last executing test programs:

1m44.964064428s ago: executing program 1 (id=5852):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100010009000000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000640)='kfree\x00', r2}, 0x18)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$PIO_UNIMAPCLR(r3, 0x4b68, 0x0)

1m44.900344194s ago: executing program 1 (id=5889):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xff, 0x30000000000}, 0x0, 0x10000, 0xfffffffe, 0x5, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x19, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r2 = syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x0)
read$usbmon(r2, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r7, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a030000000000000000000700000078000000090a0104000000000900020073797a30000000000900010073797a3000000000080005400000002f34001280210001807569c58000100002800c0001400000000000000009100001800700010063740000040002800800034000000106140000001000010000000000000000000084000ae39b3bb9a7db0230da6406f796238548f775b5155d486ae45749da79def7"], 0xb4}}, 0x20050800)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x4001, 0x3, 0x510, 0x1f0, 0x0, 0x148, 0x1f0, 0x148, 0x478, 0x240, 0x240, 0x478, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0xff000000, 'ip6tnl0\x00', 'wlan1\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0x190, 0x1f0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x6, 0x1, 0x1, 'syz1\x00', 0xc}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0xffffff00, 0xffffff00, 0x0, 0xffffff00], 0x4e22, 0x4e22, 0x4e20, 0x4e23, 0x8, 0x2, 0x5f4a, 0x100, 0x2}}}, {{@ip={@remote, @multicast1, 0xff000000, 0xffffff00, 'wlan0\x00', 'pimreg1\x00', {}, {0xff}, 0x84, 0x0, 0x60}, 0x0, 0x260, 0x288, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x9, 0x1, 0x1, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x4, 0x3, 0x1, 0x1, 'syz1\x00', 0x5}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)
r8 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="a6002d8bfcc354ced2b742513f41a39c53c74894fcfd0587ec2ba46669d49537bd57444e5ca9822c3bd9d13a2146d7fe18f1ed", @ANYRESDEC=0x0, @ANYRESDEC=0x0, @ANYRES64=r4], 0x50)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r9)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
mount(0x0, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x862c22, 0x0)
io_uring_enter(r8, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000600))
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000001140)=ANY=[@ANYBLOB="13c4dcc1115d7365146a15bf53b597d5b626195040296c2a0f5a9f055ab2b75b89c507baffe7994cb40db46c07edc13dd70a7212ce271ee61f6053197b9e8647783ada", @ANYRES16=r10, @ANYBLOB="080025bd7000fedbdf251e0000000c000600030000000000000008000300", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="b0012f800c0002000200aaaaaaaaaaaa08000100050000000c0002000202aaaaaaaaaaaa0c0002000201aaaaaaaaaaaa8000038008000100020000003000038006000300a2aa00000800020003000000060001000300000006000100000000000c0004000203aaaaaaaaaaaa05000200000000000c00038008000200000000001c000380080002000000000006000300a1aa000006000100020000000c000500f8ffffffffffffff0800010003000000f80003800c0005000800000000000000480003800c0004000200aaaaaaaaaaaa0c0004000203aaaaaaaaaaaa06000100000000000c0004000201aaaaaaaaaaaa080002000100000006000300a3aa00000800020002000000080004000000010008000400018000003c0003800800020000000000080002"], 0x2d4}}, 0x4000)
syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

1m43.763036209s ago: executing program 1 (id=5903):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r2)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010000000000fcdbcf2554"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40010)

1m43.723114653s ago: executing program 1 (id=5905):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@usrquota}, {@nodiscard}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
lchown(&(0x7f00000001c0)='./file0\x00', 0x0, 0xffffffffffffffff)
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@multicast, @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @empty, @empty, {[@noop]}}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002040)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x288ba, &(0x7f00000000c0)={[{@jqfmt_vfsold}, {@usrjquota}, {@jqfmt_vfsv0}, {@noload}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9}, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@nodiscard}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8000003}}]}, 0x0, 0x461, &(0x7f00000004c0)="$eJzs3MtvVFUYAPBvXuVtKz5B0CoaiY+Wlocs3GA0caGJCS4wrmpbCDJQQ2sihGh1gUtD4t64NPEvcCNujLoycYt7Y0IMG9DVNXfm3jJtZ9qZdso0zO+XXDjnnjM559x7z/Sbc+dOAH1rOP2nELEzIm5ExGA9u7jCcP2/O7euTP5768pkIZLk5D+FWr3bt65M5lXz1+2oZ5JkhXavvh8xUa1OX8zyo3PnPxqdvXT55bPnJ85Mn5m+MH78+JHD+weOjR/tyjh3pX3d++nMvj1vvnft7clT1z749fu0vzuz8sZxdKzSfPdw/eg29dyaG9ucdjWkC+UedoSOlCKinF3CN2IwSrFtoWww3viip50DNlSSFJMtrYvnE+A+lgbqQD/K/9Cnn3/z7R6FHpvCzROxsI5xJ9vqJeUoZnUq2WekjTAcEafm//sm3WK96xAAAG24fiIiXmoW/xXj0YZ6D2T3hoYi4sGI2B0RD0XEwxHxSESt7mMR8XiH7S+9Q7I8/kkG1zSwNqXx36vZva3F8V8e/cVQKcvtqo2/Ujh9tjp9KDsmB6OyJc2PrdDGT6//8VWrssb4L93S9vNYMOvH3+UlC3RTE3MT6xlzo5ufR+wtNxt/YSHmTePjPRGxd41tnH3hu32tyoZWHf8KuhCUJ99GPF8///OxZPy5Qsv7k2OvHBs/Oro1qtOHRvOrYrnffr/6Tqv2Vz//G+vm9SS2N73+F8Y/VNgaMXvp8rna/drZztu4+ueXLT/TrPX6Hyi8W0sPZPs+mZibuzgWMVB4a/n+8buvzfN5/fT6P3ig+fzfHXePxBMRkV7E+yPiyYh4Kuv70xHxTEQcWGH8v7z27Iedj3+FVfkuSsc/tdr5j8bz33midO7nH5o2Xmn3/B+ppQ5me1q+/zW8H7TbwS4cQgAAANj0irXvwBeKIwvpYnFkJGK+tra7vVidmZ178fTMxxem6t+VH4pKMV/pGmxYDx3L1vLy/PiS/OFs3fjr0rZafmRypjrV68FDn9uRz//S4vmf+qvU694BG87zWtC/zH/oX+Y/9C/zH/qX+Q/9q9n8/6wH/QDuvXz+N7vftzMafhEMuO+I/6F/mf/Qv8x/6Estn40vruuRf4keJX4caHFOt0VEV9uKYtuVT95Okk1yfDZzohJNi8pt/5jFGhNbmhb1+p0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgO/4PAAD//7my44Y=")
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r6 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f00000001c0), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r6)
request_key(0x0, 0x0, 0x0, r6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x0, 0x0})
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xc8, 0x0, 0xc000000)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000000)=0x101, 0x7, 0x1)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)

1m43.580512117s ago: executing program 1 (id=5909):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000140)='kfree\x00', r0, 0x0, 0xfffffffffffffff8}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003ac73aeec67f284c35b370fc853a6645ba0f1fc5afcc6722af2a2096d0128598454fa04a58a7d136b8c5666bb1db4cf2bbb980539a6220f0776696a67760691aca650023441fbde340dd6c3f8a31dd25b85eb5bb735f12f67282d3e70b2a1fade85c7ebd156ced3c34857f520537c0e7b54b967aad08a29db54a073293c7b4b1be869970b9909f49af1f561fb3c1d6d87cd1b7479745af555ec4ce7f13fe623bf74fc0c5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000ab98aa7b", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@private2}, &(0x7f0000000100)=0x14)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xb}, 0x18)
r2 = getpid()
prlimit64(r2, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
syz_open_pts(r6, 0x900)

1m39.931862674s ago: executing program 1 (id=5958):
fadvise64(0xffffffffffffffff, 0xf, 0xa5, 0x0)
socket$netlink(0x10, 0x3, 0x13)
add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB="0002020000000000004000000000000000881b375a15e89c51ffe546ce2db6e8d438794891358c532d0d99d5be09000000a57319f45c0371ac7b231995d70c21bfd0481dfe42620f305095fd5446cb1268af60665854b35726f95ff439584270fe6fb286ff742f3c069a84d9839a936655190e7492bcc48dea00a8a0eff0e2d00b94498af384c254cfe0de65d7dceffb28d30ed248f0124311b9b4d94a9411b4db59ceab8bf72fb187402825b4"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x0, 0x0})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000580)={0x2, &(0x7f0000000540)=[{0x6f, 0x5, 0xc, 0x3}, {0xa1e3, 0x80, 0x7, 0xa}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r1, 0x2285, 0x0)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0fb0000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYRES8], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0x7}, 0x18)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x10, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000700)}, 0x0, 0x44a300000, 0x4, 0x1, 0x10000b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)

1m39.911587036s ago: executing program 32 (id=5958):
fadvise64(0xffffffffffffffff, 0xf, 0xa5, 0x0)
socket$netlink(0x10, 0x3, 0x13)
add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB="0002020000000000004000000000000000881b375a15e89c51ffe546ce2db6e8d438794891358c532d0d99d5be09000000a57319f45c0371ac7b231995d70c21bfd0481dfe42620f305095fd5446cb1268af60665854b35726f95ff439584270fe6fb286ff742f3c069a84d9839a936655190e7492bcc48dea00a8a0eff0e2d00b94498af384c254cfe0de65d7dceffb28d30ed248f0124311b9b4d94a9411b4db59ceab8bf72fb187402825b4"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x0, 0x0})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000580)={0x2, &(0x7f0000000540)=[{0x6f, 0x5, 0xc, 0x3}, {0xa1e3, 0x80, 0x7, 0xa}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r1, 0x2285, 0x0)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0fb0000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYRES8], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0x7}, 0x18)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x10, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000700)}, 0x0, 0x44a300000, 0x4, 0x1, 0x10000b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)

2.81060451s ago: executing program 5 (id=6934):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xff, 0x30000000000}, 0x0, 0x10000, 0xfffffffe, 0x5, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x19, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r1 = syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x0)
read$usbmon(r1, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a030000000000000000000700000078000000090a0104000000000900020073797a30000000000900010073797a3000000000080005400000002f34001280210001807569c58000100002800c0001400000000000000009100001800700010063740000040002800800034000000106140000001000010000000000000000000084000ae39b3bb9a7db0230da6406f796238548f775b5155d486ae45749da79def7"], 0xb4}}, 0x20050800)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x4001, 0x3, 0x510, 0x1f0, 0x0, 0x148, 0x1f0, 0x148, 0x478, 0x240, 0x240, 0x478, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0xff000000, 'ip6tnl0\x00', 'wlan1\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0x190, 0x1f0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x6, 0x1, 0x1, 'syz1\x00', 0xc}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0xffffff00, 0xffffff00, 0x0, 0xffffff00], 0x4e22, 0x4e22, 0x4e20, 0x4e23, 0x8, 0x2, 0x5f4a, 0x100, 0x2}}}, {{@ip={@remote, @multicast1, 0xff000000, 0xffffff00, 'wlan0\x00', 'pimreg1\x00', {}, {0xff}, 0x84, 0x0, 0x60}, 0x0, 0x260, 0x288, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x9, 0x1, 0x1, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x4, 0x3, 0x1, 0x1, 'syz1\x00', 0x5}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)
r6 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="a6002d8bfcc354ced2b742513f41a39c53c74894fcfd0587ec2ba46669d49537bd57444e5ca9822c3bd9d13a2146d7fe18f1ed", @ANYRESDEC=0x0, @ANYRESDEC=0x0, @ANYRES64=r3], 0x50)
r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r7)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
mount(0x0, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x862c22, 0x0)
io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000600))

2.334978014s ago: executing program 4 (id=6936):
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, &(0x7f0000000040))
r0 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r1 = socket$kcm(0x1e, 0x4, 0x0)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000840)="0b42a596edafee7a4d4ab50fa4719e13a85655ce2d1b064449c08e3b7579f4d98778d34a6ca2037729904179c32dbcb852521c8adaa495377d1fb14b4045cf0dce7d5c24ac9febb9ee4476f8ebeef0a4c55bad25d121b54e626a984ffef35f7ee98c1d395d8499a04e4f367e4726bca610a3f92ecc69c1c9540a647bbd278166818b1f7467", 0x85}], 0x1}, 0x40010)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f00000000c0), 0x66)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfdef)
close(0x3)

2.296525827s ago: executing program 4 (id=6937):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0xb, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7e, 0x1, @perf_config_ext={0x10000d07, 0x40}, 0xee2b, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x18)
truncate(&(0x7f0000000000)='./bus\x00', 0x8)
timer_create(0x0, 0x0, &(0x7f0000000300)=<r4=>0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
timer_getoverrun(r4)

2.15757421s ago: executing program 4 (id=6940):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0xe0880, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030003130000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a004e2400000004ff010000000000000000000000000001000000000000000002000100000000000000070c0100000005000500000000000a004e2400000009000000000000000000000000000000000600000000000000020013"], 0x98}, 0x1, 0x7}, 0x8980) (fail_nth: 1)

1.93932784s ago: executing program 4 (id=6943):
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x58, r2, 0x405, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2010000}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x48894}, 0x20004080)
bind$tipc(0xffffffffffffffff, &(0x7f0000000640)=@id={0x1e, 0x3, 0x1, {0x4e22, 0x5}}, 0xd)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f00000001c0)={0x30000004})
syz_open_dev$usbfs(&(0x7f0000000240), 0x10, 0x80100)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x22002, 0x48)
write$cgroup_devices(r5, &(0x7f0000002440)=ANY=[], 0x6)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000980)='mm_page_free\x00', r6, 0x0, 0x3}, 0x18)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1600050000005389332ffaeed31efa40e020e1505cb6afd570f8000004000000ffb3ce8bc742c95ad198f511bd1a1e330710c8662db654eedaf8a345742b29939da220091dd5b51e0ec3eb18fe6a54748eecd5fe0e846442ab0c16baffd91104a1be6beb4edd446e2adcecd3404995e199066cf2fb87a3130fba4a2a19c37ce0c85a30bd0cc71a39ad0de34def80f35e63da571ed4bc5abb064c39ee4e7cd13760c07b8aa0f1c8ac8a5138"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
syz_read_part_table(0x604, &(0x7f0000000000)="$eJzs1D+LXFUYB+DfnZ2ZOxNcZtGAIkIWAlbLWkiKBQddgkqaZAlRLOwEq1gYCJhqliSlSLAV1iaChMB+AW0kTALBxipYhmBvEEFWPDJzJzsJKSx2YUx4nuKc97z3/Lucc294prVSj0qp+hk9ynS6s+ClpuqmlFL2B1z75NL5WdjOBzeO30y2Ns+eS45sf5xk9bUXksH+XPOFbj25bhnslfTzsDdPVc2cyXaSz+5fn4bt+SwrT22+PtCr8xzYHX7xU6b3ZthPL518k2x81zwbffjyWx+1qmp+C6t39sPOYa0/Pja9uKlzb3/O1WR5vf12kjuzzNqk029NPG6+ter041e41VRLzWfwpP5TmUPaPQe1OxwPrly90P26PW0++Pbo/V8vT36YF99Ye7Fza3Stag7vWJJed/KTq6aHvbTgfQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+f3eF40J3F9z6vH7z5aXvWWin/lFKS1EkmXXpNvkp/cKRM6mwfzvpX7n7ZTz2sHuVKOfP7zvJ653YnZ3Zm665VGT02bGevqbsH3wGLND3/qxfe/+rS8M+baa7A5b9Ov95rwnpa9pM/ur3R0YtJWvOx/cVsGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n3v3vVOrW5tnzyWp2r0krZXr48mDE680HUry6o8nvj9/Z3Pj5KS9Pin+7p6q671y9+TDGys/H//l9lK26qb7D62kzsZy2u0msTstOwt5Of7TvwEAAP//Gzxl+g==")

1.539421417s ago: executing program 5 (id=6949):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[], 0x40}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x10, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x1}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

