last executing test programs:

3.143263201s ago: executing program 0 (id=1262):
unshare(0x20060400)
r0 = syz_io_uring_setup(0x70ad, &(0x7f0000000240)={0x0, 0x5a36, 0x3180, 0x0, 0x40024f}, &(0x7f0000000340)=<r1=>0x0, &(0x7f00000004c0)=<r2=>0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x18, 0x8, &(0x7f0000001cc0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x6, 0x0, r0, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netlink(r6, 0x10e, 0x9, 0x0, &(0x7f0000000300))
getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x4a, 0x0, &(0x7f0000000080)=0xe)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c00a9ec028301010000000000000000858e45996fe571519ee87acf0400004a080001000100002a"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000203030100000000000000000400000a"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x8}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20080041}, 0x20008090)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300001018110000c3bdcf34911aca7b19a3f4b105602a99b3caf426f64ad3d77abb580da842e699c36a74a9c44e8a662e04f519eae85c852c1478334c99ab9ec50c66dc6998bf44acf9f202390502966af755487d7adc5925dfb0899b95c86a1be70896de6e70fed7fdc13bf2aa7970238318f9350f7b32cab2a138af12d0ab10e2414560870ce76196c25a7274b41c1b42933669e57a40d4ed3fcadb70b1515959307beb2f82ed19e3592787535c5eccd7cdf9", @ANYRES32=r9, @ANYRESOCT=r7], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r10}, 0xc)
r11 = epoll_create(0xb213)
r12 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_MOD(r11, 0x3, r12, &(0x7f0000000280)={0x2000000})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000780)=ANY=[@ANYRESHEX=r6, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000007c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000740))
r13 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r13, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r14=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r13, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000100)=0x1, r14, 0x0, 0x1, 0x4}}, 0x20)

2.681371474s ago: executing program 0 (id=1268):
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket(0x10, 0x3, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x100})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEP_LINK_UP(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd70fffddbdf250400000008000100", @ANYRES32=0x0, @ANYBLOB="05000a"], 0x54}, 0x1, 0x0, 0x0, 0x2805}, 0x4000)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c00014000000000000000080800044000000001"], 0xdc}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r8)
getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x585d4d9346027f5c}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0xd, 0x1fff}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5}}}]}}]}]}]}}]}, 0x6c}}, 0x0)
pipe2$9p(&(0x7f0000000240)={<r10=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r0}})

2.102420137s ago: executing program 0 (id=1280):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11)
close(0xffffffffffffffff)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000840)="01000100ec85000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000380)={0x9, 0x81, 0x2})
write$binfmt_aout(r2, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0))
r3 = syz_open_pts(r2, 0x101000)
r4 = dup3(r3, r2, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x17)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r5, 0x10c, 0x3, &(0x7f0000000a40), &(0x7f0000000a80)=0x4)
timer_delete(0x0)

1.153415663s ago: executing program 0 (id=1308):
socket$netlink(0x10, 0x3, 0x8000000004)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000200), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x1a2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0xf, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000040000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kfree\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="20298325db06da955f33c822a8b5fe254f9a2e9de6993b2170ccabd9ddb1e7f956b5a2d0a9e4e2a829d7dd49724aa2f2760ef95e8c1fd9dfde027ef9463c46886c", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c"], 0x65)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="209758d16b47aad840676898e1643800010026bd7000ffdbdf250900020073797a33000000008000e38f736977001400330064676500"/70], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x20000010)
r10 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r10, 0x114, 0x5, 0x0, &(0x7f00000000c0))
getsockopt$bt_l2cap_L2CAP_LM(r10, 0x6, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
r11 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r11, 0x29, 0x6, &(0x7f0000000140)={0x7d, {{0x29, 0x0, 0x3000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x5}}}, 0x88)
fallocate(r2, 0x0, 0xbf5, 0x2000402)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000040)={0xc, r2, 0x0, 0x0, 0x0, 0xfffffffffe000001})
socket$netlink(0x10, 0x3, 0x10)

990.979594ms ago: executing program 2 (id=1311):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0x1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6, 0x76b5}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000038c0)={0x0, 0x0, 0x0}, 0x40)
syz_io_uring_complete(0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
io_uring_enter(0xffffffffffffffff, 0x92, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="31832abd70000000000019000000180001801400020065727370616e30"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886)

561.829217ms ago: executing program 2 (id=1320):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap$perf(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x50, r1, 0x8000000000000001)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="480000001000030400000000fdffff0000000300", @ANYRES32=0x0, @ANYBLOB="0000f7ff400000001403128009000100769102", @ANYRES32=0x0, @ANYBLOB="0c001a800800028004000180"], 0x48}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='rpcgss_upcall_msg\x00', r4, 0x0, 0x7b7c}, 0x18)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = socket(0x2d, 0x2, 0x0)
bind$xdp(r5, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0x11a}, 0x10)

555.418297ms ago: executing program 3 (id=1321):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap$perf(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x50, r1, 0x8000000000000001)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="480000001000030400000000fdffff0000000300", @ANYRES32=0x0, @ANYBLOB="0000f7ff400000001403128009000100769102", @ANYRES32=0x0, @ANYBLOB="0c001a800800028004000180"], 0x48}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unshare(0x28040600)
r3 = socket(0x2d, 0x2, 0x0)
bind$xdp(r3, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0x11a}, 0x10)

513.438797ms ago: executing program 4 (id=1322):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xdc}, 0x1, 0x0, 0x0, 0x4008850}, 0x40)

489.151577ms ago: executing program 1 (id=1324):
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket(0x10, 0x3, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x100})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEP_LINK_UP(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010027bd70fffddbdf250400000008000100", @ANYRES32=0x0, @ANYBLOB="05000a"], 0x54}, 0x1, 0x0, 0x0, 0x2805}, 0x4000)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c00014000000000000000080800044000000001"], 0xdc}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x585d4d9346027f5c}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd, 0x1fff}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5}}}]}}]}]}]}}]}, 0x6c}}, 0x0)
pipe2$9p(&(0x7f0000000240), 0x800)

465.245947ms ago: executing program 2 (id=1325):
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket(0x10, 0x3, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x100})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEP_LINK_UP(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010027bd70fffddbdf250400000008000100", @ANYRES32=0x0, @ANYBLOB="05000a"], 0x54}, 0x1, 0x0, 0x0, 0x2805}, 0x4000)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c00014000000000000000080800044000000001"], 0xdc}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd, 0x1fff}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5}}}]}}]}]}]}}]}, 0x6c}}, 0x0)
pipe2$9p(&(0x7f0000000240), 0x800)

464.099927ms ago: executing program 4 (id=1326):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x10007ffffffff}, 0x18)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0xe000202b})
epoll_pwait(r4, &(0x7f00000000c0)=[{}], 0x1, 0xd92d, 0x0, 0x0)

279.619399ms ago: executing program 0 (id=1327):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write(r0, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3db", 0x4f)
syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x800}, 0x18)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000140)=0x9, 0x4)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0)
recvmsg(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000000040))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000002000000000000000100008018150000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000450000001801000020756c2500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r7, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x46b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0x1ffffffffffffffd}, 0x18)
socket(0xa, 0x3, 0x87)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val={'init_itable', 0x3d, 0x7ff}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x66}}, {@user_xattr}, {@nolazytime}, {@quota}]}, 0x3, 0x43d, &(0x7f0000002200)="$eJzs28tvG0UYAPBv7aRt+iChKo+mBQIFEfFImrSUHriAQOIAEhIcyjHkUYW6DWqCRKsIAkLliCpxRxyR+As4wQUBJySucEeVKpRLCyejtXcT27HzqlOH+veTtp3ZHWvm8+5nz+7EAXStofSfJOJgRPwREf3Van2Doep/t5cXJ/9ZXpxMolx++++k0u7W8uJk3jR/3YG80hNR+DyJY036nb9y9cJEqTR9OauPLlz8YHT+ytXnZy9OnJ8+P31p/OzZ06fGXjwz/sKm4ujZ4Hga163Bj+eOH3393etvTp67/t4v3yV5/A1xtMnQegefKpcrb1LS5k475VBNOdnoZLBrFLPc6a3kf38UazKpP177rKODA3ZUuVwuP9j68FIZuIcl0ekRAJ2Rf9Gn97/51nI2sK/t04+Ou/ly9QYojft2tlWP9EQha9PbcH/bTkMRcW7p36/TLXbmOQQAQJ0f0vnPc83mf4WofS50X7aGMhAR90fE4Yg4ExFHIuKBiErbhyLi4S3237hIsnb+U7ixrcA2KZ3/vZStbdXP//LZXwwUs9qhSvy9ycxsafpk9p4MR+/etD62Th8/vvr7l62O1c7/0i3tP58LZuO40bO3/jVTEwsTdxJzrZufRgz2NIs/WVkJSCLiaEQMbrOP2We+Pd7q2Mbxr6MN60zlbyKerp7/pWiIP5esvz45ui9K0ydH86tirV9/u/ZWq/7vKP42SM///qbX/0r8A0nteu381vu49ucXLe9ptnv970neqdv30cTCwuWxiD3JG9VB1+4fb2g3vto+jX/4RPP8Pxyr78SxiEgv4kci4tGIeCwb++MR8UREnFgn/p9fefL97ce/s9L4p7Z0/lcLe6JxT/NC8cJP39d1OrCV+NPzf7pSGs72bObzbzPj2t7VDAAAAP8/hYg4GElhZKVcKIyMVP+G/0jsL5Tm5heenZn78NJU9TcCA9FbyJ909dc8Dx3Lbuvz+nhD/VT23PirYl+lPjI5V5rqdPDQ5Q60yP/UX8VOjw7YcX6vBd1L/kP3kv/QveQ/dK8m+d/XiXEAd1+z7/9POjAO4O5ryH/LftBF3P9D95L/0L3kP3Sl+b7Y+EfyCgprClHYFcPICzO7Yxj3TqHTn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5dn5s8=")
r8 = open(&(0x7f0000000000)='./file2\x00', 0x147842, 0x1ef)
preadv2(r8, &(0x7f0000000d80)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x1, 0x0, 0x0, 0x1b)

279.129599ms ago: executing program 3 (id=1328):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fremovexattr(r3, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00')

233.669369ms ago: executing program 3 (id=1329):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="a1ab23bd7000fdffffff3200000008001701"], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000140), &(0x7f0000000040)='%+9llu \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mount$9p_tcp(0x0, &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x8010, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=tcp'])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ftruncate(0xffffffffffffffff, 0x51a9497)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00', <r7=>0x0})
bind$packet(r6, &(0x7f0000000040)={0x11, 0x1, r7, 0x1, 0x9}, 0x14)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r7, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)

231.395179ms ago: executing program 2 (id=1330):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0x1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6, 0x76b5}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000038c0)={0x0, 0x0, 0x0}, 0x40)
syz_io_uring_complete(0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
io_uring_enter(0xffffffffffffffff, 0x92, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="31832abd70000000000019000000180001801400020065727370616e30"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886)

220.974439ms ago: executing program 1 (id=1331):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x90}, 0x1, 0x0, 0x0, 0x4008850}, 0x40)

201.777729ms ago: executing program 1 (id=1332):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2, 0x7}, 0x76e0})

145.081059ms ago: executing program 1 (id=1333):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='kfree\x00', r2, 0x0, 0x2}, 0x18)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000003e000701fcfffffff6dbdf25017c0000080003"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
process_vm_readv(0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/74, 0x4a}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x2, &(0x7f0000000340)=[{&(0x7f0000000280)=""/63, 0x3f}], 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r2}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r4 = request_key(&(0x7f0000002cc0)='user\x00', &(0x7f0000002d00)={'syz', 0x2}, &(0x7f0000002d40)='user.incfs.metadata\x00', 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000002d80)='blacklist\x00', &(0x7f0000002ec0))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002c80)={r3, 0xe0, &(0x7f0000002b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000002980)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000002f00), &(0x7f0000002a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x71, &(0x7f0000002a40)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000002ac0), &(0x7f0000002b00), 0x8, 0x800cb, 0x8, 0x8, &(0x7f0000002b40)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001840)={0x10, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r5}, 0x94)
setuid(0xee00)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000014000103f7000000010000000b"], 0x14}}, 0x4014)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000001740)={0x0, 0xbd, "4f1ad6e5dabc31cd9239badded7d3a42e6dbdcc685672e052b01e00b85401ebf601bc4ee4a5d8de247b861f94bb3e7d024bfa8b39b2bf29b631c434099ea99ef889067a3fa31bd91cbee98134bbe39779440cea92f289def571ed8d45729174ac20df0697358c816811b9dd716c9b7178ae19146f2fc6864d67f2f42e191ad83d7a774715aedbe698732bfb520c53180ba1fb909c1e29eff10dd4d4d47dd6df73940e234693e70d2fac3cd1c28432036f1036ca208fe550a6dde7037c9"}, &(0x7f0000000600)=0xc5)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173)
ftruncate(r3, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x19}, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000029000000040000005e000000000000ff17000000000000002900000037"], 0x30}, 0xc4)

144.422809ms ago: executing program 4 (id=1334):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008850}, 0x40)

125.557139ms ago: executing program 3 (id=1335):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap$perf(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x50, r1, 0x8000000000000001)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="480000001000030400000000fdffff0000000300", @ANYRES32=0x0, @ANYBLOB="0000f7ff400000001403128009000100769102", @ANYRES32=0x0, @ANYBLOB="0c001a800800028004000180"], 0x48}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='rpcgss_upcall_msg\x00', r4, 0x0, 0x7b7c}, 0x18)
r5 = socket(0x2d, 0x2, 0x0)
bind$xdp(r5, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0x11a}, 0x10)

94.20801ms ago: executing program 4 (id=1336):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@rdma_args={0x48, 0x114, 0x1, {{0x80000000, 0x403fc}, {&(0x7f00000001c0)=""/227, 0xe3}, &(0x7f0000000480)=[{&(0x7f0000000380)=""/153, 0x99}], 0x1, 0x17, 0x6}}, @fadd={0x58, 0x114, 0x6, {{0x4, 0x5}, &(0x7f0000000080)=0x10, 0x0, 0x5, 0x8000, 0x3, 0x1, 0x8, 0xfffffffffffffffd}}], 0xa0, 0x20040000}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)

