last executing test programs:

4.618856988s ago: executing program 2 (id=2228):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f00000015c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r2)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x9, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000840)={0x7f, <r5=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x7, 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000700000000000000f6ffffff18110000", @ANYRES32=r0, @ANYBLOB="000000fdff000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000000631060009000000bf91000000000000b70200000085000000b7000000000000009500"/104], &(0x7f0000000400)='syzkaller\x00', 0xffff8001, 0x9d, &(0x7f0000000640)=""/157, 0x41100, 0x44, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000800)={0x1, 0x9, 0x6, 0x6}, 0x10, r5, r1, 0x1, &(0x7f0000000880)=[r0, r0, r0], &(0x7f00000008c0)=[{0x0, 0x3, 0x4, 0x3}]}, 0x94)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="c4000000", @ANYRES16, @ANYBLOB="010027bd7000fbdbdf25010000008c0400800c00078008000600ce0000004c00078008000500da08793008000600ee0000003500060064e4ffff070006008b000000080006005a00ff00000000000000000008000500e413006408000500f9f7ac2708c4c768ced82aa1bcff078008000600690000002400078008000500d26cfb7d08000600b700000008000500c845c43a08000600430000001c00048005000300020000000500030007000000050003000700000008000200ef000000"], 0xc4}, 0x1, 0x0, 0x0, 0x4008880}, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0)

4.51442436s ago: executing program 2 (id=2230):
syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x8b7c, 0x80, 0x200007, 0x22}, &(0x7f0000000940), &(0x7f0000000280))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$unix(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="2f03", 0x2}], 0x1, 0x0, 0x0, 0x800}, 0x20004011)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg$unix(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r3}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

3.136801091s ago: executing program 2 (id=2246):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
readv(r2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f00000001c0)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x0, 0x3, 0xffeffc03}, 0x0, &(0x7f0000000240))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)

3.121465572s ago: executing program 0 (id=2247):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x13}]}}, 0x0, 0x26}, 0x20)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r0, 0x1, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xd, 0x4, 0x4, 0xffffffff, 0x0, r1, 0x7, '\x00', 0x0, r0, 0x0, 0x3}, 0x50) (fail_nth: 3)

2.534315961s ago: executing program 0 (id=2250):
io_setup(0x8f0, &(0x7f0000002400))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
brk(0x20001000)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x2}, 0x18)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000800)='./file0\x00', 0x800, &(0x7f0000000280)={[{@utf8}, {@hide, 0x0}, {@utf8}, {@overriderock}, {@map_off}, {@map_normal, 0x41}, {@session={'session', 0x3d, 0x37}}, {@unhide}, {@unhide}, {@overriderock}, {@map_off}, {@map_normal}, {}]}, 0x2, 0x6b1, &(0x7f0000001100)="$eJzs3V1vG1kdx/HfOI7jZqFaAaqqqg+nLSulorhjZ5sqKhJrxuNkwPZYMw5qJKRV2Sarqk4X2iLR3Cy54UFa3gDihgu44EUgcb3vghsE0grukJYLr+bJseOnuuu2u9vvJ9r1eM5/zvnPjOu/JvEcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHJqtl221PBaO3fMZE4t8Jvp8v97o+1Jb8u6lixcmzmuZEX/qVjU2WTV2W8dN5+J/ndF55Nn51WMHoo6fOPMm7e/mc9l209J+Hlo3g4fPz18cLfb3Xv0DLFLmrv7V0m5bOlUek7GBG25LS/0vWZ1yzVe6JvNjQ37xnY9NHWv4Ya7YcdtGidwcx0/MGvONVPe3Fw3bmnX32lt1aoNN1t567sV294wP1xJTrSkUuhse42G19qKY6LmKOaW+egnSYBbbRqzf7+7tz5rT6Kg8rMEVWYFVexKpVyuVMobNzdv3rLt/OCKnKS8HbHsPo1ssvAXLb5kFvPGDSxALqr//7CkhopqaUd3ZMb+OKopkK/mhPZUVv/fuuFOHXew/mdV/qz0/bT5nOL6fzF5dnFS/Z+Qi5GJNxjXYk1YP9/PcpyR0WM91aEe6K666mpPjxbQt5G5tJBeXsLPlly15CmUL09NVbWlP39d6RqjTW1oQ7be1bbqCmVUl6eGXIXaVaiO3PgV5SiQq6o68hXIaE2OrsmorE1tal1Grkrala8dtbSlmqr6X6/X29f9+LivT8lRWVB5QsDKYFBlSk/DxfyPyur/Tz9MXqd23j6B+v96SV4HK8nDx9NigC+AXnr9Pyg3e7NLLy4jAAAAAACwaFb823cr/tv9BUk91b2Ga7/qtAAAAAAAwAJZ6q3ovKzo+l/SBVlc/wMAAAAA8FVjxffYWZJW4w/1W8d3Qj3LLwGWXkKKAAAAAADgc4rv/L9YkHrxpBWXZM11/Q8AAAAAAL4Efjswx34+m2O3l/1ZPycpbK9Yf/vPioJl66h959vWQTVqqR6kMZ+e7LFTP2edTifqjR8KkuJnjnveOp9MjplOgtmfd/CT/Vlz/VvBiQQKS4MdTEjAikbeyKfP9JEuJ5tcTueZv3eYU9ySjLJa9xpuyfEbt8uqVk/nOu6dzi8e3v+lFPQ/6bB/v7tXeu+D7r04l6No1dFB1OmHQ+nkxh+M41yexPMtxPdcjNvjU6pnQ/6u1Vy14nHtbP+XVD3IDQ407QQcj/lrXVH8qY0rq0ns6mF/xv1o/4vR/pdL8Skb2vtg2TrOonxyz8ediAlZFOMsriYxV9euqvLPZLl/FnJW8TtLUqU0eg6GsqgMZjH7WFj/HTkWA1nED1nLwLFYj7L4e9TRhCzW58ti5IwAwKuyrwuK34UuKJ7EvF+FimndzcpD9qb2XHVndnV/Z7i6P/lDrxdvsCTl079NTB2lqOgdfc2K61Ah2aX8uTHv6HZaV4qa8I5uf47qFo311+PvQErTHsni016vd7scj/v7E1X1T0PDjYwbNipL0SG88eTgZ/EE+JH3997fe1iprG/Yb9v2zYqW491IH5ZE7QEAjJj9HTszI6y3dTmJuHzv328lS0MV7xv9jxSU9J4+UFf3dD37CoFL43tdHfgYwvXkqlUDV63mzJu34++lG44t6/rEq7q4lg7EVvqxy8o2Ga7Ux7HrL/gsAADwcl2ZUYfH1//iUP2/rrUkYu3c2Ovu4VqeXh33L+knxZZnJ//Ooo8GAACvBzf4xFrt/MYKAq/9bnlzs1ztbLsm8J0fmcCrbbnGa3XcwNmutrZc0w78ju/4DdMOtOLV3NCEO+22H3RM3Q9M2w+9O/E3v5v0q99Dt1ltdTwnbDfcaugax291qk7H1LzQMe2dHzS8cNsN4o3Dtut4dc+pdjy/ZUJ/J3DckjGh6w4EejW31fHqXrTYMu3Aa1aDXfNjv7HTdE3NDZ3Aa3f8pMNsLK9V94Nm3G0p3xv3eQEAAF47j58ePrjb7e49OrlwKro0T9YcaULM6EJBj59GV+XRmnzaxBxBAAB8wRwX8Dk2Kr7AhAAAAAAAAAAAAAAAAAAAAAAAwIjZt/TNubA87mZBqb/m56fTNfqVjm8xHOnH0qITm2chN+9W2S0Rhw8+nhRT0N1T/TXZ4R+MOXppO/ivr0lvxGuUrMkvfqxTU07ui1j43n5yRCfGRI1jm1b65yL/HP8cCpoZ8/AvE5p6vV5v+hArw8ewMLSDuWmD5iU9Ksx9CgojL1EAX1WfBQAA//843TOC")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101000, 0x38)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX], 0x0, 0x1000000}, 0x94)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14)

1.651521494s ago: executing program 2 (id=2253):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x4000000000000007, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0xa, 0x0, 0x8000)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r1, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc) (fail_nth: 1)
syz_io_uring_setup(0x10f, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0)

1.625493495s ago: executing program 3 (id=2254):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x4000000000000007, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0xa, 0x0, 0x8000)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r1, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc)
syz_io_uring_setup(0x10f, 0x0, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000300), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
syz_clone(0x6063100, 0x0, 0xfffffffffffffe61, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
keyctl$search(0xa, 0x0, 0x0, 0x0, r2)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000080)=@chain={'key_or_keyring:', r2})
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0)

1.577879206s ago: executing program 0 (id=2256):
syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x8b7c, 0x80, 0x200007, 0x22}, &(0x7f0000000940), &(0x7f0000000280))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$unix(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="2f03", 0x2}], 0x1, 0x0, 0x0, 0x800}, 0x20004011)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg$unix(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r3}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.552608596s ago: executing program 4 (id=2258):
openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='page_pool_state_release\x00', r0, 0x0, 0x4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91)
pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0xffff, 0x100000001, 0x4, 0xa})

1.436997498s ago: executing program 4 (id=2259):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffff001}, 0x18)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10020}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0xfc}}, 0x0) (fail_nth: 3)

1.350290829s ago: executing program 3 (id=2260):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffff001}, 0x18)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10020}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x181102)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000080)={0x6, 0x7, 0x48, 0x0, 0xf})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0xfc}}, 0x0)

1.350067939s ago: executing program 4 (id=2261):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x381, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.349863859s ago: executing program 3 (id=2262):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)='%ps    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r5)
writev(r3, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e210e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='kmem_cache_free\x00', r1, 0x0, 0x2000}, 0x18)
pause()
socket$kcm(0x10, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x204c, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r6}, &(0x7f0000000000), &(0x7f00000005c0)=r7}, 0x20)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[], 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040041}, 0x40000000)
timer_settime(0x0, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsmount(r8, 0x0, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r9, 0x2000)
msgsnd(0x0, &(0x7f0000002900)=ANY=[@ANYBLOB="03"], 0xfd1, 0x0)

1.153559582s ago: executing program 4 (id=2263):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000880)={[{@data_err_abort}, {@nojournal_checksum}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@init_itable_val={'init_itable', 0x3d, 0x1}}, {@data_err_ignore}, {@lazytime}, {@data_err_ignore}, {@journal_dev={'journal_dev', 0x3d, 0x800}}, {@nobh}, {@inlinecrypt}, {@data_err_ignore}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x0, 0xa20, 0x8000c64)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r2, 0x0, 0x102}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00'})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a017f7f00000000000000050000000900010073797a30000000000900030073797a300000000008000a400000000328000480080002400000001208000140000000000d0003"], 0xac}}, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x941c, 0x0)
write$binfmt_elf64(r1, 0x0, 0x478)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0xe7b, 0x0, 0x2)

1.114851092s ago: executing program 2 (id=2264):
bpf$TOKEN_CREATE(0x24, &(0x7f00000005c0), 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40500004000000079109a00200000002500000000000000950001f000000000e5457081332948bdedd9050ba5f38bf6f4e9db1eaac14e8b08b0d6903bdb2b3de48b15210a3a3697bd3f7a05"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xba, &(0x7f000000cf3d)=""/186, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x1a08050, &(0x7f0000000880)=ANY=[], 0x2, 0x5be, &(0x7f0000002340)="$eJzs3V1vG1kZwPFnEqcxAVUIUFVFbfdsClIqZd3xZOMq2qthfOzMrj1jzYxXyVUVEaeK6hTUFInkhvSmagV8BaR+CG75MlxXXIMERvMWnPgtrdOYlv8v2p0T+/E5z3GteXqmMx4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiOFXTLBvScL32thrNqQZ+c8zzeX8Pzm3GjCtixP9JsSi304du/+y/T9+K/7cid9Lf7kgx3hTl5Ie3fvzNTwtz+evHJHQtjo5Pnu52u53nl4wvzDzjq1XXnhv6btOua+WGvtqsVMyHW7VQ1dyGDnfCSDeVE2g78gO16jxQ5c3NdaVLO37bq1fths4ffPSVZZoV9W2ppe0g9L2H35ZCZ8ttNFyvnsTET8cxj+IP4ndupCJtN5XaP+h21iclGQeVs/bFP4DT/iBrUk+WaVnlgohUNm5kH1TLKpctq1zZ2Nx4ZJoF8wJZvBjR96Gt/yPt4z3fdHzarmrXDUxtLqv/0hBXPGnLtqihP45UJRBfmiOez+T1/xcP9dhx++t/XuVv+z/In16WpP7fS3+7N6r+i5LFEflcz8+RHMuJPJVd6UpXOvJ8uv7m8vnPck4qfnNPLxdZFy2euBKKL640xU4eUeJKUXxRsikVqYgpj2VLahKKkpq40hAtoexIKJHo5BPlSCBabInEl0CUrIojD0RJUm1lXZRoKcmO+NIWT+pSFTvpZV8Okvd9fUyOZ0HlywRZY4KS+t9fzAceGKj/AxGz/0srZutqd+DAFHp5/QcAAAAAAJ8tIzn6Hq//F+Ru0qq5DW3OOi0AAAAAAHCFXteS8+uNeP0vInfFGLn+P80OFAAAAAAAgE+MkVxjFy/rl+SLtJVfCXV2EGButikCAAAAAIApJf+gfy/eLMWtL8QYXP8PSr79rHhtSQIAAAAAgKlEr7PGyO/YD1uLxl//LkGwYLxsbf/cOLTjOPtwPn3d/ECPtWXpLabtpK9KIevS0XeM7Nsvz74E8126KUivNz4PY2wChfMJGDezV59PQP4oX8YRf5Mv99LYvfyZdJSlmtvQJcdvfFMW2745F+nt6LfPDn4nyfTfeM04yYNup/SrX3f3klxexr28PMyuixi4PGJMLi/y4yd3h894IbkQIxt3yZD9g27H7J9/dlrGwNkZY8Z8JStpzMpSul06P/9iPGa5NGr2aRYLMuXMX8n9NOb+6v10MyQLa0IWHas/iw96Ly6RxfqkLNanzAIAZmU/+dafoVUo36VfrLsfsJfbn3Qnn/HV/ZKjvJLVNGZ1OdmxFpaH7NHNSXt0s7WdV+a0ut0YW93kVGT4Hv3sHkijamw87p/Oxi0ns3/7exF5m1fVgemHDcuI38L5F4e/kVtHxydfHRzuPuk86TyzrPWK+bVpbliykEwj21B7AABDTL7HzsQI4+t0VS3JqvpfvVRfxftJdkpBflSgK3uyllxtkJxxUJTFc73+4c/xSrzvNIS1i6vWgvRX1F5eLP/Z6/XWJqzq0n5zl4lNby8DAMDnZKW/Do+t/1nckPq/lh8KGLHuPl/LL94heFRseUTGb7gcEQCAKeng3b+zFXvrcXlzs2xHW1oFvvOdCtxqXSvXi3TgbNleXatW4Ee+48/Hje/dqg5V2G61/CBSNT9QLT90t5M7v6vs1u+hbtpe5Dphq6HtUCvH9yLbiVTVDR3Vav+y4YZbOkheHLa049Zcx45c31Oh3w4cXVIq1Lov0K1qL3Jrbtz0VCtwm3awo773G+2mVlUdOoHbivy0w3ws16v5QTPu9sas32sAAP5XHB2fPN3tdjvPP2Jj1nMEAADnvU+V5owxAAAAAAAAAAAAAAAAAAAAAABmY/R1e/NyDZcGZo2//EjkusYa3VgQkdmNTuP/snHzijssyhV1OGnPcXo9OygAH81/AgAA///lXV5a")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000008c0)='./file0\x00', 0x10000, 0x52)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
pipe2$9p(&(0x7f0000000180)={<r3=>0xffffffffffffffff}, 0x84000)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r4, 0x5607, 0x3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000008003207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='netfs_rreq\x00', r6}, 0x18)
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000840)='system_u:object_r:setrans_var_run_t:s0\x00', 0x27)
ioctl$VT_ACTIVATE(r4, 0x5606, 0x4)
ioctl$TIOCSWINSZ(r4, 0x5414, &(0x7f0000000180)={0x9, 0x0, 0x3, 0x7fff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x8}, 0x50)
syz_open_dev$usbfs(&(0x7f0000000000), 0x6, 0xa2082)
getresuid(&(0x7f00000001c0), &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000240))
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r7}}, {@access_user}, {@access_user}, {@version_L}, {@cache_none}]}})
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002bbd700004000000000000000000000000000000000000016401010200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000002000000000000000002000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000002008000000000000000001000000000000004400050000110000000000000000000000000000000000003c00000002000000e00000010000000000000000000000000600000004"], 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r10 = dup(r9)
ioctl$PTP_EXTTS_REQUEST2(r10, 0x43403d05, 0x0)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r10, &(0x7f0000000800)={&(0x7f0000000040), 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x38, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x1c}}, @L2TP_ATTR_OFFSET={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x28000845}, 0x1620dc1a743a3c36)
ioctl$EVIOCGNAME(r10, 0x80404506, &(0x7f0000000340)=""/100)
sendto$inet6(r8, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

977.237175ms ago: executing program 4 (id=2265):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)