1.493421622s ago: executing program 3 (id=6951):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0xb, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7e, 0x1, @perf_config_ext={0x10000d07, 0x40}, 0xee2b, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000000)='./bus\x00', 0x8)
timer_create(0x0, 0x0, &(0x7f0000000300)=<r3=>0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
timer_getoverrun(r3)

1.388852412s ago: executing program 5 (id=6952):
r0 = socket$inet6(0xa, 0x2, 0x2)
setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000000)=0xb2, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2, <r3=>0xffffffffffffffff}, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000002c0)={'pimreg\x00', 0x6bf1c2d5adba8c32})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x9, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18020000000000100000000000000000180100002020207b1af8ff00000000bfa10000000007010000f8ffffffb702000008000000b7030000718010d89ec8db28700000009500001d451d9014b5db1a6d5f48c0452607131024a2ec9159d7bb095a66da9d45bdb276e759cfd8aa06320900e1279bec63f6b5816b2089d81305358114d024617cb7989f28dc66a04133efb0d50fadfb45af3679750ee723c13113a5a5d48f027e31299b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0)
membarrier(0x10, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = dup(r7)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
writev(r5, &(0x7f0000000080)=[{&(0x7f0000000100)="2e9b3d0007e03dd65193df163e75963f86ddf06712e900092f8db0049d90491c3248040000f858dbb8a1", 0x2a}, {&(0x7f0000000200)='$\x00\x00\x00\x00\x00', 0x6}, {&(0x7f0000000240)="a43b2eaab4000000000080006558", 0xe}, {&(0x7f0000000140)="1d33cd4e", 0x4}], 0x4)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r4, 0x8010661b, 0x0)
fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000000)=0x5)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x441, 0x0)
write$binfmt_aout(r9, &(0x7f00000002c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r9, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x50, "0062ba7d82000000000000000000f7ffffff00"})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000004c0)={'wg1\x00', <r10=>0x0})
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x9, 0x4, 0x10000, 0x1, 0x12}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x1}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}]}, &(0x7f0000000480)='GPL\x00', 0x8, 0x0, 0x0, 0x2a01abbdaa57d8a9, 0x20, '\x00', r10, 0x0, r4, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000005c0)=[r2, r11, r8], &(0x7f0000000600)=[{0x3, 0x3, 0xf, 0xd}, {0x2, 0x2, 0x9, 0x3}], 0x10, 0x7}, 0x94)
syz_open_pts(r9, 0x0)
r12 = socket(0x6, 0x80000, 0x3)
setsockopt$IP6T_SO_SET_REPLACE(r12, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x7fffffe, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, @mcast1, [0x0, 0x0, 0x0, 0xffffff], [0x0, 0x0, 0x4c62d6309aaa1bde, 0xff000000], 'ip6tnl0\x00', 'nicvf0\x00', {}, {0xff}, 0x3a}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x4, '\x00', 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth1\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', {0x1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)

1.360367804s ago: executing program 3 (id=6953):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x8c4618b458db9105, @hyper}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x441, 0x0)
r2 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00')
r3 = openat$binfmt(0xffffffffffffff9c, r2, 0x41, 0x1ff)
write$binfmt_aout(r3, &(0x7f00000002c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x50, "0062ba7d82000000000000000000f7ffffff00"})
r4 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000440)=0x2458, 0x1f)
sendto$inet6(r4, 0x0, 0x0, 0x400c844, &(0x7f0000000180)={0xa, 0x4e23, 0x8be6, @mcast2}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x40000, 0x0, 0x0)
syz_open_pts(r1, 0x0)
r5 = fsopen(&(0x7f00000004c0)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000001d40)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xaei\xb6\xb7\xc1Y\xd5YG\xf9\xc2\xf1\xa4\xdb$\xf6]\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\x03\x00\x00\x00\x00\x00\x00\x00\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^W\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B\xc5\x05\x9d\xd6\x02|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3q\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xcd\xd3\t\x01A\xd5\x81\xc1;9\xeez\xba\x00\x00\x00\xdc\x94\xff)\xa4\xe6\xfb]\x90bG\x11\b\x98#\xaa99ez|\x8b5\x92\xa5\xba\x96\xb3\xb26I\xbb\xdeb\x95?\xc0\x81', &(0x7f0000000200)='sockfs\x00', 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x18)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000780)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', 0x0)
close(r5)
connect$vsock_stream(r0, &(0x7f0000000600)={0x28, 0x0, 0x0, @local}, 0x10)

1.331222506s ago: executing program 3 (id=6954):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x80)
pwritev(r0, &(0x7f0000001400)=[{&(0x7f0000000040)}, {0x0}], 0x2, 0xffffff01, 0x2)

1.260575064s ago: executing program 3 (id=6955):
socket$netlink(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x14004040)
read(r0, &(0x7f0000000300)=""/212, 0xd4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000040)='./file0/../file0/../file0/../file0\x00', 0xffffffffffffff9c, 0x0, 0x60)

1.033423254s ago: executing program 4 (id=6956):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1002}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x9, 0x10}, 0xc)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
pipe2$9p(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r2, 0x0, r0, 0x0, 0xffff, 0x2)

982.034919ms ago: executing program 0 (id=6957):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18)
accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80800)

963.386861ms ago: executing program 0 (id=6958):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x8c4618b458db9105, @hyper}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x441, 0x0)
r2 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00')
r3 = openat$binfmt(0xffffffffffffff9c, r2, 0x41, 0x1ff)
write$binfmt_aout(r3, &(0x7f00000002c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x50, "0062ba7d82000000000000000000f7ffffff00"})
r4 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000440)=0x2458, 0x1f)
sendto$inet6(r4, 0x0, 0x0, 0x400c844, &(0x7f0000000180)={0xa, 0x4e23, 0x8be6, @mcast2}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x40000, 0x0, 0x0)
syz_open_pts(r1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x18)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000780)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', 0x0)
close(0xffffffffffffffff)
connect$vsock_stream(r0, &(0x7f0000000600)={0x28, 0x0, 0x0, @local}, 0x10)

944.071502ms ago: executing program 0 (id=6959):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1002}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x9, 0x10}, 0xc)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
pipe2$9p(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r2, 0x0, r0, 0x0, 0xffff, 0x2)

860.13713ms ago: executing program 2 (id=6961):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000dc0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

859.19509ms ago: executing program 2 (id=6962):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00002ced650000000000000000"], 0x50)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
msgget$private(0x0, 0x400)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x1d30, 0x0, 0x2003, 0x1}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x14, 0x4, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x20, 0xffff}}}}}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {<r5=>r2}}, './file0\x00'})
r6 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000003000), 0x1, 0x0)
write$binfmt_register(r6, &(0x7f0000003040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2, 0x3a, '(\'$--,', 0x3a, '}%}{}-\'@', 0x3a, './file0', 0x3a, [0x46, 0x50]}, 0x37)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000000)={[{@i_version}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@errors_remount}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x470, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gh/U7/jVv8jjfvy59/yv7uKOZTBiLg7InZHxD0RsSci7o3I294fEQ+sMp7b+z/plVV+5LKy/t9zxdzW4v5f2fuLwZ6itjPPvy85Pl2vHSz+J8PRtyWrjy2zjm9e/PmTdsua+3/ZI1t/2Rcs4rjS2zJANzUxN5F3Sjvg6sWIfb1L5Z/cnAlIImJvROxb2UfvKgvTT3y5v12jO+e/jA7MMy18kaU3n+U/Hy35l5Lm+cnp2+YnR7dGvXZwtNwrbvfjT5dea7f+VeXfAVdrjeem7d/aZDBpnq+dXfk6Lv36Udt7mv+4/6f9yRv5PHN/8dp7E3NzZ8Yi+pOjeX3R6+O33lvWy/bZ/j98YOnjf3fxniz/ByMi24kfioiHI+KRIvZHI+KxiDiwTP7fv9B+WZl/pBVt/4sRU0ue/27u/y3bf+WFnpPffd1u/f9u+x/OS8PFK/n57w6WCic7XbQGuJr/HQAAAPxfpPl34JN05GY5TUdGGt/h3xN3pfWZ2bknj8+8c3qq8V35wehLy5GugWI8tD5dr40l88UnNsZHx4ux4nK89FAxbvxpz7a8PjI5U5+qOHfodtvbHP+Z33uqjg5YY9uWfHW8f90DASrQOo+eLq5eeDWcDGCz8ntt6F53OP7T9YoDWH+u/9C9ljr+L7TUzQXA5uT6D93L8Q9dKv226giACrn+Q1daze/617CwdWOEUU1ho26UvBBRFtINEY/CGhWqPjMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xj8BAAD//02e6R0=")
getpriority(0x1, 0x0)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r5, 0x84, 0x12, &(0x7f00000000c0), &(0x7f0000000140)=0x4)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r7}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r9, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r11, 0x0, 0x9}, 0x18)

730.829342ms ago: executing program 2 (id=6963):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[], 0x40}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa20000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x10, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x1}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

642.9618ms ago: executing program 2 (id=6964):
pread64(0xffffffffffffffff, &(0x7f00000195c0)=""/102400, 0x19000, 0x2000000)

588.734926ms ago: executing program 2 (id=6965):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x80)
pwritev(r0, &(0x7f0000001400)=[{&(0x7f0000000040)}, {0x0}], 0x2, 0xffffff01, 0x2)

588.386456ms ago: executing program 2 (id=6966):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
preadv(r1, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000210000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x64000600)

436.187519ms ago: executing program 5 (id=6967):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$selinux_context(r2, &(0x7f0000000280)='system_u:object_r:nvram_device_t:s0\x00', 0x24)

341.624479ms ago: executing program 5 (id=6968):
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r0, 0x0, 0xfffffffffffffc02}, 0x18)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xfffffffb}, 0x48, 0xffffffffffffffff)
r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, 0x0, r1, r1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x201c888, &(0x7f0000002340)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0], 0x4, 0x27d, &(0x7f0000000d40)="$eJzs281qE30Ux/FfX56ntbWdaLXainhQBN0MbbyCUFoQA0ptxBcQpnaiIdOkZEIlIrY7t268ieLSnSDeQDdegLhw143LLsSRTNI2aSPqwo6a72czJ/znF2Y4/wlnkdm6/WK5mA/dvFdV70vVrWtbSqlXfWroaR574/p/tVrX5bHsx7M379y9lslmZ+fN5jILV9JmNnru7eOnr86/qw7fej36ZkCbqftbn9OfNsc3J7a+LjwqhFYIrVSummeL5XLVWwx8WyqERdfsxsUPXuhboRT6lbb1fFBeWamZV1oaGVqp+GFoXqlmRb9m1bJVKzXzHnqFkrmuayNDwo/kNubnvUzSV4Hfq1LJeDOSJg+s5DYSuSAAAJCotvm/x9T/R8z/gc/8fxiY/7tBff6/13x+2zH/AwAAAAAAAAAAAAAAAAAAAADwN9iOIieKImfn+J8Uv+ETNT8fkTQkaVjSUUkjkkYlOZJSko5JOi5pTNIJSScljUs6Jem0pImW70r6XnHQ9/rfR/+7As9/d6P/3a3lxd1Bafn5am411zg21jN5FRTI15QcfYl72dSo565mZ6csltKZ5bVmfm0119een5ZT3zCd8tONvLXnB+J9t5tPy6lvsE75dMf8oC5daMm7cvT+gcoKtBTvyb38s2mzmevZffnJ+Lx/nWu7OvbP3TmhR2pfb+R/Yn9EUx3706/J/mTvHVJYe1L0gsCvUFBQUOwWSf8y4TDsNT3pKwEAAAAAAAAAAAAAAAAA/IrD+Dth0vcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB+3wIAAP//WN9gXg==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0xffffffffffffffe7, &(0x7f0000000240)={&(0x7f0000002440)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r4, {0xe, 0xb}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x4000010)

246.992917ms ago: executing program 3 (id=6969):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18)
accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80800)

191.230372ms ago: executing program 5 (id=6970):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x64000600)

170.748934ms ago: executing program 3 (id=6971):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000000)={[{@journal_path={'journal_path', 0x3d, './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000a00)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x18)
request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)='GPL\x00', 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000001f80)={0x11, 0x15, &(0x7f0000000b80)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x80000000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @ldst={0x0, 0x1, 0x2, 0x7, 0xb, 0xffffffffffffffff, 0xfffffffffffffffd}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfffffff8, 0x0, 0x0, 0x41000, 0x5, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x1, 0x10, 0x80, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x9, &(0x7f0000001e80)=[0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000001ec0)=[{0x1, 0x4, 0x2, 0x6}, {0x5, 0x2, 0x0, 0x9}, {0x4, 0x5, 0x0, 0xb}, {0x4, 0x3, 0x3, 0xb}, {0x0, 0x4, 0x2, 0x3}, {0x2, 0xc, 0x5, 0xa}, {0x0, 0x1, 0xc, 0x8}, {0x2, 0x4, 0xb}, {0x0, 0x3, 0x5, 0x4}], 0x10, 0x9}, 0x94)
unshare(0x64000600)

146.582116ms ago: executing program 4 (id=6972):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000003000), 0x1, 0x0)
write$binfmt_register(r2, &(0x7f0000003040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2, 0x3a, '(\'$--,', 0x3a, '}%}{}-\'@', 0x3a, './file0', 0x3a, [0x46, 0x50]}, 0x37)

34.841927ms ago: executing program 0 (id=6973):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x8c4618b458db9105, @hyper}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x441, 0x0)
r2 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00')
r3 = openat$binfmt(0xffffffffffffff9c, r2, 0x41, 0x1ff)
write$binfmt_aout(r3, &(0x7f00000002c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x50, "0062ba7d82000000000000000000f7ffffff00"})
r4 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000440)=0x2458, 0x1f)
sendto$inet6(r4, 0x0, 0x0, 0x400c844, &(0x7f0000000180)={0xa, 0x4e23, 0x8be6, @mcast2}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x40000, 0x0, 0x0)
syz_open_pts(r1, 0x0)
r5 = fsopen(&(0x7f00000004c0)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000001d40)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xaei\xb6\xb7\xc1Y\xd5YG\xf9\xc2\xf1\xa4\xdb$\xf6]\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\x03\x00\x00\x00\x00\x00\x00\x00\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^W\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B\xc5\x05\x9d\xd6\x02|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3q\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xcd\xd3\t\x01A\xd5\x81\xc1;9\xeez\xba\x00\x00\x00\xdc\x94\xff)\xa4\xe6\xfb]\x90bG\x11\b\x98#\xaa99ez|\x8b5\x92\xa5\xba\x96\xb3\xb26I\xbb\xdeb\x95?\xc0\x81', &(0x7f0000000200)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='\x00', &(0x7f00000001c0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f00000000c0)='dE\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x18)
close(r5)

15.254048ms ago: executing program 0 (id=6974):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x80)
pwritev(r0, &(0x7f0000001400)=[{0x0}, {0x0}], 0x2, 0xffffff01, 0x2)

0s ago: executing program 0 (id=6975):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket(0x1e, 0x4, 0x0)
r4 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10)
sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f00000004c0)={0x3, 0x3, "fe1473e3a3ccfc07b4425f942ecae91e47f2a4162bac41b4f5e779078cf696eb65267d3d9082c1be20315b0a4a132245f12a676d95a869d84eb4cfcb2da9b1568af7a28bdcf26de152c30071c078609c5ea28d6d4e8ac946ed6c3099b745cea98e3e7a9d90e23197792a92daeecbb165ae95d9ef0db9e6dfbec35958cc71df642b492dafb8ca478baac8717724bfa3ec484cf08061671525413732d31cb8431c3fd328a6cdac90a96a547389f16193ad67be5c3163f5e16183b3b60cac7cce153eeee468979135ed86b8354109945c0065b2355226aa4f42a02171e7456793a6f0f2f5f989385a87c6da8144d2ab6b7b864a032d0435264e551db53e5b0cbe9a"})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x121202, 0x0)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)

kernel console output (not intermixed with test programs):