93.255139ms ago: executing program 0 (id=1337):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write(r0, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3db", 0x4f)
syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x800}, 0x18)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000140)=0x9, 0x4)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0)
recvmsg(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000000040))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000002000000000000000100008018150000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000450000001801000020756c2500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r7, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x46b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0x1ffffffffffffffd}, 0x18)
r8 = socket(0xa, 0x3, 0x87)
sendmsg(r8, &(0x7f0000000700)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x5, @dev={0xfe, 0x80, '\x00', 0x43}, 0x7, 0x2}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000000)='\x00\x00', 0x2}, {0x0}], 0x2}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val={'init_itable', 0x3d, 0x7ff}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x66}}, {@user_xattr}, {@nolazytime}, {@quota}]}, 0x3, 0x43d, &(0x7f0000002200)="$eJzs28tvG0UYAPBv7aRt+iChKo+mBQIFEfFImrSUHriAQOIAEhIcyjHkUYW6DWqCRKsIAkLliCpxRxyR+As4wQUBJySucEeVKpRLCyejtXcT27HzqlOH+veTtp3ZHWvm8+5nz+7EAXStofSfJOJgRPwREf3Van2Doep/t5cXJ/9ZXpxMolx++++k0u7W8uJk3jR/3YG80hNR+DyJY036nb9y9cJEqTR9OauPLlz8YHT+ytXnZy9OnJ8+P31p/OzZ06fGXjwz/sKm4ujZ4Hga163Bj+eOH3393etvTp67/t4v3yV5/A1xtMnQegefKpcrb1LS5k475VBNOdnoZLBrFLPc6a3kf38UazKpP177rKODA3ZUuVwuP9j68FIZuIcl0ekRAJ2Rf9Gn97/51nI2sK/t04+Ou/ly9QYojft2tlWP9EQha9PbcH/bTkMRcW7p36/TLXbmOQQAQJ0f0vnPc83mf4WofS50X7aGMhAR90fE4Yg4ExFHIuKBiErbhyLi4S3237hIsnb+U7ixrcA2KZ3/vZStbdXP//LZXwwUs9qhSvy9ycxsafpk9p4MR+/etD62Th8/vvr7l62O1c7/0i3tP58LZuO40bO3/jVTEwsTdxJzrZufRgz2NIs/WVkJSCLiaEQMbrOP2We+Pd7q2Mbxr6MN60zlbyKerp7/pWiIP5esvz45ui9K0ydH86tirV9/u/ZWq/7vKP42SM///qbX/0r8A0nteu381vu49ucXLe9ptnv970neqdv30cTCwuWxiD3JG9VB1+4fb2g3vto+jX/4RPP8Pxyr78SxiEgv4kci4tGIeCwb++MR8UREnFgn/p9fefL97ce/s9L4p7Z0/lcLe6JxT/NC8cJP39d1OrCV+NPzf7pSGs72bObzbzPj2t7VDAAAAP8/hYg4GElhZKVcKIyMVP+G/0jsL5Tm5heenZn78NJU9TcCA9FbyJ909dc8Dx3Lbuvz+nhD/VT23PirYl+lPjI5V5rqdPDQ5Q60yP/UX8VOjw7YcX6vBd1L/kP3kv/QveQ/dK8m+d/XiXEAd1+z7/9POjAO4O5ryH/LftBF3P9D95L/0L3kP3Sl+b7Y+EfyCgprClHYFcPICzO7Yxj3TqHTn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5dn5s8=")
r9 = open(&(0x7f0000000000)='./file2\x00', 0x147842, 0x1ef)
preadv2(r9, &(0x7f0000000d80)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x1, 0x0, 0x0, 0x1b)

76.4367ms ago: executing program 1 (id=1338):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
socket$inet6(0xa, 0x80000, 0x6)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="a1ab23bd7000fdffffff3200000008001701"], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)

76.02081ms ago: executing program 2 (id=1339):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fremovexattr(r3, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00')

62.72089ms ago: executing program 3 (id=1340):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)

62.15943ms ago: executing program 4 (id=1341):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x3eae, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
syz_clone3(&(0x7f0000001cc0)={0x10010000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0}, 0x58)

13.52734ms ago: executing program 2 (id=1342):
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket(0x10, 0x3, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x100})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100003}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEP_LINK_UP(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010027bd70fffddbdf250400000008000100", @ANYRES32=0x0, @ANYBLOB="05000a"], 0x54}, 0x1, 0x0, 0x0, 0x2805}, 0x4000)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c00014000000000000000080800044000000001"], 0xdc}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x585d4d9346027f5c}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd, 0x1fff}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5}}}]}}]}]}]}}]}, 0x6c}}, 0x0)
pipe2$9p(&(0x7f0000000240), 0x800)

12.87569ms ago: executing program 1 (id=1343):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@filter={'filter\x00', 0xe, 0x4, 0x2b0, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x260, 0x260, 0x260, 0xffffffff, 0x4, 0x0, {[{{@ip={@local, @broadcast, 0xff, 0x0, 'wlan0\x00', 'ip6tnl0\x00', {}, {}, 0x21, 0x1, 0x1}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @broadcast, 0x1070, 0x2, [0xb, 0x40, 0x4, 0x3e, 0x27, 0x35, 0x2f, 0x3, 0x36, 0x25, 0x6, 0x24, 0x4, 0x2c, 0x7, 0x37], 0x0, 0xfff, 0x80000001}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x20, 'ERROR\x00', 0x0, "44f6f70f0c76234ab055ef077ebacfcc3fc5ef1372371f4b27a7c531de0a"}}, {{@ip={@multicast1, @multicast2, 0xffffffff, 0xff000000, 'wlan1\x00', 'vxcan1\x00', {0xff}, {0xff}, 0x4, 0x6, 0x1}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000230900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20)
cachestat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000000)={0xa0, 0x30, 0x321, 0x3, 0x0, 0x101, 0x0})

2.39826ms ago: executing program 3 (id=1344):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x2, 0x3, 0x0, 0x3, 0xd, 0x0, 0x4070bd2c, 0x25dfdbfc, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x80000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @remote}}]}, 0x68}, 0x1, 0x7}, 0x0)

0s ago: executing program 4 (id=1345):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x0, 0x0})
syz_clone3(0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x66002)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0xc0a81, 0x0)
socket$kcm(0x10, 0x2, 0x4)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x100010, 0xffffffffffffffff, 0xffffc000)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000000000000b703000000030000850000001b0000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_ACTIVATE(r3, 0x5606, 0x4)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x8000)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={&(0x7f00000000c0)="db0514c97136911c97be31f3d2e1d991eead5ce51c53bf364cd8eb501ba20f28bb14a29721e985cc63b105981dc551d671af513858befd185de2a7ae133f4de0b9dc68fb235712c5afa6825a477bf837ae5f7c497bc18da3ba683094e19f86194aad5cf4ccf8b70b267ee377634846b861a1", &(0x7f0000000140)=""/24, &(0x7f00000002c0)="ba53946424f603c3348c7c278ebc4a25ea186f1ff9bba530a741d8a4ae94119c6a9bec3a130f60e09a1b302fe89b00c0e34a43", &(0x7f00000007c0)="95c2105e075c3c1be7675b72f1630034c47b10ca0cdc5834c96aa6020ffc3a2f3390c1334c0c24acf510bcfcb3e51b29444e16f7719462c58a3263c2939916118e1afa40ea7849f38c398e411b473453a7ac12451968e2a4affec0e9d2d6e4f0379d887e550198918cdddf19b1866b629f84bd9f1cdc01e0160ebc821416bc04cdcc9c8e65b8f8d9a1c92fd69045a845b562366eebbd13c1eb32b3036e1982ec862104fb10cc333d5ab8bac0401470884b8128f1df80d3dcb47ee2eb16840e4cade859715da4950d96cce8d821d01a66d29ce3f90f9d6e8f2c297ffc52c61ee8cb0a44ba3930fb8c374b534bfb45668a21520391b92d71148346", 0x2, r2, 0x4}, 0x38)
write$P9_RWSTAT(r2, &(0x7f0000000580)={0x7, 0x7f, 0x1}, 0x7)

kernel console output (not intermixed with test programs):