659.62592ms ago: executing program 0 (id=2268):
io_setup(0x8f0, &(0x7f0000002400))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
brk(0x20001000)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x2}, 0x18)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000800)='./file0\x00', 0x800, &(0x7f0000000280)={[{@utf8}, {@hide, 0x0}, {@utf8}, {@overriderock}, {@map_off}, {@map_normal, 0x41}, {@session={'session', 0x3d, 0x37}}, {@unhide}, {@unhide}, {@overriderock}, {@map_off}, {@map_normal}, {}]}, 0x2, 0x6b1, &(0x7f0000001100)="$eJzs3V1vG1kdx/HfOI7jZqFaAaqqqg+nLSulorhjZ5sqKhJrxuNkwPZYMw5qJKRV2Sarqk4X2iLR3Cy54UFa3gDihgu44EUgcb3vghsE0grukJYLr+bJseOnuuu2u9vvJ9r1eM5/zvnPjOu/JvEcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHJqtl221PBaO3fMZE4t8Jvp8v97o+1Jb8u6lixcmzmuZEX/qVjU2WTV2W8dN5+J/ndF55Nn51WMHoo6fOPMm7e/mc9l209J+Hlo3g4fPz18cLfb3Xv0DLFLmrv7V0m5bOlUek7GBG25LS/0vWZ1yzVe6JvNjQ37xnY9NHWv4Ya7YcdtGidwcx0/MGvONVPe3Fw3bmnX32lt1aoNN1t567sV294wP1xJTrSkUuhse42G19qKY6LmKOaW+egnSYBbbRqzf7+7tz5rT6Kg8rMEVWYFVexKpVyuVMobNzdv3rLt/OCKnKS8HbHsPo1ssvAXLb5kFvPGDSxALqr//7CkhopqaUd3ZMb+OKopkK/mhPZUVv/fuuFOHXew/mdV/qz0/bT5nOL6fzF5dnFS/Z+Qi5GJNxjXYk1YP9/PcpyR0WM91aEe6K666mpPjxbQt5G5tJBeXsLPlly15CmUL09NVbWlP39d6RqjTW1oQ7be1bbqCmVUl6eGXIXaVaiO3PgV5SiQq6o68hXIaE2OrsmorE1tal1Grkrala8dtbSlmqr6X6/X29f9+LivT8lRWVB5QsDKYFBlSk/DxfyPyur/Tz9MXqd23j6B+v96SV4HK8nDx9NigC+AXnr9Pyg3e7NLLy4jAAAAAACwaFb823cr/tv9BUk91b2Ga7/qtAAAAAAAwAJZ6q3ovKzo+l/SBVlc/wMAAAAA8FVjxffYWZJW4w/1W8d3Qj3LLwGWXkKKAAAAAADgc4rv/L9YkHrxpBWXZM11/Q8AAAAAAL4Efjswx34+m2O3l/1ZPycpbK9Yf/vPioJl66h959vWQTVqqR6kMZ+e7LFTP2edTifqjR8KkuJnjnveOp9MjplOgtmfd/CT/Vlz/VvBiQQKS4MdTEjAikbeyKfP9JEuJ5tcTueZv3eYU9ySjLJa9xpuyfEbt8uqVk/nOu6dzi8e3v+lFPQ/6bB/v7tXeu+D7r04l6No1dFB1OmHQ+nkxh+M41yexPMtxPdcjNvjU6pnQ/6u1Vy14nHtbP+XVD3IDQ407QQcj/lrXVH8qY0rq0ns6mF/xv1o/4vR/pdL8Skb2vtg2TrOonxyz8ediAlZFOMsriYxV9euqvLPZLl/FnJW8TtLUqU0eg6GsqgMZjH7WFj/HTkWA1nED1nLwLFYj7L4e9TRhCzW58ti5IwAwKuyrwuK34UuKJ7EvF+FimndzcpD9qb2XHVndnV/Z7i6P/lDrxdvsCTl079NTB2lqOgdfc2K61Ah2aX8uTHv6HZaV4qa8I5uf47qFo311+PvQErTHsni016vd7scj/v7E1X1T0PDjYwbNipL0SG88eTgZ/EE+JH3997fe1iprG/Yb9v2zYqW491IH5ZE7QEAjJj9HTszI6y3dTmJuHzv328lS0MV7xv9jxSU9J4+UFf3dD37CoFL43tdHfgYwvXkqlUDV63mzJu34++lG44t6/rEq7q4lg7EVvqxy8o2Ga7Ux7HrL/gsAADwcl2ZUYfH1//iUP2/rrUkYu3c2Ovu4VqeXh33L+knxZZnJ//Ooo8GAACvBzf4xFrt/MYKAq/9bnlzs1ztbLsm8J0fmcCrbbnGa3XcwNmutrZc0w78ju/4DdMOtOLV3NCEO+22H3RM3Q9M2w+9O/E3v5v0q99Dt1ltdTwnbDfcaugax291qk7H1LzQMe2dHzS8cNsN4o3Dtut4dc+pdjy/ZUJ/J3DckjGh6w4EejW31fHqXrTYMu3Aa1aDXfNjv7HTdE3NDZ3Aa3f8pMNsLK9V94Nm3G0p3xv3eQEAAF47j58ePrjb7e49OrlwKro0T9YcaULM6EJBj59GV+XRmnzaxBxBAAB8wRwX8Dk2Kr7AhAAAAAAAAAAAAAAAAAAAAAAAwIjZt/TNubA87mZBqb/m56fTNfqVjm8xHOnH0qITm2chN+9W2S0Rhw8+nhRT0N1T/TXZ4R+MOXppO/ivr0lvxGuUrMkvfqxTU07ui1j43n5yRCfGRI1jm1b65yL/HP8cCpoZ8/AvE5p6vV5v+hArw8ewMLSDuWmD5iU9Ksx9CgojL1EAX1WfBQAA//843TOC")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101000, 0x38)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX], 0x0, 0x1000000}, 0x94)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14)

499.441022ms ago: executing program 3 (id=2270):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r0, 0x1, 0x1}, 0x50)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000280)={&(0x7f00000011c0), 0x0})
r4 = dup3(r2, r3, 0x0)
ioctl$MON_IOCX_GETX(r4, 0x4018920a, &(0x7f00000003c0)={&(0x7f0000000180), &(0x7f0000002240)=""/4118, 0x1016})
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xd, 0x4, 0x4, 0xffffffff, 0x0, r1, 0x7, '\x00', 0x0, r0, 0x0, 0x3}, 0x50)

442.058903ms ago: executing program 3 (id=2271):
r0 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={0x4d0c42, 0xb0, 0x16}, 0x18)
write$P9_RMKNOD(r0, &(0x7f0000000180)={0x14, 0x13, 0x2, {0x20, 0x4, 0x8}}, 0x14)
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98,\xc8\x18E/\x8c\x1a\xe3\xbd')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x1)

411.685653ms ago: executing program 1 (id=2273):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
brk(0x20001000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r1=>r0, {0x7474}}, './file1\x00'})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5, 0x0, 0x2}, 0x18)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000800)='./file0\x00', 0x800, &(0x7f0000000280)={[{@utf8}, {@hide, 0x0}, {@utf8}, {@overriderock}, {@map_off}, {@map_normal, 0x41}, {@session={'session', 0x3d, 0x37}}, {@unhide}, {@unhide}, {@overriderock}, {@map_off}, {@map_normal}, {}]}, 0x2, 0x6b1, &(0x7f0000001100)="$eJzs3V1vG1kdx/HfOI7jZqFaAaqqqg+nLSulorhjZ5sqKhJrxuNkwPZYMw5qJKRV2Sarqk4X2iLR3Cy54UFa3gDihgu44EUgcb3vghsE0grukJYLr+bJseOnuuu2u9vvJ9r1eM5/zvnPjOu/JvEcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHJqtl221PBaO3fMZE4t8Jvp8v97o+1Jb8u6lixcmzmuZEX/qVjU2WTV2W8dN5+J/ndF55Nn51WMHoo6fOPMm7e/mc9l209J+Hlo3g4fPz18cLfb3Xv0DLFLmrv7V0m5bOlUek7GBG25LS/0vWZ1yzVe6JvNjQ37xnY9NHWv4Ya7YcdtGidwcx0/MGvONVPe3Fw3bmnX32lt1aoNN1t567sV294wP1xJTrSkUuhse42G19qKY6LmKOaW+egnSYBbbRqzf7+7tz5rT6Kg8rMEVWYFVexKpVyuVMobNzdv3rLt/OCKnKS8HbHsPo1ssvAXLb5kFvPGDSxALqr//7CkhopqaUd3ZMb+OKopkK/mhPZUVv/fuuFOHXew/mdV/qz0/bT5nOL6fzF5dnFS/Z+Qi5GJNxjXYk1YP9/PcpyR0WM91aEe6K666mpPjxbQt5G5tJBeXsLPlly15CmUL09NVbWlP39d6RqjTW1oQ7be1bbqCmVUl6eGXIXaVaiO3PgV5SiQq6o68hXIaE2OrsmorE1tal1Grkrala8dtbSlmqr6X6/X29f9+LivT8lRWVB5QsDKYFBlSk/DxfyPyur/Tz9MXqd23j6B+v96SV4HK8nDx9NigC+AXnr9Pyg3e7NLLy4jAAAAAACwaFb823cr/tv9BUk91b2Ga7/qtAAAAAAAwAJZ6q3ovKzo+l/SBVlc/wMAAAAA8FVjxffYWZJW4w/1W8d3Qj3LLwGWXkKKAAAAAADgc4rv/L9YkHrxpBWXZM11/Q8AAAAAAL4Efjswx34+m2O3l/1ZPycpbK9Yf/vPioJl66h959vWQTVqqR6kMZ+e7LFTP2edTifqjR8KkuJnjnveOp9MjplOgtmfd/CT/Vlz/VvBiQQKS4MdTEjAikbeyKfP9JEuJ5tcTueZv3eYU9ySjLJa9xpuyfEbt8uqVk/nOu6dzi8e3v+lFPQ/6bB/v7tXeu+D7r04l6No1dFB1OmHQ+nkxh+M41yexPMtxPdcjNvjU6pnQ/6u1Vy14nHtbP+XVD3IDQ407QQcj/lrXVH8qY0rq0ns6mF/xv1o/4vR/pdL8Skb2vtg2TrOonxyz8ediAlZFOMsriYxV9euqvLPZLl/FnJW8TtLUqU0eg6GsqgMZjH7WFj/HTkWA1nED1nLwLFYj7L4e9TRhCzW58ti5IwAwKuyrwuK34UuKJ7EvF+FimndzcpD9qb2XHVndnV/Z7i6P/lDrxdvsCTl079NTB2lqOgdfc2K61Ah2aX8uTHv6HZaV4qa8I5uf47qFo311+PvQErTHsni016vd7scj/v7E1X1T0PDjYwbNipL0SG88eTgZ/EE+JH3997fe1iprG/Yb9v2zYqW491IH5ZE7QEAjJj9HTszI6y3dTmJuHzv328lS0MV7xv9jxSU9J4+UFf3dD37CoFL43tdHfgYwvXkqlUDV63mzJu34++lG44t6/rEq7q4lg7EVvqxy8o2Ga7Ux7HrL/gsAADwcl2ZUYfH1//iUP2/rrUkYu3c2Ovu4VqeXh33L+knxZZnJ//Ooo8GAACvBzf4xFrt/MYKAq/9bnlzs1ztbLsm8J0fmcCrbbnGa3XcwNmutrZc0w78ju/4DdMOtOLV3NCEO+22H3RM3Q9M2w+9O/E3v5v0q99Dt1ltdTwnbDfcaugax291qk7H1LzQMe2dHzS8cNsN4o3Dtut4dc+pdjy/ZUJ/J3DckjGh6w4EejW31fHqXrTYMu3Aa1aDXfNjv7HTdE3NDZ3Aa3f8pMNsLK9V94Nm3G0p3xv3eQEAAF47j58ePrjb7e49OrlwKro0T9YcaULM6EJBj59GV+XRmnzaxBxBAAB8wRwX8Dk2Kr7AhAAAAAAAAAAAAAAAAAAAAAAAwIjZt/TNubA87mZBqb/m56fTNfqVjm8xHOnH0qITm2chN+9W2S0Rhw8+nhRT0N1T/TXZ4R+MOXppO/ivr0lvxGuUrMkvfqxTU07ui1j43n5yRCfGRI1jm1b65yL/HP8cCpoZ8/AvE5p6vV5v+hArw8ewMLSDuWmD5iU9Ksx9CgojL1EAX1WfBQAA//843TOC")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101000, 0x38)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r1], 0x0, 0x1000000}, 0x94)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14)

410.528173ms ago: executing program 0 (id=2274):
syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x8b7c, 0x80, 0x200007, 0x22}, 0x0, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$unix(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="2f03", 0x2}], 0x1, 0x0, 0x0, 0x800}, 0x20004011)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg$unix(r2, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r4}, 0x10)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
close_range(r0, 0xffffffffffffffff, 0x0)

391.768194ms ago: executing program 3 (id=2275):
io_setup(0x8f0, &(0x7f0000002400))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
brk(0x20001000)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x2}, 0x18)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000800)='./file0\x00', 0x800, &(0x7f0000000280)={[{@utf8}, {@hide, 0x0}, {@utf8}, {@overriderock}, {@map_off}, {@map_normal, 0x41}, {@session={'session', 0x3d, 0x37}}, {@unhide}, {@unhide}, {@overriderock}, {@map_off}, {@map_normal}, {}]}, 0x2, 0x6b1, &(0x7f0000001100)="$eJzs3V1vG1kdx/HfOI7jZqFaAaqqqg+nLSulorhjZ5sqKhJrxuNkwPZYMw5qJKRV2Sarqk4X2iLR3Cy54UFa3gDihgu44EUgcb3vghsE0grukJYLr+bJseOnuuu2u9vvJ9r1eM5/zvnPjOu/JvEcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHJqtl221PBaO3fMZE4t8Jvp8v97o+1Jb8u6lixcmzmuZEX/qVjU2WTV2W8dN5+J/ndF55Nn51WMHoo6fOPMm7e/mc9l209J+Hlo3g4fPz18cLfb3Xv0DLFLmrv7V0m5bOlUek7GBG25LS/0vWZ1yzVe6JvNjQ37xnY9NHWv4Ya7YcdtGidwcx0/MGvONVPe3Fw3bmnX32lt1aoNN1t567sV294wP1xJTrSkUuhse42G19qKY6LmKOaW+egnSYBbbRqzf7+7tz5rT6Kg8rMEVWYFVexKpVyuVMobNzdv3rLt/OCKnKS8HbHsPo1ssvAXLb5kFvPGDSxALqr//7CkhopqaUd3ZMb+OKopkK/mhPZUVv/fuuFOHXew/mdV/qz0/bT5nOL6fzF5dnFS/Z+Qi5GJNxjXYk1YP9/PcpyR0WM91aEe6K666mpPjxbQt5G5tJBeXsLPlly15CmUL09NVbWlP39d6RqjTW1oQ7be1bbqCmVUl6eGXIXaVaiO3PgV5SiQq6o68hXIaE2OrsmorE1tal1Grkrala8dtbSlmqr6X6/X29f9+LivT8lRWVB5QsDKYFBlSk/DxfyPyur/Tz9MXqd23j6B+v96SV4HK8nDx9NigC+AXnr9Pyg3e7NLLy4jAAAAAACwaFb823cr/tv9BUk91b2Ga7/qtAAAAAAAwAJZ6q3ovKzo+l/SBVlc/wMAAAAA8FVjxffYWZJW4w/1W8d3Qj3LLwGWXkKKAAAAAADgc4rv/L9YkHrxpBWXZM11/Q8AAAAAAL4Efjswx34+m2O3l/1ZPycpbK9Yf/vPioJl66h959vWQTVqqR6kMZ+e7LFTP2edTifqjR8KkuJnjnveOp9MjplOgtmfd/CT/Vlz/VvBiQQKS4MdTEjAikbeyKfP9JEuJ5tcTueZv3eYU9ySjLJa9xpuyfEbt8uqVk/nOu6dzi8e3v+lFPQ/6bB/v7tXeu+D7r04l6No1dFB1OmHQ+nkxh+M41yexPMtxPdcjNvjU6pnQ/6u1Vy14nHtbP+XVD3IDQ407QQcj/lrXVH8qY0rq0ns6mF/xv1o/4vR/pdL8Skb2vtg2TrOonxyz8ediAlZFOMsriYxV9euqvLPZLl/FnJW8TtLUqU0eg6GsqgMZjH7WFj/HTkWA1nED1nLwLFYj7L4e9TRhCzW58ti5IwAwKuyrwuK34UuKJ7EvF+FimndzcpD9qb2XHVndnV/Z7i6P/lDrxdvsCTl079NTB2lqOgdfc2K61Ah2aX8uTHv6HZaV4qa8I5uf47qFo311+PvQErTHsni016vd7scj/v7E1X1T0PDjYwbNipL0SG88eTgZ/EE+JH3997fe1iprG/Yb9v2zYqW491IH5ZE7QEAjJj9HTszI6y3dTmJuHzv328lS0MV7xv9jxSU9J4+UFf3dD37CoFL43tdHfgYwvXkqlUDV63mzJu34++lG44t6/rEq7q4lg7EVvqxy8o2Ga7Ux7HrL/gsAADwcl2ZUYfH1//iUP2/rrUkYu3c2Ovu4VqeXh33L+knxZZnJ//Ooo8GAACvBzf4xFrt/MYKAq/9bnlzs1ztbLsm8J0fmcCrbbnGa3XcwNmutrZc0w78ju/4DdMOtOLV3NCEO+22H3RM3Q9M2w+9O/E3v5v0q99Dt1ltdTwnbDfcaugax291qk7H1LzQMe2dHzS8cNsN4o3Dtut4dc+pdjy/ZUJ/J3DckjGh6w4EejW31fHqXrTYMu3Aa1aDXfNjv7HTdE3NDZ3Aa3f8pMNsLK9V94Nm3G0p3xv3eQEAAF47j58ePrjb7e49OrlwKro0T9YcaULM6EJBj59GV+XRmnzaxBxBAAB8wRwX8Dk2Kr7AhAAAAAAAAAAAAAAAAAAAAAAAwIjZt/TNubA87mZBqb/m56fTNfqVjm8xHOnH0qITm2chN+9W2S0Rhw8+nhRT0N1T/TXZ4R+MOXppO/ivr0lvxGuUrMkvfqxTU07ui1j43n5yRCfGRI1jm1b65yL/HP8cCpoZ8/AvE5p6vV5v+hArw8ewMLSDuWmD5iU9Ksx9CgojL1EAX1WfBQAA//843TOC")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101000, 0x38)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX], 0x0, 0x1000000}, 0x94)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14)

145.580128ms ago: executing program 2 (id=2276):
syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x8b7c, 0x80, 0x200007, 0x22}, 0x0, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$unix(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="2f03", 0x2}], 0x1, 0x0, 0x0, 0x800}, 0x20004011)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg$unix(r2, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r4}, 0x10)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
close_range(r0, 0xffffffffffffffff, 0x0)

128.873568ms ago: executing program 1 (id=2277):
statx(0xffffffffffffffff, 0x0, 0x6000, 0x4, 0x0) (fail_nth: 1)

113.511638ms ago: executing program 4 (id=2278):
syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x8b7c, 0x80, 0x200007, 0x22}, &(0x7f0000000940), &(0x7f0000000280))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3ed7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$unix(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="2f03", 0x2}], 0x1, 0x0, 0x0, 0x800}, 0x20004011)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg$unix(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r3}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

112.978768ms ago: executing program 1 (id=2279):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), 0x0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91)
pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0xffff, 0x100000001, 0x4, 0xa})

83.817538ms ago: executing program 1 (id=2280):
creat(&(0x7f00000005c0)='./file0\x00', 0xb)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000040)=0x4000016, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r3, 0x2004, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x46, &(0x7f0000000040)=0x78, 0x4)
r6 = add_key$user(&(0x7f0000000300), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r6, 0xffffffffffffffff, 0x0, 0x1)
fsetxattr$security_selinux(r4, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)

62.721279ms ago: executing program 1 (id=2281):
openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='page_pool_state_release\x00', r0, 0x0, 0x4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91)
pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0xffff, 0x100000001, 0x4, 0xa})

547.67µs ago: executing program 0 (id=2282):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
readv(r2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f00000001c0)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x0, 0x3, 0xffeffc03}, 0x0, &(0x7f0000000240))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)

