last executing test programs:

8m10.326478476s ago: executing program 0 (id=1039):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtfilter={0x2c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {}, {0xd, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xff}}]}, 0x2c}}, 0x1)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioperm(0x3c, 0x1, 0x8)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x2a, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x2}, 0x18)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
read(r4, &(0x7f0000000700)=""/144, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r0], 0x1c}}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1={0xff, 0x4}}, 0x1c)
getsockopt$inet6_int(r5, 0x29, 0x18, 0x0, &(0x7f0000000280))
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8m10.251522037s ago: executing program 0 (id=1041):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRESOCT], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
pivot_root(&(0x7f0000000000)='.\x00', &(0x7f00000004c0)='./file1\x00')
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
close_range(r0, 0xffffffffffffffff, 0x0)

8m10.13274432s ago: executing program 0 (id=1042):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
syz_open_procfs(0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x27, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x700, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

8m9.421302964s ago: executing program 4 (id=1052):
gettid()
timer_create(0x0, 0x0, &(0x7f0000000140))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x2)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080))

8m9.391679614s ago: executing program 4 (id=1053):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
syz_open_procfs(0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x27, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x700, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

8m9.188403178s ago: executing program 0 (id=1055):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x2000000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2b8, &(0x7f0000000800)="$eJzs3NFLU38Yx/Hn5/y5OdEtiKCgeqibuhm6/oAaoRANCnNSXQTHPKux0ybnDGMRuZvotr9DuuwuqP4Bb6Kb7ruTIOjGi+gbnrPpmU6durml7xfIeXae74fzdZvybLCt3n/7rJj3UnmrIgMxlQGRmqyJJNeruv/qxwG/HpKwmlwd+fXt/L0HD29nstnJadWpzMy1tKqOXfz4/OW7S58rI7Pvxz5EZSX5aPVn+vvK0MrZ1T8zTwueFjwtlStq6Vy5XLHmHFvnC14xpXrXsS3P1kLJs92mft4pLyxU1SrNj8YXXNvz1CpVtWhXtVLWiltV64lVKGkqldLRuJxsg22syS1PT1uZHdsm0tEdoeuGW5103UytdTO3fAR7AgAAfWb3+T+Y9Xee/7OzwXE/8/+Zved/Eeb/Lqk13dpj/sex4LoZK17/+23G/A8AAAAAAAAAAAAAAAAAAAAAwL9gzZiEMSaxfqyf8m9HRSQmIqbe7/E20SXhx9+EfvZ4/K/3aLvosNAH92IizpvF3GIuOAb9TF4K4ogt45KQ3/7zoS6op25lJ8fVl5RPzlI9v7SYi0i0kW9ItspfODUR5LU5/7/Ew9dPS0JOt75+umV+SK5cDuVTkpAvj6Usjsz7z+vN/KsJ1Zt3slvyw/46AAAAAACOg5Ru2Pb63e/7C2KyvR/kQ+8PGGOWdnt/YMvr60E5185XVAIAAAAAgEPzqi+KluPY7gGKqIgcIt75whiR3m8jIv1xbzQXN0SkD7ZxVEVMRIIzepD4j414WynTxppBEen53bKPotf/mQAAAAB02ubQv4/Q19dd3BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdPu98H1li/rdVo7BIPXS5y5L8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ef+BgAA//+4IRyf")
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000300)={'tunl0\x00', &(0x7f0000000100)={'gretap0\x00', 0x0, 0x8, 0x8, 0x5, 0xa000000, {{0x5, 0x4, 0x0, 0x14, 0x14, 0x65, 0x0, 0x6, 0x4, 0x0, @empty, @empty}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r3, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

8m9.055698321s ago: executing program 0 (id=1057):
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000240)={'syztnl1\x00', 0x0})

8m8.59205215s ago: executing program 0 (id=1063):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000000))

8m8.59193378s ago: executing program 32 (id=1063):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000000))

8m8.427545133s ago: executing program 4 (id=1067):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRESOCT], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
pivot_root(&(0x7f0000000000)='.\x00', &(0x7f00000004c0)='./file1\x00')
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
close_range(r0, 0xffffffffffffffff, 0x0)

8m8.399681044s ago: executing program 4 (id=1068):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x2000000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2b8, &(0x7f0000000800)="$eJzs3NFLU38Yx/Hn5/y5OdEtiKCgeqibuhm6/oAaoRANCnNSXQTHPKux0ybnDGMRuZvotr9DuuwuqP4Bb6Kb7ruTIOjGi+gbnrPpmU6durml7xfIeXae74fzdZvybLCt3n/7rJj3UnmrIgMxlQGRmqyJJNeruv/qxwG/HpKwmlwd+fXt/L0HD29nstnJadWpzMy1tKqOXfz4/OW7S58rI7Pvxz5EZSX5aPVn+vvK0MrZ1T8zTwueFjwtlStq6Vy5XLHmHFvnC14xpXrXsS3P1kLJs92mft4pLyxU1SrNj8YXXNvz1CpVtWhXtVLWiltV64lVKGkqldLRuJxsg22syS1PT1uZHdsm0tEdoeuGW5103UytdTO3fAR7AgAAfWb3+T+Y9Xee/7OzwXE/8/+Zved/Eeb/Lqk13dpj/sex4LoZK17/+23G/A8AAAAAAAAAAAAAAAAAAAAAwL9gzZiEMSaxfqyf8m9HRSQmIqbe7/E20SXhx9+EfvZ4/K/3aLvosNAH92IizpvF3GIuOAb9TF4K4ogt45KQ3/7zoS6op25lJ8fVl5RPzlI9v7SYi0i0kW9ItspfODUR5LU5/7/Ew9dPS0JOt75+umV+SK5cDuVTkpAvj6Usjsz7z+vN/KsJ1Zt3slvyw/46AAAAAACOg5Ru2Pb63e/7C2KyvR/kQ+8PGGOWdnt/YMvr60E5185XVAIAAAAAgEPzqi+KluPY7gGKqIgcIt75whiR3m8jIv1xbzQXN0SkD7ZxVEVMRIIzepD4j414WynTxppBEen53bKPotf/mQAAAAB02ubQv4/Q19dd3BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdPu98H1li/rdVo7BIPXS5y5L8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ef+BgAA//+4IRyf")
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000300)={'tunl0\x00', &(0x7f0000000100)={'gretap0\x00', 0x0, 0x8, 0x8, 0x5, 0xa000000, {{0x5, 0x4, 0x0, 0x14, 0x14, 0x65, 0x0, 0x6, 0x4, 0x0, @empty, @empty}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r3, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

8m8.06982622s ago: executing program 4 (id=1069):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], 0x0, 0xa, 0x0, 0x0, 0x40f00, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x20, 0x3, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x808}]}]}, 0x20}}, 0x0)

8m7.348219054s ago: executing program 4 (id=1075):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{}], 0x8, 0x6b, &(0x7f0000002e00), &(0x7f0000000000), 0x8, 0x0, 0x8, 0x3f, 0x0}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc, 0x2, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")

8m7.305743695s ago: executing program 33 (id=1075):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{}], 0x8, 0x6b, &(0x7f0000002e00), &(0x7f0000000000), 0x8, 0x0, 0x8, 0x3f, 0x0}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc, 0x2, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")

8m1.272786663s ago: executing program 6 (id=1132):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c020000190001000000000010000000ac1414bb000000000000000000000000ac1414bb00000000000000000000000000000006ffff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000f7ffffffffffff7f0000000000000000000000000000000000000000000000000000030000000084010500fe880000000000000000000000000101000000003200000000000000ffffffff0000000000000000000000000000000002000000000000000000000000000000ac1414aa000000000000000000000000000000002b00000000000000fe80000000000000000000000000000000000000000000000008000000000000000000007f0000010000000000000000000000000000000032"], 0x23c}}, 0x0) (fail_nth: 2)

8m1.155357815s ago: executing program 6 (id=1133):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e0bb24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{}], 0x8, 0x6b, &(0x7f0000002e00), &(0x7f0000000000), 0x8, 0x0, 0x8, 0x3f, 0x0}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000280)=r4}, 0x20)
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r2, 0x66, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd48, 0x0, 0x0, 0x0, 0x1000000, 0x8, 0x0, 0x0}}, 0x10)

8m0.88358627s ago: executing program 6 (id=1138):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r0, 0x0, 0xfffffffffffffffd}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x20, 0x3, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x808}]}]}, 0x20}}, 0x0)

8m0.753299683s ago: executing program 6 (id=1142):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x2000000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2b8, &(0x7f0000000800)="$eJzs3NFLU38Yx/Hn5/y5OdEtiKCgeqibuhm6/oAaoRANCnNSXQTHPKux0ybnDGMRuZvotr9DuuwuqP4Bb6Kb7ruTIOjGi+gbnrPpmU6durml7xfIeXae74fzdZvybLCt3n/7rJj3UnmrIgMxlQGRmqyJJNeruv/qxwG/HpKwmlwd+fXt/L0HD29nstnJadWpzMy1tKqOXfz4/OW7S58rI7Pvxz5EZSX5aPVn+vvK0MrZ1T8zTwueFjwtlStq6Vy5XLHmHFvnC14xpXrXsS3P1kLJs92mft4pLyxU1SrNj8YXXNvz1CpVtWhXtVLWiltV64lVKGkqldLRuJxsg22syS1PT1uZHdsm0tEdoeuGW5103UytdTO3fAR7AgAAfWb3+T+Y9Xee/7OzwXE/8/+Zved/Eeb/Lqk13dpj/sex4LoZK17/+23G/A8AAAAAAAAAAAAAAAAAAAAAwL9gzZiEMSaxfqyf8m9HRSQmIqbe7/E20SXhx9+EfvZ4/K/3aLvosNAH92IizpvF3GIuOAb9TF4K4ogt45KQ3/7zoS6op25lJ8fVl5RPzlI9v7SYi0i0kW9ItspfODUR5LU5/7/Ew9dPS0JOt75+umV+SK5cDuVTkpAvj6Usjsz7z+vN/KsJ1Zt3slvyw/46AAAAAACOg5Ru2Pb63e/7C2KyvR/kQ+8PGGOWdnt/YMvr60E5185XVAIAAAAAgEPzqi+KluPY7gGKqIgcIt75whiR3m8jIv1xbzQXN0SkD7ZxVEVMRIIzepD4j414WynTxppBEen53bKPotf/mQAAAAB02ubQv4/Q19dd3BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdPu98H1li/rdVo7BIPXS5y5L8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ef+BgAA//+4IRyf")
socket$inet_udp(0x2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r2, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

8m0.163343964s ago: executing program 6 (id=1148):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c020000190001000000000010000000ac1414bb0000002f1195f833000000000000000000d91414bb00000000000000000000000000000046ffff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYRESDEC=r0], 0x23c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
mknodat$null(r1, &(0x7f00000001c0)='./file0\x00', 0x40, 0x103)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={@local, @remote, @rand_addr=' \x01\x00', 0x4, 0xfb, 0x1, 0x100, 0x5, 0x1, r3})

7m59.88277653s ago: executing program 6 (id=1152):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
syz_open_procfs(0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x27, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

7m59.86081142s ago: executing program 34 (id=1152):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
syz_open_procfs(0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x27, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

3m4.187027259s ago: executing program 1 (id=5670):
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007011000f8ffffffb702000003000000b7030000000000008500000073000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)

3m4.166757689s ago: executing program 1 (id=5671):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0)
mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil)

3m4.1001777s ago: executing program 1 (id=5672):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0)
mbind(&(0x7f000058a000/0x2000)=nil, 0x2000, 0x4000, 0x0, 0x6, 0x0)
mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)

3m4.021621542s ago: executing program 1 (id=5674):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@init_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="3800000068000100030010f0fdffff7f00000000000000000c00020001000000150000000c000c8005000100d23f0000060003000100"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000000)=ANY=[], 0xfe37, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
wait4(r2, 0x0, 0x80000000, &(0x7f0000000100))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x5, 0xe, 0x4, 0x3, 0x41}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140), &(0x7f0000000040), 0x1003, r3}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r3, &(0x7f0000000300), 0x0}, 0x20)
unlink(&(0x7f0000000180)='./file1\x00')

3m3.875767354s ago: executing program 1 (id=5677):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r0}, 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000004c0)}, 0x40fd)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0xc8, 0x0, 0x2, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x80, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80008000, 0x0, 0x0, 0x3, 0x0, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700"], 0xfdef)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x47d6839b43067ebd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xf, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb1, 0x2, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_config_ext={0x0, 0x2}, 0xc42a, 0x900000000000100, 0x7, 0x5, 0x0, 0x200000, 0x0, 0x0, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x8)

3m3.824697445s ago: executing program 1 (id=5679):
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = creat(&(0x7f0000000080)='./file1\x00', 0x10b)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES16=r1, @ANYRESOCT=r1, @ANYRES64=r0, @ANYRESHEX=r1], 0x48)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRES16=r3], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r6}, 0x18)
r7 = mq_open(0x0, 0x42, 0x1f0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000f67f0000000000000d000000950000362f3dc1"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x0)
write$binfmt_misc(r8, &(0x7f0000000240), 0xfffffecc)
ioctl$TIOCSSOFTCAR(r8, 0x541a, &(0x7f0000000040)=0x3b3)
mq_unlink(&(0x7f0000000000)='eth0\x00')
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xc, 0x30, 0xffffffffffffffff, 0x10000000)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r9, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x22, 0x0, r4, 0x80, &(0x7f0000000500)=@hci={0x1f, 0x2}, 0x0, 0x0, 0x0, {0x0, r10}})
timer_delete(0x0)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x40, 0x2}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)

3m3.786607076s ago: executing program 35 (id=5679):
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = creat(&(0x7f0000000080)='./file1\x00', 0x10b)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES16=r1, @ANYRESOCT=r1, @ANYRES64=r0, @ANYRESHEX=r1], 0x48)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRES16=r3], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r6}, 0x18)
r7 = mq_open(0x0, 0x42, 0x1f0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000f67f0000000000000d000000950000362f3dc1"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x0)
write$binfmt_misc(r8, &(0x7f0000000240), 0xfffffecc)
ioctl$TIOCSSOFTCAR(r8, 0x541a, &(0x7f0000000040)=0x3b3)
mq_unlink(&(0x7f0000000000)='eth0\x00')
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xc, 0x30, 0xffffffffffffffff, 0x10000000)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r9, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x22, 0x0, r4, 0x80, &(0x7f0000000500)=@hci={0x1f, 0x2}, 0x0, 0x0, 0x0, {0x0, r10}})
timer_delete(0x0)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x40, 0x2}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)