 change from 0 to 512
[   73.547584][   T29] audit: type=1326 audit(1762345169.331:6316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.571378][   T29] audit: type=1326 audit(1762345169.331:6317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.594802][   T29] audit: type=1326 audit(1762345169.331:6318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.618213][   T29] audit: type=1326 audit(1762345169.341:6319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.641640][   T29] audit: type=1326 audit(1762345169.341:6320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.665009][   T29] audit: type=1326 audit(1762345169.341:6321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.688455][   T29] audit: type=1326 audit(1762345169.341:6322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.711796][   T29] audit: type=1326 audit(1762345169.341:6323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.735217][   T29] audit: type=1326 audit(1762345169.341:6324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   73.802438][ T5579] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   73.816261][ T5570] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.832348][ T5579] netlink: 'syz.3.665': attribute type 10 has an invalid length.
[   73.885478][ T5570] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.998935][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.075462][ T5591] loop2: detected capacity change from 0 to 1024
[   74.132645][ T5591] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.185336][ T5601] loop4: detected capacity change from 0 to 1024
[   74.238537][ T5601] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.671: Failed to acquire dquot type 0
[   74.255219][ T5591] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.667: Allocating blocks 449-513 which overlap fs metadata
[   74.277785][ T5589] EXT4-fs (loop2): pa ffff8881072f1150: logic 48, phys. 177, len 21
[   74.285911][ T5589] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   74.296220][ T5601] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   74.320205][ T5601] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.671: corrupted inode contents
[   74.332314][ T5601] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #13: comm syz.4.671: mark_inode_dirty error
[   74.344401][ T5601] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.671: corrupted inode contents
[   74.345089][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.356364][ T5601] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.671: mark_inode_dirty error
[   74.376759][ T5601] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.671: corrupted inode contents
[   74.388743][ T5601] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[   74.397687][ T5601] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.671: corrupted inode contents
[   74.409586][ T5601] EXT4-fs error (device loop4): ext4_truncate:4637: inode #13: comm syz.4.671: mark_inode_dirty error
[   74.421058][ T5601] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[   74.431215][ T5601] EXT4-fs (loop4): 1 truncate cleaned up
[   74.437433][ T5601] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.468111][ T5615] loop2: detected capacity change from 0 to 1024
[   74.484282][ T5613] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   74.529736][ T5601] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   74.543145][ T5613] netlink: 'syz.0.676': attribute type 10 has an invalid length.
[   74.570330][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.614875][ T5615] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.654928][ T5630] loop4: detected capacity change from 0 to 1024
[   74.669333][ T5615] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.675: Allocating blocks 449-513 which overlap fs metadata
[   74.707820][ T5614] EXT4-fs (loop2): pa ffff8881071a8850: logic 48, phys. 177, len 21
[   74.715891][ T5614] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   74.718167][ T5637] loop1: detected capacity change from 0 to 512
[   74.746924][ T5630] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.762444][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.765973][ T5637] FAT-fs (loop1): error, corrupted directory (invalid entries)
[   74.834055][ T5630] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.681: Allocating blocks 449-513 which overlap fs metadata
[   74.880693][ T5629] EXT4-fs (loop4): pa ffff8881072f11c0: logic 48, phys. 177, len 21
[   74.888703][ T5643] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   74.903543][ T5643] netlink: 'syz.1.685': attribute type 10 has an invalid length.
[   74.904673][ T5629] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   74.943099][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.013453][ T5647] loop2: detected capacity change from 0 to 512
[   75.045685][ T5647] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.688: inode #0: comm syz.2.688: iget: illegal inode #
[   75.061294][ T5647] EXT4-fs (loop2): get orphan inode failed
[   75.067270][ T5647] EXT4-fs (loop2): mount failed
[   75.291932][ T5672] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   75.331913][ T5678] FAULT_INJECTION: forcing a failure.
[   75.331913][ T5678] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   75.345094][ T5678] CPU: 0 UID: 0 PID: 5678 Comm: syz.2.699 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   75.345123][ T5678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   75.345137][ T5678] Call Trace:
[   75.345143][ T5678]  <TASK>
[   75.345152][ T5678]  __dump_stack+0x1d/0x30
[   75.345177][ T5678]  dump_stack_lvl+0xe8/0x140
[   75.345200][ T5678]  dump_stack+0x15/0x1b
[   75.345346][ T5678]  should_fail_ex+0x265/0x280
[   75.345368][ T5678]  should_fail+0xb/0x20
[   75.345389][ T5678]  should_fail_usercopy+0x1a/0x20
[   75.345410][ T5678]  _copy_from_user+0x1c/0xb0
[   75.345438][ T5678]  ___sys_sendmsg+0xc1/0x1d0
[   75.345581][ T5678]  __x64_sys_sendmsg+0xd4/0x160
[   75.345606][ T5678]  x64_sys_call+0x191e/0x3000
[   75.345697][ T5678]  do_syscall_64+0xd2/0x200
[   75.345769][ T5678]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   75.345800][ T5678]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   75.345863][ T5678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.345886][ T5678] RIP: 0033:0x7febdc57f6c9
[   75.345902][ T5678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.346001][ T5678] RSP: 002b:00007febdafdf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.346022][ T5678] RAX: ffffffffffffffda RBX: 00007febdc7d5fa0 RCX: 00007febdc57f6c9
[   75.346096][ T5678] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000004
[   75.346118][ T5678] RBP: 00007febdafdf090 R08: 0000000000000000 R09: 0000000000000000
[   75.346130][ T5678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.346144][ T5678] R13: 00007febdc7d6038 R14: 00007febdc7d5fa0 R15: 00007fff72c72978
[   75.346164][ T5678]  </TASK>
[   75.746355][ T5698] loop0: detected capacity change from 0 to 512
[   75.759361][ T5698] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.772974][ T5698] ext4 filesystem being mounted at /135/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.788521][ T5698] bridge0: port 1(gretap0) entered blocking state
[   75.795060][ T5698] bridge0: port 1(gretap0) entered disabled state
[   75.801590][ T5698] gretap0: entered allmulticast mode
[   75.807445][ T5698] gretap0: entered promiscuous mode
[   75.813917][ T5698] bridge0: port 1(gretap0) entered blocking state
[   75.820381][ T5698] bridge0: port 1(gretap0) entered forwarding state
[   75.863761][ T5703] loop4: detected capacity change from 0 to 1024
[   75.875534][ T5703] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.707: Failed to acquire dquot type 0
[   75.891488][ T5703] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   75.906096][ T5703] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.707: corrupted inode contents
[   75.918411][ T5703] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #13: comm syz.4.707: mark_inode_dirty error
[   75.930079][ T5703] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.707: corrupted inode contents
[   75.942382][ T5703] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.707: mark_inode_dirty error
[   75.942777][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.953933][ T5703] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.707: corrupted inode contents
[   75.975145][ T5703] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[   75.995583][ T5703] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.707: corrupted inode contents
[   76.007486][ T5710] loop0: detected capacity change from 0 to 1024
[   76.007868][ T5703] EXT4-fs error (device loop4): ext4_truncate:4637: inode #13: comm syz.4.707: mark_inode_dirty error
[   76.026182][ T5703] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[   76.031071][ T5710] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.709: Failed to acquire dquot type 0
[   76.039778][ T5703] EXT4-fs (loop4): 1 truncate cleaned up
[   76.046725][ T5710] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   76.052797][ T5703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.066805][ T5710] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.709: corrupted inode contents
[   76.090883][ T5710] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #13: comm syz.0.709: mark_inode_dirty error
[   76.091093][ T5703] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   76.103334][ T5710] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.709: corrupted inode contents
[   76.122786][ T5710] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.709: mark_inode_dirty error
[   76.134279][ T5710] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.709: corrupted inode contents
[   76.146531][ T5710] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[   76.146564][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.155803][ T5710] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.709: corrupted inode contents
[   76.176109][ T5710] EXT4-fs error (device loop0): ext4_truncate:4637: inode #13: comm syz.0.709: mark_inode_dirty error
[   76.187496][ T5710] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[   76.197810][ T5710] EXT4-fs (loop0): 1 truncate cleaned up
[   76.204593][ T5714] loop4: detected capacity change from 0 to 1024
[   76.206318][ T5710] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.232293][ T5714] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.245165][ T5710] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   76.260040][ T5714] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.710: Allocating blocks 449-513 which overlap fs metadata
[   76.275281][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.282461][ T5713] EXT4-fs (loop4): pa ffff8881072f10e0: logic 48, phys. 177, len 21
[   76.292269][ T5713] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   76.330575][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.882118][ T5752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   76.948961][ T5758] FAULT_INJECTION: forcing a failure.
[   76.948961][ T5758] name failslab, interval 1, probability 0, space 0, times 0
[   76.961676][ T5758] CPU: 1 UID: 0 PID: 5758 Comm: syz.1.727 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.961707][ T5758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   76.961721][ T5758] Call Trace:
[   76.961728][ T5758]  <TASK>
[   76.961737][ T5758]  __dump_stack+0x1d/0x30
[   76.961815][ T5758]  dump_stack_lvl+0xe8/0x140
[   76.961834][ T5758]  dump_stack+0x15/0x1b
[   76.961850][ T5758]  should_fail_ex+0x265/0x280
[   76.961868][ T5758]  should_failslab+0x8c/0xb0
[   76.961958][ T5758]  kmem_cache_alloc_noprof+0x50/0x480
[   76.961984][ T5758]  ? skb_clone+0x151/0x1f0
[   76.962003][ T5758]  skb_clone+0x151/0x1f0
[   76.962029][ T5758]  __netlink_deliver_tap+0x2c9/0x500
[   76.962128][ T5758]  netlink_unicast+0x66b/0x690
[   76.962209][ T5758]  netlink_sendmsg+0x58b/0x6b0
[   76.962233][ T5758]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.962254][ T5758]  __sock_sendmsg+0x145/0x180
[   76.962279][ T5758]  ____sys_sendmsg+0x31e/0x4e0
[   76.962318][ T5758]  ___sys_sendmsg+0x17b/0x1d0
[   76.962348][ T5758]  __x64_sys_sendmsg+0xd4/0x160
[   76.962384][ T5758]  x64_sys_call+0x191e/0x3000
[   76.962407][ T5758]  do_syscall_64+0xd2/0x200
[   76.962444][ T5758]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   76.962469][ T5758]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   76.962499][ T5758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.962575][ T5758] RIP: 0033:0x7fb1de7df6c9
[   76.962589][ T5758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.962607][ T5758] RSP: 002b:00007fb1dd247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.962674][ T5758] RAX: ffffffffffffffda RBX: 00007fb1dea35fa0 RCX: 00007fb1de7df6c9
[   76.962689][ T5758] RDX: 0000000000000800 RSI: 00002000000006c0 RDI: 0000000000000003
[   76.962701][ T5758] RBP: 00007fb1dd247090 R08: 0000000000000000 R09: 0000000000000000
[   76.962713][ T5758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.962794][ T5758] R13: 00007fb1dea36038 R14: 00007fb1dea35fa0 R15: 00007ffcd3681608
[   76.962814][ T5758]  </TASK>
[   76.976463][ T5752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.279751][ T5766] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   77.393068][ T5774] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   77.532470][ T5777] loop0: detected capacity change from 0 to 512
[   77.539132][ T5777] EXT4-fs: test_dummy_encryption option not supported
[   77.540521][ T5774] netlink: 'syz.1.734': attribute type 10 has an invalid length.
[   77.548103][ T5777] __nla_validate_parse: 5 callbacks suppressed
[   77.548135][ T5777] netlink: 12 bytes leftover after parsing attributes in process `syz.0.735'.
[   77.553751][ T5774] netlink: 40 bytes leftover after parsing attributes in process `syz.1.734'.
[   77.557868][ T5783] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   77.668856][ T5787] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.722868][ T5788] FAULT_INJECTION: forcing a failure.
[   77.722868][ T5788] name failslab, interval 1, probability 0, space 0, times 0
[   77.735584][ T5788] CPU: 0 UID: 0 PID: 5788 Comm: syz.4.738 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   77.735661][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   77.735673][ T5788] Call Trace:
[   77.735680][ T5788]  <TASK>
[   77.735688][ T5788]  __dump_stack+0x1d/0x30
[   77.735709][ T5788]  dump_stack_lvl+0xe8/0x140
[   77.735727][ T5788]  dump_stack+0x15/0x1b
[   77.735816][ T5788]  should_fail_ex+0x265/0x280
[   77.735838][ T5788]  should_failslab+0x8c/0xb0
[   77.735866][ T5788]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   77.735901][ T5788]  ? __alloc_skb+0x101/0x320
[   77.735968][ T5788]  __alloc_skb+0x101/0x320
[   77.735994][ T5788]  ? audit_log_start+0x342/0x720
[   77.736052][ T5788]  audit_log_start+0x3a0/0x720
[   77.736072][ T5788]  ? kstrtouint+0x76/0xc0
[   77.736152][ T5788]  audit_seccomp+0x48/0x100
[   77.736198][ T5788]  ? __seccomp_filter+0x82d/0x1250
[   77.736304][ T5788]  __seccomp_filter+0x83e/0x1250
[   77.736336][ T5788]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   77.736409][ T5788]  ? vfs_write+0x7e8/0x960
[   77.736505][ T5788]  ? __rcu_read_unlock+0x4f/0x70
[   77.736532][ T5788]  ? __fget_files+0x184/0x1c0
[   77.736565][ T5788]  __secure_computing+0x82/0x150
[   77.736599][ T5788]  syscall_trace_enter+0xcf/0x1e0
[   77.736624][ T5788]  do_syscall_64+0xac/0x200
[   77.736679][ T5788]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   77.736743][ T5788]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   77.736777][ T5788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.736797][ T5788] RIP: 0033:0x7faef67cf6c9
[   77.736812][ T5788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.736831][ T5788] RSP: 002b:00007faef522f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e0
[   77.736913][ T5788] RAX: ffffffffffffffda RBX: 00007faef6a25fa0 RCX: 00007faef67cf6c9
[   77.736928][ T5788] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000000
[   77.736942][ T5788] RBP: 00007faef522f090 R08: 0000000000000000 R09: 0000000000000000
[   77.736956][ T5788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   77.737030][ T5788] R13: 00007faef6a26038 R14: 00007faef6a25fa0 R15: 00007ffeec3d7118
[   77.737046][ T5788]  </TASK>
[   77.974782][ T5787] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.071757][ T5787] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.128956][ T5787] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.224976][ T5809] loop3: detected capacity change from 0 to 512
[   78.234692][ T5809] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   78.258378][ T5809] EXT4-fs (loop3): 1 truncate cleaned up
[   78.280968][ T5125] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.289549][ T5120] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.290023][ T5809] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.315756][ T5120] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.353113][ T5120] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.412652][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.488863][ T5825] FAULT_INJECTION: forcing a failure.
[   78.488863][ T5825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.501975][ T5825] CPU: 1 UID: 0 PID: 5825 Comm: syz.0.754 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.501999][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   78.502012][ T5825] Call Trace:
[   78.502017][ T5825]  <TASK>
[   78.502024][ T5825]  __dump_stack+0x1d/0x30
[   78.502157][ T5825]  dump_stack_lvl+0xe8/0x140
[   78.502177][ T5825]  dump_stack+0x15/0x1b
[   78.502265][ T5825]  should_fail_ex+0x265/0x280
