last executing test programs:

6.214754778s ago: executing program 3 (id=825):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x4000, &(0x7f0000000300)={[{@resuid}, {@dioread_nolock}, {@noblock_validity}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
perf_event_open(0x0, 0x0, 0x200000000e, 0xffffffffffffffff, 0x8) (async, rerun: 32)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000040000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000850000005000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000021c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000300), 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f0000000080)=0x7, 0x12) (async)
syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000000340)='./file1\x00', 0x380cc52, &(0x7f0000000240)=ANY=[@ANYBLOB="757466382c6d61703d6f66662c696f636861727365743d56028a04bfc0d3a9930f738d6c6f716d6163726f6d616e69616e2c696f636861727365743d63703837342c6f76657272696465726f636b7065726d2c646d6f64653d3078303030303030303030303030303030332c6e6f726f636b2c6e6f726f636b2c73686f776173736f632c7362736563746f723d3078303030303030303030303030303030312c6f76657272696465726f636b7065726d2c6d61703d6e6f726d616c2c2c"], 0x3, 0x9e2, &(0x7f0000008d40)="$eJzs3U1vXNX9B/Dv9UNiDAoB8uefRkAmoQEDqbGdEhqxaWKPE1M/VLYjEVUVAZJUUaxSQSsBqkQqVV0VtYuqC7pj2RUSG9hU2bWvoItKFW8BsYq66FT3zji2scdjBz8RPh9rMvfhd8/5nbnX92SuZ+4J32SNRqN6tJlvdFh/8a87mi17zrmxzz/6+IPy8Zub2ZfuvJ9Pk74ktaQnyeGkd3RsdmaqQ0E3kstJbiVFkv1pPt/Rtc6ml1P8IQ8szd9K8Zey3srFr9E4Omrwrbbbxx8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxFxejY0NBwkcmJ6Yuv1NqrhgBvt3LZ4N6fVaN+F591rDcpykf6+haH+j58aGn1o+U/x/NYc+6xakDy9OW9+x89+NIjPV2L26+T8Gb8tzUY8qY3fPvd9268trBw9a0tSuSb5nx9emJuZmLq7Pl6bWJupnbm9Omh5y+Mz9XGJybrc5fm5utTtdHZ+tn5mdnawOgzteEzZ07V6oOXZi5Onx8bnKwvLnzxeyNDQ6drLw/+uH52dm5m+vmXB+dGL0xMTk5Mn69iytVlzIvlgfijifnafP3sVK127frC1VMrMlrjkCiDhju1pAwa6RCTkaGRkeHhkZHh0y+ceeHFoaGepQXdqRYMfcXqTe4ctOURvakXm73sw66NRm7tCRy+hq5W/5/JTGQ6F/NKamv+jGYss5nJVJv1LVX//+CXHetd3v8v9vKHl1YfSdX/P9Gce6Jd/98ml537eTvv5r3cyGtZyEKu5q0Va/ffRYmNxu63auM/51PPdCYyl5lMZCpnqyW11pJazuR0Tmcor+ZCxjOXWsYzkcnUM5dLmct86tURNZrZ1HM28z3ljq5lIKN5JrUM50zO5FRqqWcwlzKTi5nO+YzlbFXKtVyvXvdT6+R4J2h4I0Ej6wSt0/+3Fmyi/+dbaqtP4XDXGq3+f1/n0IHRnUgIAAAA2HLf+UcOHHr47/9OevN4dY0dAAAAuNdUH9d/rHzqLaceTzE+MVkf2u20AAAAgC1UVN+xK5L052hzavGbUC4CAAAAwD2i+vv/E+VTfzl1NIX3/wAAAHCv6XyP/Y4RxcnUcrNcVbvSjLzSimjd57d/fGKyPjg6M/nScJ6q7jJQfdNgVWndOZhUXz94NseaUcf6m8/9K0vsK6OGB18aTl+Otxoy8GT59OTAGpEjZeSzeboZ+fRiZF9WRZ4qIwHgXnd8nf54o/3/sznZjDh5pLp9e8+RNfrgIT0rAOwVa46x02g0Gs2lVf/fYRSe4vuLw/+0ef//cK4dbX6kYDBv5M0s5EpOVt82qD5x0Co1t4osldq/7GMIJztcDehfNsLLycXrAUcfWHU94PUVsSM5ueqKQLtyT233bgCAHXV8VT+8+v3/nf5/8X8Fq67/r3j/vz9H2vWjPlIIAHvBnRHst3Fit9sIAKx0V7109zYmBAAAAAAAAAAAAAAAAAAAAAAAAAAAAPeAnbj//9edKIpky0u+mWSvNNDEtk307cwR/tN923CI7u7Ebp+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AlF0r3W8q5kf9IzlOT5nc9q+9zc7QR2WXE7t/NODux2HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA95rW/f+70ny+v7koPV3JiSSXk/xkt3PcSrd3O4Fdtuz+/+U+T6NIT3O3p+gdHZudmSp3f/aX6z//6OMPysfd1FMWUNawYnCJVg3tt3qo2qp/7OrbN3755i9qY+eqJM/Nj0+OTZ2f/eFS4KPFJ0ktzceixXx/XbSO4pUt/6Rs6cbqHa/qHVtd7/+vtfWdek/87Y/t27ZkKY3rC1dHyprm66/M/+rn199ZFvRwjiVPDiQDK2v6WfloU9Ox9K5Xb/FF8bviQP6cy9X+L9MoGkW5ix6s2n/ftesLVwffeHPhSpucDuZokitJ38ZzOrp6Tyyqjrqu3rLWoSqo/OdQh/LWdX/3gUajWeLw2m2476HqkOnfVBtq7dtQ6fC6t9p4qs2r+kie2uSebjQa769b4aL/NJqac8UXxb+KC/lnfrts/I+ucv+fyEZ+O8uYKnLZkdK+zSeWWj6yfMWrX41s+1vJNvh9Xs8P7uz/rmXn/9a+2pnz0bIat+73InlqeY1FsxdqqaYPfaVHap192mXZyvNQM6pNnv+X51Zv1yHP5zqcUTbVzo0qvig+LAbyZW4a/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANj7iqR7reVdyYkkB5M8WM7XksZW1NfVX2xFMRu0b9WSmztY+15xX7k3W4rbuZ13cmBXEwIAAAAAAABgy5wb+/yjjz8oH9Xf47vz3eLTpK/5l/6eJAeLP/WOjs3OTHUoqDe5nORWOd23uRzK7fLA0vytcu7w5tsCAGzM/wIAAP//Bxd9gA==") (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000740)=ANY=[@ANYBLOB="050000000000000073113500000000008510000002000000850000007600000085100000feffffff9500a50500000000e85fb62a825f512aaca4386ad16975ef2a3a59b7ee9bc567f45d657157b478129d0cfb93eb3c865f461612299f66741d7f5b6d0ab0fab9201f4f219510c1bea40ef3805d9e73415760d0fdaa02d20cd1f0df9dd4bceff6ebc794b9be517477472176315cf759df85e6afc0e9bb1447ce4b742e67614412882a69f0aa16d138025e223374ac15be74ec11591890b17456b53eb0be45631c73dd4cbc2d945eafbfcff48e91596d8cb5de396a8c9546"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x6}, 0x94) (async, rerun: 64)
write$binfmt_elf64(r2, &(0x7f0000000580)=ANY=[], 0x78)
recvmmsg(r1, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/8, 0xc}}], 0x4b, 0x0, 0x0) (async, rerun: 64)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x2, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0, 0x3, 0x0, {0x2}}) (async, rerun: 64)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4})
ioctl$sock_netdev_private(r4, 0x89f2, &(0x7f0000000000)) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
socket$key(0xf, 0x3, 0x2) (async)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffdf000000002abd700004350000020001002000000080000000480003006465666c617465"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) (async, rerun: 64)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000018"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x18) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r8, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @broadcast}, 0x10) (async)
listen(r8, 0x1) (async)
r9 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_register(r9, &(0x7f0000000440)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x0, 0x3a, 'usrjquota=', 0x3a, '', 0x3a, './file2', 0x3a, [0x46]}, 0x32)

