last executing test programs:

1.592192171s ago: executing program 1 (id=3116):
socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create(0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
timer_create(0x2, 0x0, &(0x7f0000000500)=<r3=>0x0)
timer_gettime(r3, &(0x7f0000000100))

1.591960431s ago: executing program 3 (id=3117):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='sched_switch\x00', r1}, 0xd)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000500000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021"], 0xe0}}, 0x0)

1.555757584s ago: executing program 1 (id=3118):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bind$inet(r0, 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)

1.555175415s ago: executing program 1 (id=3119):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000010400"/18, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0)
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x900000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7ffff000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

1.554567295s ago: executing program 3 (id=3120):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bind$inet(r0, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaa8aaaaa0000000000000800450000280000000000069078ac0314bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02000090780000"], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20c092, &(0x7f0000000080)={[{@data_err_abort}]}, 0x8, 0x513, &(0x7f0000000c00)="$eJzs3U9vI2cZAPBnHLubbQNOWw6lEtvQP8oiWCdp+ifiUBqJP6dKiHLPhsSJojjxKnHaTbSC9BOAUAVIXODEBYkPgIT6ERBSJbhx4ASqIKEHLsjV2OMmcezU0Tp2N/79pMm8876xn+dxYmdez8QTwMiaiog3I2IsIl6KiGLWn8uWOGwu6fcdHz1YSZck6vW3/51EkvW13+cT2c1SP/hexI+S83F39w82lyuV8s7Z7oM7G1vL6+X18vb8/NxrC68vvLow22MlSf6i0Scj4o1vf/yLn/7uu2/86Rvv/mPpX7d/nKZ1NxvvVEc/NEsvxPiZ7esj/b3JNyoEAOBR8HREPBURz0fE16IYY3HhbjQAAADwCKp/a+JGqwkAAABcT7mImIgkV8rO952IXK5Uap7D+6V4PFep7ta+vlbd215NxyImo5Bb26iUZ7NzhSejkKTbc432yfbLbdvz2Tm47xdvptuNMQAAAGAwFtvm/x8Xm/N/AAAA4JrpfDB+bOB5AAAAAFfHyfgAAABw/Zn/AwAAwLX2/bfeSpf68dGDxnUAVt/Z39usvnNntby7WdraWymtVHfuldar1fVKudTDfwRUqtV7r8T23v2ZWn63NrO7f7C0Vd3bri01ruu9VH5qADUBAAAAZz353Ad/SyLi8Js3G0vqsWysMNTMgM+RJN/WcferQ8oE6ItLf8jP1N7VJAIMXPvfdGB0mOMDSXtH247BeOddhdz5rlufGcs+BwAADMf0lx3/h1HVYQIPjIifDTsBYGhO3ov/jDOBpq4+F2CwCi7zByPv3PH/NuPdBv7ca4R6/VIJAQAAfTfRXB1GdixwInK5UunTw4LJ2kalPBsRX4yIvxYLN9LtuSHmCwAAAAAAAAAAAAAAAAAAAAAAAACPono9iToAAABwrUXk/plk1/+aLr440f7+wGPJ/4qNdUS8++u3f3l/uVbbmUv7//Npf+1XWf/Lw3gHAwAAAEZR4cLR1jy9NY8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH46Pnqw0loGGfejxbgZkxHHN9rj52O8sR6PQkQ8/t8k8qdul0TEWB/iH74XEc90qj9J04rJLIv2+LmIuDnk+E/0IT6Msg8WI+LNTs+/XEw11p2ff/lseVgfLTae5B3jt17/xrq8/n2hxxjPfviHma7x34t4Nt/59acVP+kS/4Ue49/94cFBt7H6byOmO/79SZqrXPaNta17M7v7B3c2tpbXy+vl7fn5udcWXl94dWF2Zm2jUs6+dozx86/88fD9rvU3A5yO36pzspnhT7rV/2KP9f//w/tHTzebhfPxI26/0Pnn/0xj3fnxT38nXsoennR8utU+bLZPu/X7v9zqllsaf7XL49/8+RfrJ/HzZ+q/3Vv5p2v+TW83AQCu0u7+weZypVLeGUDj+Vf6d4dJo5HuBQ0o+WE3Wm92fF7yGR9O9Bsx3Nq/89D309odfpj7+Xvf6krnDJ2HhviiBAAAXImTnf5hZwIAAAAAAAAAAAAAAAAAAACjq/H//2OX/CDA5y73SWPtMQ+HUyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIU+CQAA//+3Rb+N")
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r2}, 0x8)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYRES8=r2, @ANYBLOB="9123ab4fe59dcb6eae2322cc7594c275f5e617f6ebacd182041351407fe295df1eb1c5021ae3d46fb4bbaee0a11bbca6147c4c86b9b16699e2c530116a74e123ad3e0404499115cea4f309087881f74d4ea41e", @ANYRESOCT=r3], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYBLOB="adde9e3d6a4067c78ee08d3e2697b5f27018a9d766c4d4a17c479271", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
nanosleep(&(0x7f0000000180)={0x0, 0x989680}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create(0x9, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockopt$sock_cred(r6, 0x1, 0x11, 0x0, &(0x7f0000cab000))
setresuid(0x0, 0x0, 0xee00)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01030000000000000000010000000800070000000000080003009429c14f1a815426a76897a432aec7da6a9d25d1d76ca0ed26b60200000000000000fa4ae49c6215ca54d50300fc95290b8836f6fe54b3357cce9f5bbd22aa7458403b8aa609fd538c313de4d8152b94d1482f8d87074ef18cee0bd5db365d931000", @ANYRES32=0x0, @ANYBLOB="0c0099000000000064000000"], 0x30}}, 0x0)

1.524926127s ago: executing program 0 (id=3121):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
lsm_set_self_attr(0x66, &(0x7f0000000340)=ANY=[@ANYBLOB="65000000000000000304000000000000280000000000000008"], 0x28, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030700000000000000000b000000080003003803"], 0x1c}}, 0x0)

1.403333508s ago: executing program 3 (id=3123):
close(0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000000000000000000000000001812000098f1bd05ab672dceb5e9ba01ecf86501ffa2009652f6de3ffbd4b32f3844a4c557bcadd5684f6f8963c59c0500d4f214b33350f83dfb12a242cce440adff8a55dd4ee3c3460b89c609635574000000000094ec365072ccd214a61c475005fd116ed092f2e8b29cd9d5d1290542a9768325560875870994aa21477f0d911a", @ANYRES32, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r6, @ANYRES32, @ANYBLOB="000000000000000000000600000000000000000000000000000013da392f8183b61916bb0000843ef4908d39d1d10268f378d2ade077583a85ca5cd67655d5aa71fbaca0053331959d42f7c468bc1bd3960dae9d466f6fe042c459868cffb5e5a9e7aaf643695a6d23c5dbc57bd58a903034c6ea9350d9037a4255ea8a29e126172ee343d2c16c91c7bfe1e48ae9e01585ab2d0daec9c432983f8d7c2386b393e4954e844718e7ab0b8cf6fc3697814b4a76b80c81c3b7f27e5d7d4e18289eac3d78670c30d7762e456d74c84ed6f94a3f5169dab7561e0790ffeb342d9adc2438bb"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000240)=<r8=>0x0)
timer_delete(r8)
splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0)
splice(r4, 0x0, r1, 0x0, 0x7f, 0xe)
write(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x100000a, 0x4012831, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000cd8000/0x4000)=nil, 0x3)
read$msr(r4, &(0x7f00000003c0)=""/102, 0x66)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="300000001d0001efffffff0000555adf63b55e7a7c0000000a0000003aed7effa606588ce637dd1e358206cf2ce1af91941af891e8303891b147a8c8dd8e8a8f34fd0600ec1868618a8c764bafc3a3a617613ccbe24482fb683b487902f551c37f5db812d6ce92c68b02ad3e020a27b91fb938015165d1381e80ec4cab4bbc6cd5ec644d06019529d36066c08ae7010cfcc25dd4811c5165348a809d000000000000000000000000000000000000000000000000000000000065cca040e2b122a008e1737e43548443977c0ead1c5ce640623cb911554edcbf83d85d17b9985e41cd9759ae5f93514a88c5845137d455272a625f23f9ee77b8b2987349c0238749e94da9843e223676cb0b44b109775f394904e7e61bf5ae6a41563f45e5080abe90b2191855549b0f0ba262d104436378f2aef59c43dc5fe8441275fe9b463b0cd9a75d9bb33e648074926102a5901d386bf5ed5a870a33ae5db300", @ANYRES32=r12, @ANYBLOB="0000080014000100fe8000000000000000000000000000aa"], 0x30}}, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32=r9, @ANYRESHEX, @ANYRES64=r9, @ANYRESDEC=r4, @ANYRESHEX=0x0, @ANYRES32=r6, @ANYBLOB="0c330a11f113b822fdc99b826168f549acd7a1709c502b2215b0fe94d0bea262df3823922ceb210648518d2c7991b49b8d291321b87992a91048a3af024d5ba39b97ab16a4611b8e1e41fae974452d88c9140741b6c408200215e5f7bc5e212381ed729e1005553dd33c2ba136c82f4c1f494ed93576d2eb3b60798e11076a46df1dea83f8f67233e64919da12f4d489a23c9705014a18d10e94ae374fdb10736ed2bd76732496ac93120d7dac7d58", @ANYRES32=r0, @ANYRES16=r12], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r13}, 0x10)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='thermal_power_allocator\x00', r14}, 0x18)

1.37002366s ago: executing program 0 (id=3125):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3804c82, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0))
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

937.363108ms ago: executing program 2 (id=3127):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r2}, 0xc)

936.907598ms ago: executing program 2 (id=3128):
socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create(0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
timer_create(0x2, 0x0, &(0x7f0000000500)=<r3=>0x0)
timer_gettime(r3, &(0x7f0000000100))

931.993739ms ago: executing program 2 (id=3129):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3eb4055bdebd7828}, {0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x8080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0)

922.829289ms ago: executing program 0 (id=3130):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='sched_switch\x00', r1}, 0xd)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000500000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021"], 0xe0}}, 0x0)

712.889278ms ago: executing program 0 (id=3134):
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x40000)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1000, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x40042, 0x1ff)
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x18)
renameat2(r3, &(0x7f0000000080)='./file1\x00', r2, &(0x7f00000000c0)='./file0\x00', 0x0)

646.041224ms ago: executing program 1 (id=3135):
socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create(0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
timer_create(0x2, 0x0, &(0x7f0000000500)=<r2=>0x0)
timer_gettime(r2, &(0x7f0000000100))

587.305118ms ago: executing program 1 (id=3136):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)

586.500728ms ago: executing program 1 (id=3137):
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x40000)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1000, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000380)={0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x40042, 0x1ff)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x18)
renameat2(r4, &(0x7f0000000080)='./file1\x00', r3, &(0x7f00000000c0)='./file0\x00', 0x0)

516.003815ms ago: executing program 0 (id=3139):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
close(0xffffffffffffffff)
pipe(&(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000000200))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000000000000000000000000001812000098f1bd05ab672dceb5e9ba01ecf86501ffa2009652f6de3ffbd4b32f3844a4c557bcadd5684f6f8963c59c0500d4f214b33350f83dfb12a242cce440adff8a55dd4ee3c3460b89c609635574000000000094ec365072ccd214a61c475005fd116ed092f2e8b29cd9d5d1290542a9768325560875870994aa21477f0d911a", @ANYRES32, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r1, @ANYRES32, @ANYBLOB="000000000000000000000600000000000000000000000000000013da392f8183b61916bb0000843ef4908d39d1d10268f378d2ade077583a85ca5cd67655d5aa71fbaca0053331959d42f7c468bc1bd3960dae9d466f6fe042c459868cffb5e5a9e7aaf643695a6d23c5dbc57bd58a903034c6ea9350d9037a4255ea8a29e126172ee343d2c16c91c7bfe1e48ae9e01585ab2d0daec9c432983f8d7c2386b393e4954e844718e7ab0b8cf6fc3697814b4a76b80c81c3b7f27e5d7d4e18289eac3d78670c30d7762e456d74c84ed6f94a3f5169dab7561e0790ffeb342d9adc2438bb"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000240)=<r2=>0x0)
timer_delete(r2)
write(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x100000a, 0x4012831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000cd8000/0x4000)=nil, 0x3)

472.752918ms ago: executing program 4 (id=3140):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r2}, 0xc)

456.57348ms ago: executing program 3 (id=3141):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3804c82, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0))
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

414.552464ms ago: executing program 4 (id=3142):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)

414.168313ms ago: executing program 4 (id=3143):
r0 = syz_io_uring_setup(0xd7b, &(0x7f00000035c0)={0x0, 0x2, 0x10100, 0x1}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x49, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
io_uring_enter(r0, 0x291c, 0x0, 0x0, 0x0, 0x0)