[   78.502287][ T5825]  should_fail+0xb/0x20
[   78.502306][ T5825]  should_fail_usercopy+0x1a/0x20
[   78.502329][ T5825]  _copy_from_iter+0xd2/0xe80
[   78.502420][ T5825]  ? __build_skb_around+0x1ab/0x200
[   78.502480][ T5825]  ? __alloc_skb+0x223/0x320
[   78.502512][ T5825]  netlink_sendmsg+0x471/0x6b0
[   78.502536][ T5825]  ? __pfx_netlink_sendmsg+0x10/0x10
[   78.502556][ T5825]  __sock_sendmsg+0x145/0x180
[   78.502583][ T5825]  ____sys_sendmsg+0x31e/0x4e0
[   78.502710][ T5825]  ___sys_sendmsg+0x17b/0x1d0
[   78.502768][ T5825]  __x64_sys_sendmsg+0xd4/0x160
[   78.502793][ T5825]  x64_sys_call+0x191e/0x3000
[   78.502816][ T5825]  do_syscall_64+0xd2/0x200
[   78.502833][ T5825]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   78.502894][ T5825]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   78.503032][ T5825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.503087][ T5825] RIP: 0033:0x7fd669baf6c9
[   78.503103][ T5825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.503123][ T5825] RSP: 002b:00007fd66860f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   78.503141][ T5825] RAX: ffffffffffffffda RBX: 00007fd669e05fa0 RCX: 00007fd669baf6c9
[   78.503155][ T5825] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[   78.503169][ T5825] RBP: 00007fd66860f090 R08: 0000000000000000 R09: 0000000000000000
[   78.503323][ T5825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.503337][ T5825] R13: 00007fd669e06038 R14: 00007fd669e05fa0 R15: 00007ffdbdfc3c38
[   78.503356][ T5825]  </TASK>
[   78.510195][   T29] kauditd_printk_skb: 596 callbacks suppressed
[   78.510279][   T29] audit: type=1400 audit(1762345174.321:6913): avc:  denied  { ioctl } for  pid=5826 comm="syz.3.755" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   78.828322][   T29] audit: type=1326 audit(1762345174.581:6914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3f217d6567 code=0x7ffc0000
[   78.851635][   T29] audit: type=1326 audit(1762345174.581:6915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3f2177b779 code=0x7ffc0000
[   78.874897][   T29] audit: type=1326 audit(1762345174.581:6916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3f217d6567 code=0x7ffc0000
[   78.898181][   T29] audit: type=1326 audit(1762345174.581:6917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3f2177b779 code=0x7ffc0000
[   78.921543][   T29] audit: type=1326 audit(1762345174.581:6918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   78.944960][   T29] audit: type=1326 audit(1762345174.581:6919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   78.968386][   T29] audit: type=1326 audit(1762345174.581:6920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   78.992051][   T29] audit: type=1326 audit(1762345174.581:6921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   79.015558][   T29] audit: type=1326 audit(1762345174.581:6922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.3.758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   79.148009][ T5859] loop4: detected capacity change from 0 to 512
[   79.165728][ T5861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.762'.
[   79.179344][ T5847] 9pnet: Could not find request transport: tcp˙˙˙
[   79.185219][ T5861] hsr_slave_0 (unregistering): left promiscuous mode
[   79.200882][ T5859] EXT4-fs: Ignoring removed oldalloc option
[   79.202506][ T5864] loop1: detected capacity change from 0 to 1024
[   79.234019][ T5859] EXT4-fs: Mount option(s) incompatible with ext2
[   79.243574][ T5864] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.374386][ T5864] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.768: Allocating blocks 449-513 which overlap fs metadata
[   79.524540][ T5863] EXT4-fs (loop1): pa ffff8881072f11c0: logic 48, phys. 177, len 21
[   79.532637][ T5863] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   79.642666][ T5879] loop0: detected capacity change from 0 to 512
[   79.697216][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.741647][ T5879] EXT4-fs error (device loop0): ext4_init_orphan_info:581: comm syz.0.771: inode #0: comm syz.0.771: iget: illegal inode #
[   79.776644][ T5879] EXT4-fs (loop0): get orphan inode failed
[   79.782931][ T5879] EXT4-fs (loop0): mount failed
[   79.809722][ T5886] loop2: detected capacity change from 0 to 512
[   79.817182][ T5887] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   79.831189][ T5889] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   79.832861][ T5886] EXT4-fs: Ignoring removed oldalloc option
[   79.846419][ T5887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.773'.
[   79.855414][ T5887] netlink: 16 bytes leftover after parsing attributes in process `syz.1.773'.
[   79.865102][ T5886] EXT4-fs: Mount option(s) incompatible with ext2
[   79.879193][ T5887] netlink: 96 bytes leftover after parsing attributes in process `syz.1.773'.
[   79.924778][ T5893] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   79.945534][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.777'.
[   79.954455][ T5893] netlink: 16 bytes leftover after parsing attributes in process `syz.0.777'.
[   80.011688][ T5896] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   80.022614][ T5893] netlink: 96 bytes leftover after parsing attributes in process `syz.0.777'.
[   80.034058][ T5896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.778'.
[   80.070311][ T5898] loop4: detected capacity change from 0 to 1024
[   80.083914][ T5900] loop1: detected capacity change from 0 to 1024
[   80.134974][ T5900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.178425][ T5900] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.780: Allocating blocks 449-513 which overlap fs metadata
[   80.227156][ T5898] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.779: Failed to acquire dquot type 0
[   80.335260][ T5898] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   80.357012][ T5916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.420516][ T5916] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.424161][ T5898] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.779: corrupted inode contents
[   80.468432][ T5898] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #13: comm syz.4.779: mark_inode_dirty error
[   80.488024][ T5899] EXT4-fs (loop1): pa ffff8881071a88c0: logic 48, phys. 177, len 21
[   80.496110][ T5899] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   80.506719][ T5898] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.779: corrupted inode contents
[   80.528565][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.530209][ T5898] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.779: mark_inode_dirty error
[   80.549841][ T5898] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.779: corrupted inode contents
[   80.570746][ T5898] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[   80.590897][ T5898] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #13: comm syz.4.779: corrupted inode contents
[   80.605203][ T5930] loop1: detected capacity change from 0 to 512
[   80.612021][ T5898] EXT4-fs error (device loop4): ext4_truncate:4637: inode #13: comm syz.4.779: mark_inode_dirty error
[   80.623438][ T5930] EXT4-fs: Ignoring removed oldalloc option
[   80.641850][ T5930] EXT4-fs: Mount option(s) incompatible with ext2
[   80.655166][ T5898] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[   80.691525][ T5898] EXT4-fs (loop4): 1 truncate cleaned up
[   80.697613][ T5898] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.724951][ T5937] loop2: detected capacity change from 0 to 1024
[   80.761463][ T5898] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   80.790197][ T5940] loop0: detected capacity change from 0 to 1024
[   80.798930][ T5940] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.794: Failed to acquire dquot type 0
[   80.833189][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.843867][ T5937] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.856242][ T5940] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   80.886022][ T5940] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.794: corrupted inode contents
[   80.931125][ T5945] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   80.964921][ T5947] netlink: 'syz.4.795': attribute type 10 has an invalid length.
[   81.276353][ T5940] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #13: comm syz.0.794: mark_inode_dirty error
[   81.289731][ T5937] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.793: Allocating blocks 449-513 which overlap fs metadata
[   81.319709][ T5940] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.794: corrupted inode contents
[   81.338269][ T5958] loop4: detected capacity change from 0 to 1024
[   81.344853][ T5940] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.794: mark_inode_dirty error
[   81.345785][ T5936] EXT4-fs (loop2): pa ffff8881072f1230: logic 48, phys. 177, len 21
[   81.364097][ T5936] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   81.366866][ T5940] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.794: corrupted inode contents
[   81.401021][ T5940] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[   81.402804][ T5958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.410083][ T5940] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.794: corrupted inode contents
[   81.427942][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.481485][ T5958] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.799: Allocating blocks 449-513 which overlap fs metadata
[   81.502792][ T5957] EXT4-fs (loop4): pa ffff8881071a8930: logic 48, phys. 177, len 21
[   81.510901][ T5957] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   81.535833][ T5940] EXT4-fs error (device loop0): ext4_truncate:4637: inode #13: comm syz.0.794: mark_inode_dirty error
[   81.547351][ T5940] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[   81.547816][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.556923][ T5940] EXT4-fs (loop0): 1 truncate cleaned up
[   81.574196][ T5964] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   81.600644][ T5964] netlink: 'syz.2.800': attribute type 10 has an invalid length.
[   81.601131][ T5940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.684616][ T5940] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   81.708829][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.719303][ T5975] rdma_op ffff88811a284980 conn xmit_rdma 0000000000000000
[   81.796047][ T5982] loop2: detected capacity change from 0 to 512
[   81.859393][ T5988] netlink: zone id is out of range
[   81.864719][ T5988] netlink: zone id is out of range
[   81.873539][ T5988] netlink: zone id is out of range
[   81.882803][ T5988] netlink: zone id is out of range
[   81.888017][ T5988] netlink: zone id is out of range
[   81.893167][ T5988] netlink: zone id is out of range
[   81.922240][ T5988] netlink: zone id is out of range
[   81.933199][ T5988] netlink: zone id is out of range
[   81.939098][ T5994] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   81.996504][ T6008] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   82.001990][ T6003] gretap0: left allmulticast mode
[   82.008187][ T6003] gretap0: left promiscuous mode
[   82.013474][ T6003] bridge0: port 1(gretap0) entered disabled state
[   82.050752][ T6003] netlink: 'syz.0.819': attribute type 10 has an invalid length.
[   82.076794][ T6013] loop4: detected capacity change from 0 to 1024
[   82.110929][ T6013] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.120718][ T6021] FAULT_INJECTION: forcing a failure.
[   82.120718][ T6021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   82.136055][ T6021] CPU: 1 UID: 0 PID: 6021 Comm: syz.1.823 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   82.136085][ T6021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   82.136099][ T6021] Call Trace:
[   82.136106][ T6021]  <TASK>
[   82.136114][ T6021]  __dump_stack+0x1d/0x30
[   82.136135][ T6021]  dump_stack_lvl+0xe8/0x140
[   82.136182][ T6021]  dump_stack+0x15/0x1b
[   82.136202][ T6021]  should_fail_ex+0x265/0x280
[   82.136223][ T6021]  should_fail+0xb/0x20
[   82.136241][ T6021]  should_fail_usercopy+0x1a/0x20
[   82.136344][ T6021]  strncpy_from_user+0x25/0x230
[   82.136496][ T6021]  path_setxattrat+0xeb/0x310
[   82.136537][ T6021]  __x64_sys_lsetxattr+0x71/0x90
[   82.136683][ T6021]  x64_sys_call+0x287b/0x3000
[   82.136707][ T6021]  do_syscall_64+0xd2/0x200
[   82.136727][ T6021]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   82.136773][ T6021]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   82.136809][ T6021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.136840][ T6021] RIP: 0033:0x7fb1de7df6c9
[   82.136856][ T6021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.137011][ T6021] RSP: 002b:00007fb1dd247038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   82.137034][ T6021] RAX: ffffffffffffffda RBX: 00007fb1dea35fa0 RCX: 00007fb1de7df6c9
[   82.137057][ T6021] RDX: 0000200000000280 RSI: 0000200000000000 RDI: 0000200000000240
[   82.137071][ T6021] RBP: 00007fb1dd247090 R08: 0000000000000000 R09: 0000000000000000
[   82.137085][ T6021] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001
[   82.137100][ T6021] R13: 00007fb1dea36038 R14: 00007fb1dea35fa0 R15: 00007ffcd3681608
[   82.137127][ T6021]  </TASK>
[   82.379040][ T6029] netlink: 'syz.3.826': attribute type 10 has an invalid length.
[   82.393979][ T6013] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.822: Allocating blocks 449-513 which overlap fs metadata
[   82.427222][ T6012] EXT4-fs (loop4): pa ffff8881072f10e0: logic 48, phys. 177, len 21
[   82.435367][ T6012] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   82.459814][ T6035] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   82.497282][ T6040] loop0: detected capacity change from 0 to 1024
[   82.515176][ T6029] loop3: detected capacity change from 0 to 1024
[   82.522099][ T6029] EXT4-fs: Invalid want_extra_isize 9
[   82.524480][ T6047] loop2: detected capacity change from 0 to 512
[   82.543243][ T6040] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.833: Failed to acquire dquot type 0
[   82.556855][ T6040] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   82.557062][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.584389][ T6040] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.833: corrupted inode contents
[   82.600375][ T6040] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #13: comm syz.0.833: mark_inode_dirty error
[   82.616160][ T6049] netlink: 'syz.3.837': attribute type 10 has an invalid length.
[   82.623157][ T6040] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.833: corrupted inode contents
[   82.623937][ T6049] __nla_validate_parse: 18 callbacks suppressed
[   82.623951][ T6049] netlink: 40 bytes leftover after parsing attributes in process `syz.3.837'.
[   82.636144][ T6047] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.836: inode #0: comm syz.2.836: iget: illegal inode #
[   82.649140][ T6040] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.833: mark_inode_dirty error
[   82.680306][ T6047] EXT4-fs (loop2): get orphan inode failed
[   82.690022][ T6040] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.833: corrupted inode contents
[   82.708361][ T6047] EXT4-fs (loop2): mount failed
[   82.715655][ T6040] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[   82.726531][ T6040] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.833: corrupted inode contents
[   82.738595][ T6040] EXT4-fs error (device loop0): ext4_truncate:4637: inode #13: comm syz.0.833: mark_inode_dirty error
[   82.750226][ T6040] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[   82.760478][ T6040] EXT4-fs (loop0): 1 truncate cleaned up
[   82.767016][ T6040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.804949][ T6040] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   82.818895][ T6062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   82.829454][ T6064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   82.842579][ T6062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   82.861966][ T6064] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   82.881397][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.889152][ T6070] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   82.914971][ T6073] cgroup: Need name or subsystem set
[   82.921139][ T6073] loop1: detected capacity change from 0 to 7
[   82.929141][ T6070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'.
[   82.938203][ T6070] netlink: 16 bytes leftover after parsing attributes in process `syz.2.845'.
[   82.974203][ T6070] netlink: 96 bytes leftover after parsing attributes in process `syz.2.845'.
[   83.072459][ T6082] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   83.113430][ T6082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.850'.
[   83.122504][ T6082] netlink: 16 bytes leftover after parsing attributes in process `syz.2.850'.
[   83.132877][ T6086] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   83.192019][ T6082] netlink: 96 bytes leftover after parsing attributes in process `syz.2.850'.
[   83.355418][ T6105] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   83.364560][ T6105] netlink: 8 bytes leftover after parsing attributes in process `syz.2.860'.
[   83.373375][ T6105] netlink: 16 bytes leftover after parsing attributes in process `syz.2.860'.
[   83.383367][ T6105] netlink: 96 bytes leftover after parsing attributes in process `syz.2.860'.
[   83.435539][ T6113] loop3: detected capacity change from 0 to 1024
[   83.472823][ T6113] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.547679][ T6113] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4193: comm syz.3.863: Allocating blocks 449-513 which overlap fs metadata
