.
[   58.329926][ T4474] lo speed is unknown, defaulting to 1000
[   58.448571][ T4496] netlink: 8 bytes leftover after parsing attributes in process `syz.5.251'.
[   58.474366][ T4502] loop3: detected capacity change from 0 to 512
[   58.474500][ T4498] loop1: detected capacity change from 0 to 2048
[   58.492619][ T4502] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   58.512125][ T4502] EXT4-fs (loop3): orphan cleanup on readonly fs
[   58.608655][ T4498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   58.626447][ T4502] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.250: Failed to acquire dquot type 1
[   58.671523][ T4502] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.250: bg 0: block 40: padding at end of block bitmap is not set
[   58.688222][ T4514] loop5: detected capacity change from 0 to 1024
[   58.718546][ T4514] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   58.755632][ T4502] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   58.796105][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.810791][ T4502] EXT4-fs (loop3): 1 truncate cleaned up
[   58.862193][ T4502] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   58.921301][ T4215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.083252][   T29] kauditd_printk_skb: 405 callbacks suppressed
[   59.083284][   T29] audit: type=1326 audit(1756587023.106:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.124299][ T4527] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4527 comm=syz.5.259
[   59.186222][   T29] audit: type=1326 audit(1756587023.136:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.209732][   T29] audit: type=1326 audit(1756587023.136:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.233577][   T29] audit: type=1326 audit(1756587023.136:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.256954][   T29] audit: type=1326 audit(1756587023.136:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.270672][ T4520] netlink: 'syz.1.256': attribute type 3 has an invalid length.
[   59.280413][   T29] audit: type=1326 audit(1756587023.146:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.288046][ T4520] netlink: 132 bytes leftover after parsing attributes in process `syz.1.256'.
[   59.311367][   T29] audit: type=1326 audit(1756587023.146:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.326933][ T4533] loop5: detected capacity change from 0 to 512
[   59.343731][   T29] audit: type=1326 audit(1756587023.146:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.373488][   T29] audit: type=1326 audit(1756587023.146:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.396947][   T29] audit: type=1326 audit(1756587023.146:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.2.258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f40320febe9 code=0x7ffc0000
[   59.435758][ T4533] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   59.489623][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.490129][ T4534] loop2: detected capacity change from 0 to 512
[   59.534982][ T4537] can0: slcan on ttyS3.
[   59.536161][ T4533] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.597630][ T4533] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.599527][ T4537] can0 (unregistered): slcan off ttyS3.
[   59.614401][ T4534] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   59.648716][ T4541] loop3: detected capacity change from 0 to 1024
[   59.655974][ T4534] EXT4-fs (loop2): orphan cleanup on readonly fs
[   59.675159][ T4534] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.258: Failed to acquire dquot type 1
[   59.711803][ T4533] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.260: corrupted xattr block 19: overlapping e_value 
[   59.738818][ T4541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   59.748936][ T4534] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.258: bg 0: block 40: padding at end of block bitmap is not set
[   59.766651][ T4533] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[   59.776280][ T4533] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.260: corrupted xattr block 19: overlapping e_value 
[   59.783086][ T4541] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.793372][ T4534] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   59.809375][ T4533] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[   59.818766][ T4534] EXT4-fs (loop2): 1 truncate cleaned up
[   59.824999][ T4533] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.260: corrupted xattr block 19: overlapping e_value 
[   59.845702][ T4534] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   59.866939][ T3923] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm kworker/u8:44: lblock 0 mapped to illegal pblock 0 (length 1)
[   59.881571][ T3923] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[   59.893935][ T3923] EXT4-fs (loop3): This should not happen!! Data will be lost
[   59.893935][ T3923] 
[   59.996474][ T4558] loop3: detected capacity change from 0 to 2048
[   60.051599][ T4568] netlink: 12 bytes leftover after parsing attributes in process `syz.1.271'.
[   60.077895][ T4570] loop3: detected capacity change from 0 to 1024
[   60.135650][ T4576] loop1: detected capacity change from 0 to 1024
[   60.159921][ T4577] loop4: detected capacity change from 0 to 1024
[   60.166778][ T4577] EXT4-fs: Ignoring removed nobh option
[   60.179481][ T4577] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   60.200080][ T4577] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.272: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   60.219727][ T4577] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.272: couldn't read orphan inode 11 (err -117)
[   60.454314][ T4599] loop3: detected capacity change from 0 to 2048
[   60.511153][ T4603] loop1: detected capacity change from 0 to 128
[   60.639792][ T4603] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   60.680562][ T4603] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   60.694269][ T4610] lo speed is unknown, defaulting to 1000
[   60.752247][ T4615] loop3: detected capacity change from 0 to 512
[   60.763983][ T3905] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   60.787726][ T4615] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   60.833522][ T4615] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.285: Failed to acquire dquot type 1
[   60.935286][ T4615] EXT4-fs (loop3): 1 truncate cleaned up
[   60.979696][ T4625] loop1: detected capacity change from 0 to 1024
[   61.067710][ T4615] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.285: Failed to acquire dquot type 1
[   61.096190][ T4636] EXT4-fs error (device loop3): ext4_lookup:1791: inode #2: comm syz.3.285: deleted inode referenced: 12
[   61.224545][ T4643] loop1: detected capacity change from 0 to 2048
[   61.368110][ T4650] loop1: detected capacity change from 0 to 8192
[   61.430713][ T3291]  loop1: p1 p2 p3 p4
[   61.436554][ T3291] loop1: p2 start 151000334 is beyond EOD, truncated
[   61.443344][ T3291] loop1: p3 start 331777 is beyond EOD, truncated
[   61.449871][ T3291] loop1: p4 size 263168 extends beyond EOD, truncated
[   61.466921][ T4650]  loop1: p1 p2 p3 p4
[   61.473308][ T4650] loop1: p2 start 151000334 is beyond EOD, truncated
[   61.480250][ T4650] loop1: p3 start 331777 is beyond EOD, truncated
[   61.486774][ T4650] loop1: p4 size 263168 extends beyond EOD, truncated
[   62.047008][ T4663] FAULT_INJECTION: forcing a failure.
