last executing test programs:

1.995816182s ago: executing program 4 (id=1073):
syz_emit_ethernet(0x6e, &(0x7f0000000640)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @private0={0xfc, 0x0, '\x00', 0xfe}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x300, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x2b, 0x0, 0x4, 0x0, 0x20}]}}}}}}}, 0x0)

1.994683332s ago: executing program 4 (id=1074):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x6}, 0x50)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xa, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@map_fd={0x18, 0x2, 0x1, 0x0, r4}, @call={0x85, 0x0, 0x0, 0x1e}, @ldst={0x1, 0x0, 0x3, 0x5, 0x0, 0x4, 0x4}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8a9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0x0, 0xe, 0x8, 0x50, 0xffffffffffffffff}, @alu={0x4, 0x1, 0x1, 0xb, 0x4}]}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x49, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x5, 0xc, 0x1000, 0x6}, 0x10, 0x0, r2, 0x5, &(0x7f0000000300)=[r4, r0, r1], &(0x7f00000003c0)=[{0x1, 0x1, 0x5, 0xf}, {0x2, 0x5, 0xa}, {0x2, 0x1, 0x1, 0x4f2aa9e958ae7d5e}, {0x0, 0x1, 0x9, 0x9}, {0x3, 0x4, 0x10, 0xb}]}, 0x94)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x441, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = dup(r6)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000002c0)={'vcan0\x00', <r8=>0x0})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000500000000000000", @ANYRES32=0x1, @ANYBLOB='\t\x00'/20, @ANYRES32=r8, @ANYRES32=r7, @ANYBLOB="0400000005000000ef9e9bcca651923894776db33e3f985904000000"], 0x50)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1e, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r9}, 0x18)
r10 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
tgkill(r10, r10, 0x21)
r11 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r11, 0x10e, 0xc, &(0x7f0000000180)={0x80020000, 0x2, 0x0, 0x40040000}, 0x10)
sendmsg$nl_route(r11, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRES16=r11], 0x1c}, 0x1, 0x0, 0x0, 0x20016}, 0x400c009)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r12}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)

1.801533799s ago: executing program 1 (id=1080):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newqdisc={0x138, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "ac6f895c6f6df4beb1a179acc52ef553ca603f57e6c31fd11681d95616639a10cf22a31925ad2e9398e600603df6600af0468efc4b6ef300692eaef5955c0c4dfeb704ebf9d0f3563d37d553cad054de78e15ca2c4023bd8b12b3d02a8f9761972d6af4d172bd3180d774ce0dc0020bf2b8558c4b0e2d726b1e6d707709a15f2cb238eba7b84be12fe76d1555bb2c616a691475aa7a672902053373632a3e9434c4424712584a5e7eb792a7bfd6a9daab1cdbd92d2e6aca2f75ef82ccf2aab1bfc976ae99149dea58be89f792610fd8f4c1076e9f154d48e6b545ddf1d011bb8394f367a22b6b6162008108b6ae15e29520c526b45d890a5d2e59d66ed49ceb8"}]}}]}, 0x138}, 0x1, 0x0, 0x0, 0x40098}, 0x8044)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r9 = fsmount(0xffffffffffffffff, 0x0, 0x78)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r9, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x140f, 0x800, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'srp\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'cm\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x40}}, 0x4000)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
pipe(&(0x7f0000000300))
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
ioctl$TIOCNXCL(r1, 0x540d)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00'}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800718, &(0x7f0000000200)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x46f, &(0x7f0000001040)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==")
ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0)

1.649685443s ago: executing program 1 (id=1083):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)={0x28, 0x12, 0x1, 0x70bd29, 0x25dfdbff, "", [@nested={0x18, 0x0, 0x0, 0x0, [@typed={0xc, 0x133, 0x0, 0x0, @u64}, @typed={0x8, 0x41, 0x0, 0x0, @uid}]}]}, 0x28}], 0x1, 0x0, 0x0, 0x40000}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0x10, 0x0, 0x700, 0xfffffffc, [@sadb_key={0x6, 0x9, 0x162, 0x0, "000256465ea889b93b89aee5a49cb260e468052b613a1a766a14c935a2e3ff8ed4a997c045"}, @sadb_address={0x3, 0x6, 0x6c, 0x0, 0x0, @in={0x2, 0x1000, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x6, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e20, 0xccf, @loopback, 0x100}}]}, 0x80}, 0x1, 0x7}, 0x0)
r4 = gettid()
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = syz_io_uring_setup(0x1a7, &(0x7f0000000280)={0x0, 0xec1d, 0x1, 0x1, 0x40000333}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r6, 0x847ba, 0x2000, 0xe, 0x0, 0x0)
unshare(0x2040400)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x0, 0x8, 0x8146000000000000}, 0x0, &(0x7f0000000240)={0x1b, 0x3, 0x8000, 0x800, 0x1000000002, 0x2, 0x0, 0x6}, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={<r10=>0xffffffffffffffff}, 0x111, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ee, @empty, 0x1}, {0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0x37}, 0x108}, r10, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000f80)={0x1, 0x10, 0xfa00, {&(0x7f00000001c0), r10}}, 0x18)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r11 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000000fc0)={<r12=>0x0, 0x8, 0x1, [0xfff, 0xfffffffffffffff8, 0x1, 0x3a01, 0x3], [0xfffffffffffffffd, 0xffffffffffffffff, 0x2, 0xc, 0x2, 0xeb6, 0xc1, 0x0, 0xf, 0xe, 0x0, 0x8, 0x9, 0xffffffffffffffff, 0x4000, 0x29, 0x3, 0xbe5, 0x5, 0x8, 0x1, 0x8, 0xd5d, 0x546, 0x6, 0xf1, 0xffffffffffffffff, 0x6, 0x7, 0x8, 0x5, 0x4, 0x9, 0x7fffffffffffffff, 0x4, 0x400, 0xfffffffffffffff7, 0x6, 0x4, 0x7fff00000000000, 0x4, 0x7, 0x6, 0x7, 0x8000, 0x1cf, 0x7f, 0x6, 0x59e, 0x1, 0x6, 0x6, 0x2, 0x4, 0x0, 0x0, 0xa6, 0x7, 0x5, 0x7f, 0x1ff, 0xcf55, 0x6000000000000, 0x80000000, 0x2, 0x5, 0x4, 0x9, 0x4f, 0x3, 0x81, 0x3, 0xf3d1, 0x4, 0x7, 0x101, 0x5, 0x3, 0x3, 0x80, 0x0, 0x4, 0x5, 0xc1, 0xfffffffffffffff7, 0x3, 0x8001, 0x7, 0x8, 0x60000, 0xfff, 0xfffffffffffff169, 0x1, 0x7, 0x8, 0x0, 0xffffffffffffffff, 0x6, 0x10001, 0x7, 0x100000001, 0x2, 0x0, 0x2, 0x8000000000000000, 0x5, 0x63a, 0x1881, 0x5, 0x80000001, 0xd3af, 0x2, 0x62, 0x3, 0x3, 0x100000001, 0x1, 0x100, 0x7, 0x9, 0x22e]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r9, 0xc400941d, &(0x7f0000001400)={<r13=>0x0, 0x2, 0x1, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(r11, 0xc4009420, &(0x7f0000001800)={0x15, 0x4, {0x7, @usage=0x67, r12, 0x9, 0x4, 0x5, 0x9, 0x7f, 0x45, @struct={0x2}, 0x1, 0x7, [0x4, 0x79, 0x81, 0x6, 0xfffffffffffffffb, 0x8]}, {0x9e44, @usage=0x8, 0x0, 0x3, 0x7, 0x9, 0x3, 0x3, 0x4, @struct={0x8, 0xfff}, 0xd, 0x926b, [0xff, 0xfff, 0x201, 0x9, 0x0, 0xfffffffffffffffc]}, {0x3, @usage=0x6, r13, 0xfffffffffffff000, 0x2, 0x6a6, 0x6, 0x0, 0x10, @usage=0x7, 0x8, 0x5, [0x2, 0x8, 0x800, 0x3, 0x0, 0xc65c]}, {0x7fffffff, 0x8, 0x6}})

1.335720611s ago: executing program 0 (id=1087):
socket$phonet(0x23, 0x2, 0x1)
r0 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r0, 0x0, 0xd0a0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x2008098, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x1d3, &(0x7f00000004c0)="$eJzs3L1qFFEUB/CbGE2MJKQStPGijTaDprZQJIK4oKgrfoAwIRNddt0NO1PsisXWVj6HiDZ2gvgCeQu7IIRUqRzRzYeJIY26G8zv18yZ+TNwDgOX4Q7MyuXXz+uLebKYFmF0YiSMXgm9sD4SZsJo2NQLF94/WHt19+Gjm1crlbnxjcsxxukznx6/fHv2c3Hi/ofpj+NheebJyursl+WTy6dWvt17VstjLY/NVhHTON9qFel8I4sLtbyexHi7kaV5FmvNPGvvyBcbraWlbkybC1OTS+0sz2Pa7MZ61o1FKxbtbkyfprVmTJIkTk0G/kT1zXpZhtWyLMvxXijLctgNMWCe/+G2uajfiXEihK+9TrVT7R/7+fUblbmL8aeZ7bvWOp3qka38Uj+PO/OjYXIjn90zPxbOn+vnP7Jrtyq78uNh4d+PDwAAAAAA/6Ukbvl9f39k43TPvF/98n1g1/79WDg9NqAhAAAAgH3l3Rf1tNHI2getGAsHog2FYiDFu3Ag2tguhr0yAQAAf9v2S/+wOwEAAAAAAAAAAAAAAAAAAIDDaxC/Exv2jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+/keAAD///dtbTI=")
r3 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x2)
fallocate(r3, 0x0, 0x0, 0x1000f4)
sendfile(r3, r3, 0x0, 0x800000a1e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_EXP_DELETE(r3, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x1c, 0x2, 0x2, 0x101, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x23e41841}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x24040881)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})

1.134822799s ago: executing program 2 (id=1094):
r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @initdev}, &(0x7f0000000140)=0x10, 0x800)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000280)={'tunl0\x00', &(0x7f0000000700)={'syztnl2\x00', <r1=>0x0, 0x20, 0x8000, 0x4, 0x7, {{0x1c, 0x4, 0x0, 0x8, 0x70, 0x66, 0x0, 0xf8, 0x29, 0x0, @broadcast, @empty, {[@cipso={0x86, 0x5b, 0x3, [{0x5, 0x11, "07182a66263585d0a489959e890b50"}, {0x6, 0x3, '('}, {0x5, 0xf, "4e312cb223fe41b40da9c07ada"}, {0x1, 0x10, "31d1e96cac633f036381e339963d"}, {0x2, 0x11, "67c60e9d3bf6aa5eb1ce9a3ac897d9"}, {0x1, 0x9, "dea41d6aa541be"}, {0x0, 0x8, "fb24cd577465"}]}]}}}}})
fstat(0xffffffffffffffff, &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYRES8=r0], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
r5 = openat$vsock(0xffffffffffffff9c, 0x0, 0x40, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095", @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000006c0)='bcache_keyscan\x00', r2, 0x0, 0x589aa64}, 0x18)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xc, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', r1, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r6}, 0x10)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r7, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r7, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'pim6reg0\x00', 0x100}, 0x18)
syz_emit_ethernet(0x5e, &(0x7f0000000a80)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00283afffe800000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)
r8 = socket$isdn(0x22, 0x2, 0x10)
r9 = socket$isdn(0x22, 0x2, 0x2)
r10 = dup3(r9, r8, 0x0)
accept$packet(r10, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000cc0)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x89, '\x00', 0x0, 0x2}, 0x94)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1002}, 0x94)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={<r12=>0x0}, &(0x7f0000000440)=0xc)
ptrace$getregs(0xc, r12, 0x9, &(0x7f0000000480)=""/219)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r11}, 0x10)

1.064734465s ago: executing program 4 (id=1095):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n\x00\x00'], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000000)={[{@journal_path={'journal_path', 0x3d, './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")

1.002511741s ago: executing program 0 (id=1096):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc}, 0x44004)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket(0x2, 0x80805, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100", @ANYRES8], 0x54}, 0x1, 0x0, 0x0, 0x24068045}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}, 0x1, 0x0, 0x0, 0x20000050}, 0x0) (fail_nth: 2)

992.322502ms ago: executing program 4 (id=1097):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2082)
read(r1, &(0x7f0000000100)=""/140, 0xde)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f'], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0182101, &(0x7f00000004c0))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="d40000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000000c00028005000100000000000800074000000000040006803c000e802c000180140003"], 0xd4}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{r2}, &(0x7f0000000740), &(0x7f0000000780)='%-010d \x00'}, 0x20)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000200)='bridge0\x00')

979.396793ms ago: executing program 2 (id=1098):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x48801}, 0x0) (fail_nth: 3)

693.046008ms ago: executing program 2 (id=1100):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYRESHEX=r0], 0x7c}, 0x1, 0x0, 0x0, 0xc}, 0x44004)
r1 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x2)
r2 = dup(r1)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000280)={0x0, 0x5, 0x17, 0x4009, 0x0, 0x1, 0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080))
write$cgroup_int(r4, &(0x7f00000000c0), 0x12)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400})
sendmsg$nl_route_sched(r2, 0x0, 0x40)
r7 = perf_event_open$cgroup(&(0x7f0000000140)={0x0, 0x80, 0xa, 0x8e, 0x26, 0x1, 0x0, 0xffffffff, 0x8000, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x18b0c74f, 0x0, @perf_bp={&(0x7f0000000100), 0x2}, 0x180002, 0xda3, 0x10000, 0x3, 0x9d, 0xff, 0x6, 0x0, 0x3f800, 0x0, 0x80000000}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0)
r8 = timerfd_create(0x7, 0x0)
timerfd_settime(r8, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xfffffffffffffffb, r7, 0x2)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085006d28b5a4bba683bb0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa3)
socket(0x2, 0x80805, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100", @ANYRES8], 0x54}, 0x1, 0x0, 0x0, 0x24068055}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}, 0x1, 0x0, 0x0, 0x20000050}, 0x0)

692.199919ms ago: executing program 1 (id=1101):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = open(&(0x7f0000000480)='.\x00', 0x48800, 0x50)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r4, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)

691.981648ms ago: executing program 0 (id=1102):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010000000000fddbdf255400"], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)

668.67976ms ago: executing program 0 (id=1103):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r1, 0x1, 0x70bd27, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1b}]}]}, 0x28}}, 0x0)

609.593256ms ago: executing program 0 (id=1104):
r0 = socket$inet6(0xa, 0x2, 0x0)
close(0x3)
socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @empty, 0xfffffffe}, 0x1c, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000001"], 0x30}, 0x40c0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000002080)={0xf, {"a2e3ad214fc752f91b500e0f30f70e06d038e7ff7fc6e5539b3250078b089b3b08385d090890e0878f0e1ac6e7049b3d6d959bffe8d178708c523c921b1b5b31300d3b5d0736cd3b78130baa61d8e809fc889b0709b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f36243520a3c5f803541bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000045ef509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b906000000783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51015f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f761f13a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b6306006b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a99cc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000029566e78000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebbd633500", 0x1000}}, 0x1006)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x6, <r4=>0x0}, 0x8)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000500)=ANY=[@ANYRESOCT=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x32)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r6, 0x0, 0x40, &(0x7f0000000140)={'mangle\x00', 0x7003, [0xa, 0x8004000a, 0x41, 0x4000002, 0x8]}, &(0x7f0000000100)=0x54)