[   83.563784][ T6112] EXT4-fs (loop3): pa ffff8881072f1230: logic 48, phys. 177, len 21
[   83.563811][ T6112] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   83.607710][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.632366][ T6136] rdma_op ffff888131e39980 conn xmit_rdma 0000000000000000
[   83.659193][   T29] kauditd_printk_skb: 141 callbacks suppressed
[   83.659277][   T29] audit: type=1326 audit(1762345179.471:7058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.744501][ T6147] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   83.751210][   T29] audit: type=1326 audit(1762345179.501:7059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.774531][   T29] audit: type=1326 audit(1762345179.501:7060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.798136][   T29] audit: type=1326 audit(1762345179.501:7061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.821435][   T29] audit: type=1326 audit(1762345179.501:7062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.844752][   T29] audit: type=1326 audit(1762345179.511:7063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.868136][   T29] audit: type=1326 audit(1762345179.511:7064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.891644][   T29] audit: type=1326 audit(1762345179.511:7065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.893257][ T6151] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   83.914975][   T29] audit: type=1326 audit(1762345179.511:7066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   83.937796][ T6155] loop1: detected capacity change from 0 to 1024
[   83.947606][   T29] audit: type=1326 audit(1762345179.511:7067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6139 comm="syz.3.870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   84.039445][ T6166] cgroup: Need name or subsystem set
[   84.068791][ T6155] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.076446][ T6171] loop0: detected capacity change from 0 to 1024
[   84.098823][ T6155] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.880: Allocating blocks 449-513 which overlap fs metadata
[   84.119560][ T6154] EXT4-fs (loop1): pa ffff8881072f12a0: logic 48, phys. 177, len 21
[   84.127651][ T6154] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   84.218183][ T6171] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.884: Failed to acquire dquot type 0
[   84.238335][ T6171] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   84.257363][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.275315][ T6192] Cannot find set identified by id 65534 to match
[   84.298913][ T6171] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.884: corrupted inode contents
[   84.347141][ T6199] loop1: detected capacity change from 0 to 128
[   84.364938][ T6171] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #13: comm syz.0.884: mark_inode_dirty error
[   84.399410][ T6171] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.884: corrupted inode contents
[   84.431321][ T6171] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.884: mark_inode_dirty error
[   84.443041][ T6171] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.884: corrupted inode contents
[   84.464030][ T6171] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[   84.473260][ T6171] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.884: corrupted inode contents
[   84.485405][ T6171] EXT4-fs error (device loop0): ext4_truncate:4637: inode #13: comm syz.0.884: mark_inode_dirty error
[   84.497074][ T6171] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[   84.507624][ T6171] EXT4-fs (loop0): 1 truncate cleaned up
[   84.521334][ T6171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.554521][ T6212] loop3: detected capacity change from 0 to 512
[   84.561201][ T6212] EXT4-fs: Ignoring removed oldalloc option
[   84.567650][ T6212] EXT4-fs: Mount option(s) incompatible with ext2
[   84.577270][ T6171] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   84.672863][ T6217] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[   84.679424][ T6217] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   84.686902][ T6217] vhci_hcd vhci_hcd.0: Device attached
[   84.703708][ T6222] capability: warning: `syz.4.901' uses 32-bit capabilities (legacy support in use)
[   84.714928][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.899604][ T6228] loop4: detected capacity change from 0 to 1024
[   84.907451][   T10] vhci_hcd: vhci_device speed not set
[   84.970481][ T6228] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.992383][   T10] usb 3-1: new full-speed USB device number 2 using vhci_hcd
[   85.079326][ T6228] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.903: Allocating blocks 449-513 which overlap fs metadata
[   85.207283][ T6227] EXT4-fs (loop4): pa ffff8881071a8850: logic 48, phys. 177, len 21
[   85.215387][ T6227] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   85.289515][ T6238] loop2: detected capacity change from 0 to 1024
[   85.332520][ T6218] vhci_hcd: connection reset by peer
[   85.337990][ T5139] vhci_hcd: stop threads
[   85.342257][ T5139] vhci_hcd: release socket
[   85.346698][ T5139] vhci_hcd: disconnect device
[   85.352136][ T6240] loop0: detected capacity change from 0 to 512
[   85.352811][ T6238] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.370592][ T6240] EXT4-fs: Ignoring removed oldalloc option
[   85.386117][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.403601][ T6240] EXT4-fs: Mount option(s) incompatible with ext2
[   85.440471][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.631596][ T6254] loop4: detected capacity change from 0 to 512
[   85.682563][ T6254] EXT4-fs error (device loop4): ext4_init_orphan_info:581: comm syz.4.911: inode #0: comm syz.4.911: iget: illegal inode #
[   85.788395][ T6254] EXT4-fs (loop4): get orphan inode failed
[   85.824850][ T6254] EXT4-fs (loop4): mount failed
[   86.018806][ T6273] syz0: rxe_newlink: already configured on bond_slave_0
[   86.028149][ T6271] loop3: detected capacity change from 0 to 1024
[   86.062534][ T6271] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.916: Failed to acquire dquot type 0
[   86.158958][ T6271] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   86.189213][ T6271] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #13: comm syz.3.916: corrupted inode contents
[   86.236783][ T6271] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #13: comm syz.3.916: mark_inode_dirty error
[   86.250431][ T6280] net_ratelimit: 13 callbacks suppressed
[   86.250446][ T6280] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   86.253740][ T6271] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #13: comm syz.3.916: corrupted inode contents
[   86.285010][ T6271] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.916: mark_inode_dirty error
[   86.303472][ T6271] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #13: comm syz.3.916: corrupted inode contents
[   86.328134][ T6271] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem
[   86.338580][ T6271] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #13: comm syz.3.916: corrupted inode contents
[   86.346568][ T6290] loop4: detected capacity change from 0 to 1024
[   86.358355][ T6271] EXT4-fs error (device loop3): ext4_truncate:4637: inode #13: comm syz.3.916: mark_inode_dirty error
[   86.374685][ T6271] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem
[   86.384205][ T6271] EXT4-fs (loop3): 1 truncate cleaned up
[   86.437135][ T6300] loop1: detected capacity change from 0 to 512
[   86.443314][ T6271] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   86.453410][ T6290] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.923: Allocating blocks 449-513 which overlap fs metadata
[   86.474969][ T6288] EXT4-fs (loop4): pa ffff8881071a89a0: logic 48, phys. 177, len 21
[   86.479343][ T6300] EXT4-fs error (device loop1): ext4_init_orphan_info:581: comm syz.1.925: inode #0: comm syz.1.925: iget: illegal inode #
[   86.483142][ T6288] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   86.500299][ T6300] EXT4-fs (loop1): get orphan inode failed
[   86.512818][ T6300] EXT4-fs (loop1): mount failed
[   86.589967][ T6315] loop0: detected capacity change from 0 to 128
[   86.597662][ T6311] rxe_newlink: 1 callbacks suppressed
[   86.597676][ T6311] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   86.759803][ T6321] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   86.808139][ T6333] loop2: detected capacity change from 0 to 1024
[   86.812535][ T6331] loop3: detected capacity change from 0 to 1024
[   86.824308][ T6335] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[   86.830919][ T6335] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   86.838402][ T6335] vhci_hcd vhci_hcd.0: Device attached
[   86.884073][ T6341] loop1: detected capacity change from 0 to 1024
[   86.893997][ T6331] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4193: comm syz.3.938: Allocating blocks 449-513 which overlap fs metadata
[   86.918309][ T6341] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   86.930452][ T6330] EXT4-fs (loop3): pa ffff8881071a8a10: logic 48, phys. 177, len 21
[   86.938533][ T6330] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   86.948955][ T6341] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   86.957417][ T6341] EXT4-fs (loop1): orphan cleanup on readonly fs
[   86.969169][ T6341] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #3: block 3: comm syz.1.940: lblock 3 mapped to illegal pblock 3 (length 1)
[   86.990563][ T6341] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.940: Failed to acquire dquot type 0
[   87.001614][ T6350] loop2: detected capacity change from 0 to 512
[   87.026773][ T6352] FAULT_INJECTION: forcing a failure.
[   87.026773][ T6352] name failslab, interval 1, probability 0, space 0, times 0
[   87.039615][ T6352] CPU: 0 UID: 0 PID: 6352 Comm: syz.3.944 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   87.039641][ T6352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   87.039654][ T6352] Call Trace:
[   87.039660][ T6352]  <TASK>
[   87.039666][ T6352]  __dump_stack+0x1d/0x30
[   87.039745][ T6352]  dump_stack_lvl+0xe8/0x140
[   87.039765][ T6352]  dump_stack+0x15/0x1b
[   87.039783][ T6352]  should_fail_ex+0x265/0x280
[   87.039802][ T6352]  should_failslab+0x8c/0xb0
[   87.039830][ T6352]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   87.039889][ T6352]  ? __alloc_skb+0x101/0x320
[   87.039919][ T6352]  __alloc_skb+0x101/0x320
[   87.039944][ T6352]  ? audit_log_start+0x342/0x720
[   87.040018][ T6352]  audit_log_start+0x3a0/0x720
[   87.040038][ T6352]  ? kstrtouint+0x76/0xc0
[   87.040069][ T6352]  audit_seccomp+0x48/0x100
[   87.040158][ T6352]  ? __seccomp_filter+0x82d/0x1250
[   87.040185][ T6352]  __seccomp_filter+0x83e/0x1250
[   87.040245][ T6352]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   87.040340][ T6352]  ? vfs_write+0x7e8/0x960
[   87.040369][ T6352]  __secure_computing+0x82/0x150
[   87.040452][ T6352]  syscall_trace_enter+0xcf/0x1e0
[   87.040493][ T6352]  do_syscall_64+0xac/0x200
[   87.040512][ T6352]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   87.040545][ T6352]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   87.040612][ T6352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.040633][ T6352] RIP: 0033:0x7f3f217df6c9
[   87.040648][ T6352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.040666][ T6352] RSP: 002b:00007f3f20247038 EFLAGS: 00000246 ORIG_RAX: 000000000000010d
[   87.040685][ T6352] RAX: ffffffffffffffda RBX: 00007f3f21a35fa0 RCX: 00007f3f217df6c9
[   87.040698][ T6352] RDX: 0000000000000005 RSI: 0000200000000000 RDI: 0000000000000006
[   87.040768][ T6352] RBP: 00007f3f20247090 R08: 0000000000000000 R09: 0000000000000000
[   87.040780][ T6352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.040792][ T6352] R13: 00007f3f21a36038 R14: 00007f3f21a35fa0 R15: 00007ffe7e5da108
[   87.040811][ T6352]  </TASK>
[   87.249991][ T3394] vhci_hcd: vhci_device speed not set
[   87.250449][ T6341] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 3: comm syz.1.940: lblock 3 mapped to illegal pblock 3 (length 1)
[   87.272623][ T6341] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.940: Failed to acquire dquot type 0
[   87.273065][ T6350] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.943: inode #0: comm syz.2.943: iget: illegal inode #
[   87.297040][ T6350] EXT4-fs (loop2): get orphan inode failed
[   87.303203][ T6350] EXT4-fs (loop2): mount failed
[   87.308719][ T6341] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.940: Freeing blocks not in datazone - block = 0, count = 4096
[   87.324601][ T6341] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 3: comm syz.1.940: lblock 3 mapped to illegal pblock 3 (length 1)
[   87.338543][ T3394] usb 1-1: new full-speed USB device number 2 using vhci_hcd
[   87.356356][ T6341] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.940: Failed to acquire dquot type 0
[   87.370262][ T6341] EXT4-fs (loop1): 1 orphan inode deleted
[   87.379261][ T6358] syz0: rxe_newlink: already configured on bond_slave_0
[   87.413642][ T6336] vhci_hcd: connection reset by peer
[   87.419106][ T5118] vhci_hcd: stop threads
[   87.423428][ T5118] vhci_hcd: release socket
[   87.427852][ T5118] vhci_hcd: disconnect device
[   87.499986][ T3740] udevd[3740]: failed to send result of seq 10157 to main daemon: Connection refused
[   87.529944][ T6378] loop2: detected capacity change from 0 to 1024
[   87.540596][ T6374] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   87.548930][ T6380] loop1: detected capacity change from 0 to 1024
[   87.557832][ T6380] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.957: Failed to acquire dquot type 0
[   87.579566][ T6380] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   87.606621][ T6378] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.955: Allocating blocks 449-513 which overlap fs metadata
[   87.630427][ T6380] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.957: corrupted inode contents
[   87.652329][ T6380] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #13: comm syz.1.957: mark_inode_dirty error
[   87.665234][ T6377] EXT4-fs (loop2): pa ffff8881071a89a0: logic 48, phys. 177, len 21
[   87.673308][ T6377] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   87.696259][ T6387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   87.698532][ T6380] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.957: corrupted inode contents
[   87.720254][ T6387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.725275][ T6380] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #13: comm syz.1.957: mark_inode_dirty error
[   87.750879][ T6386] loop4: detected capacity change from 0 to 512
[   87.757384][ T6386] EXT4-fs: test_dummy_encryption option not supported
[   87.780606][ T6380] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.957: corrupted inode contents
[   87.797507][ T6391] loop2: detected capacity change from 0 to 512
[   87.804252][ T6380] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem
[   87.814536][ T6386] __nla_validate_parse: 21 callbacks suppressed
[   87.814552][ T6386] netlink: 12 bytes leftover after parsing attributes in process `syz.4.953'.
[   87.831803][ T6380] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.957: corrupted inode contents
[   87.844325][ T6380] EXT4-fs error (device loop1): ext4_truncate:4637: inode #13: comm syz.1.957: mark_inode_dirty error
[   87.856727][ T6380] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem
[   87.873675][ T6380] EXT4-fs (loop1): 1 truncate cleaned up
[   87.914259][ T6391] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.960: inode #0: comm syz.2.960: iget: illegal inode #
[   87.936191][ T6391] EXT4-fs (loop2): get orphan inode failed
[   87.976191][ T6391] EXT4-fs (loop2): mount failed
[   87.986700][ T6380] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   88.131458][ T6399] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   88.140453][ T6403] FAULT_INJECTION: forcing a failure.
[   88.140453][ T6403] name failslab, interval 1, probability 0, space 0, times 0
[   88.153246][ T6403] CPU: 0 UID: 0 PID: 6403 Comm: syz.1.965 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   88.153273][ T6403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   88.153320][ T6403] Call Trace:
[   88.153328][ T6403]  <TASK>
[   88.153335][ T6403]  __dump_stack+0x1d/0x30
[   88.153368][ T6403]  dump_stack_lvl+0xe8/0x140
[   88.153388][ T6403]  dump_stack+0x15/0x1b
[   88.153405][ T6403]  should_fail_ex+0x265/0x280
[   88.153423][ T6403]  should_failslab+0x8c/0xb0
[   88.153507][ T6403]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   88.153536][ T6403]  ? __alloc_skb+0x101/0x320
[   88.153629][ T6403]  __alloc_skb+0x101/0x320
[   88.153657][ T6403]  pfkey_sendmsg+0xd7/0x900
[   88.153684][ T6403]  ? avc_has_perm+0xf7/0x180
[   88.153703][ T6403]  ? selinux_socket_sendmsg+0x175/0x1b0
[   88.153784][ T6403]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   88.153811][ T6403]  __sock_sendmsg+0x145/0x180
[   88.153835][ T6403]  ____sys_sendmsg+0x31e/0x4e0
[   88.153962][ T6403]  ___sys_sendmsg+0x17b/0x1d0
[   88.154014][ T6403]  __x64_sys_sendmsg+0xd4/0x160
[   88.154042][ T6403]  x64_sys_call+0x191e/0x3000
[   88.154078][ T6403]  do_syscall_64+0xd2/0x200
[   88.154098][ T6403]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   88.154127][ T6403]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   88.154158][ T6403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.154181][ T6403] RIP: 0033:0x7fb1de7df6c9
[   88.154231][ T6403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.154249][ T6403] RSP: 002b:00007fb1dd247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.154270][ T6403] RAX: ffffffffffffffda RBX: 00007fb1dea35fa0 RCX: 00007fb1de7df6c9