[   62.047008][ T4663] name failslab, interval 1, probability 0, space 0, times 0
[   62.059659][ T4663] CPU: 1 UID: 0 PID: 4663 Comm: gtp Not tainted syzkaller #0 PREEMPT(voluntary) 
[   62.059745][ T4663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   62.059823][ T4663] Call Trace:
[   62.059831][ T4663]  <TASK>
[   62.059841][ T4663]  __dump_stack+0x1d/0x30
[   62.059922][ T4663]  dump_stack_lvl+0xe8/0x140
[   62.059941][ T4663]  dump_stack+0x15/0x1b
[   62.059968][ T4663]  should_fail_ex+0x265/0x280
[   62.059994][ T4663]  should_failslab+0x8c/0xb0
[   62.060054][ T4663]  kmem_cache_alloc_noprof+0x50/0x310
[   62.060081][ T4663]  ? __send_signal_locked+0x154/0x760
[   62.060115][ T4663]  __send_signal_locked+0x154/0x760
[   62.060145][ T4663]  send_signal_locked+0x34e/0x3c0
[   62.060192][ T4663]  do_send_sig_info+0x9f/0xf0
[   62.060236][ T4663]  __se_sys_tkill+0x136/0x190
[   62.060314][ T4663]  __x64_sys_tkill+0x31/0x40
[   62.060343][ T4663]  x64_sys_call+0x2e4f/0x2ff0
[   62.060370][ T4663]  do_syscall_64+0xd2/0x200
[   62.060423][ T4663]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   62.060451][ T4663]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   62.060552][ T4663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.060629][ T4663] RIP: 0033:0x7f76c580ebe9
[   62.060717][ T4663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.060739][ T4663] RSP: 002b:00007f76c4277038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8
[   62.060762][ T4663] RAX: ffffffffffffffda RBX: 00007f76c5a45fa0 RCX: 00007f76c580ebe9
[   62.060858][ T4663] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000096
[   62.060873][ T4663] RBP: 00007f76c4277090 R08: 0000000000000000 R09: 0000000000000000
[   62.060885][ T4663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.060923][ T4663] R13: 00007f76c5a46038 R14: 00007f76c5a45fa0 R15: 00007ffd6b25c438
[   62.060946][ T4663]  </TASK>
[   62.249138][ T3863] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   62.354832][ T4671] loop3: detected capacity change from 0 to 512
[   62.355953][ T4669] loop5: detected capacity change from 0 to 1024
[   62.380783][ T4671] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   62.394050][ T4671] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   62.460869][ T4671] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   62.481502][ T4677] loop1: detected capacity change from 0 to 2048
[   62.523945][ T4671] EXT4-fs (loop3): 1 truncate cleaned up
[   62.820988][ T4696] loop2: detected capacity change from 0 to 1024
[   62.827748][ T4696] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.842321][ T4696] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.851460][ T4696] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   62.860296][ T4696] EXT4-fs (loop2): invalid inodes per group: 0
[   62.860296][ T4696] 
[   62.920566][ T4671] SELinux:  policydb string S does not match my string SE Linux
[   62.949011][ T4671] SELinux: failed to load policy
[   62.989796][ T4706] netlink: 12 bytes leftover after parsing attributes in process `syz.5.315'.
[   63.073507][ T4712] loop5: detected capacity change from 0 to 2048
[   63.435148][ T4726] loop5: detected capacity change from 0 to 512
[   63.447087][ T4726] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   63.459184][ T4729] loop3: detected capacity change from 0 to 512
[   63.468860][ T4729] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   63.487921][ T4726] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.501071][ T4726] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.321: corrupted xattr block 19: overlapping e_value 
[   63.502139][ T4729] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.526960][ T4726] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[   63.537669][ T4729] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.322: corrupted xattr block 19: overlapping e_value 
[   63.549287][ T4726] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.321: corrupted xattr block 19: overlapping e_value 
[   63.565735][ T4726] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[   63.575214][ T4729] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   63.575346][ T4726] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.321: corrupted xattr block 19: overlapping e_value 
[   63.591592][ T4729] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.322: corrupted xattr block 19: overlapping e_value 
[   63.614465][ T4729] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   63.625939][ T4729] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.322: corrupted xattr block 19: overlapping e_value 
[   63.801240][ T4745] FAULT_INJECTION: forcing a failure.