286.475625ms ago: executing program 0 (id=3144):
r0 = epoll_create1(0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x7, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = syz_open_procfs(0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)
timer_gettime(0x0, &(0x7f0000000400))
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a})
read$char_usb(r1, &(0x7f0000000b00)=""/182, 0xb6)
ppoll(&(0x7f0000000780)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002700)=@delchain={0x23c, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8, 0xb, 0x1000}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8}, @TCA_U32_MARK={0x10}, @TCA_U32_FLAGS={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x40, 0x1}}, @TCA_RATE={0x6}, @filter_kind_options=@f_cgroup={{0xb}, {0x198, 0x2, [@TCA_CGROUP_EMATCHES={0x194, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0xa8, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x3, 0x2, 0x9}, {0x2, 0x1, 0x1, "e2"}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x7, 0x3, 0x3fe5}, {0xfffffffb, 0x100, 0x4, 0x8000}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x1069, 0x7, 0x7}, {{0x8, 0x1, 0x1, 0x1}, {0x2, 0x0, 0x1, 0x1}}}}, @TCF_EM_IPT={0x20, 0x1, 0x0, 0x0, {{0x4, 0x9, 0xfc00}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x2}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x3, 0x3, 0x4}, {0x8, 0x194, 0x518, 0x7}}}, @TCF_EM_META={0x24, 0x1, 0x0, 0x0, {{0x8, 0x4, 0x9}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x17}, {0x3ff, 0x3, 0x1}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7fff, 0x0, 0x2}, {0x2, 0x8}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0xd8, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xfffa, 0x1, 0xfff7}, {0x7, 0x6, 0x2, 0x2, 0x5, 0x2, 0x2}}}, @TCF_EM_META={0x60, 0x2, 0x0, 0x0, {{0x0, 0x4, 0xd}, [@TCA_EM_META_LVALUE={0x33, 0x2, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="58a7987a274f0cc3ce", @TCF_META_TYPE_VAR="cac29306dd73c5e626", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="faae9e3b", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="547d4938e2", @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_LVALUE={0x14, 0x2, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x8, 0x25, 0x1}, {0x1, 0xfe}}}]}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x7, 0x7, 0x4000}, {{0x0, 0x1, 0x0, 0x1}, {0x1}}}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0xb457, 0x2, 0x6}, {0x8001, 0x2, 0x0, "0588"}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x0, 0x1, 0x304}, {0x8, 0x8001, 0x6, 0x4, 0x3, 0x1, 0x1}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x0, 0x3, 0x1}, {0x4, 0x1, 0xd21, 0x5}}}]}]}]}}]}, 0x23c}}, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r1, 0x5521)
r10 = socket(0x10, 0x803, 0x0)
sendto(r10, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r10, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2, <r11=>0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f00000006c0)=r8}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000bc0)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000300)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @map_val={0x18, 0x9, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000340)='GPL\x00', 0x10, 0xc5, &(0x7f0000000880)=""/197, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000580)={0x5, 0x4, 0x1000, 0x10000000}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[r1, r7, r11, r2], &(0x7f0000000a80)=[{0x5, 0x2, 0x8, 0xa}, {0x4, 0x1, 0x5, 0x9}, {0x5, 0x4, 0x4, 0x5}, {0x4, 0x2, 0x2, 0xc}, {0x2, 0x3}], 0x10, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
r12 = socket$isdn(0x22, 0x2, 0x23)
r13 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x0)
dup2(r13, r12)

286.167755ms ago: executing program 4 (id=3145):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199)

251.677688ms ago: executing program 4 (id=3146):
socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create(0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
timer_create(0x2, 0x0, &(0x7f0000000500)=<r2=>0x0)
timer_gettime(r2, &(0x7f0000000100))

235.890059ms ago: executing program 4 (id=3147):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000010400"/18, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0)
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x900000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7ffff000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

148.623127ms ago: executing program 3 (id=3148):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)

74.408173ms ago: executing program 2 (id=3149):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000840)={{r4}, &(0x7f0000000600), &(0x7f0000000800)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0xb7, &(0x7f0000000340)=[{}, {}, {}], 0x18, 0x0, 0x0, &(0x7f0000000400), 0x8, 0xa1, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000004c0)=r5, 0x4)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r7}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000851000000300000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
pipe(&(0x7f0000000500))

39.270416ms ago: executing program 2 (id=3150):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000600)='\x87\x86@\x00\x00\x00\x00\x00\x00\x00\x00+\xafM\x01\x00\x00\x00\x00\x00')
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0)

31.934777ms ago: executing program 3 (id=3151):
close(0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000000000000000000000000001812000098f1bd05ab672dceb5e9ba01ecf86501ffa2009652f6de3ffbd4b32f3844a4c557bcadd5684f6f8963c59c0500d4f214b33350f83dfb12a242cce440adff8a55dd4ee3c3460b89c609635574000000000094ec365072ccd214a61c475005fd116ed092f2e8b29cd9d5d1290542a9768325560875870994aa21477f0d911a", @ANYRES32, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC=r6, @ANYRES32, @ANYBLOB="000000000000000000000600000000000000000000000000000013da392f8183b61916bb0000843ef4908d39d1d10268f378d2ade077583a85ca5cd67655d5aa71fbaca0053331959d42f7c468bc1bd3960dae9d466f6fe042c459868cffb5e5a9e7aaf643695a6d23c5dbc57bd58a903034c6ea9350d9037a4255ea8a29e126172ee343d2c16c91c7bfe1e48ae9e01585ab2d0daec9c432983f8d7c2386b393e4954e844718e7ab0b8cf6fc3697814b4a76b80c81c3b7f27e5d7d4e18289eac3d78670c30d7762e456d74c84ed6f94a3f5169dab7561e0790ffeb342d9adc2438bb"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000240)=<r8=>0x0)
timer_delete(r8)
splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0)
splice(r4, 0x0, r1, 0x0, 0x7f, 0xe)
write(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x100000a, 0x4012831, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000cd8000/0x4000)=nil, 0x3)
read$msr(r4, &(0x7f00000003c0)=""/102, 0x66)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="300000001d0001efffffff0000555adf63b55e7a7c0000000a0000003aed7effa606588ce637dd1e358206cf2ce1af91941af891e8303891b147a8c8dd8e8a8f34fd0600ec1868618a8c764bafc3a3a617613ccbe24482fb683b487902f551c37f5db812d6ce92c68b02ad3e020a27b91fb938015165d1381e80ec4cab4bbc6cd5ec644d06019529d36066c08ae7010cfcc25dd4811c5165348a809d000000000000000000000000000000000000000000000000000000000065cca040e2b122a008e1737e43548443977c0ead1c5ce640623cb911554edcbf83d85d17b9985e41cd9759ae5f93514a88c5845137d455272a625f23f9ee77b8b2987349c0238749e94da9843e223676cb0b44b109775f394904e7e61bf5ae6a41563f45e5080abe90b2191855549b0f0ba262d104436378f2aef59c43dc5fe8441275fe9b463b0cd9a75d9bb33e648074926102a5901d386bf5ed5a870a33ae5db300", @ANYRES32=r12, @ANYBLOB="0000080014000100fe8000000000000000000000000000aa"], 0x30}}, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32=r9, @ANYRESHEX, @ANYRES64=r9, @ANYRESDEC=r4, @ANYRESHEX=0x0, @ANYRES32=r6, @ANYBLOB="0c330a11f113b822fdc99b826168f549acd7a1709c502b2215b0fe94d0bea262df3823922ceb210648518d2c7991b49b8d291321b87992a91048a3af024d5ba39b97ab16a4611b8e1e41fae974452d88c9140741b6c408200215e5f7bc5e212381ed729e1005553dd33c2ba136c82f4c1f494ed93576d2eb3b60798e11076a46df1dea83f8f67233e64919da12f4d489a23c9705014a18d10e94ae374fdb10736ed2bd76732496ac93120d7dac7d58", @ANYRES32=r0, @ANYRES16=r12], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r13}, 0x10)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='thermal_power_allocator\x00', r14}, 0x18)

0s ago: executing program 2 (id=3152):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000010400"/20, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, 0x0)
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x900000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7ffff000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