2.373189784s ago: executing program 8 (id=8501):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000200)=0x1000000, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000000c0)=0x10089, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x86, 0xf9, 0x7ffc1ffb}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x11002, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x20c44fb6edc09a38, r1, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x3, &(0x7f0000006680))
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="e0010000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fe08800c00078008000600b5400000f8000c800c000b800800090099545b7c1c000b8008000900206c603108000900d9ea3a3608000a00cc12000034000b8008000a00b86300000800090028ec2736080009006934294f08000a00487d000008000a00b061000008000a00800000000c000b8008000a00bd3300004c000b8008000a005560000008000a00bc09000008000900e87b255408000900ebb6cc3b08000a00c99600000800090027cf6b5a080009004b7b654e08000a00f03c000008000900eed68e7214000b8008000900d4d0d82a08000900359104542c000b8008000900868aae5b080009004aa569350800090020edb90308000a00f766000008000900e575941fc4000c803c000b800800090031547f6608000a001e31000008000900ee811c74080009002c20b07a08000a007fd7000008000a00f8de000008000900419d1b6f2c000b8008000a002c4e0000080009008a7a546808000a00264100000800090093b4565408000900f5c148573c000b8008000a0054e50000080009007607f70d08000a00933c0000080009004eddf46a08000a00afea000008000900abc58a0508000a00a93d00001c000b8008000a00d2e5000008000900d0182e7908000a0036bb0000"], 0x1e0}, 0x1, 0x0, 0x0, 0x40080c4}, 0x24000034)
r5 = syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818018, &(0x7f0000000180)={[{@dax_always}, {@grpjquota}]}, 0x1, 0x74a, &(0x7f0000001040)="$eJzs3U1vW8UaAOD3nMbXuWnuTZAA8SGhIBBFVHWa0KrqirJAsKmIVIltGiVOFOLUIbZLE3WRrtgiBAKJDfwHNqxArPkB/AWQEJSwKCuj4480JHZj0jSu4ueRjv3OnHP0ztjRjOKxPAEMrInsIY14NiJmkoixVn0SEblGNBRxpXnd9t3b89mRRL1+7bekcU1Wjl33ZE5HxFZEPBMRP+Qizqb781Y2NlfmSqXieqs8WV1dm6xsbJ5bXp1bKi4Vb1y+cGH6wqWLly8fXV9fe/e9pwsX3xr9dmZx9szUz98kcSVGW+d29+PwRvbVNF+TXPYS/sPbD5/ssZL0uwEcylBEnGo9PxVjcaoRAQAnWT0fUQcABkxi/geAAdP+HKC9tnc062C9+/XNiBjulH+otWY23FiHHNlOYmjXIlMWjh9nQzmRtu5ExPXxif1/f8m+Ndt/6/xRNJBH6vts/LnSafxJd8afaI8/u+4bbn934iF1H//u5z/VIX82/s30mOOd52vlrvnvRDw31Cl/spM/6ZL/eo/5v7u38Fe3c/WvI17pOP8ku3K1M3f6fsjk4nKpeL752DnHRO32+w/q/0iX/FsH9H+tx/6PfvLij1sPyP/qSw9+/zvlz+bEj3vM/1Hujc+6ncvyL3Tp/0Hv/1c95r/0wgebPV4KAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ0IaEaORpIWdOE0LheYe3k/GSFoqV6pnF8u1GwvR2Ct7PHJp+6eWx5rlJCtPtX6Pv12ebsTbO+XXI+KJiPg0/99GuTBfLi30u/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0HJ6z/7/f+ab+/8DACfccL8bAAAcO/M/AAwe8z8ADB7zPwAMnoPn/z+OpR0AwPHx/z8ADJ5DzP/5R9EOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbGzNWr2VHfvnt7Pisv3NyorZRvnlsoVlYKq7X5wnx5fa2wVC4vlYqF+fLq3vuTPeVSubw2PR21W5PVYqU6WdnYnF0t125UZ5dX55aKs8XcsfUMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHo32jiStBARaSNO00Ih4n8RMR65ZHG5VDwfEf+PiJ/yuXxWnup3owEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgiFU2NlfmSqXien+DiInxQ9+ePi69EAhOTNDvkQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACO3/1Nv/vdEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADop/SXJCKy48zYy6N7z/4nuZdvPEfEh19e+/zWXLW6PpXV/75TX/2iVT/dj/YDAAdpz9PteRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqlsbK7MlUrF9WZwr950v+YIgn73EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo/N3AAAA///ajtCn")
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f00000001c0)=ANY=[@ANYRES16, @ANYRES8=r2, @ANYBLOB="0000000000000000b7048b352f226240d04866f79712d5d129000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x15, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r6}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1b00000000020000000000004000001800000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200"/28], 0x50)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = dup(r7)
sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRESDEC=r5], 0x64}}, 0x0)
open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x169)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)

2.168546099s ago: executing program 2 (id=8506):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x16, 0x22d3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCGRAB(r2, 0x40044590, 0x0)
close(r2)

2.07144693s ago: executing program 2 (id=8507):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
ioprio_set$pid(0x1, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x6}, 0x1c)
socket(0x2, 0x80805, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, &(0x7f0000007000)={&(0x7f0000004c40)=""/31, 0x1f, 0x1, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

1.932950753s ago: executing program 2 (id=8508):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, 0x0)

1.828677965s ago: executing program 2 (id=8509):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf05", 0x29}], 0x1}, 0x0)

1.804998206s ago: executing program 2 (id=8510):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0'}, 0xb)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f0000000640), 0x1, 0x451, &(0x7f00000001c0)="$eJzs28tvG0UYAPBv7SQlfZBQlUcfQKAgyitp0lJ64AICiQNISHAox5CkVanboCZItKqgRagcUSVOvSAuSEj8BZzggoATEle4I6QK5dLCyWhtb2O7thOnjhfq30/adGZ30vk+7449uxMHMLAm0h9JxPaI+C0ixqrVxgYT1X9urFyY+3vlwlwS5fKbfyWVdtdXLsxlTbPf25ZVhiIKnySxt0W/S+fOn5otlRbO1upTy6ffm1o6d/7Zk6dnTyycWDgzc/To4UPTzx+Zea4neaZ5Xd/z4eK+3a++feX1uWNX3vnpmyTLvymPHpnodPDxcrnH3eVrR105GcoxELpSrA7TGK6M/7EoxurJG4tXPs41OGBTlcvl8n3tD18sA3ewJPKOAMhH9kGf3v9mW5+mHv8J116s3gCled+obdUjQ1GotRluur/tpYmIOHbxny/SLTbnOQQAQIPv0vnPM63mf4Wofy50d20NZTwi7omInRFxJCJ2RcS9EZW290fEA13237xIcuv8pzC8ocTWKZ3/vVBb22qc/2Wzvxgv1mo7KvkPJ8dPlhYO1l6TAzG8Ja1Pd+jj+5d//azdsfr5X7ql/WdzwUvVOP4c2tL4O/Ozy7O3m3fm2qWIPUOt8k9urgQkEbE7IvZssI+TT329r92xTvmvqQfrTOUvI56onv+L0ZR/Jum8Pjl1V5QWDk5lV8Wtfv7l8hvt+r+t/HsgPf9bW17/N/MfT+rXa5e6+d+vPpn+vPz7p23vadbOv/X1P5K81bDvg9nl5bPTESPJa9Wg6/fPNLWbWW2f5n9gf+vxvzNWX4m9EZFexA9GxEMR8XAt9kci4tGI2N/hVfjxpcfe3Xj+myvNf76r879aGInmPa0LxVM/fNvQ6Xg3+afn/3CldKC2Zz3vf+uJq9urGQAAAP6vChGxPZLC5M1yoTA5Wf0b/l2xtVBaXFp++vji+2fmq98RGI/hQvaka6zueeh07bY+q8801Q/Vnht/Xhyt1CfnFkvzeScPA25bm/Gf+qOYtbqaY4TApvJ9LRhcxj8MLuMfBtZXC3lHAORkZbTF5/9oHpEA/ddq/v9RDnEA/dc0/ot5xQH0n+d/MLg2Mv69Z8CdoeNYHulfHEBfLY3G2l+SVxigwmjEui6JKOQeqsImFvJ+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiNfwMAAP//0YXoCg==")

1.458551092s ago: executing program 2 (id=8511):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000002e80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x18)
uname(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}]}}, 0x0, 0x26}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
creat(&(0x7f0000000240)='./file1\x00', 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x200, 0x1000000000000001, 0x5, 0x42, 0x1, 0xfffffffffffffffd, 0x66c})
r3 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x4})
mq_getsetattr(r3, &(0x7f00000007c0)={0x800, 0x1ed00000000002, 0x9, 0x9a}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x95}}}, &(0x7f0000000200)='syzkaller\x00', 0x2}, 0x94)

1.260077786s ago: executing program 7 (id=8515):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x84d03, 0x0)

1.230800086s ago: executing program 7 (id=8516):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r0)
socket$inet_udp(0x2, 0x2, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x3}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

1.168640467s ago: executing program 7 (id=8518):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
ioprio_set$pid(0x1, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x6}, 0x1c)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, &(0x7f0000007000)={&(0x7f0000004c40)=""/31, 0x1f, 0x1, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

1.167792667s ago: executing program 5 (id=8519):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x1, @remote, 0x1}]}, &(0x7f0000000240)=0x10)
pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r1, &(0x7f0000000080)={0x7, 0x1b, 0x1}, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x18)
fsync(0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000004c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000080)})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r7}, 0x38)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8, 0x0, 0x2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
process_mrelease(0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1818e58, &(0x7f00000003c0), 0x22, 0x63f, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgP5KVJfVh1Y1sXdlGwYBciLhqapIZOf5CkYGvBBFwoKIi4LdKN/4B76d6dCOrOtVBFKha0dB73zp1mMplfaTIzSe7nA5M599wzOeebOyf33HvnzA2gtOazH2nE+xGvbyQRs03rZqK+cr4o9+Lfj29mjyRqte/+K4mkyGuUT4rnM8XCZET86XLEpyv76918+Oj2crVW95OIc1t37p/bfPjoo/U7y7dWb63eXTr/tY8vLH596eOlpoa+vTPF85Wr3/n8L3/6w6+u/bn6URIX4/r4j1eiJY6jMh/z8boIsTl/LCIuZIk2f5eT5hSEUGqV4v04HhGfjdmo5Et1s7H+i5E2DhioWiWi1l3SqwBwUuneUFaNcUDj2L6/4+DrAx6VDM/zS/UDoP3xjxWnHCbzY6PpF0nTkVH93MbZI6g/q+PV48knrx7PPYk95yFevtk6Y0dQTyfbOxHxuXbxJ3nbzuaRZvGne47104hYjIiJon3fOkQbkqb0IM7DdHOQ+Ju3Qxb/xeI5y7/8lvW3ntYadvwAlNOzS8WOfDtb2t3/ZWOPxvgn2ox/Zg5/SSY36v1f5/FfY38/mY970pZxWDZmudb+V463Zvz951d+3an++vhv7knjkdXfGAsOw/OdiLmW+H+WBVuMf7L4kzbbPyty42J/dXz7L/+80mndqOOvPY34oO3xz+6oNEt1uT55bm29urpY/9m2jj/88Qe/61R/+/jfGUCk7WXbf7pD/E3bP219XfY3ud/+V+60Zvz+2tM7neqf6bn9039MJPXjzYki50c7W1sbSxETydWiSJG/vLW1cb57vPUyL2v581I9/g+/1L7/73n/t0Q11fiX2Yf737v9otO6t3n/N11Mfl3rsw2dZPGv9N7++/p/lverPuv47/cffKHTum7xTx0mMAAAAAAAACihNL8Gm6QLb9JpurBQny/7mZhOq/c2t768du/B3ZWID/PPQ46nkSb5R0Zm68vJ2np1dan4PGxj+XzL8lci4r2I+E1lKl9euHmvujLq4AEAAAAAAAAAAAAAAAAAAOCYOFPM/2/cp/o/lfr8f6Aket9gbt/9H4BTYpA3mASOt7z/d9vFvzu8tgDDZf8P5aX/Q3np/1Be+j+Ul/4P5aX/Q3np/1Be+j8AAAAAnErvffHZ35KI2P7GVP7ITBTrTPqF0238QKUrA2sHMHx6NJTXm0v/BvtQOn2N//9XfDng4JsDjEDSLjMfHNS6d/5nbV+5a+fwbQMAAAAAAAAAAAAA6j54v/P8/4PNDQZOGtP+oLwOMf/fVwfACeer/6G8HOMDPWbxx2SnFb3m/wMAAAAAAAAAAAAAR2YmfyTpQjEXeCbSdGEh4lMRcTbGk7X16upiRLwbEX+tjL+TLS+NutEAAAAAAAAAAAAAAAAAAABwymw+fHR7uVpd3WhO/H9fzulONO6C2rtwrY8yXRPfjAO+KpLh/1mmImLkG2VgibGmnCRiO9vyx6JhG5txPJqRJ0b8jwkAAAAAAAAAAAAAAAAAAEqoae5xe3O/HXKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD4du//3yOxMl1/QV+F9yZGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcDJ9EgAA//+YYDw3")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
socket$inet6(0xa, 0x2, 0x0)

1.121439178s ago: executing program 7 (id=8520):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x18)
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0x2, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYRES32=r0, @ANYRES32, @ANYBLOB="b35528f566a898a86947c1021a905ed7c5f3ffa2c97af225c6a9f805c5be82163df881daba36159fe149c258fe7078db0903000000457ae8d0f98c096de59ed9ac75aec779178062a03773cc44544e1e782cb6b3d5dbb08b57aef3aad9410d98b21934b2e4e5ad18ce70a9c1dcc700000000"], 0x3c}}, 0x40000)
r2 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0xfd, @buffer={0x300, 0x4d, &(0x7f0000000440)=""/77}, &(0x7f00000005c0)="ffffffe13253", 0x0, 0x0, 0x0, 0x4, 0x0})

1.078349269s ago: executing program 7 (id=8521):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0'}, 0xb)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f0000000640), 0x1, 0x451, &(0x7f00000001c0)="$eJzs28tvG0UYAPBv7SQlfZBQlUcfQKAgyitp0lJ64AICiQNISHAox5CkVanboCZItKqgRagcUSVOvSAuSEj8BZzggoATEle4I6QK5dLCyWhtb2O7thOnjhfq30/adGZ30vk+7449uxMHMLAm0h9JxPaI+C0ixqrVxgYT1X9urFyY+3vlwlwS5fKbfyWVdtdXLsxlTbPf25ZVhiIKnySxt0W/S+fOn5otlRbO1upTy6ffm1o6d/7Zk6dnTyycWDgzc/To4UPTzx+Zea4neaZ5Xd/z4eK+3a++feX1uWNX3vnpmyTLvymPHpnodPDxcrnH3eVrR105GcoxELpSrA7TGK6M/7EoxurJG4tXPs41OGBTlcvl8n3tD18sA3ewJPKOAMhH9kGf3v9mW5+mHv8J116s3gCled+obdUjQ1GotRluur/tpYmIOHbxny/SLTbnOQQAQIPv0vnPM63mf4Wofy50d20NZTwi7omInRFxJCJ2RcS9EZW290fEA13237xIcuv8pzC8ocTWKZ3/vVBb22qc/2Wzvxgv1mo7KvkPJ8dPlhYO1l6TAzG8Ja1Pd+jj+5d//azdsfr5X7ql/WdzwUvVOP4c2tL4O/Ozy7O3m3fm2qWIPUOt8k9urgQkEbE7IvZssI+TT329r92xTvmvqQfrTOUvI56onv+L0ZR/Jum8Pjl1V5QWDk5lV8Wtfv7l8hvt+r+t/HsgPf9bW17/N/MfT+rXa5e6+d+vPpn+vPz7p23vadbOv/X1P5K81bDvg9nl5bPTESPJa9Wg6/fPNLWbWW2f5n9gf+vxvzNWX4m9EZFexA9GxEMR8XAt9kci4tGI2N/hVfjxpcfe3Xj+myvNf76r879aGInmPa0LxVM/fNvQ6Xg3+afn/3CldKC2Zz3vf+uJq9urGQAAAP6vChGxPZLC5M1yoTA5Wf0b/l2xtVBaXFp++vji+2fmq98RGI/hQvaka6zueeh07bY+q8801Q/Vnht/Xhyt1CfnFkvzeScPA25bm/Gf+qOYtbqaY4TApvJ9LRhcxj8MLuMfBtZXC3lHAORkZbTF5/9oHpEA/ddq/v9RDnEA/dc0/ot5xQH0n+d/MLg2Mv69Z8CdoeNYHulfHEBfLY3G2l+SVxigwmjEui6JKOQeqsImFvJ+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiNfwMAAP//0YXoCg==")

946.973532ms ago: executing program 7 (id=8522):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r0}, 0x18)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x4, 0x1a}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000600)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x2000, 0x1, {0x1}})
io_uring_enter(r1, 0x3516, 0xf4f5, 0x0, 0x0, 0x0)

880.174443ms ago: executing program 8 (id=8523):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
setrlimit(0x1, 0x0)

861.501144ms ago: executing program 8 (id=8524):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x111, 0x9}}, 0x20)
close(r2)

839.549234ms ago: executing program 8 (id=8525):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x84d03, 0x0)

607.675218ms ago: executing program 8 (id=8526):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