[   63.801240][ T4745] name failslab, interval 1, probability 0, space 0, times 0
[   63.814646][ T4745] CPU: 1 UID: 0 PID: 4745 Comm: syz.1.327 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.814710][ T4745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   63.814721][ T4745] Call Trace:
[   63.814726][ T4745]  <TASK>
[   63.814733][ T4745]  __dump_stack+0x1d/0x30
[   63.814806][ T4745]  dump_stack_lvl+0xe8/0x140
[   63.814858][ T4745]  dump_stack+0x15/0x1b
[   63.814876][ T4745]  should_fail_ex+0x265/0x280
[   63.814894][ T4745]  should_failslab+0x8c/0xb0
[   63.814934][ T4745]  kmem_cache_alloc_noprof+0x50/0x310
[   63.814958][ T4745]  ? audit_log_start+0x365/0x6c0
[   63.815032][ T4745]  audit_log_start+0x365/0x6c0
[   63.815060][ T4745]  audit_seccomp+0x48/0x100
[   63.815143][ T4745]  ? __seccomp_filter+0x68c/0x10d0
[   63.815161][ T4745]  __seccomp_filter+0x69d/0x10d0
[   63.815225][ T4745]  ? __list_add_valid_or_report+0x38/0xe0
[   63.815250][ T4745]  ? _raw_spin_unlock+0x26/0x50
[   63.815343][ T4745]  __secure_computing+0x82/0x150
[   63.815388][ T4745]  syscall_trace_enter+0xcf/0x1e0
[   63.815409][ T4745]  do_syscall_64+0xac/0x200
[   63.815434][ T4745]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   63.815458][ T4745]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   63.815592][ T4745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.815618][ T4745] RIP: 0033:0x7f76c580d5fc
[   63.815635][ T4745] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   63.815736][ T4745] RSP: 002b:00007f76c4277030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   63.815754][ T4745] RAX: ffffffffffffffda RBX: 00007f76c5a45fa0 RCX: 00007f76c580d5fc
[   63.815765][ T4745] RDX: 000000000000000f RSI: 00007f76c42770a0 RDI: 0000000000000006
[   63.815775][ T4745] RBP: 00007f76c4277090 R08: 0000000000000000 R09: 0000000000000000
[   63.815786][ T4745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.815796][ T4745] R13: 00007f76c5a46038 R14: 00007f76c5a45fa0 R15: 00007ffd6b25c438
[   63.815813][ T4745]  </TASK>
[   64.124642][   T29] kauditd_printk_skb: 403 callbacks suppressed
[   64.124661][   T29] audit: type=1326 audit(1756587028.146:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.159268][   T29] audit: type=1326 audit(1756587028.146:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.182798][   T29] audit: type=1326 audit(1756587028.146:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.206186][   T29] audit: type=1326 audit(1756587028.176:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.229552][   T29] audit: type=1326 audit(1756587028.176:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.262016][ T4758] loop2: detected capacity change from 0 to 1024
[   64.271307][   T29] audit: type=1326 audit(1756587028.206:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.294688][   T29] audit: type=1326 audit(1756587028.206:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.318205][   T29] audit: type=1326 audit(1756587028.206:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f918d4ad550 code=0x7ffc0000
[   64.322462][ T4758] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.341686][   T29] audit: type=1326 audit(1756587028.206:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f918d4b0417 code=0x7ffc0000
[   64.341722][   T29] audit: type=1326 audit(1756587028.206:1783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4749 comm="syz.4.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   64.413974][ T3910] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: comm kworker/u8:32: lblock 0 mapped to illegal pblock 0 (length 1)
[   64.458943][ T3910] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[   64.471632][ T3910] EXT4-fs (loop2): This should not happen!! Data will be lost
[   64.471632][ T3910] 
[   64.531128][ T4769] loop2: detected capacity change from 0 to 1024
[   64.575588][ T4769] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ’: bg 0: block 494: padding at end of block bitmap is not set
[   64.599685][ T4769] EXT4-fs (loop2): Remounting filesystem read-only
[   64.606340][ T4769] EXT4-fs (loop2): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   64.735156][ T4775] loop1: detected capacity change from 0 to 2048
[   64.753181][ T4775] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.769953][ T4769] ’ (4769) used greatest stack depth: 9688 bytes left
[   64.855011][ T4782] netlink: 8 bytes leftover after parsing attributes in process `syz.1.339'.
[   64.868502][ T4782] netlink: 16 bytes leftover after parsing attributes in process `syz.1.339'.
[   64.917140][ T4782] lo speed is unknown, defaulting to 1000
[   65.204463][ T4797] loop1: detected capacity change from 0 to 1024
[   65.231250][ T4797] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.269196][ T3910] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: comm kworker/u8:32: lblock 0 mapped to illegal pblock 0 (length 1)
[   65.284589][ T3910] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[   65.296927][ T3910] EXT4-fs (loop1): This should not happen!! Data will be lost
[   65.296927][ T3910] 
[   65.768352][ T4816] lo speed is unknown, defaulting to 1000
[   65.851682][ T4678] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   65.876331][ T4818] netlink: 'wg1': attribute type 4 has an invalid length.
[   65.883681][ T4818] netlink: 17 bytes leftover after parsing attributes in process `wg1'.
[   66.349690][ T4827] blktrace: Concurrent blktraces are not allowed on loop11
[   66.862429][ T4848] loop2: detected capacity change from 0 to 1024
[   67.182314][ T4859] loop3: detected capacity change from 0 to 512
[   67.216391][ T4859] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   67.346530][ T4854] netlink: 'syz.5.363': attribute type 3 has an invalid length.
[   67.354401][ T4854] netlink: 132 bytes leftover after parsing attributes in process `syz.5.363'.
[   67.383111][ T4859] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.396278][ T4865] loop1: detected capacity change from 0 to 512
[   67.405066][ T4848] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ’: bg 0: block 494: padding at end of block bitmap is not set
[   67.422460][ T4859] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.365: corrupted xattr block 19: overlapping e_value 
[   67.434353][ T4848] EXT4-fs (loop2): Remounting filesystem read-only
[   67.450685][ T4859] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   67.461493][ T4865] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.366: casefold flag without casefold feature
[   67.465849][ T4848] EXT4-fs (loop2): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   67.483508][ T4859] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.365: corrupted xattr block 19: overlapping e_value 
[   67.520673][ T4865] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.366: couldn't read orphan inode 15 (err -117)
[   67.532688][ T4859] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   67.555078][ T4859] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.365: corrupted xattr block 19: overlapping e_value 
[   67.636736][ T4873] netlink: 12 bytes leftover after parsing attributes in process `syz.5.368'.
[   67.737027][ T4879] can0: slcan on ttyS3.
[   67.809370][ T4879] can0 (unregistered): slcan off ttyS3.
[   67.833325][ T4889] FAULT_INJECTION: forcing a failure.