489.021557ms ago: executing program 2 (id=1105):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES8, @ANYRES8=r0], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x3800813, &(0x7f0000001300)=ANY=[], 0x5, 0xa6d, &(0x7f0000001440)="$eJzs3c1vHOd9B/DvLEmRoV3ZcVTXNRxzLVcO47AUSdVSBR9SiVxJTPlSkBRgoYcojahCEFu3cQs4QtEoQNFTjBZo0UN7M3rqyUAuTQ+FL0V7a049FCj0LwQ9qactZnZJLcldLiVTJCV/PsTuzszzm+d5Zmeeebhv84RnS/OlbXPNZnV7wvnr/3QINeYYuzz34NPPPilvP76fExnIe8U/JyNJ6slgkteSodm5leXFPhndTW4m+Twpkgyn9bgvN1P8VV58NP95in8oy+3pxH5zpp8mX2pHffwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBxVMzOTU1NFycyv3T9g3pLUt9ldm5luUizuTtlc52Wn1Wjfhc/61tuUpS3jIxsDvX92qlHya8mqZ/OG625N6oByTOSey+8+vL7Xxusba7fqzZfyPD+s/3oh/fufm9jY/0HXVOL4gBrdcy0jpGrjaX51eX5xUtXG/X51eX6xfPnp85eu7JavzK/0Fi9sbrWWKzPrjQurS2v1Mdnv1mfvnjxXL0xeWP5+tLVucmFxubCC78+MzV1vv6dyd9pXFpZXV46+53J1dlr8wsL80tXq5gyuYy5UB6Ivz2/Vl9rXFqs12/f2Vg/t6NmA9lx/JZB0/22pwya6Rc0MzUzMz09MzP94/bo2VsLzr938b0LU1ODUy0vpj2RrYja1oH/+E82z5yv9N7NB3sChy+g1ur/k4XMZynX80HqXf9mM5eVLGexR3rbZv9/5mxjz2LT0f+3e/nBjvTXy7vTebM9O9Kj/+9Rl8P7+yg/zL3czfeykY2s5wdHXqPD/buaRpYyn9UsZz6LuVQtqbeX1HMx53M+U/lurmUsqxnMlcxnIY2s5kZWs5ZGdUTNZiWNXMpalrOSesYzm2+mnulczMWcSz2NTOZGlnM9S7mauVyqcrmdO9Xzfm6POm4FTe8naGaPoF3dfa/+f8vOVRo7/znhOVTbcy8/hbM4PJlmu/8/0T90fHbb7ODTqxQAAABwoH71P3Ly1Cv//j9Jka9XH09emV9oTB11tQAAAIADVH1d743yYaic+noKr/8BAADgeVNUv7ErkoxmrDW1+UsobwIAAADAc6L6/P/NFGOPFnj9DwAAAM+Z/tfY7xtRTGxe/rd+q/V4qx3RmitGr8wvNCZnlxfen8471VUGql8a7MptICmGqp8fvJu3WlFvjbYeRx/lWJY5UkZNT74/nXdzur0h42+XD2+Pd4mcaUV+oxX5jc7IgWyLPFdGAsDz7vQe/fHe/f9wO4eieDcTrcmJ16suf/D1bX3wQNWzTulZAeC42Bpj5//aQ5p16f/fbF0b4M1er/9/Y4/X/2XEK7k91vpKwWS+nw+zkVuZSPsbB2Pdct0cjaD1NYSJPu8GjLa/svDzC7VM7Ho/YGRrWztj1zOTia7vCHTkW2zW4VwrbuBp7QUAOFyn9+yHN/v/6k3ynv3/xN6v/zv6XF8pBIDjYGsE+24Tl3sn3RvrnbRz4qi3EQDYTi8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAB29fF/D/z3eSjY31ZD/B+5z4+b/9yy/1jPnJC8nI49Rw74laDqTOw0kOZNuf3sRAkqMq/dt57LXKfXxcnrrnaaK4XzXYL5TPEZ+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBRFMtBteS0ZTjKV5Ozh1+rpuX/UFTgo9SdbrXiYh/k4Jw+6OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX3bt6//X0np8obUog7XkTJKbSX73qOv4OEb6pD88pHocP39Q3Xdc/7+WDKVZZDDNZrOZFEOzcyvLi+WhUAyX6Q8+/eyT8tYzyx9tTuweVaHMoCxh2+AS7RI6lgxtX+ur1Vqjc+sf3f2TD/+oPne5OjAvr11ZmFu8uvJbSZqtwFeLn7aGQOgcBmGzvn925l//umPxiXbhP81grw3ZWe6Vqty5jnLbfqXb2j3K3Yc7G+szZUlrjQ/W/vQPa51Jr+St5O3xZHx7Sb9f3jpLarYleWvn87ld8YviL4uT+bvcLPd/9WQUzaLcRS9V2/+V23c21ie//+HGra06/ejOxx0ZvJyxJLe2t7JudeowVp1PunqhKnWoLHWqCirvTvXJb08dOU4/el63bcNXq0Nm9LG2od57Gyp9nvd2jc7trFGzbCR/88dfyzt77unhLjm+06fEropfFP9dXMt/5S86xv+olfv/TLq2zi5ZVJEdR0pn2rbmVTvzaMtnOhO+uzPPnq2Sp+An+b385tb+r1Xn/852M9Oj3Wydj77dsbBHu9lsWj3axfD2lrqrXbT1axe7W+o/vrSrR9leak519kgn301aZ59e67TreaoV1aOev5xvJYOvP9YZ5Vt9zij91n/S9v/3xXj+N/eN/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx/RTLQbXktOZPk5SQvlfP1pLkz5v4TlFcbLZ6kmgfmSer87Cl6bmjxMA/zcU4edo0AAAAAAAAAeDouzz349LNPylv1efxAfq3WTqkng0leLv52aHZuZXmxT0ZDyc3Nj/RHuof0WJyb5d2Lj+Y/L+de27O0P39wtF8fAIBn2v8HAAD//1vZdxE=")
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r2, @ANYBLOB="01000000000000000000010000000400048008000200010000000800010000000000700008802400078008000600480000000800", @ANYRESHEX=r2, @ANYRESHEX=r4], 0x164}, 0x1, 0x0, 0x0, 0x20044880}, 0x30000800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff5f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00'}, 0x18)
r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x55, 0x1, 0x0, 0x0, 0x0, 0x1000, 0x10000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x618, 0x1, @perf_bp={&(0x7f0000000380), 0x6}, 0x10005, 0x801, 0xfffffbff, 0x3, 0x1, 0x55b6, 0x5, 0x0, 0x0, 0x0, 0x10000000002005}, 0x0, 0xffe0000000000001, 0xffffffffffffffff, 0x9)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f00000001c0)='cpu<m0\t\t\t')
socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000010000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r8, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4)
setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000040)={0x0, 0x10000, 0x1000, 0x101, 0x1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00'}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_config_ext={0xa19a}, 0x0, 0x3, 0xffffffff, 0x5, 0xfffffffffffffffd, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t')
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x40404, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@errors_continue}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@dax}, {@usrquota}]}, 0x1, 0x437, &(0x7f0000000900)="$eJzs289PHFUcAPDv7EKR/hBs6o/Sqmg1En9AobX24EWjiQdNTPRQjwi0wW6LKZjYhigaU4+miXfj0cS/wJNejHoy8ap306QxXFo9rZndGdhddrdAF7a6n08y8N7MW9777szbfW8eE0DPGk1/JBH7I+L3iBiqZusLjFZ/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvyTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmS03cEny+UOV9ddB2rSSV8XG8KWFKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNSskqR1/Y2LJBvHP4Xr2w5uE9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96TsegfSPOTber44ZXfvmh1rHb8l25p/flYMGvH9b6B+tfMTi9N30nMtW58EjHS1yz+ZG0lID19hyNiZJt1zD/9zdFWx24ffxsdWGcqfx3xVPX8r0RD/Lmk/frkxD1Rmjs+kV8VG/3y69U3W9V/R/F3QHr+9za9/tfiH05q12sXt17H1T8+bzmn2e71vyd5u27fh9NLS5cmI/Ykr1cbXbt/qqHc1Hr5NP6xY837/8FYfyeORER6ET8cEY9ExKNZ2x+LiMcj4lib+H96+Yn3thf/QJu/2hlp/LNbOv/riT3RuKd5onj+x+/qKh3ebPyRnf+TldRYtmczn3+badf2rmYAAAD47ylExP5ICuNr6UJhfLz6P/yHYm+htLC49MzZhQ8uzlafERiO/kJ+p2uo5n7oZDatz/NTDfkT2X3jL4uDlfz4zEJpttvBQ4/b16L/p/4sdrt1wI7zvBb0Lv0fepf+D71L/4fe1aT/D3ajHcDua/b9/3EX2gHsvob+b9kPeoj5P/Qu/R96l/4PPWlxMG7/kLyExIZEFO6KZkjsUKLbn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//zpS5t0=")
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

463.080109ms ago: executing program 3 (id=1106):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000380), &(0x7f00000005c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
getgroups(0x1, &(0x7f00000000c0)=[0x0])

389.400176ms ago: executing program 3 (id=1107):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

342.33848ms ago: executing program 3 (id=1108):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420002e2eafb9fdd672bad09dfb78c7699c74e82fa0c70000000000000000000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)

281.246445ms ago: executing program 3 (id=1109):
socket$netlink(0x10, 0x3, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe89}, 0x94)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
r2 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xadz\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5`\xda\xca\xd1\xab:\x18\x10\x9b\xd0w', 0x0)
write$binfmt_misc(r2, &(0x7f0000000180)="e502", 0x2)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

268.314496ms ago: executing program 3 (id=1110):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f}, 0x94)
r0 = syz_io_uring_setup(0x1215, &(0x7f0000000500)={0x0, 0x7d10, 0x80, 0x0, 0x2b4}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000980)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4050}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000340)=0xfffffffc, 0x0, 0x4)
r5 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457})
io_uring_enter(r0, 0x46bc, 0x3, 0x20, 0x0, 0x20)

230.9285ms ago: executing program 1 (id=1111):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n\x00\x00'], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000000)={[{@journal_path={'journal_path', 0x3d, './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")

183.929564ms ago: executing program 1 (id=1112):
r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @initdev}, &(0x7f0000000140)=0x10, 0x800)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000280)={'tunl0\x00', &(0x7f0000000700)={'syztnl2\x00', <r1=>0x0, 0x20, 0x8000, 0x4, 0x7, {{0x1c, 0x4, 0x0, 0x8, 0x70, 0x66, 0x0, 0xf8, 0x29, 0x0, @broadcast, @empty, {[@cipso={0x86, 0x5b, 0x3, [{0x5, 0x11, "07182a66263585d0a489959e890b50"}, {0x6, 0x3, '('}, {0x5, 0xf, "4e312cb223fe41b40da9c07ada"}, {0x1, 0x10, "31d1e96cac633f036381e339963d"}, {0x2, 0x11, "67c60e9d3bf6aa5eb1ce9a3ac897d9"}, {0x1, 0x9, "dea41d6aa541be"}, {0x0, 0x8, "fb24cd577465"}]}]}}}}})
fstat(0xffffffffffffffff, &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYRES8=r0], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
r5 = openat$vsock(0xffffffffffffff9c, 0x0, 0x40, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095", @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000006c0)='bcache_keyscan\x00', r2, 0x0, 0x589aa64}, 0x18)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xc, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', r1, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r6}, 0x10)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r7, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r7, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'pim6reg0\x00', 0x100}, 0x18)
syz_emit_ethernet(0x5e, &(0x7f0000000a80)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00283afffe800000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)
r8 = socket$isdn(0x22, 0x2, 0x10)
r9 = socket$isdn(0x22, 0x2, 0x2)
r10 = dup3(r9, r8, 0x0)
accept$packet(r10, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000cc0)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x89, '\x00', 0x0, 0x2}, 0x94)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1002}, 0x94)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={<r12=>0x0}, &(0x7f0000000440)=0xc)
ptrace$getregs(0xc, r12, 0x9, &(0x7f0000000480)=""/219)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r11}, 0x10)

116.40136ms ago: executing program 4 (id=1113):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x14, 0x30, 0xffff}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newtfilter={0x48, 0x2c, 0xd27, 0x100000, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x0, 0xb2768bed0a89ab55}, {}, {0x10, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x48}}, 0x4004080)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x17, &(0x7f0000000980)=0x5, 0x4)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8)
socket$inet(0x2, 0x1, 0x5)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

96.895432ms ago: executing program 2 (id=1114):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010000000000fddbdf255400"], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)

40.828377ms ago: executing program 0 (id=1115):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000003e0000143e080000050000000c00000000000007000000000b0077d49d12d5ae910363dc00000200000f02000d000000000000000000010001000300000000000100ffff00000000120205b93057c1f1e19a6051723a"], &(0x7f0000000300)=""/98, 0x5d, 0x62, 0x0, 0x1}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fffdffff0000000000000000850000004100000085000000d000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6(0xa, 0x80001, 0x0)
socket$netlink(0x10, 0x3, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000740)={[{@dax_always}, {@usrjquota}, {@grpquota}, {@nojournal_checksum}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@noinit_itable}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x81}}, {@data_journal}, {@delalloc}, {@debug}, {@mblk_io_submit}, {@journal_path={'journal_path', 0x3d, './file0/file0'}}]}, 0xfd, 0x57d, &(0x7f0000001340)="$eJzs3U1rG0cfAPD/ylLenOexAyG0PZRADk0JkWO7LykUkh5LGxpo76mwFRMsR8GSQ+wGmhyaSy8lFEppoPQD9N5j6Bfopwi0gVCCaQ+l4LLyylFsyW+RK9X6/WCtGe2uZkY7M5rZlbwBDKyT6Z9cxMsR8VUSMdKyLh/ZypOr2y0/vT2VLkmsrHz8exIX1r1Wkj0OZ5GXIuLnLyLO5DamW1tcmi1VKuX5LD5Wn7sxVltcOnttrjRTnilfn5icPP/m5MQ7b7/VZu/def3yn99+9PD981+eWv7mx8fH7idxMY5m69JydSGJO62Rk6W/s1AhLq7bcLwLifWTpNcZYFeGsnZeiLQPGImhrNUD+9/nEbECDKhE+4cB1RwHNOf2XZoH/2c8eW91ArSx/PnVcyNxqDE3OrKcPDczSue7o11IP03jp98e3E+X2Pw8xOEt4gA7cuduRJzL5zf2f0nW/+3eucbJ482tT2PQPn+glx6m45/kTsSG9p9bG/9Em/HPcJu2uxtbt//c48bDHl1gSMd/77Yd/651XaNDWex/jTFfIbl6rVI+FxH/j4jTUTiYxje7nnN++dFKp3Wt4790SdNvjgWzfDzOH3x+n+lSvfQiZW715G7EK23Hv8na8U/aHP/0/bi8zTROlB+82mnd1uXfWys/RLzW9vg/q3DJ5tcnxxr1YaxZKzb6496JXzql30ylV+VPj/+Rzcs/mrRer63tPI3vD/1V7rCqUaV2U/8PJJ80wgey526V6vX58YgDyYf54fXPTzzbtxlvbp+W//Sp9u1/s/qfTr4+3Wb57x2/13HTXtf/tPzTOzr+Ow88+uCz7zqlv73+741G6HT2zHb6v+1m8EXeOwAAAAAAAOg3uYg4GkmuuBbO5YrF1e93HI8juUq1Vj9ztbpwfToav5UdjUKueaV7pOX7EOPZ92Gb8Yl18cmIOBYRXw8dbsSLU9XKdK8LDwAAAAAAAAAAAAAAAAAAAH1iuMPv/1O/DvU6d8Cea9zY4GCvcwH0wpa3/O/GnZ6AvrRl+wf2rZ23f2cGYL/w+Q+DS/uHwaX9w+DabvsvjOxxRoB/nc9/GFzaPwAAAAAAAAAAAAAAAAAAAAAAAAAAAHTV5UuX0mVl+entqTQ+fXNxYbZ68+x0uTZbnFuYKk5V528UZ6rVmUq5OFWd2+r1KtXqjfGJWLg1Vi/X6mO1xaUrc9WF6/Ur1+ZKM+Ur5YJ/NgwAAAAAAAAAAAAAAAAAAAAb1BaXZkuVSnleoGPgQvRFNvaygKt2tXu+X0oh0NVAjzsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjxTwAAAP//b8owSQ==")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), 0x0, 0x835, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$TIOCSETD(r2, 0x5423, 0x0)
readv(r2, 0x0, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_setup(0x1117, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x20088804)

40.105177ms ago: executing program 2 (id=1116):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
recvmmsg(r0, &(0x7f0000000c80)=[{{&(0x7f00000001c0)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f0000000480)=""/147, 0x93}, {&(0x7f0000000380)=""/76, 0x4c}, {&(0x7f00000005c0)=""/1, 0x1}, {&(0x7f0000000600)}, {&(0x7f00000007c0)=""/133, 0x85}, {&(0x7f0000000640)=""/53, 0x35}, {&(0x7f0000000a00)=""/146, 0x92}], 0x8, &(0x7f0000000ac0)=""/187, 0xbb}, 0x8}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000740)=""/3, 0x3}, {&(0x7f0000000b80)}, {&(0x7f0000000bc0)=""/34, 0x22}, {&(0x7f0000000c00)=""/36, 0x24}], 0x4}, 0x1}], 0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffc, '\x00', 0x0, 0x0}, 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r2)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
sync()
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000007000000000000000000000300000000010000000200000003000000000000000200000604000000050078b4ee"], &(0x7f0000000f40)=""/4089, 0x53, 0xff9, 0x8}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r4, 0x0, 0xffff}, 0x18)
time(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x10, 0xa, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000008500000008000000950000000000000095000000000000009843e8bb0a59fff7067102387f22ea06acca1c51fad2ebaa6c192f0bf74079ef50ae"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0xa}, 0x94)

19.238329ms ago: executing program 1 (id=1117):
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$pptp(0x18, 0x1, 0x2)
r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x2a200)
io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2})
ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})
close_range(r2, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000780)='mm_page_free\x00', r4, 0x0, 0x201}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2b}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050)
socket$inet_sctp(0x2, 0x4, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

14.215849ms ago: executing program 3 (id=1118):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=r0, @ANYRES32=r0], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420002e2eafb9fdd672bad09dfb78c7699c74e82fa0c70000000000000000000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)