2723': attribute type 15 has an invalid length.
[  185.581556][T12101] netlink: 'syz.3.2723': attribute type 18 has an invalid length.
[  185.848601][T12108] netlink: 'syz.2.2726': attribute type 15 has an invalid length.
[  185.856508][T12108] netlink: 'syz.2.2726': attribute type 18 has an invalid length.
[  185.901172][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.072892][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.147100][T12121] loop1: detected capacity change from 0 to 512
[  186.155017][T12121] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  186.176966][T12121] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2730: iget: bad i_size value: -6917529027641081756
[  186.190431][T12121] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2730: couldn't read orphan inode 17 (err -117)
[  186.202937][T12121] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.241983][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.261936][T12129] loop1: detected capacity change from 0 to 512
[  186.268878][T12129] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  186.284680][T12129] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2735: iget: bad i_size value: -6917529027641081756
[  186.297985][T12129] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2735: couldn't read orphan inode 17 (err -117)
[  186.310300][T12129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.343776][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.391342][T12140] loop1: detected capacity change from 0 to 164
[  186.421195][T12143] loop1: detected capacity change from 0 to 1024
[  186.428923][T12143] EXT4-fs: Ignoring removed orlov option
[  186.434723][T12143] EXT4-fs: Ignoring removed nomblk_io_submit option
[  186.444360][T12143] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.656525][T12151] loop2: detected capacity change from 0 to 512
[  186.685600][T12151] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.698211][T12151] ext4 filesystem being mounted at /566/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.077279][T12159] FAULT_INJECTION: forcing a failure.
[  187.077279][T12159] name failslab, interval 1, probability 0, space 0, times 0
[  187.090028][T12159] CPU: 0 UID: 0 PID: 12159 Comm: syz.0.2744 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  187.100874][T12159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  187.110959][T12159] Call Trace:
[  187.114254][T12159]  <TASK>
[  187.117176][T12159]  dump_stack_lvl+0xf2/0x150
[  187.121839][T12159]  dump_stack+0x15/0x20
[  187.126083][T12159]  should_fail_ex+0x229/0x230
[  187.130813][T12159]  ? tcp_sigpool_alloc_ahash+0x87/0x6c0
[  187.136378][T12159]  should_failslab+0x8f/0xb0
[  187.141030][T12159]  __kmalloc_noprof+0xa5/0x370
[  187.145787][T12159]  tcp_sigpool_alloc_ahash+0x87/0x6c0
[  187.151242][T12159]  tcp_md5_alloc_sigpool+0x1b/0x60
[  187.156456][T12159]  tcp_md5_do_add+0x86/0x1c0
[  187.161042][T12159]  tcp_v6_parse_md5_keys+0x3d7/0x430
[  187.166503][T12159]  do_tcp_setsockopt+0xdbc/0x1550
[  187.171590][T12159]  ? selinux_socket_setsockopt+0x1ca/0x200
[  187.177468][T12159]  tcp_setsockopt+0x50/0xb0
[  187.181973][T12159]  sock_common_setsockopt+0x64/0x80
[  187.187176][T12159]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  187.193185][T12159]  __sys_setsockopt+0x1d8/0x250
[  187.198039][T12159]  __x64_sys_setsockopt+0x66/0x80
[  187.203106][T12159]  x64_sys_call+0x278d/0x2d60
[  187.207787][T12159]  do_syscall_64+0xc9/0x1c0
[  187.212337][T12159]  ? clear_bhb_loop+0x55/0xb0
[  187.217016][T12159]  ? clear_bhb_loop+0x55/0xb0
[  187.221702][T12159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.227671][T12159] RIP: 0033:0x7f373b6bdef9
[  187.232090][T12159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.251696][T12159] RSP: 002b:00007f373a331038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  187.260112][T12159] RAX: ffffffffffffffda RBX: 00007f373b875f80 RCX: 00007f373b6bdef9
[  187.268102][T12159] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000005
[  187.276064][T12159] RBP: 00007f373a331090 R08: 00000000000000d8 R09: 0000000000000000
[  187.284257][T12159] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001
[  187.292247][T12159] R13: 0000000000000000 R14: 00007f373b875f80 R15: 00007ffd51db4668
[  187.300246][T12159]  </TASK>
[  187.334910][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.338906][T12164] 0ªX¹¦Dö»: renamed from gretap0 (while UP)
[  187.355019][T12164] 0ªX¹¦Dö»: entered allmulticast mode
[  187.380985][T12169] loop1: detected capacity change from 0 to 512
[  187.392803][T12169] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  187.415208][T12169] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2747: iget: bad i_size value: -6917529027641081756
[  187.430222][T12169] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2747: couldn't read orphan inode 17 (err -117)
[  187.432683][T12177] loop3: detected capacity change from 0 to 1024
[  187.445678][T12169] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.452368][T12177] EXT4-fs: Ignoring removed orlov option
[  187.466717][T12177] EXT4-fs: Ignoring removed nomblk_io_submit option
[  187.490801][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.501514][T12177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.544374][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.566004][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.631873][T12195] loop3: detected capacity change from 0 to 1024
[  187.639065][T12197] FAULT_INJECTION: forcing a failure.
[  187.639065][T12197] name failslab, interval 1, probability 0, space 0, times 0
[  187.651741][T12197] CPU: 0 UID: 0 PID: 12197 Comm: syz.1.2756 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  187.662517][T12197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  187.672643][T12197] Call Trace:
[  187.675987][T12197]  <TASK>
[  187.678906][T12197]  dump_stack_lvl+0xf2/0x150
[  187.683592][T12197]  dump_stack+0x15/0x20
[  187.687737][T12197]  should_fail_ex+0x229/0x230
[  187.692495][T12197]  ? sock_kmalloc+0x83/0xc0
[  187.696990][T12197]  should_failslab+0x8f/0xb0
[  187.701578][T12197]  __kmalloc_noprof+0xa5/0x370
[  187.706439][T12197]  sock_kmalloc+0x83/0xc0
[  187.710763][T12197]  ____sys_sendmsg+0x127/0x410
[  187.715592][T12197]  __sys_sendmmsg+0x269/0x500
[  187.720379][T12197]  ? trace_sys_enter+0x65/0xa0
[  187.725139][T12197]  __x64_sys_sendmmsg+0x57/0x70
[  187.730013][T12197]  x64_sys_call+0xa49/0x2d60
[  187.734666][T12197]  do_syscall_64+0xc9/0x1c0
[  187.739163][T12197]  ? clear_bhb_loop+0x55/0xb0
[  187.743853][T12197]  ? clear_bhb_loop+0x55/0xb0
[  187.748512][T12197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.754448][T12197] RIP: 0033:0x7fb09b8ddef9
[  187.758846][T12197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.778494][T12197] RSP: 002b:00007fb09a536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  187.786968][T12197] RAX: ffffffffffffffda RBX: 00007fb09ba96058 RCX: 00007fb09b8ddef9
[  187.794996][T12197] RDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000006
[  187.802951][T12197] RBP: 00007fb09a536090 R08: 0000000000000000 R09: 0000000000000000
[  187.811043][T12197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.819056][T12197] R13: 0000000000000001 R14: 00007fb09ba96058 R15: 00007fff720f78b8
[  187.827017][T12197]  </TASK>
[  187.832015][T12195] EXT4-fs: Ignoring removed orlov option
[  187.837877][T12195] EXT4-fs: Ignoring removed nomblk_io_submit option
[  187.860681][T12195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.862945][T12203] loop4: detected capacity change from 0 to 256
[  187.881447][T12203] msdos: Bad value for 'uid'
[  187.886167][T12203] msdos: Bad value for 'uid'
[  187.895289][T12203] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  187.994713][T12209] loop2: detected capacity change from 0 to 512
[  188.002395][T12209] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  188.020195][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.032976][T12209] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #17: comm syz.2.2762: iget: bad i_size value: -6917529027641081756
[  188.053801][T12209] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2762: couldn't read orphan inode 17 (err -117)
[  188.069294][T12209] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.113454][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.128067][T12219] loop3: detected capacity change from 0 to 1024
[  188.142521][T12219] EXT4-fs: Ignoring removed orlov option
[  188.149376][T12219] EXT4-fs: Ignoring removed nomblk_io_submit option
[  188.159415][T12221] loop2: detected capacity change from 0 to 512
[  188.176104][T12219] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.190051][T12221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.201093][T12215] loop4: detected capacity change from 0 to 1024
[  188.211871][T12221] ext4 filesystem being mounted at /571/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.247696][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.263188][T12215] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  188.289290][T12215] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.521649][T12235] loop3: detected capacity change from 0 to 1024
[  188.546547][T12235] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  188.563872][T12235] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.584324][T12242] netlink: 'syz.1.2770': attribute type 15 has an invalid length.
[  188.592195][T12242] netlink: 'syz.1.2770': attribute type 18 has an invalid length.
[  188.873566][T12244] delete_channel: no stack
[  188.924889][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.978133][T12250] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=12250 comm=syz.4.2773
[  189.038397][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.083845][T12253] loop2: detected capacity change from 0 to 1024
[  189.090625][T12253] EXT4-fs: Ignoring removed orlov option
[  189.096335][T12253] EXT4-fs: Ignoring removed nomblk_io_submit option
[  189.115442][T12253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.287956][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.321976][T12260] loop3: detected capacity change from 0 to 512
[  189.328914][T12260] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  189.344774][T12260] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2776: iget: bad i_size value: -6917529027641081756
[  189.358162][T12260] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2776: couldn't read orphan inode 17 (err -117)
[  189.372066][T12260] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.402263][T12260] __nla_validate_parse: 10 callbacks suppressed
[  189.402317][T12260] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2776'.
[  189.424872][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.444115][T12268] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  189.582801][T12281] loop0: detected capacity change from 0 to 512
[  189.586901][T12277] loop3: detected capacity change from 0 to 1024
[  189.599498][T12277] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  189.607837][T12281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.621567][T12277] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.624162][T12281] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.951175][ T3269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.994470][T12295] Cannot find del_set index 0 as target
[  190.081891][   T29] kauditd_printk_skb: 364 callbacks suppressed
[  190.081904][   T29] audit: type=1400 audit(1726073407.587:10408): avc:  denied  { create } for  pid=12294 comm="syz.2.2787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  190.118803][   T29] audit: type=1400 audit(1726073407.587:10409): avc:  denied  { ioctl } for  pid=12294 comm="syz.2.2787" path="socket:[29359]" dev="sockfs" ino=29359 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  190.200648][T12299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2788'.
[  190.209587][T12299] netlink: 'syz.2.2788': attribute type 15 has an invalid length.
[  190.217424][T12299] netlink: 'syz.2.2788': attribute type 18 has an invalid length.
[  190.311048][T12307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2792'.
[  190.329451][T12307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2792'.
[  190.354865][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.361122][T12307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2792'.
[  190.390442][T12312] futex_wake_op: syz.3.2793 tries to shift op by 144; fix this program
[  190.405543][   T29] audit: type=1326 audit(1726073407.917:10410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.447368][   T29] audit: type=1326 audit(1726073407.917:10411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.472079][   T29] audit: type=1326 audit(1726073407.917:10412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.476832][T12314] loop1: detected capacity change from 0 to 256
[  190.496720][   T29] audit: type=1326 audit(1726073407.917:10413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.525489][   T29] audit: type=1326 audit(1726073407.917:10414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.549854][   T29] audit: type=1326 audit(1726073407.917:10415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.574218][   T29] audit: type=1326 audit(1726073407.917:10416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.597816][   T29] audit: type=1326 audit(1726073407.917:10417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12313 comm="syz.1.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  190.624313][T11040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.670744][T12320] loop1: detected capacity change from 0 to 1024
[  190.688534][T12320] EXT4-fs: Ignoring removed orlov option
[  190.694338][T12320] EXT4-fs: Ignoring removed nomblk_io_submit option
[  190.718891][T12320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.753557][T12328] pim6reg: entered allmulticast mode
[  190.760864][T12328] pim6reg: left allmulticast mode
[  190.938152][T12338] loop4: detected capacity change from 0 to 1024
[  190.972068][T12338] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  190.980743][T12342] loop0: detected capacity change from 0 to 2048
[  191.009016][T12342] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.039775][T12338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.570214][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.603147][T11040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.642976][T12393] futex_wake_op: syz.3.2810 tries to shift op by 144; fix this program
[  191.675673][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.680407][T12397] loop3: detected capacity change from 0 to 512
[  191.692062][T12397] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  191.707292][T12397] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2812: iget: bad i_size value: -6917529027641081756
[  191.729763][T12404] FAULT_INJECTION: forcing a failure.
[  191.729763][T12404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.742872][T12404] CPU: 1 UID: 0 PID: 12404 Comm: syz.0.2814 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  191.753635][T12404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  191.763715][T12404] Call Trace:
[  191.766996][T12404]  <TASK>
[  191.769920][T12404]  dump_stack_lvl+0xf2/0x150
[  191.774609][T12404]  dump_stack+0x15/0x20
[  191.778842][T12404]  should_fail_ex+0x229/0x230
[  191.783520][T12404]  should_fail+0xb/0x10
[  191.787665][T12404]  should_fail_usercopy+0x1a/0x20
[  191.792688][T12404]  _copy_to_user+0x1e/0xa0
[  191.797141][T12404]  simple_read_from_buffer+0xa0/0x110
[  191.802512][T12404]  proc_fail_nth_read+0xff/0x140
[  191.807452][T12404]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  191.812997][T12404]  vfs_read+0x1a2/0x6e0
[  191.817185][T12404]  ? __rcu_read_unlock+0x4e/0x70
[  191.818743][T12407] ip6t_REJECT: ECHOREPLY is not supported
[  191.822161][T12404]  ? __fget_files+0x1da/0x210
[  191.822191][T12404]  ksys_read+0xeb/0x1b0
[  191.836749][T12404]  __x64_sys_read+0x42/0x50
[  191.841314][T12404]  x64_sys_call+0x27d3/0x2d60
[  191.845995][T12404]  do_syscall_64+0xc9/0x1c0
[  191.850550][T12404]  ? clear_bhb_loop+0x55/0xb0
[  191.855459][T12404]  ? clear_bhb_loop+0x55/0xb0
[  191.860140][T12404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.866040][T12404] RIP: 0033:0x7f373b6bc93c
[  191.870484][T12404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  191.890089][T12404] RSP: 002b:00007f373a331030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  191.898563][T12404] RAX: ffffffffffffffda RBX: 00007f373b875f80 RCX: 00007f373b6bc93c
[  191.906561][T12404] RDX: 000000000000000f RSI: 00007f373a3310a0 RDI: 0000000000000006
[  191.914520][T12404] RBP: 00007f373a331090 R08: 0000000000000000 R09: 0000000000000000
[  191.922477][T12404] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001
[  191.930436][T12404] R13: 0000000000000000 R14: 00007f373b875f80 R15: 00007ffd51db4668
[  191.938403][T12404]  </TASK>
[  191.961279][T12410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'.
[  191.970633][T12397] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2812: couldn't read orphan inode 17 (err -117)
[  191.999545][T12397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.015304][T12410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'.
[  192.044043][T12410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'.
[  192.044159][T12397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2812'.