[   67.833325][ T4889] name failslab, interval 1, probability 0, space 0, times 0
[   67.846051][ T4889] CPU: 1 UID: 0 PID: 4889 Comm: syz.2.374 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   67.846081][ T4889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   67.846096][ T4889] Call Trace:
[   67.846104][ T4889]  <TASK>
[   67.846115][ T4889]  __dump_stack+0x1d/0x30
[   67.846141][ T4889]  dump_stack_lvl+0xe8/0x140
[   67.846202][ T4889]  dump_stack+0x15/0x1b
[   67.846222][ T4889]  should_fail_ex+0x265/0x280
[   67.846244][ T4889]  should_failslab+0x8c/0xb0
[   67.846268][ T4889]  __kvmalloc_node_noprof+0x123/0x4e0
[   67.846317][ T4889]  ? page_pool_create_percpu+0x239/0x650
[   67.846446][ T4889]  page_pool_create_percpu+0x239/0x650
[   67.846481][ T4889]  ? __kvmalloc_node_noprof+0x260/0x4e0
[   67.846511][ T4889]  page_pool_create+0x1a/0x30
[   67.846608][ T4889]  bpf_test_run_xdp_live+0x12e/0xfe0
[   67.846684][ T4889]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[   67.846717][ T4889]  ? cpus_read_unlock+0x6e/0xc0
[   67.846737][ T4889]  ? __static_call_update+0x37c/0x3b0
[   67.846768][ T4889]  ? 0xffffffffa0205240
[   67.846786][ T4889]  ? synchronize_rcu+0x45/0x320
[   67.846830][ T4889]  ? 0xffffffffa0205240
[   67.846846][ T4889]  ? 0xffffffffa0205240
[   67.846939][ T4889]  ? bpf_dispatcher_change_prog+0x6ec/0x7f0
[   67.846978][ T4889]  ? 0xffffffffa0202dd4
[   67.846999][ T4889]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[   67.847041][ T4889]  bpf_prog_test_run_xdp+0x4f5/0x910
[   67.847070][ T4889]  ? __rcu_read_unlock+0x4f/0x70
[   67.847108][ T4889]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   67.847132][ T4889]  bpf_prog_test_run+0x22a/0x390
[   67.847172][ T4889]  __sys_bpf+0x4b9/0x7b0
[   67.847261][ T4889]  __x64_sys_bpf+0x41/0x50
[   67.847299][ T4889]  x64_sys_call+0x2aea/0x2ff0
[   67.847321][ T4889]  do_syscall_64+0xd2/0x200
[   67.847348][ T4889]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   67.847432][ T4889]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   67.847540][ T4889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.847561][ T4889] RIP: 0033:0x7f40320febe9
[   67.847574][ T4889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.847660][ T4889] RSP: 002b:00007f4030b5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   67.847681][ T4889] RAX: ffffffffffffffda RBX: 00007f4032335fa0 RCX: 00007f40320febe9
[   67.847693][ T4889] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[   67.847704][ T4889] RBP: 00007f4030b5f090 R08: 0000000000000000 R09: 0000000000000000
[   67.847740][ T4889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.847754][ T4889] R13: 00007f4032336038 R14: 00007f4032335fa0 R15: 00007ffcb2a3ae48
[   67.847777][ T4889]  </TASK>
[   67.847783][ T4889] page_pool_create_percpu() gave up with errno -12
[   68.530633][ T4919] loop1: detected capacity change from 0 to 8192
[   68.547688][ T4904] netlink: 'syz.2.379': attribute type 3 has an invalid length.
[   68.555530][ T4904] netlink: 132 bytes leftover after parsing attributes in process `syz.2.379'.
[   68.587314][ T4941] can0: slcan on ttyS3.
[   68.619686][ T4941] can0 (unregistered): slcan off ttyS3.
[   68.696252][ T4947] SELinux:  policydb magic number 0x4c5047 does not match expected magic number 0xf97cff8c
[   68.729362][ T4947] SELinux: failed to load policy
[   68.758715][ T4947] loop2: detected capacity change from 0 to 256
[   68.767544][ T4947] vfat: Unknown parameter '/dev/vcsa'
[   68.832243][ T4953] loop2: detected capacity change from 0 to 512
[   68.852585][ T4953] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002]
[   68.868769][ T4953] System zones: 1-12
[   68.875236][ T4953] EXT4-fs error (device loop2): dx_probe:791: inode #2: comm syz.2.389: Directory hole found for htree index block 0
[   68.899022][ T4953] EXT4-fs (loop2): Remounting filesystem read-only
[   68.917717][ T4953] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117
[   68.931927][ T4953] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[   69.243298][   T29] kauditd_printk_skb: 306 callbacks suppressed
[   69.243314][   T29] audit: type=1326 audit(1756587033.256:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.272938][   T29] audit: type=1326 audit(1756587033.256:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.325128][ T4972] netlink: 'syz.4.397': attribute type 3 has an invalid length.
[   69.333010][ T4972] netlink: 132 bytes leftover after parsing attributes in process `syz.4.397'.
[   69.342592][   T29] audit: type=1326 audit(1756587033.346:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.365911][   T29] audit: type=1326 audit(1756587033.346:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.389506][   T29] audit: type=1326 audit(1756587033.346:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.412889][   T29] audit: type=1326 audit(1756587033.346:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.436210][   T29] audit: type=1326 audit(1756587033.346:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.459616][   T29] audit: type=1326 audit(1756587033.346:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.483342][   T29] audit: type=1326 audit(1756587033.346:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.506878][   T29] audit: type=1326 audit(1756587033.346:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4971 comm="syz.4.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   69.583892][ T4997] FAULT_INJECTION: forcing a failure.