0s ago: executing program 4 (id=1119):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = open(&(0x7f0000000480)='.\x00', 0x48800, 0x50)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r4, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')
getdents(r3, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ytes leftover after parsing attributes in process `syz.4.401'.
[   62.256558][ T4807] EXT4-fs: dax option not supported
[   62.308515][ T4814] loop3: detected capacity change from 0 to 4096
[   62.364564][ T4814] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.422578][ T4814] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.257725][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.327574][ T4839] loop4: detected capacity change from 0 to 512
[   63.338986][ T4839] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.417: inode has both inline data and extents flags
[   63.373039][ T4839] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.417: couldn't read orphan inode 15 (err -117)
[   63.385085][ T4844] loop1: detected capacity change from 0 to 128
[   63.418791][ T4839] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.497671][ T4844] pim6reg: entered allmulticast mode
[   63.503123][ T4844] pim6reg: left allmulticast mode
[   63.512766][ T4855] loop3: detected capacity change from 0 to 128
[   63.567929][ T4850] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(18)
[   63.574596][ T4850] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   63.582255][ T4850] vhci_hcd vhci_hcd.0: Device attached
[   63.610625][ T4845] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(15)
[   63.617285][ T4845] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   63.624997][ T4845] vhci_hcd vhci_hcd.0: Device attached
[   63.647757][ T4861] vhci_hcd: connection closed
[   63.648147][ T4146] vhci_hcd vhci_hcd.1: stop threads
[   63.658168][ T4146] vhci_hcd vhci_hcd.1: release socket
[   63.663567][ T4146] vhci_hcd vhci_hcd.1: disconnect device
[   63.677129][ T4860] vhci_hcd: connection closed
[   63.697721][ T4146] vhci_hcd vhci_hcd.1: stop threads
[   63.707808][ T4146] vhci_hcd vhci_hcd.1: release socket
[   63.713344][ T4146] vhci_hcd vhci_hcd.1: disconnect device
[   63.717252][ T4863] pimreg: entered allmulticast mode
[   63.726679][ T4839] pimreg: left allmulticast mode
[   63.767072][ T3642] vhci_hcd vhci_hcd.1: vhci_device speed not set
[   63.843130][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.893674][ T4877] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   63.908825][ T4877] EXT4-fs: error: could not find journal device path
[   64.374743][ T4910] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   64.389679][ T4910] EXT4-fs: error: could not find journal device path
[   64.397784][ T4912] netlink: 'syz.3.438': attribute type 1 has an invalid length.
[   64.405572][ T4912] netlink: 244 bytes leftover after parsing attributes in process `syz.3.438'.
[   64.507084][ T4912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.438'.
[   64.587322][ T4923] iso9660: Unknown parameter 'unhide�6�ÚÌ
a5…s£'
[   64.595932][ T4923] netlink: 'syz.0.444': attribute type 30 has an invalid length.
[   64.654928][ T4922] 9p: Bad value for 'wfdno'
[   64.749919][ T4930] netlink: 184 bytes leftover after parsing attributes in process `syz.4.443'.
[   64.828162][   T29] kauditd_printk_skb: 739 callbacks suppressed
[   64.828181][   T29] audit: type=1326 audit(1767426341.769:4310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4921 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   64.924479][ T4934] EXT4-fs: inline encryption not supported
[   65.080434][ T4934] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   65.202256][   T29] audit: type=1326 audit(1767426341.919:4311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.225650][   T29] audit: type=1326 audit(1767426341.919:4312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.249110][   T29] audit: type=1326 audit(1767426341.939:4313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.272538][   T29] audit: type=1326 audit(1767426341.939:4314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.295982][   T29] audit: type=1326 audit(1767426341.939:4315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.319496][   T29] audit: type=1326 audit(1767426341.939:4316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.342963][   T29] audit: type=1326 audit(1767426341.939:4317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.366380][   T29] audit: type=1326 audit(1767426341.939:4318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.389992][   T29] audit: type=1326 audit(1767426341.939:4319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4936 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   65.464168][ T4933] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   65.506902][ T4955] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   65.522035][ T4955] EXT4-fs: error: could not find journal device path
[   65.537203][ T4933] EXT4-fs (loop3): Remounting filesystem read-only
[   65.636290][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.926072][ T4993] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   65.941142][ T4993] EXT4-fs: error: could not find journal device path
[   66.362836][ T5027] set_capacity_and_notify: 8 callbacks suppressed
[   66.362851][ T5027] loop1: detected capacity change from 0 to 128
[   66.434380][ T5028] netlink: 184 bytes leftover after parsing attributes in process `syz.3.478'.
[   67.147312][ T5042] FAULT_INJECTION: forcing a failure.
[   67.147312][ T5042] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   67.160643][ T5042] CPU: 0 UID: 0 PID: 5042 Comm: syz.0.482 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   67.160714][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   67.160729][ T5042] Call Trace:
[   67.160737][ T5042]  <TASK>
[   67.160746][ T5042]  __dump_stack+0x1d/0x30
[   67.160771][ T5042]  dump_stack_lvl+0x95/0xd0
[   67.160792][ T5042]  dump_stack+0x15/0x1b
[   67.160864][ T5042]  should_fail_ex+0x265/0x280
[   67.160894][ T5042]  should_fail+0xb/0x20
[   67.160919][ T5042]  should_fail_usercopy+0x1a/0x20
[   67.161015][ T5042]  _copy_from_user+0x1c/0xb0
[   67.161050][ T5042]  memdup_user+0x5e/0xd0
[   67.161073][ T5042]  io_parse_restrictions+0x56/0x210
[   67.161180][ T5042]  io_register_restrictions+0x81/0xc0
[   67.161212][ T5042]  __se_sys_io_uring_register+0xde6/0xf20
[   67.161238][ T5042]  ? fput+0x8f/0xc0
[   67.161320][ T5042]  ? ksys_write+0x192/0x1a0
[   67.161344][ T5042]  __x64_sys_io_uring_register+0x55/0x70
[   67.161371][ T5042]  x64_sys_call+0x27ad/0x3000
[   67.161415][ T5042]  do_syscall_64+0xca/0x2b0
[   67.161472][ T5042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.161528][ T5042] RIP: 0033:0x7fbbf4adf749
[   67.161543][ T5042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.161560][ T5042] RSP: 002b:00007fbbf353f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   67.161579][ T5042] RAX: ffffffffffffffda RBX: 00007fbbf4d35fa0 RCX: 00007fbbf4adf749
[   67.161591][ T5042] RDX: 0000200000001ac0 RSI: 000000000000000b RDI: 0000000000000006
[   67.161603][ T5042] RBP: 00007fbbf353f090 R08: 0000000000000000 R09: 0000000000000000
[   67.161615][ T5042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.161626][ T5042] R13: 00007fbbf4d36038 R14: 00007fbbf4d35fa0 R15: 00007ffdf12ca7e8
[   67.161655][ T5042]  </TASK>
[   67.382013][ T5047] loop2: detected capacity change from 0 to 2048
[   67.434647][ T5047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.552385][ T5047] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   67.616356][ T5047] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 4 with max blocks 2 with error 28
[   67.628838][ T5047] EXT4-fs (loop2): This should not happen!! Data will be lost
[   67.628838][ T5047] 
[   67.638817][ T5047] EXT4-fs (loop2): Total free blocks count 0
[   67.644855][ T5047] EXT4-fs (loop2): Free/Dirty block details
[   67.650913][ T5047] EXT4-fs (loop2): free_blocks=2415919104
[   67.656691][ T5047] EXT4-fs (loop2): dirty_blocks=32
[   67.662047][ T5047] EXT4-fs (loop2): Block reservation details
[   67.668286][ T5047] EXT4-fs (loop2): i_reserved_data_blocks=2
[   68.208313][ T5047] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 4 with max blocks 1 with error 28
[   68.466449][ T5081] loop0: detected capacity change from 0 to 128
[   68.573296][ T5047] syz.2.486 (5047) used greatest stack depth: 9416 bytes left
[   68.709124][ T5098] loop2: detected capacity change from 0 to 512
[   68.798493][ T5098] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.502: error while reading EA inode 32 err=-116
[   69.000450][ T5098] EXT4-fs (loop2): Remounting filesystem read-only
[   69.007934][ T5098] EXT4-fs warning (device loop2): ext4_evict_inode:256: couldn't mark inode dirty (err -30)
[   69.019130][ T5098] EXT4-fs (loop2): 1 orphan inode deleted
[   69.025385][ T5098] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.147678][ T5110] netlink: 184 bytes leftover after parsing attributes in process `syz.0.503'.
[   69.341450][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.780606][ T5122] loop3: detected capacity change from 0 to 1024
[   69.788232][ T5122] EXT4-fs: Ignoring removed nobh option
[   69.793980][ T5122] EXT4-fs: inline encryption not supported
[   69.838611][ T5122] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.909475][ T5128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.510'.
[   69.952220][   T29] kauditd_printk_skb: 117 callbacks suppressed
[   69.952238][   T29] audit: type=1400 audit(1767426346.889:4437): avc:  denied  { create } for  pid=5127 comm="syz.0.510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   69.979664][ T5137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.509'.
[   70.012686][   T29] audit: type=1400 audit(1767426346.899:4438): avc:  denied  { connect } for  pid=5127 comm="syz.0.510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   70.133425][ T5146] capability: warning: `syz.2.515' uses deprecated v2 capabilities in a way that may be insecure
[   70.163967][ T5143] loop0: detected capacity change from 0 to 512
[   70.175800][ T5143] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   70.191084][ T5143] EXT4-fs: error: could not find journal device path
[   70.213126][   T29] audit: type=1326 audit(1767426347.149:4439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.323291][   T29] audit: type=1326 audit(1767426347.179:4440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.346785][   T29] audit: type=1326 audit(1767426347.179:4441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.370386][   T29] audit: type=1326 audit(1767426347.179:4442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.394013][   T29] audit: type=1326 audit(1767426347.179:4443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.408118][ T5164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.517'.
[   70.417428][   T29] audit: type=1326 audit(1767426347.179:4444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.450155][   T29] audit: type=1326 audit(1767426347.179:4445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.451738][ T5164] bridge0: port 1(gretap0) entered blocking state
[   70.473653][   T29] audit: type=1326 audit(1767426347.179:4446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5150 comm="syz.1.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   70.503590][ T5164] bridge0: port 1(gretap0) entered disabled state
[   70.511813][ T5162] loop4: detected capacity change from 0 to 164
[   70.539075][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.552033][ T5164] gretap0: entered allmulticast mode
[   70.562643][ T5164] gretap0: entered promiscuous mode
[   70.572233][ T5169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.519'.
[   70.587875][ T5164] bridge0: port 1(gretap0) entered blocking state
[   70.594427][ T5164] bridge0: port 1(gretap0) entered forwarding state
[   70.623362][ T5169] pim6reg: entered allmulticast mode
[   70.728597][ T5160] Process accounting resumed
[   70.750715][ T5190] netlink: 'syz.3.520': attribute type 1 has an invalid length.
[   70.758566][ T5190] netlink: 244 bytes leftover after parsing attributes in process `syz.3.520'.
[   70.768588][ T5190] netlink: 8 bytes leftover after parsing attributes in process `syz.3.520'.
[   71.141065][ T5241] loop2: detected capacity change from 0 to 128
[   71.261776][ T5244] loop3: detected capacity change from 0 to 512
[   71.307674][ T5244] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   71.322801][ T5244] EXT4-fs: error: could not find journal device path
[   71.489991][ T5293] netlink: 'syz.0.532': attribute type 1 has an invalid length.
[   71.497895][ T5293] netlink: 244 bytes leftover after parsing attributes in process `syz.0.532'.
[   71.524958][ T5294] loop4: detected capacity change from 0 to 128
[   71.540535][ T5293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.532'.
[   71.553877][ T5292] FAULT_INJECTION: forcing a failure.
[   71.553877][ T5292] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.567255][ T5292] CPU: 0 UID: 0 PID: 5292 Comm: syz.3.535 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   71.567282][ T5292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   71.567298][ T5292] Call Trace:
[   71.567307][ T5292]  <TASK>
[   71.567317][ T5292]  __dump_stack+0x1d/0x30
[   71.567378][ T5292]  dump_stack_lvl+0x95/0xd0
[   71.567401][ T5292]  dump_stack+0x15/0x1b
[   71.567458][ T5292]  should_fail_ex+0x265/0x280
[   71.567489][ T5292]  should_fail+0xb/0x20
[   71.567542][ T5292]  should_fail_usercopy+0x1a/0x20
[   71.567574][ T5292]  _copy_to_user+0x20/0xa0
[   71.567611][ T5292]  simple_read_from_buffer+0xb5/0x130
[   71.567734][ T5292]  proc_fail_nth_read+0x10e/0x150
[   71.567772][ T5292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   71.567809][ T5292]  vfs_read+0x1a8/0x770
[   71.567906][ T5292]  ? mutex_lock+0x58/0x90
[   71.567955][ T5292]  ksys_read+0xda/0x1a0
[   71.567973][ T5292]  __x64_sys_read+0x40/0x50
[   71.568000][ T5292]  x64_sys_call+0x2889/0x3000
[   71.568069][ T5292]  do_syscall_64+0xca/0x2b0
[   71.568105][ T5292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.568164][ T5292] RIP: 0033:0x7f000ee3e15c
[   71.568184][ T5292] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   71.568207][ T5292] RSP: 002b:00007f000d89f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   71.568232][ T5292] RAX: ffffffffffffffda RBX: 00007f000f095fa0 RCX: 00007f000ee3e15c
[   71.568247][ T5292] RDX: 000000000000000f RSI: 00007f000d89f0a0 RDI: 0000000000000006
[   71.568316][ T5292] RBP: 00007f000d89f090 R08: 0000000000000000 R09: 0000000000000000
[   71.568331][ T5292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   71.568343][ T5292] R13: 00007f000f096038 R14: 00007f000f095fa0 R15: 00007fff7e12cf18
[   71.568367][ T5292]  </TASK>
[   71.892961][ T5304] loop0: detected capacity change from 0 to 2048
[   71.959624][ T3306] Alternate GPT is invalid, using primary GPT.
[   71.966067][ T3306]  loop0: p2 p3 p7
[   71.976291][ T5306] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.019481][ T5304] Alternate GPT is invalid, using primary GPT.
[   72.025961][ T5304]  loop0: p2 p3 p7
[   72.042637][ T5308] netlink: 12 bytes leftover after parsing attributes in process `syz.3.537'.
[   72.091837][ T4144] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   72.151723][ T5306] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.258568][ T4144] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   72.277908][ T5314] pimreg: entered allmulticast mode
[   72.298375][ T5314] pimreg: left allmulticast mode
[   72.365277][ T5324] loop2: detected capacity change from 0 to 512
[   72.412272][ T5324] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   72.427258][ T5324] EXT4-fs: error: could not find journal device path
[   72.708703][ T5351] FAULT_INJECTION: forcing a failure.
[   72.708703][ T5351] name failslab, interval 1, probability 0, space 0, times 0
[   72.721569][ T5351] CPU: 1 UID: 0 PID: 5351 Comm: syz.2.556 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.721601][ T5351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   72.721620][ T5351] Call Trace:
[   72.721627][ T5351]  <TASK>
[   72.721634][ T5351]  __dump_stack+0x1d/0x30
[   72.721665][ T5351]  dump_stack_lvl+0x95/0xd0
[   72.721694][ T5351]  dump_stack+0x15/0x1b
[   72.721775][ T5351]  should_fail_ex+0x265/0x280
[   72.721835][ T5351]  should_failslab+0x8c/0xb0
[   72.721863][ T5351]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[   72.721894][ T5351]  ? __alloc_skb+0x2ff/0x4b0
[   72.721928][ T5351]  __alloc_skb+0x2ff/0x4b0
[   72.721950][ T5351]  ? __alloc_skb+0x228/0x4b0
[   72.721978][ T5351]  audit_log_start+0x3a0/0x720
[   72.722008][ T5351]  audit_seccomp+0x48/0x100
[   72.722156][ T5351]  ? __seccomp_filter+0x832/0x1260
[   72.722191][ T5351]  __seccomp_filter+0x843/0x1260
[   72.722237][ T5351]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   72.722274][ T5351]  ? vfs_write+0x7e8/0x960
[   72.722341][ T5351]  ? __rcu_read_unlock+0x4f/0x70
[   72.722360][ T5351]  ? __fget_files+0x184/0x1c0
[   72.722394][ T5351]  __secure_computing+0x82/0x150
[   72.722465][ T5351]  syscall_trace_enter+0xcf/0x1e0
[   72.722506][ T5351]  do_syscall_64+0xa4/0x2b0
[   72.722542][ T5351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.722570][ T5351] RIP: 0033:0x7efcd0e6e15c
[   72.722589][ T5351] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   72.722607][ T5351] RSP: 002b:00007efccf8cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   72.722649][ T5351] RAX: ffffffffffffffda RBX: 00007efcd10c5fa0 RCX: 00007efcd0e6e15c
[   72.722721][ T5351] RDX: 000000000000000f RSI: 00007efccf8cf0a0 RDI: 0000000000000006
[   72.722795][ T5351] RBP: 00007efccf8cf090 R08: 0000000000000000 R09: 0000000000000000
[   72.722811][ T5351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.722826][ T5351] R13: 00007efcd10c6038 R14: 00007efcd10c5fa0 R15: 00007ffe193b67f8
[   72.722850][ T5351]  </TASK>
[   72.962951][ T5353] netlink: 'syz.0.553': attribute type 1 has an invalid length.