0s ago: executing program 1 (id=2283):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x48}}, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x6, [@enum64={0x1, 0x5, 0x0, 0x13, 0x1, 0x18, [{0x4, 0x8, 0x101}, {0x10, 0x4, 0xb}, {0x6, 0x2, 0x200}, {0x2, 0x7, 0x81}, {0xb, 0x1, 0x1}]}]}, {0x0, [0x30, 0x2e, 0x61, 0x30]}}, &(0x7f0000000300)=""/211, 0x66, 0xd3, 0x0, 0x16e6, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000540)=ANY=[@ANYRES64=0x0, @ANYBLOB="394218456fbde1f697f19e121761fca7f643b912ca831644d70f1b55af73a6737e3730287031d1be92c635e8b195cbea4e0beaa2fb78e730de388569a2d1636d349b08b611ec1f62bd926c32e106ff12ae2e4083af6d6231feefd326609944ff56a3774eba43440c91b4c7b29ef1e104adcc4fc04e74486a599dce44771d547a5b2fb74ae7ec9d0f6293e14e5098405d99827defd795be5868e2bc7d5d83bf69b56b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x178}, 0x18)
r5 = socket(0x10, 0x3, 0x0)
sendto$inet6(r5, &(0x7f0000000100)="c10e000018001f06b9409b0dffff110d0207be040205060506100a044300040018000000fac8388827a685a168d9a44604094565360c648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902fc3a10004a320c0400160012000a00000000000000000000080756ede4ccbe5880", 0xec1, 0x0, 0x0, 0x9e5e111c47e3504f)

kernel console output (not intermixed with test programs):