[   69.583892][ T4997] name failslab, interval 1, probability 0, space 0, times 0
[   69.596605][ T4997] CPU: 0 UID: 0 PID: 4997 Comm: syz.2.403 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   69.596721][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   69.596733][ T4997] Call Trace:
[   69.596739][ T4997]  <TASK>
[   69.596747][ T4997]  __dump_stack+0x1d/0x30
[   69.596792][ T4997]  dump_stack_lvl+0xe8/0x140
[   69.596934][ T4997]  dump_stack+0x15/0x1b
[   69.596950][ T4997]  should_fail_ex+0x265/0x280
[   69.596972][ T4997]  should_failslab+0x8c/0xb0
[   69.596995][ T4997]  __kvmalloc_node_noprof+0x123/0x4e0
[   69.597137][ T4997]  ? alloc_fdtable+0x10b/0x1d0
[   69.597161][ T4997]  alloc_fdtable+0x10b/0x1d0
[   69.597188][ T4997]  dup_fd+0x4c7/0x540
[   69.597211][ T4997]  ? copy_semundo+0x123/0x170
[   69.597245][ T4997]  copy_files+0x98/0xf0
[   69.597302][ T4997]  copy_process+0xc5b/0x2000
[   69.597342][ T4997]  kernel_clone+0x16c/0x5c0
[   69.597451][ T4997]  __x64_sys_clone+0xe6/0x120
[   69.597486][ T4997]  x64_sys_call+0x119c/0x2ff0
[   69.597507][ T4997]  do_syscall_64+0xd2/0x200
[   69.597606][ T4997]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   69.597634][ T4997]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   69.597665][ T4997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.597724][ T4997] RIP: 0033:0x7f40320febe9
[   69.597778][ T4997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.597800][ T4997] RSP: 002b:00007f4030b1cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   69.597822][ T4997] RAX: ffffffffffffffda RBX: 00007f4032336180 RCX: 00007f40320febe9
[   69.597976][ T4997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[   69.597991][ T4997] RBP: 00007f4030b1d090 R08: 0000000000000000 R09: 0000000000000000
[   69.598006][ T4997] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   69.598020][ T4997] R13: 00007f4032336218 R14: 00007f4032336180 R15: 00007ffcb2a3ae48
[   69.598091][ T4997]  </TASK>
[   70.033358][ T5000] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.123604][ T5000] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.165968][ T3306] EXT4-fs unmount: 46 callbacks suppressed
[   70.166013][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.240883][ T5000] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.436906][ T5036] loop3: detected capacity change from 0 to 512
[   70.437105][ T5038] loop2: detected capacity change from 0 to 1024
[   70.451808][ T5036] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[   70.468402][ T5036] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e02c, mo2=0002]
[   70.550680][ T5042] lo speed is unknown, defaulting to 1000
[   70.679287][ T5000] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.691429][ T5036] System zones: 1-12
[   70.695660][ T5036] EXT4-fs (loop3): orphan cleanup on readonly fs
[   70.709542][ T5036] EXT4-fs error (device loop3): ext4_read_inode_bitmap:167: comm syz.3.416: Inode bitmap for bg 0 marked uninitialized
[   70.712402][ T5038] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.736736][ T5036] EXT4-fs (loop3): Remounting filesystem read-only
[   70.754920][ T5038] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ’: bg 0: block 494: padding at end of block bitmap is not set
[   70.761451][ T5036] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   70.781119][ T5038] EXT4-fs (loop2): Remounting filesystem read-only
[   70.788046][ T5038] EXT4-fs (loop2): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   70.802740][ T3910] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.831941][ T3910] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.956181][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.976128][ T5058] netlink: 12 bytes leftover after parsing attributes in process `syz.1.417'.
[   70.985452][ T3910] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.022688][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.242430][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.327387][ T5094] loop3: detected capacity change from 0 to 512
[   71.353038][ T5098] netlink: 'syz.1.420': attribute type 10 has an invalid length.
[   71.394725][ T5094] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.424: casefold flag without casefold feature
[   71.402730][ T5098] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.412088][ T5102] loop2: detected capacity change from 0 to 512
[   71.434626][ T5094] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.424: couldn't read orphan inode 15 (err -117)
[   71.441588][ T5098] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   71.461300][ T5094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.503318][ T5102] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.548626][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.553052][ T5102] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.580300][ T5102] SELinux: failed to load policy
[   72.228331][ T5119] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   72.277662][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.302599][ T5136] can0: slcan on ttyS3.
[   72.343018][ T5140] netlink: 12 bytes leftover after parsing attributes in process `syz.2.430'.
[   72.359425][ T5136] can0 (unregistered): slcan off ttyS3.
[   72.377619][ T5143] can0: slcan on ttyS3.
[   72.424712][ T5149] netlink: 28 bytes leftover after parsing attributes in process `syz.2.433'.
[   72.434515][ T5142] can0 (unregistered): slcan off ttyS3.
[   72.445351][ T5154] loop3: detected capacity change from 0 to 512
[   72.455017][ T5154] ext4: Unknown parameter 'dont_measure'
[   72.462543][ T5155] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[   72.623555][ T5171] loop1: detected capacity change from 0 to 1024
[   72.657049][ T5167] loop3: detected capacity change from 0 to 8192
[   72.711540][ T5180] can0: slcan on ttyS3.
[   72.739368][ T5180] can0 (unregistered): slcan off ttyS3.
[   72.761109][ T5171] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.813858][ T5171] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.438: bg 0: block 494: padding at end of block bitmap is not set
[   72.837634][ T5171] EXT4-fs (loop1): Remounting filesystem read-only
[   72.854660][ T5171] EXT4-fs (loop1): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   73.006852][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.068615][ T5204] can0: slcan on ttyS3.
[   73.079563][ T5200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.443'.
[   73.129467][ T5204] can0 (unregistered): slcan off ttyS3.
[   73.279795][ T5216] loop3: detected capacity change from 0 to 1024
[   73.411485][ T5216] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   73.421360][ T5216] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   73.463739][ T5216] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   73.495123][ T5216] EXT4-fs error (device loop3): ext4_get_journal_inode:5800: inode #5: comm syz.3.447: unexpected bad inode w/o EXT4_IGET_BAD
[   73.540116][ T5216] EXT4-fs (loop3): no journal found
[   73.545420][ T5216] EXT4-fs (loop3): can't get journal size
[   73.599753][ T5216] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   73.639773][ T5216] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.953326][ T5253] loop1: detected capacity change from 0 to 512
[   73.991272][ T5257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.457'.
[   74.003361][ T5253] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   74.019815][ T5253] EXT4-fs (loop1): orphan cleanup on readonly fs
[   74.074957][ T5253] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.455: Failed to acquire dquot type 1
[   74.126822][ T5266] can0: slcan on ttyS3.