[   73.079112][ T5336] loop1: detected capacity change from 0 to 32768
[   73.089187][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x1
[   73.096656][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.104138][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.111671][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.119185][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.126691][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.136431][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.144065][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.151534][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x2
[   73.159043][ T4004] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   73.168891][ T4004] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[   73.180527][ T5336]  loop1: p1 p3 < >
[   73.247725][ T5370] fido_id[5370]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   73.297958][ T5378] loop1: detected capacity change from 0 to 512
[   73.311392][ T5381] netlink: 'syz.0.562': attribute type 63 has an invalid length.
[   73.322646][ T5378] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   73.337726][ T5378] EXT4-fs: error: could not find journal device path
[   73.356171][ T5381] loop0: detected capacity change from 0 to 764
[   73.375063][ T5381] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   73.424599][ T3540] udevd[3540]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   73.425356][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   73.447840][ T5392] FAULT_INJECTION: forcing a failure.
[   73.447840][ T5392] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   73.461218][ T5392] CPU: 1 UID: 0 PID: 5392 Comm: syz.1.563 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.461332][ T5392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   73.461348][ T5392] Call Trace:
[   73.461357][ T5392]  <TASK>
[   73.461367][ T5392]  __dump_stack+0x1d/0x30
[   73.461392][ T5392]  dump_stack_lvl+0x95/0xd0
[   73.461420][ T5392]  dump_stack+0x15/0x1b
[   73.461485][ T5392]  should_fail_ex+0x265/0x280
[   73.461517][ T5392]  should_fail_alloc_page+0xf2/0x100
[   73.461549][ T5392]  __alloc_frozen_pages_noprof+0x109/0x360
[   73.461602][ T5392]  alloc_pages_mpol+0xb3/0x260
[   73.461671][ T5392]  alloc_pages_noprof+0x90/0x130
[   73.461712][ T5392]  __pmd_alloc+0x47/0x480
[   73.461754][ T5392]  handle_mm_fault+0x1a07/0x2c60
[   73.461835][ T5392]  ? __rcu_read_unlock+0x4f/0x70
[   73.461862][ T5392]  ? mt_find+0x21b/0x330
[   73.461897][ T5392]  do_user_addr_fault+0x3fe/0x1080
[   73.461995][ T5392]  exc_page_fault+0x62/0xa0
[   73.462033][ T5392]  asm_exc_page_fault+0x26/0x30
[   73.462060][ T5392] RIP: 0010:__put_user_4+0xd/0x20
[   73.462102][ T5392] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 07 9f 01 00 90 90 90 90 90 90 90 90 90 90
[   73.462124][ T5392] RSP: 0018:ffffc9000e7ffc20 EFLAGS: 00050202
[   73.462155][ T5392] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000040
[   73.462171][ T5392] RDX: 0000000000000444 RSI: 0000000000000000 RDI: ffffc9000e7ffc28
[   73.462251][ T5392] RBP: 000000000000541b R08: 0001c9000e7ffc2b R09: 0000000000000000
[   73.462268][ T5392] R10: 0001c9000e7ffbcc R11: 0001c9000e7ffbcf R12: ffffffff86cd8520
[   73.462284][ T5392] R13: ffffffff85c3cb20 R14: ffff88811bd4c9c0 R15: 0000000000000000
[   73.462307][ T5392]  sk_ioctl+0x261/0x3c0
[   73.462330][ T5392]  ? _parse_integer+0x27/0x40
[   73.462353][ T5392]  pn_socket_ioctl+0x7d/0x200
[   73.462435][ T5392]  sock_do_ioctl+0x73/0x220
[   73.462481][ T5392]  sock_ioctl+0x41b/0x610
[   73.462525][ T5392]  ? __pfx_sock_ioctl+0x10/0x10
[   73.462711][ T5392]  do_vfs_ioctl+0xa79/0xe10
[   73.462752][ T5392]  ? selinux_file_ioctl+0x1bd/0x3a0
[   73.462789][ T5392]  ? __fget_files+0x184/0x1c0
[   73.462865][ T5392]  __se_sys_ioctl+0x82/0x140
[   73.462907][ T5392]  __x64_sys_ioctl+0x43/0x50
[   73.462979][ T5392]  x64_sys_call+0x14b0/0x3000
[   73.463008][ T5392]  do_syscall_64+0xca/0x2b0
[   73.463048][ T5392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.463074][ T5392] RIP: 0033:0x7f44aecdf749
[   73.463092][ T5392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.463134][ T5392] RSP: 002b:00007f44ad73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.463156][ T5392] RAX: ffffffffffffffda RBX: 00007f44aef35fa0 RCX: 00007f44aecdf749
[   73.463170][ T5392] RDX: 0000200000000040 RSI: 000000000000541b RDI: 0000000000000003
[   73.463185][ T5392] RBP: 00007f44ad73f090 R08: 0000000000000000 R09: 0000000000000000
[   73.463245][ T5392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.463260][ T5392] R13: 00007f44aef36038 R14: 00007f44aef35fa0 R15: 00007ffc388556a8
[   73.463285][ T5392]  </TASK>
[   74.066167][ T5456] netlink: 'syz.2.567': attribute type 1 has an invalid length.
[   74.110580][ T5306] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   74.121044][ T5306] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.151108][ T5463] loop4: detected capacity change from 0 to 512
[   74.292710][ T5463] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   74.308448][ T5463] EXT4-fs (loop4): mount failed
[   74.316922][ T5410] netlink: 'syz.1.566': attribute type 1 has an invalid length.
[   74.340982][ T5306] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   74.351528][ T5306] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.415834][ T5475] __nla_validate_parse: 6 callbacks suppressed
[   74.415854][ T5475] netlink: 184 bytes leftover after parsing attributes in process `syz.2.571'.
[   74.630144][ T4149] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   74.638596][ T4149] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.743004][ T4149] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   74.751377][ T4149] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.900565][ T4149] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   74.909011][ T4149] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.918155][ T4149] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   74.926377][ T4149] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.968230][ T5493] loop3: detected capacity change from 0 to 512
[   74.979401][ T5492] loop4: detected capacity change from 0 to 512
[   74.985768][   T29] kauditd_printk_skb: 213 callbacks suppressed
[   74.985863][   T29] audit: type=1400 audit(1767426351.919:4657): avc:  denied  { bind } for  pid=5495 comm="syz.0.581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   75.028380][ T5493] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   75.040443][ T5492] EXT4-fs: Ignoring removed i_version option
[   75.057016][ T5492] EXT4-fs: Mount option(s) incompatible with ext2
[   75.096707][   T29] audit: type=1400 audit(1767426352.029:4658): avc:  denied  { ioctl } for  pid=5497 comm="syz.1.582" path="socket:[11345]" dev="sockfs" ino=11345 ioctlcmd=0x8910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   75.122022][   T29] audit: type=1400 audit(1767426352.029:4659): avc:  denied  { create } for  pid=5497 comm="syz.1.582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   75.123620][ T5493] EXT4-fs (loop3): 1 truncate cleaned up
[   75.148853][ T5493] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.169189][ T5492] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[   75.221396][   T29] audit: type=1400 audit(1767426352.159:4660): avc:  denied  { write } for  pid=5506 comm="syz.4.585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   75.248656][   T29] audit: type=1326 audit(1767426352.159:4661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.4.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a1c2f749 code=0x7ffc0000
[   75.272142][   T29] audit: type=1326 audit(1767426352.159:4662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.4.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a1c2f749 code=0x7ffc0000
[   75.295632][   T29] audit: type=1326 audit(1767426352.159:4663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.4.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30a1c2f749 code=0x7ffc0000
[   75.319054][   T29] audit: type=1326 audit(1767426352.159:4664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.4.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a1c2f749 code=0x7ffc0000
[   75.342507][   T29] audit: type=1326 audit(1767426352.159:4665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.4.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f30a1c2f749 code=0x7ffc0000
[   75.365985][   T29] audit: type=1326 audit(1767426352.159:4666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.4.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a1c2f749 code=0x7ffc0000
[   75.390767][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.522266][ T5518] loop3: detected capacity change from 0 to 512
[   75.529492][ T5518] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   75.544474][ T5518] EXT4-fs: error: could not find journal device path
[   75.683730][ T5526] netlink: 'syz.0.589': attribute type 1 has an invalid length.
[   75.691458][ T5526] netlink: 244 bytes leftover after parsing attributes in process `syz.0.589'.
[   75.701017][ T5526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.589'.
[   75.728683][ T5529] FAULT_INJECTION: forcing a failure.
[   75.728683][ T5529] name fail_futex, interval 1, probability 0, space 0, times 1
[   75.741693][ T5529] CPU: 0 UID: 0 PID: 5529 Comm: syz.1.592 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   75.741727][ T5529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   75.741743][ T5529] Call Trace:
[   75.741752][ T5529]  <TASK>
[   75.741762][ T5529]  __dump_stack+0x1d/0x30
[   75.741814][ T5529]  dump_stack_lvl+0x95/0xd0
[   75.741835][ T5529]  dump_stack+0x15/0x1b
[   75.741858][ T5529]  should_fail_ex+0x265/0x280
[   75.741959][ T5529]  should_fail+0xb/0x20
[   75.741985][ T5529]  get_futex_key+0x130/0xc00
[   75.742018][ T5529]  futex_wait_setup+0x4a/0x3e0
[   75.742041][ T5529]  __futex_wait+0x9d/0x260
[   75.742070][ T5529]  ? __pfx_futex_wake_mark+0x10/0x10
[   75.742214][ T5529]  futex_wait+0x9d/0x1d0
[   75.742244][ T5529]  do_futex+0x2bf/0x380
[   75.742328][ T5529]  __se_sys_futex+0x2ed/0x360
[   75.742362][ T5529]  ? mutex_unlock+0x4f/0x90
[   75.742393][ T5529]  __x64_sys_futex+0x78/0x90
[   75.742455][ T5529]  x64_sys_call+0x2bc2/0x3000
[   75.742487][ T5529]  do_syscall_64+0xca/0x2b0
[   75.742532][ T5529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.742602][ T5529] RIP: 0033:0x7f44aecdf749
[   75.742621][ T5529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.742647][ T5529] RSP: 002b:00007f44ad73f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   75.742665][ T5529] RAX: ffffffffffffffda RBX: 00007f44aef35fa0 RCX: 00007f44aecdf749
[   75.742678][ T5529] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000020000000cffc
[   75.742733][ T5529] RBP: 00007f44ad73f090 R08: 0000000000000000 R09: 0000000000000000
[   75.742749][ T5529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.742764][ T5529] R13: 00007f44aef36038 R14: 00007f44aef35fa0 R15: 00007ffc388556a8
[   75.742845][ T5529]  </TASK>
[   76.214998][ T5542] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   76.411079][ T5542] EXT4-fs warning (device loop2): dx_probe:837: inode #2: comm syz.2.596: Unimplemented hash flags: 0x0001
[   76.422666][ T5542] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.596: Corrupt directory, running e2fsck is recommended
[   76.480429][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.562575][ T5559] set_capacity_and_notify: 1 callbacks suppressed
[   76.562594][ T5559] loop1: detected capacity change from 0 to 1024
[   76.586361][ T5561] loop2: detected capacity change from 0 to 512
[   76.593370][ T5561] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   76.608413][ T5561] EXT4-fs: error: could not find journal device path
[   76.616549][ T5562] netlink: 'syz.3.603': attribute type 1 has an invalid length.
[   76.624506][ T5562] netlink: 244 bytes leftover after parsing attributes in process `syz.3.603'.
[   76.635364][ T5559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   76.641615][ T5562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.603'.
[   76.649469][ T5559] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.787216][ T5575] Cannot find del_set index 3 as target
[   76.802922][ T3491] hid-generic 0000:86010001:0006.0005: hidraw0: <UNKNOWN> HID v69662f.2e Device [syz1] on syz0
[   76.867146][ T5579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.604'.
[   76.876100][ T5579] netlink: 20 bytes leftover after parsing attributes in process `syz.2.604'.
[   76.885603][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   76.932628][ T5565] syz.4.605 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[   76.943675][ T5565] CPU: 1 UID: 0 PID: 5565 Comm: syz.4.605 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.943710][ T5565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   76.943727][ T5565] Call Trace:
[   76.943736][ T5565]  <TASK>
[   76.943747][ T5565]  __dump_stack+0x1d/0x30
[   76.943827][ T5565]  dump_stack_lvl+0x95/0xd0
[   76.943855][ T5565]  dump_stack+0x15/0x1b
[   76.943881][ T5565]  dump_header+0x81/0x240
[   76.943903][ T5565]  oom_kill_process+0x295/0x350
[   76.943976][ T5565]  out_of_memory+0x97b/0xb80
[   76.944003][ T5565]  try_charge_memcg+0x610/0xa10
[   76.944122][ T5565]  charge_memcg+0x51/0xc0
[   76.944160][ T5565]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   76.944195][ T5565]  __read_swap_cache_async+0x17b/0x2d0
[   76.944350][ T5565]  swap_cluster_readahead+0x262/0x3c0
[   76.944390][ T5565]  swapin_readahead+0xde/0x820
[   76.944427][ T5565]  ? mod_memcg_lruvec_state+0x1a1/0x280
[   76.944458][ T5565]  ? lruvec_stat_mod_folio+0xd6/0x120
[   76.944518][ T5565]  ? __rcu_read_unlock+0x4f/0x70
[   76.944542][ T5565]  ? swap_cache_get_folio+0x277/0x280
[   76.944588][ T5565]  do_swap_page+0x2b4/0x21e0
[   76.944666][ T5565]  ? __pfx_default_wake_function+0x10/0x10
[   76.944817][ T5565]  handle_mm_fault+0x9d8/0x2c60
[   76.944858][ T5565]  do_user_addr_fault+0x630/0x1080
[   76.944899][ T5565]  exc_page_fault+0x62/0xa0
[   76.945006][ T5565]  asm_exc_page_fault+0x26/0x30
[   76.945031][ T5565] RIP: 0033:0x7f30a1c57570
[   76.945051][ T5565] Code: 48 8b 3c 25 00 03 00 00 e8 1d 13 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 e7 02 74 0b c3 66 2e 0f 1f 84 00 00 00 00 00 <64> 48 8b 04 25 10 00 00 00 8b 90 08 03 00 00 48 8d b8 08 03 00 00
[   76.945073][ T5565] RSP: 002b:00007ffd8395b828 EFLAGS: 00010246
[   76.945093][ T5565] RAX: 0000000000000000 RBX: 00007f30a1e85fa0 RCX: 00007f30a1c62005
[   76.945109][ T5565] RDX: 00007ffd8395b870 RSI: 0000000000000000 RDI: 0000000000000000
[   76.945130][ T5565] RBP: 00007f30a1e87da0 R08: 0000000000000000 R09: 7fffffffffffffff
[   76.945142][ T5565] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000012ecf
[   76.945155][ T5565] R13: 00007f30a1e86090 R14: ffffffffffffffff R15: 00007ffd8395b9b0
[   76.945179][ T5565]  </TASK>
[   76.945188][ T5565] memory: usage 307200kB, limit 307200kB, failcnt 558
[   77.011420][ T5585] net_ratelimit: 18 callbacks suppressed
[   77.011480][ T5585] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   77.014589][ T5565] memory+swap: usage 307384kB, limit 9007199254740988kB, failcnt 0
[   77.014606][ T5565] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[   77.014622][ T5565] Memory cgroup stats for /syz4:
[   77.222277][ T5565] cache 0
[   77.230277][ T5565] rss 24576
[   77.233417][ T5565] shmem 0
[   77.236391][ T5565] mapped_file 0
[   77.239936][ T5565] dirty 0
[   77.242892][ T5565] writeback 0
[   77.246301][ T5565] workingset_refault_anon 10
[   77.250978][ T5565] workingset_refault_file 12
[   77.255616][ T5565] swap 155648
[   77.258954][ T5565] swapcached 28672
[   77.262702][ T5565] pgpgin 39817
[   77.266094][ T5565] pgpgout 39807
[   77.269617][ T5565] pgfault 53494
[   77.273092][ T5565] pgmajfault 13
[   77.276579][ T5565] inactive_anon 0
[   77.280360][ T5565] active_anon 40960
[   77.284194][ T5565] inactive_file 0
[   77.287875][ T5565] active_file 0
[   77.291358][ T5565] unevictable 0
[   77.295008][ T5565] hierarchical_memory_limit 314572800
[   77.300486][ T5565] hierarchical_memsw_limit 9223372036854771712
[   77.306756][ T5565] total_cache 0
[   77.310438][ T5565] total_rss 24576
[   77.314106][ T5565] total_shmem 0
[   77.317617][ T5565] total_mapped_file 0
[   77.321619][ T5565] total_dirty 0
[   77.325104][ T5565] total_writeback 0
[   77.328978][ T5565] total_workingset_refault_anon 10
[   77.334169][ T5565] total_workingset_refault_file 12
[   77.339372][ T5565] total_swap 155648
[   77.343239][ T5565] total_swapcached 28672
[   77.347587][ T5565] total_pgpgin 39817
[   77.351570][ T5565] total_pgpgout 39807
[   77.355577][ T5565] total_pgfault 53494
[   77.359622][ T5565] total_pgmajfault 13
[   77.363695][ T5565] total_inactive_anon 0
[   77.367922][ T5565] total_active_anon 40960
[   77.372276][ T5565] total_inactive_file 0
[   77.376451][ T5565] total_active_file 0
[   77.380508][ T5565] total_unevictable 0
[   77.384525][ T5565] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.605,pid=5565,uid=0
[   77.399168][ T5565] Memory cgroup out of memory: Killed process 5565 (syz.4.605) total-vm:93968kB, anon-rss:1136kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   77.421535][ T5592] loop1: detected capacity change from 0 to 128
[   77.446925][ T5595] loop0: detected capacity change from 0 to 164
[   77.453772][ T5595] iso9660: Bad value for 'block'
[   77.548410][ T5599] loop4: detected capacity change from 0 to 512
[   77.588754][ T5601] FAULT_INJECTION: forcing a failure.
[   77.588754][ T5601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   77.602107][ T5601] CPU: 1 UID: 0 PID: 5601 Comm: syz.0.616 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   77.602140][ T5601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   77.602196][ T5601] Call Trace:
[   77.602205][ T5601]  <TASK>
[   77.602216][ T5601]  __dump_stack+0x1d/0x30
[   77.602309][ T5601]  dump_stack_lvl+0x95/0xd0
[   77.602335][ T5601]  dump_stack+0x15/0x1b
[   77.602360][ T5601]  should_fail_ex+0x265/0x280