[  192.076581][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.081511][T12421] loop1: detected capacity change from 0 to 1024
[  192.092405][T12421] EXT4-fs: Ignoring removed nomblk_io_submit option
[  192.103333][T12426] loop3: detected capacity change from 0 to 164
[  192.111079][T12421] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.132077][T12426] bio_check_eod: 35639 callbacks suppressed
[  192.132091][T12426] syz.3.2821: attempt to access beyond end of device
[  192.132091][T12426] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  192.152666][T12426] syz.3.2821: attempt to access beyond end of device
[  192.152666][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.166287][T12426] syz.3.2821: attempt to access beyond end of device
[  192.166287][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.180735][T12426] syz.3.2821: attempt to access beyond end of device
[  192.180735][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.194856][T12426] syz.3.2821: attempt to access beyond end of device
[  192.194856][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.208470][T12426] syz.3.2821: attempt to access beyond end of device
[  192.208470][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.222173][T12426] syz.3.2821: attempt to access beyond end of device
[  192.222173][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.235914][T12426] syz.3.2821: attempt to access beyond end of device
[  192.235914][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.249413][T12426] syz.3.2821: attempt to access beyond end of device
[  192.249413][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.255640][T12434] loop0: detected capacity change from 0 to 1024
[  192.263376][T12426] syz.3.2821: attempt to access beyond end of device
[  192.263376][T12426] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  192.296601][T12434] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  192.296583][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.314744][T12434] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.845612][T12459] loop4: detected capacity change from 0 to 1024
[  192.858920][T12459] EXT4-fs: test_dummy_encryption option not supported
[  192.867653][T12461] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2831'.
[  192.934535][T12463] loop4: detected capacity change from 0 to 512
[  192.956264][T12463] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  193.011893][T12463] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2832: iget: bad i_size value: -6917529027641081756
[  193.017999][T12475] loop3: detected capacity change from 0 to 512
[  193.025988][T11040] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.041581][T12463] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2832: couldn't read orphan inode 17 (err -117)
[  193.055062][T12463] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.073519][T12477] loop1: detected capacity change from 0 to 1024
[  193.075219][T12475] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.080252][T12477] EXT4-fs: Ignoring removed nomblk_io_submit option
[  193.100734][T12475] ext4 filesystem being mounted at /586/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.108648][T12480] futex_wake_op: syz.0.2837 tries to shift op by 144; fix this program
[  193.145831][T12484] Cannot find del_set index 0 as target
[  193.151738][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.168618][T12477] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.186158][T12477] FAULT_INJECTION: forcing a failure.
[  193.186158][T12477] name failslab, interval 1, probability 0, space 0, times 0
[  193.198861][T12477] CPU: 0 UID: 0 PID: 12477 Comm: +}[@ Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  193.209146][T12477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  193.219194][T12477] Call Trace:
[  193.222462][T12477]  <TASK>
[  193.225380][T12477]  dump_stack_lvl+0xf2/0x150
[  193.229969][T12477]  dump_stack+0x15/0x20
[  193.234204][T12477]  should_fail_ex+0x229/0x230
[  193.238938][T12477]  ? getname_kernel+0x3d/0x1e0
[  193.243712][T12477]  should_failslab+0x8f/0xb0
[  193.248304][T12477]  kmem_cache_alloc_noprof+0x4c/0x290
[  193.254106][T12477]  getname_kernel+0x3d/0x1e0
[  193.258723][T12477]  kern_path+0x21/0x110
[  193.262870][T12477]  lookup_bdev+0x62/0x140
[  193.267186][T12477]  __se_sys_quotactl+0x1b3/0x660
[  193.272181][T12477]  __x64_sys_quotactl+0x55/0x70
[  193.277103][T12477]  x64_sys_call+0x2b7f/0x2d60
[  193.281771][T12477]  do_syscall_64+0xc9/0x1c0
[  193.286264][T12477]  ? clear_bhb_loop+0x55/0xb0
[  193.290966][T12477]  ? clear_bhb_loop+0x55/0xb0
[  193.295630][T12477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.301606][T12477] RIP: 0033:0x7fb09b8ddef9
[  193.306089][T12477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.325683][T12477] RSP: 002b:00007fb09a557038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  193.334109][T12477] RAX: ffffffffffffffda RBX: 00007fb09ba95f80 RCX: 00007fb09b8ddef9
[  193.342085][T12477] RDX: 0000000000000000 RSI: 0000000020000280 RDI: ffffffff80000501
[  193.350055][T12477] RBP: 00007fb09a557090 R08: 0000000000000000 R09: 0000000000000000
[  193.358078][T12477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.366114][T12477] R13: 0000000000000000 R14: 00007fb09ba95f80 R15: 00007fff720f78b8
[  193.374122][T12477]  </TASK>
[  193.389014][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.399137][T12482] delete_channel: no stack
[  193.897325][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.928865][T12504] loop2: detected capacity change from 0 to 164
[  194.213795][T12516] loop3: detected capacity change from 0 to 1024
[  194.224356][T12516] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  194.230427][T12488] delete_channel: no stack
[  194.260672][T12519] loop4: detected capacity change from 0 to 512
[  194.267511][T12516] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.283015][T12519] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  194.297806][T12519] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2849: iget: bad i_size value: -6917529027641081756
[  194.314968][T12519] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2849: couldn't read orphan inode 17 (err -117)
[  194.327893][T12519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.339545][T12525] loop0: detected capacity change from 0 to 164
[  194.351279][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.356511][T12527] loop1: detected capacity change from 0 to 1024
[  194.377752][T12527] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  194.387823][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.400453][T12527] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.437574][T12531] FAULT_INJECTION: forcing a failure.
[  194.437574][T12531] name failslab, interval 1, probability 0, space 0, times 0
[  194.450843][T12531] CPU: 1 UID: 0 PID: 12531 Comm: syz.3.2852 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  194.461622][T12531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  194.471671][T12531] Call Trace:
[  194.474947][T12531]  <TASK>
[  194.477879][T12531]  dump_stack_lvl+0xf2/0x150
[  194.482477][T12531]  dump_stack+0x15/0x20
[  194.486639][T12531]  should_fail_ex+0x229/0x230
[  194.491381][T12531]  ? kstrdup_const+0x3e/0x50
[  194.495991][T12531]  should_failslab+0x8f/0xb0
[  194.500714][T12531]  __kmalloc_node_track_caller_noprof+0xa6/0x380
[  194.507075][T12531]  kstrdup+0x3a/0x80
[  194.510971][T12531]  kstrdup_const+0x3e/0x50
[  194.515389][T12531]  alloc_vfsmnt+0xa9/0x300
[  194.519886][T12531]  clone_mnt+0x45/0x7a0
[  194.524120][T12531]  copy_tree+0x2df/0x7f0
[  194.528434][T12531]  copy_mnt_ns+0x11e/0x5c0
[  194.532855][T12531]  ? create_new_namespaces+0x3c/0x430
[  194.538304][T12531]  ? kmem_cache_alloc_noprof+0x1a6/0x290
[  194.543988][T12531]  create_new_namespaces+0x89/0x430
[  194.549248][T12531]  unshare_nsproxy_namespaces+0xe6/0x120
[  194.554926][T12531]  ksys_unshare+0x3da/0x720
[  194.559439][T12531]  __x64_sys_unshare+0x1f/0x30
[  194.564230][T12531]  x64_sys_call+0x2c8d/0x2d60
[  194.568922][T12531]  do_syscall_64+0xc9/0x1c0
[  194.573425][T12531]  ? clear_bhb_loop+0x55/0xb0
[  194.578107][T12531]  ? clear_bhb_loop+0x55/0xb0
[  194.582802][T12531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.588726][T12531] RIP: 0033:0x7fb6a9e4def9
[  194.593150][T12531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.612758][T12531] RSP: 002b:00007fb6a8ac7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  194.621165][T12531] RAX: ffffffffffffffda RBX: 00007fb6aa005f80 RCX: 00007fb6a9e4def9
[  194.629136][T12531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400
[  194.637136][T12531] RBP: 00007fb6a8ac7090 R08: 0000000000000000 R09: 0000000000000000
[  194.645282][T12531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  194.653250][T12531] R13: 0000000000000000 R14: 00007fb6aa005f80 R15: 00007fff2fdf8ed8
[  194.661277][T12531]  </TASK>
[  194.684699][T12533] delete_channel: no stack
[  195.201411][T12555] __nla_validate_parse: 8 callbacks suppressed
[  195.201450][T12555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2858'.
[  195.228078][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.235295][T12555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2858'.
[  195.257909][T12560] futex_wake_op: syz.0.2861 tries to shift op by 144; fix this program
[  195.272910][T12555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2858'.
[  195.307633][T12566] loop4: detected capacity change from 0 to 512
[  195.307767][T12569] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2862'.
[  195.325997][T12566] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  195.330353][T12569] vlan2: entered promiscuous mode
[  195.340142][T12569] macvlan1: entered promiscuous mode
[  195.347260][T12569] macvlan1: left promiscuous mode
[  195.356361][T12566] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2863: iget: bad i_size value: -6917529027641081756
[  195.369823][T12566] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2863: couldn't read orphan inode 17 (err -117)
[  195.389516][T12566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.405398][   T29] kauditd_printk_skb: 6768 callbacks suppressed
[  195.405410][   T29] audit: type=1326 audit(1726073412.917:17186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.424773][T12566] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2863'.
[  195.441696][T12574] loop0: detected capacity change from 0 to 164
[  195.455756][   T29] audit: type=1326 audit(1726073412.917:17187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.479558][   T29] audit: type=1326 audit(1726073412.917:17188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.503384][   T29] audit: type=1326 audit(1726073412.917:17189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.527003][   T29] audit: type=1326 audit(1726073412.917:17190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.550605][   T29] audit: type=1326 audit(1726073412.917:17191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.574256][   T29] audit: type=1326 audit(1726073412.917:17192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.597877][   T29] audit: type=1326 audit(1726073412.917:17193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.621439][   T29] audit: type=1326 audit(1726073412.917:17194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.645035][   T29] audit: type=1326 audit(1726073412.917:17195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12565 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66e2bdef9 code=0x7ffc0000
[  195.669248][ T3265] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.798924][T12576] loop4: detected capacity change from 0 to 1024
[  195.810135][T12576] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  195.833843][T12576] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.982713][T12552] delete_channel: no stack
[  196.191017][T12590] Cannot find del_set index 0 as target
[  196.225281][T12588] loop2: detected capacity change from 0 to 2048
[  196.238806][T12588] EXT4-fs: Ignoring removed orlov option
[  196.285503][T12594] Cannot find del_set index 0 as target
[  196.302765][ T4463] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  196.332313][T12598] loop0: detected capacity change from 0 to 1764
[  196.334690][ T4463] EXT4-fs (loop2): Remounting filesystem read-only
[  196.398771][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2874'.
[  196.427328][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2874'.
[  196.472393][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2874'.
[  196.509480][T12614] loop3: detected capacity change from 0 to 512
[  196.519330][T12614] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  196.539640][T12614] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2877: iget: bad i_size value: -6917529027641081756
[  196.554765][T12614] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2877: couldn't read orphan inode 17 (err -117)
[  196.594633][T12603] delete_channel: no stack
[  196.660773][T12631] loop3: detected capacity change from 0 to 512
[  196.667865][T12631] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  196.684562][T12631] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2883: iget: bad i_size value: -6917529027641081756
[  196.697934][T12631] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2883: couldn't read orphan inode 17 (err -117)
[  196.725397][T12631] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2883'.
[  196.774162][ T3262] bridge0: port 3(syz_tun) entered disabled state
[  196.787801][ T3262] syz_tun (unregistering): left allmulticast mode
[  196.794388][ T3262] syz_tun (unregistering): left promiscuous mode
[  196.800758][ T3262] bridge0: port 3(syz_tun) entered disabled state
[  196.864830][T12636] gre0 speed is unknown, defaulting to 1000
[  196.935294][T12636] chnl_net:caif_netlink_parms(): no params data found
[  196.966668][T12636] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.973832][T12636] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.980925][T12636] bridge_slave_0: entered allmulticast mode
[  196.987289][T12636] bridge_slave_0: entered promiscuous mode
[  196.994177][T12636] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.001220][T12636] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.008411][T12636] bridge_slave_1: entered allmulticast mode
[  197.014955][T12636] bridge_slave_1: entered promiscuous mode
[  197.031762][T12636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  197.042657][T12636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.061534][T12636] team0: Port device team_slave_0 added
[  197.069934][T12636] team0: Port device team_slave_1 added
[  197.083816][ T4467] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  197.094104][ T4467] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.110587][T12636] batman_adv: batadv0: Adding interface: batadv_slave_0
[  197.117593][T12636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.144411][T12636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  197.155759][T12636] batman_adv: batadv0: Adding interface: batadv_slave_1
[  197.162677][T12636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.189270][T12636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  197.202827][ T4467] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  197.213259][ T4467] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.237612][T12636] hsr_slave_0: entered promiscuous mode
[  197.244582][T12636] hsr_slave_1: entered promiscuous mode
[  197.250458][T12636] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  197.259354][T12636] Cannot create hsr debugfs directory
[  197.266859][T12651] Invalid ELF header magic: != ELF
[  197.267661][ T4467] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  197.282379][ T4467] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.293907][T12653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2886'.
[  197.356522][ T4467] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  197.366853][ T4467] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.415389][T12621] delete_channel: no stack
[  197.439837][ T4467] erspan0: left allmulticast mode
[  197.444956][ T4467] erspan0: left promiscuous mode
[  197.450028][ T4467] bridge0: port 4(erspan0) entered disabled state
[  197.458052][ T4467] bridge_slave_1: left allmulticast mode
[  197.463797][ T4467] bridge_slave_1: left promiscuous mode
[  197.469538][ T4467] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.494666][ T4467] bridge_slave_0: left allmulticast mode
[  197.500362][ T4467] bridge_slave_0: left promiscuous mode
[  197.505330][T12661] loop0: detected capacity change from 0 to 512
[  197.506152][ T4467] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.526357][T12661] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.560017][T12670] futex_wake_op: syz.0.2892 tries to shift op by 144; fix this program
[  197.615733][T12677] futex_wake_op: syz.0.2893 tries to shift op by 144; fix this program
[  197.631258][T12680] loop4: detected capacity change from 0 to 512
[  197.646339][T12680] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  197.668943][T12680] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2894: iget: bad i_size value: -6917529027641081756
[  197.686923][T12680] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2894: couldn't read orphan inode 17 (err -117)
[  197.701174][ T4467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  197.717547][ T4467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  197.735816][ T4467] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  197.755016][ T4467] bond0 (unregistering): Released all slaves