.320533][T27832] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6312'.
[  516.329494][T27832] netlink: 14 bytes leftover after parsing attributes in process `syz.5.6312'.
[  516.696873][T27862] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  516.696873][T27862]    program syz.0.6316 not setting count and/or reply_len properly
[  517.227224][T27894] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6318'.
[  518.247728][T27932] loop2: detected capacity change from 0 to 512
[  518.256579][T27932] EXT4-fs: Ignoring removed nomblk_io_submit option
[  518.263336][T27932] EXT4-fs: Ignoring removed oldalloc option
[  518.269822][T27932] EXT4-fs: Mount option(s) incompatible with ext2
[  519.606423][T28018] loop5: detected capacity change from 0 to 512
[  519.620530][T28018] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  519.635414][T28018] EXT4-fs: error: could not find journal device path
[  519.970426][T28023] netlink: 100 bytes leftover after parsing attributes in process `syz.2.6334'.
[  520.000795][T28065] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6339'.
[  520.061092][T28067] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6340'.
[  520.070314][T28067] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6340'.
[  520.079290][T28067] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6340'.
[  520.984988][   T29] kauditd_printk_skb: 48 callbacks suppressed
[  520.985006][   T29] audit: type=1326 audit(1766895144.235:25597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28081 comm="syz.5.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  521.015455][   T29] audit: type=1326 audit(1766895144.265:25598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28081 comm="syz.5.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  521.039076][   T29] audit: type=1326 audit(1766895144.265:25599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28081 comm="syz.5.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  521.063061][   T29] audit: type=1326 audit(1766895144.265:25600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28081 comm="syz.5.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  521.086773][   T29] audit: type=1326 audit(1766895144.265:25601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28081 comm="syz.5.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  521.111075][   T29] audit: type=1326 audit(1766895144.265:25602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28081 comm="syz.5.6344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  521.137614][T28084] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  521.137614][T28084]    program syz.5.6344 not setting count and/or reply_len properly
[  521.216579][   T29] audit: type=1326 audit(1766895144.455:25603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28085 comm="syz.3.6345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe368a8f749 code=0x7ffc0000
[  521.240318][   T29] audit: type=1326 audit(1766895144.455:25604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28085 comm="syz.3.6345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe368a8f749 code=0x7ffc0000
[  521.264110][   T29] audit: type=1326 audit(1766895144.455:25605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28085 comm="syz.3.6345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7fe368a8f749 code=0x7ffc0000
[  521.287655][   T29] audit: type=1326 audit(1766895144.455:25606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28085 comm="syz.3.6345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe368a8f749 code=0x7ffc0000
[  521.403462][T28092] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  521.410084][T28092] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  521.417822][T28092] vhci_hcd vhci_hcd.0: Device attached
[  521.424617][T28093] vhci_hcd: connection closed
[  521.424758][ T3609] vhci_hcd vhci_hcd.3: stop threads
[  521.434753][ T3609] vhci_hcd vhci_hcd.3: release socket
[  521.440322][ T3609] vhci_hcd vhci_hcd.3: disconnect device
[  521.824772][T28110] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6350'.
[  521.854821][T28112] wireguard0: entered promiscuous mode
[  521.860426][T28112] wireguard0: entered allmulticast mode
[  521.985324][T28123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=28123 comm=syz.5.6351
[  522.023613][T28127] dvmrp1: entered allmulticast mode
[  522.032015][T28127] dvmrp1: left allmulticast mode
[  522.274794][T28135] loop4: detected capacity change from 0 to 512
[  522.976692][T28135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  523.066279][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  523.173429][T28185] loop2: detected capacity change from 0 to 4096
[  523.180544][T28185] EXT4-fs: Ignoring removed nomblk_io_submit option
[  523.192330][T28185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  523.206100][T28192] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  523.206100][T28192]    program syz.4.6361 not setting count and/or reply_len properly
[  523.212802][T28193] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6362'.
[  523.253377][T28195] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6364'.
[  523.262510][T28195] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6364'.
[  523.271587][T28195] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6364'.
[  523.390831][T28196] netlink: 'syz.2.6359': attribute type 2 has an invalid length.
[  523.411891][T28204] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  523.418490][T28204] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  523.426243][T28204] vhci_hcd vhci_hcd.0: Device attached
[  523.432790][T28205] vhci_hcd: connection closed
[  523.470267][ T3609] vhci_hcd vhci_hcd.0: stop threads
[  523.480322][ T3609] vhci_hcd vhci_hcd.0: release socket
[  523.485807][ T3609] vhci_hcd vhci_hcd.0: disconnect device
[  523.578401][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  523.671970][T28209] loop5: detected capacity change from 0 to 128
[  523.839088][T28218] dvmrp1: entered allmulticast mode
[  523.855586][T28218] dvmrp1: left allmulticast mode
[  523.917929][T28218] loop5: detected capacity change from 0 to 512
[  523.997762][T28218] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  525.119390][T28271] __nla_validate_parse: 2 callbacks suppressed
[  525.119409][T28271] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6376'.
[  525.134798][T28271] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6376'.
[  525.143804][T28271] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6376'.
[  525.336401][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.753868][T28279] loop4: detected capacity change from 0 to 512
[  525.760504][T28279] EXT4-fs: Ignoring removed i_version option
[  525.766578][T28279] EXT4-fs: Ignoring removed bh option
[  525.823709][T28279] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  525.836661][T28279] ext4 filesystem being mounted at /93/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  526.121948][   T29] kauditd_printk_skb: 75 callbacks suppressed
[  526.121968][   T29] audit: type=1326 audit(1766895149.375:25682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.152076][   T29] audit: type=1326 audit(1766895149.375:25683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.186406][   T29] audit: type=1326 audit(1766895149.375:25684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.210126][   T29] audit: type=1326 audit(1766895149.375:25685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.234169][   T29] audit: type=1326 audit(1766895149.375:25686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.257833][   T29] audit: type=1326 audit(1766895149.375:25687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.281562][   T29] audit: type=1326 audit(1766895149.375:25688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.305177][   T29] audit: type=1326 audit(1766895149.375:25689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.328860][   T29] audit: type=1326 audit(1766895149.375:25690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.352745][   T29] audit: type=1326 audit(1766895149.375:25691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28285 comm="syz.5.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  526.391335][T28297] loop2: detected capacity change from 0 to 512
[  526.398688][T28297] EXT4-fs: Ignoring removed nomblk_io_submit option
[  526.405415][T28297] EXT4-fs: Ignoring removed oldalloc option
[  526.412799][T28297] EXT4-fs: Mount option(s) incompatible with ext2
[  526.420978][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  526.547174][T28308] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  526.547174][T28308]    program syz.2.6382 not setting count and/or reply_len properly
[  527.799634][T28383] dvmrp1: entered allmulticast mode
[  527.808065][T28383] dvmrp1: left allmulticast mode
[  527.873162][T28409] loop5: detected capacity change from 0 to 512
[  527.908888][T28409] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.045192][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  528.367898][T28453] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  528.367898][T28453]    program syz.4.6398 not setting count and/or reply_len properly
[  528.789336][T28463] dvmrp1: entered allmulticast mode
[  528.796016][T28463] dvmrp1: left allmulticast mode
[  528.994991][T28474] netlink: 100 bytes leftover after parsing attributes in process `syz.2.6401'.
[  529.652606][   T37] bond0 (unregistering): Released all slaves
[  529.782482][   T37] hsr_slave_0: left promiscuous mode
[  529.800730][   T37] hsr_slave_1: left promiscuous mode
[  529.869463][T24681] smc: removing ib device syz!
[  530.182891][T28487] chnl_net:caif_netlink_parms(): no params data found
[  530.291139][T28672] dvmrp1: entered allmulticast mode
[  530.305187][T28672] dvmrp1: left allmulticast mode
[  530.339769][T28487] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.346904][T28487] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.366887][T28716] loop4: detected capacity change from 0 to 512
[  530.383106][T28487] bridge_slave_0: entered allmulticast mode
[  530.395807][T28716] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.414916][T28487] bridge_slave_0: entered promiscuous mode
[  530.441881][T28487] bridge0: port 2(bridge_slave_1) entered blocking state
[  530.448989][T28487] bridge0: port 2(bridge_slave_1) entered disabled state
[  530.497607][T28487] bridge_slave_1: entered allmulticast mode
[  530.521954][T28487] bridge_slave_1: entered promiscuous mode
[  530.592048][T28487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  530.647908][T28487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  530.662561][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.745046][T28487] team0: Port device team_slave_0 added
[  530.755887][T28487] team0: Port device team_slave_1 added
[  530.785999][T28487] batman_adv: batadv0: Adding interface: batadv_slave_0
[  530.793152][T28487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  530.819154][T28487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  530.836662][T28487] batman_adv: batadv0: Adding interface: batadv_slave_1
[  530.843770][T28487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  530.869759][T28487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  530.910529][T28487] hsr_slave_0: entered promiscuous mode
[  530.916667][T28487] hsr_slave_1: entered promiscuous mode
[  530.923118][T28487] debugfs: 'hsr0' already exists in 'hsr'
[  530.928893][T28487] Cannot create hsr debugfs directory
[  530.966342][T28861] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  530.972919][T28861] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  530.980754][T28861] vhci_hcd vhci_hcd.0: Device attached
[  530.991405][T28862] vhci_hcd: connection closed
[  530.998810][ T2296] vhci_hcd vhci_hcd.4: stop threads
[  531.008928][ T2296] vhci_hcd vhci_hcd.4: release socket
[  531.014659][ T2296] vhci_hcd vhci_hcd.4: disconnect device
[  531.288490][T28487] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  531.303451][T28927] loop5: detected capacity change from 0 to 512
[  531.310178][T28927] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  531.325051][T28927] EXT4-fs: error: could not find journal device path
[  531.376601][T28487] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  531.395105][T28487] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  531.414719][T28487] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  531.497738][T28487] 8021q: adding VLAN 0 to HW filter on device bond0
[  531.498199][T28964] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6424'.
[  531.524605][T28487] 8021q: adding VLAN 0 to HW filter on device team0
[  531.544199][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  531.551339][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.564159][ T3609] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.571274][ T3609] bridge0: port 2(bridge_slave_1) entered forwarding state
[  531.706039][T28487] 8021q: adding VLAN 0 to HW filter on device batadv0
[  531.739900][T28976] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6427'.
[  531.804129][T28487] veth0_vlan: entered promiscuous mode
[  531.826498][T28487] veth1_vlan: entered promiscuous mode
[  531.895632][T28487] veth0_macvtap: entered promiscuous mode
[  531.922111][T28487] veth1_macvtap: entered promiscuous mode
[  531.963127][T28487] batman_adv: batadv0: Interface activated: batadv_slave_0
[  531.986454][T28487] batman_adv: batadv0: Interface activated: batadv_slave_1
[  532.012914][ T3609] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  532.022264][ T3609] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  532.054323][ T3609] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  532.089663][ T3609] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  532.330518][   T29] kauditd_printk_skb: 59 callbacks suppressed
[  532.330535][   T29] audit: type=1326 audit(1766895155.585:25751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28996 comm="syz.2.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  532.361050][   T29] audit: type=1326 audit(1766895155.615:25752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28996 comm="syz.2.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  532.385227][   T29] audit: type=1326 audit(1766895155.615:25753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28996 comm="syz.2.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  532.409050][   T29] audit: type=1326 audit(1766895155.615:25754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28996 comm="syz.2.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  532.432684][   T29] audit: type=1326 audit(1766895155.615:25755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28996 comm="syz.2.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  532.453096][T29000] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6428'.
[  532.822604][T29002] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  532.829186][T29002] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  532.836984][T29002] vhci_hcd vhci_hcd.0: Device attached
[  532.844870][T29003] vhci_hcd: connection closed
[  532.845021][   T31] vhci_hcd vhci_hcd.2: stop threads
[  532.855187][   T31] vhci_hcd vhci_hcd.2: release socket
[  532.860709][   T31] vhci_hcd vhci_hcd.2: disconnect device
[  533.152464][T29034] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6437'.
[  533.161737][T29034] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6437'.
[  533.171022][T29034] netlink: 14 bytes leftover after parsing attributes in process `syz.5.6437'.
[  533.220122][   T29] audit: type=1326 audit(1766895156.465:25756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29037 comm="syz.0.6439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ff3f749 code=0x7ffc0000
[  533.243844][   T29] audit: type=1326 audit(1766895156.465:25757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29037 comm="syz.0.6439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ff3f749 code=0x7ffc0000
[  533.267772][   T29] audit: type=1326 audit(1766895156.465:25758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29037 comm="syz.0.6439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e1ff3f749 code=0x7ffc0000
[  533.291579][   T29] audit: type=1326 audit(1766895156.465:25759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29037 comm="syz.0.6439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ff3f749 code=0x7ffc0000
[  533.315288][   T29] audit: type=1326 audit(1766895156.465:25760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29037 comm="syz.0.6439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e1ff3f749 code=0x7ffc0000
[  533.356054][T29046] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6440'.
[  533.409283][T29050] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6442'.
[  533.418329][T29050] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6442'.
[  533.427349][T29050] netlink: 14 bytes leftover after parsing attributes in process `syz.0.6442'.
[  533.609807][T29052] loop5: detected capacity change from 0 to 512
[  533.616449][T29052] EXT4-fs: Ignoring removed i_version option
[  533.622496][T29052] EXT4-fs: Ignoring removed bh option
[  534.731108][T29052] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  534.743963][T29052] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  535.407116][T29066] dvmrp1: entered allmulticast mode
[  535.414023][T29066] dvmrp1: left allmulticast mode
[  535.833940][T29071] loop4: detected capacity change from 0 to 512
[  535.843139][T29071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  536.533954][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.671135][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.770855][T29096] loop3: detected capacity change from 0 to 512
[  536.777772][T29096] EXT4-fs: Ignoring removed nomblk_io_submit option
[  536.784489][T29096] EXT4-fs: Ignoring removed oldalloc option