[   77.602386][ T5601]  should_fail+0xb/0x20
[   77.602415][ T5599] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   77.602494][ T5601]  should_fail_usercopy+0x1a/0x20
[   77.602594][ T5601]  _copy_from_user+0x1c/0xb0
[   77.602703][ T5601]  __sys_sendto+0x19e/0x330
[   77.602820][ T5601]  __x64_sys_sendto+0x76/0x90
[   77.602917][ T5601]  x64_sys_call+0x29a7/0x3000
[   77.603002][ T5601]  do_syscall_64+0xca/0x2b0
[   77.603112][ T5601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.603186][ T5601] RIP: 0033:0x7fbbf4adf749
[   77.603275][ T5601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.603300][ T5601] RSP: 002b:00007fbbf353f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   77.603361][ T5601] RAX: ffffffffffffffda RBX: 00007fbbf4d35fa0 RCX: 00007fbbf4adf749
[   77.603405][ T5601] RDX: 00000000000005e0 RSI: 0000200000000000 RDI: 0000000000000008
[   77.603449][ T5601] RBP: 00007fbbf353f090 R08: 0000200000000080 R09: 0000000000000014
[   77.603514][ T5601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   77.603558][ T5601] R13: 00007fbbf4d36038 R14: 00007fbbf4d35fa0 R15: 00007ffdf12ca7e8
[   77.603621][ T5601]  </TASK>
[   77.776508][ T5599] EXT4-fs: error: could not find journal device path
[   77.808998][ T5610] loop3: detected capacity change from 0 to 128
[   77.815820][ T5610] msdos: Unknown parameter 'error['
[   77.995756][ T5627] netlink: 16 bytes leftover after parsing attributes in process `syz.3.624'.
[   78.044040][ T5627] FAULT_INJECTION: forcing a failure.
[   78.044040][ T5627] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.057346][ T5627] CPU: 1 UID: 0 PID: 5627 Comm: syz.3.624 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.057411][ T5627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   78.057427][ T5627] Call Trace:
[   78.057436][ T5627]  <TASK>
[   78.057446][ T5627]  __dump_stack+0x1d/0x30
[   78.057475][ T5627]  dump_stack_lvl+0x95/0xd0
[   78.057498][ T5627]  dump_stack+0x15/0x1b
[   78.057592][ T5627]  should_fail_ex+0x265/0x280
[   78.057623][ T5627]  should_fail+0xb/0x20
[   78.057648][ T5627]  should_fail_usercopy+0x1a/0x20
[   78.057687][ T5627]  copy_fpstate_to_sigframe+0x628/0x7d0
[   78.057766][ T5627]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[   78.057793][ T5627]  ? x86_task_fpu+0x36/0x60
[   78.057831][ T5627]  get_sigframe+0x34d/0x490
[   78.057887][ T5627]  ? get_signal+0xdc7/0xf70
[   78.057926][ T5627]  x64_setup_rt_frame+0xa8/0x580
[   78.057960][ T5627]  arch_do_signal_or_restart+0x24c/0x450
[   78.058060][ T5627]  exit_to_user_mode_loop+0x6a/0x740
[   78.058082][ T5627]  ? __x64_sys_sendto+0x76/0x90
[   78.058109][ T5627]  do_syscall_64+0x1e1/0x2b0
[   78.058208][ T5627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.058230][ T5627] RIP: 0033:0x7f000ee3f749
[   78.058246][ T5627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.058263][ T5627] RSP: 002b:00007f000d89f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   78.058312][ T5627] RAX: 0000000000000078 RBX: 00007f000f095fa0 RCX: 00007f000ee3f749
[   78.058394][ T5627] RDX: 0000000000000078 RSI: 0000200000000000 RDI: 0000000000000005
[   78.058406][ T5627] RBP: 00007f000d89f090 R08: 0000000000000000 R09: 0000000000000000
[   78.058417][ T5627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   78.058429][ T5627] R13: 00007f000f096038 R14: 00007f000f095fa0 R15: 00007fff7e12cf18
[   78.058449][ T5627]  </TASK>
[   78.315866][ T5642] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   78.389758][ T5646] FAULT_INJECTION: forcing a failure.
[   78.389758][ T5646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.403133][ T5646] CPU: 0 UID: 0 PID: 5646 Comm: syz.1.630 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.403164][ T5646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   78.403178][ T5646] Call Trace:
[   78.403186][ T5646]  <TASK>
[   78.403194][ T5646]  __dump_stack+0x1d/0x30
[   78.403221][ T5646]  dump_stack_lvl+0x95/0xd0
[   78.403249][ T5646]  dump_stack+0x15/0x1b
[   78.403296][ T5646]  should_fail_ex+0x265/0x280
[   78.403325][ T5646]  should_fail+0xb/0x20
[   78.403349][ T5646]  should_fail_usercopy+0x1a/0x20
[   78.403381][ T5646]  _copy_from_user+0x1c/0xb0
[   78.403493][ T5646]  ___sys_sendmsg+0xc1/0x1d0
[   78.403551][ T5646]  __x64_sys_sendmsg+0xd4/0x160
[   78.403589][ T5646]  x64_sys_call+0x17ba/0x3000
[   78.403620][ T5646]  do_syscall_64+0xca/0x2b0
[   78.403666][ T5646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.403688][ T5646] RIP: 0033:0x7f44aecdf749
[   78.403711][ T5646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.403733][ T5646] RSP: 002b:00007f44ad73f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   78.403756][ T5646] RAX: ffffffffffffffda RBX: 00007f44aef35fa0 RCX: 00007f44aecdf749
[   78.403771][ T5646] RDX: 0000000000088010 RSI: 0000200000000540 RDI: 0000000000000019
[   78.403787][ T5646] RBP: 00007f44ad73f090 R08: 0000000000000000 R09: 0000000000000000
[   78.403814][ T5646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.403829][ T5646] R13: 00007f44aef36038 R14: 00007f44aef35fa0 R15: 00007ffc388556a8
[   78.403849][ T5646]  </TASK>
[   78.411749][ T5650] loop3: detected capacity change from 0 to 512
[   78.567947][ T5657] netlink: 12 bytes leftover after parsing attributes in process `syz.4.632'.
[   78.573299][ T5650] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   78.580761][ T5657] netlink: 20 bytes leftover after parsing attributes in process `syz.4.632'.
[   78.595457][ T5650] EXT4-fs: error: could not find journal device path
[   78.636170][ T5661] loop1: detected capacity change from 0 to 512
[   78.647939][ T5661] EXT4-fs: Ignoring removed nomblk_io_submit option
[   78.662342][ T5661] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.675692][ T5661] ext4 filesystem being mounted at /120/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   78.693068][ T5661] tipc: Started in network mode
[   78.698199][ T5661] tipc: Node identity 92f11e30b104, cluster identity 4711
[   78.705497][ T5661] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   78.718481][ T5660] tipc: Disabling bearer <eth:syzkaller0>
[   78.782869][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.877149][ T5666] loop0: detected capacity change from 0 to 512
[   78.951849][ T5666] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.637: bg 0: block 248: padding at end of block bitmap is not set
[   78.972554][ T5666] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.637: Failed to acquire dquot type 1
[   78.996427][ T5666] EXT4-fs (loop0): 1 truncate cleaned up
[   79.017597][ T5666] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.036324][ T5666] ext4 filesystem being mounted at /144/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.057838][ T5666] syz.0.637 (5666) used greatest stack depth: 8544 bytes left
[   79.086162][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.195151][ T5698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.208094][ T5698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.224854][ T3642] hid_parser_main: 22 callbacks suppressed
[   79.224877][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4
[   79.238657][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2
[   79.246376][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[   79.254758][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[   79.262644][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[   79.270374][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[   79.278100][ T3642] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[   79.294674][ T3642] hid-generic 0000:3000000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   79.463745][ T5714] loop0: detected capacity change from 0 to 1024
[   79.471493][ T5714] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   79.496083][ T5714] EXT4-fs error (device loop0): ext4_map_blocks:825: inode #3: block 1: comm syz.0.656: lblock 1 mapped to illegal pblock 1 (length 1)
[   79.510810][ T5714] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.656: Failed to acquire dquot type 0
[   79.522660][ T5714] EXT4-fs error (device loop0): ext4_free_blocks:6728: comm syz.0.656: Freeing blocks not in datazone - block = 0, count = 4096
[   79.536353][ T5714] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.656: Invalid inode bitmap blk 0 in block_group 0
[   79.549389][ T5714] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[   79.549379][ T4147] EXT4-fs error (device loop0): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:18: lblock 1 mapped to illegal pblock 1 (length 1)
[   79.562190][ T4147] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:18: Failed to release dquot type 0
[   79.602004][ T5714] EXT4-fs (loop0): 1 orphan inode deleted
[   79.608405][ T5714] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.667611][ T5722] __nla_validate_parse: 1 callbacks suppressed
[   79.667664][ T5722] netlink: 16 bytes leftover after parsing attributes in process `syz.3.659'.
[   79.733001][ T5731] ext4: Unknown parameter 'dont_appraise'
[   79.741597][ T5731] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[   79.748166][ T5731] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   79.755694][ T5731] vhci_hcd vhci_hcd.0: Device attached
[   79.843841][ T5738] netlink: 12 bytes leftover after parsing attributes in process `syz.4.660'.
[   79.852803][ T5738] netlink: 20 bytes leftover after parsing attributes in process `syz.4.660'.
[   79.937017][   T36] vhci_hcd vhci_hcd.2: vhci_device speed not set
[   79.987075][   T29] kauditd_printk_skb: 471 callbacks suppressed
[   79.987092][   T29] audit: type=1326 audit(1767426356.929:5133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.017026][   T36] usb 5-1: new full-speed USB device number 2 using vhci_hcd
[   80.029196][   T29] audit: type=1326 audit(1767426356.959:5134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.052641][   T29] audit: type=1326 audit(1767426356.959:5135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.076230][   T29] audit: type=1326 audit(1767426356.959:5136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.099802][   T29] audit: type=1326 audit(1767426356.959:5137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.123277][   T29] audit: type=1326 audit(1767426356.959:5138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.146593][   T29] audit: type=1326 audit(1767426356.959:5139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.148311][ T5748] netlink: 'syz.1.666': attribute type 1 has an invalid length.
[   80.170095][   T29] audit: type=1400 audit(1767426356.969:5140): avc:  denied  { name_bind } for  pid=5742 comm="syz.3.665" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   80.177798][ T5748] netlink: 244 bytes leftover after parsing attributes in process `syz.1.666'.
[   80.199402][   T29] audit: type=1400 audit(1767426356.969:5141): avc:  denied  { node_bind } for  pid=5742 comm="syz.3.665" saddr=224.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   80.199449][   T29] audit: type=1326 audit(1767426356.969:5142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5730 comm="syz.2.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0ea2005 code=0x7ffc0000
[   80.255971][ T5750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.666'.
[   80.267111][ T5747] netlink: 540 bytes leftover after parsing attributes in process `syz.3.665'.
[   80.276167][ T5747] netlink: 5 bytes leftover after parsing attributes in process `syz.3.665'.
[   80.298707][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.323012][ T5753] EXT4-fs (loop0): 1 truncate cleaned up
[   80.330011][ T5753] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.358908][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.369397][ T5757] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[   80.375970][ T5757] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   80.383471][ T5757] vhci_hcd vhci_hcd.0: Device attached
[   80.395380][ T5758] vhci_hcd: connection closed
[   80.395546][ T4147] vhci_hcd vhci_hcd.1: stop threads
[   80.405567][ T4147] vhci_hcd vhci_hcd.1: release socket
[   80.411017][ T4147] vhci_hcd vhci_hcd.1: disconnect device
[   80.534281][ T5761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.669'.
[   80.563822][ T5733] vhci_hcd: connection reset by peer
[   80.571200][ T4147] vhci_hcd vhci_hcd.2: stop threads
[   80.576593][ T4147] vhci_hcd vhci_hcd.2: release socket
[   80.582119][ T4147] vhci_hcd vhci_hcd.2: disconnect device
[   80.631716][ T5772] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   80.645490][ T5772] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.673: invalid indirect mapped block 4294967295 (level 0)
[   80.659656][ T5772] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.673: invalid indirect mapped block 4294967295 (level 1)
[   80.674245][ T5772] EXT4-fs (loop0): 1 orphan inode deleted
[   80.680104][ T5772] EXT4-fs (loop0): 1 truncate cleaned up
[   80.686851][ T5772] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.704705][ T5772] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   80.733299][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.905709][ T5782] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[   80.914474][ T5782] EXT4-fs (loop4): 1 truncate cleaned up
[   80.923768][ T5782] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.003468][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.014724][ T5789] random: crng reseeded on system resumption
[   81.073375][ T5797] netlink: 68 bytes leftover after parsing attributes in process `syz.3.682'.
[   81.090608][ T5797] netlink: 68 bytes leftover after parsing attributes in process `syz.3.682'.
[   81.103259][ T5800] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   81.115372][ T5798] IPVS: stopping master sync thread 5800 ...
[   81.135968][ T5791] delete_channel: no stack
[   81.285676][ T5820] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.293192][ T5820] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.301927][ T5812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.346458][ T5812] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   81.360666][ T5826] netlink: '+}[@': attribute type 1 has an invalid length.
[   81.375933][ T5820] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.383470][ T5820] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.404238][ T5812] EXT4-fs error (device loop4): __ext4_find_entry:1626: inode #12: comm syz.4.684: checksumming directory block 0
[   81.418033][ T5812] EXT4-fs error (device loop4): __ext4_find_entry:1626: inode #12: comm syz.4.684: checksumming directory block 0
[   81.496627][ T5833] ip6t_srh: unknown srh invflags 4000
[   81.555212][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.813914][ T5852] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5852 comm=syz.0.696
[   81.854927][ T4004] IPVS: starting estimator thread 0...
[   82.177060][ T5863] IPVS: using max 1632 ests per chain, 81600 per kthread
[   82.399192][ T5870] netlink: 'syz.0.703': attribute type 1 has an invalid length.
[   82.808746][ T5874] netlink: 'syz.2.698': attribute type 4 has an invalid length.
[   82.864829][ T5874] netlink: 'syz.2.698': attribute type 4 has an invalid length.
[   82.938077][ T5881] set_capacity_and_notify: 7 callbacks suppressed
[   82.938098][ T5881] loop0: detected capacity change from 0 to 128
[   83.242632][ T5891] netlink: 'syz.2.709': attribute type 3 has an invalid length.
[   83.648185][ T5901] macsec0: entered allmulticast mode
[   83.653878][ T5901] veth1_macvtap: entered allmulticast mode
[   83.884692][ T5918] netlink: 'syz.3.716': attribute type 1 has an invalid length.
[   83.935167][ T5921] loop0: detected capacity change from 0 to 512
[   83.978188][ T5921] EXT4-fs (loop0): Couldn't mount because of unsupported optional features (29)
[   84.356230][ T5949] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   84.467692][ T5960] netlink: 'syz.1.731': attribute type 1 has an invalid length.
[   84.555408][ T5964] loop4: detected capacity change from 0 to 2048
[   85.049712][ T5999] netlink: 'syz.4.746': attribute type 1 has an invalid length.
[   85.057505][ T5999] __nla_validate_parse: 14 callbacks suppressed
[   85.057524][ T5999] netlink: 244 bytes leftover after parsing attributes in process `syz.4.746'.
[   85.134004][ T6002] netlink: 8 bytes leftover after parsing attributes in process `syz.4.746'.
[   85.198272][   T36] usb 5-1: enqueue for inactive port 0
[   85.203952][   T36] usb 5-1: enqueue for inactive port 0
[   85.285285][ T6008] FAULT_INJECTION: forcing a failure.
[   85.285285][ T6008] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   85.298759][ T6008] CPU: 1 UID: 0 PID: 6008 Comm: syz.3.749 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.298857][ T6008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   85.298870][ T6008] Call Trace:
[   85.298877][ T6008]  <TASK>
[   85.298885][ T6008]  __dump_stack+0x1d/0x30
[   85.298911][ T6008]  dump_stack_lvl+0x95/0xd0
[   85.298976][ T6008]  dump_stack+0x15/0x1b
[   85.299045][ T6008]  should_fail_ex+0x265/0x280
[   85.299077][ T6008]  should_fail_alloc_page+0xf2/0x100
[   85.299102][ T6008]  __alloc_frozen_pages_noprof+0x109/0x360
[   85.299134][ T6008]  alloc_pages_mpol+0xb3/0x260
[   85.299166][ T6008]  alloc_migration_target_by_mpol+0x11b/0x280
[   85.299219][ T6008]  migrate_pages_batch+0x349/0x1b60
[   85.299248][ T6008]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[   85.299308][ T6008]  ? __folio_put+0x5e/0x150
[   85.299372][ T6008]  ? _raw_spin_lock_irq+0x53/0xa0
[   85.299396][ T6008]  migrate_pages+0xf55/0x1760
[   85.299525][ T6008]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[   85.299653][ T6008]  __se_sys_mbind+0x975/0xac0
[   85.299739][ T6008]  __x64_sys_mbind+0x78/0x90
[   85.299792][ T6008]  x64_sys_call+0x2a2b/0x3000
[   85.299817][ T6008]  do_syscall_64+0xca/0x2b0
[   85.299853][ T6008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.299888][ T6008] RIP: 0033:0x7f000ee3f749
[   85.299904][ T6008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.299922][ T6008] RSP: 002b:00007f000d89f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[   85.299941][ T6008] RAX: ffffffffffffffda RBX: 00007f000f095fa0 RCX: 00007f000ee3f749