[  197.765040][ T4467] bond1 (unregistering): Released all slaves
[  197.933316][ T4467] hsr_slave_0: left promiscuous mode
[  197.939035][ T4467] hsr_slave_1: left promiscuous mode
[  197.945131][ T4467] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  197.952590][ T4467] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.960455][ T4467] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  197.969065][ T4467] batman_adv: batadv0: Removing interface: batadv_slave_1
[  197.977880][ T4467] veth1_macvtap: left promiscuous mode
[  197.983451][ T4467] veth0_macvtap: left promiscuous mode
[  197.989042][ T4467] veth1_vlan: left promiscuous mode
[  197.994295][ T4467] veth0_vlan: left promiscuous mode
[  198.069459][ T4467] team0 (unregistering): Port device team_slave_1 removed
[  198.079326][ T4467] team0 (unregistering): Port device team_slave_0 removed
[  198.116267][T12702] lo: entered allmulticast mode
[  198.136638][T12706] futex_wake_op: syz.1.2903 tries to shift op by 144; fix this program
[  198.158935][T12708] tipc: Can't bind to reserved service type 0
[  198.238004][T12715] loop2: detected capacity change from 0 to 164
[  198.246526][T12715] bio_check_eod: 70068 callbacks suppressed
[  198.246535][T12715] syz.2.2907: attempt to access beyond end of device
[  198.246535][T12715] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  198.267498][T12715] syz.2.2907: attempt to access beyond end of device
[  198.267498][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.281727][T12715] syz.2.2907: attempt to access beyond end of device
[  198.281727][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.296011][T12715] syz.2.2907: attempt to access beyond end of device
[  198.296011][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.310090][T12715] syz.2.2907: attempt to access beyond end of device
[  198.310090][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.323538][T12715] syz.2.2907: attempt to access beyond end of device
[  198.323538][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.326725][T12636] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  198.336964][T12715] syz.2.2907: attempt to access beyond end of device
[  198.336964][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.357122][T12715] syz.2.2907: attempt to access beyond end of device
[  198.357122][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.364573][T12636] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  198.371694][T12715] syz.2.2907: attempt to access beyond end of device
[  198.371694][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.390753][T12715] syz.2.2907: attempt to access beyond end of device
[  198.390753][T12715] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  198.392408][T12636] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  198.416457][T12636] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  198.427115][T12713] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  198.443598][T12713] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  198.480154][ T4467] IPVS: stop unused estimator thread 0...
[  198.487892][T12636] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.509974][T12636] 8021q: adding VLAN 0 to HW filter on device team0
[  198.520677][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.527826][ T4461] bridge0: port 1(bridge_slave_0) entered forwarding state
[  198.547545][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.554634][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.579844][T12719] loop1: detected capacity change from 0 to 512
[  198.597084][T12719] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  198.647032][T12719] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.2908: iget: bad i_size value: -6917529027641081756
[  198.701758][T12636] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.708809][T12719] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2908: couldn't read orphan inode 17 (err -117)
[  198.744486][T12739] netlink: zone id is out of range
[  198.766404][T12739] netlink: del zone limit has 4 unknown bytes
[  198.821897][T12743] loop4: detected capacity change from 0 to 1024
[  198.826142][T12746] loop1: detected capacity change from 0 to 512
[  198.832747][T12743] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  198.857099][T12743] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  198.861203][T12749] loop0: detected capacity change from 0 to 512
[  198.874474][T12743] EXT4-fs (loop4): too many log groups per flexible block group
[  198.877583][T12746] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  198.882121][T12743] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  198.901028][T12749] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[  198.903630][T12743] EXT4-fs (loop4): mount failed
[  198.942348][T12636] veth0_vlan: entered promiscuous mode
[  198.958540][T12636] veth1_vlan: entered promiscuous mode
[  198.988799][T12636] veth0_macvtap: entered promiscuous mode
[  198.997010][T12749] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002]
[  199.008587][T12749] System zones: 1-12
[  199.012726][T12749] EXT4-fs (loop0): orphan cleanup on readonly fs
[  199.023148][T12636] veth1_macvtap: entered promiscuous mode
[  199.040238][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.050705][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.060539][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.070076][T12759] loop4: detected capacity change from 0 to 512
[  199.071022][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.087116][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.088456][T12749] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.2917: Inode bitmap for bg 0 marked uninitialized
[  199.097595][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.097610][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.130566][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.161045][T12749] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 5: comm syz.0.2917: lblock 0 mapped to illegal pblock 5 (length 1)
[  199.177094][T12749] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.2917: error -117 reading directory block
[  199.204910][T12636] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.212295][T12759] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  199.212421][T12749] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 5: comm syz.0.2917: lblock 0 mapped to illegal pblock 5 (length 1)
[  199.236384][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.238215][T12759] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2918: iget: bad i_size value: -6917529027641081756
[  199.246810][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.246820][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.246832][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.246845][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.265420][T12759] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2918: couldn't read orphan inode 17 (err -117)
[  199.270052][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.283287][T12749] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.2917: error -117 reading directory block
[  199.290116][T12636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.345210][T12636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.355805][T12636] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.367846][T12636] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.376698][T12636] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.385423][T12636] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.394166][T12636] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.450690][T12773] FAULT_INJECTION: forcing a failure.
[  199.450690][T12773] name failslab, interval 1, probability 0, space 0, times 0
[  199.463445][T12773] CPU: 0 UID: 0 PID: 12773 Comm: syz.0.2923 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  199.474288][T12773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  199.484463][T12773] Call Trace:
[  199.487737][T12773]  <TASK>
[  199.490665][T12773]  dump_stack_lvl+0xf2/0x150
[  199.495289][T12773]  dump_stack+0x15/0x20
[  199.499443][T12773]  should_fail_ex+0x229/0x230
[  199.504129][T12773]  ? alloc_empty_file+0xd0/0x310
[  199.509095][T12773]  should_failslab+0x8f/0xb0
[  199.513705][T12773]  kmem_cache_alloc_noprof+0x4c/0x290
[  199.519157][T12773]  alloc_empty_file+0xd0/0x310
[  199.524028][T12773]  alloc_file_pseudo+0xc3/0x140
[  199.528871][T12773]  __shmem_file_setup+0x1bb/0x1f0
[  199.533901][T12773]  shmem_file_setup+0x3b/0x50
[  199.538687][T12773]  __se_sys_memfd_create+0x31d/0x600
[  199.544035][T12773]  __x64_sys_memfd_create+0x31/0x40
[  199.549240][T12773]  x64_sys_call+0x2891/0x2d60
[  199.554005][T12773]  do_syscall_64+0xc9/0x1c0
[  199.558509][T12773]  ? clear_bhb_loop+0x55/0xb0
[  199.563269][T12773]  ? clear_bhb_loop+0x55/0xb0
[  199.565521][T12775] loop3: detected capacity change from 0 to 2048
[  199.567938][T12773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.579560][T12775] EXT4-fs: Ignoring removed orlov option
[  199.580116][T12773] RIP: 0033:0x7f373b6bdef9
[  199.590207][T12773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.610251][T12773] RSP: 002b:00007f373a330e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  199.618736][T12773] RAX: ffffffffffffffda RBX: 000000000000044a RCX: 00007f373b6bdef9
[  199.626806][T12773] RDX: 00007f373a330ef0 RSI: 0000000000000000 RDI: 00007f373b7311e9
[  199.634939][T12773] RBP: 0000000020000400 R08: 00007f373a330bb7 R09: 00007f373a330e40
[  199.642902][T12773] R10: 000000000000000a R11: 0000000000000202 R12: 00000000200001c0
[  199.650862][T12773] R13: 00007f373a330ef0 R14: 00007f373a330eb0 R15: 0000000020000a40
[  199.658827][T12773]  </TASK>
[  199.750860][T12781] loop0: detected capacity change from 0 to 512
[  199.777878][T12781] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  199.816499][T12786] FAULT_INJECTION: forcing a failure.
[  199.816499][T12786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.829744][T12786] CPU: 1 UID: 0 PID: 12786 Comm: syz.1.2926 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  199.840506][T12786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  199.850560][T12786] Call Trace:
[  199.853877][T12786]  <TASK>
[  199.856901][T12786]  dump_stack_lvl+0xf2/0x150
[  199.861494][T12786]  dump_stack+0x15/0x20
[  199.865648][T12786]  should_fail_ex+0x229/0x230
[  199.870348][T12786]  should_fail+0xb/0x10
[  199.874561][T12786]  should_fail_usercopy+0x1a/0x20
[  199.879659][T12786]  _copy_from_iter+0xd3/0xb00
[  199.884340][T12786]  ? __virt_addr_valid+0x1ed/0x250
[  199.889457][T12786]  ? __check_object_size+0x35b/0x510
[  199.894785][T12786]  memcpy_from_msg+0x39/0x80
[  199.899418][T12786]  dgram_sendmsg+0x4b4/0x720
[  199.904093][T12786]  ? __pfx_ieee802154_sock_sendmsg+0x10/0x10
[  199.910140][T12786]  ieee802154_sock_sendmsg+0x4e/0x60
[  199.915436][T12786]  __sock_sendmsg+0x140/0x180
[  199.920163][T12786]  __sys_sendto+0x1e5/0x260
[  199.924701][T12786]  __x64_sys_sendto+0x78/0x90
[  199.929384][T12786]  x64_sys_call+0x2959/0x2d60
[  199.934074][T12786]  do_syscall_64+0xc9/0x1c0
[  199.938587][T12786]  ? clear_bhb_loop+0x55/0xb0
[  199.943281][T12786]  ? clear_bhb_loop+0x55/0xb0
[  199.947954][T12786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.953925][T12786] RIP: 0033:0x7fb09b8dfd8c
[  199.958333][T12786] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b
[  199.977942][T12786] RSP: 002b:00007fb09a555ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  199.986441][T12786] RAX: ffffffffffffffda RBX: 00007fb09a555fc0 RCX: 00007fb09b8dfd8c
[  199.994440][T12786] RDX: 0000000000000024 RSI: 00007fb09a556010 RDI: 0000000000000004
[  200.002418][T12786] RBP: 0000000000000000 R08: 00007fb09a555f14 R09: 000000000000000c
[  200.010384][T12786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  200.018356][T12786] R13: 00007fb09a555f68 R14: 00007fb09a556010 R15: 0000000000000000
[  200.026414][T12786]  </TASK>
[  200.049887][T12781] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #17: comm syz.0.2925: iget: bad i_size value: -6917529027641081756
[  200.071407][T12789] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  200.077876][T12781] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2925: couldn't read orphan inode 17 (err -117)
[  200.089438][T12789] EXT4-fs (loop3): Remounting filesystem read-only
[  200.100702][T12795] loop2: detected capacity change from 0 to 164
[  200.120201][T12793] loop4: detected capacity change from 0 to 1024
[  200.133053][T12796] loop1: detected capacity change from 0 to 1024
[  200.140395][T12793] EXT4-fs: Ignoring removed orlov option
[  200.146148][T12793] EXT4-fs: Ignoring removed nomblk_io_submit option
[  200.163870][T12796] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  200.263062][T12808] Invalid ELF header magic: != ELF
[  200.303893][T12811] loop0: detected capacity change from 0 to 512
[  200.315473][T12811] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.317556][T12813] loop3: detected capacity change from 0 to 764
[  200.428632][T12813] FAULT_INJECTION: forcing a failure.
[  200.428632][T12813] name failslab, interval 1, probability 0, space 0, times 0
[  200.441339][T12813] CPU: 0 UID: 0 PID: 12813 Comm: syz.3.2933 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  200.452200][T12813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  200.462385][T12813] Call Trace:
[  200.465666][T12813]  <TASK>
[  200.468595][T12813]  dump_stack_lvl+0xf2/0x150
[  200.473219][T12813]  dump_stack+0x15/0x20
[  200.477374][T12813]  should_fail_ex+0x229/0x230
[  200.482121][T12813]  ? alloc_empty_file+0xd0/0x310
[  200.487136][T12813]  should_failslab+0x8f/0xb0
[  200.491813][T12813]  kmem_cache_alloc_noprof+0x4c/0x290
[  200.497193][T12813]  ? mntput+0x49/0x70
[  200.501194][T12813]  alloc_empty_file+0xd0/0x310
[  200.505964][T12813]  path_openat+0x6a/0x1f10
[  200.510872][T12813]  ? _parse_integer_limit+0x167/0x180
[  200.516250][T12813]  ? _parse_integer+0x27/0x30
[  200.520959][T12813]  ? kstrtoull+0x110/0x140
[  200.525406][T12813]  ? kstrtouint+0x77/0xc0
[  200.529742][T12813]  do_filp_open+0xf7/0x200
[  200.534171][T12813]  do_sys_openat2+0xab/0x120
[  200.538766][T12813]  __x64_sys_openat+0xf3/0x120
[  200.543578][T12813]  x64_sys_call+0x1025/0x2d60
[  200.548259][T12813]  do_syscall_64+0xc9/0x1c0
[  200.552765][T12813]  ? clear_bhb_loop+0x55/0xb0
[  200.557496][T12813]  ? clear_bhb_loop+0x55/0xb0
[  200.562178][T12813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.568109][T12813] RIP: 0033:0x7f67b652def9
[  200.572526][T12813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.592223][T12813] RSP: 002b:00007f67b51a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  200.600634][T12813] RAX: ffffffffffffffda RBX: 00007f67b66e5f80 RCX: 00007f67b652def9
[  200.608642][T12813] RDX: 0000000000002040 RSI: 0000000020000080 RDI: ffffffffffffff9c
[  200.616611][T12813] RBP: 00007f67b51a7090 R08: 0000000000000000 R09: 0000000000000000
[  200.624576][T12813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.632612][T12813] R13: 0000000000000000 R14: 00007f67b66e5f80 R15: 00007fff9f30a318
[  200.640671][T12813]  </TASK>
[  200.762212][   T29] kauditd_printk_skb: 353 callbacks suppressed
[  200.762227][   T29] audit: type=1326 audit(1726073418.267:17549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.804134][   T29] audit: type=1326 audit(1726073418.267:17550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.829028][   T29] audit: type=1326 audit(1726073418.267:17551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.852671][   T29] audit: type=1326 audit(1726073418.277:17552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.877328][   T29] audit: type=1326 audit(1726073418.277:17553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.900972][   T29] audit: type=1326 audit(1726073418.277:17554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.925636][   T29] audit: type=1326 audit(1726073418.277:17555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.949300][   T29] audit: type=1326 audit(1726073418.277:17556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.974144][   T29] audit: type=1326 audit(1726073418.277:17557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  200.997823][   T29] audit: type=1326 audit(1726073418.277:17558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12821 comm="syz.3.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  201.104777][T12833] loop3: detected capacity change from 0 to 512
[  201.119989][T12833] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  201.122739][T12835] loop4: detected capacity change from 0 to 2048
[  201.138558][T12835] EXT4-fs: Ignoring removed orlov option
[  201.155587][T12833] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2941: iget: bad i_size value: -6917529027641081756
[  201.171609][T12833] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2941: couldn't read orphan inode 17 (err -117)
[  201.221646][T12840] loop2: detected capacity change from 0 to 164
[  201.352377][T12842] loop0: detected capacity change from 0 to 1024
[  201.369712][T12842] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  201.684891][T12855] loop3: detected capacity change from 0 to 1024
[  201.708852][T12855] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  201.721434][T12850] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  201.743953][T12850] EXT4-fs (loop4): Remounting filesystem read-only