[   88.154283][ T6403] RDX: 0000000020000004 RSI: 0000200000000300 RDI: 0000000000000003
[   88.154294][ T6403] RBP: 00007fb1dd247090 R08: 0000000000000000 R09: 0000000000000000
[   88.154307][ T6403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.154378][ T6403] R13: 00007fb1dea36038 R14: 00007fb1dea35fa0 R15: 00007ffcd3681608
[   88.154396][ T6403]  </TASK>
[   88.416038][ T6399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.963'.
[   88.425086][ T6399] netlink: 16 bytes leftover after parsing attributes in process `syz.2.963'.
[   88.469164][ T6399] netlink: 96 bytes leftover after parsing attributes in process `syz.2.963'.
[   88.505460][ T6411] loop4: detected capacity change from 0 to 1024
[   88.523905][ T6411] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   88.534870][ T6411] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   88.568826][ T6411] JBD2: no valid journal superblock found
[   88.574702][ T6411] EXT4-fs (loop4): Could not load journal inode
[   88.698241][ T6411] infiniband syz!: set down
[   88.702828][ T6411] infiniband syz!: added team_slave_0
[   88.714861][ T6411] RDS/IB: syz!: added
[   88.725822][   T29] kauditd_printk_skb: 367 callbacks suppressed
[   88.725837][   T29] audit: type=1326 audit(1762345184.531:7422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6418 comm="syz.2.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   88.757347][ T6411] smc: adding ib device syz! with port count 1
[   88.765205][ T6411] smc:    ib device syz! port 1 has no pnetid
[   88.788698][   T29] audit: type=1326 audit(1762345184.541:7423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7febdc51b779 code=0x7ffc0000
[   88.812001][   T29] audit: type=1326 audit(1762345184.541:7424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   88.835385][   T29] audit: type=1326 audit(1762345184.541:7425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   88.912862][   T29] audit: type=1326 audit(1762345184.721:7426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb1de7d6567 code=0x7ffc0000
[   88.936284][   T29] audit: type=1326 audit(1762345184.721:7427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb1de77b779 code=0x7ffc0000
[   88.955440][ T6431] loop2: detected capacity change from 0 to 1024
[   88.959506][   T29] audit: type=1326 audit(1762345184.721:7428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb1de7d6567 code=0x7ffc0000
[   88.989227][   T29] audit: type=1326 audit(1762345184.721:7429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb1de77b779 code=0x7ffc0000
[   89.012461][   T29] audit: type=1326 audit(1762345184.721:7430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1de7df6c9 code=0x7ffc0000
[   89.035870][   T29] audit: type=1326 audit(1762345184.721:7431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb1de7df6c9 code=0x7ffc0000
[   89.094561][ T6435] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.097132][ T6431] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.976: Allocating blocks 449-513 which overlap fs metadata
[   89.139130][ T6435] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.157971][ T6430] EXT4-fs (loop2): pa ffff8881072f10e0: logic 48, phys. 177, len 21
[   89.166038][ T6430] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   89.306354][ T6435] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.372944][ T6435] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.480768][ T5153] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.500869][ T5151] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.517644][ T5151] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.546044][ T5099] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.592087][ T6448] netlink: 36 bytes leftover after parsing attributes in process `syz.1.981'.
[   89.610049][ T6442] loop4: detected capacity change from 0 to 512
[   89.626849][ T6442] EXT4-fs: test_dummy_encryption option not supported
[   89.653513][ T6442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.979'.
[   89.673076][ T6452] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.684285][ T6450] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   89.734489][ T6452] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.774577][ T6452] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.832464][ T6452] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.999964][ T6469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.990'.
[   90.011780][ T6469] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   90.037770][ T6471] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   90.062483][   T10] usb 3-1: enqueue for inactive port 0
[   90.068035][   T10] usb 3-1: enqueue for inactive port 0
[   90.091162][ T6473] loop2: detected capacity change from 0 to 512
[   90.116046][ T6473] ext4 filesystem being mounted at /226/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.146607][ T6477] tipc: Started in network mode
[   90.151619][ T6477] tipc: Node identity 461af0164ea6, cluster identity 4711
[   90.158899][ T6477] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.160154][   T10] vhci_hcd: vhci_device speed not set
[   90.179713][ T6477] FAULT_INJECTION: forcing a failure.
[   90.179713][ T6477] name failslab, interval 1, probability 0, space 0, times 0
[   90.192458][ T6477] CPU: 1 UID: 0 PID: 6477 Comm: syz.4.993 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   90.192483][ T6477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   90.192495][ T6477] Call Trace:
[   90.192501][ T6477]  <TASK>
[   90.192509][ T6477]  __dump_stack+0x1d/0x30
[   90.192531][ T6477]  dump_stack_lvl+0xe8/0x140
[   90.192576][ T6477]  dump_stack+0x15/0x1b
[   90.192595][ T6477]  should_fail_ex+0x265/0x280
[   90.192612][ T6477]  should_failslab+0x8c/0xb0
[   90.192644][ T6477]  __kmalloc_noprof+0xa5/0x570
[   90.192700][ T6477]  ? unregister_netdevice_many_notify+0x596/0x1690
[   90.192722][ T6477]  ? unlist_netdevice+0x2cc/0x320
[   90.192752][ T6477]  unregister_netdevice_many_notify+0x596/0x1690
[   90.192775][ T6477]  ? skb_queue_purge_reason+0x151/0x250
[   90.192801][ T6477]  unregister_netdevice_queue+0x1f5/0x220
[   90.192833][ T6477]  __tun_detach+0x82c/0xb30
[   90.192868][ T6477]  ? __pfx_tun_chr_close+0x10/0x10
[   90.192905][ T6477]  tun_chr_close+0x5a/0x100
[   90.192932][ T6477]  __fput+0x29b/0x650
[   90.192953][ T6477]  fput_close_sync+0x6e/0x120
[   90.193005][ T6477]  __x64_sys_close+0x56/0xf0
[   90.193028][ T6477]  x64_sys_call+0x273c/0x3000
[   90.193050][ T6477]  do_syscall_64+0xd2/0x200
[   90.193070][ T6477]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   90.193096][ T6477]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   90.193191][ T6477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.193211][ T6477] RIP: 0033:0x7faef67cf6c9
[   90.193233][ T6477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.193252][ T6477] RSP: 002b:00007faef522f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   90.193319][ T6477] RAX: ffffffffffffffda RBX: 00007faef6a25fa0 RCX: 00007faef67cf6c9
[   90.193333][ T6477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   90.193344][ T6477] RBP: 00007faef522f090 R08: 0000000000000000 R09: 0000000000000000
[   90.193355][ T6477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.193368][ T6477] R13: 00007faef6a26038 R14: 00007faef6a25fa0 R15: 00007ffeec3d7118
[   90.193388][ T6477]  </TASK>
[   90.412497][ T6477] tipc: Disabling bearer <eth:syzkaller0>
[   90.467842][ T6481] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   90.477571][ T6481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.995'.
[   90.486452][ T6481] netlink: 16 bytes leftover after parsing attributes in process `syz.2.995'.
[   90.502023][ T6481] netlink: 96 bytes leftover after parsing attributes in process `syz.2.995'.
[   90.603415][ T6488] loop2: detected capacity change from 0 to 512
[   90.611190][ T6488] EXT4-fs: Ignoring removed oldalloc option
[   90.617533][ T6488] EXT4-fs: Mount option(s) incompatible with ext2
[   90.735075][ T3408] kernel read not supported for file /ppp (pid: 3408 comm: kworker/1:5)
[   91.253010][ T6530] Driver unsupported XDP return value 0 on prog  (id 639) dev N/A, expect packet loss!
[   91.297028][ T6532] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   91.329909][ T6536] loop3: detected capacity change from 0 to 512
[   91.341247][ T6536] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.1015: inode #0: comm syz.3.1015: iget: illegal inode #
[   91.354622][ T6536] EXT4-fs (loop3): get orphan inode failed
[   91.360835][ T6536] EXT4-fs (loop3): mount failed
[   91.372103][ T6540] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.412016][ T6540] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.488110][ T6540] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.531893][ T6540] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.596781][ T5143] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.622909][ T5143] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.635846][ T5143] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.691367][   T52] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.732321][ T6560] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   91.791016][ T6565] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   91.854530][ T6568] loop3: detected capacity change from 0 to 512
[   91.863592][ T6570] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   91.876146][ T6568] EXT4-fs: Ignoring removed oldalloc option
[   91.907613][ T6568] EXT4-fs: Mount option(s) incompatible with ext2
[   91.967643][ T6582] loop2: detected capacity change from 0 to 512
[   91.975143][ T6582] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   91.990756][ T6582] EXT4-fs error (device loop2): ext4_init_orphan_info:618: comm syz.2.1035: orphan file block 0: bad magic
[   92.057400][ T6582] EXT4-fs (loop2): Remounting filesystem read-only
[   92.064169][ T6582] EXT4-fs (loop2): mount failed
[   92.495881][ T6593] loop2: detected capacity change from 0 to 128
[   92.519896][ T3394] usb 1-1: enqueue for inactive port 0
[   92.525480][ T3394] usb 1-1: enqueue for inactive port 0
[   92.610572][ T3394] vhci_hcd: vhci_device speed not set
[   92.615782][ T6602] syz0: rxe_newlink: already configured on bond_slave_0
[   92.739256][ T6615] loop2: detected capacity change from 0 to 512
[   92.747634][ T6615] EXT4-fs: Ignoring removed oldalloc option
[   92.753784][ T6615] EXT4-fs: Mount option(s) incompatible with ext2
[   92.901449][ T6619] loop4: detected capacity change from 0 to 512
[   92.908588][ T6619] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   93.323461][ T6619] EXT4-fs (loop4): 1 truncate cleaned up
[   93.554198][ T6643] loop3: detected capacity change from 0 to 512
[   93.561389][ T6643] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   93.587978][ T6643] EXT4-fs error (device loop3): ext4_init_orphan_info:618: comm syz.3.1054: orphan file block 0: bad magic
[   93.599986][ T6643] EXT4-fs (loop3): Remounting filesystem read-only
[   93.606845][ T6646] loop4: detected capacity change from 0 to 512
[   93.613499][ T6646] EXT4-fs: Ignoring removed oldalloc option
[   93.619622][ T6646] EXT4-fs: Mount option(s) incompatible with ext2
[   93.653988][ T6643] EXT4-fs (loop3): mount failed
[   93.959196][ T6660] __nla_validate_parse: 9 callbacks suppressed
[   93.959217][ T6660] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1061'.
[   93.978579][   T29] kauditd_printk_skb: 3648 callbacks suppressed
[   93.978594][   T29] audit: type=1326 audit(1762345189.791:11080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.025398][ T6664] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1062'.
[   94.117109][   T29] audit: type=1326 audit(1762345189.821:11081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.140743][   T29] audit: type=1326 audit(1762345189.831:11082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.164212][   T29] audit: type=1326 audit(1762345189.831:11083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.187945][   T29] audit: type=1326 audit(1762345189.831:11084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.211421][   T29] audit: type=1326 audit(1762345189.831:11085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.235079][   T29] audit: type=1326 audit(1762345189.831:11086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.258575][   T29] audit: type=1326 audit(1762345189.831:11087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.282049][   T29] audit: type=1326 audit(1762345189.831:11088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.305839][   T29] audit: type=1326 audit(1762345189.831:11089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.2.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febdc57f6c9 code=0x7ffc0000
[   94.361075][ T6680] loop3: detected capacity change from 0 to 512
[   94.370171][ T6680] EXT4-fs: Ignoring removed oldalloc option
[   94.381927][ T6680] EXT4-fs: Mount option(s) incompatible with ext2
[   94.507265][ T6692] syz0: rxe_newlink: already configured on bond_slave_0
[   94.540722][ T6692] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1071'.
[   94.549644][ T6692] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1071'.
[   94.560354][ T6692] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1071'.
[   94.809362][ T6705] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1076'.
[   94.831664][ T6705] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1076'.
[   94.903034][ T6705] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1076'.
[   94.949476][   T52] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.977206][   T52] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.991097][ T6708] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1076'.
[   95.025819][   T52] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.065555][   T52] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.086509][ T6714] loop1: detected capacity change from 0 to 512
[   95.093525][ T6714] EXT4-fs: Ignoring removed oldalloc option
[   95.099742][ T6714] EXT4-fs: Mount option(s) incompatible with ext2
[   95.318953][ T6727] rdma_op ffff8881269e5d80 conn xmit_rdma 0000000000000000
[   95.343516][ T6728] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   95.369577][ T6729] loop2: detected capacity change from 0 to 512
[   95.446017][ T6728] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1084'.
[   95.462876][ T6729] EXT4-fs: test_dummy_encryption option not supported
[   95.706034][ T6739] 9pnet: Could not find request transport: tcp˙˙˙
[   95.979154][ T6775] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   96.031889][ T6780] loop4: detected capacity change from 0 to 512
[   96.068517][ T6780] EXT4-fs error (device loop4): ext4_init_orphan_info:581: comm syz.4.1105: inode #0: comm syz.4.1105: iget: illegal inode #
[   96.090588][ T6780] EXT4-fs (loop4): get orphan inode failed
[   96.113379][ T6780] EXT4-fs (loop4): mount failed
[   96.127491][ T6793] syz.0.1109 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   96.171844][ T6796] FAULT_INJECTION: forcing a failure.
[   96.171844][ T6796] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.184987][ T6796] CPU: 1 UID: 0 PID: 6796 Comm: syz.4.1110 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.185013][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.185087][ T6796] Call Trace:
[   96.185093][ T6796]  <TASK>
[   96.185101][ T6796]  __dump_stack+0x1d/0x30
[   96.185122][ T6796]  dump_stack_lvl+0xe8/0x140
[   96.185140][ T6796]  dump_stack+0x15/0x1b
[   96.185233][ T6796]  should_fail_ex+0x265/0x280
[   96.185255][ T6796]  should_fail+0xb/0x20
[   96.185277][ T6796]  should_fail_usercopy+0x1a/0x20
[   96.185296][ T6796]  _copy_from_user+0x1c/0xb0
[   96.185320][ T6796]  set_selection_user+0x4a/0xe0
[   96.185347][ T6796]  tioclinux+0x347/0x460
[   96.185442][ T6796]  vt_ioctl+0x75f/0x18a0
[   96.185462][ T6796]  ? tty_jobctrl_ioctl+0x29e/0x810
[   96.185529][ T6796]  tty_ioctl+0x7d8/0xb80
[   96.185553][ T6796]  ? __pfx_tty_ioctl+0x10/0x10
[   96.185580][ T6796]  __se_sys_ioctl+0xce/0x140
[   96.185604][ T6796]  __x64_sys_ioctl+0x43/0x50
[   96.185626][ T6796]  x64_sys_call+0x1816/0x3000
[   96.185651][ T6796]  do_syscall_64+0xd2/0x200
[   96.185717][ T6796]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   96.185823][ T6796]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   96.185857][ T6796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.185886][ T6796] RIP: 0033:0x7faef67cf6c9
[   96.185903][ T6796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.185923][ T6796] RSP: 002b:00007faef522f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.186004][ T6796] RAX: ffffffffffffffda RBX: 00007faef6a25fa0 RCX: 00007faef67cf6c9
[   96.186019][ T6796] RDX: 0000200000001900 RSI: 000000000000541c RDI: 0000000000000004
[   96.186033][ T6796] RBP: 00007faef522f090 R08: 0000000000000000 R09: 0000000000000000
[   96.186047][ T6796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.186132][ T6796] R13: 00007faef6a26038 R14: 00007faef6a25fa0 R15: 00007ffeec3d7118
[   96.186152][ T6796]  </TASK>
[   96.399886][ T6799] atomic_op ffff88811f79d928 conn xmit_atomic 0000000000000000
[   96.460836][ T6805] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   96.504009][ T6814] FAULT_INJECTION: forcing a failure.
[   96.504009][ T6814] name failslab, interval 1, probability 0, space 0, times 0
[   96.516735][ T6814] CPU: 0 UID: 0 PID: 6814 Comm: syz.1.1119 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.516762][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.516781][ T6814] Call Trace:
[   96.516793][ T6814]  <TASK>
[   96.516801][ T6814]  __dump_stack+0x1d/0x30
[   96.516824][ T6814]  dump_stack_lvl+0xe8/0x140