[  536.790955][T29096] EXT4-fs: Mount option(s) incompatible with ext2
[  537.357797][   T29] kauditd_printk_skb: 52 callbacks suppressed
[  537.357813][   T29] audit: type=1326 audit(1766895160.605:25813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29106 comm="syz.4.6449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  537.406192][   T29] audit: type=1326 audit(1766895160.635:25814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29106 comm="syz.4.6449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  537.430129][   T29] audit: type=1326 audit(1766895160.635:25815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29106 comm="syz.4.6449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  537.454259][   T29] audit: type=1326 audit(1766895160.635:25816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29106 comm="syz.4.6449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  537.477992][   T29] audit: type=1326 audit(1766895160.635:25817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29106 comm="syz.4.6449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  537.482146][T29116] dvmrp1: entered allmulticast mode
[  537.501686][   T29] audit: type=1326 audit(1766895160.635:25818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29106 comm="syz.4.6449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  537.541023][   T29] audit: type=1326 audit(1766895160.665:25819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29110 comm="syz.3.6458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  537.564790][   T29] audit: type=1326 audit(1766895160.665:25820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29110 comm="syz.3.6458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  537.588693][   T29] audit: type=1326 audit(1766895160.665:25821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29110 comm="syz.3.6458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  537.612363][   T29] audit: type=1326 audit(1766895160.665:25822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29110 comm="syz.3.6458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  537.643884][T29116] dvmrp1: left allmulticast mode
[  538.665252][T29208] loop4: detected capacity change from 0 to 512
[  538.672732][T29208] EXT4-fs: Ignoring removed nomblk_io_submit option
[  538.676203][T29213] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=29213 comm=syz.5.6469
[  538.679361][T29208] EXT4-fs: Ignoring removed oldalloc option
[  538.701417][T29208] EXT4-fs: Mount option(s) incompatible with ext2
[  538.814999][T29225] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  538.821571][T29225] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  538.829445][T29225] vhci_hcd vhci_hcd.0: Device attached
[  538.858830][T29228] vhci_hcd: connection closed
[  538.858961][T21835] vhci_hcd vhci_hcd.4: stop threads
[  538.869465][T21835] vhci_hcd vhci_hcd.4: release socket
[  538.874883][T21835] vhci_hcd vhci_hcd.4: disconnect device
[  538.909034][T29237] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=29237 comm=syz.5.6478
[  539.168114][T29249] loop3: detected capacity change from 0 to 512
[  539.178131][T29249] EXT4-fs: Ignoring removed nomblk_io_submit option
[  539.184817][T29249] EXT4-fs: Ignoring removed oldalloc option
[  539.191326][T29249] EXT4-fs: Mount option(s) incompatible with ext2
[  539.234883][T29257] dvmrp1: entered allmulticast mode
[  539.244004][T29257] dvmrp1: left allmulticast mode
[  539.302941][T29283] loop3: detected capacity change from 0 to 512
[  539.312734][T29283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.374174][T29290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=29290 comm=syz.4.6486
[  539.403821][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.490656][T29300] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=29300 comm=syz.3.6490
[  539.640960][T29309] loop3: detected capacity change from 0 to 512
[  539.649124][T29309] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  539.660734][T29309] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.6494: inode has both inline data and extents flags
[  539.675794][T29309] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.6494: couldn't read orphan inode 15 (err -117)
[  539.830719][T29309] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.875827][T29340] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  539.882427][T29340] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  539.890319][T29340] vhci_hcd vhci_hcd.0: Device attached
[  539.898261][T29341] vhci_hcd: connection closed
[  539.898628][ T3609] vhci_hcd vhci_hcd.0: stop threads
[  539.908795][ T3609] vhci_hcd vhci_hcd.0: release socket
[  539.914264][ T3609] vhci_hcd vhci_hcd.0: disconnect device
[  540.061882][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  540.117916][T29353] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6501'.
[  540.123168][T29355] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6502'.
[  540.127249][T29353] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6501'.
[  540.145205][T29353] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6501'.
[  540.156638][T29355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=29355 comm=syz.3.6502
[  540.224023][T29357] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6500'.
[  540.311393][T29363] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=29363 comm=syz.3.6504
[  540.414743][T29364] loop2: detected capacity change from 0 to 512
[  540.421598][T29364] EXT4-fs: Ignoring removed i_version option
[  540.427734][T29364] EXT4-fs: Ignoring removed bh option
[  540.513950][T29364] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  540.527197][T29364] ext4 filesystem being mounted at /136/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  540.794278][T29378] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  540.800846][T29378] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  540.808578][T29378] vhci_hcd vhci_hcd.0: Device attached
[  540.852010][T29379] vhci_hcd: connection closed
[  540.852196][T21835] vhci_hcd vhci_hcd.3: stop threads
[  540.862146][T21835] vhci_hcd vhci_hcd.3: release socket
[  540.867560][T21835] vhci_hcd vhci_hcd.3: disconnect device
[  541.283363][T29390] loop5: detected capacity change from 0 to 128
[  541.327139][T29390] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6513'.
[  541.603441][T29404] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  541.610001][T29404] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  541.617799][T29404] vhci_hcd vhci_hcd.0: Device attached
[  541.676122][T29405] vhci_hcd: connection closed
[  541.676486][ T2296] vhci_hcd vhci_hcd.3: stop threads
[  541.686453][ T2296] vhci_hcd vhci_hcd.3: release socket
[  541.691865][ T2296] vhci_hcd vhci_hcd.3: disconnect device
[  541.936402][T29413] dvmrp1: entered allmulticast mode
[  541.949783][T29413] dvmrp1: left allmulticast mode
[  542.062644][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.162112][T29444] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6527'.
[  542.171244][T29444] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6527'.
[  542.180262][T29444] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6527'.
[  542.292034][T29451] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6524'.
[  542.398547][T29456] loop2: detected capacity change from 0 to 512
[  542.405430][T29456] EXT4-fs: Ignoring removed i_version option
[  542.411467][T29456] EXT4-fs: Ignoring removed bh option
[  542.513659][T29456] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  542.526518][T29456] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  543.948930][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.231322][T29570] loop5: detected capacity change from 0 to 512
[  545.238107][T29570] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  545.253113][T29570] EXT4-fs: error: could not find journal device path
[  545.688472][T29562] loop2: detected capacity change from 0 to 512
[  545.695347][T29562] EXT4-fs: Ignoring removed i_version option
[  545.701373][T29562] EXT4-fs: Ignoring removed bh option
[  545.752873][T29562] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  545.765781][T29562] ext4 filesystem being mounted at /142/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  546.356624][T29603] loop5: detected capacity change from 0 to 512
[  546.363238][T29603] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  546.378047][T29603] EXT4-fs: error: could not find journal device path
[  546.870845][   T29] kauditd_printk_skb: 109 callbacks suppressed
[  546.870861][   T29] audit: type=1326 audit(1766895170.115:25932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29602 comm="syz.4.6548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  546.900911][   T29] audit: type=1326 audit(1766895170.125:25933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29602 comm="syz.4.6548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  546.924649][   T29] audit: type=1326 audit(1766895170.125:25934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29602 comm="syz.4.6548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  546.948272][   T29] audit: type=1326 audit(1766895170.125:25935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29602 comm="syz.4.6548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  546.972022][   T29] audit: type=1326 audit(1766895170.125:25936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29602 comm="syz.4.6548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  547.051686][T29664] loop5: detected capacity change from 0 to 512
[  547.079087][T29664] EXT4-fs: Ignoring removed nomblk_io_submit option
[  547.085799][T29664] EXT4-fs: Ignoring removed oldalloc option
[  547.150993][T29664] EXT4-fs: Mount option(s) incompatible with ext2
[  547.197415][T29688] __nla_validate_parse: 7 callbacks suppressed
[  547.197436][T29688] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6552'.
[  547.212711][T29688] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6552'.
[  547.221700][T29688] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6552'.
[  547.270888][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  547.296425][   T29] audit: type=1326 audit(1766895170.545:25937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29692 comm="syz.5.6555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  547.322554][   T29] audit: type=1326 audit(1766895170.575:25938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29692 comm="syz.5.6555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  547.346674][   T29] audit: type=1326 audit(1766895170.575:25939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29692 comm="syz.5.6555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  547.370425][   T29] audit: type=1326 audit(1766895170.575:25940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29692 comm="syz.5.6555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  547.394056][   T29] audit: type=1326 audit(1766895170.575:25941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29692 comm="syz.5.6555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  547.419564][T29705] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  547.419564][T29705]    program syz.5.6555 not setting count and/or reply_len properly
[  547.473164][T29697] loop4: detected capacity change from 0 to 512
[  547.479910][T29697] EXT4-fs: Ignoring removed i_version option
[  547.485984][T29697] EXT4-fs: Ignoring removed bh option
[  547.680587][T29697] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  547.693543][T29697] ext4 filesystem being mounted at /123/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  548.121217][T29752] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6562'.
[  548.361099][T29759] loop3: detected capacity change from 0 to 512
[  548.378070][T29759] EXT4-fs: Ignoring removed nomblk_io_submit option
[  548.384762][T29759] EXT4-fs: Ignoring removed oldalloc option
[  548.402603][T29759] EXT4-fs: Mount option(s) incompatible with ext2
[  548.479844][T29764] loop3: detected capacity change from 0 to 128
[  548.491638][T29764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6566'.
[  548.510072][T29764] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  548.517598][T29764] batman_adv: batadv0: Removing interface: batadv_slave_0
[  548.540872][T29764] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  548.548312][T29764] batman_adv: batadv0: Removing interface: batadv_slave_1
[  548.741783][T29772] loop3: detected capacity change from 0 to 512
[  548.759172][T29772] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  548.789491][T29772] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.6567: inode has both inline data and extents flags
[  548.810769][T29772] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.6567: couldn't read orphan inode 15 (err -117)
[  548.825827][T29772] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  548.873399][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.903570][T29778] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6568'.
[  548.921775][T29753] loop2: detected capacity change from 0 to 2048
[  549.168455][T29788] loop3: detected capacity change from 0 to 512
[  549.175246][T29788] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  549.190114][T29788] EXT4-fs: error: could not find journal device path
[  549.372613][T29753]  loop2: p2 < > p4
[  549.460856][T29753] loop2: p4 size 262144 extends beyond EOD, truncated
[  549.606423][T29821] FAULT_INJECTION: forcing a failure.
[  549.606423][T29821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  549.619634][T29821] CPU: 1 UID: 0 PID: 29821 Comm: syz.5.6572 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  549.619742][T29821] Tainted: [W]=WARN
[  549.619749][T29821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  549.619761][T29821] Call Trace:
[  549.619767][T29821]  <TASK>
[  549.619822][T29821]  __dump_stack+0x1d/0x30
[  549.619852][T29821]  dump_stack_lvl+0x95/0xd0
[  549.619875][T29821]  dump_stack+0x15/0x1b
[  549.619894][T29821]  should_fail_ex+0x265/0x280
[  549.619917][T29821]  should_fail+0xb/0x20
[  549.619941][T29821]  should_fail_usercopy+0x1a/0x20
[  549.620100][T29821]  copy_fpstate_to_sigframe+0x628/0x7d0
[  549.620132][T29821]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  549.620180][T29821]  ? x86_task_fpu+0x36/0x60
[  549.620212][T29821]  get_sigframe+0x34d/0x490
[  549.620290][T29821]  ? get_signal+0xdc7/0xf70
[  549.620354][T29821]  x64_setup_rt_frame+0xa8/0x580
[  549.620387][T29821]  arch_do_signal_or_restart+0x24c/0x450
[  549.620459][T29821]  exit_to_user_mode_loop+0x6a/0x740
[  549.620486][T29821]  do_syscall_64+0x1e1/0x2b0
[  549.620607][T29821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.620635][T29821] RIP: 0033:0x7fac13e7f747
[  549.620655][T29821] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  549.620674][T29821] RSP: 002b:00007fac128df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  549.620700][T29821] RAX: 0000000000000000 RBX: 00007fac140d5fa0 RCX: 00007fac13e7f749
[  549.620715][T29821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  549.620781][T29821] RBP: 00007fac128df090 R08: 0000000000000000 R09: 0000000000000000
[  549.620793][T29821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.620806][T29821] R13: 00007fac140d6038 R14: 00007fac140d5fa0 R15: 00007fff216c4708
[  549.620823][T29821]  </TASK>
[  549.810638][T29829] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6573'.
[  549.915682][T29836] loop5: detected capacity change from 0 to 512
[  549.927167][T29836] EXT4-fs: Ignoring removed nomblk_io_submit option
[  549.933974][T29836] EXT4-fs: Ignoring removed oldalloc option
[  549.941541][T29836] EXT4-fs: Mount option(s) incompatible with ext2
[  549.954322][T29838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6578'.
[  549.964012][T29838] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  549.971603][T29838] batman_adv: batadv0: Removing interface: batadv_slave_0
[  549.979707][T29838] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  549.987388][T29838] batman_adv: batadv0: Removing interface: batadv_slave_1
[  550.047896][T29852] dvmrp1: entered allmulticast mode
[  550.073302][T29852] dvmrp1: left allmulticast mode
[  550.133044][T29857] loop5: detected capacity change from 0 to 512
[  550.152360][T29857] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  550.252567][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.298941][T29877] loop5: detected capacity change from 0 to 128
[  550.368407][T29888] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6583'.
[  550.462824][T29893] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  550.469409][T29893] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  550.477218][T29893] vhci_hcd vhci_hcd.0: Device attached
[  550.485097][T29897] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6588'.
[  550.494598][T29894] vhci_hcd: connection closed
[  550.620113][T23101] vhci_hcd vhci_hcd.5: stop threads
[  550.630068][T23101] vhci_hcd vhci_hcd.5: release socket
[  550.635486][T23101] vhci_hcd vhci_hcd.5: disconnect device
[  550.649427][T29922] FAULT_INJECTION: forcing a failure.
[  550.649427][T29922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  550.662702][T29922] CPU: 1 UID: 0 PID: 29922 Comm: syz.3.6589 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  550.662739][T29922] Tainted: [W]=WARN
[  550.662764][T29922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  550.662779][T29922] Call Trace:
[  550.662787][T29922]  <TASK>
[  550.662796][T29922]  __dump_stack+0x1d/0x30
[  550.662827][T29922]  dump_stack_lvl+0x95/0xd0
[  550.662920][T29922]  dump_stack+0x15/0x1b
[  550.662946][T29922]  should_fail_ex+0x265/0x280
[  550.662972][T29922]  should_fail+0xb/0x20
[  550.663002][T29922]  should_fail_usercopy+0x1a/0x20
[  550.663027][T29922]  _copy_to_user+0x20/0xa0