[  201.942904][T12863] futex_wake_op: syz.4.2947 tries to shift op by 144; fix this program
[  201.993656][T12865] loop4: detected capacity change from 0 to 128
[  202.008124][T12865] EXT4-fs: Ignoring removed nobh option
[  202.050824][T12865] ext4 filesystem being mounted at /582/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  202.064421][T12870] loop1: detected capacity change from 0 to 128
[  202.076306][T12870] EXT4-fs: Ignoring removed nobh option
[  202.096660][T12870] ext4 filesystem being mounted at /169/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  202.102889][T12872] loop2: detected capacity change from 0 to 1024
[  202.114045][T12872] EXT4-fs: Ignoring removed orlov option
[  202.119768][T12872] EXT4-fs: Ignoring removed nomblk_io_submit option
[  202.127148][T12875] loop0: detected capacity change from 0 to 512
[  202.135311][T12865] FAULT_INJECTION: forcing a failure.
[  202.135311][T12865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.148384][T12865] CPU: 1 UID: 0 PID: 12865 Comm: syz.4.2948 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  202.159198][T12865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  202.169288][T12865] Call Trace:
[  202.172566][T12865]  <TASK>
[  202.175492][T12865]  dump_stack_lvl+0xf2/0x150
[  202.180091][T12865]  dump_stack+0x15/0x20
[  202.184252][T12865]  should_fail_ex+0x229/0x230
[  202.188934][T12865]  should_fail+0xb/0x10
[  202.193100][T12865]  should_fail_usercopy+0x1a/0x20
[  202.198139][T12865]  _copy_from_user+0x1e/0xd0
[  202.202745][T12865]  do_vfs_ioctl+0x4fd/0x1560
[  202.207346][T12865]  ? __fget_files+0x1da/0x210
[  202.212072][T12865]  __se_sys_ioctl+0x81/0x150
[  202.216662][T12865]  __x64_sys_ioctl+0x43/0x50
[  202.221259][T12865]  x64_sys_call+0x15cc/0x2d60
[  202.225956][T12865]  do_syscall_64+0xc9/0x1c0
[  202.230628][T12865]  ? clear_bhb_loop+0x55/0xb0
[  202.235307][T12865]  ? clear_bhb_loop+0x55/0xb0
[  202.239984][T12865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.245895][T12865] RIP: 0033:0x7fa66e2bdef9
[  202.250309][T12865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.269970][T12865] RSP: 002b:00007fa66cf37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.278391][T12865] RAX: ffffffffffffffda RBX: 00007fa66e475f80 RCX: 00007fa66e2bdef9
[  202.286420][T12865] RDX: 00000000200000c0 RSI: 00000000c020660b RDI: 0000000000000004
[  202.294405][T12865] RBP: 00007fa66cf37090 R08: 0000000000000000 R09: 0000000000000000
[  202.302428][T12865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.310481][T12865] R13: 0000000000000000 R14: 00007fa66e475f80 R15: 00007ffe25193d58
[  202.318460][T12865]  </TASK>
[  202.324102][T12875] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  202.353692][T12883] loop3: detected capacity change from 0 to 512
[  202.362666][T12884] __nla_validate_parse: 4 callbacks suppressed
[  202.362679][T12884] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2953'.
[  202.379663][T12884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.388941][T12883] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  202.406236][T12884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.416676][T12883] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2954: iget: bad i_size value: -6917529027641081756
[  202.429971][T12883] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2954: couldn't read orphan inode 17 (err -117)
[  203.352746][T12920] futex_wake_op: syz.3.2966 tries to shift op by 144; fix this program
[  203.375569][T12922] loop3: detected capacity change from 0 to 512
[  203.382455][T12922] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  203.395285][T12922] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.2967: iget: bad i_size value: -6917529027641081756
[  203.409137][T12922] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2967: couldn't read orphan inode 17 (err -117)
[  203.486245][T12931] loop3: detected capacity change from 0 to 1024
[  203.492863][T12931] EXT4-fs: Ignoring removed orlov option
[  203.499306][T12931] EXT4-fs: Ignoring removed nomblk_io_submit option
[  203.806739][T12936] loop2: detected capacity change from 0 to 512
[  203.825187][T12936] ext4 filesystem being mounted at /598/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  203.850241][T12903] delete_channel: no stack
[  203.942545][T12943] loop0: detected capacity change from 0 to 1024
[  203.949851][T12943] EXT4-fs: Ignoring removed orlov option
[  203.955561][T12943] EXT4-fs: Ignoring removed nomblk_io_submit option
[  204.043814][T12952] loop1: detected capacity change from 0 to 164
[  204.054490][T12952] bio_check_eod: 40957 callbacks suppressed
[  204.054505][T12952] syz.1.2975: attempt to access beyond end of device
[  204.054505][T12952] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  204.075561][T12952] syz.1.2975: attempt to access beyond end of device
[  204.075561][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.089302][T12952] syz.1.2975: attempt to access beyond end of device
[  204.089302][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.102831][T12952] syz.1.2975: attempt to access beyond end of device
[  204.102831][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.117231][T12952] syz.1.2975: attempt to access beyond end of device
[  204.117231][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.130714][T12952] syz.1.2975: attempt to access beyond end of device
[  204.130714][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.144781][T12952] syz.1.2975: attempt to access beyond end of device
[  204.144781][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.158306][T12952] syz.1.2975: attempt to access beyond end of device
[  204.158306][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.172149][T12952] syz.1.2975: attempt to access beyond end of device
[  204.172149][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.186496][T12952] syz.1.2975: attempt to access beyond end of device
[  204.186496][T12952] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  204.261384][T12958] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2976'.
[  205.056939][T13003] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2990'.
[  205.094654][T13009] loop3: detected capacity change from 0 to 164
[  205.315661][T13022] loop0: detected capacity change from 0 to 512
[  205.345289][T13022] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.2999: casefold flag without casefold feature
[  205.346159][T13011] loop1: detected capacity change from 0 to 1024
[  205.388132][T13022] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2999: couldn't read orphan inode 15 (err -117)
[  205.403591][T13011] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  205.533921][T13026] loop0: detected capacity change from 512 to 64
[  205.558061][T13028] EXT4-fs (loop0): discard request in group:0 block:42 count:1 failed with -5
[  205.586025][T13028] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: IO failure
[  205.602933][T13028] EXT4-fs (loop0): discard request in group:0 block:41 count:1 failed with -5
[  205.632483][T13028] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: IO failure
[  205.649488][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 255)
[  205.660783][T13028] Buffer I/O error on device loop0, logical block 255
[  205.668404][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 253)
[  205.680204][T13028] Buffer I/O error on device loop0, logical block 253
[  205.686970][T13028] Buffer I/O error on device loop0, logical block 254
[  205.694766][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 37)
[  205.706465][T13028] Buffer I/O error on device loop0, logical block 37
[  205.713138][T13028] Buffer I/O error on device loop0, logical block 38
[  205.717019][T12985] delete_channel: no stack
[  205.719790][T13028] Buffer I/O error on device loop0, logical block 39
[  205.719807][T13028] Buffer I/O error on device loop0, logical block 40
[  205.741637][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 249)
[  205.753243][T13028] Buffer I/O error on device loop0, logical block 249
[  205.760015][T13028] Buffer I/O error on device loop0, logical block 250
[  205.766830][T13028] Buffer I/O error on device loop0, logical block 251
[  205.774796][T13028] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 19 starting block 41)
[  205.978512][T13031] gre0 speed is unknown, defaulting to 1000
[  205.988829][T13041] FAULT_INJECTION: forcing a failure.
[  205.988829][T13041] name failslab, interval 1, probability 0, space 0, times 0
[  206.001482][T13041] CPU: 0 UID: 0 PID: 13041 Comm: syz.3.3001 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  206.012245][T13041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  206.022299][T13041] Call Trace:
[  206.025586][T13041]  <TASK>
[  206.028595][T13041]  dump_stack_lvl+0xf2/0x150
[  206.033205][T13041]  dump_stack+0x15/0x20
[  206.037364][T13041]  should_fail_ex+0x229/0x230
[  206.042044][T13041]  ? sctp_make_abort_user+0x176/0x500
[  206.047427][T13041]  should_failslab+0x8f/0xb0
[  206.052088][T13041]  __kmalloc_noprof+0xa5/0x370
[  206.056929][T13041]  ? _sctp_make_chunk+0x1f0/0x210
[  206.061997][T13041]  sctp_make_abort_user+0x176/0x500
[  206.067206][T13041]  sctp_sendmsg_check_sflags+0x17c/0x1d0
[  206.072893][T13041]  sctp_sendmsg+0x754/0x1920
[  206.077494][T13041]  ? __pfx_sctp_sendmsg+0x10/0x10
[  206.082522][T13041]  inet_sendmsg+0xc5/0xd0
[  206.086967][T13041]  __sock_sendmsg+0x102/0x180
[  206.091663][T13041]  ____sys_sendmsg+0x312/0x410
[  206.096432][T13041]  __sys_sendmmsg+0x269/0x500
[  206.101193][T13041]  __x64_sys_sendmmsg+0x57/0x70
[  206.106049][T13041]  x64_sys_call+0xa49/0x2d60
[  206.110688][T13041]  do_syscall_64+0xc9/0x1c0
[  206.115193][T13041]  ? clear_bhb_loop+0x55/0xb0
[  206.119867][T13041]  ? clear_bhb_loop+0x55/0xb0
[  206.124602][T13041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.130558][T13041] RIP: 0033:0x7f67b652def9
[  206.134991][T13041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.154746][T13041] RSP: 002b:00007f67b51a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  206.163161][T13041] RAX: ffffffffffffffda RBX: 00007f67b66e5f80 RCX: 00007f67b652def9
[  206.171126][T13041] RDX: 0000000000000001 RSI: 00000000200032c0 RDI: 0000000000000004
[  206.179084][T13041] RBP: 00007f67b51a7090 R08: 0000000000000000 R09: 0000000000000000
[  206.187042][T13041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.195002][T13041] R13: 0000000000000000 R14: 00007f67b66e5f80 R15: 00007fff9f30a318
[  206.203054][T13041]  </TASK>
[  206.213401][T13045] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3003'.
[  206.222983][T11040] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -12 reading directory block
[  206.247172][ T4461] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.258569][ T4461] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.288412][T13053] loop1: detected capacity change from 0 to 2048
[  206.302988][T13031] chnl_net:caif_netlink_parms(): no params data found
[  206.305190][T13053] EXT4-fs: Ignoring removed orlov option
[  206.312909][T13056] loop3: detected capacity change from 0 to 512
[  206.336706][T13056] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.357134][ T4461] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.367562][ T4461] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.378396][T13056] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  206.381862][T13065] loop1: detected capacity change from 0 to 164
[  206.426208][T13031] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.434658][T13031] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.445099][T13031] bridge_slave_0: entered allmulticast mode
[  206.452022][T13031] bridge_slave_0: entered promiscuous mode
[  206.473548][T13031] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.480699][T13031] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.488169][T13031] bridge_slave_1: entered allmulticast mode
[  206.494549][T13031] bridge_slave_1: entered promiscuous mode
[  206.503180][T13073] loop3: detected capacity change from 0 to 512
[  206.510989][T13073] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  206.511103][ T4461] team0: Port device netdevsim1 removed
[  206.527354][T13073] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3013: iget: bad i_size value: -6917529027641081756
[  206.527459][ T4461] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.545458][T13073] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3013: couldn't read orphan inode 17 (err -117)
[  206.550873][ T4461] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.586588][T13031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.597105][T13031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.602138][   T29] kauditd_printk_skb: 184 callbacks suppressed
[  206.602149][   T29] audit: type=1326 audit(1726073424.107:17743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.647961][   T29] audit: type=1326 audit(1726073424.157:17744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.649016][T13031] team0: Port device team_slave_0 added
[  206.672528][   T29] audit: type=1326 audit(1726073424.157:17745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.701718][   T29] audit: type=1326 audit(1726073424.157:17746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.705868][T13031] team0: Port device team_slave_1 added
[  206.726324][   T29] audit: type=1326 audit(1726073424.157:17747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.755622][   T29] audit: type=1326 audit(1726073424.157:17748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.779466][   T29] audit: type=1326 audit(1726073424.157:17749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.804058][   T29] audit: type=1326 audit(1726073424.157:17750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13072 comm="syz.3.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b652def9 code=0x7ffc0000
[  206.838790][ T4461] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.849093][ T4461] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.866626][T13031] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.873629][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.899598][T13031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.914046][T13031] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.921168][T13031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.947307][T13031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.965183][T13079] loop3: detected capacity change from 0 to 1024
[  206.971935][T13079] EXT4-fs: Ignoring removed orlov option
[  206.977627][T13079] EXT4-fs: Ignoring removed nomblk_io_submit option
[  207.147917][T13031] hsr_slave_0: entered promiscuous mode
[  207.165826][T13031] hsr_slave_1: entered promiscuous mode
[  207.197153][ T4461] bridge_slave_1: left allmulticast mode
[  207.202891][ T4461] bridge_slave_1: left promiscuous mode
[  207.208637][ T4461] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.246116][ T4461] bridge_slave_0: left allmulticast mode
[  207.251850][ T4461] bridge_slave_0: left promiscuous mode
[  207.258746][ T4461] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.271894][T13089] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3016'.
[  207.330526][ T4461] infiniband syz2: set down
[  207.363397][ T4467] smc: removing ib device syz2
[  207.387730][   T29] audit: type=1400 audit(1726073424.897:17751): avc:  denied  { mount } for  pid=13078 comm="syz.3.3014" name="/" dev="gadgetfs" ino=31562 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  207.394084][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.417675][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.425121][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.432491][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.439890][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.447376][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.454777][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.462224][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.469635][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.477403][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.484823][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.492272][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.499782][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.507188][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.514593][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.521985][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.529409][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.536808][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.544216][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.551612][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.559039][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.560069][T13092] loop1: detected capacity change from 0 to 1024
[  207.566475][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566500][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566564][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566588][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566610][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566646][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566670][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566692][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566715][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566752][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.566774][ T3339] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  207.568548][ T3339] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  207.577171][T13092] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  207.766209][ T4461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  207.777419][ T4461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  207.788192][ T4461] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  207.797703][ T4461] bond0 (unregistering): Released all slaves