[   74.184580][ T5266] can0 (unregistered): slcan off ttyS3.
[   74.200154][ T5253] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.455: bg 0: block 40: padding at end of block bitmap is not set
[   74.234976][ T5271] loop3: detected capacity change from 0 to 512
[   74.257561][ T5253] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   74.273508][ T5273] loop2: detected capacity change from 0 to 1024
[   74.304160][ T5253] EXT4-fs (loop1): 1 truncate cleaned up
[   74.314890][ T5271] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   74.352310][ T5273] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.374487][ T5253] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   74.387087][ T5271] EXT4-fs (loop3): orphan cleanup on readonly fs
[   74.395253][ T5273] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.461: bg 0: block 494: padding at end of block bitmap is not set
[   74.414772][ T5271] __quota_error: 176 callbacks suppressed
[   74.414790][ T5271] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[   74.429739][ T5271] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[   74.439502][ T5271] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.459: Failed to acquire dquot type 1
[   74.452659][   T29] audit: type=1326 audit(1756587038.436:2274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.476094][   T29] audit: type=1326 audit(1756587038.436:2275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.499434][   T29] audit: type=1326 audit(1756587038.436:2276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.522843][   T29] audit: type=1326 audit(1756587038.436:2277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.546199][   T29] audit: type=1326 audit(1756587038.436:2278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.569590][   T29] audit: type=1326 audit(1756587038.436:2279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.592927][   T29] audit: type=1326 audit(1756587038.436:2280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.618563][ T5271] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.459: bg 0: block 40: padding at end of block bitmap is not set
[   74.631666][ T5273] EXT4-fs (loop2): Remounting filesystem read-only
[   74.641941][ T5271] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   74.669477][ T5273] EXT4-fs (loop2): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   74.682069][   T29] audit: type=1326 audit(1756587038.666:2281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5279 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f918d4aebe9 code=0x7ffc0000
[   74.739523][ T5271] EXT4-fs (loop3): 1 truncate cleaned up
[   74.745715][ T5271] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   74.813762][ T5286] netlink: 16 bytes leftover after parsing attributes in process `syz.4.466'.
[   74.842720][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.925564][ T5291] netlink: 240 bytes leftover after parsing attributes in process `syz.4.468'.
[   74.961502][ T5295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.469'.
[   75.025615][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.041507][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.133318][ T5311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.474'.
[   75.252739][ T5326] loop4: detected capacity change from 0 to 512
[   75.343944][ T5330] loop3: detected capacity change from 0 to 1024
[   75.392736][ T5330] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.430394][ T5330] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.482: bg 0: block 494: padding at end of block bitmap is not set
[   75.472963][ T5330] EXT4-fs (loop3): Remounting filesystem read-only
[   75.483554][ T5326] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   75.495954][ T5330] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   75.508877][ T5340] netlink: 96 bytes leftover after parsing attributes in process `syz.1.484'.
[   75.518637][ T5326] EXT4-fs (loop4): orphan cleanup on readonly fs
[   75.560784][ T5326] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.477: Failed to acquire dquot type 1
[   75.650760][ T5326] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.477: bg 0: block 40: padding at end of block bitmap is not set
[   75.803308][ T5326] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   75.849070][ T5326] EXT4-fs (loop4): 1 truncate cleaned up
[   75.863342][ T5326] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.002803][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.175090][ T5350] loop1: detected capacity change from 0 to 512
[   76.185878][ T5350] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   76.209310][ T5350] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.488: invalid indirect mapped block 4294967295 (level 0)
[   76.249731][ T5350] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.488: invalid indirect mapped block 4294967295 (level 1)
[   76.315572][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.340016][ T5350] EXT4-fs (loop1): 1 orphan inode deleted
[   76.345836][ T5350] EXT4-fs (loop1): 1 truncate cleaned up
[   76.362712][ T5360] can0: slcan on ttyS3.
[   76.420068][ T5350] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.438146][ T5360] can0 (unregistered): slcan off ttyS3.
[   76.484445][ T5350] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.488: iget: bad extra_isize 46 (inode size 256)
[   76.574362][ T5385] loop3: detected capacity change from 0 to 1024
[   76.611760][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.629597][ T5385] EXT4-fs: Ignoring removed nobh option
[   76.691247][ T5385] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   76.724817][ T5401] loop1: detected capacity change from 0 to 1024
[   76.805449][ T5385] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.497: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   76.822122][ T5401] EXT4-fs: Ignoring removed nobh option
[   76.854311][ T5401] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   76.883434][ T5401] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #11: comm syz.1.500: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   76.903323][ T5385] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.497: couldn't read orphan inode 11 (err -117)
[   76.916667][ T5401] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.500: couldn't read orphan inode 11 (err -117)
[   76.951312][ T5401] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.965211][ T5385] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.072648][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.083179][ T5420] loop5: detected capacity change from 0 to 512
[   77.111505][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.131602][ T5420] EXT4-fs (loop5): revision level too high, forcing read-only mode
[   77.156263][ T5420] EXT4-fs (loop5): orphan cleanup on readonly fs
[   77.164952][ T5420] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.502: Failed to acquire dquot type 1
[   77.195689][ T5420] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.502: bg 0: block 40: padding at end of block bitmap is not set
[   77.257092][ T5428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.505'.
[   77.317874][ T5432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.505'.