[  550.663055][T29922]  simple_read_from_buffer+0xb5/0x130
[  550.663116][T29922]  proc_fail_nth_read+0x10e/0x150
[  550.663211][T29922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.663238][T29922]  vfs_read+0x1a8/0x770
[  550.663290][T29922]  ? __rcu_read_unlock+0x4f/0x70
[  550.663311][T29922]  ? __fget_files+0x184/0x1c0
[  550.663333][T29922]  ? mutex_lock+0x58/0x90
[  550.663430][T29922]  ksys_read+0xda/0x1a0
[  550.663451][T29922]  __x64_sys_read+0x40/0x50
[  550.663469][T29922]  x64_sys_call+0x2889/0x3000
[  550.663505][T29922]  do_syscall_64+0xca/0x2b0
[  550.663619][T29922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.663648][T29922] RIP: 0033:0x7f96053be15c
[  550.663667][T29922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  550.663690][T29922] RSP: 002b:00007f9603e1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  550.663716][T29922] RAX: ffffffffffffffda RBX: 00007f9605615fa0 RCX: 00007f96053be15c
[  550.663734][T29922] RDX: 000000000000000f RSI: 00007f9603e1f0a0 RDI: 0000000000000003
[  550.663829][T29922] RBP: 00007f9603e1f090 R08: 0000000000000000 R09: 0000000000000000
[  550.663844][T29922] R10: 0000000000010040 R11: 0000000000000246 R12: 0000000000000001
[  550.663858][T29922] R13: 00007f9605616038 R14: 00007f9605615fa0 R15: 00007ffd9241e978
[  550.663878][T29922]  </TASK>
[  550.890803][T29924] loop3: detected capacity change from 0 to 512
[  550.897721][T29924] EXT4-fs: Ignoring removed nomblk_io_submit option
[  550.904500][T29924] EXT4-fs: Ignoring removed oldalloc option
[  550.912239][T29924] EXT4-fs: Mount option(s) incompatible with ext2
[  550.948615][T29930] EXT4-fs: inline encryption not supported
[  550.974404][T29930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  550.989127][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.996472][T29930] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 16: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  551.013350][T29930] EXT4-fs (loop3): Remounting filesystem read-only
[  551.037533][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  551.066090][T29939] dvmrp1: entered allmulticast mode
[  551.074352][T29939] dvmrp1: left allmulticast mode
[  551.134104][T29952] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  551.224344][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  551.435297][T29985] Invalid ELF header len 8
[  552.964320][T29991] set_capacity_and_notify: 3 callbacks suppressed
[  552.970848][T29991] loop2: detected capacity change from 0 to 512
[  552.977628][T29991] EXT4-fs: Ignoring removed i_version option
[  552.983725][T29991] EXT4-fs: Ignoring removed bh option
[  553.194505][T29990] loop4: detected capacity change from 0 to 512
[  553.201199][T29990] EXT4-fs: Ignoring removed i_version option
[  553.207251][T29990] EXT4-fs: Ignoring removed bh option
[  553.415710][T30018] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  553.422266][T30018] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  553.430073][T30018] vhci_hcd vhci_hcd.0: Device attached
[  553.640645][T30019] vhci_hcd: connection closed
[  553.654457][   T29] kauditd_printk_skb: 78 callbacks suppressed
[  553.654473][   T29] audit: type=1326 audit(1766895176.905:26020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30024 comm="syz.3.6609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  554.457800][T30025] FAULT_INJECTION: forcing a failure.
[  554.457800][T30025] name failslab, interval 1, probability 0, space 0, times 0
[  554.470710][T30025] CPU: 1 UID: 0 PID: 30025 Comm: syz.3.6609 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  554.470750][T30025] Tainted: [W]=WARN
[  554.470759][T30025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  554.470775][T30025] Call Trace:
[  554.470818][T30025]  <TASK>
[  554.470827][T30025]  __dump_stack+0x1d/0x30
[  554.470917][T30025]  dump_stack_lvl+0x95/0xd0
[  554.470939][T30025]  dump_stack+0x15/0x1b
[  554.470959][T30025]  should_fail_ex+0x265/0x280
[  554.470989][T30025]  should_failslab+0x8c/0xb0
[  554.471016][T30025]  kmem_cache_alloc_noprof+0x69/0x4b0
[  554.471071][T30025]  ? audit_log_start+0x342/0x720
[  554.471094][T30025]  audit_log_start+0x342/0x720
[  554.471115][T30025]  ? kstrtouint+0x76/0xc0
[  554.471154][T30025]  audit_seccomp+0x48/0x100
[  554.471190][T30025]  ? __seccomp_filter+0x832/0x1260
[  554.471222][T30025]  __seccomp_filter+0x843/0x1260
[  554.471253][T30025]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  554.471346][T30025]  ? vfs_write+0x7e8/0x960
[  554.471374][T30025]  __secure_computing+0x82/0x150
[  554.471408][T30025]  syscall_trace_enter+0xcf/0x1e0
[  554.471460][T30025]  do_syscall_64+0xa4/0x2b0
[  554.471563][T30025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.471591][T30025] RIP: 0033:0x7f96053bf749
[  554.471647][T30025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.471671][T30025] RSP: 002b:00007f9603e1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000073
[  554.471745][T30025] RAX: ffffffffffffffda RBX: 00007f9605615fa0 RCX: 00007f96053bf749
[  554.471758][T30025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  554.471772][T30025] RBP: 00007f9603e1f090 R08: 0000000000000000 R09: 0000000000000000
[  554.471870][T30025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  554.471886][T30025] R13: 00007f9605616038 R14: 00007f9605615fa0 R15: 00007ffd9241e978
[  554.471909][T30025]  </TASK>
[  554.471957][T30025] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64
[  554.677007][T30025] audit: out of memory in audit_log_start
[  554.971537][   T29] audit: type=1326 audit(1766895177.705:26021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30024 comm="syz.3.6609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f96053bdf90 code=0x7ffc0000
[  554.995328][   T29] audit: type=1326 audit(1766895177.705:26022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30024 comm="syz.3.6609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f96053be1ff code=0x7ffc0000
[  555.019363][ T3609] vhci_hcd vhci_hcd.5: stop threads
[  555.024687][ T3609] vhci_hcd vhci_hcd.5: release socket
[  555.030145][ T3609] vhci_hcd vhci_hcd.5: disconnect device
[  555.284976][T29990] EXT4-fs warning (device loop4): ext4_multi_mount_protect:394: Unable to create kmmpd thread for loop4.
[  555.318586][T29991] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  555.331852][T29991] ext4 filesystem being mounted at /152/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  555.355733][T30029] dvmrp1: entered allmulticast mode
[  555.364501][T30029] dvmrp1: left allmulticast mode
[  555.690348][T30042] loop3: detected capacity change from 0 to 512
[  555.696903][T30042] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  555.711874][T30042] EXT4-fs: error: could not find journal device path
[  555.785392][T30073] __nla_validate_parse: 14 callbacks suppressed
[  555.785409][T30073] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6613'.
[  555.831673][T30076] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6612'.
[  555.859927][T30078] loop5: detected capacity change from 0 to 128
[  555.923413][T30078] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6615'.
[  556.026152][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  556.041094][T30089] loop4: detected capacity change from 0 to 2048
[  556.070258][   T29] audit: type=1326 audit(1766895179.305:26023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30092 comm="syz.5.6619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  556.094234][   T29] audit: type=1326 audit(1766895179.305:26024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30092 comm="syz.5.6619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  556.118087][   T29] audit: type=1326 audit(1766895179.305:26025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30092 comm="syz.5.6619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fac13e7e1ff code=0x7ffc0000
[  556.141620][   T29] audit: type=1326 audit(1766895179.305:26026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30092 comm="syz.5.6619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  556.165393][   T29] audit: type=1326 audit(1766895179.305:26027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30092 comm="syz.5.6619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac13e7f749 code=0x7ffc0000
[  556.200828][T30089]  loop4: p2 < > p4
[  556.209142][T30096] binfmt_misc: register: failed to install interpreter file ./file0
[  556.218249][T30089] loop4: p4 size 262144 extends beyond EOD, truncated
[  556.236890][T30096] loop5: detected capacity change from 0 to 512
[  556.246013][T30096] EXT4-fs: Ignoring removed i_version option
[  556.260974][T30096] EXT4-fs (loop5): orphan cleanup on readonly fs
[  556.272893][T30096] EXT4-fs warning (device loop5): ext4_xattr_inode_get:560: inode #11: comm syz.5.6620: EA inode hash validation failed
[  556.294467][T30096] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  556.307998][T30096] EXT4-fs error (device loop5): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.5.6620: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  556.323794][T30096] EXT4-fs (loop5): Remounting filesystem read-only
[  556.330399][T30096] EXT4-fs warning (device loop5): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.5.6620: ea_inode dec ref err=-117
[  556.370107][T30096] EXT4-fs warning (device loop5): ext4_evict_inode:273: xattr delete (err -30)
[  556.389470][T30096] EXT4-fs (loop5): 1 orphan inode deleted
[  556.395858][T30096] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  556.409112][T30106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6621'.
[  556.418231][T30106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6621'.
[  556.442214][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  556.460793][T30106] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=30106 comm=syz.3.6621
[  557.257975][T30148] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  557.264636][T30148] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  557.272462][T30148] vhci_hcd vhci_hcd.0: Device attached
[  557.295398][T30149] vhci_hcd: connection closed
[  557.299308][   T37] vhci_hcd vhci_hcd.2: stop threads
[  557.309299][   T37] vhci_hcd vhci_hcd.2: release socket
[  557.314890][   T37] vhci_hcd vhci_hcd.2: disconnect device
[  557.367733][T30170] loop4: detected capacity change from 0 to 512
[  557.376226][T30170] EXT4-fs: Ignoring removed nomblk_io_submit option
[  557.382905][T30170] EXT4-fs: Ignoring removed oldalloc option
[  557.405182][T30170] EXT4-fs: Mount option(s) incompatible with ext2
[  557.507283][T30183] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6635'.
[  557.628814][T30185] loop4: detected capacity change from 0 to 256
[  557.855533][T30227] FAULT_INJECTION: forcing a failure.
[  557.855533][T30227] name failslab, interval 1, probability 0, space 0, times 0
[  557.868261][T30227] CPU: 0 UID: 0 PID: 30227 Comm: syz.2.6653 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  557.868297][T30227] Tainted: [W]=WARN
[  557.868305][T30227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  557.868383][T30227] Call Trace:
[  557.868389][T30227]  <TASK>
[  557.868397][T30227]  __dump_stack+0x1d/0x30
[  557.868487][T30227]  dump_stack_lvl+0x95/0xd0
[  557.868512][T30227]  dump_stack+0x15/0x1b
[  557.868539][T30227]  should_fail_ex+0x265/0x280
[  557.868607][T30227]  should_failslab+0x8c/0xb0
[  557.868632][T30227]  ? __pfx_free_ioctx_users+0x10/0x10
[  557.868662][T30227]  __kmalloc_cache_noprof+0x65/0x4c0
[  557.868687][T30227]  ? percpu_ref_init+0x9c/0x250
[  557.868710][T30227]  ? __pfx_free_ioctx_users+0x10/0x10
[  557.868795][T30227]  percpu_ref_init+0x9c/0x250
[  557.868818][T30227]  ioctx_alloc+0x1a2/0x4c0
[  557.868849][T30227]  ? fput+0x8f/0xc0
[  557.868951][T30227]  __se_sys_io_setup+0x6b/0x1b0
[  557.869047][T30227]  __x64_sys_io_setup+0x31/0x40
[  557.869095][T30227]  x64_sys_call+0x2a8e/0x3000
[  557.869126][T30227]  do_syscall_64+0xca/0x2b0
[  557.869231][T30227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.869258][T30227] RIP: 0033:0x7fe724edf749
[  557.869277][T30227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.869328][T30227] RSP: 002b:00007fe72393f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  557.869355][T30227] RAX: ffffffffffffffda RBX: 00007fe725135fa0 RCX: 00007fe724edf749
[  557.869368][T30227] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000002
[  557.869382][T30227] RBP: 00007fe72393f090 R08: 0000000000000000 R09: 0000000000000000
[  557.869398][T30227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.869413][T30227] R13: 00007fe725136038 R14: 00007fe725135fa0 R15: 00007ffc118cd4b8
[  557.869436][T30227]  </TASK>
[  558.182685][T30246] loop4: detected capacity change from 0 to 256
[  558.235689][T30244] loop5: detected capacity change from 0 to 128
[  558.243362][T30244] FAT-fs (loop5): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  558.253762][T30244] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  558.261841][T30244] FAT-fs (loop5): Filesystem has been set read-only
[  558.292281][T30262] loop3: detected capacity change from 0 to 256
[  558.356324][T30275] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6669'.
[  559.028904][T30340] FAULT_INJECTION: forcing a failure.
[  559.028904][T30340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.042042][T30340] CPU: 1 UID: 0 PID: 30340 Comm: syz.0.6670 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  559.042156][T30340] Tainted: [W]=WARN
[  559.042165][T30340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  559.042179][T30340] Call Trace:
[  559.042188][T30340]  <TASK>
[  559.042199][T30340]  __dump_stack+0x1d/0x30
[  559.042229][T30340]  dump_stack_lvl+0x95/0xd0
[  559.042253][T30340]  dump_stack+0x15/0x1b
[  559.042351][T30340]  should_fail_ex+0x265/0x280
[  559.042379][T30340]  should_fail+0xb/0x20
[  559.042404][T30340]  should_fail_usercopy+0x1a/0x20
[  559.042434][T30340]  _copy_from_user+0x1c/0xb0
[  559.042469][T30340]  __copy_msghdr+0x244/0x300
[  559.042497][T30340]  ___sys_sendmsg+0x109/0x1d0
[  559.042536][T30340]  __x64_sys_sendmsg+0xd4/0x160
[  559.042626][T30340]  x64_sys_call+0x17ba/0x3000
[  559.042696][T30340]  do_syscall_64+0xca/0x2b0
[  559.042736][T30340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.042763][T30340] RIP: 0033:0x7f0e1ff3f749
[  559.042785][T30340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.042803][T30340] RSP: 002b:00007f0e1e9a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  559.042843][T30340] RAX: ffffffffffffffda RBX: 00007f0e20195fa0 RCX: 00007f0e1ff3f749
[  559.042858][T30340] RDX: 0000000020000054 RSI: 0000200000000080 RDI: 0000000000000004
[  559.042874][T30340] RBP: 00007f0e1e9a7090 R08: 0000000000000000 R09: 0000000000000000
[  559.042888][T30340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.042974][T30340] R13: 00007f0e20196038 R14: 00007f0e20195fa0 R15: 00007ffcd9d308c8
[  559.042992][T30340]  </TASK>
[  559.284943][T30344] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=30344 comm=syz.3.6672
[  559.284923][T30348] loop2: detected capacity change from 0 to 256
[  559.304623][T30344] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=30344 comm=syz.3.6672
[  559.326490][   T29] kauditd_printk_skb: 89 callbacks suppressed
[  559.326510][   T29] audit: type=1400 audit(1766895182.575:26117): avc:  denied  { nlmsg_write } for  pid=30341 comm="syz.3.6672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  559.355100][T30344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6672'.
[  559.398868][T30344] loop3: detected capacity change from 0 to 1024
[  559.407898][T30344] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  559.438522][T30344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  559.452485][T30344] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.6672: missing EA_INODE flag
[  559.470802][T30344] EXT4-fs (loop3): Remounting filesystem read-only
[  559.487626][T30344] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  559.529516][T30367] loop5: detected capacity change from 0 to 2048
[  559.540668][   T29] audit: type=1400 audit(1766895182.795:26118): avc:  denied  { ioctl } for  pid=30341 comm="syz.3.6672" path="/70/file1/file1" dev="loop3" ino=15 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  559.606546][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.617776][T30367]  loop5: p2 < > p4
[  559.622547][T30367] loop5: p4 size 262144 extends beyond EOD, truncated
[  559.837072][T30385] loop3: detected capacity change from 0 to 512
[  559.853320][T30385] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  559.892283][T30385] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.6677: inode has both inline data and extents flags
[  559.910265][T30385] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.6677: couldn't read orphan inode 17 (err -117)
[  559.940766][T30385] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  559.968100][T30385] EXT4-fs error (device loop3): ext4_lookup:1789: inode #2: comm syz.3.6677: deleted inode referenced: 15
[  559.990598][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  560.028784][T30396] loop4: detected capacity change from 0 to 128
[  560.052147][T30402] netlink: 'syz.3.6682': attribute type 13 has an invalid length.
[  560.068988][T30396] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6680'.
[  560.082023][T30405] wireguard1: entered promiscuous mode
[  560.087634][T30405] wireguard1: entered allmulticast mode
[  560.122182][T30402] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  560.170978][   T29] audit: type=1326 audit(1766895183.425:26119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30411 comm="syz.4.6683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  560.222044][T30418] binfmt_misc: register: failed to install interpreter file ./file0