3]  ? __pfx_ppp_ioctl+0x10/0x10
[  169.598952][ T8903]  __se_sys_ioctl+0xcb/0x140
[  169.598981][ T8903]  __x64_sys_ioctl+0x43/0x50
[  169.599008][ T8903]  x64_sys_call+0x19a8/0x2fb0
[  169.599050][ T8903]  do_syscall_64+0xd2/0x200
[  169.599068][ T8903]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  169.599093][ T8903]  ? clear_bhb_loop+0x40/0x90
[  169.599115][ T8903]  ? clear_bhb_loop+0x40/0x90
[  169.599213][ T8903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.599239][ T8903] RIP: 0033:0x7f082fd3e9a9
[  169.599259][ T8903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.599282][ T8903] RSP: 002b:00007f082e39f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  169.599338][ T8903] RAX: ffffffffffffffda RBX: 00007f082ff65fa0 RCX: 00007f082fd3e9a9
[  169.599349][ T8903] RDX: 0000200000000180 RSI: 0000000040107447 RDI: 0000000000000003
[  169.599382][ T8903] RBP: 00007f082e39f090 R08: 0000000000000000 R09: 0000000000000000
[  169.599397][ T8903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.599413][ T8903] R13: 0000000000000000 R14: 00007f082ff65fa0 R15: 00007fffd72d88c8
[  169.599438][ T8903]  </TASK>
[  169.991410][ T8912] validate_nla: 1 callbacks suppressed
[  169.991429][ T8912] netlink: 'syz.1.1865': attribute type 4 has an invalid length.
[  170.049951][ T8924] FAULT_INJECTION: forcing a failure.
[  170.049951][ T8924] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.063236][ T8924] CPU: 1 UID: 0 PID: 8924 Comm: syz.3.1870 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  170.063387][ T8924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.063401][ T8924] Call Trace:
[  170.063410][ T8924]  <TASK>
[  170.063420][ T8924]  __dump_stack+0x1d/0x30
[  170.063464][ T8924]  dump_stack_lvl+0xe8/0x140
[  170.063528][ T8924]  dump_stack+0x15/0x1b
[  170.063544][ T8924]  should_fail_ex+0x265/0x280
[  170.063581][ T8924]  should_fail+0xb/0x20
[  170.063644][ T8924]  should_fail_usercopy+0x1a/0x20
[  170.063698][ T8924]  _copy_from_user+0x1c/0xb0
[  170.063745][ T8924]  restore_altstack+0x4b/0x2d0
[  170.063768][ T8924]  ? __set_task_blocked+0x23a/0x2a0
[  170.063793][ T8924]  __ia32_sys_rt_sigreturn+0xdc/0x350
[  170.063819][ T8924]  ? _raw_spin_unlock_irq+0x26/0x50
[  170.063882][ T8924]  ? signal_setup_done+0x266/0x290
[  170.063918][ T8924]  ? xfd_validate_state+0x45/0xf0
[  170.063971][ T8924]  ? fpu__clear_user_states+0x63/0x1e0
[  170.063999][ T8924]  ? fpregs_mark_activate+0x66/0x140
[  170.064068][ T8924]  ? fpu__clear_user_states+0x63/0x1e0
[  170.064125][ T8924]  ? arch_do_signal_or_restart+0x2f3/0x480
[  170.064148][ T8924]  ? native_tss_update_io_bitmap+0x1d2/0x2c0
[  170.064181][ T8924]  x64_sys_call+0x2e8a/0x2fb0
[  170.064206][ T8924]  do_syscall_64+0xd2/0x200
[  170.064254][ T8924]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  170.064286][ T8924]  ? clear_bhb_loop+0x40/0x90
[  170.064313][ T8924]  ? clear_bhb_loop+0x40/0x90
[  170.064342][ T8924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.064367][ T8924] RIP: 0033:0x7fc2e6f7ab89
[  170.064420][ T8924] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  170.064511][ T8924] RSP: 002b:00007fc2e563ea80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  170.064527][ T8924] RAX: ffffffffffffffda RBX: 00007fc2e7205fa0 RCX: 00007fc2e6f7ab89
[  170.064603][ T8924] RDX: 00007fc2e563ea80 RSI: 00007fc2e563ebb0 RDI: 0000000000000021
[  170.064614][ T8924] RBP: 00007fc2e563f090 R08: 0000000000000000 R09: 0000000000000000
[  170.064625][ T8924] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  170.064635][ T8924] R13: 0000000000000000 R14: 00007fc2e7205fa0 R15: 00007ffff400e698
[  170.064708][ T8924]  </TASK>
[  170.343678][ T8934] netlink: 'syz.1.1874': attribute type 1 has an invalid length.
[  170.352176][ T8934] __nla_validate_parse: 3 callbacks suppressed
[  170.352195][ T8934] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1874'.
[  170.374458][ T8932] FAULT_INJECTION: forcing a failure.
[  170.374458][ T8932] name failslab, interval 1, probability 0, space 0, times 0
[  170.387747][ T8932] CPU: 0 UID: 0 PID: 8932 Comm: syz.3.1873 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  170.387805][ T8932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.387821][ T8932] Call Trace:
[  170.387828][ T8932]  <TASK>
[  170.387837][ T8932]  __dump_stack+0x1d/0x30
[  170.387866][ T8932]  dump_stack_lvl+0xe8/0x140
[  170.387891][ T8932]  dump_stack+0x15/0x1b
[  170.387944][ T8932]  should_fail_ex+0x265/0x280
[  170.387983][ T8932]  should_failslab+0x8c/0xb0
[  170.388118][ T8932]  __kmalloc_noprof+0xa5/0x3e0
[  170.388207][ T8932]  ? genl_family_rcv_msg_attrs_parse+0x75/0x190
[  170.388302][ T8932]  genl_family_rcv_msg_attrs_parse+0x75/0x190
[  170.388345][ T8932]  genl_start+0xe0/0x390
[  170.388383][ T8932]  __netlink_dump_start+0x334/0x520
[  170.388530][ T8932]  genl_family_rcv_msg_dumpit+0x115/0x180
[  170.388562][ T8932]  ? __pfx_genl_start+0x10/0x10
[  170.388592][ T8932]  ? __pfx_genl_dumpit+0x10/0x10
[  170.388683][ T8932]  ? __pfx_genl_done+0x10/0x10
[  170.388720][ T8932]  genl_rcv_msg+0x3f0/0x460
[  170.388779][ T8932]  ? __pfx_ethnl_default_start+0x10/0x10
[  170.388804][ T8932]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  170.388829][ T8932]  ? __pfx_ethnl_default_done+0x10/0x10
[  170.388858][ T8932]  netlink_rcv_skb+0x120/0x220
[  170.389028][ T8932]  ? __pfx_genl_rcv_msg+0x10/0x10
[  170.389073][ T8932]  genl_rcv+0x28/0x40
[  170.389133][ T8932]  netlink_unicast+0x5a5/0x680
[  170.389167][ T8932]  netlink_sendmsg+0x58b/0x6b0
[  170.389195][ T8932]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.389256][ T8932]  __sock_sendmsg+0x142/0x180
[  170.389305][ T8932]  ____sys_sendmsg+0x31e/0x4e0
[  170.389357][ T8932]  ___sys_sendmsg+0x17b/0x1d0
[  170.389416][ T8932]  __x64_sys_sendmsg+0xd4/0x160
[  170.389503][ T8932]  x64_sys_call+0x2999/0x2fb0
[  170.389524][ T8932]  do_syscall_64+0xd2/0x200
[  170.389542][ T8932]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  170.389629][ T8932]  ? clear_bhb_loop+0x40/0x90
[  170.389656][ T8932]  ? clear_bhb_loop+0x40/0x90
[  170.389683][ T8932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.389705][ T8932] RIP: 0033:0x7fc2e6fde9a9
[  170.389720][ T8932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.389816][ T8932] RSP: 002b:00007fc2e563f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.389881][ T8932] RAX: ffffffffffffffda RBX: 00007fc2e7205fa0 RCX: 00007fc2e6fde9a9
[  170.389898][ T8932] RDX: 0000000000000800 RSI: 0000200000000700 RDI: 0000000000000005
[  170.389914][ T8932] RBP: 00007fc2e563f090 R08: 0000000000000000 R09: 0000000000000000
[  170.389928][ T8932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.389942][ T8932] R13: 0000000000000000 R14: 00007fc2e7205fa0 R15: 00007ffff400e698
[  170.389966][ T8932]  </TASK>
[  170.393495][ T8940] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1876'.
[  170.687520][ T8948] loop3: detected capacity change from 0 to 128
[  170.747317][ T8953] FAULT_INJECTION: forcing a failure.
[  170.747317][ T8953] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  170.760787][ T8953] CPU: 1 UID: 0 PID: 8953 Comm: syz.1.1881 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  170.760891][ T8953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.760904][ T8953] Call Trace:
[  170.760910][ T8953]  <TASK>
[  170.760917][ T8953]  __dump_stack+0x1d/0x30
[  170.760940][ T8953]  dump_stack_lvl+0xe8/0x140
[  170.760963][ T8953]  dump_stack+0x15/0x1b
[  170.760983][ T8953]  should_fail_ex+0x265/0x280
[  170.761150][ T8953]  should_fail_alloc_page+0xf2/0x100
[  170.761182][ T8953]  __alloc_frozen_pages_noprof+0xff/0x360
[  170.761217][ T8953]  alloc_pages_mpol+0xb3/0x250
[  170.761246][ T8953]  alloc_pages_noprof+0x90/0x130
[  170.761326][ T8953]  __pmd_alloc+0x47/0x470
[  170.761351][ T8953]  handle_mm_fault+0x19d1/0x2be0
[  170.761448][ T8953]  ? check_vma_flags+0x26e/0x340
[  170.761475][ T8953]  __get_user_pages+0x1036/0x1fb0
[  170.761504][ T8953]  get_user_pages_remote+0x1dc/0x7a0
[  170.761528][ T8953]  get_arg_page+0x8e/0x1e0
[  170.761582][ T8953]  copy_string_kernel+0x134/0x340
[  170.761618][ T8953]  do_execveat_common+0x5ad/0x750
[  170.761657][ T8953]  ? getname_flags+0x154/0x3b0
[  170.761693][ T8953]  __x64_sys_execveat+0x73/0x90
[  170.761774][ T8953]  x64_sys_call+0x2dae/0x2fb0
[  170.761802][ T8953]  do_syscall_64+0xd2/0x200
[  170.761826][ T8953]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  170.761854][ T8953]  ? clear_bhb_loop+0x40/0x90
[  170.761875][ T8953]  ? clear_bhb_loop+0x40/0x90
[  170.761962][ T8953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.761983][ T8953] RIP: 0033:0x7f082fd3e9a9
[  170.762002][ T8953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.762025][ T8953] RSP: 002b:00007f082e39f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  170.762050][ T8953] RAX: ffffffffffffffda RBX: 00007f082ff65fa0 RCX: 00007f082fd3e9a9
[  170.762133][ T8953] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  170.762149][ T8953] RBP: 00007f082e39f090 R08: 0000000000000000 R09: 0000000000000000
[  170.762169][ T8953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  170.762180][ T8953] R13: 0000000000000000 R14: 00007f082ff65fa0 R15: 00007fffd72d88c8
[  170.762200][ T8953]  </TASK>
[  171.129062][ T8970] loop2: detected capacity change from 0 to 164
[  171.137149][ T8970] Unable to read rock-ridge attributes
[  171.143235][ T8970] Unable to read rock-ridge attributes
[  171.270664][ T8977] netlink: 'syz.0.1888': attribute type 1 has an invalid length.
[  171.278613][ T8977] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1888'.
[  171.418645][ T9000] FAULT_INJECTION: forcing a failure.
[  171.418645][ T9000] name failslab, interval 1, probability 0, space 0, times 0
[  171.431585][ T9000] CPU: 1 UID: 0 PID: 9000 Comm: syz.0.1897 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  171.431620][ T9000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.431636][ T9000] Call Trace:
[  171.431642][ T9000]  <TASK>
[  171.431650][ T9000]  __dump_stack+0x1d/0x30
[  171.431676][ T9000]  dump_stack_lvl+0xe8/0x140
[  171.431699][ T9000]  dump_stack+0x15/0x1b
[  171.431797][ T9000]  should_fail_ex+0x265/0x280
[  171.431868][ T9000]  should_failslab+0x8c/0xb0
[  171.431905][ T9000]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  171.431940][ T9000]  ? v9fs_session_init+0x4b/0xde0
[  171.431973][ T9000]  kstrdup+0x3e/0xd0
[  171.432046][ T9000]  v9fs_session_init+0x4b/0xde0
[  171.432076][ T9000]  ? obj_cgroup_charge_account+0x122/0x1a0
[  171.432113][ T9000]  ? __rcu_read_unlock+0x4f/0x70
[  171.432139][ T9000]  ? should_fail_ex+0xdb/0x280
[  171.432250][ T9000]  ? v9fs_mount+0x51/0x590
[  171.432279][ T9000]  ? should_failslab+0x8c/0xb0
[  171.432312][ T9000]  ? __kmalloc_cache_noprof+0x189/0x320
[  171.432342][ T9000]  v9fs_mount+0x67/0x590
[  171.432420][ T9000]  ? __pfx_v9fs_mount+0x10/0x10
[  171.432506][ T9000]  legacy_get_tree+0x75/0xd0
[  171.432556][ T9000]  vfs_get_tree+0x54/0x1d0
[  171.432596][ T9000]  do_new_mount+0x207/0x680
[  171.432638][ T9000]  path_mount+0x4a4/0xb20
[  171.432800][ T9000]  ? user_path_at+0x109/0x130
[  171.432832][ T9000]  __se_sys_mount+0x28f/0x2e0
[  171.432866][ T9000]  ? fput+0x8f/0xc0
[  171.432897][ T9000]  __x64_sys_mount+0x67/0x80
[  171.432952][ T9000]  x64_sys_call+0xd36/0x2fb0
[  171.432977][ T9000]  do_syscall_64+0xd2/0x200
[  171.432999][ T9000]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  171.433061][ T9000]  ? clear_bhb_loop+0x40/0x90
[  171.433087][ T9000]  ? clear_bhb_loop+0x40/0x90
[  171.433113][ T9000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.433139][ T9000] RIP: 0033:0x7fb9d1f1e9a9
[  171.433200][ T9000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.433217][ T9000] RSP: 002b:00007fb9d0587038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  171.433235][ T9000] RAX: ffffffffffffffda RBX: 00007fb9d2145fa0 RCX: 00007fb9d1f1e9a9
[  171.433306][ T9000] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 0000000000000000
[  171.433321][ T9000] RBP: 00007fb9d0587090 R08: 0000200000000880 R09: 0000000000000000
[  171.433333][ T9000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  171.433345][ T9000] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  171.433363][ T9000]  </TASK>
[  171.747628][ T9005] netlink: 'syz.0.1900': attribute type 1 has an invalid length.
[  171.755499][ T9005] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1900'.
[  171.774380][ T9010] netlink: 'syz.4.1901': attribute type 21 has an invalid length.
[  171.788181][ T9010] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1901'.
[  171.797330][ T9010] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1901'.
[  171.841026][ T9014] random: crng reseeded on system resumption
[  171.859962][ T9014] lo speed is unknown, defaulting to 1000
[  171.970540][ T9024] FAULT_INJECTION: forcing a failure.
[  171.970540][ T9024] name failslab, interval 1, probability 0, space 0, times 0
[  171.983239][ T9024] CPU: 0 UID: 0 PID: 9024 Comm: syz.4.1906 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  171.983324][ T9024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.983340][ T9024] Call Trace:
[  171.983347][ T9024]  <TASK>
[  171.983355][ T9024]  __dump_stack+0x1d/0x30
[  171.983398][ T9024]  dump_stack_lvl+0xe8/0x140
[  171.983422][ T9024]  dump_stack+0x15/0x1b
[  171.983442][ T9024]  should_fail_ex+0x265/0x280
[  171.983481][ T9024]  should_failslab+0x8c/0xb0
[  171.983509][ T9024]  kmem_cache_alloc_noprof+0x50/0x310
[  171.983607][ T9024]  ? __inet_hash_connect+0x7a2/0x1350
[  171.983728][ T9024]  ? inet_sk_get_local_port_range+0x89/0x100
[  171.983759][ T9024]  __inet_hash_connect+0x7a2/0x1350
[  171.983795][ T9024]  ? __pfx___inet_check_established+0x10/0x10
[  171.983822][ T9024]  inet_hash_connect+0xd1/0xf0
[  171.983873][ T9024]  tcp_v4_connect+0x776/0xac0
[  171.983910][ T9024]  __inet_stream_connect+0x169/0x7e0
[  171.983954][ T9024]  ? _raw_spin_unlock_bh+0x36/0x40
[  171.983989][ T9024]  ? lock_sock_nested+0x112/0x140
[  171.984021][ T9024]  inet_stream_connect+0x44/0x70
[  171.984082][ T9024]  kernel_connect+0x9c/0xf0
[  171.984115][ T9024]  smc_connect+0x4f3/0x670
[  171.984141][ T9024]  ? __pfx_smc_connect+0x10/0x10
[  171.984228][ T9024]  __sys_connect+0x1ef/0x2b0
[  171.984280][ T9024]  __x64_sys_connect+0x3f/0x50
[  171.984377][ T9024]  x64_sys_call+0x1daa/0x2fb0
[  171.984399][ T9024]  do_syscall_64+0xd2/0x200
[  171.984416][ T9024]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  171.984525][ T9024]  ? clear_bhb_loop+0x40/0x90
[  171.984582][ T9024]  ? clear_bhb_loop+0x40/0x90
[  171.984611][ T9024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.984638][ T9024] RIP: 0033:0x7f983fc3e9a9
[  171.984656][ T9024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.984679][ T9024] RSP: 002b:00007f983e29f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  171.984703][ T9024] RAX: ffffffffffffffda RBX: 00007f983fe65fa0 RCX: 00007f983fc3e9a9
[  171.984793][ T9024] RDX: 0000000000000010 RSI: 0000200000000280 RDI: 0000000000000003
[  171.984809][ T9024] RBP: 00007f983e29f090 R08: 0000000000000000 R09: 0000000000000000
[  171.984821][ T9024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.984835][ T9024] R13: 0000000000000000 R14: 00007f983fe65fa0 R15: 00007fff6f0688d8
[  171.984859][ T9024]  </TASK>
[  172.273458][ T9037] loop4: detected capacity change from 0 to 128
[  172.398731][ T1400] bio_check_eod: 95 callbacks suppressed
[  172.398744][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.398744][ T1400] loop4: rw=1, sector=145, nr_sectors = 8 limit=128
[  172.418198][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.418198][ T1400] loop4: rw=1, sector=161, nr_sectors = 8 limit=128
[  172.432112][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.432112][ T1400] loop4: rw=1, sector=177, nr_sectors = 8 limit=128
[  172.445835][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.445835][ T1400] loop4: rw=1, sector=193, nr_sectors = 8 limit=128
[  172.459654][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.459654][ T1400] loop4: rw=1, sector=209, nr_sectors = 8 limit=128
[  172.474047][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.474047][ T1400] loop4: rw=1, sector=225, nr_sectors = 8 limit=128
[  172.487538][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.487538][ T1400] loop4: rw=1, sector=241, nr_sectors = 8 limit=128
[  172.502774][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.502774][ T1400] loop4: rw=1, sector=257, nr_sectors = 8 limit=128
[  172.516756][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.516756][ T1400] loop4: rw=1, sector=273, nr_sectors = 8 limit=128
[  172.530698][ T1400] kworker/u8:6: attempt to access beyond end of device
[  172.530698][ T1400] loop4: rw=1, sector=289, nr_sectors = 8 limit=128
[  172.558935][ T9048] FAULT_INJECTION: forcing a failure.
[  172.558935][ T9048] name failslab, interval 1, probability 0, space 0, times 0
[  172.571663][ T9048] CPU: 1 UID: 0 PID: 9048 Comm: syz.4.1914 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  172.571699][ T9048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.571715][ T9048] Call Trace:
[  172.571723][ T9048]  <TASK>
[  172.571733][ T9048]  __dump_stack+0x1d/0x30
[  172.571790][ T9048]  dump_stack_lvl+0xe8/0x140
[  172.571809][ T9048]  dump_stack+0x15/0x1b
[  172.571831][ T9048]  should_fail_ex+0x265/0x280
[  172.571884][ T9048]  ? tipc_group_create+0x66/0x290
[  172.571919][ T9048]  should_failslab+0x8c/0xb0
[  172.571946][ T9048]  __kmalloc_cache_noprof+0x4c/0x320
[  172.571983][ T9048]  tipc_group_create+0x66/0x290
[  172.572031][ T9048]  tipc_sk_join+0x130/0x2e0
[  172.572056][ T9048]  tipc_setsockopt+0x598/0x620
[  172.572112][ T9048]  ? __pfx_tipc_setsockopt+0x10/0x10
[  172.572141][ T9048]  __sys_setsockopt+0x184/0x200
[  172.572218][ T9048]  __x64_sys_setsockopt+0x64/0x80
[  172.572306][ T9048]  x64_sys_call+0x2bd5/0x2fb0
[  172.572334][ T9048]  do_syscall_64+0xd2/0x200
[  172.572357][ T9048]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  172.572389][ T9048]  ? clear_bhb_loop+0x40/0x90
[  172.572416][ T9048]  ? clear_bhb_loop+0x40/0x90
[  172.572446][ T9048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.572475][ T9048] RIP: 0033:0x7f983fc3e9a9
[  172.572493][ T9048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.572597][ T9048] RSP: 002b:00007f983e29f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  172.572616][ T9048] RAX: ffffffffffffffda RBX: 00007f983fe65fa0 RCX: 00007f983fc3e9a9
[  172.572628][ T9048] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000005
[  172.572670][ T9048] RBP: 00007f983e29f090 R08: 0000000000000010 R09: 0000000000000000
[  172.572687][ T9048] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  172.572702][ T9048] R13: 0000000000000000 R14: 00007f983fe65fa0 R15: 00007fff6f0688d8
[  172.572728][ T9048]  </TASK>
[  172.800965][ T9052] netlink: 'syz.4.1916': attribute type 1 has an invalid length.
[  172.808822][ T9052] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1916'.
[  172.949303][ T9065] loop4: detected capacity change from 0 to 164
[  172.957269][ T9065] Unable to read rock-ridge attributes
[  172.963935][ T9065] Unable to read rock-ridge attributes
[  173.259422][ T9093] netlink: 'syz.2.1931': attribute type 1 has an invalid length.
[  173.267506][ T9093] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1931'.
[  173.333322][ T9096] loop2: detected capacity change from 0 to 1024
[  173.340378][ T9100] hub 6-0:1.0: USB hub found
[  173.345074][ T9100] hub 6-0:1.0: 8 ports detected
[  173.352071][ T9096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  173.365501][ T9096] ext4 filesystem being mounted at /349/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.366434][   T29] kauditd_printk_skb: 159 callbacks suppressed
[  173.366451][   T29] audit: type=1326 audit(1753043417.606:6682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.405606][   T29] audit: type=1326 audit(1753043417.606:6683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.435238][   T29] audit: type=1326 audit(1753043417.646:6684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f983fc35967 code=0x7ffc0000
[  173.459393][   T29] audit: type=1326 audit(1753043417.646:6685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f983fbdab89 code=0x7ffc0000
[  173.482942][   T29] audit: type=1326 audit(1753043417.646:6686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.506463][   T29] audit: type=1326 audit(1753043417.646:6687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.530679][   T29] audit: type=1326 audit(1753043417.646:6688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.553946][ T9108] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.1933: lblock 3 mapped to illegal pblock 3 (length 3)
[  173.554491][   T29] audit: type=1326 audit(1753043417.646:6689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.570461][ T9108] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  173.592674][   T29] audit: type=1326 audit(1753043417.646:6690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.605234][ T9108] EXT4-fs (loop2): This should not happen!! Data will be lost
[  173.605234][ T9108] 
[  173.643635][   T29] audit: type=1326 audit(1753043417.646:6691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.4.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  173.673747][ T3963] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:19: lblock 8 mapped to illegal pblock 8 (length 8)
[  173.678929][ T9102] IPv6: sit1: Disabled Multicast RS
[  173.690107][ T3963] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  173.706836][ T3963] EXT4-fs (loop2): This should not happen!! Data will be lost
[  173.706836][ T3963] 
[  173.718702][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  173.857251][ T9122] FAULT_INJECTION: forcing a failure.
[  173.857251][ T9122] name failslab, interval 1, probability 0, space 0, times 0
[  173.870195][ T9122] CPU: 1 UID: 0 PID: 9122 Comm: syz.0.1942 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  173.870231][ T9122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.870243][ T9122] Call Trace:
[  173.870250][ T9122]  <TASK>
[  173.870257][ T9122]  __dump_stack+0x1d/0x30