446.791032ms ago: executing program 8 (id=8527):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003000000018000180140002007665746830"], 0x2c}}, 0x0)
r5 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000880)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}}]}, 0x8c}}, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r9, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'gre0\x00', &(0x7f00000002c0)={'syztnl2\x00', <r12=>0x0, 0x20, 0x0, 0xffffffba, 0xffffffff, {{0x3f, 0x4, 0x0, 0x3, 0xfc, 0x67, 0x0, 0x0, 0x29, 0x0, @multicast1, @local, {[@rr={0x7, 0x13, 0xf7, [@loopback, @multicast1, @loopback, @multicast1]}, @rr={0x7, 0x17, 0xbc, [@private=0xa010101, @dev={0xac, 0x14, 0x14, 0x12}, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x53, 0x1, 0x4, [{@broadcast, 0x9}, {@loopback, 0x9}, {@rand_addr=0x64010102, 0xfffffff8}, {@remote, 0x80000000}, {@broadcast, 0x5}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x6}, {@multicast2, 0x3a}, {@dev={0xac, 0x14, 0x14, 0x13}, 0x8}, {@loopback, 0xe1d}]}, @timestamp_addr={0x44, 0x54, 0x81, 0x1, 0x3, [{@broadcast}, {@dev={0xac, 0x14, 0x14, 0x2f}, 0x1}, {@empty, 0xf710}, {@broadcast, 0x6b46}, {@dev={0xac, 0x14, 0x14, 0x3f}, 0x9}, {@local, 0xffffffff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@empty, 0x7f}, {@local, 0xffffffc0}, {@local}]}, @timestamp={0x44, 0x4, 0x7a, 0x0, 0x5}, @timestamp_addr={0x44, 0x14, 0xe8, 0x1, 0x4, [{@loopback, 0x8}, {@remote, 0x3}]}, @ra={0x94, 0x4}]}}}}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={<r13=>0x0, @loopback, @local}, &(0x7f0000000200)=0xc)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000480)={'ip_vti0\x00', &(0x7f0000000400)={'tunl0\x00', <r14=>0x0, 0x20, 0x20, 0x10000000, 0x5, {{0x12, 0x4, 0x3, 0xc, 0x48, 0x64, 0x0, 0x3, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, @multicast2, {[@generic={0x44, 0x8, "a7ea8ce5605b"}, @ra={0x94, 0x4}, @rr={0x7, 0x23, 0x44, [@rand_addr=0x64010102, @remote, @loopback, @broadcast, @remote, @multicast1, @multicast1, @empty]}, @ra={0x94, 0x4}]}}}}})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400800}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)={0xf4, r4, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xf4}}, 0x24000001)
r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000200"/20, @ANYRES32=0x0, @ANYBLOB="0f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="feffffff00"/28], 0x50)
r16 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1c, &(0x7f00000009c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r15, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000000500000000000000550901000000000095000000990f0000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001828000089049995f73dc4b2c49568f05431f0e37f4e2377188b8dfe717951053a0f8b6c383852443db23f8ebb9306e5a13ec7b4466340a0ffc446e388a4d1f3e0b47b9df96cb72c9226704a98969f93f8df80224c713abe5a1ff93346d76d2bc7f7c2fe2c81d50553e2c73e8e400b970c77208fd0f7957aeaf259acbb434ab1d34c118f654261528412b74d84c3e92772fe1ce4e09bf7d7bb5c9d6e04115d290793f5095fa99cf1f057ba59496006e4f257def8dd8f7de1c5b070ee568baff9f098f7ce2147b03bbd7c06f888e764d05e24fea9e96ee555ad010d4d8e244c3f13cba255", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf98000000000000b5080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r16, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000005500e502000000000000000007"], 0x38}}, 0x0)

252.251475ms ago: executing program 3 (id=8529):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, &(0x7f0000007000)={&(0x7f0000004c40)=""/31, 0x1f, 0x1, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

241.792145ms ago: executing program 5 (id=8530):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="5380f1982e061452e2bf63006241180000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x1b, &(0x7f00000004c0)=0x6, 0x4)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
waitid(0x0, r5, 0x0, 0x8, 0x0)
rt_tgsigqueueinfo(r5, 0x0, 0xc, &(0x7f0000000280)={0x3d, 0x5, 0x80})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="1456da3db5d36a11460360dcf68b0025448f04c6731a1d4be3000000", @ANYRES16=r3, @ANYBLOB="000400002000000000007e000000"], 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4000054)

228.581686ms ago: executing program 3 (id=8531):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

187.824696ms ago: executing program 3 (id=8532):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000640)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8923, 0x0)

115.994878ms ago: executing program 3 (id=8533):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bond0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000300))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0xff, 0x8f})

115.818728ms ago: executing program 5 (id=8534):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

108.501278ms ago: executing program 3 (id=8535):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x18)
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0x2, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYRES32=r0, @ANYRES32, @ANYBLOB="b35528f566a898a86947c1021a905ed7c5f3ffa2c97af225c6a9f805c5be82163df881daba36159fe149c258fe7078db0903000000457ae8d0f98c096de59ed9ac75aec779178062a03773cc44544e1e782cb6b3d5dbb08b57aef3aad9410d98b21934b2e4e5ad18ce70a9c1dcc700000000"], 0x3c}}, 0x40000)
r2 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0xfd, @buffer={0x300, 0x4d, &(0x7f0000000440)=""/77}, &(0x7f00000005c0)="ffffffe13253", 0x0, 0x0, 0x0, 0x4, 0x0})

73.742839ms ago: executing program 5 (id=8536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

38.584479ms ago: executing program 3 (id=8537):
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
r0 = perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x4, 0x0, 0x0, 0x2, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000004c0), 0xe}, 0x100002, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

38.114219ms ago: executing program 5 (id=8538):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x2}, 0x18)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fsetxattr$security_selinux(r2, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)

0s ago: executing program 5 (id=8539):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r0)
socket$inet_udp(0x2, 0x2, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x3}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

kernel console output (not intermixed with test programs):