[  560.240831][   T29] audit: type=1326 audit(1766895183.445:26120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30411 comm="syz.4.6683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  560.264396][   T29] audit: type=1326 audit(1766895183.445:26121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30411 comm="syz.4.6683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ad09f749 code=0x7ffc0000
[  560.288034][   T29] audit: type=1400 audit(1766895183.465:26122): avc:  denied  { create } for  pid=30401 comm="syz.3.6682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  560.312979][T30405] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=30405 comm=syz.2.6681
[  560.345720][T30426] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6686'.
[  560.363082][T30430] dvmrp1: entered allmulticast mode
[  560.379264][T30430] dvmrp1: left allmulticast mode
[  560.521652][T30443] loop5: detected capacity change from 0 to 2048
[  560.542581][   T29] audit: type=1326 audit(1766895183.795:26123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30433 comm="syz.3.6688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  560.571388][T30430] loop4: detected capacity change from 0 to 512
[  560.608909][   T29] audit: type=1326 audit(1766895183.815:26124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30433 comm="syz.3.6688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  560.632610][   T29] audit: type=1326 audit(1766895183.815:26125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30433 comm="syz.3.6688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  560.645809][T30430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  560.656387][   T29] audit: type=1326 audit(1766895183.815:26126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30433 comm="syz.3.6688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  560.698106][T30443]  loop5: p2 < > p4
[  560.728027][T30443] loop5: p4 size 262144 extends beyond EOD, truncated
[  560.746457][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  560.827906][T30476] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6691'.
[  560.836937][T30476] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6691'.
[  560.899774][T30480] EXT4-fs: Ignoring removed nomblk_io_submit option
[  560.906596][T30480] EXT4-fs: Ignoring removed oldalloc option
[  560.913008][T30480] EXT4-fs: Mount option(s) incompatible with ext2
[  561.122983][T30497] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=30497 comm=syz.4.6699
[  561.173555][T30498] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  561.173555][T30498]    program syz.2.6698 not setting count and/or reply_len properly
[  561.248545][T30511] FAULT_INJECTION: forcing a failure.
[  561.248545][T30511] name failslab, interval 1, probability 0, space 0, times 0
[  561.261305][T30511] CPU: 0 UID: 0 PID: 30511 Comm: syz.3.6702 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  561.261345][T30511] Tainted: [W]=WARN
[  561.261355][T30511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  561.261470][T30511] Call Trace:
[  561.261477][T30511]  <TASK>
[  561.261486][T30511]  __dump_stack+0x1d/0x30
[  561.261517][T30511]  dump_stack_lvl+0x95/0xd0
[  561.261545][T30511]  dump_stack+0x15/0x1b
[  561.261569][T30511]  should_fail_ex+0x265/0x280
[  561.261598][T30511]  should_failslab+0x8c/0xb0
[  561.261683][T30511]  kmem_cache_alloc_noprof+0x69/0x4b0
[  561.261706][T30511]  ? audit_log_start+0x342/0x720
[  561.261734][T30511]  audit_log_start+0x342/0x720
[  561.261789][T30511]  ? kstrtouint+0x76/0xc0
[  561.261809][T30511]  audit_seccomp+0x48/0x100
[  561.261839][T30511]  ? __seccomp_filter+0x832/0x1260
[  561.261943][T30511]  __seccomp_filter+0x843/0x1260
[  561.261976][T30511]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  561.262011][T30511]  ? vfs_write+0x7e8/0x960
[  561.262068][T30511]  __secure_computing+0x82/0x150
[  561.262096][T30511]  syscall_trace_enter+0xcf/0x1e0
[  561.262125][T30511]  do_syscall_64+0xa4/0x2b0
[  561.262164][T30511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.262192][T30511] RIP: 0033:0x7f96053bf749
[  561.262211][T30511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.262232][T30511] RSP: 002b:00007f9603e1f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  561.262257][T30511] RAX: ffffffffffffffda RBX: 00007f9605615fa0 RCX: 00007f96053bf749
[  561.262272][T30511] RDX: 0000200000000800 RSI: 0000200000002a40 RDI: 0000200000002a00
[  561.262288][T30511] RBP: 00007f9603e1f090 R08: 0000000000000000 R09: 0000000000000000
[  561.262313][T30511] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001
[  561.262327][T30511] R13: 00007f9605616038 R14: 00007f9605615fa0 R15: 00007ffd9241e978
[  561.262345][T30511]  </TASK>
[  561.515079][T30521] wireguard0: entered promiscuous mode
[  561.520646][T30521] wireguard0: entered allmulticast mode
[  561.530974][T30521] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=30521 comm=syz.3.6705
[  561.762110][T30546] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  561.776961][T30546] EXT4-fs: error: could not find journal device path
[  562.401913][T30602] dvmrp1: entered allmulticast mode
[  562.408397][T30602] dvmrp1: left allmulticast mode
[  562.503616][T30603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.603259][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.627494][T30648] wireguard0: entered promiscuous mode
[  562.633180][T30648] wireguard0: entered allmulticast mode
[  562.642245][T30648] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=30648 comm=syz.0.6722
[  562.656241][T30657] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6717'.
[  562.773799][T30671] netlink: 'syz.3.6723': attribute type 4 has an invalid length.
[  563.011048][T30688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6730'.
[  563.135702][T30698] dvmrp1: entered allmulticast mode
[  563.143397][T30698] dvmrp1: left allmulticast mode
[  563.273134][T30706] binfmt_misc: register: failed to install interpreter file ./file0
[  563.319404][T30708] netlink: 'syz.5.6734': attribute type 4 has an invalid length.
[  563.431875][T30715] wireguard0: entered promiscuous mode
[  563.437376][T30715] wireguard0: entered allmulticast mode
[  563.444924][T30715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=30715 comm=syz.5.6737
[  563.930222][T30751] set_capacity_and_notify: 4 callbacks suppressed
[  563.930260][T30751] loop4: detected capacity change from 0 to 128
[  563.987386][T30751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6742'.
[  564.052417][T30775] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  564.052417][T30775]    program syz.5.6745 not setting count and/or reply_len properly
[  564.283544][T30795] dvmrp1: entered allmulticast mode
[  564.295438][T30795] dvmrp1: left allmulticast mode
[  564.330232][   T29] kauditd_printk_skb: 120 callbacks suppressed
[  564.330251][   T29] audit: type=1400 audit(1766895187.585:26245): avc:  denied  { write } for  pid=30792 comm="syz.3.6755" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  564.364058][T30802] loop2: detected capacity change from 0 to 512
[  564.373174][T30802] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  564.385675][   T29] audit: type=1400 audit(1766895187.635:26246): avc:  denied  { mount } for  pid=30793 comm="syz.2.6754" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  564.409858][   T29] audit: type=1400 audit(1766895187.655:26247): avc:  denied  { mounton } for  pid=30793 comm="syz.2.6754" path="/177/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0/file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  564.473939][   T29] audit: type=1400 audit(1766895187.725:26248): avc:  denied  { unmount } for  pid=23025 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  564.494700][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  564.497021][T30809] binfmt_misc: register: failed to install interpreter file ./file0
[  564.517395][T30809] loop4: detected capacity change from 0 to 512
[  564.524428][T30809] EXT4-fs: Ignoring removed i_version option
[  564.532016][T30809] EXT4-fs (loop4): orphan cleanup on readonly fs
[  564.538807][T30814] loop2: detected capacity change from 0 to 128
[  564.539125][T30809] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.6757: EA inode hash validation failed
[  564.557871][T30809] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  564.571240][T30809] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.6757: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  564.581838][T30814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6758'.
[  564.587017][T30809] EXT4-fs (loop4): Remounting filesystem read-only
[  564.601948][T30809] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.4.6757: ea_inode dec ref err=-117
[  564.614885][T30809] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  564.624116][T30809] EXT4-fs (loop4): 1 orphan inode deleted
[  564.630762][T30809] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  564.647228][   T29] audit: type=1400 audit(1766895187.895:26249): avc:  denied  { create } for  pid=30823 comm="syz.2.6760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  564.668476][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  564.668684][   T29] audit: type=1400 audit(1766895187.915:26250): avc:  denied  { connect } for  pid=30823 comm="syz.2.6760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  564.703347][   T29] audit: type=1400 audit(1766895187.955:26251): avc:  denied  { write } for  pid=30823 comm="syz.2.6760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  564.744187][   T29] audit: type=1400 audit(1766895187.995:26252): avc:  denied  { tracepoint } for  pid=30829 comm="syz.4.6762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  564.789469][   T29] audit: type=1400 audit(1766895188.035:26253): avc:  denied  { create } for  pid=30829 comm="syz.4.6762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  564.809450][   T29] audit: type=1400 audit(1766895188.045:26254): avc:  denied  { read } for  pid=30829 comm="syz.4.6762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  564.897782][T30844] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6762'.
[  565.075687][T30850] netlink: 'syz.0.6767': attribute type 4 has an invalid length.
[  565.145198][T30852] netlink: 'syz.3.6768': attribute type 4 has an invalid length.
[  565.353570][T30878] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  565.353570][T30878]    program syz.3.6774 not setting count and/or reply_len properly
[  565.526726][T30880] loop2: detected capacity change from 0 to 256
[  565.861393][T30892] loop5: detected capacity change from 0 to 512
[  565.868689][T30892] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  565.877473][T30892] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  565.891651][T30892] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 44 vs 41 free clusters
[  565.906268][T30892] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.6779: Failed to acquire dquot type 1
[  565.918456][T30892] EXT4-fs (loop5): 1 truncate cleaned up
[  565.924539][T30892] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  565.948134][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  565.970140][T30899] netlink: 'syz.5.6780': attribute type 4 has an invalid length.
[  566.167775][T30906] loop3: detected capacity change from 0 to 512
[  566.174774][T30906] EXT4-fs: Ignoring removed nomblk_io_submit option
[  566.181547][T30906] EXT4-fs: Ignoring removed oldalloc option
[  566.189293][T30906] EXT4-fs: Mount option(s) incompatible with ext2
[  566.506253][T30935] loop2: detected capacity change from 0 to 256
[  566.517506][T30935] FAULT_INJECTION: forcing a failure.
[  566.517506][T30935] name failslab, interval 1, probability 0, space 0, times 0
[  566.530501][T30935] CPU: 0 UID: 0 PID: 30935 Comm: syz.2.6786 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  566.530542][T30935] Tainted: [W]=WARN
[  566.530551][T30935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  566.530580][T30935] Call Trace:
[  566.530587][T30935]  <TASK>
[  566.530665][T30935]  __dump_stack+0x1d/0x30
[  566.530691][T30935]  dump_stack_lvl+0x95/0xd0
[  566.530716][T30935]  dump_stack+0x15/0x1b
[  566.530811][T30935]  should_fail_ex+0x265/0x280
[  566.530836][T30935]  should_failslab+0x8c/0xb0
[  566.530864][T30935]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  566.530889][T30935]  ? alloc_vmap_area+0x241/0xea0
[  566.530936][T30935]  alloc_vmap_area+0x241/0xea0
[  566.530965][T30935]  ? should_fail_ex+0xdb/0x280
[  566.530995][T30935]  ? __kmalloc_cache_node_noprof+0x2b3/0x4d0
[  566.531023][T30935]  __get_vm_area_node+0x173/0x1d0
[  566.531066][T30935]  __vmalloc_node_range_noprof+0x28e/0x1310
[  566.531098][T30935]  ? kernel_read_file+0x2c3/0x500
[  566.531179][T30935]  ? __rcu_read_unlock+0x4f/0x70
[  566.531200][T30935]  ? avc_has_perm_noaudit+0xab/0x130
[  566.531227][T30935]  ? avc_has_perm+0xf7/0x180
[  566.531337][T30935]  ? selinux_kernel_load_from_file+0x1f4/0x230
[  566.531378][T30935]  ? kernel_read_file+0x2c3/0x500
[  566.531406][T30935]  vmalloc_noprof+0x82/0xc0
[  566.531501][T30935]  ? kernel_read_file+0x2c3/0x500
[  566.531531][T30935]  kernel_read_file+0x2c3/0x500
[  566.531575][T30935]  __se_sys_finit_module+0x2de/0x470
[  566.531677][T30935]  __x64_sys_finit_module+0x3e/0x50
[  566.531713][T30935]  x64_sys_call+0x27fa/0x3000
[  566.531741][T30935]  do_syscall_64+0xca/0x2b0
[  566.531774][T30935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.531832][T30935] RIP: 0033:0x7fe724edf749
[  566.531853][T30935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.531875][T30935] RSP: 002b:00007fe72393f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[  566.531898][T30935] RAX: ffffffffffffffda RBX: 00007fe725135fa0 RCX: 00007fe724edf749
[  566.531933][T30935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  566.531947][T30935] RBP: 00007fe72393f090 R08: 0000000000000000 R09: 0000000000000000
[  566.531974][T30935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.531990][T30935] R13: 00007fe725136038 R14: 00007fe725135fa0 R15: 00007ffc118cd4b8
[  566.532012][T30935]  </TASK>
[  566.532022][T30935] syz.2.6786: vmalloc error: size 8, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0
[  566.785290][T30935] CPU: 0 UID: 0 PID: 30935 Comm: syz.2.6786 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  566.785349][T30935] Tainted: [W]=WARN
[  566.785354][T30935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  566.785363][T30935] Call Trace:
[  566.785369][T30935]  <TASK>
[  566.785375][T30935]  __dump_stack+0x1d/0x30
[  566.785433][T30935]  dump_stack_lvl+0x95/0xd0
[  566.785449][T30935]  dump_stack+0x15/0x1b
[  566.785525][T30935]  warn_alloc+0x12b/0x1a0
[  566.785567][T30935]  __vmalloc_node_range_noprof+0x2b3/0x1310
[  566.785588][T30935]  ? __rcu_read_unlock+0x4f/0x70
[  566.785676][T30935]  ? avc_has_perm_noaudit+0xab/0x130
[  566.785756][T30935]  ? avc_has_perm+0xf7/0x180
[  566.785771][T30935]  ? selinux_kernel_load_from_file+0x1f4/0x230
[  566.785801][T30935]  ? kernel_read_file+0x2c3/0x500
[  566.785833][T30935]  vmalloc_noprof+0x82/0xc0
[  566.785878][T30935]  ? kernel_read_file+0x2c3/0x500
[  566.785950][T30935]  kernel_read_file+0x2c3/0x500
[  566.786021][T30935]  __se_sys_finit_module+0x2de/0x470
[  566.786051][T30935]  __x64_sys_finit_module+0x3e/0x50
[  566.786129][T30935]  x64_sys_call+0x27fa/0x3000
[  566.786147][T30935]  do_syscall_64+0xca/0x2b0
[  566.786172][T30935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.786265][T30935] RIP: 0033:0x7fe724edf749
[  566.786277][T30935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.786291][T30935] RSP: 002b:00007fe72393f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[  566.786306][T30935] RAX: ffffffffffffffda RBX: 00007fe725135fa0 RCX: 00007fe724edf749
[  566.786367][T30935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  566.786376][T30935] RBP: 00007fe72393f090 R08: 0000000000000000 R09: 0000000000000000
[  566.786385][T30935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.786394][T30935] R13: 00007fe725136038 R14: 00007fe725135fa0 R15: 00007ffc118cd4b8
[  566.786407][T30935]  </TASK>
[  566.786412][T30935] Mem-Info:
[  566.986516][T30935] active_anon:6693 inactive_anon:3 isolated_anon:0
[  566.986516][T30935]  active_file:27961 inactive_file:2702 isolated_file:0
[  566.986516][T30935]  unevictable:0 dirty:83 writeback:0
[  566.986516][T30935]  slab_reclaimable:3441 slab_unreclaimable:16754
[  566.986516][T30935]  mapped:32356 shmem:3328 pagetables:1188
[  566.986516][T30935]  sec_pagetables:0 bounce:0
[  566.986516][T30935]  kernel_misc_reclaimable:0
[  566.986516][T30935]  free:1864174 free_pcp:19970 free_cma:0
[  567.031518][T30935] Node 0 active_anon:26772kB inactive_anon:12kB active_file:111844kB inactive_file:10808kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:129424kB dirty:332kB writeback:0kB shmem:13312kB kernel_stack:3712kB pagetables:4752kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  567.059144][T30935] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  567.088822][T30935] lowmem_reserve[]: 0 2880 7859 7859
[  567.094243][T30935] Node 0 DMA32 free:2945988kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949516kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB
[  567.125844][T30935] lowmem_reserve[]: 0 0 4978 4978
[  567.130927][T30935] Node 0 Normal free:4495348kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26772kB inactive_anon:12kB active_file:111844kB inactive_file:10808kB unevictable:0kB writepending:344kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:76352kB local_pcp:37756kB free_cma:0kB
[  567.164142][T30935] lowmem_reserve[]: 0 0 0 0
[  567.168666][T30935] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  567.181358][T30935] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 4*16kB (M) 3*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945988kB
[  567.197490][T30935] Node 0 Normal: 3*4kB (UME) 223*8kB (UME) 178*16kB (ME) 841*32kB (UME) 587*64kB (UME) 611*128kB (UME) 468*256kB (UM) 282*512kB (UME) 152*1024kB (UME) 86*2048kB (UM) 916*4096kB (UM) = 4495236kB