[   85.299954][ T6008] RDX: 0000000000000000 RSI: 0100000000004000 RDI: 00002000005b4000
[   85.299966][ T6008] RBP: 00007f000d89f090 R08: 0000000000000000 R09: 0000000000000002
[   85.299978][ T6008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   85.300058][ T6008] R13: 00007f000f096038 R14: 00007f000f095fa0 R15: 00007fff7e12cf18
[   85.300077][ T6008]  </TASK>
[   85.301739][   T36] vhci_hcd vhci_hcd.2: vhci_device speed not set
[   85.543559][   T29] kauditd_printk_skb: 666 callbacks suppressed
[   85.543576][   T29] audit: type=1326 audit(1767426362.479:5809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   85.638445][ T6025] FAULT_INJECTION: forcing a failure.
[   85.638445][ T6025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.651594][ T6025] CPU: 0 UID: 0 PID: 6025 Comm: syz.4.756 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.651660][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   85.651674][ T6025] Call Trace:
[   85.651682][ T6025]  <TASK>
[   85.651692][ T6025]  __dump_stack+0x1d/0x30
[   85.651776][ T6025]  dump_stack_lvl+0x95/0xd0
[   85.651797][ T6025]  dump_stack+0x15/0x1b
[   85.651816][ T6025]  should_fail_ex+0x265/0x280
[   85.651924][ T6025]  should_fail+0xb/0x20
[   85.651943][ T6025]  should_fail_usercopy+0x1a/0x20
[   85.651970][ T6025]  _copy_from_user+0x1c/0xb0
[   85.652098][ T6025]  input_event_from_user+0x5f/0x160
[   85.652132][ T6025]  ? input_inject_event+0x104/0x120
[   85.652171][ T6025]  evdev_write+0x1b1/0x290
[   85.652257][ T6025]  ? __pfx_evdev_write+0x10/0x10
[   85.652299][ T6025]  vfs_write+0x269/0x960
[   85.652321][ T6025]  ? __rcu_read_unlock+0x4f/0x70
[   85.652344][ T6025]  ? __fget_files+0x184/0x1c0
[   85.652434][ T6025]  ksys_write+0xda/0x1a0
[   85.652458][ T6025]  __x64_sys_write+0x40/0x50
[   85.652482][ T6025]  x64_sys_call+0x2847/0x3000
[   85.652563][ T6025]  do_syscall_64+0xca/0x2b0
[   85.652606][ T6025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.652632][ T6025] RIP: 0033:0x7f30a1c2f749
[   85.652649][ T6025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.652670][ T6025] RSP: 002b:00007f30a0697038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.652717][ T6025] RAX: ffffffffffffffda RBX: 00007f30a1e85fa0 RCX: 00007f30a1c2f749
[   85.652730][ T6025] RDX: 0000000000000037 RSI: 0000200000000040 RDI: 0000000000000003
[   85.652742][ T6025] RBP: 00007f30a0697090 R08: 0000000000000000 R09: 0000000000000000
[   85.652754][ T6025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.652768][ T6025] R13: 00007f30a1e86038 R14: 00007f30a1e85fa0 R15: 00007ffd8395b738
[   85.652836][ T6025]  </TASK>
[   85.849639][   T29] audit: type=1326 audit(1767426362.519:5810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   85.873059][   T29] audit: type=1326 audit(1767426362.529:5811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   85.896437][   T29] audit: type=1326 audit(1767426362.529:5812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   85.919950][   T29] audit: type=1326 audit(1767426362.529:5813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   85.943430][   T29] audit: type=1326 audit(1767426362.529:5814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f000ee3f783 code=0x7ffc0000
[   85.954027][ T6026] program syz.3.753 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   85.967295][   T29] audit: type=1326 audit(1767426362.539:5815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   85.999326][   T29] audit: type=1326 audit(1767426362.559:5816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f000ee3e1ff code=0x7ffc0000
[   86.026767][ T6018] loop3: detected capacity change from 0 to 8192
[   86.033904][ T6026] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   86.034262][   T29] audit: type=1326 audit(1767426362.839:5817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   86.065799][   T29] audit: type=1326 audit(1767426362.839:5818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6017 comm="syz.3.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f000ee3f783 code=0x7ffc0000
[   86.105871][ T6026] lo speed is unknown, defaulting to 1000
[   86.126124][ T6026] lo speed is unknown, defaulting to 1000
[   86.136424][ T6026] lo speed is unknown, defaulting to 1000
[   86.143754][ T6026] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   86.152035][ T6018]  loop3: p1 p2[DM] p4
[   86.157957][ T6026] lo speed is unknown, defaulting to 1000
[   86.169085][ T6026] lo speed is unknown, defaulting to 1000
[   86.175549][ T6026] lo speed is unknown, defaulting to 1000
[   86.181944][ T6026] lo speed is unknown, defaulting to 1000
[   86.187891][ T6018] loop3: p1 size 196608 extends beyond EOD, truncated
[   86.189094][ T6026] lo speed is unknown, defaulting to 1000
[   86.212953][ T6018] loop3: p2 start 4292936063 is beyond EOD, truncated
[   86.219857][ T6018] loop3: p4 size 50331648 extends beyond EOD, truncated
[   86.235229][ T6028] FAULT_INJECTION: forcing a failure.
[   86.235229][ T6028] name failslab, interval 1, probability 0, space 0, times 0
[   86.248144][ T6028] CPU: 0 UID: 0 PID: 6028 Comm: syz.1.757 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   86.248173][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   86.248187][ T6028] Call Trace:
[   86.248194][ T6028]  <TASK>
[   86.248204][ T6028]  __dump_stack+0x1d/0x30
[   86.248254][ T6028]  dump_stack_lvl+0x95/0xd0
[   86.248281][ T6028]  dump_stack+0x15/0x1b
[   86.248306][ T6028]  should_fail_ex+0x265/0x280
[   86.248335][ T6028]  should_failslab+0x8c/0xb0
[   86.248367][ T6028]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[   86.248404][ T6028]  ? __alloc_skb+0x2ff/0x4b0
[   86.248470][ T6028]  __alloc_skb+0x2ff/0x4b0
[   86.248504][ T6028]  ? __alloc_skb+0x228/0x4b0
[   86.248528][ T6028]  audit_log_start+0x3a0/0x720
[   86.248549][ T6028]  ? kstrtouint+0x76/0xc0
[   86.248568][ T6028]  audit_seccomp+0x48/0x100
[   86.248697][ T6028]  ? __seccomp_filter+0x832/0x1260
[   86.248729][ T6028]  __seccomp_filter+0x843/0x1260
[   86.248765][ T6028]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   86.248802][ T6028]  ? vfs_write+0x7e8/0x960
[   86.248831][ T6028]  __secure_computing+0x82/0x150
[   86.248920][ T6028]  syscall_trace_enter+0xcf/0x1e0
[   86.248944][ T6028]  do_syscall_64+0xa4/0x2b0
[   86.249029][ T6028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.249126][ T6028] RIP: 0033:0x7f44aecdf749
[   86.249146][ T6028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.249168][ T6028] RSP: 002b:00007f44ad73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.249192][ T6028] RAX: ffffffffffffffda RBX: 00007f44aef35fa0 RCX: 00007f44aecdf749
[   86.249214][ T6028] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000009
[   86.249226][ T6028] RBP: 00007f44ad73f090 R08: 0000000000000000 R09: 0000000000000000
[   86.249237][ T6028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.249252][ T6028] R13: 00007f44aef36038 R14: 00007f44aef35fa0 R15: 00007ffc388556a8
[   86.249276][ T6028]  </TASK>
[   86.249695][ T6028] program syz.1.757 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.306123][ T6042] loop0: detected capacity change from 0 to 256
[   86.313037][ T6043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.760'.
[   86.323964][ T6028] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   86.430810][ T6045] siw: device registration error -23
[   86.610365][ T6056] loop3: detected capacity change from 0 to 8192
[   86.667254][ T6056]  loop3: p1 p2[DM] p4
[   86.671783][ T6056] loop3: p1 size 196608 extends beyond EOD, truncated
[   86.679261][ T6056] loop3: p2 start 4292936063 is beyond EOD, truncated
[   86.686186][ T6056] loop3: p4 size 50331648 extends beyond EOD, truncated
[   86.704140][ T6056] program syz.3.765 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.713493][ T6056] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   86.801080][ T6071] FAULT_INJECTION: forcing a failure.
[   86.801080][ T6071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   86.806559][ T6072] netlink: 20 bytes leftover after parsing attributes in process `syz.1.771'.
[   86.814302][ T6071] CPU: 1 UID: 0 PID: 6071 Comm: syz.3.772 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   86.814479][ T6071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   86.814528][ T6071] Call Trace:
[   86.814549][ T6071]  <TASK>
[   86.814571][ T6071]  __dump_stack+0x1d/0x30
[   86.814653][ T6071]  dump_stack_lvl+0x95/0xd0
[   86.814736][ T6071]  dump_stack+0x15/0x1b
[   86.814809][ T6071]  should_fail_ex+0x265/0x280
[   86.814832][ T6071]  should_fail+0xb/0x20
[   86.814850][ T6071]  should_fail_usercopy+0x1a/0x20
[   86.814874][ T6071]  _copy_from_user+0x1c/0xb0
[   86.814962][ T6071]  ___sys_sendmsg+0xc1/0x1d0
[   86.815050][ T6071]  ? __bpf_get_stackid+0x6f6/0x7d0
[   86.815199][ T6071]  __x64_sys_sendmsg+0xd4/0x160
[   86.815308][ T6071]  x64_sys_call+0x17ba/0x3000
[   86.815428][ T6071]  do_syscall_64+0xca/0x2b0
[   86.815545][ T6071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.815617][ T6071] RIP: 0033:0x7f000ee3f749
[   86.815661][ T6071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.815731][ T6071] RSP: 002b:00007f000d89f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.815858][ T6071] RAX: ffffffffffffffda RBX: 00007f000f095fa0 RCX: 00007f000ee3f749
[   86.815916][ T6071] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000007
[   86.815959][ T6071] RBP: 00007f000d89f090 R08: 0000000000000000 R09: 0000000000000000
[   86.815994][ T6071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.816076][ T6071] R13: 00007f000f096038 R14: 00007f000f095fa0 R15: 00007fff7e12cf18
[   86.816141][ T6071]  </TASK>
[   87.091408][ T6089] netlink: 'syz.0.775': attribute type 12 has an invalid length.
[   87.149842][ T6089] vlan0: entered allmulticast mode
[   87.175363][ T6101] SELinux: failed to load policy
[   87.183241][ T6101] netlink: 104 bytes leftover after parsing attributes in process `syz.2.783'.
[   87.250280][ T6109] $Hÿ: renamed from bond0 (while UP)
[   87.260024][ T6109] $Hÿ: entered promiscuous mode
[   87.265116][ T6109] bond_slave_0: entered promiscuous mode
[   87.271085][ T6109] bond_slave_1: entered promiscuous mode
[   87.465610][ T6126] netlink: 'syz.1.788': attribute type 1 has an invalid length.
[   87.473608][ T6126] netlink: 244 bytes leftover after parsing attributes in process `syz.1.788'.
[   87.488390][ T6126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.788'.
[   87.557937][ T6134] bridge: RTM_NEWNEIGH with invalid ether address
[   87.593966][ T6137] netlink: 'syz.2.790': attribute type 1 has an invalid length.
[   87.601809][ T6137] netlink: 244 bytes leftover after parsing attributes in process `syz.2.790'.
[   87.611796][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.790'.
[   87.704805][ T6147] loop4: detected capacity change from 0 to 512
[   87.711703][ T6147] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   87.726796][ T6147] EXT4-fs: error: could not find journal device path
[   87.750837][ T6148] lo speed is unknown, defaulting to 1000
[   87.817769][ T6158] netlink: 'syz.2.798': attribute type 1 has an invalid length.
[   87.833356][ T6157] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6157 comm=syz.2.798
[   87.845799][ T6157] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=6157 comm=syz.2.798
[   87.863721][ T6136] pimreg: entered allmulticast mode
[   87.875588][ T6136] pimreg: left allmulticast mode
[   87.901500][ T6165] loop4: detected capacity change from 0 to 128
[   87.998217][ T6171] netlink: 'syz.0.802': attribute type 1 has an invalid length.
[   88.005930][ T6171] netlink: 244 bytes leftover after parsing attributes in process `syz.0.802'.
[   88.021254][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   88.038667][   T36] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   88.083039][ T6177] loop3: detected capacity change from 0 to 512
[   88.098593][ T6177] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   88.107525][ T6177] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   88.145740][ T6177] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.805: Allocating blocks 41-42 which overlap fs metadata
[   88.176407][ T6177] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.805: Allocating blocks 41-42 which overlap fs metadata
[   88.198760][ T6177] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.805: Failed to acquire dquot type 1
[   88.210873][ T6177] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[   88.228554][ T6177] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.805: corrupted inode contents
[   88.240659][ T6177] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #12: comm syz.3.805: mark_inode_dirty error
[   88.253800][ T6177] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.805: corrupted inode contents
[   88.266234][ T6183] loop0: detected capacity change from 0 to 1024
[   88.273065][ T6183] EXT4-fs: inline encryption not supported
[   88.279454][ T6177] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.805: mark_inode_dirty error
[   88.291190][ T6177] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.805: corrupted inode contents
[   88.303514][ T6177] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[   88.311715][ T6183] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.324893][ T6177] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.805: corrupted inode contents
[   88.349434][ T6177] EXT4-fs error (device loop3): ext4_truncate:4635: inode #12: comm syz.3.805: mark_inode_dirty error
[   88.369218][ T6183] EXT4-fs error (device loop0): mb_free_blocks:2037: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   88.386452][ T6177] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem
[   88.396089][ T6183] EXT4-fs (loop0): Remounting filesystem read-only
[   88.404776][ T6177] EXT4-fs (loop3): 1 truncate cleaned up
[   88.419269][ T6177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.448376][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.470312][ T6177] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.191251][ T6227] program syz.3.825 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   89.358145][ T6233] smc: net device bond0 applied user defined pnetid SYZ0
[   89.704489][ T6262] 9p: Bad value for 'rfdno'
[   90.165990][ T6271] syzkaller0: entered promiscuous mode
[   90.171575][ T6271] syzkaller0: entered allmulticast mode
[   90.217666][ T6269] pimreg: entered allmulticast mode
[   90.329432][ T6281] 9p: Bad value for 'wfdno'
[   90.488491][ T6312] netlink: 'syz.3.850': attribute type 1 has an invalid length.
[   90.496237][ T6312] __nla_validate_parse: 5 callbacks suppressed
[   90.496257][ T6312] netlink: 244 bytes leftover after parsing attributes in process `syz.3.850'.
[   90.521270][ T6312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.850'.
[   90.537669][ T6311] 9pnet_fd: Insufficient options for proto=fd
[   90.547136][   T29] kauditd_printk_skb: 663 callbacks suppressed
[   90.547155][   T29] audit: type=1326 audit(1767426367.479:6476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6309 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0e6f749 code=0x7ffc0000
[   90.598900][ T6319] netlink: 'syz.2.859': attribute type 1 has an invalid length.
[   90.617434][   T29] audit: type=1400 audit(1767426367.559:6477): avc:  denied  { name_connect } for  pid=6315 comm="syz.0.857" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   90.675351][ T6319] bond1: (slave bridge1): making interface the new active one
[   90.686060][ T6319] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   90.709007][   T29] audit: type=1400 audit(1767426367.649:6478): avc:  denied  { create } for  pid=6317 comm="syz.2.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[   90.744042][   T29] audit: type=1326 audit(1767426367.679:6479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6302 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   90.769569][   T29] audit: type=1400 audit(1767426367.679:6480): avc:  denied  { write } for  pid=6317 comm="syz.2.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[   90.790236][   T29] audit: type=1326 audit(1767426367.699:6481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6302 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   90.792978][ T6319] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   90.920112][ T6339] loop3: detected capacity change from 0 to 256
[   90.927041][ T6339] msdos: Bad value for 'errors'
[   91.004490][   T29] audit: type=1326 audit(1767426367.939:6482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6350 comm="syz.1.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   91.052196][ T6328] random: crng reseeded on system resumption
[   91.055743][   T29] audit: type=1326 audit(1767426367.969:6483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6350 comm="syz.1.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   91.081877][   T29] audit: type=1326 audit(1767426367.969:6484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6350 comm="syz.1.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   91.105488][   T29] audit: type=1326 audit(1767426367.969:6485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6350 comm="syz.1.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[   91.139705][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.872'.
[   91.164684][ T6360] pim6reg: entered allmulticast mode
[   91.396032][ T6386] netlink: 184 bytes leftover after parsing attributes in process `syz.2.873'.
[   91.703770][ T6396] loop4: detected capacity change from 0 to 128
[   91.726291][ T6396] /dev/loop4: Can't open blockdev
[   91.782022][ T6399] loop0: detected capacity change from 0 to 512
[   91.802447][ T6399] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   91.817417][ T6399] EXT4-fs: error: could not find journal device path
[   92.140222][ T6434] netlink: 'syz.2.880': attribute type 10 has an invalid length.
[   92.148194][ T6434] netlink: 40 bytes leftover after parsing attributes in process `syz.2.880'.
[   92.173435][ T6438] netlink: 68 bytes leftover after parsing attributes in process `syz.1.882'.