[  173.870277][ T9122]  dump_stack_lvl+0xe8/0x140
[  173.870345][ T9122]  dump_stack+0x15/0x1b
[  173.870377][ T9122]  should_fail_ex+0x265/0x280
[  173.870415][ T9122]  should_failslab+0x8c/0xb0
[  173.870437][ T9122]  __kvmalloc_node_noprof+0x123/0x4e0
[  173.870464][ T9122]  ? __se_sys_add_key+0x1e9/0x350
[  173.870572][ T9122]  __se_sys_add_key+0x1e9/0x350
[  173.870605][ T9122]  __x64_sys_add_key+0x67/0x80
[  173.870639][ T9122]  x64_sys_call+0x1d0d/0x2fb0
[  173.870666][ T9122]  do_syscall_64+0xd2/0x200
[  173.870687][ T9122]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  173.870787][ T9122]  ? clear_bhb_loop+0x40/0x90
[  173.870813][ T9122]  ? clear_bhb_loop+0x40/0x90
[  173.870839][ T9122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.870931][ T9122] RIP: 0033:0x7fb9d1f1e9a9
[  173.870946][ T9122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.870961][ T9122] RSP: 002b:00007fb9d0587038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  173.870978][ T9122] RAX: ffffffffffffffda RBX: 00007fb9d2145fa0 RCX: 00007fb9d1f1e9a9
[  173.870989][ T9122] RDX: 00002000000000c0 RSI: 0000000000000000 RDI: 0000200000000040
[  173.871064][ T9122] RBP: 00007fb9d0587090 R08: fffffffffffffffd R09: 0000000000000000
[  173.871082][ T9122] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[  173.871092][ T9122] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  173.871109][ T9122]  </TASK>
[  174.069790][ T9127] netlink: 'syz.0.1944': attribute type 1 has an invalid length.
[  174.078210][ T9127] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1944'.
[  174.130791][ T9133] loop4: detected capacity change from 0 to 1024
[  174.142232][ T9135] tipc: Started in network mode
[  174.147347][ T9135] tipc: Node identity ac14140f, cluster identity 4711
[  174.165953][ T9133] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  174.177740][ T9135] tipc: New replicast peer: 255.255.255.255
[  174.179431][ T9133] ext4 filesystem being mounted at /391/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.184195][ T9135] tipc: Enabled bearer <udp:syz2>, priority 10
[  174.205618][ T9143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1947'.
[  174.214797][ T9143] tipc: Disabling bearer <udp:syz2>
[  174.215049][ T9141] loop3: detected capacity change from 0 to 1024
[  174.222617][ T9133] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.1948: lblock 3 mapped to illegal pblock 3 (length 3)
[  174.227185][ T9141] EXT4-fs: Ignoring removed nobh option
[  174.243641][ T9133] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  174.246639][ T9141] EXT4-fs: inline encryption not supported
[  174.259701][ T9133] EXT4-fs (loop4): This should not happen!! Data will be lost
[  174.259701][ T9133] 
[  174.283917][ T1400] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 8)
[  174.306430][ T9141] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.327555][ T1400] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  174.340285][ T1400] EXT4-fs (loop4): This should not happen!! Data will be lost
[  174.340285][ T1400] 
[  174.360327][ T9141] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.1949: Allocating blocks 385-513 which overlap fs metadata
[  174.450671][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  174.476306][ T9141] EXT4-fs (loop3): pa ffff888106a605b0: logic 16, phys. 129, len 24
[  174.484472][ T9141] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  174.498221][ T9141] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  174.510564][ T9141] EXT4-fs (loop3): This should not happen!! Data will be lost
[  174.510564][ T9141] 
[  174.520433][ T9141] EXT4-fs (loop3): Total free blocks count 0
[  174.526474][ T9141] EXT4-fs (loop3): Free/Dirty block details
[  174.532881][ T9141] EXT4-fs (loop3): free_blocks=128
[  174.538113][ T9141] EXT4-fs (loop3): dirty_blocks=0
[  174.543174][ T9141] EXT4-fs (loop3): Block reservation details
[  174.549711][ T9141] EXT4-fs (loop3): i_reserved_data_blocks=0
[  174.604085][ T9161] netlink: 'syz.1.1955': attribute type 2 has an invalid length.
[  174.612008][ T9161] netlink: 'syz.1.1955': attribute type 1 has an invalid length.
[  174.987943][ T9177] $Hÿ: renamed from bond0
[  174.995144][ T9177] $Hÿ: entered promiscuous mode
[  175.000514][ T9177] bond_slave_0: entered promiscuous mode
[  175.006283][ T9177] bond_slave_1: entered promiscuous mode
[  175.228231][ T9187] validate_nla: 1 callbacks suppressed
[  175.228249][ T9187] netlink: 'syz.0.1964': attribute type 4 has an invalid length.
[  175.265837][ T9191] netlink: 'syz.4.1966': attribute type 1 has an invalid length.
[  175.423977][ T9205] __nla_validate_parse: 9 callbacks suppressed
[  175.423992][ T9205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1971'.
[  175.439276][ T9205] IPVS: Error joining to the multicast group
[  175.451055][ T9202] netlink: 'syz.0.1967': attribute type 13 has an invalid length.
[  175.508423][ T9202] bond0: left allmulticast mode
[  175.513595][ T9202] ip6gretap1: left allmulticast mode
[  175.519157][ T9202] bond0: left promiscuous mode
[  175.524009][ T9202] ip6gretap1: left promiscuous mode
[  175.530827][ T9205] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1971'.
[  175.825803][ T9220] FAULT_INJECTION: forcing a failure.
[  175.825803][ T9220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.839236][ T9220] CPU: 0 UID: 0 PID: 9220 Comm: syz.4.1978 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  175.839266][ T9220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.839282][ T9220] Call Trace:
[  175.839291][ T9220]  <TASK>
[  175.839301][ T9220]  __dump_stack+0x1d/0x30
[  175.839384][ T9220]  dump_stack_lvl+0xe8/0x140
[  175.839402][ T9220]  dump_stack+0x15/0x1b
[  175.839421][ T9220]  should_fail_ex+0x265/0x280
[  175.839458][ T9220]  should_fail+0xb/0x20
[  175.839554][ T9220]  should_fail_usercopy+0x1a/0x20
[  175.839592][ T9220]  _copy_from_user+0x1c/0xb0
[  175.839617][ T9220]  vmemdup_user+0x59/0xd0
[  175.839690][ T9220]  map_lookup_and_delete_elem+0x26b/0x5c0
[  175.839724][ T9220]  ? security_bpf+0x2b/0x90
[  175.839747][ T9220]  __sys_bpf+0x402/0x790
[  175.839793][ T9220]  __x64_sys_bpf+0x41/0x50
[  175.839834][ T9220]  x64_sys_call+0x2478/0x2fb0
[  175.839855][ T9220]  do_syscall_64+0xd2/0x200
[  175.839942][ T9220]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  175.839975][ T9220]  ? clear_bhb_loop+0x40/0x90
[  175.840018][ T9220]  ? clear_bhb_loop+0x40/0x90
[  175.840045][ T9220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.840071][ T9220] RIP: 0033:0x7f983fc3e9a9
[  175.840087][ T9220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.840132][ T9220] RSP: 002b:00007f983e29f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  175.840151][ T9220] RAX: ffffffffffffffda RBX: 00007f983fe65fa0 RCX: 00007f983fc3e9a9
[  175.840244][ T9220] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000015
[  175.840259][ T9220] RBP: 00007f983e29f090 R08: 0000000000000000 R09: 0000000000000000
[  175.840274][ T9220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.840290][ T9220] R13: 0000000000000000 R14: 00007f983fe65fa0 R15: 00007fff6f0688d8
[  175.840317][ T9220]  </TASK>
[  176.102180][ T9222] netlink: 'syz.4.1979': attribute type 4 has an invalid length.
[  176.110205][ T9222] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.1979'.
[  176.262196][ T9236] FAULT_INJECTION: forcing a failure.
[  176.262196][ T9236] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.275495][ T9236] CPU: 1 UID: 0 PID: 9236 Comm: syz.0.1986 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  176.275530][ T9236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  176.275620][ T9236] Call Trace:
[  176.275629][ T9236]  <TASK>
[  176.275638][ T9236]  __dump_stack+0x1d/0x30
[  176.275664][ T9236]  dump_stack_lvl+0xe8/0x140
[  176.275686][ T9236]  dump_stack+0x15/0x1b
[  176.275761][ T9236]  should_fail_ex+0x265/0x280
[  176.275849][ T9236]  should_fail+0xb/0x20
[  176.275878][ T9236]  should_fail_usercopy+0x1a/0x20
[  176.275991][ T9236]  _copy_to_user+0x20/0xa0
[  176.276019][ T9236]  simple_read_from_buffer+0xb5/0x130
[  176.276051][ T9236]  proc_fail_nth_read+0x100/0x140
[  176.276153][ T9236]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.276191][ T9236]  vfs_read+0x19d/0x6f0
[  176.276346][ T9236]  ? __rcu_read_unlock+0x4f/0x70
[  176.276370][ T9236]  ? __fget_files+0x184/0x1c0
[  176.276395][ T9236]  ksys_read+0xda/0x1a0
[  176.276506][ T9236]  __x64_sys_read+0x40/0x50
[  176.276542][ T9236]  x64_sys_call+0x2d77/0x2fb0
[  176.276567][ T9236]  do_syscall_64+0xd2/0x200
[  176.276590][ T9236]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  176.276631][ T9236]  ? clear_bhb_loop+0x40/0x90
[  176.276656][ T9236]  ? clear_bhb_loop+0x40/0x90
[  176.276681][ T9236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.276705][ T9236] RIP: 0033:0x7fb9d1f1d3bc
[  176.276779][ T9236] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  176.276800][ T9236] RSP: 002b:00007fb9d0587030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  176.276822][ T9236] RAX: ffffffffffffffda RBX: 00007fb9d2145fa0 RCX: 00007fb9d1f1d3bc
[  176.276837][ T9236] RDX: 000000000000000f RSI: 00007fb9d05870a0 RDI: 0000000000000004
[  176.276897][ T9236] RBP: 00007fb9d0587090 R08: 0000000000000000 R09: 0000000000000000
[  176.276911][ T9236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.276926][ T9236] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  176.276949][ T9236]  </TASK>
[  176.508280][ T9234] netlink: 'syz.4.1985': attribute type 1 has an invalid length.
[  176.516228][ T9234] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1985'.
[  176.598304][ T9242] loop4: detected capacity change from 0 to 1024
[  176.673470][ T9242] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  176.688278][ T9242] ext4 filesystem being mounted at /402/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.703365][ T9242] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.1989: lblock 3 mapped to illegal pblock 3 (length 3)
[  176.720781][ T9242] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  176.733828][ T9242] EXT4-fs (loop4): This should not happen!! Data will be lost
[  176.733828][ T9242] 
[  176.738985][ T9256] loop3: detected capacity change from 0 to 164
[  176.767460][ T3943] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:13: lblock 8 mapped to illegal pblock 8 (length 8)
[  176.783211][ T3943] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  176.796842][ T3943] EXT4-fs (loop4): This should not happen!! Data will be lost
[  176.796842][ T3943] 
[  176.808737][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  176.910469][ T9257] netlink: 'syz.0.1994': attribute type 13 has an invalid length.
[  176.914488][ T9259] netlink: 'syz.4.1995': attribute type 4 has an invalid length.
[  176.932033][ T9259] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.1995'.
[  177.055166][ T9271] netlink: 'syz.4.2000': attribute type 1 has an invalid length.
[  177.064154][ T9271] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2000'.
[  177.101033][ T9277] FAULT_INJECTION: forcing a failure.
[  177.101033][ T9277] name failslab, interval 1, probability 0, space 0, times 0
[  177.115807][ T9277] CPU: 1 UID: 0 PID: 9277 Comm: syz.4.2003 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  177.115847][ T9277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  177.115888][ T9277] Call Trace:
[  177.115895][ T9277]  <TASK>
[  177.115902][ T9277]  __dump_stack+0x1d/0x30
[  177.115922][ T9277]  dump_stack_lvl+0xe8/0x140
[  177.115943][ T9277]  dump_stack+0x15/0x1b
[  177.116037][ T9277]  should_fail_ex+0x265/0x280
[  177.116075][ T9277]  ? audit_log_d_path+0x8d/0x150
[  177.116114][ T9277]  should_failslab+0x8c/0xb0
[  177.116137][ T9277]  __kmalloc_cache_noprof+0x4c/0x320
[  177.116206][ T9277]  audit_log_d_path+0x8d/0x150
[  177.116273][ T9277]  audit_log_d_path_exe+0x42/0x70
[  177.116401][ T9277]  audit_log_task+0x1e9/0x250
[  177.116467][ T9277]  audit_seccomp+0x61/0x100
[  177.116494][ T9277]  ? __seccomp_filter+0x68c/0x10d0
[  177.116523][ T9277]  __seccomp_filter+0x69d/0x10d0
[  177.116612][ T9277]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  177.116707][ T9277]  ? vfs_write+0x75e/0x8e0
[  177.116842][ T9277]  ? __rcu_read_unlock+0x4f/0x70
[  177.116864][ T9277]  ? __fget_files+0x184/0x1c0
[  177.116885][ T9277]  __secure_computing+0x82/0x150
[  177.116958][ T9277]  syscall_trace_enter+0xcf/0x1e0
[  177.116990][ T9277]  do_syscall_64+0xac/0x200
[  177.117064][ T9277]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  177.117097][ T9277]  ? clear_bhb_loop+0x40/0x90
[  177.117120][ T9277]  ? clear_bhb_loop+0x40/0x90
[  177.117141][ T9277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.117184][ T9277] RIP: 0033:0x7f983fc3e9a9
[  177.117204][ T9277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.117227][ T9277] RSP: 002b:00007f983e29f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012f
[  177.117245][ T9277] RAX: ffffffffffffffda RBX: 00007f983fe65fa0 RCX: 00007f983fc3e9a9
[  177.117256][ T9277] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffffff
[  177.117268][ T9277] RBP: 00007f983e29f090 R08: 0000000000000600 R09: 0000000000000000
[  177.117343][ T9277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.117356][ T9277] R13: 0000000000000000 R14: 00007f983fe65fa0 R15: 00007fff6f0688d8
[  177.117374][ T9277]  </TASK>
[  177.124662][ T9276] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2002'.
[  177.217762][ T9282] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2002'.
[  177.230203][ T9284] loop4: detected capacity change from 0 to 1024
[  177.231451][ T9282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2002'.
[  177.267740][ T9284] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  177.402085][ T9284] ext4 filesystem being mounted at /407/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.421494][ T9284] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2005: lblock 3 mapped to illegal pblock 3 (length 3)
[  177.436001][ T9284] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  177.448987][ T9284] EXT4-fs (loop4): This should not happen!! Data will be lost
[  177.448987][ T9284] 
[  177.473059][ T1400] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 8)
[  177.489302][ T1400] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  177.502017][ T1400] EXT4-fs (loop4): This should not happen!! Data will be lost
[  177.502017][ T1400] 
[  177.514144][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  177.530300][ T9295] loop2: detected capacity change from 0 to 1024
[  177.537615][ T9295] EXT4-fs: Ignoring removed nobh option
[  177.543335][ T9295] EXT4-fs: Ignoring removed bh option
[  177.635979][ T9295] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.764216][ T9311] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  177.774711][ T9311] SELinux: failed to load policy
[  177.784270][ T9311] pimreg: entered allmulticast mode
[  177.966344][ T9329] netlink: 'syz.3.2018': attribute type 4 has an invalid length.
[  177.974409][ T9329] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2018'.
[  178.040448][ T9333] FAULT_INJECTION: forcing a failure.
[  178.040448][ T9333] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  178.053848][ T9333] CPU: 0 UID: 0 PID: 9333 Comm: syz.1.2019 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  178.053878][ T9333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.053890][ T9333] Call Trace:
[  178.053897][ T9333]  <TASK>
[  178.053905][ T9333]  __dump_stack+0x1d/0x30
[  178.053925][ T9333]  dump_stack_lvl+0xe8/0x140
[  178.053993][ T9333]  dump_stack+0x15/0x1b
[  178.054008][ T9333]  should_fail_ex+0x265/0x280
[  178.054123][ T9333]  should_fail_alloc_page+0xf2/0x100
[  178.054165][ T9333]  __alloc_frozen_pages_noprof+0xff/0x360
[  178.054262][ T9333]  alloc_pages_mpol+0xb3/0x250
[  178.054298][ T9333]  alloc_pages_noprof+0x90/0x130
[  178.054332][ T9333]  __pmd_alloc+0x47/0x470
[  178.054394][ T9333]  handle_mm_fault+0x19d1/0x2be0
[  178.054426][ T9333]  ? check_vma_flags+0x26e/0x340
[  178.054454][ T9333]  __get_user_pages+0x1036/0x1fb0
[  178.054513][ T9333]  get_user_pages_remote+0x1dc/0x7a0
[  178.054541][ T9333]  get_arg_page+0x8e/0x1e0
[  178.054575][ T9333]  copy_string_kernel+0x134/0x340
[  178.054677][ T9333]  do_execveat_common+0x5ad/0x750
[  178.054707][ T9333]  ? getname_flags+0x154/0x3b0
[  178.054730][ T9333]  __x64_sys_execveat+0x73/0x90
[  178.054761][ T9333]  x64_sys_call+0x2dae/0x2fb0
[  178.054795][ T9333]  do_syscall_64+0xd2/0x200
[  178.054816][ T9333]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  178.054876][ T9333]  ? clear_bhb_loop+0x40/0x90
[  178.054899][ T9333]  ? clear_bhb_loop+0x40/0x90
[  178.054925][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.054964][ T9333] RIP: 0033:0x7f082fd3e9a9
[  178.055041][ T9333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.055059][ T9333] RSP: 002b:00007f082e39f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  178.055080][ T9333] RAX: ffffffffffffffda RBX: 00007f082ff65fa0 RCX: 00007f082fd3e9a9
[  178.055094][ T9333] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  178.055109][ T9333] RBP: 00007f082e39f090 R08: 0000000000000000 R09: 0000000000000000
[  178.055134][ T9333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  178.055148][ T9333] R13: 0000000000000000 R14: 00007f082ff65fa0 R15: 00007fffd72d88c8
[  178.055214][ T9333]  </TASK>
[  178.295435][ T9336] netlink: 'syz.3.2020': attribute type 1 has an invalid length.
[  178.502680][ T9358] loop3: detected capacity change from 0 to 1024
[  178.516937][ T9358] EXT4-fs: Ignoring removed nobh option
[  178.522853][ T9358] EXT4-fs: inline encryption not supported
[  178.548711][ T9358] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.594094][ T9358] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.2027: Allocating blocks 385-513 which overlap fs metadata
[  178.614828][ T9310] pimreg: left allmulticast mode
[  178.622474][ T9358] EXT4-fs (loop3): pa ffff888106aad540: logic 16, phys. 129, len 24
[  178.630715][ T9358] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  178.645717][ T9358] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  178.658605][ T9358] EXT4-fs (loop3): This should not happen!! Data will be lost
[  178.658605][ T9358] 
[  178.668606][ T9358] EXT4-fs (loop3): Total free blocks count 0
[  178.674639][ T9358] EXT4-fs (loop3): Free/Dirty block details
[  178.681193][ T9358] EXT4-fs (loop3): free_blocks=128
[  178.686457][ T9358] EXT4-fs (loop3): dirty_blocks=0
[  178.691612][ T9358] EXT4-fs (loop3): Block reservation details
[  178.697701][ T9358] EXT4-fs (loop3): i_reserved_data_blocks=0
[  178.707917][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.837283][   T29] kauditd_printk_skb: 288 callbacks suppressed
[  178.837304][   T29] audit: type=1326 audit(1753043423.046:6980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9370 comm="syz.0.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9d1f1e9a9 code=0x7ffc0000
[  178.867918][   T29] audit: type=1326 audit(1753043423.046:6981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9370 comm="syz.0.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9d1f1e9a9 code=0x7ffc0000
[  178.892318][   T29] audit: type=1326 audit(1753043423.046:6982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9370 comm="syz.0.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7fb9d1f1e9a9 code=0x7ffc0000
[  178.915910][   T29] audit: type=1326 audit(1753043423.046:6983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9370 comm="syz.0.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9d1f1e9a9 code=0x7ffc0000
[  178.939616][   T29] audit: type=1326 audit(1753043423.046:6984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9370 comm="syz.0.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9d1f1e9a9 code=0x7ffc0000
[  179.022743][ T9393] loop3: detected capacity change from 0 to 1024
[  179.079056][ T9393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  179.097467][ T9393] ext4 filesystem being mounted at /395/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.127179][ T9393] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2036: lblock 3 mapped to illegal pblock 3 (length 3)
[  179.159326][ T9393] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  179.172145][ T9393] EXT4-fs (loop3): This should not happen!! Data will be lost
[  179.172145][ T9393] 
[  179.199346][ T9405] loop4: detected capacity change from 0 to 512
[  179.223186][ T3963] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:19: lblock 8 mapped to illegal pblock 8 (length 8)
[  179.239600][ T9405] ext4: Unknown parameter 'obj_type'
[  179.343825][ T3963] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  179.356799][ T3963] EXT4-fs (loop3): This should not happen!! Data will be lost
[  179.356799][ T3963] 
[  179.394955][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  179.913839][ T9416] loop3: detected capacity change from 0 to 1024
[  179.948238][ T9416] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  179.961450][ T9416] ext4 filesystem being mounted at /396/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.977208][ T9416] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2040: lblock 3 mapped to illegal pblock 3 (length 3)
[  179.992717][ T9416] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  180.005054][ T9416] EXT4-fs (loop3): This should not happen!! Data will be lost
[  180.005054][ T9416] 
[  180.032982][ T9428] FAULT_INJECTION: forcing a failure.
[  180.032982][ T9428] name failslab, interval 1, probability 0, space 0, times 0
[  180.045916][ T9428] CPU: 0 UID: 0 PID: 9428 Comm: syz.0.2048 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  180.045952][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.045975][ T9428] Call Trace:
[  180.045982][ T9428]  <TASK>
[  180.045990][ T9428]  __dump_stack+0x1d/0x30
[  180.046076][ T9428]  dump_stack_lvl+0xe8/0x140
[  180.046217][ T9428]  dump_stack+0x15/0x1b
[  180.046313][ T9428]  should_fail_ex+0x265/0x280
[  180.046387][ T9428]  should_failslab+0x8c/0xb0
[  180.046409][ T9428]  __kmalloc_node_noprof+0xa9/0x410
[  180.046479][ T9428]  ? __vmalloc_node_range_noprof+0x3f9/0xe00
[  180.046516][ T9428]  __vmalloc_node_range_noprof+0x3f9/0xe00