[   77.345630][ T5420] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   77.382583][ T5428] loop1: detected capacity change from 0 to 512
[   77.389078][ T5420] EXT4-fs (loop5): 1 truncate cleaned up
[   77.404902][ T5420] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   77.440889][ T5428] EXT4-fs (loop1): orphan cleanup on readonly fs
[   77.447363][ T5428] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[   77.554393][ T5445] loop4: detected capacity change from 0 to 1024
[   77.561154][ T5428] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   77.581829][ T5447] loop3: detected capacity change from 0 to 1024
[   77.612237][ T5447] EXT4-fs: Ignoring removed nobh option
[   77.620885][ T5445] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.646831][ T5428] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.505: attempt to clear invalid blocks 2 len 1
[   77.684032][ T5447] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   77.698649][ T5445] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.512: bg 0: block 494: padding at end of block bitmap is not set
[   77.723464][ T5428] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.505: invalid indirect mapped block 1819239214 (level 0)
[   77.741141][ T5447] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.513: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   77.769721][ T5445] EXT4-fs (loop4): Remounting filesystem read-only
[   77.774739][ T5428] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.505: invalid indirect mapped block 1819239214 (level 1)
[   77.779517][ T5445] EXT4-fs (loop4): error restoring inline_data for inode -- potential data loss! (inode 15, error -30)
[   77.795635][ T5447] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.513: couldn't read orphan inode 11 (err -117)
[   77.831266][ T4215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.862155][ T5447] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.875434][ T5428] EXT4-fs (loop1): 1 truncate cleaned up
[   77.882796][ T5428] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   77.910685][ T5428] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   77.929880][ T5428] EXT4-fs error (device loop1): __ext4_remount:6740: comm syz.1.505: Abort forced by user
[   77.944771][ T5428] EXT4-fs (loop1): Remounting filesystem read-only
[   77.951461][ T5428] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   78.018286][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.036799][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.075942][ T5461] loop5: detected capacity change from 0 to 1024
[   78.122718][ T5461] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.137027][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.298267][ T4215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.344881][ T5481] FAULT_INJECTION: forcing a failure.
[   78.344881][ T5481] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.358226][ T5481] CPU: 0 UID: 0 PID: 5481 Comm: syz.1.527 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.358316][ T5481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   78.358331][ T5481] Call Trace:
[   78.358339][ T5481]  <TASK>
[   78.358348][ T5481]  __dump_stack+0x1d/0x30
[   78.358379][ T5481]  dump_stack_lvl+0xe8/0x140
[   78.358403][ T5481]  dump_stack+0x15/0x1b
[   78.358424][ T5481]  should_fail_ex+0x265/0x280
[   78.358450][ T5481]  should_fail+0xb/0x20
[   78.358536][ T5481]  should_fail_usercopy+0x1a/0x20
[   78.358559][ T5481]  _copy_from_user+0x1c/0xb0
[   78.358614][ T5481]  ___sys_sendmsg+0xc1/0x1d0
[   78.358660][ T5481]  __x64_sys_sendmsg+0xd4/0x160
[   78.358686][ T5481]  x64_sys_call+0x191e/0x2ff0
[   78.358709][ T5481]  do_syscall_64+0xd2/0x200
[   78.358798][ T5481]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   78.358827][ T5481]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   78.358870][ T5481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.358897][ T5481] RIP: 0033:0x7f76c580ebe9
[   78.358915][ T5481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.358936][ T5481] RSP: 002b:00007f76c4277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   78.359036][ T5481] RAX: ffffffffffffffda RBX: 00007f76c5a45fa0 RCX: 00007f76c580ebe9
[   78.359052][ T5481] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005
[   78.359067][ T5481] RBP: 00007f76c4277090 R08: 0000000000000000 R09: 0000000000000000
[   78.359079][ T5481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.359094][ T5481] R13: 00007f76c5a46038 R14: 00007f76c5a45fa0 R15: 00007ffd6b25c438
[   78.359160][ T5481]  </TASK>
[   78.573418][ T5485] loop1: detected capacity change from 0 to 1024
[   78.581775][ T5485] EXT4-fs: Ignoring removed nobh option
[   78.620886][ T5485] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   78.720293][ T5485] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #11: comm syz.1.528: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   78.780942][ T5495] can0: slcan on ttyS3.
[   78.787760][ T5485] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.528: couldn't read orphan inode 11 (err -117)
[   78.812062][ T5485] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.839563][ T5495] can0 (unregistered): slcan off ttyS3.
[   78.885821][ T5501] can0: slcan on ttyS3.
[   78.948385][ T5504] loop4: detected capacity change from 0 to 1024
[   78.959329][ T5501] can0 (unregistered): slcan off ttyS3.
[   79.037337][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.071376][ T5504] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.275452][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.352500][ T5556] can0: slcan on ttyS3.
[   79.375956][ T5558] loop5: detected capacity change from 0 to 1024
[   79.420942][ T5556] can0 (unregistered): slcan off ttyS3.
[   79.425484][ T5558] EXT4-fs: Ignoring removed nobh option
[   79.456960][ T5563] can0: slcan on ttyS3.
[   79.475486][ T5558] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   79.499125][ T5558] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #11: comm syz.5.548: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   79.520669][ T5558] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.548: couldn't read orphan inode 11 (err -117)
[   79.529269][ T5563] can0 (unregistered): slcan off ttyS3.
[   79.558589][ T5558] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.581469][   T29] kauditd_printk_skb: 646 callbacks suppressed
[   79.581493][   T29] audit: type=1326 audit(1756587043.606:2924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.615988][   T29] audit: type=1326 audit(1756587043.636:2925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.639533][   T29] audit: type=1326 audit(1756587043.636:2926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.662981][   T29] audit: type=1326 audit(1756587043.636:2927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.686503][   T29] audit: type=1326 audit(1756587043.636:2928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.709873][   T29] audit: type=1326 audit(1756587043.636:2929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.733155][   T29] audit: type=1326 audit(1756587043.636:2930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.756674][   T29] audit: type=1326 audit(1756587043.636:2931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.779925][   T29] audit: type=1326 audit(1756587043.636:2932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.803281][   T29] audit: type=1326 audit(1756587043.636:2933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f732e3eebe9 code=0x7ffc0000
[   79.804378][ T5450] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set
[   79.953708][ T4215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.954069][ T5521] netlink: 'syz.3.541': attribute type 3 has an invalid length.
[   79.970809][ T5521] netlink: 132 bytes leftover after parsing attributes in process `syz.3.541'.
[   79.998537][ T5596] FAULT_INJECTION: forcing a failure.