[   96.516844][ T6814]  dump_stack+0x15/0x1b
[   96.516861][ T6814]  should_fail_ex+0x265/0x280
[   96.516922][ T6814]  ? tcf_action_init_1+0x11e/0x4a0
[   96.516945][ T6814]  should_failslab+0x8c/0xb0
[   96.516972][ T6814]  __kmalloc_cache_noprof+0x4c/0x4a0
[   96.517052][ T6814]  tcf_action_init_1+0x11e/0x4a0
[   96.517081][ T6814]  tcf_action_init+0x267/0x6d0
[   96.517121][ T6814]  tc_ctl_action+0x291/0x830
[   96.517228][ T6814]  ? __pfx_tc_ctl_action+0x10/0x10
[   96.517252][ T6814]  rtnetlink_rcv_msg+0x65a/0x6d0
[   96.517277][ T6814]  netlink_rcv_skb+0x123/0x220
[   96.517320][ T6814]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   96.517380][ T6814]  rtnetlink_rcv+0x1c/0x30
[   96.517399][ T6814]  netlink_unicast+0x5c0/0x690
[   96.517428][ T6814]  netlink_sendmsg+0x58b/0x6b0
[   96.517447][ T6814]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.517473][ T6814]  __sock_sendmsg+0x145/0x180
[   96.517496][ T6814]  ____sys_sendmsg+0x31e/0x4e0
[   96.517608][ T6814]  ___sys_sendmsg+0x17b/0x1d0
[   96.517672][ T6814]  __x64_sys_sendmsg+0xd4/0x160
[   96.517691][ T6814]  x64_sys_call+0x191e/0x3000
[   96.517713][ T6814]  do_syscall_64+0xd2/0x200
[   96.517730][ T6814]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   96.517784][ T6814]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   96.517813][ T6814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.517849][ T6814] RIP: 0033:0x7fb1de7df6c9
[   96.517864][ T6814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.517936][ T6814] RSP: 002b:00007fb1dd247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   96.517954][ T6814] RAX: ffffffffffffffda RBX: 00007fb1dea35fa0 RCX: 00007fb1de7df6c9
[   96.517965][ T6814] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[   96.517977][ T6814] RBP: 00007fb1dd247090 R08: 0000000000000000 R09: 0000000000000000
[   96.517988][ T6814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.517999][ T6814] R13: 00007fb1dea36038 R14: 00007fb1dea35fa0 R15: 00007ffcd3681608
[   96.518045][ T6814]  </TASK>
[   96.786126][ T6826] loop0: detected capacity change from 0 to 512
[   96.797204][ T6826] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   96.819359][ T6831] loop3: detected capacity change from 0 to 1024
[   96.823132][ T6826] EXT4-fs (loop0): 1 truncate cleaned up
[   96.845847][ T6826] EXT4-fs mount: 20 callbacks suppressed
[   96.845865][ T6826] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.880076][ T6831] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.886092][ T6838] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   96.906066][ T6831] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4193: comm syz.3.1124: Allocating blocks 449-513 which overlap fs metadata
[   96.951898][ T6829] EXT4-fs (loop3): pa ffff8881072f1310: logic 48, phys. 177, len 21
[   96.960150][ T6829] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   96.980420][ T6845] loop1: detected capacity change from 0 to 1024
[   96.989778][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.018205][ T6845] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.032450][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.047829][ T6855] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   97.065322][ T6845] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.1129: Allocating blocks 449-513 which overlap fs metadata
[   97.086484][ T6860] loop0: detected capacity change from 0 to 128
[   97.129449][ T6844] EXT4-fs (loop1): pa ffff8881071a8a10: logic 48, phys. 177, len 21
[   97.137593][ T6844] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[   97.164772][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.187150][ T6872] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   97.249704][ T6884] ------------[ cut here ]------------
[   97.255239][ T6884] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x17, 0x10] s64=[0x17, 0x10] u32=[0x17, 0x10] s32=[0x17, 0x10] var_off=(0x10, 0x0)
[   97.272077][ T6884] WARNING: CPU: 0 PID: 6884 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x673/0x680
[   97.282553][ T6884] Modules linked in:
[   97.286462][ T6884] CPU: 0 UID: 0 PID: 6884 Comm: syz.4.1144 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   97.296350][ T6884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   97.306455][ T6884] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[   97.312820][ T6884] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 c2 f7 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[   97.332468][ T6884] RSP: 0018:ffffc90010793408 EFLAGS: 00010282
[   97.338627][ T6884] RAX: c3187d68ff673d00 RBX: ffff8881197e08b0 RCX: ffff8881026ea100
[   97.346642][ T6884] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000002
[   97.354658][ T6884] RBP: 0000000000000010 R08: 000000000000ad58 R09: 0000000000400000
[   97.362650][ T6884] R10: 000000000015ab08 R11: ffffc900072b4000 R12: ffff8881197e0870
[   97.370633][ T6884] R13: ffff88810ac38000 R14: ffff88810ac38000 R15: ffff8881197e08a8
[   97.378617][ T6884] FS:  00007faef522f6c0(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000
[   97.387583][ T6884] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   97.394203][ T6884] CR2: 00007ffcd3681888 CR3: 00000001310f4000 CR4: 00000000003506f0
[   97.402232][ T6884] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   97.410264][ T6884] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[   97.418246][ T6884] Call Trace:
[   97.421574][ T6884]  <TASK>
[   97.424519][ T6884]  reg_set_min_max+0x1eb/0x260
[   97.429302][ T6884]  check_cond_jmp_op+0x1370/0x19e0
[   97.434539][ T6884]  do_check+0x3363/0x8460
[   97.438982][ T6884]  do_check_common+0xc5e/0x12b0
[   97.443955][ T6884]  bpf_check+0xaaae/0xd9d0
[   97.448459][ T6884]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   97.454511][ T6884]  ? __vmap_pages_range_noflush+0xbc4/0xcf0
[   97.460541][ T6884]  ? pcpu_block_update+0x232/0x3b0
[   97.465665][ T6884]  ? _find_next_zero_bit+0x64/0xa0
[   97.470835][ T6884]  ? pcpu_block_update+0x24e/0x3b0
[   97.475935][ T6884]  ? pcpu_block_refresh_hint+0x157/0x170
[   97.481721][ T6884]  ? pcpu_block_refresh_hint+0x157/0x170
[   97.487343][ T6884]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[   97.493521][ T6884]  ? css_rstat_updated+0xb7/0x240
[   97.498556][ T6884]  ? __rcu_read_unlock+0x4f/0x70
[   97.503655][ T6884]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[   97.509449][ T6884]  ? bpf_prog_alloc+0x5b/0x150
[   97.514225][ T6884]  ? pcpu_alloc_noprof+0xd29/0x1250
[   97.519437][ T6884]  ? __kmalloc_noprof+0x489/0x570
[   97.524590][ T6884]  ? security_bpf_prog_load+0x60/0x140
[   97.530039][ T6884]  ? selinux_bpf_prog_load+0xad/0xd0
[   97.535534][ T6884]  ? security_bpf_prog_load+0x9e/0x140
[   97.541018][ T6884]  bpf_prog_load+0xf6e/0x1100
[   97.545756][ T6884]  ? security_bpf+0x2b/0x90
[   97.550264][ T6884]  __sys_bpf+0x469/0x7c0
[   97.554495][ T6884]  __x64_sys_bpf+0x41/0x50
[   97.558897][ T6884]  x64_sys_call+0x2aee/0x3000
[   97.563619][ T6884]  do_syscall_64+0xd2/0x200
[   97.568148][ T6884]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   97.574435][ T6884]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   97.580261][ T6884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.586145][ T6884] RIP: 0033:0x7faef67cf6c9
[   97.590595][ T6884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.610285][ T6884] RSP: 002b:00007faef522f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   97.618685][ T6884] RAX: ffffffffffffffda RBX: 00007faef6a25fa0 RCX: 00007faef67cf6c9
[   97.626677][ T6884] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[   97.634646][ T6884] RBP: 00007faef6851f91 R08: 0000000000000000 R09: 0000000000000000
[   97.642623][ T6884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.650620][ T6884] R13: 00007faef6a26038 R14: 00007faef6a25fa0 R15: 00007ffeec3d7118
[   97.658596][ T6884]  </TASK>
[   97.661618][ T6884] ---[ end trace 0000000000000000 ]---
[   97.705963][ T6895] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   97.747844][ T6900] loop3: detected capacity change from 0 to 128
[   97.849747][ T6917] 9pnet: Could not find request transport: tcp˙˙˙
[   97.859890][ T6921] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   97.898691][ T6928] netlink: 'syz.3.1156': attribute type 10 has an invalid length.
[   98.011572][ T6940] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[   98.091731][ T6945] netlink: 'syz.4.1161': attribute type 10 has an invalid length.
[   98.108296][ T6948] loop0: detected capacity change from 0 to 128
[   98.110719][ T6942] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   98.165020][ T6950] loop1: detected capacity change from 0 to 512
[   98.194542][ T6950] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1164: couldn't read orphan inode 26 (err -116)
[   98.220520][ T6950] EXT4-fs (loop1): Remounting filesystem read-only
[   98.233061][ T6950] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.274801][ T6964] loop0: detected capacity change from 0 to 1024
[   98.281484][ T6964] EXT4-fs: Ignoring removed orlov option
[   98.287427][ T6950] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   98.299668][ T6964] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.313551][ T6963] 9pnet: Could not find request transport: tcp˙˙˙
[   98.376333][ T6968] FAULT_INJECTION: forcing a failure.
[   98.376333][ T6968] name failslab, interval 1, probability 0, space 0, times 0
[   98.389125][ T6968] CPU: 0 UID: 0 PID: 6968 Comm: syz.3.1170 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   98.389157][ T6968] Tainted: [W]=WARN
[   98.389163][ T6968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   98.389175][ T6968] Call Trace:
[   98.389181][ T6968]  <TASK>
[   98.389188][ T6968]  __dump_stack+0x1d/0x30
[   98.389239][ T6968]  dump_stack_lvl+0xe8/0x140
[   98.389260][ T6968]  dump_stack+0x15/0x1b
[   98.389279][ T6968]  should_fail_ex+0x265/0x280
[   98.389299][ T6968]  should_failslab+0x8c/0xb0
[   98.389391][ T6968]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   98.389424][ T6968]  ? __alloc_skb+0x101/0x320
[   98.389458][ T6968]  __alloc_skb+0x101/0x320
[   98.389597][ T6968]  netlink_alloc_large_skb+0xbf/0xf0
[   98.389626][ T6968]  netlink_sendmsg+0x3cf/0x6b0
[   98.389650][ T6968]  ? __pfx_netlink_sendmsg+0x10/0x10
[   98.389667][ T6968]  __sock_sendmsg+0x145/0x180
[   98.389732][ T6968]  ____sys_sendmsg+0x31e/0x4e0
[   98.389777][ T6968]  ___sys_sendmsg+0x17b/0x1d0
[   98.389889][ T6968]  __x64_sys_sendmsg+0xd4/0x160
[   98.389912][ T6968]  x64_sys_call+0x191e/0x3000
[   98.389936][ T6968]  do_syscall_64+0xd2/0x200
[   98.389954][ T6968]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   98.390014][ T6968]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   98.390048][ T6968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.390071][ T6968] RIP: 0033:0x7f3f217df6c9
[   98.390106][ T6968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.390156][ T6968] RSP: 002b:00007f3f20247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.390177][ T6968] RAX: ffffffffffffffda RBX: 00007f3f21a35fa0 RCX: 00007f3f217df6c9
[   98.390190][ T6968] RDX: 0000000000008844 RSI: 0000200000000080 RDI: 000000000000000b
[   98.390202][ T6968] RBP: 00007f3f20247090 R08: 0000000000000000 R09: 0000000000000000
[   98.390267][ T6968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.390280][ T6968] R13: 00007f3f21a36038 R14: 00007f3f21a35fa0 R15: 00007ffe7e5da108
[   98.390299][ T6968]  </TASK>
[   98.393977][ T6964] EXT4-fs (loop0): Online defrag not supported with bigalloc
[   98.628566][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.670082][ T6981] 9pnet: Could not find request transport: tcp˙˙˙
[   98.713780][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.746857][ T6996] loop1: detected capacity change from 0 to 512
[   98.761968][ T6996] EXT4-fs error (device loop1): ext4_init_orphan_info:581: comm syz.1.1179: inode #0: comm syz.1.1179: iget: illegal inode #
[   98.790263][ T6996] EXT4-fs (loop1): get orphan inode failed
[   98.800376][ T6996] EXT4-fs (loop1): mount failed
[   98.831066][ T7010] syz0: rxe_newlink: already configured on bond_slave_0
[   98.846202][ T7014] netlink: 'syz.1.1186': attribute type 13 has an invalid length.
[   98.929681][ T7022] netlink: 'syz.4.1187': attribute type 10 has an invalid length.
[   98.959860][ T7016] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   98.977087][   T52] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.990637][ T7014] netlink: 'syz.1.1186': attribute type 3 has an invalid length.
[   99.007695][   T52] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   99.040212][   T52] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   99.048631][   T52] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   99.086075][   T29] kauditd_printk_skb: 361 callbacks suppressed
[   99.086090][   T29] audit: type=1400 audit(1762345194.901:11451): avc:  denied  { create } for  pid=7026 comm="syz.1.1190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   99.130256][   T29] audit: type=1400 audit(1762345194.931:11452): avc:  denied  { connect } for  pid=7026 comm="syz.1.1190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   99.219545][   T29] audit: type=1326 audit(1762345195.031:11453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.255575][ T7038] 9pnet_fd: Insufficient options for proto=fd
[   99.269081][   T29] audit: type=1326 audit(1762345195.031:11454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.292719][   T29] audit: type=1326 audit(1762345195.031:11455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.316443][   T29] audit: type=1326 audit(1762345195.031:11456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.339947][   T29] audit: type=1326 audit(1762345195.031:11457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.342163][ T7047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.363481][   T29] audit: type=1326 audit(1762345195.031:11458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.379141][ T7047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.395173][   T29] audit: type=1326 audit(1762345195.031:11459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.426452][   T29] audit: type=1326 audit(1762345195.031:11460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f3f217df6c9 code=0x7ffc0000
[   99.476803][ T7049] netlink: 'syz.2.1197': attribute type 10 has an invalid length.
[   99.479918][ T7051] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[   99.484713][ T7049] __nla_validate_parse: 36 callbacks suppressed
[   99.484728][ T7049] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1197'.
[   99.513374][ T7051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1198'.
[   99.522379][ T7051] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1198'.
[   99.537802][ T7051] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1198'.
[   99.568311][ T7054] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1200'.
[   99.727169][ T7070] loop0: detected capacity change from 0 to 128
[   99.736452][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1203'.
[   99.855020][ T7081] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   99.885849][ T7081] netlink: 'syz.3.1209': attribute type 10 has an invalid length.
[   99.893868][ T7081] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1209'.
[   99.971498][ T7085] loop2: detected capacity change from 0 to 256
[   99.978312][ T7085] vfat: Deprecated parameter 'posix'
[   99.983674][ T7085] FAT-fs: "posix" option is obsolete, not supported now
[  100.029189][ T7088] 9pnet: Could not find request transport: tcp˙˙˙
[  100.373182][ T7114] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  100.383517][ T7114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1221'.
[  100.392735][ T7114] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1221'.
[  100.418650][ T7114] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1221'.
[  100.482449][ T7113] loop2: detected capacity change from 0 to 512
[  100.489613][ T7113] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  100.501162][ T7113] EXT4-fs (loop2): 1 truncate cleaned up
[  100.507403][ T7113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.562068][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.596917][ T7126] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  100.629019][ T7129] loop3: detected capacity change from 0 to 512
[  100.638691][ T7129] EXT4-fs: Ignoring removed oldalloc option
[  100.648583][ T7129] EXT4-fs: Mount option(s) incompatible with ext2
[  100.727525][ T7139] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  100.747136][ T7139] netlink: 'syz.4.1234': attribute type 10 has an invalid length.
[  100.894584][ T7158] loop0: detected capacity change from 0 to 512
[  100.901429][ T7158] EXT4-fs: Ignoring removed oldalloc option
[  100.907817][ T7158] EXT4-fs: Mount option(s) incompatible with ext2
[  101.009161][ T7161] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[  101.277580][ T7167] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  101.471253][ T7175] loop1: detected capacity change from 0 to 512
[  101.480365][ T7175] EXT4-fs: test_dummy_encryption option not supported
[  101.536538][ T7178] loop2: detected capacity change from 0 to 1024
[  101.573603][ T7178] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.589598][ T7181] loop3: detected capacity change from 0 to 512
[  101.633586][ T7181] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.1249: inode #0: comm syz.3.1249: iget: illegal inode #
[  101.730814][ T7181] EXT4-fs (loop3): get orphan inode failed
[  101.748026][ T7181] EXT4-fs (loop3): mount failed
[  101.762654][ T7178] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.1247: Allocating blocks 449-513 which overlap fs metadata