[  567.216970][T30935] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  567.226372][T30935] 33922 total pagecache pages
[  567.231200][T30935] 4 pages in swap cache
[  567.231215][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  567.235373][T30935] Free swap  = 124980kB
[  567.235384][T30935] Total swap = 124996kB
[  567.235393][T30935] 2097051 pages RAM
[  567.235402][T30935] 0 pages HighMem/MovableOnly
[  567.235409][T30935] 81272 pages reserved
[  567.260139][ T3489] Bluetooth: hci0: command 0x1003 tx timeout
[  567.350473][T30952] binfmt_misc: register: failed to install interpreter file ./file0
[  567.381241][T30957] loop3: detected capacity change from 0 to 512
[  567.427069][T30957] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  567.440079][T30957] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  567.462763][T30957] EXT4-fs warning (device loop3): verify_group_input:156: Last group not full
[  567.472856][T30954] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  567.472856][T30954]    program syz.0.6793 not setting count and/or reply_len properly
[  567.510741][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  567.579134][T30969] loop5: detected capacity change from 0 to 512
[  567.585870][T30969] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  567.600724][T30969] EXT4-fs: error: could not find journal device path
[  568.251561][T31032] EXT4-fs: Ignoring removed nomblk_io_submit option
[  568.258241][T31032] EXT4-fs: Ignoring removed oldalloc option
[  568.264891][T31032] EXT4-fs: Mount option(s) incompatible with ext2
[  568.367511][T31043] FAULT_INJECTION: forcing a failure.
[  568.367511][T31043] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  568.380755][T31043] CPU: 0 UID: 0 PID: 31043 Comm: syz.5.6803 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  568.380797][T31043] Tainted: [W]=WARN
[  568.380805][T31043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  568.380839][T31043] Call Trace:
[  568.380848][T31043]  <TASK>
[  568.380858][T31043]  __dump_stack+0x1d/0x30
[  568.380938][T31043]  dump_stack_lvl+0x95/0xd0
[  568.380964][T31043]  dump_stack+0x15/0x1b
[  568.380990][T31043]  should_fail_ex+0x265/0x280
[  568.381020][T31043]  should_fail+0xb/0x20
[  568.381094][T31043]  should_fail_usercopy+0x1a/0x20
[  568.381125][T31043]  strncpy_from_user+0x27/0x260
[  568.381273][T31043]  __se_sys_memfd_create+0x206/0x6b0
[  568.381309][T31043]  __x64_sys_memfd_create+0x31/0x40
[  568.381370][T31043]  x64_sys_call+0x28cb/0x3000
[  568.381473][T31043]  do_syscall_64+0xca/0x2b0
[  568.381512][T31043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.381539][T31043] RIP: 0033:0x7fac13e7f749
[  568.381557][T31043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.381648][T31043] RSP: 002b:00007fac128dee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  568.381677][T31043] RAX: ffffffffffffffda RBX: 000000000000072d RCX: 00007fac13e7f749
[  568.381691][T31043] RDX: 00007fac128deef0 RSI: 0000000000000000 RDI: 00007fac13f04960
[  568.381722][T31043] RBP: 00002000000014c0 R08: 00007fac128debb7 R09: 00007fac128dee40
[  568.381737][T31043] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000100
[  568.381753][T31043] R13: 00007fac128deef0 R14: 00007fac128deeb0 R15: 0000200000000300
[  568.381775][T31043]  </TASK>
[  568.597878][T31050] nfs4: Unknown parameter 'meta'
[  569.041366][T31086] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  569.041366][T31086]    program syz.3.6809 not setting count and/or reply_len properly
[  569.193816][T31090] set_capacity_and_notify: 2 callbacks suppressed
[  569.193839][T31090] loop4: detected capacity change from 0 to 512
[  569.207114][T31090] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  569.222034][T31090] EXT4-fs: error: could not find journal device path
[  569.715598][   T29] kauditd_printk_skb: 88 callbacks suppressed
[  569.715623][   T29] audit: type=1326 audit(1766895192.965:26337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.747537][   T29] audit: type=1326 audit(1766895192.995:26338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.771459][   T29] audit: type=1326 audit(1766895192.995:26339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.795181][   T29] audit: type=1326 audit(1766895192.995:26340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.818940][   T29] audit: type=1326 audit(1766895192.995:26341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.819002][T31121] loop5: detected capacity change from 0 to 512
[  569.842874][   T29] audit: type=1326 audit(1766895192.995:26342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.872686][   T29] audit: type=1326 audit(1766895192.995:26343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.880529][T31121] EXT4-fs: Ignoring removed nomblk_io_submit option
[  569.896283][   T29] audit: type=1326 audit(1766895192.995:26344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.902913][T31121] EXT4-fs: Ignoring removed oldalloc option
[  569.934339][   T29] audit: type=1326 audit(1766895193.045:26345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.958125][   T29] audit: type=1326 audit(1766895193.045:26346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31115 comm="syz.2.6811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe724edf749 code=0x7ffc0000
[  569.983304][T31121] EXT4-fs: Mount option(s) incompatible with ext2
[  570.017854][T31127] binfmt_misc: register: failed to install interpreter file ./file0
[  570.028527][T31131] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6815'.
[  570.031943][T31128] dvmrp1: entered allmulticast mode
[  570.051036][T31131] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=31131 comm=syz.5.6815
[  570.052874][T31128] dvmrp1: left allmulticast mode
[  570.108307][T31139] loop3: detected capacity change from 0 to 512
[  570.127438][T31139] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  570.199150][T31152] FAULT_INJECTION: forcing a failure.
[  570.199150][T31152] name failslab, interval 1, probability 0, space 0, times 0
[  570.212081][T31152] CPU: 0 UID: 0 PID: 31152 Comm: syz.4.6820 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  570.212121][T31152] Tainted: [W]=WARN
[  570.212185][T31152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  570.212202][T31152] Call Trace:
[  570.212210][T31152]  <TASK>
[  570.212218][T31152]  __dump_stack+0x1d/0x30
[  570.212248][T31152]  dump_stack_lvl+0x95/0xd0
[  570.212280][T31152]  dump_stack+0x15/0x1b
[  570.212365][T31152]  should_fail_ex+0x265/0x280
[  570.212401][T31152]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  570.212433][T31152]  should_failslab+0x8c/0xb0
[  570.212461][T31152]  kmem_cache_alloc_lru_noprof+0x6d/0x4c0
[  570.212494][T31152]  ? shmem_alloc_inode+0x34/0x50
[  570.212527][T31152]  ? kstrtouint_from_user+0x9f/0xf0
[  570.212626][T31152]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  570.212686][T31152]  shmem_alloc_inode+0x34/0x50
[  570.212717][T31152]  alloc_inode+0x40/0x170
[  570.212738][T31152]  new_inode+0x1d/0xe0
[  570.212759][T31152]  shmem_get_inode+0x246/0x750
[  570.212849][T31152]  __shmem_file_setup+0x113/0x210
[  570.212882][T31152]  shmem_file_setup+0x3b/0x50
[  570.212907][T31152]  __se_sys_memfd_create+0x2f7/0x6b0
[  570.213017][T31152]  __x64_sys_memfd_create+0x31/0x40
[  570.213048][T31152]  x64_sys_call+0x28cb/0x3000
[  570.213073][T31152]  do_syscall_64+0xca/0x2b0
[  570.213163][T31152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.213184][T31152] RIP: 0033:0x7f08ad09f749
[  570.213201][T31152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.213222][T31152] RSP: 002b:00007f08abafee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  570.213318][T31152] RAX: ffffffffffffffda RBX: 000000000000067b RCX: 00007f08ad09f749
[  570.213335][T31152] RDX: 00007f08abafeef0 RSI: 0000000000000000 RDI: 00007f08ad124960
[  570.213351][T31152] RBP: 00002000000007c0 R08: 00007f08abafebb7 R09: 00007f08abafee40
[  570.213367][T31152] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040
[  570.213384][T31152] R13: 00007f08abafeef0 R14: 00007f08abafeeb0 R15: 0000200000000240
[  570.213402][T31152]  </TASK>
[  570.434631][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  570.435205][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  570.484034][T31159] binfmt_misc: register: failed to install interpreter file ./file0
[  570.536093][T31153] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  570.717059][T31167] loop4: detected capacity change from 0 to 512
[  570.723935][T31167] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  570.738800][T31167] EXT4-fs: error: could not find journal device path
[  571.132761][T31153] loop5: detected capacity change from 0 to 512
[  571.150401][T31153] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  571.177954][T31153] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  571.192634][T31153] EXT4-fs (loop5): 1 truncate cleaned up
[  571.203250][T31153] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  571.223246][T31221] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  571.223246][T31221]    program syz.2.6825 not setting count and/or reply_len properly
[  571.356541][T31224] FAULT_INJECTION: forcing a failure.
[  571.356541][T31224] name failslab, interval 1, probability 0, space 0, times 0
[  571.369411][T31224] CPU: 0 UID: 0 PID: 31224 Comm: syz.4.6827 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  571.369524][T31224] Tainted: [W]=WARN
[  571.369533][T31224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  571.369547][T31224] Call Trace:
[  571.369555][T31224]  <TASK>
[  571.369564][T31224]  __dump_stack+0x1d/0x30
[  571.369644][T31224]  dump_stack_lvl+0x95/0xd0
[  571.369690][T31224]  dump_stack+0x15/0x1b
[  571.369714][T31224]  should_fail_ex+0x265/0x280
[  571.369741][T31224]  should_failslab+0x8c/0xb0
[  571.369768][T31224]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  571.369814][T31224]  ? __alloc_skb+0x2ff/0x4b0
[  571.369858][T31224]  __alloc_skb+0x2ff/0x4b0
[  571.369884][T31224]  ? __alloc_skb+0x228/0x4b0
[  571.369913][T31224]  netlink_alloc_large_skb+0xbf/0xf0
[  571.369946][T31224]  netlink_sendmsg+0x3cf/0x6b0
[  571.370031][T31224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.370071][T31224]  __sock_sendmsg+0x145/0x180
[  571.370225][T31224]  ____sys_sendmsg+0x31e/0x4a0
[  571.370262][T31224]  ___sys_sendmsg+0x17b/0x1d0
[  571.370305][T31224]  __x64_sys_sendmsg+0xd4/0x160
[  571.370342][T31224]  x64_sys_call+0x17ba/0x3000
[  571.370453][T31224]  do_syscall_64+0xca/0x2b0
[  571.370530][T31224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.370556][T31224] RIP: 0033:0x7f08ad09f749
[  571.370576][T31224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.370634][T31224] RSP: 002b:00007f08abaff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  571.370658][T31224] RAX: ffffffffffffffda RBX: 00007f08ad2f5fa0 RCX: 00007f08ad09f749
[  571.370739][T31224] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  571.370754][T31224] RBP: 00007f08abaff090 R08: 0000000000000000 R09: 0000000000000000
[  571.370770][T31224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.370785][T31224] R13: 00007f08ad2f6038 R14: 00007f08ad2f5fa0 R15: 00007fff5108ac38
[  571.370804][T31224]  </TASK>
[  571.654045][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.681337][T31240] dvmrp1: entered allmulticast mode
[  571.690412][T31240] dvmrp1: left allmulticast mode
[  571.723327][T31254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6835'.
[  571.749583][T31259] loop5: detected capacity change from 0 to 512
[  571.761405][T31259] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  571.883012][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  572.590243][T31296] nfs4: Unknown parameter 'meta'
[  572.595994][T31296] Invalid ELF header len 8
[  572.686962][T31306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6845'.
[  572.781258][T31325] netlink: 'syz.0.6851': attribute type 4 has an invalid length.
[  572.795443][T31329] dvmrp1: entered allmulticast mode
[  572.802802][T31329] dvmrp1: left allmulticast mode
[  572.852484][T31344] nfs4: Unknown parameter 'meta'
[  572.857926][T31344] Invalid ELF header len 8
[  572.862638][T31345] loop3: detected capacity change from 0 to 512
[  572.885257][T31351] random: crng reseeded on system resumption
[  572.887676][T31345] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  572.905898][T31351] FAULT_INJECTION: forcing a failure.
[  572.905898][T31351] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.919112][T31351] CPU: 0 UID: 0 PID: 31351 Comm: syz.0.6856 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  572.919223][T31351] Tainted: [W]=WARN
[  572.919312][T31351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  572.919326][T31351] Call Trace:
[  572.919333][T31351]  <TASK>
[  572.919342][T31351]  __dump_stack+0x1d/0x30
[  572.919372][T31351]  dump_stack_lvl+0x95/0xd0
[  572.919465][T31351]  dump_stack+0x15/0x1b
[  572.919487][T31351]  should_fail_ex+0x265/0x280
[  572.919512][T31351]  should_fail+0xb/0x20
[  572.919606][T31351]  should_fail_usercopy+0x1a/0x20
[  572.919636][T31351]  _copy_from_iter+0xcf/0xe70
[  572.919667][T31351]  ? __alloc_skb+0x396/0x4b0
[  572.919696][T31351]  ? __alloc_skb+0x228/0x4b0
[  572.919792][T31351]  netlink_sendmsg+0x471/0x6b0
[  572.919832][T31351]  ? __pfx_netlink_sendmsg+0x10/0x10
[  572.919870][T31351]  __sock_sendmsg+0x145/0x180
[  572.919932][T31351]  ____sys_sendmsg+0x31e/0x4a0
[  572.919982][T31351]  ___sys_sendmsg+0x17b/0x1d0
[  572.920031][T31351]  __x64_sys_sendmsg+0xd4/0x160
[  572.920119][T31351]  x64_sys_call+0x17ba/0x3000
[  572.920149][T31351]  do_syscall_64+0xca/0x2b0
[  572.920192][T31351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.920214][T31351] RIP: 0033:0x7f0e1ff3f749
[  572.920240][T31351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  572.920258][T31351] RSP: 002b:00007f0e1e9a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  572.920281][T31351] RAX: ffffffffffffffda RBX: 00007f0e20195fa0 RCX: 00007f0e1ff3f749
[  572.920297][T31351] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000009
[  572.920344][T31351] RBP: 00007f0e1e9a7090 R08: 0000000000000000 R09: 0000000000000000
[  572.920356][T31351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  572.920368][T31351] R13: 00007f0e20196038 R14: 00007f0e20195fa0 R15: 00007ffcd9d308c8
[  572.920387][T31351]  </TASK>
[  573.267021][T31370] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6864'.
[  573.276712][T31370] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6864'.
[  573.286442][T31370] netlink: 14 bytes leftover after parsing attributes in process `syz.0.6864'.
[  573.301414][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  573.400677][T31403] netlink: 'syz.3.6865': attribute type 4 has an invalid length.
[  574.095125][T31426] loop3: detected capacity change from 0 to 512
[  574.101880][T31426] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  574.116703][T31426] EXT4-fs: error: could not find journal device path
[  574.514775][T31456] loop2: detected capacity change from 0 to 8192
[  574.551972][T31456] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  574.572268][T31467] FAULT_INJECTION: forcing a failure.
[  574.572268][T31467] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.585493][T31467] CPU: 1 UID: 0 PID: 31467 Comm: syz.0.6871 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  574.585558][T31467] Tainted: [W]=WARN
[  574.585567][T31467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  574.585583][T31467] Call Trace:
[  574.585593][T31467]  <TASK>
[  574.585604][T31467]  __dump_stack+0x1d/0x30
[  574.585634][T31467]  dump_stack_lvl+0x95/0xd0
[  574.585658][T31467]  dump_stack+0x15/0x1b
[  574.585720][T31467]  should_fail_ex+0x265/0x280
[  574.585812][T31467]  should_fail+0xb/0x20
[  574.585832][T31467]  should_fail_usercopy+0x1a/0x20
[  574.585914][T31467]  copy_folio_from_iter_atomic+0x26a/0x1150
[  574.586024][T31467]  ? shmem_write_begin+0xfc/0x1f0
[  574.586051][T31467]  ? shmem_write_begin+0x135/0x1f0
[  574.586082][T31467]  generic_perform_write+0x2c2/0x490
[  574.586120][T31467]  shmem_file_write_iter+0xc5/0xf0
[  574.586230][T31467]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  574.586278][T31467]  vfs_write+0x52a/0x960
[  574.586302][T31467]  __x64_sys_pwrite64+0xfd/0x150
[  574.586366][T31467]  x64_sys_call+0x9f7/0x3000
[  574.586393][T31467]  do_syscall_64+0xca/0x2b0
[  574.586470][T31467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.586498][T31467] RIP: 0033:0x7f0e1ff3f749
[  574.586518][T31467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.586563][T31467] RSP: 002b:00007f0e1e9a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  574.586629][T31467] RAX: ffffffffffffffda RBX: 00007f0e20195fa0 RCX: 00007f0e1ff3f749
[  574.586644][T31467] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000003
[  574.586658][T31467] RBP: 00007f0e1e9a7090 R08: 0000000000000000 R09: 0000000000000000
[  574.586671][T31467] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000001
[  574.586686][T31467] R13: 00007f0e20196038 R14: 00007f0e20195fa0 R15: 00007ffcd9d308c8
[  574.586709][T31467]  </TASK>
[  574.842954][T31473] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6876'.
[  574.857851][T31472] binfmt_misc: register: failed to install interpreter file ./file0
[  574.876875][   T29] kauditd_printk_skb: 102 callbacks suppressed
[  574.876893][   T29] audit: type=1326 audit(1766895198.125:26449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  574.913177][T31476] loop5: detected capacity change from 0 to 512
[  574.918347][   T29] audit: type=1326 audit(1766895198.155:26450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  574.930830][T31476] EXT4-fs: Ignoring removed i_version option