free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  575.864184][T27555] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.7963: corrupted inode contents
[  575.885859][T27568] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.7967: corrupted inode contents
[  575.908002][T27555] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.7963: mark_inode_dirty error
[  575.945679][T27555] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.7963: corrupted inode contents
[  575.968482][T27568] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #12: comm syz.7.7967: mark_inode_dirty error
[  576.045518][T27555] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  576.045546][T27582] 9pnet: Could not find request transport: fd0x0000000000000003
[  576.061414][T27568] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.7967: corrupted inode contents
[  576.097678][T27586] random: crng reseeded on system resumption
[  576.104245][T27555] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.7963: corrupted inode contents
[  576.128217][T27568] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #12: comm syz.7.7967: mark_inode_dirty error
[  576.175259][T27555] EXT4-fs error (device loop2): ext4_truncate:4666: inode #12: comm syz.2.7963: mark_inode_dirty error
[  576.175355][T27568] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.7967: corrupted inode contents
[  576.200001][T27568] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem
[  576.203282][T27594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7975'.
[  576.209453][T27568] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.7967: corrupted inode contents
[  576.217803][T27594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7975'.
[  576.240210][T27555] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  576.249855][T27555] EXT4-fs (loop2): 1 truncate cleaned up
[  576.285165][T27568] EXT4-fs error (device loop7): ext4_truncate:4666: inode #12: comm syz.7.7967: mark_inode_dirty error
[  576.298401][T27568] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem
[  576.308120][T27568] EXT4-fs (loop7): 1 truncate cleaned up
[  576.310270][T27594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7975'.
[  576.322974][T27594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7975'.
[  576.339661][T27600] loop5: detected capacity change from 0 to 1024
[  576.346552][T27600] EXT4-fs: Ignoring removed bh option
[  576.356722][T27600] EXT4-fs: inline encryption not supported
[  576.364714][T27600] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  576.376576][T27568] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  576.397586][T27594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7975'.
[  576.406814][T27594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7975'.
[  576.417021][T27600] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  576.427788][T27600] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.7978: lblock 2 mapped to illegal pblock 2 (length 1)
[  576.443676][T27600] EXT4-fs (loop5): Remounting filesystem read-only
[  576.465935][T27600] EXT4-fs (loop5): 1 orphan inode deleted
[  576.490359][T27596] Set syz1 is full, maxelem 65536 reached
[  576.615263][T27616] loop7: detected capacity change from 0 to 512
[  576.629428][T27616] EXT4-fs (loop7): orphan cleanup on readonly fs
[  576.645782][T27616] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.7983: bad orphan inode 13
[  576.665370][T27616] ext4_test_bit(bit=12, block=18) = 1
[  576.670836][T27616] is_bad_inode(inode)=0
[  576.675074][T27616] NEXT_ORPHAN(inode)=2130706432
[  576.679985][T27616] max_ino=32
[  576.683231][T27616] i_nlink=1
[  576.689535][T27616] EXT4-fs (loop7): warning: mounting fs with errors, running e2fsck is recommended
[  576.716032][T27616] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  577.015809][T27637] loop2: detected capacity change from 0 to 512
[  577.050342][T27639] loop3: detected capacity change from 0 to 512
[  577.060364][T27637] EXT4-fs: Ignoring removed oldalloc option
[  577.078817][T27637] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  577.120071][T27637] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.7990: invalid indirect mapped block 4294967295 (level 0)
[  577.136659][T27639] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  577.156386][T27637] EXT4-fs (loop2): Remounting filesystem read-only
[  577.171779][T27639] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  577.176154][T27637] EXT4-fs (loop2): 1 orphan inode deleted
[  577.185722][T27637] EXT4-fs (loop2): 1 truncate cleaned up
[  577.193346][T27639] EXT4-fs (loop3): 1 truncate cleaned up
[  577.237751][T27639] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #2: block 4: comm syz.3.7991: lblock 0 mapped to illegal pblock 4 (length 1)
[  577.351736][T27639] EXT4-fs (loop3): Remounting filesystem read-only
[  577.604373][T27643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7990'.
[  578.059654][T27647] loop5: detected capacity change from 0 to 1024
[  578.066606][T27647] EXT4-fs: Ignoring removed orlov option
[  578.072542][T27647] EXT4-fs: Ignoring removed nobh option
[  578.078129][T27647] EXT4-fs: Ignoring removed bh option
[  578.099431][   T29] kauditd_printk_skb: 139 callbacks suppressed
[  578.099452][   T29] audit: type=1326 audit(1759260798.512:21192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.115625][T27647] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.7993: Allocating blocks 481-513 which overlap fs metadata
[  578.168843][T27651] loop2: detected capacity change from 0 to 512
[  578.186086][   T29] audit: type=1326 audit(1759260798.512:21193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.209836][   T29] audit: type=1326 audit(1759260798.512:21194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.233505][   T29] audit: type=1326 audit(1759260798.512:21195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.257248][   T29] audit: type=1326 audit(1759260798.512:21196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.281062][   T29] audit: type=1326 audit(1759260798.512:21197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.304808][   T29] audit: type=1326 audit(1759260798.512:21198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.328530][   T29] audit: type=1326 audit(1759260798.512:21199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.352282][   T29] audit: type=1326 audit(1759260798.512:21200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.375966][   T29] audit: type=1326 audit(1759260798.512:21201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27650 comm="syz.2.7995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  578.379804][T27651] ext4 filesystem being mounted at /492/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  578.510550][T27664] loop5: detected capacity change from 0 to 1024
[  578.530855][T27664] EXT4-fs: Ignoring removed bh option
[  578.538832][T27629] loop7: detected capacity change from 0 to 512
[  578.561331][T27664] EXT4-fs: inline encryption not supported
[  578.567661][T27667] loop2: detected capacity change from 0 to 512
[  578.568196][T27664] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  578.578158][T27667] EXT4-fs: Ignoring removed i_version option
[  578.586594][T27664] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  578.590358][T27667] EXT4-fs: Ignoring removed nobh option
[  578.599636][T27664] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.7996: lblock 2 mapped to illegal pblock 2 (length 1)
[  578.621872][T27664] EXT4-fs (loop5): Remounting filesystem read-only
[  578.628716][T27664] EXT4-fs (loop5): 1 orphan inode deleted
[  578.632976][T27667] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  578.647913][T27667] EXT4-fs (loop2): 1 truncate cleaned up
[  578.672878][T27667] EXT4-fs (loop2): shut down requested (0)
[  578.793750][T27629] ext4 filesystem being mounted at /209/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  578.880227][T27682] loop3: detected capacity change from 0 to 1024
[  578.892398][T27682] EXT4-fs: Ignoring removed bh option
[  578.900166][T27682] EXT4-fs: inline encryption not supported
[  578.920177][T27682] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  578.936227][T27682] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  578.952120][T27685] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8004'.
[  578.977399][T27689] loop2: detected capacity change from 0 to 512
[  579.021944][T27682] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.8002: lblock 2 mapped to illegal pblock 2 (length 1)
[  579.095710][T27682] EXT4-fs (loop3): Remounting filesystem read-only
[  579.104830][T27682] EXT4-fs (loop3): 1 orphan inode deleted
[  579.278883][T27705] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8013'.
[  579.444140][T27715] random: crng reseeded on system resumption
[  579.521493][T27719] loop7: detected capacity change from 0 to 512
[  579.565424][T27719] EXT4-fs (loop7): orphan cleanup on readonly fs
[  579.604309][T27719] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.8017: bad orphan inode 13
[  579.659385][T27719] ext4_test_bit(bit=12, block=18) = 1
[  579.664920][T27719] is_bad_inode(inode)=0
[  579.669318][T27719] NEXT_ORPHAN(inode)=2130706432
[  579.674283][T27719] max_ino=32
[  579.677486][T27719] i_nlink=1
[  579.689824][T27725] loop2: detected capacity change from 0 to 512
[  579.696679][T27685] netlink: 32 bytes leftover after parsing attributes in process `syz.5.8004'.
[  579.718047][T27719] EXT4-fs (loop7): warning: mounting fs with errors, running e2fsck is recommended
[  579.764008][T27719] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  579.777496][T27727] loop3: detected capacity change from 0 to 512
[  579.898337][T27740] 9pnet_fd: Insufficient options for proto=fd
[  579.908724][T27742] loop8: detected capacity change from 0 to 512
[  579.929735][T27736] FAULT_INJECTION: forcing a failure.
[  579.929735][T27736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.951337][T27736] CPU: 1 UID: 0 PID: 27736 Comm: syz.7.8024 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  579.951370][T27736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  579.951388][T27736] Call Trace:
[  579.951397][T27736]  <TASK>
[  579.951405][T27736]  __dump_stack+0x1d/0x30
[  579.951435][T27736]  dump_stack_lvl+0xe8/0x140
[  579.951462][T27736]  dump_stack+0x15/0x1b
[  579.951488][T27736]  should_fail_ex+0x265/0x280
[  579.951578][T27736]  should_fail+0xb/0x20
[  579.951605][T27736]  should_fail_usercopy+0x1a/0x20
[  579.951662][T27736]  _copy_from_user+0x1c/0xb0
[  579.951687][T27736]  __sys_bpf+0x178/0x7b0
[  579.951735][T27736]  __x64_sys_bpf+0x41/0x50
[  579.951767][T27736]  x64_sys_call+0x2aea/0x2ff0
[  579.951793][T27736]  do_syscall_64+0xd2/0x200
[  579.951831][T27736]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  579.951868][T27736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.951891][T27736] RIP: 0033:0x7fa083cfeec9
[  579.951908][T27736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.951928][T27736] RSP: 002b:00007fa082767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  579.952019][T27736] RAX: ffffffffffffffda RBX: 00007fa083f55fa0 RCX: 00007fa083cfeec9
[  579.952033][T27736] RDX: 0000000000000018 RSI: 00002000000001c0 RDI: 0000000000000007
[  579.952046][T27736] RBP: 00007fa082767090 R08: 0000000000000000 R09: 0000000000000000
[  579.952059][T27736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.952128][T27736] R13: 00007fa083f56038 R14: 00007fa083f55fa0 R15: 00007ffce56cc6f8
[  579.952151][T27736]  </TASK>
[  580.122443][T27745] random: crng reseeded on system resumption
[  580.162813][T27742] ext4 filesystem being mounted at /426/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  580.207184][T27756] loop2: detected capacity change from 0 to 1024
[  580.220966][T27756] EXT4-fs: Ignoring removed orlov option
[  580.229010][T27760] loop3: detected capacity change from 0 to 512
[  580.240395][T27761] random: crng reseeded on system resumption
[  580.276649][T27774] netlink: 'syz.7.8037': attribute type 21 has an invalid length.
[  580.291601][T27776] loop3: detected capacity change from 0 to 1024
[  580.298325][T27776] EXT4-fs: Ignoring removed orlov option
[  580.304815][T27774] netlink: 156 bytes leftover after parsing attributes in process `syz.7.8037'.
[  580.313916][T27774] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8037'.
[  580.351004][T27783] 9pnet_fd: Insufficient options for proto=fd
[  580.380001][T27782] loop7: detected capacity change from 0 to 1024
[  580.394916][T27786] random: crng reseeded on system resumption
[  580.408564][T27788] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8030'.
[  580.423934][T27782] EXT4-fs: Ignoring removed bh option
[  580.429411][T27782] EXT4-fs: inline encryption not supported
[  580.438963][T27791] loop5: detected capacity change from 0 to 1024
[  580.457389][T27791] EXT4-fs: Ignoring removed bh option
[  580.466022][T27791] EXT4-fs: inline encryption not supported
[  580.472277][T27791] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  580.503984][T27782] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  580.515062][T27791] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  580.570431][T27791] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.8043: lblock 2 mapped to illegal pblock 2 (length 1)
[  580.596056][T27782] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  580.605593][T27782] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.8039: lblock 2 mapped to illegal pblock 2 (length 1)
[  580.626166][T27799] loop3: detected capacity change from 0 to 512
[  580.626916][T27791] EXT4-fs (loop5): Remounting filesystem read-only
[  580.639750][T27791] EXT4-fs (loop5): 1 orphan inode deleted
[  580.740420][T27782] EXT4-fs (loop7): Remounting filesystem read-only
[  580.755703][T27782] EXT4-fs (loop7): 1 orphan inode deleted
[  580.784412][T27805] FAULT_INJECTION: forcing a failure.
[  580.784412][T27805] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.797583][T27805] CPU: 1 UID: 0 PID: 27805 Comm: syz.3.8049 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  580.797705][T27805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  580.797791][T27805] Call Trace:
[  580.797798][T27805]  <TASK>
[  580.797808][T27805]  __dump_stack+0x1d/0x30
[  580.797835][T27805]  dump_stack_lvl+0xe8/0x140
[  580.797855][T27805]  dump_stack+0x15/0x1b
[  580.797883][T27805]  should_fail_ex+0x265/0x280
[  580.797922][T27805]  should_fail+0xb/0x20
[  580.798012][T27805]  should_fail_usercopy+0x1a/0x20
[  580.798044][T27805]  _copy_from_user+0x1c/0xb0
[  580.798135][T27805]  __sys_connect+0xd0/0x2b0
[  580.798167][T27805]  __x64_sys_connect+0x3f/0x50
[  580.798199][T27805]  x64_sys_call+0x2c08/0x2ff0
[  580.798228][T27805]  do_syscall_64+0xd2/0x200
[  580.798251][T27805]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  580.798364][T27805]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  580.798458][T27805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.798486][T27805] RIP: 0033:0x7fb05e4beec9
[  580.798505][T27805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  580.798528][T27805] RSP: 002b:00007fb05cf27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  580.798548][T27805] RAX: ffffffffffffffda RBX: 00007fb05e715fa0 RCX: 00007fb05e4beec9
[  580.798564][T27805] RDX: 000000000000002e RSI: 0000200000000040 RDI: 0000000000000008
[  580.798604][T27805] RBP: 00007fb05cf27090 R08: 0000000000000000 R09: 0000000000000000
[  580.798620][T27805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  580.798636][T27805] R13: 00007fb05e716038 R14: 00007fb05e715fa0 R15: 00007ffceca77788
[  580.798662][T27805]  </TASK>
[  581.043156][T27817] 9pnet_fd: Insufficient options for proto=fd
[  581.054851][T27819] FAULT_INJECTION: forcing a failure.
[  581.054851][T27819] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  581.068094][T27819] CPU: 0 UID: 0 PID: 27819 Comm: syz.2.8054 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  581.068191][T27819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  581.068206][T27819] Call Trace:
[  581.068214][T27819]  <TASK>
[  581.068224][T27819]  __dump_stack+0x1d/0x30
[  581.068248][T27819]  dump_stack_lvl+0xe8/0x140
[  581.068272][T27819]  dump_stack+0x15/0x1b
[  581.068291][T27819]  should_fail_ex+0x265/0x280
[  581.068364][T27819]  should_fail+0xb/0x20
[  581.068397][T27819]  should_fail_usercopy+0x1a/0x20
[  581.068435][T27819]  _copy_from_user+0x1c/0xb0
[  581.068460][T27819]  memdup_user+0x5e/0xd0
[  581.068537][T27819]  proc_pid_attr_write+0x15e/0x220
[  581.068573][T27819]  ? __pfx_proc_pid_attr_write+0x10/0x10
[  581.068680][T27819]  vfs_write+0x266/0x960
[  581.068708][T27819]  ? __rcu_read_unlock+0x4f/0x70
[  581.068735][T27819]  ? __fget_files+0x184/0x1c0
[  581.068847][T27819]  ksys_write+0xda/0x1a0
[  581.068882][T27819]  __x64_sys_write+0x40/0x50
[  581.068911][T27819]  x64_sys_call+0x27fe/0x2ff0
[  581.068937][T27819]  do_syscall_64+0xd2/0x200
[  581.068961][T27819]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  581.069000][T27819]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  581.069092][T27819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.069197][T27819] RIP: 0033:0x7f96aef5eec9
[  581.069216][T27819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.069240][T27819] RSP: 002b:00007f96ad9bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  581.069263][T27819] RAX: ffffffffffffffda RBX: 00007f96af1b5fa0 RCX: 00007f96aef5eec9
[  581.069279][T27819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  581.069293][T27819] RBP: 00007f96ad9bf090 R08: 0000000000000000 R09: 0000000000000000
[  581.069363][T27819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.069378][T27819] R13: 00007f96af1b6038 R14: 00007f96af1b5fa0 R15: 00007fff91740d18
[  581.069403][T27819]  </TASK>
[  581.464597][T27836] loop3: detected capacity change from 0 to 8192
[  581.497623][T27836] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  581.506252][T27836] FAT-fs (loop3): Filesystem has been set read-only
[  581.524038][T27836] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8061'.
[  581.628185][T27853] 9pnet_fd: Insufficient options for proto=fd
[  581.678511][T27861] FAULT_INJECTION: forcing a failure.
[  581.678511][T27861] name failslab, interval 1, probability 0, space 0, times 0
[  581.691282][T27861] CPU: 1 UID: 0 PID: 27861 Comm: syz.3.8067 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  581.691391][T27861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  581.691405][T27861] Call Trace:
[  581.691413][T27861]  <TASK>
[  581.691422][T27861]  __dump_stack+0x1d/0x30
[  581.691448][T27861]  dump_stack_lvl+0xe8/0x140
[  581.691536][T27861]  dump_stack+0x15/0x1b
[  581.691557][T27861]  should_fail_ex+0x265/0x280
[  581.691588][T27861]  should_failslab+0x8c/0xb0
[  581.691616][T27861]  kmem_cache_alloc_noprof+0x50/0x310
[  581.691729][T27861]  ? getname_flags+0x80/0x3b0
[  581.691761][T27861]  getname_flags+0x80/0x3b0
[  581.691795][T27861]  do_sys_openat2+0x60/0x110
[  581.691881][T27861]  __x64_sys_openat+0xf2/0x120
[  581.691924][T27861]  x64_sys_call+0x2e9c/0x2ff0
[  581.691947][T27861]  do_syscall_64+0xd2/0x200
[  581.691996][T27861]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  581.692026][T27861]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  581.692117][T27861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.692148][T27861] RIP: 0033:0x7fb05e4beec9
[  581.692169][T27861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.692232][T27861] RSP: 002b:00007fb05cf06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  581.692260][T27861] RAX: ffffffffffffffda RBX: 00007fb05e716090 RCX: 00007fb05e4beec9
[  581.692277][T27861] RDX: 0000000000200002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  581.692294][T27861] RBP: 00007fb05cf06090 R08: 0000000000000000 R09: 0000000000000000
[  581.692311][T27861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.692327][T27861] R13: 00007fb05e716128 R14: 00007fb05e716090 R15: 00007ffceca77788
[  581.692353][T27861]  </TASK>
[  581.875438][T27864] netlink: 260 bytes leftover after parsing attributes in process `syz.2.8071'.
[  582.070465][T27873] loop3: detected capacity change from 0 to 1024
[  582.096648][T27866] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8072'.
[  582.101378][T27873] EXT4-fs: Ignoring removed orlov option
[  582.120966][T27873] EXT4-fs: Ignoring removed nobh option
[  582.126906][T27873] EXT4-fs: Ignoring removed bh option
[  582.147832][T27873] EXT4-fs mount: 120 callbacks suppressed
[  582.147849][T27873] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  582.178180][T27873] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8075: Allocating blocks 481-513 which overlap fs metadata
[  582.314992][T27873] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8075: Allocating blocks 465-513 which overlap fs metadata
[  582.381967][T27886] loop5: detected capacity change from 0 to 8192
[  582.389416][T27891] 9pnet_fd: Insufficient options for proto=fd
[  582.444142][T27895] loop2: detected capacity change from 0 to 512
[  582.447392][T27899] loop7: detected capacity change from 0 to 512
[  582.473846][T27899] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2
[  582.482222][T21870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  582.516895][T27899] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -2
[  582.534303][T27899] EXT4-fs (loop7): 1 truncate cleaned up
[  582.540288][T27899] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  582.594117][T27902] loop5: detected capacity change from 0 to 1024
[  582.600879][T27902] EXT4-fs: Ignoring removed orlov option
[  582.624884][T27899] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #2: block 4: comm syz.7.8083: lblock 0 mapped to illegal pblock 4 (length 1)
[  582.630872][T27902] EXT4-fs: Ignoring removed nobh option
[  582.644600][T27902] EXT4-fs: Ignoring removed bh option
[  582.653067][T27899] EXT4-fs (loop7): Remounting filesystem read-only
[  582.674367][T27902] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  582.687424][T27911] loop2: detected capacity change from 0 to 1024
[  582.694170][T27911] EXT4-fs: Ignoring removed bh option
[  582.695712][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  582.699769][T27911] EXT4-fs: inline encryption not supported
[  582.722495][T27902] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8086: Allocating blocks 481-513 which overlap fs metadata
[  582.742056][T27911] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  582.764470][T27902] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8086: Allocating blocks 465-513 which overlap fs metadata
[  582.788664][T27918] batman_adv: batadv0: Adding interface: dummy0