[  180.046569][ T9428]  __vmalloc_node_noprof+0x89/0xc0
[  180.046622][ T9428]  ? copy_process+0x399/0x1f90
[  180.046786][ T9428]  ? copy_process+0x399/0x1f90
[  180.046813][ T9428]  dup_task_struct+0x449/0x6a0
[  180.046889][ T9428]  ? path_openat+0x1bf8/0x2170
[  180.047011][ T9428]  copy_process+0x399/0x1f90
[  180.047134][ T9428]  ? copy_clone_args_from_user+0x3ce/0x490
[  180.047175][ T9428]  kernel_clone+0x16c/0x5b0
[  180.047208][ T9428]  __se_sys_clone3+0x1c2/0x200
[  180.047314][ T9428]  __x64_sys_clone3+0x31/0x40
[  180.047361][ T9428]  x64_sys_call+0x10c9/0x2fb0
[  180.047470][ T9428]  do_syscall_64+0xd2/0x200
[  180.047530][ T9428]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  180.047566][ T9428]  ? clear_bhb_loop+0x40/0x90
[  180.047592][ T9428]  ? clear_bhb_loop+0x40/0x90
[  180.047618][ T9428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.047722][ T9428] RIP: 0033:0x7fb9d1f1e9a9
[  180.047758][ T9428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.047778][ T9428] RSP: 002b:00007fb9d0586f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  180.047807][ T9428] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fb9d1f1e9a9
[  180.047818][ T9428] RDX: 00007fb9d0586f20 RSI: 0000000000000058 RDI: 00007fb9d0586f20
[  180.047830][ T9428] RBP: 00007fb9d0587090 R08: 0000000000000000 R09: 0000000000000058
[  180.047841][ T9428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.047855][ T9428] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  180.047967][ T9428]  </TASK>
[  180.047981][ T9428] syz.0.2048: vmalloc error: size 16384, failed to allocated page array size 32, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  180.291826][ T9428] CPU: 0 UID: 0 PID: 9428 Comm: syz.0.2048 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  180.291894][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.291910][ T9428] Call Trace:
[  180.291918][ T9428]  <TASK>
[  180.291928][ T9428]  __dump_stack+0x1d/0x30
[  180.292011][ T9428]  dump_stack_lvl+0xe8/0x140
[  180.292028][ T9428]  dump_stack+0x15/0x1b
[  180.292042][ T9428]  warn_alloc+0x12b/0x1a0
[  180.292069][ T9428]  ? should_failslab+0x8c/0xb0
[  180.292092][ T9428]  __vmalloc_node_range_noprof+0x497/0xe00
[  180.292201][ T9428]  __vmalloc_node_noprof+0x89/0xc0
[  180.292227][ T9428]  ? copy_process+0x399/0x1f90
[  180.292248][ T9428]  ? copy_process+0x399/0x1f90
[  180.292269][ T9428]  dup_task_struct+0x449/0x6a0
[  180.292319][ T9428]  ? path_openat+0x1bf8/0x2170
[  180.292422][ T9428]  copy_process+0x399/0x1f90
[  180.292477][ T9428]  ? copy_clone_args_from_user+0x3ce/0x490
[  180.292576][ T9428]  kernel_clone+0x16c/0x5b0
[  180.292607][ T9428]  __se_sys_clone3+0x1c2/0x200
[  180.292669][ T9428]  __x64_sys_clone3+0x31/0x40
[  180.292694][ T9428]  x64_sys_call+0x10c9/0x2fb0
[  180.292712][ T9428]  do_syscall_64+0xd2/0x200
[  180.292729][ T9428]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  180.292751][ T9428]  ? clear_bhb_loop+0x40/0x90
[  180.292840][ T9428]  ? clear_bhb_loop+0x40/0x90
[  180.292904][ T9428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.293103][ T9428] RIP: 0033:0x7fb9d1f1e9a9
[  180.293116][ T9428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.293132][ T9428] RSP: 002b:00007fb9d0586f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  180.293149][ T9428] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fb9d1f1e9a9
[  180.293159][ T9428] RDX: 00007fb9d0586f20 RSI: 0000000000000058 RDI: 00007fb9d0586f20
[  180.293170][ T9428] RBP: 00007fb9d0587090 R08: 0000000000000000 R09: 0000000000000058
[  180.293256][ T9428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.293267][ T9428] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  180.293284][ T9428]  </TASK>
[  180.293299][ T9428] Mem-Info:
[  180.509759][ T9428] active_anon:9829 inactive_anon:14 isolated_anon:0
[  180.509759][ T9428]  active_file:6766 inactive_file:4557 isolated_file:0
[  180.509759][ T9428]  unevictable:17 dirty:138 writeback:0
[  180.509759][ T9428]  slab_reclaimable:3244 slab_unreclaimable:150577
[  180.509759][ T9428]  mapped:35947 shmem:6060 pagetables:1245
[  180.509759][ T9428]  sec_pagetables:0 bounce:0
[  180.509759][ T9428]  kernel_misc_reclaimable:0
[  180.509759][ T9428]  free:1692212 free_pcp:75618 free_cma:0
[  180.554944][ T9428] Node 0 active_anon:39316kB inactive_anon:56kB active_file:27064kB inactive_file:18228kB unevictable:68kB isolated(anon):0kB isolated(file):0kB mapped:143788kB dirty:552kB writeback:0kB shmem:24240kB writeback_tmp:0kB kernel_stack:3616kB pagetables:4980kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  180.584648][ T9428] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  180.613392][ T9428] lowmem_reserve[]: 0 2882 7860 7860
[  180.618726][ T9428] Node 0 DMA32 free:2947720kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951348kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:100kB free_cma:0kB
[  180.649310][ T9428] lowmem_reserve[]: 0 0 4978 4978
[  180.654556][ T9428] Node 0 Normal free:3805768kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39316kB inactive_anon:56kB active_file:27064kB inactive_file:18228kB unevictable:68kB writepending:552kB present:5242880kB managed:5098240kB mlocked:104kB bounce:0kB free_pcp:298844kB local_pcp:284300kB free_cma:0kB
[  180.688890][ T9428] lowmem_reserve[]: 0 0 0 0
[  180.693778][ T9428] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  180.706924][ T9428] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 2*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947720kB
[  180.723071][ T9428] Node 0 Normal: 978*4kB (UME) 452*8kB (UME) 610*16kB (UME) 646*32kB (UME) 576*64kB (UME) 266*128kB (UME) 127*256kB (UM) 115*512kB (UM) 93*1024kB (UM) 40*2048kB (UME) 837*4096kB (UM) = 3805768kB
[  180.743894][ T9428] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  180.753659][ T9428] 17386 total pagecache pages
[  180.758434][ T9428] 11 pages in swap cache
[  180.762871][ T9428] Free swap  = 124848kB
[  180.767131][ T9428] Total swap = 124996kB
[  180.771753][ T9428] 2097051 pages RAM
[  180.776503][ T9428] 0 pages HighMem/MovableOnly
[  180.781346][ T9428] 80814 pages reserved
[  180.786808][ T3943] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:13: lblock 8 mapped to illegal pblock 8 (length 8)
[  180.812048][ T3943] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  180.824845][ T3943] EXT4-fs (loop3): This should not happen!! Data will be lost
[  180.824845][ T3943] 
[  180.848433][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  180.867361][   T29] audit: type=1400 audit(1753043425.106:6985): avc:  denied  { relabelfrom } for  pid=9431 comm="syz.4.2051" name="NETLINK" dev="sockfs" ino=25066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  180.892568][   T29] audit: type=1400 audit(1753043425.106:6986): avc:  denied  { relabelto } for  pid=9431 comm="syz.4.2051" name="NETLINK" dev="sockfs" ino=25066 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1
[  180.950741][ T9435] loop4: detected capacity change from 0 to 1024
[  180.963276][ T9439] loop3: detected capacity change from 0 to 512
[  180.970583][ T9439] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  180.984488][ T9435] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  180.984688][ T9438] validate_nla: 4 callbacks suppressed
[  180.984705][ T9438] netlink: 'syz.1.2053': attribute type 1 has an invalid length.
[  181.001046][ T9435] ext4 filesystem being mounted at /414/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.004110][ T9438] __nla_validate_parse: 11 callbacks suppressed
[  181.004201][ T9438] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2053'.
[  181.030424][ T9435] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2052: lblock 3 mapped to illegal pblock 3 (length 3)
[  181.082919][ T9435] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  181.095456][ T9435] EXT4-fs (loop4): This should not happen!! Data will be lost
[  181.095456][ T9435] 
[  181.112879][ T9439] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.130370][ T9439] ext4 filesystem being mounted at /397/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.146201][ T9448] netlink: 'syz.2.2055': attribute type 1 has an invalid length.
[  181.154116][ T9448] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2055'.
[  181.166111][ T3943] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:13: lblock 8 mapped to illegal pblock 8 (length 8)
[  181.187453][   T29] audit: type=1326 audit(1753043425.426:6987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9453 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26aefee9a9 code=0x7ffc0000
[  181.212061][   T29] audit: type=1326 audit(1753043425.456:6988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9453 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f26aefee9a9 code=0x7ffc0000
[  181.235603][   T29] audit: type=1326 audit(1753043425.456:6989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9453 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26aefee9a9 code=0x7ffc0000
[  181.251012][ T9450] netlink: 'syz.1.2056': attribute type 4 has an invalid length.
[  181.267156][ T9450] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2056'.
[  181.276394][ T3943] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  181.288880][ T3943] EXT4-fs (loop4): This should not happen!! Data will be lost
[  181.288880][ T3943] 
[  181.301630][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  181.301895][ T9452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2057'.
[  181.319806][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2057'.
[  181.353590][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.377877][ T9460] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  181.395404][ T9460] vhci_hcd: default hub control req: 0200 v0000 i0000 l31125
[  181.961266][ T9487] loop2: detected capacity change from 0 to 1024
[  181.981120][ T9487] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  181.995015][ T9487] ext4 filesystem being mounted at /367/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.011872][ T9487] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.2069: lblock 3 mapped to illegal pblock 3 (length 3)
[  182.027664][ T9487] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  182.040118][ T9487] EXT4-fs (loop2): This should not happen!! Data will be lost
[  182.040118][ T9487] 
[  182.062419][ T3943] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:13: lblock 8 mapped to illegal pblock 8 (length 8)
[  182.077547][ T3943] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  182.089942][ T3943] EXT4-fs (loop2): This should not happen!! Data will be lost
[  182.089942][ T3943] 
[  182.101045][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  182.143437][ T9491] netlink: 'syz.2.2070': attribute type 1 has an invalid length.
[  182.151479][ T9491] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2070'.
[  182.184557][ T9493] loop2: detected capacity change from 0 to 1024
[  182.191830][ T9493] EXT4-fs: Ignoring removed nobh option
[  182.197597][ T9493] EXT4-fs: inline encryption not supported
[  182.210665][ T9493] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.231485][ T9493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2071'.
[  182.240587][ T9493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2071'.
[  182.280864][ T9497] netlink: 'syz.4.2072': attribute type 4 has an invalid length.
[  182.288698][ T9497] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.2072'.
[  182.299430][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.334066][ T9501] loop4: detected capacity change from 0 to 512
[  182.347780][ T9501] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.360988][ T9501] ext4 filesystem being mounted at /417/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.390508][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.455336][ T9516] loop3: detected capacity change from 0 to 1024
[  182.462621][ T9517] loop2: detected capacity change from 0 to 164
[  182.468404][ T9516] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  182.481224][ T9517] Unable to read rock-ridge attributes
[  182.482204][ T9516] ext4 filesystem being mounted at /401/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.507907][ T9516] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2080: lblock 3 mapped to illegal pblock 3 (length 3)
[  182.523461][ T9516] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  182.536047][ T9516] EXT4-fs (loop3): This should not happen!! Data will be lost
[  182.536047][ T9516] 
[  182.570599][ T9525] netlink: 'syz.4.2082': attribute type 1 has an invalid length.
[  182.578606][ T9525] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2082'.
[  182.588233][ T3967] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:21: lblock 8 mapped to illegal pblock 8 (length 8)
[  182.610308][ T3967] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  182.618486][ T9507] Unable to read rock-ridge attributes
[  182.622778][ T3967] EXT4-fs (loop3): This should not happen!! Data will be lost
[  182.622778][ T3967] 
[  182.658713][ T9532] netlink: 'syz.0.2085': attribute type 4 has an invalid length.
[  182.670444][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  182.673575][ T9536] FAULT_INJECTION: forcing a failure.
[  182.673575][ T9536] name failslab, interval 1, probability 0, space 0, times 0
[  182.692445][ T9536] CPU: 1 UID: 0 PID: 9536 Comm: syz.1.2087 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  182.692479][ T9536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.692494][ T9536] Call Trace:
[  182.692503][ T9536]  <TASK>
[  182.692512][ T9536]  __dump_stack+0x1d/0x30
[  182.692536][ T9536]  dump_stack_lvl+0xe8/0x140
[  182.692558][ T9536]  dump_stack+0x15/0x1b
[  182.692646][ T9536]  should_fail_ex+0x265/0x280
[  182.692681][ T9536]  ? audit_log_d_path+0x8d/0x150
[  182.692719][ T9536]  should_failslab+0x8c/0xb0
[  182.692745][ T9536]  __kmalloc_cache_noprof+0x4c/0x320
[  182.692799][ T9536]  audit_log_d_path+0x8d/0x150
[  182.692835][ T9536]  audit_log_d_path_exe+0x42/0x70
[  182.692871][ T9536]  audit_log_task+0x1e9/0x250
[  182.692924][ T9536]  audit_seccomp+0x61/0x100
[  182.692955][ T9536]  ? __seccomp_filter+0x68c/0x10d0
[  182.692980][ T9536]  __seccomp_filter+0x69d/0x10d0
[  182.693055][ T9536]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  182.693094][ T9536]  ? vfs_write+0x75e/0x8e0
[  182.693125][ T9536]  ? __rcu_read_unlock+0x4f/0x70
[  182.693255][ T9536]  ? __fget_files+0x184/0x1c0
[  182.693363][ T9536]  __secure_computing+0x82/0x150
[  182.693411][ T9536]  syscall_trace_enter+0xcf/0x1e0
[  182.693434][ T9536]  do_syscall_64+0xac/0x200
[  182.693451][ T9536]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  182.693487][ T9536]  ? clear_bhb_loop+0x40/0x90
[  182.693513][ T9536]  ? clear_bhb_loop+0x40/0x90
[  182.693540][ T9536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.693566][ T9536] RIP: 0033:0x7f082fd3e9a9
[  182.693584][ T9536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.693639][ T9536] RSP: 002b:00007f082e39f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  182.693659][ T9536] RAX: ffffffffffffffda RBX: 00007f082ff65fa0 RCX: 00007f082fd3e9a9
[  182.693671][ T9536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  182.693732][ T9536] RBP: 00007f082e39f090 R08: 0000000000000000 R09: 0000000000000000
[  182.693743][ T9536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.693785][ T9536] R13: 0000000000000000 R14: 00007f082ff65fa0 R15: 00007fffd72d88c8
[  182.693809][ T9536]  </TASK>
[  182.931050][ T9538] loop3: detected capacity change from 0 to 1024
[  182.938243][ T9538] EXT4-fs: Ignoring removed nobh option
[  182.944120][ T9538] EXT4-fs: inline encryption not supported
[  182.967663][ T9538] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.010377][ T9538] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.2083: Allocating blocks 385-513 which overlap fs metadata
[  183.044426][ T9538] EXT4-fs (loop3): pa ffff888106a60620: logic 16, phys. 129, len 24
[  183.052678][ T9538] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  183.083997][ T9538] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  183.096405][ T9538] EXT4-fs (loop3): This should not happen!! Data will be lost
[  183.096405][ T9538] 
[  183.106272][ T9538] EXT4-fs (loop3): Total free blocks count 0
[  183.112307][ T9538] EXT4-fs (loop3): Free/Dirty block details
[  183.118855][ T9538] EXT4-fs (loop3): free_blocks=128
[  183.124057][ T9538] EXT4-fs (loop3): dirty_blocks=0
[  183.129163][ T9538] EXT4-fs (loop3): Block reservation details
[  183.135197][ T9538] EXT4-fs (loop3): i_reserved_data_blocks=0
[  183.154691][ T9553] loop4: detected capacity change from 0 to 1024
[  183.188075][ T9553] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  183.205723][ T9553] ext4 filesystem being mounted at /425/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.221391][ T9553] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2093: lblock 3 mapped to illegal pblock 3 (length 3)
[  183.221442][ T9557] netlink: 'syz.1.2095': attribute type 1 has an invalid length.
[  183.245344][ T9553] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  183.258211][ T9553] EXT4-fs (loop4): This should not happen!! Data will be lost
[  183.258211][ T9553] 
[  183.291369][ T3963] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:19: lblock 8 mapped to illegal pblock 8 (length 8)
[  183.312532][ T3963] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  183.318631][ T9562] loop2: detected capacity change from 0 to 1024
[  183.325026][ T3963] EXT4-fs (loop4): This should not happen!! Data will be lost
[  183.325026][ T3963] 
[  183.342596][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  183.354981][ T9562] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  183.379219][ T9562] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.394547][ T9570] lo speed is unknown, defaulting to 1000
[  183.401030][ T9570] lo speed is unknown, defaulting to 1000
[  183.411000][ T9562] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.2096: lblock 3 mapped to illegal pblock 3 (length 3)
[  183.414642][ T9570] lo speed is unknown, defaulting to 1000
[  183.432848][ T9570] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  183.442839][ T9562] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  183.451684][ T9570] lo speed is unknown, defaulting to 1000
[  183.455770][ T9562] EXT4-fs (loop2): This should not happen!! Data will be lost
[  183.455770][ T9562] 
[  183.462449][ T9570] lo speed is unknown, defaulting to 1000
[  183.483495][ T9570] lo speed is unknown, defaulting to 1000
[  183.490360][ T9570] lo speed is unknown, defaulting to 1000
[  183.496652][ T3963] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:19: lblock 8 mapped to illegal pblock 8 (length 8)
[  183.497886][ T9570] lo speed is unknown, defaulting to 1000
[  183.526323][ T3963] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  183.534276][ T9576] netlink: 'syz.3.2100': attribute type 4 has an invalid length.
[  183.538679][ T3963] EXT4-fs (loop2): This should not happen!! Data will be lost
[  183.538679][ T3963] 
[  183.557786][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  183.643956][ T9589] loop3: detected capacity change from 0 to 1024
[  183.663446][ T9589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  183.694603][ T9589] ext4 filesystem being mounted at /407/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.731104][ T9589] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2105: lblock 3 mapped to illegal pblock 3 (length 3)
[  183.757331][ T9589] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  183.770655][ T9589] EXT4-fs (loop3): This should not happen!! Data will be lost
[  183.770655][ T9589] 
[  183.782665][ T9595] lo speed is unknown, defaulting to 1000
[  183.848272][ T9602] loop2: detected capacity change from 0 to 512
[  183.860566][ T1400] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 8)
[  183.875991][ T9598] loop4: detected capacity change from 0 to 1024
[  183.877032][ T1400] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  183.882818][ T9598] EXT4-fs: Ignoring removed nobh option
[  183.894689][ T1400] EXT4-fs (loop3): This should not happen!! Data will be lost
[  183.894689][ T1400] 
[  183.900773][ T9598] EXT4-fs: Ignoring removed bh option
[  183.922145][ T9595] lo speed is unknown, defaulting to 1000
[  183.927583][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  183.953976][   T29] kauditd_printk_skb: 242 callbacks suppressed
[  183.953993][   T29] audit: type=1400 audit(1753043428.186:7232): avc:  denied  { unmount } for  pid=9594 comm="syz.1.2108" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  183.959278][ T9602] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a04fc128, mo2=0002]
[  183.990109][ T9602] System zones: 1-12
[  183.990909][ T9598] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.994407][   T29] audit: type=1400 audit(1753043428.226:7233): avc:  denied  { ioctl } for  pid=9604 comm="syz.3.2111" path="socket:[25319]" dev="sockfs" ino=25319 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  184.066501][   T29] audit: type=1400 audit(1753043428.296:7234): avc:  denied  { setattr } for  pid=9597 comm="syz.4.2109" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  184.114876][ T9602] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.2110: invalid indirect mapped block 11 (level 0)
[  184.128490][   T29] audit: type=1326 audit(1753043428.326:7235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.135349][ T9602] EXT4-fs (loop2): Remounting filesystem read-only
[  184.152959][   T29] audit: type=1326 audit(1753043428.326:7236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.184796][   T29] audit: type=1326 audit(1753043428.326:7237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.210281][   T29] audit: type=1326 audit(1753043428.326:7238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.235169][   T29] audit: type=1326 audit(1753043428.326:7239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.260037][   T29] audit: type=1326 audit(1753043428.326:7240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.284148][   T29] audit: type=1326 audit(1753043428.326:7241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9597 comm="syz.4.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f983fc3e9a9 code=0x7ffc0000