[  207.819740][  T787] gre0 speed is unknown, defaulting to 1000
[  207.879230][   T29] audit: type=1400 audit(1726073425.387:17752): avc:  denied  { unmount } for  pid=12636 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  207.938812][T13102] loop3: detected capacity change from 0 to 1024
[  207.949521][T13102] EXT4-fs: Ignoring removed orlov option
[  207.955242][T13102] EXT4-fs: Ignoring removed nomblk_io_submit option
[  207.972924][T13104] loop4: detected capacity change from 0 to 2048
[  207.985807][ T4461] tipc: Left network mode
[  207.992624][T13104] EXT4-fs: Ignoring removed orlov option
[  208.009414][T13080] chnl_net:caif_netlink_parms(): no params data found
[  208.074334][ T4461] hsr_slave_0: left promiscuous mode
[  208.080910][ T4461] hsr_slave_1: left promiscuous mode
[  208.087085][ T4461] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.095228][ T4461] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.106088][ T4461] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.113642][ T4461] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.136495][ T4461] veth1_macvtap: left promiscuous mode
[  208.142049][ T4461] veth0_macvtap: left promiscuous mode
[  208.147711][ T4461] veth1_vlan: left promiscuous mode
[  208.153035][ T4461] veth0_vlan: left promiscuous mode
[  208.181220][T13122] loop1: detected capacity change from 0 to 512
[  208.197046][T13122] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  208.219025][T13122] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.3023: iget: bad i_size value: -6917529027641081756
[  208.234632][T13122] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3023: couldn't read orphan inode 17 (err -117)
[  208.273201][T13130] loop1: detected capacity change from 0 to 1024
[  208.280000][T13130] EXT4-fs: Ignoring removed orlov option
[  208.286134][T13130] EXT4-fs: Ignoring removed nomblk_io_submit option
[  208.323090][ T4461] team0 (unregistering): Port device team_slave_1 removed
[  208.340724][ T4461] team0 (unregistering): Port device team_slave_0 removed
[  208.386313][T13135] delete_channel: no stack
[  208.492093][T13080] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.499569][T13080] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.506822][T13080] bridge_slave_0: entered allmulticast mode
[  208.513344][T13080] bridge_slave_0: entered promiscuous mode
[  208.520275][T13080] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.527817][T13080] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.535057][T13080] bridge_slave_1: entered allmulticast mode
[  208.541480][T13080] bridge_slave_1: entered promiscuous mode
[  208.564356][T13080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.574794][T13080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.592819][T13080] team0: Port device team_slave_0 added
[  208.599395][T13080] team0: Port device team_slave_1 added
[  208.614433][T13080] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.621442][T13080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.647783][T13080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.658938][T13080] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.665885][T13080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.692194][T13080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.717386][T13080] hsr_slave_0: entered promiscuous mode
[  208.723516][T13080] hsr_slave_1: entered promiscuous mode
[  208.729457][T13080] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  208.737000][T13080] Cannot create hsr debugfs directory
[  208.772542][T13031] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  208.789432][T13031] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  208.799448][T13141] loop3: detected capacity change from 0 to 2048
[  208.807130][T13141] EXT4-fs: Ignoring removed orlov option
[  208.813151][T13031] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  208.829207][T13031] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  208.856650][T13080] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  208.866965][T13080] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.917377][T13080] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  208.928415][T13080] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.957776][T13031] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.975146][T13031] 8021q: adding VLAN 0 to HW filter on device team0
[  208.997206][T13080] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.007502][T13080] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.021218][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.028329][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.037311][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.044381][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.096782][T13080] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.101854][T13156] loop4: detected capacity change from 0 to 512
[  209.107128][T13080] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.126869][T13156] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  209.147929][T13031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  209.159175][T13156] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.3035: iget: bad i_size value: -6917529027641081756
[  209.180251][T13156] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3035: couldn't read orphan inode 17 (err -117)
[  209.192509][T13152] loop3: detected capacity change from 0 to 1024
[  209.202521][T13152] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  209.262111][T13031] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.269621][T13167] loop1: detected capacity change from 0 to 2048
[  209.285201][T13080] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  209.292236][T13167] EXT4-fs: Ignoring removed orlov option
[  209.308389][T13080] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  209.326096][T13080] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  209.342020][T13080] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  209.421991][T13186] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3042'.
[  209.422547][T13031] veth0_vlan: entered promiscuous mode
[  209.447245][T13080] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.456533][T13031] veth1_vlan: entered promiscuous mode
[  209.482087][T13031] veth0_macvtap: entered promiscuous mode
[  209.498962][T13080] 8021q: adding VLAN 0 to HW filter on device team0
[  209.510139][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.517231][ T4463] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.535156][T13031] veth1_macvtap: entered promiscuous mode
[  209.546598][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.553753][ T4463] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.584182][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.594637][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.604473][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.614893][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.624710][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.635301][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.645122][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.655553][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.666836][T13031] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.679857][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.690394][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.700249][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.710674][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.720547][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.731040][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.740847][T13031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.751263][T13031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.763001][T13031] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.777261][T13080] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  209.793939][T13031] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.802641][T13031] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.811503][T13031] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.820345][T13031] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.885030][T13080] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.895260][T13203] loop3: detected capacity change from 0 to 512
[  209.914903][T13203] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  209.937083][T13203] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3046: iget: bad i_size value: -6917529027641081756
[  209.960609][T13080] veth0_vlan: entered promiscuous mode
[  209.971196][T13080] veth1_vlan: entered promiscuous mode
[  209.989694][T13080] veth0_macvtap: entered promiscuous mode
[  209.997414][T13080] veth1_macvtap: entered promiscuous mode
[  210.007487][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.017989][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.027895][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.038443][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.048407][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.055214][T13203] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3046: couldn't read orphan inode 17 (err -117)
[  210.058838][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.080444][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.090951][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.100890][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.111388][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.126925][T13080] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.135432][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.145969][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.155814][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.166305][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.176280][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.186699][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.196687][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.207224][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.217068][T13080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.227515][T13080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.239652][T13080] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.270780][T13080] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.279547][T13080] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.288321][T13080] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.297106][T13080] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.328893][T13239] loop1: detected capacity change from 0 to 512
[  210.331456][T13240] loop3: detected capacity change from 0 to 2048
[  210.337125][T13239] journal_path: Lookup failure for './bus'
[  210.341986][T13240] EXT4-fs: Ignoring removed orlov option
[  210.347362][T13239] EXT4-fs: error: could not find journal device path
[  210.381966][T13193] delete_channel: no stack
[  210.423775][T13262] loop0: detected capacity change from 0 to 512
[  210.430583][T13262] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  210.469961][T13262] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #17: comm syz.0.3024: iget: bad i_size value: -6917529027641081756
[  210.508921][T13262] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3024: couldn't read orphan inode 17 (err -117)
[  210.579808][T13262] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3024'.
[  210.588873][T13289] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3057'.
[  210.711866][T13309] loop0: detected capacity change from 0 to 2048
[  210.720837][T13309] EXT4-fs: Ignoring removed orlov option
[  210.871329][ T4437] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  210.882339][ T4437] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.910812][T13272] chnl_net:caif_netlink_parms(): no params data found
[  210.956429][T13376] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3065'.
[  210.977526][ T4437] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  210.987853][ T4437] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.019719][T13272] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.027569][T13272] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.036296][T13383] loop2: detected capacity change from 0 to 512
[  211.036943][T13272] bridge_slave_0: entered allmulticast mode
[  211.048581][T13383] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  211.049661][T13272] bridge_slave_0: entered promiscuous mode
[  211.068684][ T4437] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  211.079034][ T4437] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.081247][T13383] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #17: comm syz.2.3067: iget: bad i_size value: -6917529027641081756
[  211.103566][T13272] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.104786][T13383] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.3067: couldn't read orphan inode 17 (err -117)
[  211.110701][T13272] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.130711][T13272] bridge_slave_1: entered allmulticast mode
[  211.137207][T13272] bridge_slave_1: entered promiscuous mode
[  211.154541][ T4437] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  211.164890][ T4437] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.176139][T13383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3067'.
[  211.192095][T13272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.209314][T13272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.230302][T13272] team0: Port device team_slave_0 added
[  211.240908][T13272] team0: Port device team_slave_1 added
[  211.262827][T13272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.270486][T13272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.275270][T13395] loop2: detected capacity change from 0 to 164
[  211.297032][T13272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.305524][T13395] bio_check_eod: 50636 callbacks suppressed
[  211.305537][T13395] syz.2.3071: attempt to access beyond end of device
[  211.305537][T13395] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  211.316811][T13272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  211.335774][T13395] syz.2.3071: attempt to access beyond end of device
[  211.335774][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.340608][T13272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.355402][T13395] syz.2.3071: attempt to access beyond end of device
[  211.355402][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.380560][T13272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.396225][T13395] syz.2.3071: attempt to access beyond end of device
[  211.396225][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.418285][T13395] syz.2.3071: attempt to access beyond end of device
[  211.418285][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.431731][T13395] syz.2.3071: attempt to access beyond end of device
[  211.431731][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.445267][T13395] syz.2.3071: attempt to access beyond end of device
[  211.445267][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.458890][T13395] syz.2.3071: attempt to access beyond end of device
[  211.458890][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.472610][T13395] syz.2.3071: attempt to access beyond end of device
[  211.472610][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.487007][T13395] syz.2.3071: attempt to access beyond end of device
[  211.487007][T13395] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  211.532745][ T4437] bridge_slave_1: left allmulticast mode
[  211.538421][ T4437] bridge_slave_1: left promiscuous mode
[  211.544105][ T4437] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.573340][ T4437] bridge_slave_0: left allmulticast mode
[  211.579030][ T4437] bridge_slave_0: left promiscuous mode
[  211.584705][ T4437] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.619840][T13399] futex_wake_op: syz.3.3073 tries to shift op by 144; fix this program
[  211.675005][ T3337] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4
[  211.682703][ T3337] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2
[  211.699510][ T3337] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x3
[  211.716841][ T3337] hid-generic 0000:3000000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  211.770252][T13370] delete_channel: no stack
[  211.798705][T13407] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3075'.
[  211.803536][T13403] loop3: detected capacity change from 0 to 512
[  211.817958][ T4437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  211.829476][ T4437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  211.843445][T13403] EXT4-fs: Ignoring removed nobh option
[  211.844602][T13409] loop1: detected capacity change from 0 to 512
[  211.856814][ T4437] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  211.867283][T13409] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  211.877219][ T4437] bond0 (unregistering): Released all slaves