[  582.793836][T27911] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  582.795003][T27918] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  582.805668][T27911] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.8088: lblock 2 mapped to illegal pblock 2 (length 1)
[  582.828480][T27918] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  582.844690][T27911] EXT4-fs (loop2): Remounting filesystem read-only
[  582.860059][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  582.873786][T27911] EXT4-fs (loop2): 1 orphan inode deleted
[  582.895925][T27922] loop5: detected capacity change from 0 to 1024
[  582.898313][T27911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  582.934394][T27918] netlink: 32 bytes leftover after parsing attributes in process `syz.8.8090'.
[  582.949500][T27922] EXT4-fs: Ignoring removed bh option
[  582.971789][T27922] EXT4-fs: inline encryption not supported
[  582.979243][T27922] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  583.012968][T27922] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  583.042832][T27922] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.8091: lblock 2 mapped to illegal pblock 2 (length 1)
[  583.060312][T27926] loop7: detected capacity change from 0 to 1024
[  583.087013][T27926] EXT4-fs: Ignoring removed orlov option
[  583.102364][T27926] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.116410][T27922] EXT4-fs (loop5): Remounting filesystem read-only
[  583.123110][T27922] __quota_error: 186 callbacks suppressed
[  583.123128][T27922] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  583.152012][T27922] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  583.194190][T27930] 9pnet_fd: Insufficient options for proto=fd
[  583.205490][T27922] EXT4-fs (loop5): 1 orphan inode deleted
[  583.216104][T27922] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.299339][   T29] audit: type=1326 audit(1759260803.712:21378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.367531][T27936] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8096'.
[  583.373632][   T29] audit: type=1326 audit(1759260803.742:21379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.400240][   T29] audit: type=1326 audit(1759260803.742:21380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.424009][   T29] audit: type=1326 audit(1759260803.742:21381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.447725][   T29] audit: type=1326 audit(1759260803.752:21382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.471410][   T29] audit: type=1326 audit(1759260803.752:21383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.495192][   T29] audit: type=1326 audit(1759260803.752:21384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27932 comm="syz.8.8095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f251449eec9 code=0x7ffc0000
[  583.597609][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  583.666559][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  583.686333][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  583.694882][T27951] loop7: detected capacity change from 0 to 1024
[  583.702346][T27951] EXT4-fs: Ignoring removed orlov option
[  583.710046][T27951] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.728449][T27956] loop3: detected capacity change from 0 to 2048
[  583.740565][T27954] loop2: detected capacity change from 0 to 1024
[  583.747349][T27954] EXT4-fs: Ignoring removed orlov option
[  583.753125][T27954] EXT4-fs: Ignoring removed nobh option
[  583.758840][T27954] EXT4-fs: Ignoring removed bh option
[  583.775080][T27954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.787757][T27956]  loop3: p2 p3 p7
[  583.797468][T27954] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8101: Allocating blocks 465-513 which overlap fs metadata
[  583.816709][T27954] EXT4-fs (loop2): pa ffff8881073a82a0: logic 256, phys. 369, len 9
[  583.824828][T27954] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3
[  583.835119][T27954] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  583.876623][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  583.887975][T27965] random: crng reseeded on system resumption
[  583.925834][   T29] audit: type=1326 audit(1759260804.342:21385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27966 comm="syz.3.8106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05e4beec9 code=0x7ffc0000
[  583.987655][T27969] loop2: detected capacity change from 0 to 1024
[  584.026006][T27969] EXT4-fs: Ignoring removed orlov option
[  584.038198][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.053933][T27969] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  584.100383][T27982] loop3: detected capacity change from 0 to 1024
[  584.152937][T27982] EXT4-fs: Ignoring removed orlov option
[  584.287181][T27992] loop8: detected capacity change from 0 to 512
[  584.302114][T27992] EXT4-fs: Ignoring removed mblk_io_submit option
[  584.329835][T27992] EXT4-fs: Ignoring removed nomblk_io_submit option
[  584.331425][T27982] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  584.365926][T27992] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  584.374441][T27992] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[  584.386412][T27995] FAULT_INJECTION: forcing a failure.
[  584.386412][T27995] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.399587][T27995] CPU: 1 UID: 0 PID: 27995 Comm: syz.7.8115 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  584.399625][T27995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  584.399641][T27995] Call Trace:
[  584.399648][T27995]  <TASK>
[  584.399658][T27995]  __dump_stack+0x1d/0x30
[  584.399761][T27995]  dump_stack_lvl+0xe8/0x140
[  584.399788][T27995]  dump_stack+0x15/0x1b
[  584.399812][T27995]  should_fail_ex+0x265/0x280
[  584.399852][T27995]  should_fail+0xb/0x20
[  584.399888][T27995]  should_fail_usercopy+0x1a/0x20
[  584.399961][T27995]  _copy_from_user+0x1c/0xb0
[  584.399984][T27995]  __sys_bpf+0x178/0x7b0
[  584.400034][T27995]  __x64_sys_bpf+0x41/0x50
[  584.400170][T27995]  x64_sys_call+0x2aea/0x2ff0
[  584.400199][T27995]  do_syscall_64+0xd2/0x200
[  584.400262][T27995]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  584.400295][T27995]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  584.400341][T27995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.400412][T27995] RIP: 0033:0x7fa083cfeec9
[  584.400434][T27995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.400457][T27995] RSP: 002b:00007fa082767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  584.400479][T27995] RAX: ffffffffffffffda RBX: 00007fa083f55fa0 RCX: 00007fa083cfeec9
[  584.400496][T27995] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005
[  584.400513][T27995] RBP: 00007fa082767090 R08: 0000000000000000 R09: 0000000000000000
[  584.400608][T27995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.400622][T27995] R13: 00007fa083f56038 R14: 00007fa083f55fa0 R15: 00007ffce56cc6f8
[  584.400649][T27995]  </TASK>
[  584.587115][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.604386][T27992] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.8114: Allocating blocks 41-42 which overlap fs metadata
[  584.628473][T27999] random: crng reseeded on system resumption
[  584.648299][T27992] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.8114: Allocating blocks 41-42 which overlap fs metadata
[  584.652292][T28001] loop2: detected capacity change from 0 to 1024
[  584.668687][T27975] loop5: detected capacity change from 0 to 512
[  584.677046][T27992] EXT4-fs error (device loop8): ext4_acquire_dquot:6943: comm syz.8.8114: Failed to acquire dquot type 1
[  584.693659][T27992] EXT4-fs error (device loop8): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  584.721841][T27992] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8114: corrupted inode contents
[  584.722422][T28001] EXT4-fs: Ignoring removed orlov option
[  584.741302][T27992] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #12: comm syz.8.8114: mark_inode_dirty error
[  584.755787][T28001] EXT4-fs: Ignoring removed nobh option
[  584.757814][T27992] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8114: corrupted inode contents
[  584.761390][T28001] EXT4-fs: Ignoring removed bh option
[  584.776437][T27992] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #12: comm syz.8.8114: mark_inode_dirty error
[  584.790663][T27992] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8114: corrupted inode contents
[  584.805795][T27992] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem
[  584.814845][T27992] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8114: corrupted inode contents
[  584.827412][T27992] EXT4-fs error (device loop8): ext4_truncate:4666: inode #12: comm syz.8.8114: mark_inode_dirty error
[  584.838951][T27992] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem
[  584.843626][T28001] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  584.854220][T27992] EXT4-fs (loop8): 1 truncate cleaned up
[  584.871549][T27992] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  584.885965][T28001] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8116: Allocating blocks 465-513 which overlap fs metadata
[  584.898117][T27975] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  584.914627][T27975] ext4 filesystem being mounted at /138/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  584.929618][T28001] EXT4-fs (loop2): pa ffff8881073a8230: logic 256, phys. 369, len 9
[  584.937268][T27992] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  584.937890][T28001] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3
[  584.957321][T28001] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  584.973729][T21870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.988309][T20921] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.001271][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.024160][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.049553][T28018] loop5: detected capacity change from 0 to 1024
[  585.056541][T28018] EXT4-fs: Ignoring removed orlov option
[  585.066689][T28011] __nla_validate_parse: 9 callbacks suppressed
[  585.066707][T28011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8119'.
[  585.067402][T28018] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  585.120397][T28022] loop2: detected capacity change from 0 to 2048
[  585.155395][T28026] loop3: detected capacity change from 0 to 1024
[  585.162197][T28026] EXT4-fs: Ignoring removed orlov option
[  585.171201][T28026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  585.176820][T28022]  loop2: p2 p3 p7
[  585.197599][T28026] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8124'.
[  585.220995][T21870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.244865][T28031] random: crng reseeded on system resumption
[  585.257541][T28029] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8121'.
[  585.282012][T23446] hid_parser_main: 119 callbacks suppressed
[  585.282036][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x1
[  585.295503][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.295673][T28035] loop2: detected capacity change from 0 to 1024
[  585.302975][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.309711][T28035] EXT4-fs: Ignoring removed orlov option
[  585.316707][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.329733][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.337266][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.344801][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x4
[  585.352250][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.359660][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.367269][T23446] hid-generic 0000:0000:0000.007D: unknown main item tag 0x0
[  585.370005][T28035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  585.406068][T23446] hid-generic 0000:0000:0000.007D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  585.448033][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.457809][T28040] loop3: detected capacity change from 0 to 512
[  585.464667][T28040] EXT4-fs: Ignoring removed mblk_io_submit option
[  585.471248][T28040] EXT4-fs: Ignoring removed nomblk_io_submit option
[  585.479360][T28040] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  585.487972][T28040] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  585.504620][T28040] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8128: Allocating blocks 41-42 which overlap fs metadata
[  585.518780][T28040] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8128: Allocating blocks 41-42 which overlap fs metadata
[  585.562130][T28046] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8127'.
[  585.589404][T28048] loop5: detected capacity change from 0 to 2048
[  585.603774][T28040] EXT4-fs error (device loop3): ext4_acquire_dquot:6943: comm syz.3.8128: Failed to acquire dquot type 1
[  585.621466][T28040] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  585.640457][T28040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8128: corrupted inode contents
[  585.653793][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  585.659643][T28048]  loop5: p2 p3 p7
[  585.667632][T28040] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.8128: mark_inode_dirty error
[  585.723988][T28040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8128: corrupted inode contents
[  585.737574][T28040] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8128: mark_inode_dirty error
[  585.760929][T28040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8128: corrupted inode contents
[  585.766162][T28056] loop5: detected capacity change from 0 to 1024
[  585.774524][T28040] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  585.788406][T28040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8128: corrupted inode contents
[  585.801319][T28056] EXT4-fs: Ignoring removed orlov option
[  585.802098][T28040] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.8128: mark_inode_dirty error
[  585.848517][T28056] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  585.867085][T28040] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  585.885194][T28061] loop2: detected capacity change from 0 to 512
[  585.924988][T28040] EXT4-fs (loop3): 1 truncate cleaned up
[  585.931260][T28040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  585.998353][T28061] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  586.054094][T28050] loop7: detected capacity change from 0 to 512
[  586.077726][T28061] EXT4-fs (loop2): orphan cleanup on readonly fs
[  586.099914][T21870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.113306][T28061] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.8136: corrupted inode contents
[  586.148330][T28061] EXT4-fs (loop2): Remounting filesystem read-only
[  586.160547][T28068] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=265 sclass=netlink_tcpdiag_socket pid=28068 comm=syz.3.8137
[  586.165514][T28061] EXT4-fs (loop2): 1 truncate cleaned up
[  586.179879][ T4934] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  586.190499][ T4934] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  586.206180][ T4934] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  586.220366][T28050] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.231484][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.236371][T28050] ext4 filesystem being mounted at /239/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  586.257283][T28061] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  586.257873][T28061] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.324660][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.370591][T28083] random: crng reseeded on system resumption
[  586.377006][T28084] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8144'.
[  586.386132][T28084] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8144'.
[  586.411940][T28082] loop7: detected capacity change from 0 to 2048
[  586.439882][T28084] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8144'.
[  586.449034][T28084] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8144'.
[  586.487246][T28082]  loop7: p2 p3 p7
[  586.527606][T28084] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8144'.
[  586.536845][T28084] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8144'.
[  586.582150][T28092] loop5: detected capacity change from 0 to 2048
[  586.651591][T28092]  loop5: p2 p3 p7
[  586.774980][T28111] loop5: detected capacity change from 0 to 512
[  586.823840][T28111] EXT4-fs: Ignoring removed mblk_io_submit option
[  586.830393][T28111] EXT4-fs: Ignoring removed nomblk_io_submit option
[  586.891623][T28111] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  586.900148][T28111] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  586.976120][T28111] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8154: Allocating blocks 41-42 which overlap fs metadata
[  586.993643][T28111] EXT4-fs error (device loop5): ext4_acquire_dquot:6943: comm syz.5.8154: Failed to acquire dquot type 1
[  587.025697][T28111] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  587.075984][T28111] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8154: corrupted inode contents
[  587.118478][T28111] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #12: comm syz.5.8154: mark_inode_dirty error
[  587.133970][T28107] loop7: detected capacity change from 0 to 512
[  587.152180][T28111] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8154: corrupted inode contents
[  587.167452][T28111] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #12: comm syz.5.8154: mark_inode_dirty error
[  587.221740][T28111] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8154: corrupted inode contents
[  587.236832][T28107] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  587.256584][T28107] ext4 filesystem being mounted at /244/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  587.265098][T28120] random: crng reseeded on system resumption
[  587.268166][T28111] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[  587.283027][T28111] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8154: corrupted inode contents
[  587.295203][T28111] EXT4-fs error (device loop5): ext4_truncate:4666: inode #12: comm syz.5.8154: mark_inode_dirty error
[  587.307692][T28111] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[  587.318873][T28111] EXT4-fs (loop5): 1 truncate cleaned up
[  587.326297][T28111] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  587.372465][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.388680][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.477809][T28126] loop7: detected capacity change from 0 to 2048
[  587.553270][T28126]  loop7: p2 p3 p7
[  587.626567][T28141] loop7: detected capacity change from 0 to 1024
[  587.647047][T28141] EXT4-fs: Ignoring removed orlov option
[  587.681889][T28141] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  587.782172][T28145] Illegal XDP return value 4294967283 on prog  (id 5262) dev N/A, expect packet loss!
[  587.963385][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.986058][T28145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  587.993668][T28145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  588.007270][T28145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  588.014930][T28145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  588.204041][T28154] loop8: detected capacity change from 0 to 512
[  588.244371][T28154] EXT4-fs: Ignoring removed mblk_io_submit option
[  588.250879][T28154] EXT4-fs: Ignoring removed nomblk_io_submit option
[  588.270522][T28154] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  588.272959][T28156] random: crng reseeded on system resumption
[  588.279157][T28154] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[  588.353857][T28154] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.8170: Allocating blocks 41-42 which overlap fs metadata
[  588.383094][T28154] __quota_error: 30 callbacks suppressed
[  588.383115][T28154] Quota error (device loop8): write_blk: dquota write failed
[  588.396215][T28154] Quota error (device loop8): find_free_dqentry: Can't write quota data block 5
[  588.482496][T28154] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.8170: Allocating blocks 41-42 which overlap fs metadata
[  588.502507][T28150] loop7: detected capacity change from 0 to 512
[  588.551596][T28154] Quota error (device loop8): write_blk: dquota write failed
[  588.565368][T28154] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota
[  588.576171][   T29] audit: type=1326 audit(1759260808.992:21399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.5.8175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  588.611330][T28154] EXT4-fs error (device loop8): ext4_acquire_dquot:6943: comm syz.8.8170: Failed to acquire dquot type 1
[  588.613485][   T29] audit: type=1326 audit(1759260808.992:21400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.5.8175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  588.646214][   T29] audit: type=1326 audit(1759260808.992:21401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.5.8175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  588.669937][   T29] audit: type=1326 audit(1759260808.992:21402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.5.8175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  588.693642][   T29] audit: type=1326 audit(1759260808.992:21403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.5.8175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  588.717315][   T29] audit: type=1326 audit(1759260808.992:21404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28165 comm="syz.5.8175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  588.744491][T28154] EXT4-fs error (device loop8): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  588.801537][T28154] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8170: corrupted inode contents
[  588.820875][T28113] loop2: detected capacity change from 0 to 512
[  588.845788][T28154] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #12: comm syz.8.8170: mark_inode_dirty error
[  588.867226][T28154] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8170: corrupted inode contents
[  588.893244][T28154] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #12: comm syz.8.8170: mark_inode_dirty error
[  588.897824][T28150] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  588.920384][T28154] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8170: corrupted inode contents
[  588.944723][T28154] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem
[  588.958899][T28154] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8170: corrupted inode contents