[  184.293549][ T9605] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  184.310387][ T9602] EXT4-fs (loop2): 1 truncate cleaned up
[  184.322747][ T9602] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.387540][ T9602] macvlan2: entered promiscuous mode
[  184.392909][ T9602] bond0: entered promiscuous mode
[  184.398459][ T9602] bond_slave_0: entered promiscuous mode
[  184.404396][ T9602] bond_slave_1: entered promiscuous mode
[  184.411132][ T9602] macvlan2: entered allmulticast mode
[  184.411848][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.416730][ T9602] bond0: entered allmulticast mode
[  184.431422][ T9602] bond_slave_0: entered allmulticast mode
[  184.437911][ T9602] bond_slave_1: entered allmulticast mode
[  184.448396][ T9602] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  184.456767][ T9602] bond0: left allmulticast mode
[  184.461766][ T9602] bond_slave_0: left allmulticast mode
[  184.467494][ T9602] bond_slave_1: left allmulticast mode
[  184.473162][ T9602] bond0: left promiscuous mode
[  184.478124][ T9602] bond_slave_0: left promiscuous mode
[  184.483666][ T9602] bond_slave_1: left promiscuous mode
[  184.532395][ T9632] loop4: detected capacity change from 0 to 1024
[  184.547168][ T9632] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  184.559585][ T9632] ext4 filesystem being mounted at /430/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.580552][ T9632] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2118: lblock 3 mapped to illegal pblock 3 (length 3)
[  184.601511][ T9632] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  184.614032][ T9632] EXT4-fs (loop4): This should not happen!! Data will be lost
[  184.614032][ T9632] 
[  184.635915][ T1400] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 8)
[  184.652981][ T1400] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  184.665494][ T1400] EXT4-fs (loop4): This should not happen!! Data will be lost
[  184.665494][ T1400] 
[  184.678008][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.690184][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  184.721053][ T9639] netlink: 'syz.3.2122': attribute type 30 has an invalid length.
[  184.744717][ T9639] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  184.753023][ T9639] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  184.761439][ T9639] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  184.769673][ T9639] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  184.816793][ T9646] loop2: detected capacity change from 0 to 1024
[  184.909891][ T9646] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  184.928015][ T9646] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.939986][ T9657] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.046575][ T9657] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.127231][ T9661] lo speed is unknown, defaulting to 1000
[  185.156961][ T9657] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.161005][ T9667] loop4: detected capacity change from 0 to 1024
[  185.215846][ T9667] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  185.245651][ T9667] ext4 filesystem being mounted at /436/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.296008][ T9657] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.344291][ T9667] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2130: lblock 3 mapped to illegal pblock 3 (length 3)
[  185.391781][ T9667] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  185.397098][ T9674] macvlan2: entered promiscuous mode
[  185.404496][ T9667] EXT4-fs (loop4): This should not happen!! Data will be lost
[  185.404496][ T9667] 
[  185.409663][ T9674] bond0: entered promiscuous mode
[  185.424929][ T9674] bond_slave_0: entered promiscuous mode
[  185.430888][ T9674] bond_slave_1: entered promiscuous mode
[  185.437459][ T9674] macvlan2: entered allmulticast mode
[  185.442909][ T9674] bond0: entered allmulticast mode
[  185.448287][ T9674] bond_slave_0: entered allmulticast mode
[  185.454272][ T9674] bond_slave_1: entered allmulticast mode
[  185.531878][   T51] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:3: lblock 8 mapped to illegal pblock 8 (length 8)
[  185.549899][ T9674] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  185.566136][ T9674] bond0: left allmulticast mode
[  185.566460][   T51] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  185.571135][ T9674] bond_slave_0: left allmulticast mode
[  185.583405][   T51] EXT4-fs (loop4): This should not happen!! Data will be lost
[  185.583405][   T51] 
[  185.599229][ T9674] bond_slave_1: left allmulticast mode
[  185.604805][ T9674] bond0: left promiscuous mode
[  185.609641][ T9674] bond_slave_0: left promiscuous mode
[  185.615328][ T9674] bond_slave_1: left promiscuous mode
[  185.637031][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  185.677056][ T9661] lo speed is unknown, defaulting to 1000
[  185.691126][ T9646] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.2121: lblock 3 mapped to illegal pblock 3 (length 3)
[  185.691657][ T9657] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  185.706185][ T9646] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  185.726424][ T9646] EXT4-fs (loop2): This should not happen!! Data will be lost
[  185.726424][ T9646] 
[  185.759763][ T9657] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  185.796306][ T9657] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  185.820671][ T9657] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  185.838931][ T3943] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:13: lblock 8 mapped to illegal pblock 8 (length 8)
[  185.853701][ T3943] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  185.866165][ T3943] EXT4-fs (loop2): This should not happen!! Data will be lost
[  185.866165][ T3943] 
[  185.916915][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  186.176922][ T9696] __nla_validate_parse: 8 callbacks suppressed
[  186.176938][ T9696] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2140'.
[  186.192167][ T9696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2140'.
[  186.706472][   T10] kernel write not supported for file /968/loginuid (pid: 10 comm: kworker/0:1)
[  186.836445][ T9720] FAULT_INJECTION: forcing a failure.
[  186.836445][ T9720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.851243][ T9720] CPU: 1 UID: 0 PID: 9720 Comm: syz.3.2149 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  186.851343][ T9720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.851359][ T9720] Call Trace:
[  186.851367][ T9720]  <TASK>
[  186.851376][ T9720]  __dump_stack+0x1d/0x30
[  186.851471][ T9720]  dump_stack_lvl+0xe8/0x140
[  186.851496][ T9720]  dump_stack+0x15/0x1b
[  186.851515][ T9720]  should_fail_ex+0x265/0x280
[  186.851550][ T9720]  should_fail+0xb/0x20
[  186.851582][ T9720]  should_fail_usercopy+0x1a/0x20
[  186.851630][ T9720]  _copy_from_user+0x1c/0xb0
[  186.851650][ T9720]  __sys_sendto+0x19e/0x330
[  186.851719][ T9720]  __x64_sys_sendto+0x76/0x90
[  186.851797][ T9720]  x64_sys_call+0x2eb6/0x2fb0
[  186.851908][ T9720]  do_syscall_64+0xd2/0x200
[  186.851932][ T9720]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  186.851967][ T9720]  ? clear_bhb_loop+0x40/0x90
[  186.852061][ T9720]  ? clear_bhb_loop+0x40/0x90
[  186.852091][ T9720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.852116][ T9720] RIP: 0033:0x7fc2e6fde9a9
[  186.852131][ T9720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.852153][ T9720] RSP: 002b:00007fc2e563f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  186.852178][ T9720] RAX: ffffffffffffffda RBX: 00007fc2e7205fa0 RCX: 00007fc2e6fde9a9
[  186.852264][ T9720] RDX: 00000000000100a6 RSI: 0000200000000180 RDI: 0000000000000003
[  186.852276][ T9720] RBP: 00007fc2e563f090 R08: 0000200000000140 R09: 0000000000000014
[  186.852371][ T9720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.852388][ T9720] R13: 0000000000000000 R14: 00007fc2e7205fa0 R15: 00007ffff400e698
[  186.852411][ T9720]  </TASK>
[  186.859741][ T9722] loop4: detected capacity change from 0 to 1024
[  187.066956][ T9722] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  187.097608][ T9718] validate_nla: 2 callbacks suppressed
[  187.097626][ T9718] netlink: 'syz.2.2147': attribute type 4 has an invalid length.
[  187.099332][ T9722] ext4 filesystem being mounted at /440/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.103252][ T9718] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.2147'.
[  187.134604][ T9722] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2150: lblock 3 mapped to illegal pblock 3 (length 3)
[  187.148948][ T9722] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  187.161522][ T9722] EXT4-fs (loop4): This should not happen!! Data will be lost
[  187.161522][ T9722] 
[  187.184179][   T51] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:3: lblock 8 mapped to illegal pblock 8 (length 8)
[  187.199152][   T51] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  187.212200][   T51] EXT4-fs (loop4): This should not happen!! Data will be lost
[  187.212200][   T51] 
[  187.223136][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  187.321855][ T9736] FAULT_INJECTION: forcing a failure.
[  187.321855][ T9736] name failslab, interval 1, probability 0, space 0, times 0
[  187.334834][ T9736] CPU: 0 UID: 0 PID: 9736 Comm: syz.2.2158 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  187.334878][ T9736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.334940][ T9736] Call Trace:
[  187.334946][ T9736]  <TASK>
[  187.334954][ T9736]  __dump_stack+0x1d/0x30
[  187.334982][ T9736]  dump_stack_lvl+0xe8/0x140
[  187.335004][ T9736]  dump_stack+0x15/0x1b
[  187.335108][ T9736]  should_fail_ex+0x265/0x280
[  187.335146][ T9736]  ? ip_set_create+0x1ec/0x960
[  187.335185][ T9736]  should_failslab+0x8c/0xb0
[  187.335207][ T9736]  __kmalloc_cache_noprof+0x4c/0x320
[  187.335241][ T9736]  ip_set_create+0x1ec/0x960
[  187.335294][ T9736]  ? __nla_parse+0x40/0x60
[  187.335328][ T9736]  nfnetlink_rcv_msg+0x4c3/0x590
[  187.335376][ T9736]  ? selinux_capable+0x1f9/0x270
[  187.335415][ T9736]  netlink_rcv_skb+0x120/0x220
[  187.335530][ T9736]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  187.335597][ T9736]  nfnetlink_rcv+0x16b/0x1690
[  187.335627][ T9736]  ? __account_obj_stock+0x2d6/0x350
[  187.335674][ T9736]  ? obj_cgroup_charge_account+0x122/0x1a0
[  187.335786][ T9736]  ? try_charge_memcg+0x200/0x9e0
[  187.335818][ T9736]  ? css_rstat_updated+0xcd/0x5b0
[  187.335854][ T9736]  ? __rcu_read_unlock+0x4f/0x70
[  187.335893][ T9736]  ? __account_obj_stock+0x211/0x350
[  187.335938][ T9736]  ? refill_obj_stock+0x254/0x2e0
[  187.335966][ T9736]  ? obj_cgroup_charge_account+0xba/0x1a0
[  187.335994][ T9736]  ? should_fail_ex+0x30/0x280
[  187.336058][ T9736]  ? __rcu_read_unlock+0x4f/0x70
[  187.336083][ T9736]  ? should_fail_ex+0xdb/0x280
[  187.336113][ T9736]  ? selinux_nlmsg_lookup+0x99/0x890
[  187.336143][ T9736]  ? selinux_netlink_send+0x59f/0x5f0
[  187.336241][ T9736]  ? __rcu_read_unlock+0x34/0x70
[  187.336339][ T9736]  ? __netlink_lookup+0x266/0x2a0
[  187.336368][ T9736]  netlink_unicast+0x5a5/0x680
[  187.336407][ T9736]  netlink_sendmsg+0x58b/0x6b0
[  187.336434][ T9736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  187.336535][ T9736]  __sock_sendmsg+0x142/0x180
[  187.336561][ T9736]  ____sys_sendmsg+0x31e/0x4e0
[  187.336671][ T9736]  ___sys_sendmsg+0x17b/0x1d0
[  187.336724][ T9736]  __x64_sys_sendmsg+0xd4/0x160
[  187.336823][ T9736]  x64_sys_call+0x2999/0x2fb0
[  187.336856][ T9736]  do_syscall_64+0xd2/0x200
[  187.336876][ T9736]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  187.336903][ T9736]  ? clear_bhb_loop+0x40/0x90
[  187.336930][ T9736]  ? clear_bhb_loop+0x40/0x90
[  187.336978][ T9736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.336998][ T9736] RIP: 0033:0x7f26aefee9a9
[  187.337074][ T9736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.337098][ T9736] RSP: 002b:00007f26ad657038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  187.337122][ T9736] RAX: ffffffffffffffda RBX: 00007f26af215fa0 RCX: 00007f26aefee9a9
[  187.337156][ T9736] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  187.337167][ T9736] RBP: 00007f26ad657090 R08: 0000000000000000 R09: 0000000000000000
[  187.337235][ T9736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.337248][ T9736] R13: 0000000000000000 R14: 00007f26af215fa0 R15: 00007ffc1b02c058
[  187.337266][ T9736]  </TASK>
[  187.685867][ T9743] netlink: zone id is out of range
[  187.691246][ T9743] netlink: zone id is out of range
[  187.698747][ T9743] netlink: zone id is out of range
[  187.703948][ T9743] netlink: zone id is out of range
[  187.709714][ T9743] netlink: zone id is out of range
[  187.715047][ T9743] netlink: zone id is out of range
[  187.721377][ T9743] netlink: zone id is out of range
[  187.726571][ T9743] netlink: zone id is out of range
[  187.732013][ T9743] netlink: zone id is out of range
[  187.745772][ T9743] netlink: zone id is out of range
[  187.773096][ T9746] loop2: detected capacity change from 0 to 512
[  187.785082][ T9746] ext4: Unknown parameter 'obj_type'
[  187.796547][ T9750] loop4: detected capacity change from 0 to 1024
[  187.799611][ T9752] FAULT_INJECTION: forcing a failure.
[  187.799611][ T9752] name failslab, interval 1, probability 0, space 0, times 0
[  187.815901][ T9752] CPU: 0 UID: 0 PID: 9752 Comm: syz.0.2162 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  187.815935][ T9752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.815951][ T9752] Call Trace:
[  187.815971][ T9752]  <TASK>
[  187.815981][ T9752]  __dump_stack+0x1d/0x30
[  187.816007][ T9752]  dump_stack_lvl+0xe8/0x140
[  187.816044][ T9752]  dump_stack+0x15/0x1b
[  187.816061][ T9752]  should_fail_ex+0x265/0x280
[  187.816101][ T9752]  should_failslab+0x8c/0xb0
[  187.816202][ T9752]  kmem_cache_alloc_noprof+0x50/0x310
[  187.816240][ T9752]  ? proc_net_ns_init+0x2f/0x1f0
[  187.816319][ T9752]  proc_net_ns_init+0x2f/0x1f0
[  187.816357][ T9752]  ops_init+0x227/0x2e0
[  187.816389][ T9752]  setup_net+0x124/0x2e0
[  187.816412][ T9752]  copy_net_ns+0x55c/0x690
[  187.816515][ T9752]  create_new_namespaces+0x20e/0x3d0
[  187.816547][ T9752]  unshare_nsproxy_namespaces+0xe8/0x120
[  187.816650][ T9752]  ksys_unshare+0x3d0/0x6d0
[  187.816686][ T9752]  ? ksys_write+0x192/0x1a0
[  187.816718][ T9752]  __x64_sys_unshare+0x1f/0x30
[  187.816758][ T9752]  x64_sys_call+0x2d4b/0x2fb0
[  187.816819][ T9752]  do_syscall_64+0xd2/0x200
[  187.816851][ T9752]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  187.816885][ T9752]  ? clear_bhb_loop+0x40/0x90
[  187.816906][ T9752]  ? clear_bhb_loop+0x40/0x90
[  187.816929][ T9752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.816980][ T9752] RIP: 0033:0x7fb9d1f1e9a9
[  187.817004][ T9752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.817027][ T9752] RSP: 002b:00007fb9d0587038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  187.817045][ T9752] RAX: ffffffffffffffda RBX: 00007fb9d2145fa0 RCX: 00007fb9d1f1e9a9
[  187.817056][ T9752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000062040200
[  187.817114][ T9752] RBP: 00007fb9d0587090 R08: 0000000000000000 R09: 0000000000000000
[  187.817126][ T9752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  187.817137][ T9752] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  187.817155][ T9752]  </TASK>
[  187.927249][ T9750] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  187.959143][ T9755] loop3: detected capacity change from 0 to 164
[  187.962123][ T9750] ext4 filesystem being mounted at /445/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.014591][ T9755] Unable to read rock-ridge attributes
[  188.074187][ T9750] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2164: lblock 3 mapped to illegal pblock 3 (length 3)
[  188.088788][ T9750] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  188.093666][ T9755] Unable to read rock-ridge attributes
[  188.101196][ T9750] EXT4-fs (loop4): This should not happen!! Data will be lost
[  188.101196][ T9750] 
[  188.128652][ T3967] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:21: lblock 8 mapped to illegal pblock 8 (length 8)
[  188.144025][ T3967] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  188.156502][ T3967] EXT4-fs (loop4): This should not happen!! Data will be lost
[  188.156502][ T3967] 
[  188.169295][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  188.182408][ T9761] netlink: 'syz.2.2161': attribute type 13 has an invalid length.
[  188.674246][ T9773] loop4: detected capacity change from 0 to 512
[  188.681861][ T9773] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  188.693859][ T9773] EXT4-fs (loop4): orphan cleanup on readonly fs
[  188.700825][ T9773] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.2171: Block bitmap for bg 0 marked uninitialized
[  188.721497][ T9778] netlink: 204 bytes leftover after parsing attributes in process `syz.1.2173'.
[  188.765541][ T9773] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  188.778193][ T9773] EXT4-fs (loop4): 1 orphan inode deleted
[  188.784616][ T9773] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  188.798767][ T9773] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  188.808611][ T9773] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  188.824435][ T9786] loop3: detected capacity change from 0 to 1024
[  188.833372][ T9773] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.845163][ T9786] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  188.859774][ T9787] netlink: 'syz.2.2175': attribute type 4 has an invalid length.
[  188.867793][ T9786] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.867806][ T9787] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.2175'.
[  188.890654][ T9786] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2177: lblock 3 mapped to illegal pblock 3 (length 3)
[  188.905769][ T9786] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  188.918187][ T9786] EXT4-fs (loop3): This should not happen!! Data will be lost
[  188.918187][ T9786] 
[  188.941452][ T3959] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:17: lblock 8 mapped to illegal pblock 8 (length 8)
[  188.956651][ T3959] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  188.969208][ T3959] EXT4-fs (loop3): This should not happen!! Data will be lost
[  188.969208][ T3959] 
[  188.979999][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  189.003759][ T9794] netlink: 'syz.3.2179': attribute type 1 has an invalid length.
[  189.011615][ T9794] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2179'.
[  189.039624][   T29] kauditd_printk_skb: 483 callbacks suppressed
[  189.039656][   T29] audit: type=1326 audit(1753043433.276:7725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.072616][   T29] audit: type=1326 audit(1753043433.306:7726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.096502][   T29] audit: type=1326 audit(1753043433.306:7727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.120063][   T29] audit: type=1326 audit(1753043433.306:7728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.143593][   T29] audit: type=1326 audit(1753043433.306:7729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.167296][   T29] audit: type=1326 audit(1753043433.306:7730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.191399][   T29] audit: type=1326 audit(1753043433.306:7731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.215653][   T29] audit: type=1326 audit(1753043433.306:7732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.239571][   T29] audit: type=1326 audit(1753043433.306:7733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.263259][   T29] audit: type=1326 audit(1753043433.306:7734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.3.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e6fde9a9 code=0x7ffc0000
[  189.364329][ T9800] netlink: 332 bytes leftover after parsing attributes in process `syz.1.2181'.
[  189.548084][ T9815] loop4: detected capacity change from 0 to 164
[  189.566295][ T9815] Unable to read rock-ridge attributes
[  189.572967][ T9815] Unable to read rock-ridge attributes
[  189.585975][ T9817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2188'.
[  189.595224][ T9817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2188'.
[  189.612386][ T9819] loop2: detected capacity change from 0 to 1024
[  189.725028][ T9822] netlink: 'syz.1.2185': attribute type 13 has an invalid length.
[  189.962147][ T9824] netlink: 'syz.3.2190': attribute type 1 has an invalid length.
[  189.970698][ T9824] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2190'.
[  190.186581][ T9819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  190.198817][ T9819] ext4 filesystem being mounted at /389/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.227532][ T9819] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.2189: lblock 3 mapped to illegal pblock 3 (length 3)
[  190.243058][ T9819] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  190.255636][ T9819] EXT4-fs (loop2): This should not happen!! Data will be lost
[  190.255636][ T9819] 
[  190.349565][   T51] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:3: lblock 8 mapped to illegal pblock 8 (length 8)
[  190.372822][   T51] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  190.385285][   T51] EXT4-fs (loop2): This should not happen!! Data will be lost
[  190.385285][   T51] 
[  190.398267][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  190.410728][ T9836] netlink: 'syz.3.2193': attribute type 4 has an invalid length.
[  190.522953][ T9845] loop2: detected capacity change from 0 to 164
[  190.552537][ T9839] netlink: 'syz.1.2204': attribute type 4 has an invalid length.
[  190.711771][ T9860] loop4: detected capacity change from 0 to 1024
[  190.718996][ T9860] EXT4-fs: Ignoring removed nobh option
[  190.724645][ T9860] EXT4-fs: inline encryption not supported