[   92.179095][ T6434] batman_adv: batadv0: Adding interface: veth1_vlan
[   92.189182][ T6434] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.257249][ T6434] batman_adv: batadv0: Interface activated: veth1_vlan
[   92.391727][ T6455] FAULT_INJECTION: forcing a failure.
[   92.391727][ T6455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.403520][ T6456] lo speed is unknown, defaulting to 1000
[   92.405269][ T6455] CPU: 0 UID: 0 PID: 6455 Comm: syz.0.887 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.405371][ T6455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   92.405416][ T6455] Call Trace:
[   92.405438][ T6455]  <TASK>
[   92.405462][ T6455]  __dump_stack+0x1d/0x30
[   92.405548][ T6455]  dump_stack_lvl+0x95/0xd0
[   92.405624][ T6455]  dump_stack+0x15/0x1b
[   92.405771][ T6455]  should_fail_ex+0x265/0x280
[   92.405855][ T6455]  should_fail+0xb/0x20
[   92.405930][ T6455]  should_fail_usercopy+0x1a/0x20
[   92.406027][ T6455]  _copy_to_user+0x20/0xa0
[   92.406127][ T6455]  simple_read_from_buffer+0xb5/0x130
[   92.406215][ T6455]  proc_fail_nth_read+0x10e/0x150
[   92.406312][ T6455]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   92.406450][ T6455]  vfs_read+0x1a8/0x770
[   92.406527][ T6455]  ? n_tty_ioctl_helper+0x91/0x210
[   92.406679][ T6455]  ? __rcu_read_unlock+0x4f/0x70
[   92.406754][ T6455]  ? __fget_files+0x184/0x1c0
[   92.406829][ T6455]  ? mutex_lock+0x58/0x90
[   92.406923][ T6455]  ksys_read+0xda/0x1a0
[   92.407000][ T6455]  __x64_sys_read+0x40/0x50
[   92.407124][ T6455]  x64_sys_call+0x2889/0x3000
[   92.407211][ T6455]  do_syscall_64+0xca/0x2b0
[   92.407332][ T6455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.407425][ T6455] RIP: 0033:0x7fbbf4ade15c
[   92.407474][ T6455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   92.407529][ T6455] RSP: 002b:00007fbbf351e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   92.407596][ T6455] RAX: ffffffffffffffda RBX: 00007fbbf4d36090 RCX: 00007fbbf4ade15c
[   92.407648][ T6455] RDX: 000000000000000f RSI: 00007fbbf351e0a0 RDI: 0000000000000004
[   92.407692][ T6455] RBP: 00007fbbf351e090 R08: 0000000000000000 R09: 0000000000000000
[   92.407728][ T6455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.407792][ T6455] R13: 00007fbbf4d36128 R14: 00007fbbf4d36090 R15: 00007ffdf12ca7e8
[   92.407881][ T6455]  </TASK>
[   92.626357][ T6459] loop4: detected capacity change from 0 to 128
[   92.890376][ T6485] lo speed is unknown, defaulting to 1000
[   92.925027][ T6494] netlink: 'syz.3.904': attribute type 1 has an invalid length.
[   92.932809][ T6494] netlink: 244 bytes leftover after parsing attributes in process `syz.3.904'.
[   92.960748][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'.
[   93.121542][ T6497] FAULT_INJECTION: forcing a failure.
[   93.121542][ T6497] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   93.135116][ T6497] CPU: 0 UID: 0 PID: 6497 Comm: syz.3.905 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   93.135287][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   93.135334][ T6497] Call Trace:
[   93.135343][ T6497]  <TASK>
[   93.135354][ T6497]  __dump_stack+0x1d/0x30
[   93.135386][ T6497]  dump_stack_lvl+0x95/0xd0
[   93.135407][ T6497]  dump_stack+0x15/0x1b
[   93.135428][ T6497]  should_fail_ex+0x265/0x280
[   93.135534][ T6497]  should_fail_alloc_page+0xf2/0x100
[   93.135565][ T6497]  __alloc_frozen_pages_noprof+0x109/0x360
[   93.135604][ T6497]  alloc_pages_mpol+0xb3/0x260
[   93.135731][ T6497]  alloc_migration_target_by_mpol+0x11b/0x280
[   93.135776][ T6497]  migrate_pages_batch+0x349/0x1b60
[   93.135809][ T6497]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[   93.135929][ T6497]  ? __pfx_remove_migration_pte+0x10/0x10
[   93.135964][ T6497]  migrate_pages+0xf55/0x1760
[   93.135993][ T6497]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[   93.136078][ T6497]  __se_sys_mbind+0x975/0xac0
[   93.136126][ T6497]  __x64_sys_mbind+0x78/0x90
[   93.136224][ T6497]  x64_sys_call+0x2a2b/0x3000
[   93.136312][ T6497]  do_syscall_64+0xca/0x2b0
[   93.136499][ T6497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.136523][ T6497] RIP: 0033:0x7f000ee3f749
[   93.136543][ T6497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.136620][ T6497] RSP: 002b:00007f000d89f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[   93.136643][ T6497] RAX: ffffffffffffffda RBX: 00007f000f095fa0 RCX: 00007f000ee3f749
[   93.136657][ T6497] RDX: 0000000000000000 RSI: 0100000000004000 RDI: 00002000005b4000
[   93.136672][ T6497] RBP: 00007f000d89f090 R08: 0000000000000000 R09: 0000000000000002
[   93.136735][ T6497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.136748][ T6497] R13: 00007f000f096038 R14: 00007f000f095fa0 R15: 00007fff7e12cf18
[   93.136770][ T6497]  </TASK>
[   93.410692][ T6509] netlink: 14 bytes leftover after parsing attributes in process `syz.3.910'.
[   93.431302][ T6509] hsr_slave_0: left promiscuous mode
[   93.550702][ T6519] netlink: 'syz.4.912': attribute type 1 has an invalid length.
[   93.559233][ T6519] netlink: 244 bytes leftover after parsing attributes in process `syz.4.912'.
[   93.677343][ T6531] loop4: detected capacity change from 0 to 512
[   93.684324][ T6531] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   93.699592][ T6531] EXT4-fs: error: could not find journal device path
[   93.808294][ T6545] loop3: detected capacity change from 0 to 128
[   93.840012][ T6549] loop4: detected capacity change from 0 to 128
[   93.888070][ T6553] loop0: detected capacity change from 0 to 512
[   93.898388][ T6553] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.928: invalid block
[   93.927358][ T6553] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.928: invalid indirect mapped block 4294967295 (level 1)
[   93.951556][ T6553] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.928: invalid indirect mapped block 4294967295 (level 1)
[   93.986218][ T6553] EXT4-fs (loop0): 2 truncates cleaned up
[   93.992693][ T6553] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.046590][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.291612][ T4142] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   94.312632][ T4142] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   94.331891][ T4142] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   94.351671][ T4142] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   94.457553][ T6586] netlink: 'syz.4.939': attribute type 30 has an invalid length.
[   94.512331][ T6611] FAULT_INJECTION: forcing a failure.
[   94.512331][ T6611] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.525773][ T6612] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   94.537084][ T6611] CPU: 1 UID: 0 PID: 6611 Comm: syz.1.950 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   94.537144][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   94.537157][ T6611] Call Trace:
[   94.537163][ T6611]  <TASK>
[   94.537171][ T6611]  __dump_stack+0x1d/0x30
[   94.537201][ T6611]  dump_stack_lvl+0x95/0xd0
[   94.537226][ T6611]  dump_stack+0x15/0x1b
[   94.537248][ T6611]  should_fail_ex+0x265/0x280
[   94.537271][ T6611]  should_fail+0xb/0x20
[   94.537290][ T6611]  should_fail_usercopy+0x1a/0x20
[   94.537319][ T6611]  _copy_from_iter+0xcf/0xe70
[   94.537345][ T6611]  ? __alloc_skb+0x396/0x4b0
[   94.537398][ T6611]  ? __alloc_skb+0x228/0x4b0
[   94.537431][ T6611]  netlink_sendmsg+0x471/0x6b0
[   94.537491][ T6611]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.537533][ T6611]  __sock_sendmsg+0x145/0x180
[   94.537592][ T6611]  ____sys_sendmsg+0x31e/0x4a0
[   94.537623][ T6611]  ___sys_sendmsg+0x17b/0x1d0
[   94.537715][ T6611]  __x64_sys_sendmsg+0xd4/0x160
[   94.537758][ T6611]  x64_sys_call+0x17ba/0x3000
[   94.537791][ T6611]  do_syscall_64+0xca/0x2b0
[   94.537921][ T6611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.537949][ T6611] RIP: 0033:0x7f44aecdf749
[   94.537967][ T6611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.537985][ T6611] RSP: 002b:00007f44ad73f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.538087][ T6611] RAX: ffffffffffffffda RBX: 00007f44aef35fa0 RCX: 00007f44aecdf749
[   94.538104][ T6611] RDX: 0000000000001004 RSI: 0000200000000300 RDI: 0000000000000003
[   94.538117][ T6611] RBP: 00007f44ad73f090 R08: 0000000000000000 R09: 0000000000000000
[   94.538154][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.538169][ T6611] R13: 00007f44aef36038 R14: 00007f44aef35fa0 R15: 00007ffc388556a8
[   94.538194][ T6611]  </TASK>
[   94.810043][ T6624] FAULT_INJECTION: forcing a failure.
[   94.810043][ T6624] name failslab, interval 1, probability 0, space 0, times 0
[   94.822841][ T6624] CPU: 0 UID: 0 PID: 6624 Comm: syz.2.955 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   94.822932][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   94.822949][ T6624] Call Trace:
[   94.822957][ T6624]  <TASK>
[   94.822968][ T6624]  __dump_stack+0x1d/0x30
[   94.823006][ T6624]  dump_stack_lvl+0x95/0xd0
[   94.823033][ T6624]  dump_stack+0x15/0x1b
[   94.823112][ T6624]  should_fail_ex+0x265/0x280
[   94.823137][ T6624]  should_failslab+0x8c/0xb0
[   94.823165][ T6624]  __kmalloc_cache_node_noprof+0x6a/0x4d0
[   94.823199][ T6624]  ? __get_vm_area_node+0x106/0x1d0
[   94.823224][ T6624]  __get_vm_area_node+0x106/0x1d0
[   94.823329][ T6624]  __vmalloc_node_range_noprof+0x28e/0x1310
[   94.823355][ T6624]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   94.823450][ T6624]  ? do_dentry_open+0x8a1/0xa60
[   94.823529][ T6624]  ? __rcu_read_unlock+0x4f/0x70
[   94.823554][ T6624]  ? avc_has_perm_noaudit+0xab/0x130
[   94.823585][ T6624]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   94.823610][ T6624]  __vmalloc_noprof+0xa4/0xf0
[   94.823755][ T6624]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   94.823781][ T6624]  bpf_prog_alloc_no_stats+0x47/0x390
[   94.823806][ T6624]  ? bpf_prog_alloc+0x2a/0x150
[   94.823831][ T6624]  bpf_prog_alloc+0x3c/0x150
[   94.823851][ T6624]  bpf_prog_load+0x506/0x1140
[   94.823960][ T6624]  ? security_bpf+0x2b/0x90
[   94.824004][ T6624]  __sys_bpf+0x469/0x7c0
[   94.824038][ T6624]  __x64_sys_bpf+0x41/0x50
[   94.824070][ T6624]  x64_sys_call+0x28e1/0x3000
[   94.824145][ T6624]  do_syscall_64+0xca/0x2b0
[   94.824203][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.824309][ T6624] RIP: 0033:0x7efcd0e6f749
[   94.824325][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.824348][ T6624] RSP: 002b:00007efccf8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   94.824372][ T6624] RAX: ffffffffffffffda RBX: 00007efcd10c5fa0 RCX: 00007efcd0e6f749
[   94.824403][ T6624] RDX: 00000000000000af RSI: 00002000000000c0 RDI: 0000000000000005
[   94.824419][ T6624] RBP: 00007efccf8cf090 R08: 0000000000000000 R09: 0000000000000000
[   94.824508][ T6624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.824524][ T6624] R13: 00007efcd10c6038 R14: 00007efcd10c5fa0 R15: 00007ffe193b67f8
[   94.824545][ T6624]  </TASK>
[   94.824622][ T6624] syz.2.955: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0
[   95.072729][ T6624] CPU: 0 UID: 0 PID: 6624 Comm: syz.2.955 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   95.072832][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   95.072864][ T6624] Call Trace:
[   95.072869][ T6624]  <TASK>
[   95.072895][ T6624]  __dump_stack+0x1d/0x30
[   95.072921][ T6624]  dump_stack_lvl+0x95/0xd0
[   95.072945][ T6624]  dump_stack+0x15/0x1b
[   95.072975][ T6624]  warn_alloc+0x12b/0x1a0
[   95.073086][ T6624]  __vmalloc_node_range_noprof+0x2b3/0x1310
[   95.073116][ T6624]  ? do_dentry_open+0x8a1/0xa60
[   95.073172][ T6624]  ? __rcu_read_unlock+0x4f/0x70
[   95.073198][ T6624]  ? avc_has_perm_noaudit+0xab/0x130
[   95.073230][ T6624]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   95.073257][ T6624]  __vmalloc_noprof+0xa4/0xf0
[   95.073297][ T6624]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   95.073392][ T6624]  bpf_prog_alloc_no_stats+0x47/0x390
[   95.073411][ T6624]  ? bpf_prog_alloc+0x2a/0x150
[   95.073431][ T6624]  bpf_prog_alloc+0x3c/0x150
[   95.073454][ T6624]  bpf_prog_load+0x506/0x1140
[   95.073527][ T6624]  ? security_bpf+0x2b/0x90
[   95.073555][ T6624]  __sys_bpf+0x469/0x7c0
[   95.073583][ T6624]  __x64_sys_bpf+0x41/0x50
[   95.073696][ T6624]  x64_sys_call+0x28e1/0x3000
[   95.073810][ T6624]  do_syscall_64+0xca/0x2b0
[   95.073855][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.073883][ T6624] RIP: 0033:0x7efcd0e6f749
[   95.073902][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.074005][ T6624] RSP: 002b:00007efccf8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   95.074031][ T6624] RAX: ffffffffffffffda RBX: 00007efcd10c5fa0 RCX: 00007efcd0e6f749
[   95.074047][ T6624] RDX: 00000000000000af RSI: 00002000000000c0 RDI: 0000000000000005
[   95.074064][ T6624] RBP: 00007efccf8cf090 R08: 0000000000000000 R09: 0000000000000000
[   95.074080][ T6624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.074108][ T6624] R13: 00007efcd10c6038 R14: 00007efcd10c5fa0 R15: 00007ffe193b67f8
[   95.074134][ T6624]  </TASK>
[   95.074142][ T6624] Mem-Info:
[   95.246063][ T6632] FAULT_INJECTION: forcing a failure.
[   95.246063][ T6632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.252375][ T6624] active_anon:20589 inactive_anon:12 isolated_anon:0
[   95.252375][ T6624]  active_file:19267 inactive_file:2272 isolated_file:0
[   95.252375][ T6624]  unevictable:0 dirty:793 writeback:0
[   95.252375][ T6624]  slab_reclaimable:3311 slab_unreclaimable:16852
[   95.252375][ T6624]  mapped:29992 shmem:16572 pagetables:1240
[   95.252375][ T6624]  sec_pagetables:0 bounce:0
[   95.252375][ T6624]  kernel_misc_reclaimable:0
[   95.252375][ T6624]  free:1863880 free_pcp:12830 free_cma:0
[   95.260451][ T6632] CPU: 1 UID: 0 PID: 6632 Comm: syz.3.959 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   95.260555][ T6632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   95.260609][ T6632] Call Trace:
[   95.260639][ T6632]  <TASK>
[   95.260677][ T6632]  __dump_stack+0x1d/0x30
[   95.260838][ T6632]  dump_stack_lvl+0x95/0xd0
[   95.260913][ T6632]  dump_stack+0x15/0x1b
[   95.260979][ T6632]  should_fail_ex+0x265/0x280
[   95.261094][ T6632]  should_fail+0xb/0x20
[   95.261159][ T6632]  should_fail_usercopy+0x1a/0x20
[   95.261236][ T6632]  _copy_from_user+0x1c/0xb0
[   95.261333][ T6632]  kstrtouint_from_user+0x69/0xf0
[   95.261451][ T6632]  ? 0xffffffff81000000
[   95.261515][ T6632]  ? selinux_file_permission+0x1e2/0x320
[   95.261623][ T6632]  proc_fail_nth_write+0x50/0x160
[   95.261721][ T6632]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   95.261816][ T6632]  vfs_write+0x269/0x960
[   95.261919][ T6632]  ? vfs_read+0x4e6/0x770
[   95.261996][ T6632]  ? __rcu_read_unlock+0x4f/0x70
[   95.262088][ T6632]  ? __fget_files+0x184/0x1c0
[   95.262165][ T6632]  ? mutex_lock+0x58/0x90
[   95.262281][ T6632]  ksys_write+0xda/0x1a0
[   95.262346][ T6632]  __x64_sys_write+0x40/0x50
[   95.262412][ T6632]  x64_sys_call+0x2847/0x3000
[   95.262560][ T6632]  do_syscall_64+0xca/0x2b0
[   95.262670][ T6632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.262968][ T6632] RIP: 0033:0x7f000ee3e1ff
[   95.263010][ T6632] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   95.263128][ T6632] RSP: 002b:00007f000d89f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   95.263192][ T6632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f000ee3e1ff
[   95.263235][ T6632] RDX: 0000000000000001 RSI: 00007f000d89f0a0 RDI: 0000000000000003
[   95.263270][ T6632] RBP: 00007f000d89f090 R08: 0000000000000000 R09: 0000000000000000
[   95.263322][ T6632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   95.263379][ T6632] R13: 00007f000f096038 R14: 00007f000f095fa0 R15: 00007fff7e12cf18
[   95.263467][ T6632]  </TASK>
[   95.547972][ T6624] Node 0 active_anon:82356kB inactive_anon:48kB active_file:77068kB inactive_file:9088kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:120084kB dirty:3172kB writeback:0kB shmem:66288kB kernel_stack:4016kB pagetables:5192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   95.575476][ T6624] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   95.605131][ T6624] lowmem_reserve[]: 0 2880 7859 7859
[   95.610730][ T6624] Node 0 DMA32 free:2945988kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949516kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB
[   95.642244][ T6624] lowmem_reserve[]: 0 0 4978 4978
[   95.647352][ T6624] Node 0 Normal free:4494148kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:82432kB inactive_anon:48kB active_file:77068kB inactive_file:9092kB unevictable:0kB writepending:3176kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:47444kB local_pcp:32180kB free_cma:0kB
[   95.680536][ T6624] lowmem_reserve[]: 0 0 0 0
[   95.685079][ T6624] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   95.697905][ T6624] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 4*16kB (M) 3*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945988kB
[   95.714068][ T6624] Node 0 Normal: 1*4kB (M) 0*8kB 88*16kB (UME) 174*32kB (UME) 288*64kB (UME) 182*128kB (UME) 85*256kB (UME) 44*512kB (UME) 44*1024kB (UME) 23*2048kB (UM) 1052*4096kB (UM) = 4494148kB
[   95.732731][ T6624] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   95.742135][ T6624] 38118 total pagecache pages
[   95.746827][ T6624] 13 pages in swap cache
[   95.751093][ T6624] Free swap  = 124944kB
[   95.755274][ T6624] Total swap = 124996kB
[   95.759453][ T6624] 2097051 pages RAM
[   95.763292][ T6624] 0 pages HighMem/MovableOnly
[   95.767997][ T6624] 81272 pages reserved
[   95.776250][ T6636] bridge0: port 4(batadv1) entered blocking state
[   95.782799][ T6636] bridge0: port 4(batadv1) entered disabled state
[   95.790553][ T6636] batadv1: entered allmulticast mode
[   95.796096][   T29] kauditd_printk_skb: 202 callbacks suppressed
[   95.796113][   T29] audit: type=1400 audit(1767426372.729:6688): avc:  denied  { bind } for  pid=6637 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   95.852623][ T6643] __nla_validate_parse: 4 callbacks suppressed