[  588.965464][T28150] ext4 filesystem being mounted at /247/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  588.985038][T28113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  588.992270][T28154] EXT4-fs error (device loop8): ext4_truncate:4666: inode #12: comm syz.8.8170: mark_inode_dirty error
[  589.010631][T28113] ext4 filesystem being mounted at /530/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  589.032308][T28154] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem
[  589.041450][T28154] EXT4-fs (loop8): 1 truncate cleaned up
[  589.060881][T28154] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.081299][T28113] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.8156: corrupted inode contents
[  589.100893][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.111723][T20921] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.137805][T28113] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.8156: mark_inode_dirty error
[  589.167755][T28113] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.8156: corrupted inode contents
[  589.216904][T28189] batman_adv: batadv0: Adding interface: dummy0
[  589.223281][T28189] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.248581][T28189] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  589.269893][T28191] random: crng reseeded on system resumption
[  589.291504][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.514923][T28196] Set syz1 is full, maxelem 65536 reached
[  589.570570][T28206] loop8: detected capacity change from 0 to 1024
[  589.596617][T28206] EXT4-fs: Ignoring removed orlov option
[  589.605301][T28206] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.677757][T28215] loop3: detected capacity change from 0 to 512
[  589.685129][T28215] EXT4-fs: Ignoring removed mblk_io_submit option
[  589.714618][T28215] EXT4-fs: Ignoring removed nomblk_io_submit option
[  589.726428][T28218] loop5: detected capacity change from 0 to 1024
[  589.755256][T28215] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  589.758754][T28218] EXT4-fs: Ignoring removed bh option
[  589.763801][T28215] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  589.769422][T28218] EXT4-fs: inline encryption not supported
[  589.791059][T28222] random: crng reseeded on system resumption
[  589.812070][T28218] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  589.830983][T28218] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  589.846289][T28215] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8191: Allocating blocks 41-42 which overlap fs metadata
[  589.866194][T28218] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.8192: lblock 2 mapped to illegal pblock 2 (length 1)
[  589.874228][T28215] EXT4-fs error (device loop3): ext4_acquire_dquot:6943: comm syz.3.8191: Failed to acquire dquot type 1
[  589.895319][T28218] EXT4-fs (loop5): Remounting filesystem read-only
[  589.953336][T28218] EXT4-fs (loop5): 1 orphan inode deleted
[  589.959749][T28215] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  589.977572][T28218] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  590.012341][T28215] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8191: corrupted inode contents
[  590.031230][T28215] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.8191: mark_inode_dirty error
[  590.044378][T28215] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8191: corrupted inode contents
[  590.070089][T20921] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.080172][T28215] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8191: mark_inode_dirty error
[  590.108677][T28215] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8191: corrupted inode contents
[  590.139335][T28215] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  590.156218][T28215] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8191: corrupted inode contents
[  590.203818][T28215] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.8191: mark_inode_dirty error
[  590.215371][T28215] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  590.225012][T28215] EXT4-fs (loop3): 1 truncate cleaned up
[  590.254469][T28215] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  590.317784][T21870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.324846][T28213] loop2: detected capacity change from 0 to 512
[  590.366255][T28239] loop7: detected capacity change from 0 to 1024
[  590.387158][T28241] loop3: detected capacity change from 0 to 512
[  590.393251][T28239] EXT4-fs: Ignoring removed bh option
[  590.399082][T28239] EXT4-fs: inline encryption not supported
[  590.400490][T28241] EXT4-fs: Ignoring removed mblk_io_submit option
[  590.411197][T28239] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  590.425002][T28241] EXT4-fs: Ignoring removed nomblk_io_submit option
[  590.426317][T25718] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.441106][T28241] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  590.441165][T28239] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  590.449696][T28241] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  590.479010][T28213] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  590.497023][T28239] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.8201: lblock 2 mapped to illegal pblock 2 (length 1)
[  590.513069][T28241] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8200: Allocating blocks 41-42 which overlap fs metadata
[  590.530330][T28213] ext4 filesystem being mounted at /532/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  590.542709][T28239] EXT4-fs (loop7): Remounting filesystem read-only
[  590.549416][T28239] EXT4-fs (loop7): 1 orphan inode deleted
[  590.560231][T28241] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8200: Allocating blocks 41-42 which overlap fs metadata
[  590.579439][T28248] __nla_validate_parse: 4 callbacks suppressed
[  590.579460][T28248] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8202'.
[  590.596505][T28239] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  590.626518][T21350] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.641947][T28241] EXT4-fs error (device loop3): ext4_acquire_dquot:6943: comm syz.3.8200: Failed to acquire dquot type 1
[  590.690512][T28241] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  590.744019][T28241] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8200: corrupted inode contents
[  590.761138][T28241] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.8200: mark_inode_dirty error
[  590.774329][T28241] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8200: corrupted inode contents
[  590.799127][T28241] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8200: mark_inode_dirty error
[  590.875340][T28241] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8200: corrupted inode contents
[  590.911990][T28241] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  590.943328][T24451] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.945130][T28241] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8200: corrupted inode contents
[  590.969852][T28241] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.8200: mark_inode_dirty error
[  590.981301][T28241] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  590.992157][T28241] EXT4-fs (loop3): 1 truncate cleaned up
[  590.999193][T28241] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  591.030732][T28241] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  591.054092][T21870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  591.077052][T28270] loop7: detected capacity change from 0 to 512
[  591.083907][T28270] EXT4-fs: Ignoring removed mblk_io_submit option
[  591.090540][T28270] EXT4-fs: Ignoring removed nomblk_io_submit option
[  591.098887][T28270] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  591.107477][T28270] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  591.131109][T28270] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4183: comm syz.7.8209: Allocating blocks 41-42 which overlap fs metadata
[  591.155253][T28270] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4183: comm syz.7.8209: Allocating blocks 41-42 which overlap fs metadata
[  591.189730][T28279] loop3: detected capacity change from 0 to 1024
[  591.196516][T28279] EXT4-fs: Ignoring removed bh option
[  591.202141][T28279] EXT4-fs: inline encryption not supported
[  591.211275][T28279] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  591.218424][T28270] EXT4-fs error (device loop7): ext4_acquire_dquot:6943: comm syz.7.8209: Failed to acquire dquot type 1
[  591.235200][T28270] EXT4-fs error (device loop7): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  591.250697][T28279] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  591.251413][T28270] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8209: corrupted inode contents
[  591.272806][T28279] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.8212: lblock 2 mapped to illegal pblock 2 (length 1)
[  591.275427][T28270] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #12: comm syz.7.8209: mark_inode_dirty error
[  591.291365][T28279] EXT4-fs (loop3): Remounting filesystem read-only
[  591.298991][T28270] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8209: corrupted inode contents
[  591.319555][T28270] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #12: comm syz.7.8209: mark_inode_dirty error
[  591.331271][T28270] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8209: corrupted inode contents
[  591.346473][T28270] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem
[  591.346487][T28279] EXT4-fs (loop3): 1 orphan inode deleted
[  591.346628][T28270] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8209: corrupted inode contents
[  591.394605][T28270] EXT4-fs error (device loop7): ext4_truncate:4666: inode #12: comm syz.7.8209: mark_inode_dirty error
[  591.409622][T23448] hid_parser_main: 28 callbacks suppressed
[  591.409639][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.422971][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.430382][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.437909][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.445358][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.452903][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.460418][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.467918][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.472244][T28270] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem
[  591.475532][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.491753][T23448] hid-generic 0000:0000:0000.007E: unknown main item tag 0x0
[  591.492095][T28270] EXT4-fs (loop7): 1 truncate cleaned up
[  591.576668][T28284] loop2: detected capacity change from 0 to 2048
[  591.592155][T23448] hid-generic 0000:0000:0000.007E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  591.626618][T28270] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  591.641028][T28284]  loop2: p2 p3 p7
[  591.692474][T28289] random: crng reseeded on system resumption
[  591.740101][T28291] loop3: detected capacity change from 0 to 1024
[  591.759141][T28291] EXT4-fs: Ignoring removed bh option
[  591.789210][T28291] EXT4-fs: inline encryption not supported
[  591.795406][T28291] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  591.814893][T28291] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  591.825324][T28291] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.8217: lblock 2 mapped to illegal pblock 2 (length 1)
[  591.839503][T28291] EXT4-fs (loop3): Remounting filesystem read-only
[  591.846342][T28291] EXT4-fs (loop3): 1 orphan inode deleted
[  591.903790][T28304] random: crng reseeded on system resumption
[  591.985024][T28296] Set syz1 is full, maxelem 65536 reached
[  591.998849][T23448] hid-generic 0000:0000:0000.007F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  592.059060][T28314] loop7: detected capacity change from 0 to 1024
[  592.071281][T28314] EXT4-fs: Ignoring removed bh option
[  592.076842][T28314] EXT4-fs: inline encryption not supported
[  592.084546][T28314] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  592.127339][T28314] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  592.165121][T28314] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.8227: lblock 2 mapped to illegal pblock 2 (length 1)
[  592.180655][T28314] EXT4-fs (loop7): Remounting filesystem read-only
[  592.193365][T28314] EXT4-fs (loop7): 1 orphan inode deleted
[  592.324518][T28323] FAULT_INJECTION: forcing a failure.
[  592.324518][T28323] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  592.337700][T28323] CPU: 1 UID: 0 PID: 28323 Comm: syz.2.8230 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  592.337778][T28323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  592.337822][T28323] Call Trace:
[  592.337831][T28323]  <TASK>
[  592.337842][T28323]  __dump_stack+0x1d/0x30
[  592.337871][T28323]  dump_stack_lvl+0xe8/0x140
[  592.337894][T28323]  dump_stack+0x15/0x1b
[  592.337953][T28323]  should_fail_ex+0x265/0x280
[  592.337992][T28323]  should_fail+0xb/0x20
[  592.338027][T28323]  should_fail_usercopy+0x1a/0x20
[  592.338101][T28323]  copy_fpstate_to_sigframe+0x628/0x7d0
[  592.338168][T28323]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  592.338212][T28323]  ? x86_task_fpu+0x36/0x60
[  592.338242][T28323]  get_sigframe+0x34d/0x490
[  592.338259][T28323]  ? get_signal+0xdc8/0xf70
[  592.338352][T28323]  x64_setup_rt_frame+0xa8/0x580
[  592.338380][T28323]  arch_do_signal_or_restart+0x27c/0x480
[  592.338438][T28323]  exit_to_user_mode_loop+0x7a/0x100
[  592.338473][T28323]  do_syscall_64+0x1d6/0x200
[  592.338497][T28323]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  592.338631][T28323]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  592.338665][T28323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.338692][T28323] RIP: 0033:0x7f96aef5eec9
[  592.338775][T28323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.338800][T28323] RSP: 002b:00007f96ad9bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  592.338820][T28323] RAX: fffffffffffffffc RBX: 00007f96af1b5fa0 RCX: 00007f96aef5eec9
[  592.338836][T28323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  592.338852][T28323] RBP: 00007f96ad9bf090 R08: 0000000000000000 R09: 0000000000000000
[  592.338906][T28323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.338918][T28323] R13: 00007f96af1b6038 R14: 00007f96af1b5fa0 R15: 00007fff91740d18
[  592.338938][T28323]  </TASK>
[  592.583298][T28332] random: crng reseeded on system resumption
[  592.677507][T28338] loop2: detected capacity change from 0 to 2048
[  592.724954][T28342] loop8: detected capacity change from 0 to 2048
[  592.732388][T28338]  loop2: p2 p3 p7
[  592.748469][T28344] loop5: detected capacity change from 0 to 2048
[  592.800424][T28344]  loop5: p2 p3 p7
[  592.815096][T28349] loop3: detected capacity change from 0 to 2048
[  592.828936][T28352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.832493][T28342]  loop8: p2 p3 p7
[  592.840987][T28352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.877783][T28349]  loop3: p2 p3 p7
[  592.888241][T23448] hid-generic 0000:0000:0000.0080: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  592.954486][T28366] random: crng reseeded on system resumption
[  592.997302][T28368] loop7: detected capacity change from 0 to 1024
[  593.006614][T28371] loop3: detected capacity change from 0 to 1024
[  593.014737][T28371] EXT4-fs: Ignoring removed orlov option
[  593.030432][T28368] EXT4-fs: Ignoring removed bh option
[  593.053405][T28368] EXT4-fs: inline encryption not supported
[  593.072043][T28368] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  593.187969][T28368] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  593.196823][T28378] FAULT_INJECTION: forcing a failure.
[  593.196823][T28378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  593.209948][T28378] CPU: 1 UID: 0 PID: 28378 Comm: syz.5.8254 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  593.210033][T28378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  593.210049][T28378] Call Trace:
[  593.210057][T28378]  <TASK>
[  593.210067][T28378]  __dump_stack+0x1d/0x30
[  593.210092][T28378]  dump_stack_lvl+0xe8/0x140
[  593.210115][T28378]  dump_stack+0x15/0x1b
[  593.210150][T28378]  should_fail_ex+0x265/0x280
[  593.210204][T28378]  should_fail+0xb/0x20
[  593.210231][T28378]  should_fail_usercopy+0x1a/0x20
[  593.210328][T28378]  _copy_from_user+0x1c/0xb0
[  593.210349][T28378]  autofs_dev_ioctl+0xdd/0x6a0
[  593.210384][T28378]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[  593.210444][T28378]  __se_sys_ioctl+0xce/0x140
[  593.210465][T28378]  __x64_sys_ioctl+0x43/0x50
[  593.210545][T28378]  x64_sys_call+0x1816/0x2ff0
[  593.210570][T28378]  do_syscall_64+0xd2/0x200
[  593.210648][T28378]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  593.210746][T28378]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  593.210782][T28378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.210806][T28378] RIP: 0033:0x7fde436aeec9
[  593.210823][T28378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  593.210845][T28378] RSP: 002b:00007fde4210f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  593.210935][T28378] RAX: ffffffffffffffda RBX: 00007fde43905fa0 RCX: 00007fde436aeec9
[  593.210950][T28378] RDX: 0000200000000200 RSI: 00000000c018937e RDI: 0000000000000004
[  593.210964][T28378] RBP: 00007fde4210f090 R08: 0000000000000000 R09: 0000000000000000
[  593.210978][T28378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  593.210991][T28378] R13: 00007fde43906038 R14: 00007fde43905fa0 R15: 00007ffcb93f20a8
[  593.211013][T28378]  </TASK>
[  593.241180][T28368] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.8251: lblock 2 mapped to illegal pblock 2 (length 1)
[  593.412582][T28368] EXT4-fs (loop7): Remounting filesystem read-only
[  593.419152][T28368] __quota_error: 62 callbacks suppressed
[  593.419173][T28368] Quota error (device loop7): qtree_write_dquot: dquota write failed
[  593.437468][T28368] Quota error (device loop7): v2_write_file_info: Can't write info structure
[  593.467746][T28368] EXT4-fs (loop7): 1 orphan inode deleted
[  593.533570][T28384] loop3: detected capacity change from 0 to 2048
[  593.581957][T28384]  loop3: p2 p3 p7
[  593.707111][   T29] audit: type=1400 audit(1759260814.122:21446): avc:  denied  { read } for  pid=28393 comm="syz.2.8263" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  593.730745][   T29] audit: type=1400 audit(1759260814.122:21447): avc:  denied  { open } for  pid=28393 comm="syz.2.8263" path="/dev/usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  593.775166][T28395] loop3: detected capacity change from 0 to 512
[  593.792021][T28395] EXT4-fs: Ignoring removed mblk_io_submit option
[  593.808805][T28395] EXT4-fs: Ignoring removed nomblk_io_submit option
[  593.823354][T28395] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  593.831940][T28395] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  593.893970][T28395] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8262: Allocating blocks 41-42 which overlap fs metadata
[  593.928539][T28395] Quota error (device loop3): write_blk: dquota write failed
[  593.936171][T28395] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5
[  593.946352][T28395] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8262: Allocating blocks 41-42 which overlap fs metadata
[  593.962989][T28395] Quota error (device loop3): write_blk: dquota write failed
[  593.985521][T28395] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  593.995993][T28395] EXT4-fs error (device loop3): ext4_acquire_dquot:6943: comm syz.3.8262: Failed to acquire dquot type 1
[  594.012163][T28395] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  594.051774][T28395] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8262: corrupted inode contents
[  594.061536][T28401] loop7: detected capacity change from 0 to 1024
[  594.092077][T28401] EXT4-fs: Ignoring removed orlov option
[  594.097859][T28401] EXT4-fs: Ignoring removed nobh option
[  594.103539][T28401] EXT4-fs: Ignoring removed bh option
[  594.108979][T28395] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.8262: mark_inode_dirty error
[  594.133554][T28395] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8262: corrupted inode contents
[  594.162582][T28395] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8262: mark_inode_dirty error
[  594.183420][T28395] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8262: corrupted inode contents
[  594.206771][T28401] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4183: comm syz.7.8264: Allocating blocks 481-513 which overlap fs metadata
[  594.261155][T28395] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  594.276721][T28401] EXT4-fs (loop7): pa ffff8881073a81c0: logic 352, phys. 465, len 3
[  594.284859][T28401] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[  594.311743][T28395] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8262: corrupted inode contents
[  594.401920][T28395] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.8262: mark_inode_dirty error
[  594.424381][T28395] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  594.456288][T28395] EXT4-fs (loop3): 1 truncate cleaned up
[  594.522017][T28395] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  594.546103][T28408] loop7: detected capacity change from 0 to 1024
[  594.552797][T28408] EXT4-fs: Ignoring removed orlov option
[  594.573042][T28394] loop5: detected capacity change from 0 to 512
[  594.684975][T28412] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8265'.
[  594.736842][T28394] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  594.869748][T28421] loop7: detected capacity change from 0 to 1024
[  594.908488][T28421] EXT4-fs: Ignoring removed orlov option
[  595.045181][T28430] loop3: detected capacity change from 0 to 512
[  595.108794][T28433] loop5: detected capacity change from 0 to 1024
[  595.142350][T28433] EXT4-fs: Ignoring removed bh option
[  595.147869][T28433] EXT4-fs: inline encryption not supported
[  595.184231][T28433] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  595.213713][T23455] hid-generic 0000:0000:0000.0081: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  595.225010][T28433] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  595.267939][T28433] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.8274: lblock 2 mapped to illegal pblock 2 (length 1)
[  595.324493][T28440] loop3: detected capacity change from 0 to 1024
[  595.330995][T28433] EXT4-fs (loop5): Remounting filesystem read-only
[  595.337634][T28433] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  595.359759][T28444] loop8: detected capacity change from 0 to 2048
[  595.366515][T28440] EXT4-fs: Ignoring removed orlov option