[  190.740952][ T9860] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.779827][ T9860] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.2201: Allocating blocks 385-513 which overlap fs metadata
[  190.797712][ T9860] EXT4-fs (loop4): pa ffff888106aad5b0: logic 16, phys. 129, len 24
[  190.799445][ T9869] loop3: detected capacity change from 0 to 512
[  190.805962][ T9860] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  190.823919][ T9869] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  190.825727][ T9860] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  190.834555][ T9869] EXT4-fs (loop3): orphan cleanup on readonly fs
[  190.845778][ T9860] EXT4-fs (loop4): This should not happen!! Data will be lost
[  190.845778][ T9860] 
[  190.853989][ T9869] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.2205: Block bitmap for bg 0 marked uninitialized
[  190.862069][ T9860] EXT4-fs (loop4): Total free blocks count 0
[  190.862092][ T9860] EXT4-fs (loop4): Free/Dirty block details
[  190.862107][ T9860] EXT4-fs (loop4): free_blocks=128
[  190.862123][ T9860] EXT4-fs (loop4): dirty_blocks=0
[  190.881029][ T9869] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  190.881399][ T9860] EXT4-fs (loop4): Block reservation details
[  190.887712][ T9869] EXT4-fs (loop3): 1 orphan inode deleted
[  190.892487][ T9860] EXT4-fs (loop4): i_reserved_data_blocks=0
[  190.926457][ T9869] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  190.954377][ T9873] FAULT_INJECTION: forcing a failure.
[  190.954377][ T9873] name failslab, interval 1, probability 0, space 0, times 0
[  190.967263][ T9873] CPU: 0 UID: 0 PID: 9873 Comm: syz.0.2206 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  190.967299][ T9873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.967315][ T9873] Call Trace:
[  190.967322][ T9873]  <TASK>
[  190.967331][ T9873]  __dump_stack+0x1d/0x30
[  190.967357][ T9873]  dump_stack_lvl+0xe8/0x140
[  190.967382][ T9873]  dump_stack+0x15/0x1b
[  190.967441][ T9873]  should_fail_ex+0x265/0x280
[  190.967477][ T9873]  should_failslab+0x8c/0xb0
[  190.967573][ T9873]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  190.967600][ T9873]  ? __d_alloc+0x3d/0x350
[  190.967632][ T9873]  __d_alloc+0x3d/0x350
[  190.967659][ T9873]  ? selinux_file_open+0x2df/0x330
[  190.967753][ T9873]  d_alloc_parallel+0x53/0xc40
[  190.967783][ T9873]  ? selinux_inode_permission+0x532/0x620
[  190.967810][ T9873]  ? make_vfsuid+0x49/0xa0
[  190.967831][ T9873]  ? lockref_get_not_dead+0x120/0x1c0
[  190.967899][ T9873]  ? __rcu_read_unlock+0x4f/0x70
[  190.967927][ T9873]  __lookup_slow+0x8c/0x250
[  190.967955][ T9873]  lookup_slow+0x3c/0x60
[  190.968026][ T9873]  walk_component+0x1ec/0x220
[  190.968050][ T9873]  path_lookupat+0xfe/0x2a0
[  190.968076][ T9873]  filename_lookup+0x147/0x340
[  190.968185][ T9873]  user_path_at+0x3e/0x130
[  190.968212][ T9873]  do_faccessat+0x380/0x800
[  190.968244][ T9873]  __x64_sys_faccessat2+0x51/0x60
[  190.968267][ T9873]  x64_sys_call+0x2e69/0x2fb0
[  190.968370][ T9873]  do_syscall_64+0xd2/0x200
[  190.968396][ T9873]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  190.968424][ T9873]  ? clear_bhb_loop+0x40/0x90
[  190.968447][ T9873]  ? clear_bhb_loop+0x40/0x90
[  190.968470][ T9873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.968511][ T9873] RIP: 0033:0x7fb9d1f1e9a9
[  190.968576][ T9873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.968658][ T9873] RSP: 002b:00007fb9d0587038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7
[  190.968679][ T9873] RAX: ffffffffffffffda RBX: 00007fb9d2145fa0 RCX: 00007fb9d1f1e9a9
[  190.968693][ T9873] RDX: 0000000000000003 RSI: 0000200000000280 RDI: ffffffffffffff9c
[  190.968707][ T9873] RBP: 00007fb9d0587090 R08: 0000000000000000 R09: 0000000000000000
[  190.968748][ T9873] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000001
[  190.968761][ T9873] R13: 0000000000000000 R14: 00007fb9d2145fa0 R15: 00007ffcc078b6a8
[  190.968781][ T9873]  </TASK>
[  190.977708][ T9875] FAULT_INJECTION: forcing a failure.
[  190.977708][ T9875] name failslab, interval 1, probability 0, space 0, times 0
[  191.036520][ T9869] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  191.038247][ T9875] CPU: 1 UID: 0 PID: 9875 Comm: syz.4.2207 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  191.038286][ T9875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  191.038339][ T9875] Call Trace:
[  191.038349][ T9875]  <TASK>
[  191.038359][ T9875]  __dump_stack+0x1d/0x30
[  191.038454][ T9875]  dump_stack_lvl+0xe8/0x140
[  191.038494][ T9875]  dump_stack+0x15/0x1b
[  191.038517][ T9875]  should_fail_ex+0x265/0x280
[  191.038557][ T9875]  should_failslab+0x8c/0xb0
[  191.038589][ T9875]  __kmalloc_noprof+0xa5/0x3e0
[  191.038651][ T9875]  ? security_prepare_creds+0x52/0x120
[  191.038685][ T9875]  security_prepare_creds+0x52/0x120
[  191.038789][ T9875]  prepare_creds+0x34a/0x4c0
[  191.038829][ T9875]  copy_creds+0x8f/0x3f0
[  191.038860][ T9875]  copy_process+0x658/0x1f90
[  191.038941][ T9875]  ? kstrtouint+0x76/0xc0
[  191.039051][ T9875]  ? __rcu_read_unlock+0x4f/0x70
[  191.039085][ T9875]  kernel_clone+0x16c/0x5b0
[  191.039119][ T9875]  ? vfs_write+0x75e/0x8e0
[  191.039163][ T9875]  __x64_sys_clone+0xe6/0x120
[  191.039261][ T9875]  x64_sys_call+0x2c59/0x2fb0
[  191.039290][ T9875]  do_syscall_64+0xd2/0x200
[  191.039366][ T9875]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  191.039432][ T9875]  ? clear_bhb_loop+0x40/0x90
[  191.039460][ T9875]  ? clear_bhb_loop+0x40/0x90
[  191.039491][ T9875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.039519][ T9875] RIP: 0033:0x7f983fc3e9a9
[  191.039539][ T9875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.039611][ T9875] RSP: 002b:00007f983e29efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  191.039634][ T9875] RAX: ffffffffffffffda RBX: 00007f983fe65fa0 RCX: 00007f983fc3e9a9
[  191.039646][ T9875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000c4200000
[  191.039658][ T9875] RBP: 00007f983e29f090 R08: 0000000000000000 R09: 0000000000000000
[  191.039669][ T9875] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  191.039740][ T9875] R13: 0000000000000001 R14: 00007f983fe65fa0 R15: 00007fff6f0688d8
[  191.039767][ T9875]  </TASK>
[  191.041425][ T9880] siw: device registration error -23
[  191.043923][ T9869] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  191.486247][ T9884] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.499634][ T9884] bond_slave_0: left promiscuous mode
[  191.506969][ T9869] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.517694][ T9884] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.527470][ T9884] bond_slave_1: left promiscuous mode
[  191.533380][ T9884] $Hÿ (unregistering): Released all slaves
[  191.593574][ T9892] lo speed is unknown, defaulting to 1000
[  191.657956][ T9895] loop2: detected capacity change from 0 to 164
[  191.666876][ T9895] Unable to read rock-ridge attributes
[  191.673319][ T9895] Unable to read rock-ridge attributes
[  191.689060][ T9892] lo speed is unknown, defaulting to 1000
[  191.732256][ T9892] lo speed is unknown, defaulting to 1000
[  191.791813][ T9892] lo speed is unknown, defaulting to 1000
[  191.831522][ T9892] lo speed is unknown, defaulting to 1000
[  191.854540][ T9900] __nla_validate_parse: 6 callbacks suppressed
[  191.854555][ T9900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2214'.
[  191.870220][ T9900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2214'.
[  191.954680][ T9892] lo speed is unknown, defaulting to 1000
[  192.054075][ T9892] lo speed is unknown, defaulting to 1000
[  192.109459][ T9908] netlink: 'syz.4.2216': attribute type 1 has an invalid length.
[  192.117361][ T9908] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2216'.
[  192.160295][ T9892] lo speed is unknown, defaulting to 1000
[  192.251951][ T9892] lo speed is unknown, defaulting to 1000
[  192.394321][ T9892] lo speed is unknown, defaulting to 1000
[  192.442360][ T9916] loop4: detected capacity change from 0 to 1024
[  192.509648][ T9916] ext4 filesystem being mounted at /459/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  192.551337][ T9916] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2220: lblock 3 mapped to illegal pblock 3 (length 3)
[  192.602054][ T9916] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  192.614658][ T9916] EXT4-fs (loop4): This should not happen!! Data will be lost
[  192.614658][ T9916] 
[  192.700582][ T9928] netlink: 'syz.1.2222': attribute type 13 has an invalid length.
[  192.975979][ T3967] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:21: lblock 8 mapped to illegal pblock 8 (length 8)
[  193.006279][ T3967] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  193.019291][ T3967] EXT4-fs (loop4): This should not happen!! Data will be lost
[  193.019291][ T3967] 
[  193.136313][ T9935] loop2: detected capacity change from 0 to 1024
[  193.189084][ T9940] netlink: 'syz.0.2224': attribute type 10 has an invalid length.
[  193.211134][ T9940] team0: Port device dummy0 added
[  193.216508][ T9935] ext4 filesystem being mounted at /394/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.219420][ T9940] netlink: 'syz.0.2224': attribute type 10 has an invalid length.
[  193.238840][ T9935] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.2225: lblock 3 mapped to illegal pblock 3 (length 3)
[  193.253467][ T9935] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  193.266505][ T9935] EXT4-fs (loop2): This should not happen!! Data will be lost
[  193.266505][ T9935] 
[  193.277809][ T9940] team0: Port device dummy0 removed
[  193.298325][ T1400] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 8)
[  193.313473][ T1400] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  193.325975][ T1400] EXT4-fs (loop2): This should not happen!! Data will be lost
[  193.325975][ T1400] 
[  193.478290][ T9954] loop3: detected capacity change from 0 to 164
[  193.488470][ T9954] Unable to read rock-ridge attributes
[  193.496364][ T9946] Unable to read rock-ridge attributes
[  193.921502][ T9959] loop4: detected capacity change from 0 to 512
[  193.930789][ T9959] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  193.957084][ T9959] ext4 filesystem being mounted at /461/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.969701][ T9959] netlink: 'syz.4.2233': attribute type 27 has an invalid length.
[  193.982840][ T9959] geneve2: left promiscuous mode
[  194.005852][ T9964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2234'.
[  194.006851][ T9959] 8021q: adding VLAN 0 to HW filter on device team0
[  194.014848][ T9964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2234'.
[  194.041798][ T9959] net_ratelimit: 72 callbacks suppressed
[  194.041812][ T9959] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  194.064041][ T2945] lo speed is unknown, defaulting to 1000
[  194.069879][ T2945] syz0: Port: 1 Link ACTIVE
[  194.111648][ T9969] loop3: detected capacity change from 0 to 512
[  194.138150][ T9969] ext4 filesystem being mounted at /434/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.299161][ T9980] loop3: detected capacity change from 0 to 1024
[  194.334614][ T9984] netlink: 'syz.4.2240': attribute type 4 has an invalid length.
[  194.343092][ T9984] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.2240'.
[  194.354840][ T9980] ext4 filesystem being mounted at /435/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.376765][   T29] kauditd_printk_skb: 386 callbacks suppressed
[  194.376784][   T29] audit: type=1400 audit(1753043438.616:8121): avc:  denied  { ioctl } for  pid=9985 comm="syz.1.2241" path="socket:[27192]" dev="sockfs" ino=27192 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  194.415864][ T9980] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.2238: lblock 3 mapped to illegal pblock 3 (length 3)
[  194.461428][ T9980] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  194.474212][ T9980] EXT4-fs (loop3): This should not happen!! Data will be lost
[  194.474212][ T9980] 
[  194.502946][ T9986] lo speed is unknown, defaulting to 1000
[  194.570290][ T9986] lo speed is unknown, defaulting to 1000
[  194.648449][ T3967] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:21: lblock 8 mapped to illegal pblock 8 (length 8)
[  194.670946][ T9997] loop4: detected capacity change from 0 to 1024
[  194.678494][ T3967] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  194.691539][ T3967] EXT4-fs (loop3): This should not happen!! Data will be lost
[  194.691539][ T3967] 
[  194.692691][   T29] audit: type=1326 audit(1753043438.936:8122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.732841][ T9997] ext4 filesystem being mounted at /466/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.749060][ T9997] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2243: lblock 3 mapped to illegal pblock 3 (length 3)
[  194.756900][   T29] audit: type=1326 audit(1753043438.966:8123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.790245][   T29] audit: type=1326 audit(1753043438.966:8124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.816958][   T29] audit: type=1326 audit(1753043438.966:8125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.827168][ T9997] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  194.843090][   T29] audit: type=1326 audit(1753043438.966:8126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.856340][ T9997] EXT4-fs (loop4): This should not happen!! Data will be lost
[  194.856340][ T9997] 
[  194.892905][   T29] audit: type=1326 audit(1753043438.966:8127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.917057][   T29] audit: type=1326 audit(1753043438.966:8128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.940599][   T29] audit: type=1326 audit(1753043438.966:8129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  194.964316][   T29] audit: type=1326 audit(1753043438.966:8130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.1.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f082fd3e9a9 code=0x7ffc0000
[  195.027795][   T51] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:3: lblock 8 mapped to illegal pblock 8 (length 8)
[  195.043026][   T51] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  195.055771][   T51] EXT4-fs (loop4): This should not happen!! Data will be lost
[  195.055771][   T51] 
[  195.209072][T10012] loop4: detected capacity change from 0 to 512
[  195.217312][T10012] ext4: Unknown parameter 'obj_type'
[  195.495662][T10021] netlink: 'syz.4.2249': attribute type 13 has an invalid length.
[  195.562293][   T37] lo speed is unknown, defaulting to 1000
[  195.569117][   T37] syz0: Port: 1 Link DOWN
[  196.065462][T10031] FAULT_INJECTION: forcing a failure.
[  196.065462][T10031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  196.078970][T10031] CPU: 0 UID: 0 PID: 10031 Comm: syz.2.2253 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  196.078998][T10031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  196.079012][T10031] Call Trace:
[  196.079020][T10031]  <TASK>
[  196.079029][T10031]  __dump_stack+0x1d/0x30
[  196.079086][T10031]  dump_stack_lvl+0xe8/0x140
[  196.079105][T10031]  dump_stack+0x15/0x1b
[  196.079120][T10031]  should_fail_ex+0x265/0x280
[  196.079157][T10031]  should_fail+0xb/0x20
[  196.079190][T10031]  should_fail_usercopy+0x1a/0x20
[  196.079299][T10031]  _copy_from_iter+0xcf/0xe40
[  196.079362][T10031]  ? __mutex_lock+0x25d/0xa50
[  196.079396][T10031]  file_tty_write+0x32f/0x670
[  196.079435][T10031]  ? __pfx_tty_write+0x10/0x10
[  196.079500][T10031]  tty_write+0x25/0x30
[  196.079524][T10031]  vfs_write+0x49d/0x8e0
[  196.079560][T10031]  ksys_write+0xda/0x1a0
[  196.079614][T10031]  __x64_sys_write+0x40/0x50
[  196.079682][T10031]  x64_sys_call+0x2cdd/0x2fb0
[  196.079710][T10031]  do_syscall_64+0xd2/0x200
[  196.079730][T10031]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  196.079761][T10031]  ? clear_bhb_loop+0x40/0x90
[  196.079786][T10031]  ? clear_bhb_loop+0x40/0x90
[  196.079808][T10031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.079834][T10031] RIP: 0033:0x7f26aefee9a9
[  196.079924][T10031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.079942][T10031] RSP: 002b:00007f26ad657038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  196.079960][T10031] RAX: ffffffffffffffda RBX: 00007f26af215fa0 RCX: 00007f26aefee9a9
[  196.079972][T10031] RDX: 00000000fffffdbc RSI: 0000200000000040 RDI: 0000000000000005
[  196.079987][T10031] RBP: 00007f26ad657090 R08: 0000000000000000 R09: 0000000000000000
[  196.080003][T10031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  196.080072][T10031] R13: 0000000000000000 R14: 00007f26af215fa0 R15: 00007ffc1b02c058
[  196.080097][T10031]  </TASK>
[  196.380655][T10044] loop4: detected capacity change from 0 to 1024
[  196.398505][T10044] ext4 filesystem being mounted at /469/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.413436][T10044] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.2258: lblock 3 mapped to illegal pblock 3 (length 3)
[  196.429811][T10044] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  196.442231][T10044] EXT4-fs (loop4): This should not happen!! Data will be lost
[  196.442231][T10044] 
[  196.464726][   T51] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 8: comm kworker/u8:3: lblock 8 mapped to illegal pblock 8 (length 8)
[  196.486865][   T51] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  196.499970][   T51] EXT4-fs (loop4): This should not happen!! Data will be lost
[  196.499970][   T51] 
[  196.777754][T10062] loop4: detected capacity change from 0 to 1024
[  196.784783][T10062] EXT4-fs: Ignoring removed nobh option
[  196.790550][T10062] EXT4-fs: inline encryption not supported
[  196.809795][T10062] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.2263: Allocating blocks 385-513 which overlap fs metadata
[  196.827133][T10062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2263'.
[  196.836262][T10062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2263'.
[  196.847145][T10062] EXT4-fs (loop4): pa ffff888106aad5b0: logic 16, phys. 129, len 24
[  196.855330][T10062] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  196.867809][T10062] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  196.880105][T10062] EXT4-fs (loop4): This should not happen!! Data will be lost
[  196.880105][T10062] 
[  196.890437][T10062] EXT4-fs (loop4): Total free blocks count 0
[  196.896656][T10062] EXT4-fs (loop4): Free/Dirty block details
[  196.902580][T10062] EXT4-fs (loop4): free_blocks=128
[  196.908042][T10062] EXT4-fs (loop4): dirty_blocks=0
[  196.913261][T10062] EXT4-fs (loop4): Block reservation details
[  196.919487][T10062] EXT4-fs (loop4): i_reserved_data_blocks=0
[  196.949992][T10066] loop2: detected capacity change from 0 to 164
[  197.329737][T10077] netlink: 'syz.1.2269': attribute type 4 has an invalid length.
[  197.337682][T10077] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2269'.
[  197.621712][T10094] loop3: detected capacity change from 0 to 164
[  197.631043][T10094] Unable to read rock-ridge attributes
[  197.637854][T10094] Unable to read rock-ridge attributes
[  197.885357][    C1] ==================================================================
[  197.895826][    C1] BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick
[  197.905688][    C1] 
[  197.908270][    C1] read-write to 0xffff888100072eb8 of 8 bytes by interrupt on cpu 0:
[  197.918089][    C1]  wq_worker_tick+0x60/0x230
[  197.922846][    C1]  sched_tick+0x11a/0x270
[  197.927757][    C1]  update_process_times+0x15f/0x190
[  197.933511][    C1]  tick_nohz_handler+0x249/0x2d0
[  197.938652][    C1]  __hrtimer_run_queues+0x20c/0x5a0
[  197.944239][    C1]  hrtimer_interrupt+0x21a/0x460
[  197.949207][    C1]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  197.955377][    C1]  sysvec_apic_timer_interrupt+0x6f/0x80
[  197.961144][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  197.967350][    C1]  _raw_spin_unlock_irqrestore+0x3c/0x60
[  197.973127][    C1]  free_percpu+0x514/0xa30
[  197.978072][    C1]  prealloc_destroy+0xec/0x1a0
[  197.982959][    C1]  htab_map_free+0x4cc/0x590
[  197.987758][    C1]  bpf_map_free_deferred+0xb3/0x140
[  197.993271][    C1]  process_scheduled_works+0x4cb/0x9d0
[  197.998760][    C1]  worker_thread+0x582/0x770
[  198.003382][    C1]  kthread+0x489/0x510
[  198.007490][    C1]  ret_from_fork+0xda/0x150
[  198.012924][    C1]  ret_from_fork_asm+0x1a/0x30
[  198.018576][    C1] 
[  198.021219][    C1] read-write to 0xffff888100072eb8 of 8 bytes by interrupt on cpu 1:
[  198.029743][    C1]  wq_worker_tick+0x60/0x230
[  198.034647][    C1]  sched_tick+0x11a/0x270
[  198.039151][    C1]  update_process_times+0x15f/0x190
[  198.044492][    C1]  tick_nohz_handler+0x249/0x2d0
[  198.049596][    C1]  __hrtimer_run_queues+0x20c/0x5a0
[  198.054838][    C1]  hrtimer_interrupt+0x21a/0x460
[  198.060187][    C1]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  198.066305][    C1]  sysvec_apic_timer_interrupt+0x6f/0x80
[  198.072098][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  198.078240][    C1]  _raw_spin_unlock_irqrestore+0x3c/0x60
[  198.084178][    C1]  free_percpu+0x514/0xa30
[  198.088839][    C1]  htab_map_free+0x4e6/0x590
[  198.093681][    C1]  bpf_map_free_deferred+0xb3/0x140
[  198.099378][    C1]  process_scheduled_works+0x4cb/0x9d0
[  198.105107][    C1]  worker_thread+0x582/0x770
[  198.109927][    C1]  kthread+0x489/0x510
[  198.114129][    C1]  ret_from_fork+0xda/0x150
[  198.118746][    C1]  ret_from_fork_asm+0x1a/0x30
[  198.123555][    C1] 
[  198.126104][    C1] value changed: 0x00000000000b71b0 -> 0x00000000000b98c0
[  198.133330][    C1] 
[  198.135726][    C1] Reported by Kernel Concurrency Sanitizer on:
[  198.141914][    C1] CPU: 1 UID: 0 PID: 1400 Comm: kworker/u8:6 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(voluntary) 
[  198.154723][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.165046][    C1] Workqueue: events_unbound bpf_map_free_deferred
[  198.171627][    C1] ==================================================================
[  198.298840][T10114] netlink: 'syz.1.2283': attribute type 4 has an invalid length.
[  198.307050][T10114] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2283'.