[  574.943399][   T29] audit: type=1326 audit(1766895198.155:26451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  574.973127][   T29] audit: type=1326 audit(1766895198.155:26452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  574.996972][   T29] audit: type=1326 audit(1766895198.155:26453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  575.005818][T31456] netlink: 'syz.2.6870': attribute type 10 has an invalid length.
[  575.020687][   T29] audit: type=1326 audit(1766895198.155:26454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  575.028501][T31456] netlink: 125828 bytes leftover after parsing attributes in process `syz.2.6870'.
[  575.058880][T31480] loop3: detected capacity change from 0 to 128
[  575.061636][   T29] audit: type=1326 audit(1766895198.155:26455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31474 comm="syz.3.6878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  575.111336][T31476] EXT4-fs (loop5): orphan cleanup on readonly fs
[  575.123916][T31476] EXT4-fs warning (device loop5): ext4_xattr_inode_get:560: inode #11: comm syz.5.6877: EA inode hash validation failed
[  575.150791][T31489] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6879'.
[  575.167669][T31476] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  575.180800][   T29] audit: type=1400 audit(1766895198.415:26456): avc:  denied  { create } for  pid=31488 comm="syz.0.6880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  575.180874][T31476] EXT4-fs error (device loop5): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.5.6877: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  575.200642][   T29] audit: type=1400 audit(1766895198.415:26457): avc:  denied  { connect } for  pid=31488 comm="syz.0.6880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  575.235536][   T29] audit: type=1400 audit(1766895198.415:26458): avc:  denied  { write } for  pid=31488 comm="syz.0.6880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  575.258027][T31476] EXT4-fs (loop5): Remounting filesystem read-only
[  575.264745][T31476] EXT4-fs warning (device loop5): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.5.6877: ea_inode dec ref err=-117
[  575.293630][T31476] EXT4-fs warning (device loop5): ext4_evict_inode:273: xattr delete (err -30)
[  575.302781][T31476] EXT4-fs (loop5): 1 orphan inode deleted
[  575.309039][T31476] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  575.376614][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.451241][T31503] binfmt_misc: register: failed to install interpreter file ./file0
[  575.502388][T31526] loop2: detected capacity change from 0 to 512
[  575.509217][T31526] EXT4-fs: Ignoring removed nomblk_io_submit option
[  575.516001][T31526] EXT4-fs: Ignoring removed oldalloc option
[  575.524093][T31526] EXT4-fs: Mount option(s) incompatible with ext2
[  575.579816][T31539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=31539 comm=syz.4.6889
[  575.598084][T31534] netlink: 'syz.5.6886': attribute type 4 has an invalid length.
[  575.721417][T31548] loop5: detected capacity change from 0 to 2048
[  575.728458][T31548] EXT4-fs: Ignoring removed mblk_io_submit option
[  575.750588][T31551] binfmt_misc: register: failed to install interpreter file ./file0
[  575.760110][T31548] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  575.761584][T31551] loop4: detected capacity change from 0 to 512
[  575.778955][T31551] EXT4-fs: Ignoring removed i_version option
[  575.783994][  T863] Bluetooth: hci0: Frame reassembly failed (-84)
[  575.793210][T31551] EXT4-fs (loop4): orphan cleanup on readonly fs
[  575.800400][T31551] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.6893: EA inode hash validation failed
[  575.815812][T31551] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.6893: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  575.832211][T31551] EXT4-fs (loop4): Remounting filesystem read-only
[  575.838750][T31551] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.4.6893: ea_inode dec ref err=-117
[  575.853824][T31551] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  575.863012][T31551] EXT4-fs (loop4): 1 orphan inode deleted
[  575.869181][T31551] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  575.906299][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  576.102829][T31573] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6896'.
[  576.181075][T31575] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6897'.
[  576.418543][T31580] random: crng reseeded on system resumption
[  576.450950][T31580] bridge_slave_0: left allmulticast mode
[  576.456729][T31580] bridge_slave_0: left promiscuous mode
[  576.462698][T31580] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.473921][T31580] bridge_slave_1: left allmulticast mode
[  576.479657][T31580] bridge_slave_1: left promiscuous mode
[  576.485533][T31580] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.495852][T31580] bond0: (slave bond_slave_0): Releasing backup interface
[  576.506537][T31580] bond0: (slave bond_slave_1): Releasing backup interface
[  576.518994][T31580] team0: Port device team_slave_0 removed
[  576.529987][T31580] team0: Port device team_slave_1 removed
[  576.542300][T31580] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  577.032082][T31636] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6903'.
[  577.041110][T31636] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6903'.
[  577.050240][T31636] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6903'.
[  577.087703][T31638] binfmt_misc: register: failed to install interpreter file ./file0
[  577.197443][T31645] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  577.197443][T31645]    program syz.3.6906 not setting count and/or reply_len properly
[  577.275807][T31646] loop4: detected capacity change from 0 to 512
[  577.282802][T31646] EXT4-fs: Ignoring removed i_version option
[  577.289084][T31646] EXT4-fs: Ignoring removed bh option
[  577.367336][T31646] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  577.380539][T31646] ext4 filesystem being mounted at /199/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  577.649527][T31655] random: crng reseeded on system resumption
[  577.754051][T31660] bridge_slave_0: left allmulticast mode
[  577.759846][T31660] bridge_slave_0: left promiscuous mode
[  577.765524][T31660] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.777088][T31660] bridge_slave_1: left allmulticast mode
[  577.782830][T31660] bridge_slave_1: left promiscuous mode
[  577.788544][T31660] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.799650][T31660] bond0: (slave bond_slave_0): Releasing backup interface
[  577.811203][T31660] bond0: (slave bond_slave_1): Releasing backup interface
[  577.843002][T31660] team0: Port device team_slave_0 removed
[  577.852765][T31660] team0: Port device team_slave_1 removed
[  577.899929][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  577.906233][ T3489] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  577.914363][T31660] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  577.971087][T31662] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6911'.
[  577.998231][T31662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=31662 comm=syz.0.6911
[  578.023259][T31665] binfmt_misc: register: failed to install interpreter file ./file0
[  578.036792][T25210] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.051901][T31665] loop3: detected capacity change from 0 to 512
[  578.068787][T31665] EXT4-fs: Ignoring removed i_version option
[  578.089060][T31665] EXT4-fs (loop3): orphan cleanup on readonly fs
[  578.109572][T31665] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.6912: EA inode hash validation failed
[  578.131100][T31665] EXT4-fs error (device loop3): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.3.6912: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  578.176434][T31665] EXT4-fs (loop3): Remounting filesystem read-only
[  578.183105][T31665] EXT4-fs warning (device loop3): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.3.6912: ea_inode dec ref err=-117
[  578.197861][T31673] loop5: detected capacity change from 0 to 256
[  578.246920][T31665] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -30)
[  578.370535][T31665] EXT4-fs (loop3): 1 orphan inode deleted
[  578.376888][T31665] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  578.403989][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.417003][T31687] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=31687 comm=syz.2.6917
[  578.487841][T31689] loop5: detected capacity change from 0 to 512
[  578.494992][T31689] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  578.509878][T31689] EXT4-fs: error: could not find journal device path
[  579.145883][T24531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  579.272229][T31734]  loop3: p2 < > p4
[  579.287837][T31734] loop3: p4 size 262144 extends beyond EOD, truncated
[  579.451009][T31761] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  579.465879][T31761] bond1 (unregistering): Released all slaves
[  579.957620][T31844] set_capacity_and_notify: 2 callbacks suppressed
[  579.957638][T31844] loop3: detected capacity change from 0 to 1024
[  579.971379][T31844] ext4: Unknown parameter 'uid<00000000000000000000'
[  579.983119][   T29] kauditd_printk_skb: 149 callbacks suppressed
[  579.983139][   T29] audit: type=1326 audit(1766895203.235:26608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.014263][   T29] audit: type=1326 audit(1766895203.235:26609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.038035][   T29] audit: type=1326 audit(1766895203.235:26610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.064382][   T29] audit: type=1326 audit(1766895203.275:26611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.088072][   T29] audit: type=1326 audit(1766895203.275:26612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.111729][   T29] audit: type=1326 audit(1766895203.275:26613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31850 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f96053f2005 code=0x7ffc0000
[  580.135377][   T29] audit: type=1326 audit(1766895203.285:26614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.159126][   T29] audit: type=1326 audit(1766895203.285:26615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.182864][   T29] audit: type=1326 audit(1766895203.285:26616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.206715][   T29] audit: type=1326 audit(1766895203.285:26617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31843 comm="syz.3.6932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96053bf749 code=0x7ffc0000
[  580.288924][T31855] loop2: detected capacity change from 0 to 512
[  580.295766][T31855] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  580.310679][T31855] EXT4-fs: error: could not find journal device path
[  580.735251][T31898] loop3: detected capacity change from 0 to 256
[  580.756758][T31901] FAULT_INJECTION: forcing a failure.
[  580.756758][T31901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.770179][T31901] CPU: 0 UID: 0 PID: 31901 Comm: syz.4.6940 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  580.770253][T31901] Tainted: [W]=WARN
[  580.770262][T31901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  580.770276][T31901] Call Trace:
[  580.770285][T31901]  <TASK>
[  580.770366][T31901]  __dump_stack+0x1d/0x30
[  580.770401][T31901]  dump_stack_lvl+0x95/0xd0
[  580.770439][T31901]  dump_stack+0x15/0x1b
[  580.770464][T31901]  should_fail_ex+0x265/0x280
[  580.770488][T31901]  should_fail+0xb/0x20
[  580.770603][T31901]  should_fail_usercopy+0x1a/0x20
[  580.770640][T31901]  _copy_from_user+0x1c/0xb0
[  580.770679][T31901]  ___sys_sendmsg+0xc1/0x1d0
[  580.770780][T31901]  __x64_sys_sendmsg+0xd4/0x160
[  580.770817][T31901]  x64_sys_call+0x17ba/0x3000
[  580.770932][T31901]  do_syscall_64+0xca/0x2b0
[  580.770972][T31901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.771067][T31901] RIP: 0033:0x7f08ad09f749
[  580.771087][T31901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  580.771165][T31901] RSP: 002b:00007f08abaff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  580.771186][T31901] RAX: ffffffffffffffda RBX: 00007f08ad2f5fa0 RCX: 00007f08ad09f749
[  580.771198][T31901] RDX: 0000000000008980 RSI: 0000200000000040 RDI: 0000000000000005
[  580.771298][T31901] RBP: 00007f08abaff090 R08: 0000000000000000 R09: 0000000000000000
[  580.771310][T31901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  580.771322][T31901] R13: 00007f08ad2f6038 R14: 00007f08ad2f5fa0 R15: 00007fff5108ac38
[  580.771345][T31901]  </TASK>
[  580.991413][T31909] netlink: 'syz.3.6944': attribute type 4 has an invalid length.
[  581.073806][T31920] binfmt_misc: register: failed to install interpreter file ./file0
[  581.086053][T31920] loop3: detected capacity change from 0 to 512
[  581.093106][T31920] EXT4-fs: Ignoring removed i_version option
[  581.100502][T31920] EXT4-fs (loop3): orphan cleanup on readonly fs
[  581.107454][T31920] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.6945: EA inode hash validation failed
[  581.120712][T31920] EXT4-fs error (device loop3): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.3.6945: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  581.137333][T31920] EXT4-fs (loop3): Remounting filesystem read-only
[  581.143994][T31920] EXT4-fs warning (device loop3): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.3.6945: ea_inode dec ref err=-117
[  581.157086][T31920] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -30)
[  581.166995][T31920] EXT4-fs (loop3): 1 orphan inode deleted
[  581.173551][T31920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  581.185662][T31924] loop4: detected capacity change from 0 to 2048
[  581.205376][T28487] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  581.260703][T31924]  loop4: p2 < > p4
[  581.270538][T31924] loop4: p4 size 262144 extends beyond EOD, truncated
[  581.277139][T31936] loop3: detected capacity change from 0 to 128
[  581.315829][T31936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6948'.
[  581.332910][T31944] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=31944 comm=syz.5.6949
[  581.739192][T31991] loop2: detected capacity change from 0 to 2048
[  581.790534][T31991]  loop2: p2 < > p4
[  581.795091][T31991] loop2: p4 size 262144 extends beyond EOD, truncated
[  582.005603][T32018] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  582.045833][T32023] binfmt_misc: register: failed to install interpreter file ./file0
[  582.056467][T32023] loop2: detected capacity change from 0 to 512
[  582.063143][T32023] EXT4-fs: Ignoring removed i_version option
[  582.070511][T32023] EXT4-fs (loop2): orphan cleanup on readonly fs
[  582.077286][T32023] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.6962: EA inode hash validation failed
[  582.090185][T32023] EXT4-fs error (device loop2): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.2.6962: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  582.105412][T32023] EXT4-fs (loop2): Remounting filesystem read-only
[  582.111973][T32023] EXT4-fs warning (device loop2): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.2.6962: ea_inode dec ref err=-117
[  582.124900][T32023] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -30)
[  582.133901][T32023] EXT4-fs (loop2): 1 orphan inode deleted
[  582.140304][T32023] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  582.166340][T23025] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  582.183590][T32029] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=32029 comm=syz.2.6963
[  582.574926][T32064] loop5: detected capacity change from 0 to 128
[  582.632747][T32064] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6968'.
[  583.038657][T32078] binfmt_misc: register: failed to install interpreter file ./file0
[  583.264640][T32087] loop3: detected capacity change from 0 to 512
[  583.271896][T32087] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  583.286867][T32087] EXT4-fs: error: could not find journal device path
[  583.447075][  T850] ==================================================================
[  583.455204][  T850] BUG: KCSAN: data-race in alloc_pid / copy_process
[  583.461816][  T850] 
[  583.464138][  T850] read-write to 0xffffffff86860008 of 4 bytes by task 52 on cpu 1:
[  583.472036][  T850]  alloc_pid+0x54c/0x760
[  583.476821][  T850]  copy_process+0xdd1/0x1ef0
[  583.481501][  T850]  kernel_clone+0x16c/0x5c0
[  583.486106][  T850]  user_mode_thread+0x7d/0xb0
[  583.490887][  T850]  call_usermodehelper_exec_work+0x41/0x160
[  583.496793][  T850]  process_scheduled_works+0x4ce/0x9d0
[  583.502259][  T850]  worker_thread+0x582/0x770
[  583.506855][  T850]  kthread+0x489/0x510
[  583.511036][  T850]  ret_from_fork+0x149/0x290
[  583.515741][  T850]  ret_from_fork_asm+0x1a/0x30
[  583.520512][  T850] 
[  583.522840][  T850] read to 0xffffffff86860008 of 4 bytes by task 850 on cpu 0:
[  583.530381][  T850]  copy_process+0x16d4/0x1ef0
[  583.535063][  T850]  kernel_clone+0x16c/0x5c0
[  583.539572][  T850]  user_mode_thread+0x7d/0xb0
[  583.544255][  T850]  call_usermodehelper_exec_work+0x41/0x160
[  583.550155][  T850]  process_scheduled_works+0x4ce/0x9d0
[  583.555792][  T850]  worker_thread+0x582/0x770
[  583.560388][  T850]  kthread+0x489/0x510
[  583.564463][  T850]  ret_from_fork+0x149/0x290
[  583.569062][  T850]  ret_from_fork_asm+0x1a/0x30
[  583.573833][  T850] 
[  583.576152][  T850] value changed: 0x80000111 -> 0x80000112
[  583.581949][  T850] 
[  583.584284][  T850] Reported by Kernel Concurrency Sanitizer on:
[  583.590511][  T850] CPU: 0 UID: 0 PID: 850 Comm: kworker/u8:7 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  583.601914][  T850] Tainted: [W]=WARN
[  583.605807][  T850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  583.615871][  T850] Workqueue: events_unbound call_usermodehelper_exec_work
[  583.623090][  T850] ==================================================================