[  595.381478][T28433] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  595.438054][T28433] EXT4-fs (loop5): 1 orphan inode deleted
[  595.456839][T28444]  loop8: p2 p3 p7
[  595.517372][T28454] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8277'.
[  595.565675][T28456] loop8: detected capacity change from 0 to 512
[  595.581955][T28446] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8280'.
[  595.591424][T28456] EXT4-fs: Ignoring removed mblk_io_submit option
[  595.608716][T28456] EXT4-fs: Ignoring removed nomblk_io_submit option
[  595.622172][T28456] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  595.630652][T28456] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[  595.674845][T28456] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.8283: Allocating blocks 41-42 which overlap fs metadata
[  595.692631][T28461] random: crng reseeded on system resumption
[  595.727300][T28456] EXT4-fs error (device loop8): ext4_acquire_dquot:6943: comm syz.8.8283: Failed to acquire dquot type 1
[  595.738974][T28456] EXT4-fs error (device loop8): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  595.753853][T28456] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8283: corrupted inode contents
[  595.775840][T28456] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #12: comm syz.8.8283: mark_inode_dirty error
[  595.793337][T28456] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8283: corrupted inode contents
[  595.809645][T28456] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #12: comm syz.8.8283: mark_inode_dirty error
[  595.858933][T28456] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8283: corrupted inode contents
[  595.881445][T28456] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem
[  595.881931][T28471] loop2: detected capacity change from 0 to 512
[  595.899346][T28456] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #12: comm syz.8.8283: corrupted inode contents
[  595.900677][T28471] EXT4-fs: Ignoring removed mblk_io_submit option
[  595.920399][T28471] EXT4-fs: Ignoring removed nomblk_io_submit option
[  595.921771][T28456] EXT4-fs error (device loop8): ext4_truncate:4666: inode #12: comm syz.8.8283: mark_inode_dirty error
[  595.951638][T28456] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem
[  595.951911][T28471] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  595.969069][T28471] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  595.979362][T28456] EXT4-fs (loop8): 1 truncate cleaned up
[  595.985300][T28475] loop3: detected capacity change from 0 to 2048
[  596.000223][T28456] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  596.010397][T28471] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8290: Allocating blocks 41-42 which overlap fs metadata
[  596.032347][T28471] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8290: Allocating blocks 41-42 which overlap fs metadata
[  596.055139][T28471] EXT4-fs error (device loop2): ext4_acquire_dquot:6943: comm syz.2.8290: Failed to acquire dquot type 1
[  596.061249][T28475]  loop3: p2 p3 p7
[  596.066957][T28471] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  596.084891][T28471] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8290: corrupted inode contents
[  596.098945][T28471] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #12: comm syz.2.8290: mark_inode_dirty error
[  596.111720][T28471] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8290: corrupted inode contents
[  596.132102][T28471] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.8290: mark_inode_dirty error
[  596.161040][T28471] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8290: corrupted inode contents
[  596.177609][T28471] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  596.188644][T28471] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8290: corrupted inode contents
[  596.203913][T28471] EXT4-fs error (device loop2): ext4_truncate:4666: inode #12: comm syz.2.8290: mark_inode_dirty error
[  596.218601][T28471] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  596.253158][T28471] EXT4-fs (loop2): 1 truncate cleaned up
[  596.383105][T28493] loop2: detected capacity change from 0 to 1024
[  596.415536][T28493] EXT4-fs: Ignoring removed bh option
[  596.445650][T28493] EXT4-fs: inline encryption not supported
[  596.474868][T28493] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  596.507381][T28493] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  596.518927][T28493] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.8298: lblock 2 mapped to illegal pblock 2 (length 1)
[  596.548008][T28493] EXT4-fs (loop2): Remounting filesystem read-only
[  596.564860][T28493] EXT4-fs (loop2): 1 orphan inode deleted
[  596.619242][T28499] wireguard0: entered promiscuous mode
[  596.624793][T28499] wireguard0: entered allmulticast mode
[  596.705525][T28484] loop3: detected capacity change from 0 to 512
[  596.721282][T28502] random: crng reseeded on system resumption
[  596.798943][T28484] ext4 filesystem being mounted at /466/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  596.977508][T28514] loop5: detected capacity change from 0 to 1024
[  596.993019][T28514] EXT4-fs: Ignoring removed orlov option
[  597.036712][T28519] loop2: detected capacity change from 0 to 512
[  597.043518][T28519] EXT4-fs: Ignoring removed mblk_io_submit option
[  597.049602][T28523] loop3: detected capacity change from 0 to 2048
[  597.051794][T28519] EXT4-fs: Ignoring removed nomblk_io_submit option
[  597.064216][T28525] random: crng reseeded on system resumption
[  597.082206][T28519] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  597.090834][T28519] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  597.103434][T28527] 9pnet_fd: Insufficient options for proto=fd
[  597.116146][T28523]  loop3: p2 p3 p7
[  597.147622][T28519] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8307: Allocating blocks 41-42 which overlap fs metadata
[  597.159243][T28532] loop5: detected capacity change from 0 to 1024
[  597.168803][T28532] EXT4-fs: Ignoring removed orlov option
[  597.174874][T28532] EXT4-fs: Ignoring removed nobh option
[  597.180502][T28532] EXT4-fs: Ignoring removed bh option
[  597.190292][T23446] hid_parser_main: 152 callbacks suppressed
[  597.190313][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x1
[  597.203791][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.211203][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.218687][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.226221][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.233737][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.241193][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x4
[  597.248750][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.256192][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.263640][T23446] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  597.274431][T28519] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8307: Allocating blocks 41-42 which overlap fs metadata
[  597.289408][T28519] EXT4-fs error (device loop2): ext4_acquire_dquot:6943: comm syz.2.8307: Failed to acquire dquot type 1
[  597.308236][T28532] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8313: Allocating blocks 465-513 which overlap fs metadata
[  597.323730][T28519] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  597.339370][T28532] EXT4-fs (loop5): pa ffff88810724cd90: logic 256, phys. 369, len 9
[  597.347562][T28532] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3
[  597.360190][T28519] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8307: corrupted inode contents
[  597.383519][T23446] hid-generic 0000:0000:0000.0082: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  597.394682][T28519] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #12: comm syz.2.8307: mark_inode_dirty error
[  597.406576][T28532] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  597.439301][T28519] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8307: corrupted inode contents
[  597.469213][T28519] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.8307: mark_inode_dirty error
[  597.486981][T28519] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8307: corrupted inode contents
[  597.504869][T28519] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  597.514896][T28519] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.8307: corrupted inode contents
[  597.551557][T28519] EXT4-fs error (device loop2): ext4_truncate:4666: inode #12: comm syz.2.8307: mark_inode_dirty error
[  597.552092][T28539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8315'.
[  597.565625][T28519] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  597.581229][T28519] EXT4-fs (loop2): 1 truncate cleaned up
[  597.659712][T28547] loop2: detected capacity change from 0 to 1024
[  597.692215][T28547] EXT4-fs: Ignoring removed orlov option
[  597.703587][T28553] random: crng reseeded on system resumption
[  597.733810][T28556] loop3: detected capacity change from 0 to 2048
[  597.808831][T28558] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8318'.
[  597.900837][T28556]  loop3: p2 p3 p7
[  597.995059][T23455] hid-generic 0000:0000:0000.0083: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  598.105022][T28570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8327'.
[  598.158481][T28582] random: crng reseeded on system resumption
[  598.229030][T28586] loop5: detected capacity change from 0 to 2048
[  598.243091][T28590] SELinux:  Context unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 is not valid (left unmapped).
[  598.295296][T28537] loop8: detected capacity change from 0 to 512
[  598.316129][T28599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.324694][T28599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.366998][T28586]  loop5: p2 p3 p7
[  598.439850][T28537] ext4 filesystem being mounted at /476/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  598.498605][T28609] random: crng reseeded on system resumption
[  598.513424][T28611] random: crng reseeded on system resumption
[  598.563327][T28617] loop7: detected capacity change from 0 to 2048
[  598.596885][T28617]  loop7: p2 p3 p7
[  598.804031][T28625] Set syz1 is full, maxelem 65536 reached
[  598.853471][T28634] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8356'.
[  598.864018][T28638] random: crng reseeded on system resumption
[  598.949373][   T29] kauditd_printk_skb: 22 callbacks suppressed
[  598.949388][   T29] audit: type=1326 audit(1759260819.362:21457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28645 comm="syz.2.8361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  598.980186][   T29] audit: type=1326 audit(1759260819.392:21458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28645 comm="syz.2.8361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  599.003919][   T29] audit: type=1326 audit(1759260819.392:21459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28645 comm="syz.2.8361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  599.027662][   T29] audit: type=1326 audit(1759260819.392:21460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28645 comm="syz.2.8361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f96aef5eec9 code=0x7ffc0000
[  599.196383][T28653] Set syz1 is full, maxelem 65536 reached
[  599.305124][T28667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.352812][T28667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.466153][T28664] Set syz1 is full, maxelem 65536 reached
[  599.514707][T28672] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8370'.
[  599.650079][T28688] loop7: detected capacity change from 0 to 2048
[  599.670625][   T29] audit: type=1326 audit(1759260820.082:21461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28689 comm="syz.5.8377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  599.698247][   T29] audit: type=1326 audit(1759260820.112:21462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28689 comm="syz.5.8377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  599.721945][   T29] audit: type=1326 audit(1759260820.112:21463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28689 comm="syz.5.8377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  599.745543][   T29] audit: type=1326 audit(1759260820.112:21464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28689 comm="syz.5.8377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  599.769084][   T29] audit: type=1326 audit(1759260820.112:21465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28689 comm="syz.5.8377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  599.792721][   T29] audit: type=1326 audit(1759260820.112:21466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28689 comm="syz.5.8377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  599.824539][T28688] Alternate GPT is invalid, using primary GPT.
[  599.830980][T28688]  loop7: p1 p2 p3
[  599.869977][T28696] loop2: detected capacity change from 0 to 1024
[  599.877503][T28696] EXT4-fs: Ignoring removed orlov option
[  599.890820][T28696] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8380'.
[  599.910381][T28700] loop9: detected capacity change from 0 to 7
[  600.089354][T28704] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8382'.
[  600.236880][T28720] FAULT_INJECTION: forcing a failure.
[  600.236880][T28720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  600.250034][T28720] CPU: 1 UID: 0 PID: 28720 Comm: syz.3.8389 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  600.250062][T28720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  600.250075][T28720] Call Trace:
[  600.250082][T28720]  <TASK>
[  600.250119][T28720]  __dump_stack+0x1d/0x30
[  600.250147][T28720]  dump_stack_lvl+0xe8/0x140
[  600.250194][T28720]  dump_stack+0x15/0x1b
[  600.250234][T28720]  should_fail_ex+0x265/0x280
[  600.250369][T28720]  should_fail+0xb/0x20
[  600.250400][T28720]  should_fail_usercopy+0x1a/0x20
[  600.250441][T28720]  _copy_from_user+0x1c/0xb0
[  600.250526][T28720]  sock_do_ioctl+0xe6/0x220
[  600.250548][T28720]  sock_ioctl+0x41b/0x610
[  600.250663][T28720]  ? __pfx_sock_ioctl+0x10/0x10
[  600.250708][T28720]  __se_sys_ioctl+0xce/0x140
[  600.250810][T28720]  __x64_sys_ioctl+0x43/0x50
[  600.250855][T28720]  x64_sys_call+0x1816/0x2ff0
[  600.250884][T28720]  do_syscall_64+0xd2/0x200
[  600.250910][T28720]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  600.250943][T28720]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  600.250989][T28720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.251015][T28720] RIP: 0033:0x7fb05e4beec9
[  600.251035][T28720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.251061][T28720] RSP: 002b:00007fb05cf27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  600.251086][T28720] RAX: ffffffffffffffda RBX: 00007fb05e715fa0 RCX: 00007fb05e4beec9
[  600.251213][T28720] RDX: 0000200000000100 RSI: 0000000000008943 RDI: 0000000000000007
[  600.251230][T28720] RBP: 00007fb05cf27090 R08: 0000000000000000 R09: 0000000000000000
[  600.251247][T28720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.251263][T28720] R13: 00007fb05e716038 R14: 00007fb05e715fa0 R15: 00007ffceca77788
[  600.251308][T28720]  </TASK>
[  600.446344][T28702] loop2: detected capacity change from 0 to 512
[  600.558610][T28702] ext4 filesystem being mounted at /564/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  600.652940][T28731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  600.671904][T28731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.794575][T28739] netlink: 4 bytes leftover after parsing attributes in process `syz.8.8396'.
[  600.879014][T28751] random: crng reseeded on system resumption
[  600.915889][T28754] random: crng reseeded on system resumption
[  600.933699][T23457] hid-generic 0000:0000:0000.0084: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  601.098705][T28767] loop3: detected capacity change from 0 to 1024
[  601.122126][T28767] EXT4-fs: Ignoring removed bh option
[  601.134164][T28767] EXT4-fs: inline encryption not supported
[  601.152473][T28767] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  601.194027][T28767] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  601.205883][T28767] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.8407: lblock 2 mapped to illegal pblock 2 (length 1)
[  601.249496][T28767] EXT4-fs (loop3): Remounting filesystem read-only
[  601.269845][T28767] EXT4-fs (loop3): 1 orphan inode deleted
[  601.320089][T28776] 9pnet_fd: Insufficient options for proto=fd
[  601.461066][T23455] hid-generic 0000:0000:0000.0085: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  601.518189][T28785] loop2: detected capacity change from 0 to 1024
[  601.532257][T28785] EXT4-fs: Ignoring removed orlov option
[  601.548255][T28785] EXT4-fs: Ignoring removed nobh option
[  601.554022][T28785] EXT4-fs: Ignoring removed bh option
[  601.581901][T28785] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.8415: Allocating blocks 481-513 which overlap fs metadata
[  601.690470][T28791] ªªªªªª: renamed from vlan0 (while UP)
[  601.703198][T28761] loop7: detected capacity change from 0 to 512
[  601.842441][T28761] ext4 filesystem being mounted at /291/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  601.860343][T28805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.909685][T28805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.977821][T28813] loop5: detected capacity change from 0 to 1024
[  601.993324][T28813] EXT4-fs: Ignoring removed orlov option
[  601.999741][T28813] EXT4-fs: Ignoring removed nobh option
[  602.005388][T28813] EXT4-fs: Ignoring removed bh option
[  602.033401][T23448] hid-generic 0000:0000:0000.0086: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  602.047637][T28813] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8426: Allocating blocks 481-513 which overlap fs metadata
[  602.098720][T28819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8428'.
[  602.131726][T28825] random: crng reseeded on system resumption
[  602.148192][T28829] loop2: detected capacity change from 0 to 512
[  602.286474][T28832] loop7: detected capacity change from 0 to 1024
[  602.303462][T28832] EXT4-fs: Ignoring removed bh option
[  602.474126][T28832] EXT4-fs: inline encryption not supported
[  602.488324][T28832] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  602.570463][T28832] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  602.662641][T28832] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.8432: lblock 2 mapped to illegal pblock 2 (length 1)
[  602.756970][T28832] EXT4-fs (loop7): Remounting filesystem read-only
[  602.765202][ T4944] bridge_slave_1: left allmulticast mode
[  602.770862][ T4944] bridge_slave_1: left promiscuous mode
[  602.776673][ T4944] bridge0: port 2(bridge_slave_1) entered disabled state
[  602.784354][T28832] EXT4-fs (loop7): 1 orphan inode deleted
[  602.790415][T28843] loop3: detected capacity change from 0 to 2048
[  602.797089][ T4944] bridge_slave_0: left allmulticast mode
[  602.802951][ T4944] bridge_slave_0: left promiscuous mode
[  602.808776][ T4944] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.848524][T28843]  loop3: p2 p3 p7
[  602.907425][ T4944] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  602.932378][ T4944] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  602.942919][ T4944] bond0 (unregistering): Released all slaves
[  602.973458][ T4944] bond1 (unregistering): Released all slaves
[  603.072839][T23455] hid_parser_main: 180 callbacks suppressed
[  603.072862][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x1
[  603.086312][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.093741][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.101763][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.109166][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.116686][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.124200][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x4
[  603.131695][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.139094][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.146522][T23455] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0
[  603.155064][T28847] loop5: detected capacity change from 0 to 512
[  603.162022][T28847] EXT4-fs: Ignoring removed mblk_io_submit option
[  603.168599][T28847] EXT4-fs: Ignoring removed nomblk_io_submit option
[  603.175814][T28847] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  603.184287][T28847] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  603.193955][T23455] hid-generic 0000:0000:0000.0087: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  603.205103][ T4944] hsr_slave_0: left promiscuous mode
[  603.214400][ T4944] hsr_slave_1: left promiscuous mode
[  603.220102][ T4944] batman_adv: batadv0: Removing interface: batadv_slave_0
[  603.232041][ T4944] batman_adv: batadv0: Removing interface: batadv_slave_1
[  603.240948][ T4944] batman_adv: batadv0: Removing interface: dummy0
[  603.259954][T28847] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8438: Allocating blocks 41-42 which overlap fs metadata
[  603.297350][T28853] loop3: detected capacity change from 0 to 1024
[  603.305431][T28847] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.8438: Allocating blocks 41-42 which overlap fs metadata
[  603.333725][T28847] EXT4-fs error (device loop5): ext4_acquire_dquot:6943: comm syz.5.8438: Failed to acquire dquot type 1
[  603.345286][T28853] EXT4-fs: Ignoring removed orlov option
[  603.351014][T28853] EXT4-fs: Ignoring removed nobh option
[  603.356773][T28853] EXT4-fs: Ignoring removed bh option
[  603.366079][ T4944] team0 (unregistering): Port device team_slave_1 removed
[  603.378997][T28847] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  603.405258][T28847] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8438: corrupted inode contents
[  603.417470][ T4944] team0 (unregistering): Port device team_slave_0 removed
[  603.424959][T28847] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #12: comm syz.5.8438: mark_inode_dirty error
[  603.437408][T28853] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8440: Allocating blocks 481-513 which overlap fs metadata
[  603.473540][T28840] loop2: detected capacity change from 0 to 512
[  603.507719][T28847] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8438: corrupted inode contents
[  603.523947][T28847] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #12: comm syz.5.8438: mark_inode_dirty error
[  603.565013][T28860] random: crng reseeded on system resumption
[  603.576873][T28847] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8438: corrupted inode contents
[  603.601034][T28864] random: crng reseeded on system resumption