[   95.852687][ T6643] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.963'.
[   95.864487][ T6636] batadv1: entered promiscuous mode
[   95.874467][   T29] audit: type=1400 audit(1767426372.729:6689): avc:  denied  { setopt } for  pid=6637 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   95.940725][   T29] audit: type=1400 audit(1767426372.879:6690): avc:  denied  { getopt } for  pid=6649 comm="syz.4.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   96.029610][ T6662] netlink: 'syz.2.971': attribute type 10 has an invalid length.
[   96.050308][ T6662] team0: Failed to send options change via netlink (err -105)
[   96.057910][ T6662] team0: Port device dummy0 added
[   96.142560][ T6669] loop3: detected capacity change from 0 to 512
[   96.176207][ T6669] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   96.238007][ T6669] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.974: bg 0: block 255: padding at end of block bitmap is not set
[   96.269774][ T6669] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6689: Corrupt filesystem
[   96.278985][ T6669] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.974: invalid indirect mapped block 1 (level 1)
[   96.292349][   T31] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[   96.301694][   T31] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[   96.311397][ T6669] EXT4-fs (loop3): 1 truncate cleaned up
[   96.336595][ T6669] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.455030][ T6691] netlink: 'syz.2.978': attribute type 1 has an invalid length.
[   96.462859][ T6691] netlink: 244 bytes leftover after parsing attributes in process `syz.2.978'.
[   96.515793][ T6695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.978'.
[   96.551260][ T6696] loop4: detected capacity change from 0 to 512
[   96.607831][ T6696] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   96.633281][ T6699] loop0: detected capacity change from 0 to 512
[   96.655184][ T6699] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   96.670108][ T6699] EXT4-fs: error: could not find journal device path
[   96.702588][ T6696] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.745695][ T6696] ext4 filesystem being mounted at /185/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   96.830014][ T6696] netlink: 12 bytes leftover after parsing attributes in process `syz.4.981'.
[   96.839016][ T6696] netlink: 12 bytes leftover after parsing attributes in process `syz.4.981'.
[   96.877368][ T6709] FAULT_INJECTION: forcing a failure.
[   96.877368][ T6709] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.890685][ T6709] CPU: 0 UID: 0 PID: 6709 Comm: syz.2.986 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.890762][ T6709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   96.890784][ T6709] Call Trace:
[   96.890791][ T6709]  <TASK>
[   96.890879][ T6709]  __dump_stack+0x1d/0x30
[   96.890903][ T6709]  dump_stack_lvl+0x95/0xd0
[   96.890924][ T6709]  dump_stack+0x15/0x1b
[   96.890946][ T6709]  should_fail_ex+0x265/0x280
[   96.891008][ T6709]  should_fail+0xb/0x20
[   96.891027][ T6709]  should_fail_usercopy+0x1a/0x20
[   96.891052][ T6709]  _copy_from_iter+0xcf/0xe70
[   96.891078][ T6709]  ? __alloc_skb+0x396/0x4b0
[   96.891171][ T6709]  ? __alloc_skb+0x228/0x4b0
[   96.891202][ T6709]  netlink_sendmsg+0x471/0x6b0
[   96.891236][ T6709]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.891287][ T6709]  __sock_sendmsg+0x145/0x180
[   96.891313][ T6709]  ____sys_sendmsg+0x31e/0x4a0
[   96.891348][ T6709]  ___sys_sendmsg+0x17b/0x1d0
[   96.891403][ T6709]  __x64_sys_sendmsg+0xd4/0x160
[   96.891487][ T6709]  x64_sys_call+0x17ba/0x3000
[   96.891517][ T6709]  do_syscall_64+0xca/0x2b0
[   96.891553][ T6709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.891610][ T6709] RIP: 0033:0x7efcd0e6f749
[   96.891629][ T6709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.891726][ T6709] RSP: 002b:00007efccf8cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   96.891745][ T6709] RAX: ffffffffffffffda RBX: 00007efcd10c5fa0 RCX: 00007efcd0e6f749
[   96.891758][ T6709] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000007
[   96.891795][ T6709] RBP: 00007efccf8cf090 R08: 0000000000000000 R09: 0000000000000000
[   96.891812][ T6709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.891880][ T6709] R13: 00007efcd10c6038 R14: 00007efcd10c5fa0 R15: 00007ffe193b67f8
[   96.891899][ T6709]  </TASK>
[   97.138868][ T6696] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.981: corrupted inode contents
[   97.144457][   T29] audit: type=1400 audit(1767426374.079:6691): avc:  denied  { ioctl } for  pid=6694 comm="syz.4.981" path="/185/bus/file1" dev="loop4" ino=15 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   97.172221][ T6696] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #18: comm syz.4.981: mark_inode_dirty error
[   97.199147][ T6696] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.981: corrupted inode contents
[   97.219749][ T6696] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3000: inode #18: comm syz.4.981: mark_inode_dirty error
[   97.232384][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.242298][ T6707] netlink: 'syz.0.985': attribute type 30 has an invalid length.
[   97.251274][ T6696] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3003: inode #18: comm syz.4.981: mark inode dirty (error -117)
[   97.265685][ T6696] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -117)
[   97.296516][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.312803][   T29] audit: type=1326 audit(1767426374.249:6692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6721 comm="syz.3.989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   97.379128][   T29] audit: type=1326 audit(1767426374.269:6693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6721 comm="syz.3.989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   97.402723][   T29] audit: type=1326 audit(1767426374.279:6694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6721 comm="syz.3.989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   97.426543][   T29] audit: type=1326 audit(1767426374.279:6695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6721 comm="syz.3.989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   97.449989][   T29] audit: type=1326 audit(1767426374.279:6696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6721 comm="syz.3.989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   97.473694][   T29] audit: type=1326 audit(1767426374.279:6697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6721 comm="syz.3.989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f000ee3f749 code=0x7ffc0000
[   97.589016][ T6737] loop4: detected capacity change from 0 to 512
[   97.602346][ T6737] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   97.617274][ T6737] EXT4-fs: error: could not find journal device path
[   97.654968][ T6742] xt_hashlimit: size too large, truncated to 1048576
[   97.666052][ T6741] loop0: detected capacity change from 0 to 512
[   97.692283][ T6741] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.719225][ T6741] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.732584][ T6741] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[   97.762140][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.931094][ T6746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.953735][ T6746] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.236794][ T6772] loop0: detected capacity change from 0 to 128
[   98.362387][ T6774] netlink: 'syz.3.1007': attribute type 30 has an invalid length.
[   98.421514][ T6786] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1012'.
[   98.565356][ T6789] ªªªªªª: renamed from wg2 (while UP)
[   98.637713][ T6816] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   98.655460][ T6816] ext4 filesystem being mounted at /222/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   98.696882][ T6823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1023'.
[   98.706012][ T6823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1023'.
[   98.717935][ T6824] set_capacity_and_notify: 1 callbacks suppressed
[   98.717953][ T6824] loop4: detected capacity change from 0 to 128
[   98.778793][ T3317] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   98.870667][ T6838] SET target dimension over the limit!
[   99.039410][ T6858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1034'.
[   99.046518][ T6843] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=6843 comm=syz.1.1036
[   99.048474][ T6858] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1034'.
[   99.078492][ T6843] netlink: 'syz.1.1036': attribute type 13 has an invalid length.
[   99.097170][ T6860] loop4: detected capacity change from 0 to 512
[   99.113796][ T6860] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   99.128767][ T6860] EXT4-fs: error: could not find journal device path
[   99.597107][ T6887] loop3: detected capacity change from 0 to 512
[   99.611030][ T6891] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.628863][ T6887] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   99.637712][ T6887] EXT4-fs (loop3): orphan cleanup on readonly fs
[   99.645996][ T6887] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.1049: corrupted inode contents
[   99.660282][ T6891] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.673689][ T6887] EXT4-fs (loop3): Remounting filesystem read-only
[   99.680801][ T6887] EXT4-fs (loop3): 1 truncate cleaned up
[   99.686664][ T4152] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   99.697271][ T4152] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   99.710605][ T4152] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[   99.732657][ T6887] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   99.798757][ T6891] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.859090][ T6891] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.875860][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.946597][ T4152] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.982751][ T4152] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.000977][ T4152] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.021826][ T4152] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.098437][ T6918] veth2: entered promiscuous mode
[  100.339775][ T6941] loop4: detected capacity change from 0 to 512
[  100.354399][ T6941] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  100.369628][ T6941] EXT4-fs: error: could not find journal device path
[  100.480092][ T6953] loop3: detected capacity change from 0 to 1024
[  100.487211][ T6953] EXT4-fs: Ignoring removed bh option
[  100.499088][ T6953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.518813][ T6953] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.1076: error while reading EA inode 24 err=-116
[  100.531477][ T6953] EXT4-fs (loop3): Remounting filesystem read-only
[  100.538081][ T6953] EXT4-fs warning (device loop3): ext4_xattr_block_set:2199: inode #19: comm syz.3.1076: dec ref error=-30
[  100.560097][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.655437][ T6966] syzkaller0: entered promiscuous mode
[  100.661089][ T6966] syzkaller0: entered allmulticast mode
[  100.670605][ T6966] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.682676][ T6965] tipc: Resetting bearer <eth:syzkaller0>
[  100.706012][ T6965] tipc: Disabling bearer <eth:syzkaller0>
[  100.754274][ T6970] loop3: detected capacity change from 0 to 512
[  100.761068][ T6970] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  100.776168][ T6970] EXT4-fs: error: could not find journal device path
[  100.807927][   T29] kauditd_printk_skb: 375 callbacks suppressed
[  100.807945][   T29] audit: type=1326 audit(1767426377.749:7067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.842672][   T29] audit: type=1326 audit(1767426377.749:7068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.866177][   T29] audit: type=1326 audit(1767426377.749:7069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.889882][   T29] audit: type=1326 audit(1767426377.749:7070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.913393][   T29] audit: type=1326 audit(1767426377.749:7071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.925177][ T6976] lo speed is unknown, defaulting to 1000
[  100.937091][   T29] audit: type=1326 audit(1767426377.749:7072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.937211][   T29] audit: type=1326 audit(1767426377.749:7073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.937256][   T29] audit: type=1326 audit(1767426377.749:7074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f44aecdf749 code=0x7ffc0000
[  100.937300][   T29] audit: type=1326 audit(1767426377.779:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f44aecdf783 code=0x7ffc0000
[  100.937503][   T29] audit: type=1326 audit(1767426377.779:7076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6971 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f44aecdf783 code=0x7ffc0000
[  101.121418][ T6984] loop0: detected capacity change from 0 to 128
[  101.347795][ T7001] loop4: detected capacity change from 0 to 512
[  101.359609][ T7001] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  101.374526][ T7001] EXT4-fs: error: could not find journal device path
[  101.394231][ T7003] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  101.406600][ T7002] IPVS: stopping master sync thread 7003 ...
[  101.428022][ T6999] delete_channel: no stack
[  101.483131][ T7009] FAULT_INJECTION: forcing a failure.
[  101.483131][ T7009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.496317][ T7009] CPU: 1 UID: 0 PID: 7009 Comm: syz.2.1098 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  101.496351][ T7009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  101.496393][ T7009] Call Trace:
[  101.496401][ T7009]  <TASK>
[  101.496411][ T7009]  __dump_stack+0x1d/0x30
[  101.496440][ T7009]  dump_stack_lvl+0x95/0xd0
[  101.496526][ T7009]  dump_stack+0x15/0x1b
[  101.496545][ T7009]  should_fail_ex+0x265/0x280
[  101.496576][ T7009]  should_fail+0xb/0x20
[  101.496670][ T7009]  should_fail_usercopy+0x1a/0x20
[  101.496702][ T7009]  _copy_from_iter+0xcf/0xe70
[  101.496810][ T7009]  ? __alloc_skb+0x396/0x4b0
[  101.496833][ T7009]  ? __alloc_skb+0x228/0x4b0
[  101.496858][ T7009]  netlink_sendmsg+0x471/0x6b0
[  101.496952][ T7009]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.497018][ T7009]  __sock_sendmsg+0x145/0x180
[  101.497038][ T7009]  ____sys_sendmsg+0x31e/0x4a0
[  101.497140][ T7009]  ___sys_sendmsg+0x17b/0x1d0
[  101.497191][ T7009]  __x64_sys_sendmsg+0xd4/0x160
[  101.497223][ T7009]  x64_sys_call+0x17ba/0x3000
[  101.497270][ T7009]  do_syscall_64+0xca/0x2b0
[  101.497319][ T7009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.497345][ T7009] RIP: 0033:0x7efcd0e6f749
[  101.497364][ T7009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.497387][ T7009] RSP: 002b:00007efccf8cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.497413][ T7009] RAX: ffffffffffffffda RBX: 00007efcd10c5fa0 RCX: 00007efcd0e6f749
[  101.497509][ T7009] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  101.497522][ T7009] RBP: 00007efccf8cf090 R08: 0000000000000000 R09: 0000000000000000
[  101.497537][ T7009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.497553][ T7009] R13: 00007efcd10c6038 R14: 00007efcd10c5fa0 R15: 00007ffe193b67f8
[  101.497578][ T7009]  </TASK>
[  101.716708][ T7012] __nla_validate_parse: 7 callbacks suppressed
[  101.716723][ T7012] netlink: 12 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  101.785187][ T7014] syzkaller0: entered promiscuous mode
[  101.790818][ T7014] syzkaller0: entered allmulticast mode
[  101.800465][ T7022] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1097'.
[  101.809586][ T7022] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1097'.
[  101.842084][ T7012] lo speed is unknown, defaulting to 1000
[  101.908470][ T7025] lo speed is unknown, defaulting to 1000
[  102.355476][ T7052] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  102.366631][ T7047] IPVS: stopping master sync thread 7052 ...
[  102.378797][ T7054] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1113'.
[  102.388902][ T7047] delete_channel: no stack
[  102.465039][ T4150] ==================================================================
[  102.473178][ T4150] BUG: KCSAN: data-race in wb_wait_for_completion / writeback_sb_inodes
[  102.481560][ T4150] 
[  102.483914][ T4150] write to 0xffffc900113f7de8 of 8 bytes by task 7058 on cpu 1:
[  102.491580][ T4150]  wb_wait_for_completion+0x1b9/0x360
[  102.496989][ T4150]  sync_inodes_sb+0x120/0x460
[  102.501799][ T4150]  sync_inodes_one_sb+0x3d/0x50
[  102.506680][ T4150]  __iterate_supers+0x110/0x220
[  102.511571][ T4150]  iterate_supers+0x1f/0x30
[  102.516119][ T4150]  ksys_sync+0x5c/0xe0
[  102.520213][ T4150]  __ia32_sys_sync+0xe/0x20
[  102.524747][ T4150]  x64_sys_call+0x29b2/0x3000
[  102.529489][ T4150]  do_syscall_64+0xca/0x2b0
[  102.534032][ T4150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.540045][ T4150] 
[  102.542386][ T4150] read to 0xffffc900113f7de8 of 8 bytes by task 4150 on cpu 0:
[  102.550046][ T4150]  writeback_sb_inodes+0x4ce/0xb20
[  102.555203][ T4150]  wb_writeback+0x252/0x5c0
[  102.559749][ T4150]  wb_workfn+0x194/0x910
[  102.564025][ T4150]  process_scheduled_works+0x4ce/0x9d0
[  102.569511][ T4150]  worker_thread+0x582/0x770
[  102.574158][ T4150]  kthread+0x489/0x510
[  102.578263][ T4150]  ret_from_fork+0x149/0x290
[  102.582884][ T4150]  ret_from_fork_asm+0x1a/0x30
[  102.587673][ T4150] 
[  102.590014][ T4150] value changed: 0x00000000ffffb295 -> 0x00000000ffffb29a
[  102.597138][ T4150] 
[  102.599474][ T4150] Reported by Kernel Concurrency Sanitizer on:
[  102.605637][ T4150] CPU: 0 UID: 0 PID: 4150 Comm: kworker/u8:21 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  102.615639][ T4150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  102.625810][ T4150] Workqueue: writeback wb_workfn (flush-8:0)
[  102.631840][ T4150] ==================================================================