[  211.887919][T13409] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #17: comm syz.1.3077: iget: bad i_size value: -6917529027641081756
[  211.907398][T13272] hsr_slave_0: entered promiscuous mode
[  211.914170][T13403] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  211.929740][T13272] hsr_slave_1: entered promiscuous mode
[  211.935696][T13272] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  211.944013][T13409] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3077: couldn't read orphan inode 17 (err -117)
[  211.957414][T13272] Cannot create hsr debugfs directory
[  211.962849][T13402] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3074'.
[  211.988799][   T29] kauditd_printk_skb: 85 callbacks suppressed
[  211.988810][   T29] audit: type=1400 audit(1726073429.467:17838): avc:  denied  { execute } for  pid=13401 comm="syz.3.3074" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  212.038770][ T4437] hsr_slave_0: left promiscuous mode
[  212.044947][ T4437] hsr_slave_1: left promiscuous mode
[  212.050424][   T29] audit: type=1326 audit(1726073429.547:17839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.073997][   T29] audit: type=1326 audit(1726073429.557:17840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.097596][   T29] audit: type=1326 audit(1726073429.557:17841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.124795][   T29] audit: type=1326 audit(1726073429.557:17842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.148695][   T29] audit: type=1326 audit(1726073429.557:17843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.172304][ T4437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  212.179783][ T4437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  212.195855][ T4437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  212.197376][   T29] audit: type=1326 audit(1726073429.567:17844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.203291][ T4437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  212.234117][   T29] audit: type=1326 audit(1726073429.567:17845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.257722][   T29] audit: type=1326 audit(1726073429.567:17846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.281359][   T29] audit: type=1326 audit(1726073429.567:17847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.1.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09b8ddef9 code=0x7ffc0000
[  212.306935][ T4437] veth1_macvtap: left promiscuous mode
[  212.307019][T13422] FAULT_INJECTION: forcing a failure.
[  212.307019][T13422] name failslab, interval 1, probability 0, space 0, times 0
[  212.312442][ T4437] veth0_macvtap: left promiscuous mode
[  212.324959][T13422] CPU: 0 UID: 0 PID: 13422 Comm: syz.2.3079 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  212.330511][ T4437] veth1_vlan: left promiscuous mode
[  212.341162][T13422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  212.341175][T13422] Call Trace:
[  212.341186][T13422]  <TASK>
[  212.346468][ T4437] veth0_vlan: left promiscuous mode
[  212.356374][T13422]  dump_stack_lvl+0xf2/0x150
[  212.372478][T13422]  dump_stack+0x15/0x20
[  212.376667][T13422]  should_fail_ex+0x229/0x230
[  212.381374][T13422]  ? nd_alloc_stack+0x4e/0x90
[  212.386110][T13422]  should_failslab+0x8f/0xb0
[  212.390740][T13422]  __kmalloc_cache_noprof+0x4b/0x2a0
[  212.396032][T13422]  nd_alloc_stack+0x4e/0x90
[  212.400623][T13422]  pick_link+0x745/0x7e0
[  212.404872][T13422]  ? __d_lookup+0x342/0x370
[  212.409384][T13422]  step_into+0x725/0x810
[  212.413739][T13422]  link_path_walk+0x54c/0x820
[  212.418445][T13422]  path_openat+0x1aa/0x1f10
[  212.423014][T13422]  ? terminate_walk+0x260/0x280
[  212.427885][T13422]  do_filp_open+0xf7/0x200
[  212.432361][T13422]  ? __pfx_shmem_put_link+0x10/0x10
[  212.437563][T13422]  ? __pfx_shmem_put_link+0x10/0x10
[  212.442768][T13422]  alloc_bprm+0xd5/0x760
[  212.447177][T13422]  ? __check_object_size+0x35b/0x510
[  212.452524][T13422]  do_execveat_common+0x134/0x800
[  212.457560][T13422]  __x64_sys_execve+0x5a/0x70
[  212.462242][T13422]  x64_sys_call+0x1277/0x2d60
[  212.466991][T13422]  do_syscall_64+0xc9/0x1c0
[  212.471498][T13422]  ? clear_bhb_loop+0x55/0xb0
[  212.476214][T13422]  ? clear_bhb_loop+0x55/0xb0
[  212.480936][T13422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.486868][T13422] RIP: 0033:0x7f2b317cdef9
[  212.491283][T13422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.510955][T13422] RSP: 002b:00007f2b30441038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  212.519352][T13422] RAX: ffffffffffffffda RBX: 00007f2b31985f80 RCX: 00007f2b317cdef9
[  212.527305][T13422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180
[  212.535345][T13422] RBP: 00007f2b30441090 R08: 0000000000000000 R09: 0000000000000000
[  212.543295][T13422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.551290][T13422] R13: 0000000000000000 R14: 00007f2b31985f80 R15: 00007ffef395b468
[  212.559273][T13422]  </TASK>
[  212.592547][T13432] loop2: detected capacity change from 0 to 512
[  212.607560][T13432] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  212.652262][ T4437] team0 (unregistering): Port device team_slave_1 removed
[  212.665588][ T4437] team0 (unregistering): Port device team_slave_0 removed
[  212.710174][T13409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3077'.
[  212.823176][T13443] loop3: detected capacity change from 0 to 1024
[  212.830305][T13443] EXT4-fs: Ignoring removed orlov option
[  212.836019][T13443] EXT4-fs: Ignoring removed nomblk_io_submit option
[  213.036196][T13272] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  213.044822][T13272] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  213.053667][T13272] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  213.061769][T13272] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  213.089311][ T4437] IPVS: stop unused estimator thread 0...
[  213.129315][T13272] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.141076][T13448] loop0: detected capacity change from 0 to 164
[  213.143678][T13272] 8021q: adding VLAN 0 to HW filter on device team0
[  213.157873][ T4460] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.164996][ T4460] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.176627][ T4439] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.183690][ T4439] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.202508][T13272] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  213.212965][T13272] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  213.279961][T13272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  213.409602][T13272] veth0_vlan: entered promiscuous mode
[  213.418593][T13272] veth1_vlan: entered promiscuous mode
[  213.436571][T13272] veth0_macvtap: entered promiscuous mode
[  213.445205][T13272] veth1_macvtap: entered promiscuous mode
[  213.455950][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.466449][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.476411][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.487213][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.497163][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.507666][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.517479][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.527910][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.537847][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.548312][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.565395][T13272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  213.575976][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.578540][T13466] futex_wake_op: syz.2.3089 tries to shift op by 144; fix this program
[  213.586491][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.604667][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.615226][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.625119][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.634523][T13436] delete_channel: no stack
[  213.635660][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.649758][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.660333][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.670197][T13272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.680819][T13272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.693147][T13272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  213.701714][T13272] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  213.710542][T13272] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  213.719380][T13272] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.720585][T13468] loop2: detected capacity change from 0 to 1024
[  213.728074][T13272] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  213.752948][T13468] EXT4-fs: Ignoring removed orlov option
[  213.758789][T13468] EXT4-fs: Ignoring removed nomblk_io_submit option
[  213.823820][T13481] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3094'.
[  213.851674][T13484] loop3: detected capacity change from 0 to 512
[  213.860036][T13484] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  213.879338][T13484] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3095: iget: bad i_size value: -6917529027641081756
[  213.906038][T13484] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3095: couldn't read orphan inode 17 (err -117)
[  213.950455][T13482] delete_channel: no stack
[  213.974970][T13484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3095'.
[  214.017913][T13493] futex_wake_op: syz.0.3097 tries to shift op by 144; fix this program
[  214.090134][T13499] loop0: detected capacity change from 0 to 512
[  214.109461][T13499] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  214.439900][T13522] loop3: detected capacity change from 0 to 512
[  214.446878][T13522] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  214.464458][T13522] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3108: iget: bad i_size value: -6917529027641081756
[  214.477883][T13522] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3108: couldn't read orphan inode 17 (err -117)
[  214.505181][T13522] __nla_validate_parse: 1 callbacks suppressed
[  214.505190][T13522] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3108'.
[  214.567997][T13530] loop3: detected capacity change from 0 to 2048
[  214.575085][T13530] EXT4-fs: Ignoring removed orlov option
[  214.802410][T13535] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  214.817361][T13535] EXT4-fs (loop3): Remounting filesystem read-only
[  214.908301][T13548] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3117'.
[  214.950328][T13553] loop3: detected capacity change from 0 to 512
[  214.958720][T13553] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  214.985484][T13539] delete_channel: no stack
[  214.990078][T13553] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.3120: iget: bad i_size value: -6917529027641081756
[  215.005669][T13503] delete_channel: no stack
[  215.011380][T13553] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3120: couldn't read orphan inode 17 (err -117)
[  215.041743][T13553] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3120'.
[  215.060364][T13554] loop1: detected capacity change from 0 to 1024
[  215.077920][T13554] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  215.095796][T13556] SELinux:  Context · is not valid (left unmapped).
[  215.145177][T13569] loop0: detected capacity change from 0 to 2048
[  215.151769][T13569] EXT4-fs: Ignoring removed orlov option
[  215.483575][T13575] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  215.525623][T13575] EXT4-fs (loop0): Remounting filesystem read-only
[  215.635866][T13586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3129'.
[  215.644806][T13586] netlink: 'syz.2.3129': attribute type 15 has an invalid length.
[  215.652736][T13586] netlink: 'syz.2.3129': attribute type 18 has an invalid length.
[  215.669309][T13586] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  215.670405][T13080] EXT4-fs unmount: 117 callbacks suppressed
[  215.670418][T13080] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.678037][T13586] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  215.701578][T13586] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  215.710372][T13586] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  215.721483][T13586] vxlan0: entered promiscuous mode
[  215.753569][T13592] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3130'.
[  215.762830][T13594] loop4: detected capacity change from 0 to 512
[  215.769985][T13594] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  215.797948][T13594] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.3133: iget: bad i_size value: -6917529027641081756
[  215.812891][T13596] loop0: detected capacity change from 0 to 1024
[  215.820506][T13594] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3133: couldn't read orphan inode 17 (err -117)
[  215.820715][T13596] EXT4-fs: Ignoring removed orlov option
[  215.838107][T13596] EXT4-fs: Ignoring removed nomblk_io_submit option
[  215.843793][T13594] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.858056][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.869354][T13596] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.886792][T13594] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3133'.
[  215.907417][T13272] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.917552][T13606] loop1: detected capacity change from 0 to 1024
[  215.925436][T13606] EXT4-fs: Ignoring removed orlov option
[  215.931195][T13606] EXT4-fs: Ignoring removed nomblk_io_submit option
[  215.947279][T13606] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.980796][T13080] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.072994][T13617] loop3: detected capacity change from 0 to 2048
[  216.080033][T13617] EXT4-fs: Ignoring removed orlov option
[  216.096615][T13617] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.216710][T13628] futex_wake_op: syz.4.3145 tries to shift op by 144; fix this program
[  216.301299][T13625] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  216.317493][T13625] EXT4-fs (loop3): Remounting filesystem read-only
[  216.358509][T13634] loop4: detected capacity change from 0 to 1024
[  216.368213][T13634] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  216.388114][T13634] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.406843][T12636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.419385][T13629] delete_channel: no stack
[  216.552850][T13634] ==================================================================
[  216.560971][T13634] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / writeback_single_inode
[  216.570199][T13634] 
[  216.572524][T13634] write to 0xffff8881064a5ce8 of 8 bytes by task 13646 on cpu 1:
[  216.580236][T13634]  writeback_single_inode+0x10e/0x4a0
[  216.585620][T13634]  sync_inode_metadata+0x5c/0x90
[  216.590571][T13634]  generic_buffers_fsync_noflush+0xe4/0x130
[  216.596479][T13634]  ext4_sync_file+0x20b/0x6c0
[  216.601157][T13634]  vfs_fsync_range+0x122/0x140
[  216.605929][T13634]  ext4_buffered_write_iter+0x338/0x380
[  216.610420][T13644] loop2: detected capacity change from 0 to 1024
[  216.611466][T13634]  ext4_file_write_iter+0x29f/0xe30
[  216.611488][T13634]  iter_file_splice_write+0x5e6/0x970
[  216.611520][T13634]  direct_splice_actor+0x16c/0x2c0
[  216.611538][T13634]  splice_direct_to_actor+0x305/0x670
[  216.611569][T13634]  do_splice_direct+0xd7/0x150
[  216.611599][T13634]  do_sendfile+0x3ab/0x950
[  216.611616][T13634]  __x64_sys_sendfile64+0x110/0x150
[  216.611644][T13634]  x64_sys_call+0xed5/0x2d60
[  216.611667][T13634]  do_syscall_64+0xc9/0x1c0
[  216.611684][T13634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.611713][T13634] 
[  216.611719][T13634] read to 0xffff8881064a5ce8 of 8 bytes by task 13634 on cpu 0:
[  216.611735][T13634]  generic_buffers_fsync_noflush+0x89/0x130
[  216.656318][T13644] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  216.657917][T13634]  ext4_sync_file+0x20b/0x6c0
[  216.657944][T13634]  vfs_fsync_range+0x122/0x140
[  216.657966][T13634]  ext4_buffered_write_iter+0x338/0x380
[  216.657985][T13634]  ext4_file_write_iter+0x29f/0xe30
[  216.658003][T13634]  iter_file_splice_write+0x5e6/0x970
[  216.658035][T13634]  direct_splice_actor+0x16c/0x2c0
[  216.723405][T13634]  splice_direct_to_actor+0x305/0x670
[  216.728792][T13634]  do_splice_direct+0xd7/0x150
[  216.733571][T13634]  do_sendfile+0x3ab/0x950
[  216.737985][T13634]  __x64_sys_sendfile64+0x110/0x150
[  216.743200][T13634]  x64_sys_call+0xed5/0x2d60
[  216.747795][T13634]  do_syscall_64+0xc9/0x1c0
[  216.752307][T13634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.758208][T13634] 
[  216.760523][T13634] value changed: 0x0000000000000007 -> 0x0000000000000080
[  216.767636][T13634] 
[  216.769962][T13634] Reported by Kernel Concurrency Sanitizer on:
[  216.776108][T13634] CPU: 0 UID: 0 PID: 13634 Comm: syz.4.3147 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  216.786872][T13634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  216.796928][T13634] ==================================================================
[  216.829565][T13644] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.921143][T10078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.156059][T13634] syz.4.3147 (13634) used greatest stack depth: 9560 bytes left
[  217.166233][T13272] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.375731][T13031] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.