[  101.795895][ T7177] EXT4-fs (loop2): pa ffff8881071a89a0: logic 48, phys. 177, len 21
[  101.804109][ T7177] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  101.856384][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.088493][ T7208] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  102.109333][ T7208] netlink: 'syz.4.1256': attribute type 10 has an invalid length.
[  102.234168][ T7213] loop1: detected capacity change from 0 to 512
[  102.245738][ T7217] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  102.267550][ T7213] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  102.280885][ T7213] EXT4-fs (loop1): 1 truncate cleaned up
[  102.287186][ T7213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.383536][ T7228] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  102.411888][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.455900][ T7236] loop1: detected capacity change from 0 to 1024
[  102.500464][ T7232] loop4: detected capacity change from 0 to 256
[  102.507237][ T7232] vfat: Deprecated parameter 'posix'
[  102.512580][ T7232] FAT-fs: "posix" option is obsolete, not supported now
[  102.524780][ T7236] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.567816][ T7236] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.1266: Allocating blocks 449-513 which overlap fs metadata
[  102.589589][ T7233] EXT4-fs (loop1): pa ffff8881071a8930: logic 48, phys. 177, len 21
[  102.597686][ T7233] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  102.597788][ T7243] loop3: detected capacity change from 0 to 512
[  102.625024][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.636064][ T7243] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1269: inode has both inline data and extents flags
[  102.649506][ T7243] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1269: couldn't read orphan inode 15 (err -117)
[  102.661999][ T7243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.675402][ T7243] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.836768][ T7259] FAULT_INJECTION: forcing a failure.
[  102.836768][ T7259] name failslab, interval 1, probability 0, space 0, times 0
[  102.849475][ T7259] CPU: 1 UID: 0 PID: 7259 Comm: syz.4.1275 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  102.849509][ T7259] Tainted: [W]=WARN
[  102.849516][ T7259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  102.849571][ T7259] Call Trace:
[  102.849577][ T7259]  <TASK>
[  102.849584][ T7259]  __dump_stack+0x1d/0x30
[  102.849606][ T7259]  dump_stack_lvl+0xe8/0x140
[  102.849626][ T7259]  dump_stack+0x15/0x1b
[  102.849643][ T7259]  should_fail_ex+0x265/0x280
[  102.849661][ T7259]  should_failslab+0x8c/0xb0
[  102.849707][ T7259]  __kvmalloc_node_noprof+0x12e/0x670
[  102.849736][ T7259]  ? xt_alloc_entry_offsets+0x4d/0x60
[  102.849855][ T7259]  xt_alloc_entry_offsets+0x4d/0x60
[  102.849888][ T7259]  translate_table+0xa9/0xf90
[  102.850002][ T7259]  ? __rcu_read_unlock+0x4f/0x70
[  102.850074][ T7259]  ? __memcg_slab_post_alloc_hook+0x44c/0x580
[  102.850097][ T7259]  ? should_fail_ex+0xdb/0x280
[  102.850120][ T7259]  ? _copy_from_user+0x89/0xb0
[  102.850161][ T7259]  do_ipt_set_ctl+0x66f/0x820
[  102.850179][ T7259]  ? _raw_spin_unlock_bh+0x36/0x40
[  102.850215][ T7259]  ? tcp_release_cb+0xf1/0x370
[  102.850252][ T7259]  nf_setsockopt+0x199/0x1b0
[  102.850275][ T7259]  ip_setsockopt+0x102/0x110
[  102.850305][ T7259]  tcp_setsockopt+0x98/0xb0
[  102.850371][ T7259]  sock_common_setsockopt+0x69/0x80
[  102.850397][ T7259]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  102.850422][ T7259]  __sys_setsockopt+0x184/0x200
[  102.850484][ T7259]  __x64_sys_setsockopt+0x64/0x80
[  102.850527][ T7259]  x64_sys_call+0x20ec/0x3000
[  102.850550][ T7259]  do_syscall_64+0xd2/0x200
[  102.850583][ T7259]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  102.850609][ T7259]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  102.850639][ T7259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.850665][ T7259] RIP: 0033:0x7faef67cf6c9
[  102.850679][ T7259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.850697][ T7259] RSP: 002b:00007faef520e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  102.850716][ T7259] RAX: ffffffffffffffda RBX: 00007faef6a26090 RCX: 00007faef67cf6c9
[  102.850787][ T7259] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006
[  102.850800][ T7259] RBP: 00007faef520e090 R08: 00000000000003f0 R09: 0000000000000000
[  102.850812][ T7259] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[  102.850824][ T7259] R13: 00007faef6a26128 R14: 00007faef6a26090 R15: 00007ffeec3d7118
[  102.850842][ T7259]  </TASK>
[  103.105034][ T7261] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  103.143092][ T7264] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  103.160707][ T7264] netlink: 'syz.1.1277': attribute type 10 has an invalid length.
[  103.298759][ T7270] xt_connbytes: Forcing CT accounting to be enabled
[  103.305551][ T7270] Cannot find set identified by id 0 to match
[  103.359904][ T7274] 8021q: VLANs not supported on sit0
[  103.427681][ T7280] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  103.541104][ T7297] loop4: detected capacity change from 0 to 512
[  103.569984][ T7297] SELinux: failed to load policy
[  103.576663][ T7297] SELinux: failed to load policy
[  103.669841][ T7312] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  103.687840][ T7312] netlink: 'syz.3.1295': attribute type 10 has an invalid length.
[  103.781108][ T7325] loop4: detected capacity change from 0 to 1024
[  103.802311][ T7325] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.833242][ T7325] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.1301: Allocating blocks 449-513 which overlap fs metadata
[  103.851045][ T7324] EXT4-fs (loop4): pa ffff8881072f1380: logic 48, phys. 177, len 21
[  103.859185][ T7324] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  103.878592][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.012610][ T7341] FAULT_INJECTION: forcing a failure.
[  104.012610][ T7341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.025726][ T7341] CPU: 1 UID: 0 PID: 7341 Comm: syz.4.1306 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  104.025827][ T7341] Tainted: [W]=WARN
[  104.025833][ T7341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  104.025845][ T7341] Call Trace:
[  104.025851][ T7341]  <TASK>
[  104.025859][ T7341]  __dump_stack+0x1d/0x30
[  104.025884][ T7341]  dump_stack_lvl+0xe8/0x140
[  104.026061][ T7341]  dump_stack+0x15/0x1b
[  104.026078][ T7341]  should_fail_ex+0x265/0x280
[  104.026101][ T7341]  should_fail+0xb/0x20
[  104.026117][ T7341]  should_fail_usercopy+0x1a/0x20
[  104.026144][ T7341]  _copy_from_iter+0xd2/0xe80
[  104.026191][ T7341]  ? __build_skb_around+0x1ab/0x200
[  104.026220][ T7341]  ? __alloc_skb+0x223/0x320
[  104.026248][ T7341]  netlink_sendmsg+0x471/0x6b0
[  104.026268][ T7341]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.026329][ T7341]  __sock_sendmsg+0x145/0x180
[  104.026352][ T7341]  ____sys_sendmsg+0x31e/0x4e0
[  104.026392][ T7341]  ___sys_sendmsg+0x17b/0x1d0
[  104.026465][ T7341]  __x64_sys_sendmsg+0xd4/0x160
[  104.026486][ T7341]  x64_sys_call+0x191e/0x3000
[  104.026511][ T7341]  do_syscall_64+0xd2/0x200
[  104.026582][ T7341]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  104.026609][ T7341]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  104.026661][ T7341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.026685][ T7341] RIP: 0033:0x7faef67cf6c9
[  104.026701][ T7341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.026718][ T7341] RSP: 002b:00007faef522f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.026735][ T7341] RAX: ffffffffffffffda RBX: 00007faef6a25fa0 RCX: 00007faef67cf6c9
[  104.026747][ T7341] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 000000000000000a
[  104.026758][ T7341] RBP: 00007faef522f090 R08: 0000000000000000 R09: 0000000000000000
[  104.026835][ T7341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.026910][ T7341] R13: 00007faef6a26038 R14: 00007faef6a25fa0 R15: 00007ffeec3d7118
[  104.026930][ T7341]  </TASK>
[  104.269966][ T7343] loop3: detected capacity change from 0 to 2048
[  104.284661][ T7347] loop0: detected capacity change from 0 to 512
[  104.292167][ T7343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.302061][ T7347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.304978][ T7343] FAULT_INJECTION: forcing a failure.
[  104.304978][ T7343] name failslab, interval 1, probability 0, space 0, times 0
[  104.329296][ T7343] CPU: 1 UID: 0 PID: 7343 Comm: syz.3.1307 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  104.329326][ T7343] Tainted: [W]=WARN
[  104.329332][ T7343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  104.329370][ T7343] Call Trace:
[  104.329376][ T7343]  <TASK>
[  104.329383][ T7343]  __dump_stack+0x1d/0x30
[  104.329455][ T7343]  dump_stack_lvl+0xe8/0x140
[  104.329475][ T7343]  dump_stack+0x15/0x1b
[  104.329491][ T7343]  should_fail_ex+0x265/0x280
[  104.329582][ T7343]  should_failslab+0x8c/0xb0
[  104.329612][ T7343]  kmem_cache_alloc_noprof+0x50/0x480
[  104.329668][ T7343]  ? __es_insert_extent+0x508/0xee0
[  104.329701][ T7343]  __es_insert_extent+0x508/0xee0
[  104.329798][ T7343]  ? move_right+0x85/0xa0
[  104.329889][ T7343]  ext4_es_cache_extent+0x276/0x370
[  104.329923][ T7343]  ext4_find_extent+0x336/0x7a0
[  104.330004][ T7343]  ext4_ext_map_blocks+0x11f/0x38a0
[  104.330036][ T7343]  ? info_print_prefix+0x165/0x1a0
[  104.330065][ T7343]  ? record_print_text+0x240/0x2a0
[  104.330176][ T7343]  ? __rcu_read_unlock+0x4f/0x70
[  104.330205][ T7343]  ext4_map_query_blocks+0xa8/0x480
[  104.330245][ T7343]  ext4_map_blocks+0x330/0xd00
[  104.330275][ T7343]  ? bpf_trace_run2+0x124/0x1c0
[  104.330302][ T7343]  ? security_compute_sid+0x11da/0x1290
[  104.330334][ T7343]  ? security_compute_sid+0x11da/0x1290
[  104.330375][ T7343]  ext4_getblk+0x114/0x510
[  104.330412][ T7343]  ext4_bread_batch+0x5c/0x320
[  104.330449][ T7343]  __ext4_find_entry+0x840/0xf40
[  104.330542][ T7343]  ? avc_has_perm_noaudit+0x1b1/0x200
[  104.330565][ T7343]  ? may_create+0x26e/0x2b0
[  104.330597][ T7343]  ext4_lookup+0xbb/0x390
[  104.330630][ T7343]  ? __pfx_ext4_lookup+0x10/0x10
[  104.330656][ T7343]  path_openat+0xcf3/0x2170
[  104.330715][ T7343]  do_filp_open+0x109/0x230
[  104.330747][ T7343]  do_sys_openat2+0xa6/0x110
[  104.330767][ T7343]  __x64_sys_creat+0x65/0x90
[  104.330788][ T7343]  x64_sys_call+0x2da3/0x3000
[  104.330825][ T7343]  do_syscall_64+0xd2/0x200
[  104.330843][ T7343]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  104.330869][ T7343]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  104.330920][ T7343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.330930][ T7352] loop4: detected capacity change from 0 to 512
[  104.330943][ T7343] RIP: 0033:0x7f3f217df6c9
[  104.330968][ T7343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.330984][ T7343] RSP: 002b:00007f3f20247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  104.331029][ T7343] RAX: ffffffffffffffda RBX: 00007f3f21a35fa0 RCX: 00007f3f217df6c9
[  104.331042][ T7343] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000040
[  104.331056][ T7343] RBP: 00007f3f20247090 R08: 0000000000000000 R09: 0000000000000000
[  104.331069][ T7343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.331082][ T7343] R13: 00007f3f21a36038 R14: 00007f3f21a35fa0 R15: 00007ffe7e5da108
[  104.331101][ T7343]  </TASK>
[  104.331467][ T7347] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.390205][   T29] kauditd_printk_skb: 392 callbacks suppressed
[  104.390226][   T29] audit: type=1400 audit(1762345200.181:11853): avc:  denied  { read } for  pid=7342 comm="syz.3.1307" name="file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  104.482880][ T7352] EXT4-fs error (device loop4): ext4_init_orphan_info:581: comm syz.4.1310: inode #0: comm syz.4.1310: iget: illegal inode #
[  104.492775][ T7358] 9pnet: Could not find request transport: tcp˙˙˙
[  104.495271][   T29] audit: type=1400 audit(1762345200.261:11854): avc:  denied  { append } for  pid=7344 comm="syz.0.1308" name="file2" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  104.499782][ T7362] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  104.503944][ T7352] EXT4-fs (loop4): get orphan inode failed
[  104.585881][ T7365] __nla_validate_parse: 27 callbacks suppressed
[  104.585898][ T7365] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1314'.
[  104.587514][ T7352] EXT4-fs (loop4): mount failed
[  104.675404][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.769257][   T29] audit: type=1400 audit(1762345200.581:11855): avc:  denied  { getopt } for  pid=7344 comm="syz.0.1308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  104.788856][ T7347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1308'.
[  104.810355][ T7347] batman_adv: batadv0: Interface deactivated: veth1_vlan
[  104.823926][ T7372] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[  104.852811][   T29] audit: type=1400 audit(1762345200.641:11856): avc:  denied  { ioctl } for  pid=7344 comm="syz.0.1308" path="/233/file1/file2" dev="loop0" ino=16 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  104.892726][ T7380] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1320'.
[  104.922368][ T7384] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1321'.
[  104.935523][ T7347] batman_adv: batadv0: Removing interface: veth1_vlan
[  104.969897][ T7390] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1324'.
[  104.990639][ T7392] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1325'.
[  104.991606][ T7390] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1324'.
[  105.000467][   T29] audit: type=1326 audit(1762345200.811:11857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7393 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faef67cf6c9 code=0x7ffc0000
[  105.032098][   T29] audit: type=1326 audit(1762345200.821:11858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7393 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faef67cf6c9 code=0x7ffc0000
[  105.056454][ T7395] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1325'.
[  105.067054][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.077049][ T7392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1325'.
[  105.077803][   T29] audit: type=1326 audit(1762345200.891:11859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7393 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faef67cf6c9 code=0x7ffc0000
[  105.092073][ T7392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1325'.
[  105.109493][   T29] audit: type=1326 audit(1762345200.891:11860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7393 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faef67cf6c9 code=0x7ffc0000
[  105.141891][   T29] audit: type=1326 audit(1762345200.891:11861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7393 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faef67cf6c9 code=0x7ffc0000
[  105.165704][   T29] audit: type=1326 audit(1762345200.891:11862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7393 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faef67cf6c9 code=0x7ffc0000
[  105.234276][ T7405] loop0: detected capacity change from 0 to 512
[  105.248853][ T7405] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  105.262024][ T7405] EXT4-fs (loop0): 1 truncate cleaned up
[  105.268128][ T7405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.283294][ T7414] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  105.351522][ T7424] rdma_op ffff888136559180 conn xmit_rdma 0000000000000000
[  105.351786][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.393898][ T7431] netlink: 'syz.3.1340': attribute type 21 has an invalid length.
[  105.424143][ T7434] loop0: detected capacity change from 0 to 512
[  105.448699][ T7434] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  105.460669][    T2] ==================================================================
[  105.468874][    T2] BUG: KCSAN: data-race in alloc_pid / copy_process
[  105.475461][    T2] 
[  105.478038][    T2] read-write to 0xffffffff8685ff78 of 4 bytes by task 7444 on cpu 0:
[  105.486092][    T2]  alloc_pid+0x539/0x720
[  105.490327][    T2]  copy_process+0xe25/0x2000
[  105.494944][    T2]  kernel_clone+0x16c/0x5c0
[  105.499456][    T2]  __se_sys_clone3+0x1c2/0x200
[  105.504214][    T2]  __x64_sys_clone3+0x31/0x40
[  105.508881][    T2]  x64_sys_call+0x1fc9/0x3000
[  105.513640][    T2]  do_syscall_64+0xd2/0x200
[  105.518135][    T2]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.524026][    T2] 
[  105.526397][    T2] read to 0xffffffff8685ff78 of 4 bytes by task 2 on cpu 1:
[  105.533677][    T2]  copy_process+0x17fc/0x2000
[  105.538359][    T2]  kernel_clone+0x16c/0x5c0
[  105.542950][    T2]  kernel_thread+0xad/0xe0
[  105.547361][    T2]  kthreadd+0x28d/0x360
[  105.551500][    T2]  ret_from_fork+0x122/0x1b0
[  105.556173][    T2]  ret_from_fork_asm+0x1a/0x30
[  105.560954][    T2] 
[  105.563268][    T2] value changed: 0x80000115 -> 0x80000116
[  105.568976][    T2] 
[  105.571288][    T2] Reported by Kernel Concurrency Sanitizer on:
[  105.577425][    T2] CPU: 1 UID: 0 PID: 2 Comm: kthreadd Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  105.588260][    T2] Tainted: [W]=WARN
[  105.592043][    T2] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  105.602079][    T2] ==================================================================
[  105.613059][ T7441] vhci_hcd: default hub control req: a030 v0321 i0003 l0
[  105.629174][ T7434] EXT4-fs (loop0): 1 truncate cleaned up
[  105.635303][ T7434] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.675159][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.