[   79.998537][ T5596] name failslab, interval 1, probability 0, space 0, times 0
[   80.011319][ T5596] CPU: 0 UID: 0 PID: 5596 Comm: syz.5.557 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   80.011346][ T5596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   80.011358][ T5596] Call Trace:
[   80.011367][ T5596]  <TASK>
[   80.011376][ T5596]  __dump_stack+0x1d/0x30
[   80.011402][ T5596]  dump_stack_lvl+0xe8/0x140
[   80.011439][ T5596]  dump_stack+0x15/0x1b
[   80.011454][ T5596]  should_fail_ex+0x265/0x280
[   80.011480][ T5596]  should_failslab+0x8c/0xb0
[   80.011533][ T5596]  kmem_cache_alloc_noprof+0x50/0x310
[   80.011563][ T5596]  ? security_inode_alloc+0x37/0x100
[   80.011605][ T5596]  security_inode_alloc+0x37/0x100
[   80.011631][ T5596]  inode_init_always_gfp+0x4b7/0x500
[   80.011661][ T5596]  ? __pfx_proc_alloc_inode+0x10/0x10
[   80.011760][ T5596]  alloc_inode+0x58/0x170
[   80.011784][ T5596]  new_inode+0x1d/0xe0
[   80.011810][ T5596]  proc_pid_make_inode+0x1f/0xd0
[   80.011856][ T5596]  proc_pident_instantiate+0x44/0x180
[   80.011883][ T5596]  proc_pident_lookup+0x115/0x1a0
[   80.011974][ T5596]  proc_tgid_base_lookup+0x2b/0x40
[   80.011999][ T5596]  __lookup_slow+0x193/0x250
[   80.012039][ T5596]  lookup_slow+0x3c/0x60
[   80.012077][ T5596]  link_path_walk+0x753/0x900
[   80.012135][ T5596]  path_openat+0x1de/0x2170
[   80.012153][ T5596]  ? _parse_integer_limit+0x170/0x190
[   80.012185][ T5596]  do_filp_open+0x109/0x230
[   80.012211][ T5596]  ? __pfx_kfree_link+0x10/0x10
[   80.012297][ T5596]  do_sys_openat2+0xa6/0x110
[   80.012338][ T5596]  __x64_sys_openat+0xf2/0x120
[   80.012379][ T5596]  x64_sys_call+0x2e9c/0x2ff0
[   80.012475][ T5596]  do_syscall_64+0xd2/0x200
[   80.012520][ T5596]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   80.012552][ T5596]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   80.012584][ T5596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.012610][ T5596] RIP: 0033:0x7f732e3eebe9
[   80.012625][ T5596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.012667][ T5596] RSP: 002b:00007f732ce57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   80.012686][ T5596] RAX: ffffffffffffffda RBX: 00007f732e625fa0 RCX: 00007f732e3eebe9
[   80.012701][ T5596] RDX: 0000000000004400 RSI: 0000200000000200 RDI: ffffffffffffff9c
[   80.012716][ T5596] RBP: 00007f732ce57090 R08: 0000000000000000 R09: 0000000000000000
[   80.012810][ T5596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   80.012824][ T5596] R13: 00007f732e626038 R14: 00007f732e625fa0 R15: 00007ffd9c4af378
[   80.012847][ T5596]  </TASK>
[   80.282572][ T5593] loop4: detected capacity change from 0 to 8192
[   80.304633][ T5600] netlink: 16 bytes leftover after parsing attributes in process `syz.1.558'.
[   80.314466][ T5593] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   80.363558][ T5605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.560'.
[   80.435817][ T5612] ==================================================================
[   80.444041][ T5612] BUG: KCSAN: data-race in memcpy_and_pad / release_task
[   80.451083][ T5612] 
[   80.453416][ T5612] write to 0xffff88810a6204c8 of 8 bytes by task 3880 on cpu 0:
[   80.461050][ T5612]  release_task+0x6f9/0xb60
[   80.465568][ T5612]  wait_consider_task+0x114a/0x1660
[   80.470784][ T5612]  __do_wait+0x34a/0x510
[   80.475044][ T5612]  do_wait+0xb7/0x260
[   80.479039][ T5612]  kernel_wait+0x51/0xc0
[   80.483301][ T5612]  call_usermodehelper_exec_work+0x9c/0x160
[   80.489231][ T5612]  process_scheduled_works+0x4ce/0x9d0
[   80.494737][ T5612]  worker_thread+0x582/0x770
[   80.499352][ T5612]  kthread+0x486/0x510
[   80.503447][ T5612]  ret_from_fork+0xda/0x150
[   80.507967][ T5612]  ret_from_fork_asm+0x1a/0x30
[   80.512738][ T5612] 
[   80.515066][ T5612] read to 0xffff88810a620000 of 3264 bytes by task 5612 on cpu 1:
[   80.522870][ T5612]  memcpy_and_pad+0x48/0x80
[   80.527399][ T5612]  arch_dup_task_struct+0x2c/0x40
[   80.532443][ T5612]  dup_task_struct+0x83/0x6a0
[   80.537135][ T5612]  copy_process+0x399/0x2000
[   80.541737][ T5612]  kernel_clone+0x16c/0x5c0
[   80.546494][ T5612]  __se_sys_clone3+0x1c2/0x200
[   80.551277][ T5612]  __x64_sys_clone3+0x31/0x40
[   80.556006][ T5612]  x64_sys_call+0x1fc9/0x2ff0
[   80.560694][ T5612]  do_syscall_64+0xd2/0x200
[   80.565215][ T5612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.571114][ T5612] 
[   80.573435][ T5612] Reported by Kernel Concurrency Sanitizer on:
[   80.579589][ T5612] CPU: 1 UID: 0 PID: 5612 Comm: syz.4.561 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   80.589244][ T5612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   80.599406][ T5612] ==================================================================
[   80.640085][ T5607] netlink: 'syz.5.559': attribute type 3 has an invalid length.