[  603.608615][T28847] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[  603.626446][T28840] ext4 filesystem being mounted at /579/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  603.676044][T28868] loop3: detected capacity change from 0 to 512
[  603.683620][T28847] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #12: comm syz.5.8438: corrupted inode contents
[  603.697536][T28867] loop7: detected capacity change from 0 to 1024
[  603.712244][T28867] EXT4-fs: Ignoring removed orlov option
[  603.718360][T28847] EXT4-fs error (device loop5): ext4_truncate:4666: inode #12: comm syz.5.8438: mark_inode_dirty error
[  603.751872][T28847] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[  603.795769][T28871] random: crng reseeded on system resumption
[  603.863786][T28876] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8445'.
[  603.878129][T28847] EXT4-fs (loop5): 1 truncate cleaned up
[  603.894561][T28879] loop3: detected capacity change from 0 to 512
[  603.901409][T28879] EXT4-fs: Ignoring removed mblk_io_submit option
[  603.908755][T28879] EXT4-fs: Ignoring removed nomblk_io_submit option
[  603.916718][T28879] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  603.925379][T28879] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  603.932394][T28881] loop8: detected capacity change from 0 to 1024
[  603.941167][T28881] EXT4-fs: Ignoring removed bh option
[  603.947109][T28881] EXT4-fs: inline encryption not supported
[  603.962593][T28881] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  603.973615][T28881] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  603.983516][T28881] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 2: comm syz.8.8449: lblock 2 mapped to illegal pblock 2 (length 1)
[  603.997997][T28881] EXT4-fs (loop8): Remounting filesystem read-only
[  604.004561][T28881] __quota_error: 51 callbacks suppressed
[  604.004574][T28881] Quota error (device loop8): qtree_write_dquot: dquota write failed
[  604.019449][T28881] Quota error (device loop8): v2_write_file_info: Can't write info structure
[  604.028423][T28881] EXT4-fs (loop8): 1 orphan inode deleted
[  604.055416][T28879] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8448: Allocating blocks 41-42 which overlap fs metadata
[  604.083000][T28877] Set syz1 is full, maxelem 65536 reached
[  604.125034][T28879] Quota error (device loop3): write_blk: dquota write failed
[  604.132538][T28879] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5
[  604.142768][T28879] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  604.152729][T28879] EXT4-fs error (device loop3): ext4_acquire_dquot:6943: comm syz.3.8448: Failed to acquire dquot type 1
[  604.165218][T28879] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  604.181339][T28879] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8448: corrupted inode contents
[  604.204630][T28879] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.8448: mark_inode_dirty error
[  604.223343][T28886] loop5: detected capacity change from 0 to 1024
[  604.241007][T28886] EXT4-fs: Ignoring removed orlov option
[  604.247013][T28879] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8448: corrupted inode contents
[  604.272342][T28879] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8448: mark_inode_dirty error
[  604.289625][T28879] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8448: corrupted inode contents
[  604.312143][T28879] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  604.326761][T28879] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8448: corrupted inode contents
[  604.366634][T28890] random: crng reseeded on system resumption
[  604.412900][T28894] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8450'.
[  604.431708][T28879] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.8448: mark_inode_dirty error
[  604.454253][T28879] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  604.481492][T28897] loop7: detected capacity change from 0 to 128
[  604.490180][T28879] EXT4-fs (loop3): 1 truncate cleaned up
[  604.503507][T28898] random: crng reseeded on system resumption
[  604.567276][   T29] audit: type=1326 audit(1759260824.982:21510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28903 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05e4beec9 code=0x7ffc0000
[  604.568539][T28904] ªªªªªª: renamed from vlan0
[  604.590520][   T29] audit: type=1326 audit(1759260824.982:21511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28903 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05e4beec9 code=0x7ffc0000
[  604.618143][   T29] audit: type=1326 audit(1759260824.982:21512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28903 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fb05e4beec9 code=0x7ffc0000
[  604.629961][T28906] loop2: detected capacity change from 0 to 1024
[  604.692337][T28906] EXT4-fs: Ignoring removed orlov option
[  604.704048][   T29] audit: type=1326 audit(1759260824.982:21513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28903 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05e4beec9 code=0x7ffc0000
[  604.727199][   T29] audit: type=1326 audit(1759260824.982:21514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28903 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb05e4beec9 code=0x7ffc0000
[  604.755502][T28915] team0 (unregistering): Port device team_slave_0 removed
[  604.779133][T28915] team0 (unregistering): Port device team_slave_1 removed
[  604.814638][T28916] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8458'.
[  605.048407][T28923] loop3: detected capacity change from 0 to 1024
[  605.088242][T28923] EXT4-fs: Ignoring removed orlov option
[  605.102205][T28923] EXT4-fs: Ignoring removed nobh option
[  605.107815][T28923] EXT4-fs: Ignoring removed bh option
[  605.135482][T28901] loop8: detected capacity change from 0 to 512
[  605.168161][T28923] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8462: Allocating blocks 481-513 which overlap fs metadata
[  605.347114][T28931] random: crng reseeded on system resumption
[  605.420966][T28921] loop2: detected capacity change from 0 to 512
[  605.461421][T28901] ext4 filesystem being mounted at /491/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  605.512507][T28921] ext4 filesystem being mounted at /584/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  605.597166][T28945] random: crng reseeded on system resumption
[  605.662470][T28950] loop3: detected capacity change from 0 to 2048
[  605.697994][T28952] loop8: detected capacity change from 0 to 1024
[  605.707433][T28952] EXT4-fs: Ignoring removed bh option
[  605.719144][T28952] EXT4-fs: inline encryption not supported
[  605.729165][T28952] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  605.744070][T28952] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000]
[  605.764018][T28957] random: crng reseeded on system resumption
[  605.772932][T28952] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 2: comm syz.8.8473: lblock 2 mapped to illegal pblock 2 (length 1)
[  605.788473][T28950]  loop3: p2 p3 p7
[  605.848974][T28952] EXT4-fs (loop8): Remounting filesystem read-only
[  605.870382][T28952] EXT4-fs (loop8): 1 orphan inode deleted
[  606.009974][T28970] loop7: detected capacity change from 0 to 512
[  606.043075][T28970] EXT4-fs: Ignoring removed mblk_io_submit option
[  606.060380][T28970] EXT4-fs: Ignoring removed nomblk_io_submit option
[  606.084737][T28970] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  606.093310][T28970] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  606.136022][T28970] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4183: comm syz.7.8481: Allocating blocks 41-42 which overlap fs metadata
[  606.211430][T28970] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4183: comm syz.7.8481: Allocating blocks 41-42 which overlap fs metadata
[  606.283646][T28970] EXT4-fs error (device loop7): ext4_acquire_dquot:6943: comm syz.7.8481: Failed to acquire dquot type 1
[  606.335224][T28970] EXT4-fs error (device loop7): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  606.371715][T28970] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8481: corrupted inode contents
[  606.383428][T28978] random: crng reseeded on system resumption
[  606.397226][T28970] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #12: comm syz.7.8481: mark_inode_dirty error
[  606.430618][T28970] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8481: corrupted inode contents
[  606.462021][T28970] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #12: comm syz.7.8481: mark_inode_dirty error
[  606.495269][T28970] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8481: corrupted inode contents
[  606.507495][T28970] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem
[  606.517269][T28970] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #12: comm syz.7.8481: corrupted inode contents
[  606.529557][T28970] EXT4-fs error (device loop7): ext4_truncate:4666: inode #12: comm syz.7.8481: mark_inode_dirty error
[  606.541940][T28970] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem
[  606.551307][T28970] EXT4-fs (loop7): 1 truncate cleaned up
[  606.562818][T28970] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  606.715803][T28966] loop3: detected capacity change from 0 to 512
[  606.792277][T28966] ext4 filesystem being mounted at /510/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  606.830212][T28991] loop8: detected capacity change from 0 to 2048
[  606.884152][T28993] loop3: detected capacity change from 0 to 2048
[  606.895037][T28991]  loop8: p2 p3 p7
[  606.908642][T28968] loop2: detected capacity change from 0 to 512
[  606.949987][T28993]  loop3: p2 p3 p7
[  606.977339][T28968] ext4 filesystem being mounted at /587/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  607.090937][T29011] loop8: detected capacity change from 0 to 512
[  607.138965][T29017] loop2: detected capacity change from 0 to 2048
[  607.151847][T29019] FAULT_INJECTION: forcing a failure.
[  607.151847][T29019] name failslab, interval 1, probability 0, space 0, times 0
[  607.164609][T29019] CPU: 1 UID: 0 PID: 29019 Comm: syz.8.8500 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  607.164696][T29019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  607.164713][T29019] Call Trace:
[  607.164723][T29019]  <TASK>
[  607.164793][T29019]  __dump_stack+0x1d/0x30
[  607.164822][T29019]  dump_stack_lvl+0xe8/0x140
[  607.164846][T29019]  dump_stack+0x15/0x1b
[  607.164869][T29019]  should_fail_ex+0x265/0x280
[  607.164909][T29019]  should_failslab+0x8c/0xb0
[  607.164965][T29019]  kmem_cache_alloc_node_noprof+0x57/0x320
[  607.165026][T29019]  ? __alloc_skb+0x101/0x320
[  607.165140][T29019]  __alloc_skb+0x101/0x320
[  607.165175][T29019]  netlink_alloc_large_skb+0xba/0xf0
[  607.165210][T29019]  netlink_sendmsg+0x3cf/0x6b0
[  607.165252][T29019]  ? __pfx_netlink_sendmsg+0x10/0x10
[  607.165371][T29019]  __sock_sendmsg+0x145/0x180
[  607.165400][T29019]  ____sys_sendmsg+0x31e/0x4e0
[  607.165504][T29019]  ___sys_sendmsg+0x17b/0x1d0
[  607.165564][T29019]  __x64_sys_sendmsg+0xd4/0x160
[  607.165611][T29019]  x64_sys_call+0x191e/0x2ff0
[  607.165693][T29019]  do_syscall_64+0xd2/0x200
[  607.165777][T29019]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  607.165812][T29019]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  607.165861][T29019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.165890][T29019] RIP: 0033:0x7f251449eec9
[  607.165911][T29019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  607.165937][T29019] RSP: 002b:00007f2512eff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  607.166014][T29019] RAX: ffffffffffffffda RBX: 00007f25146f5fa0 RCX: 00007f251449eec9
[  607.166029][T29019] RDX: 0000000000000840 RSI: 0000200000000200 RDI: 0000000000000003
[  607.166046][T29019] RBP: 00007f2512eff090 R08: 0000000000000000 R09: 0000000000000000
[  607.166063][T29019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  607.166080][T29019] R13: 00007f25146f6038 R14: 00007f25146f5fa0 R15: 00007ffd9d1a8428
[  607.166108][T29019]  </TASK>
[  607.389668][T29017]  loop2: p2 p3 p7
[  607.507461][T29026] netlink: 14 bytes leftover after parsing attributes in process `syz.8.8501'.
[  607.693918][T29015] loop3: detected capacity change from 0 to 512
[  607.854792][T29015] ext4 filesystem being mounted at /514/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  608.068358][T29022] loop8: detected capacity change from 0 to 2048
[  608.101353][T29022] EXT4-fs: dax option not supported
[  608.329271][T29049] loop2: detected capacity change from 0 to 512
[  608.553064][T29061] random: crng reseeded on system resumption
[  608.601504][T29058] loop3: detected capacity change from 0 to 512
[  608.608625][T29058] EXT4-fs: Ignoring removed mblk_io_submit option
[  608.619672][T29058] EXT4-fs: Ignoring removed nomblk_io_submit option
[  608.645317][T29058] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  608.653907][T29058] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  608.693773][ T4958] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  608.707831][T29058] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8514: Allocating blocks 41-42 which overlap fs metadata
[  608.739775][T29058] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.8514: Allocating blocks 41-42 which overlap fs metadata
[  608.745416][T29083] loop7: detected capacity change from 0 to 512
[  608.764786][ T4958] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  608.780116][T29084] loop5: detected capacity change from 0 to 1024
[  608.786722][T29058] EXT4-fs error (device loop3): ext4_acquire_dquot:6943: comm syz.3.8514: Failed to acquire dquot type 1
[  608.807946][T29084] EXT4-fs: Ignoring removed orlov option
[  608.813741][T29084] EXT4-fs: Ignoring removed nomblk_io_submit option
[  608.843276][T29058] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  608.865594][ T4958] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  608.883657][T29026] syz.8.8501 (29026) used greatest stack depth: 7288 bytes left
[  608.890480][T29058] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8514: corrupted inode contents
[  608.908246][T29058] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.8514: mark_inode_dirty error
[  608.936297][T29056] chnl_net:caif_netlink_parms(): no params data found
[  608.959376][ T4958] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  608.976545][T29058] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8514: corrupted inode contents
[  608.998535][T29058] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8514: mark_inode_dirty error
[  609.010294][T29096] random: crng reseeded on system resumption
[  609.016563][   T29] kauditd_printk_skb: 70 callbacks suppressed
[  609.016651][   T29] audit: type=1326 audit(1759260829.432:21575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29078 comm="syz.5.8519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  609.046574][   T29] audit: type=1326 audit(1759260829.432:21576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29078 comm="syz.5.8519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  609.070276][   T29] audit: type=1326 audit(1759260829.432:21577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29078 comm="syz.5.8519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  609.094546][   T29] audit: type=1326 audit(1759260829.442:21578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29078 comm="syz.5.8519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  609.118092][   T29] audit: type=1326 audit(1759260829.442:21579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29078 comm="syz.5.8519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  609.141773][   T29] audit: type=1326 audit(1759260829.442:21580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29078 comm="syz.5.8519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde436aeec9 code=0x7ffc0000
[  609.166185][T29058] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8514: corrupted inode contents
[  609.178766][T29058] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  609.188507][T29058] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.8514: corrupted inode contents
[  609.221522][T29058] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.8514: mark_inode_dirty error
[  609.245342][T29056] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.252620][T29056] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.260940][T29056] bridge_slave_0: entered allmulticast mode
[  609.267564][T29056] bridge_slave_0: entered promiscuous mode
[  609.278676][ T4958] bridge_slave_1: left allmulticast mode
[  609.284436][ T4958] bridge_slave_1: left promiscuous mode
[  609.290182][ T4958] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.299571][ T4958] bridge_slave_0: left allmulticast mode
[  609.305325][ T4958] bridge_slave_0: left promiscuous mode
[  609.311244][ T4958] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.320922][ T4958] vlan2: left promiscuous mode
[  609.325799][ T4958] bridge0: left promiscuous mode
[  609.330975][ T4958] bridge1: port 1(vlan2) entered disabled state
[  609.340204][T29058] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  609.368189][T29058] EXT4-fs (loop3): 1 truncate cleaned up
[  609.444059][ T4958] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  609.457660][ T4958] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  609.476785][ T4958] bond0 (unregistering): Released all slaves
[  609.485953][ T4958] bond1 (unregistering): Released all slaves
[  609.494435][T29056] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.501518][T29056] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.509054][T29056] bridge_slave_1: entered allmulticast mode
[  609.516795][T29056] bridge_slave_1: entered promiscuous mode
[  609.537074][ T4958] batman_adv: batadv0: Removing interface: batadv_slave_0
[  609.567613][ T4958] batman_adv: batadv0: Removing interface: batadv_slave_1
[  609.587034][ T4958] batman_adv: batadv0: Removing interface: dummy0
[  609.685057][ T4958] team0 (unregistering): Port device team_slave_1 removed
[  609.712678][ T4958] team0 (unregistering): Port device team_slave_0 removed
[  609.799396][T29128] ==================================================================
[  609.807556][T29128] BUG: KCSAN: data-race in memcpy_and_pad / release_task
[  609.814633][T29128] 
[  609.816989][T29128] write to 0xffff888102773648 of 8 bytes by task 25718 on cpu 1:
[  609.824725][T29128]  release_task+0x6f9/0xb60
[  609.829268][T29128]  wait_consider_task+0x114a/0x1660
[  609.834516][T29128]  __do_wait+0xfa/0x510
[  609.838698][T29128]  do_wait+0xb7/0x260
[  609.842718][T29128]  kernel_wait4+0x16b/0x1e0
[  609.847278][T29128]  __x64_sys_wait4+0x91/0x120
[  609.852003][T29128]  x64_sys_call+0x2a66/0x2ff0
[  609.856708][T29128]  do_syscall_64+0xd2/0x200
[  609.861237][T29128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.867162][T29128] 
[  609.869503][T29128] read to 0xffff888102773180 of 3264 bytes by task 29128 on cpu 0:
[  609.877410][T29128]  memcpy_and_pad+0x48/0x80
[  609.881949][T29128]  arch_dup_task_struct+0x2c/0x40
[  609.887001][T29128]  dup_task_struct+0x83/0x6a0
[  609.891698][T29128]  copy_process+0x399/0x2000
[  609.896402][T29128]  kernel_clone+0x16c/0x5c0
[  609.900940][T29128]  __se_sys_clone3+0x1c2/0x200
[  609.905731][T29128]  __x64_sys_clone3+0x31/0x40
[  609.910442][T29128]  x64_sys_call+0x1fc9/0x2ff0
[  609.915143][T29128]  do_syscall_64+0xd2/0x200
[  609.919660][T29128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.925564][T29128] 
[  609.927889][T29128] Reported by Kernel Concurrency Sanitizer on:
[  609.934476][T29128] CPU: 0 UID: 0 PID: 29128 Comm: syz.3.8537 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  609.944293][T29128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  609.954359][T29128] ==================================================================
[  609.977706][T29056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.998646][T29136] loop3: detected capacity change from 0 to 2048
[  610.005291][T29106] netlink: 32 bytes leftover after parsing attributes in process `syz.8.8527'.
[  610.015784][T29056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  610.061010][T29056] team0: Port device team_slave_0 added
[  610.073250][T29056] team0: Port device team_slave_1 added
[  610.100054][T29056] batman_adv: batadv0: Adding interface: batadv_slave_0
[  610.107081][T29056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.133207][T29056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  610.144598][T29056] batman_adv: batadv0: Adding interface: batadv_slave_1
[  610.151596][T29056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.177617][T29056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  610.194394][T29136]  loop3: p2 p3 p7
[  610.217047][T29056] hsr_slave_0: entered promiscuous mode
[  610.227099][T29056] hsr_slave_1: entered promiscuous mode
[  610.538974][T29056] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  610.549291][T29056] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  610.558625][T29056] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  610.568949][T29056] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  610.617168][T29056] 8021q: adding VLAN 0 to HW filter on device bond0
[  610.634813][T29056] 8021q: adding VLAN 0 to HW filter on device team0
[  610.645344][ T4985] bridge0: port 1(bridge_slave_0) entered blocking state
[  610.652630][ T4985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  610.674919][T29056] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  610.685380][T29056] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  610.700895][ T4985] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.708020][ T4985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  610.764701][T29056] 8021q: adding VLAN 0 to HW filter on device batadv0
[  610.830696][T29056] veth0_vlan: entered promiscuous mode
[  610.838710][T29056] veth1_vlan: entered promiscuous mode
[  610.855119][T29056] veth0_macvtap: entered promiscuous mode
[  610.862567][T29056] veth1_macvtap: entered promiscuous mode
[  610.874302][T29056] batman_adv: batadv0: Interface activated: batadv_slave_0
[  610.886239][T29056] batman_adv: batadv0: Interface activated: batadv_slave_1
[  610.897000][ T4985] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  610.906275][ T4985] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  610.915089][ T4985] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  610.925482][ T4985] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  610.943353][   T29] audit: type=1400 audit(1759260831.362:21581): avc:  denied  { mounton } for  pid=29056 comm="syz-executor" path="/root/syzkaller.fXEvU0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=88484 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1