5.854428615s ago: executing program 3 (id=827):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xf, 0xb, &(0x7f0000000240)=ANY=[@ANYRESDEC], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x4525, 0x1000, 0x1, 0x12d}, &(0x7f0000000440)=<r3=>0x0, &(0x7f0000000640)=<r4=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000008000000000000000002a20702500000000002028207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70083850000002d00"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_MSG_RING={0x28, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r2, 0x22d0, 0x20, 0x0, 0x0, 0x0)

5.774113477s ago: executing program 3 (id=831):
r0 = socket(0x2, 0x80805, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f00000000c0)={r0}) (async, rerun: 32)
sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000140)="437a1b26e8f7c9ac776823e3c86a082b8d08fc31e8b18d26ec16f0a62cba3459a2730233c66198086faa92125ec1e8aec674e4c7d8087b631f5a844938aaa0fc917c121f6d4e43d50657a057f818e406f91e75dd5c6545", 0x57}], 0x1}, 0x20000000}, {{&(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10, &(0x7f0000000580)=[{&(0x7f00000001c0)="4e2e07b63cd22d26b6202e27b0836ca7c247e7e0d9badc1bd1940f6fb51a2da56d9dad23b8d175f8a93ffbe004c5635b4b676d553b9cbf4dd16de66b3b0e3063abb7a42f502f59c7b52955650433b164aeb345fbaf1d29fe3e57c3c6737e4e1306e04bff132bdcb18cebc908410457e273eabc05b10782084ba78de4855c070af9928dfc", 0x84}, {&(0x7f0000000280)="be9f7c2b0adb529e04b547cb5a487c727371d1685d6464fa3aaf41da3fa5fe8715a8e5973d890422039f9cac6089ca56085db73d3833f4f812c2e27f29d6d1f86579f14fc701041652f1ae519b6685808e13e5019af38238343cd399fd0cbdc86836425697eb1a6415cabefc8ae88fddbb3dcbde98a87e0e7d933d7f9164864ed631922d973e3bf29db264f6d91aa7a7e34722d9f90bae2a4609c57e0037ec8d65cdf99c861a0f6f66cefcd54f8fd18ce2b7a4d9933741fb3cbbb5bdeb416edbe1c754b73151", 0xc6}, {&(0x7f0000000380)="2aa6a3e77e9d9dd01582e8e5ee8cffe829b966530933759424305250de81b566ed8c991962cfe231429d76c2c258f97b9b451ccbcdebc0a85375f263f4cb440b2f191e3cabbc9c58aa9b80b71db454ff975d42a0b9cabd9842fc04fa25ea8e9238f62b379540854ea8", 0x69}, {&(0x7f0000000400)="28eef3f2490e9e462c36dab67030d9a37cae101ffbb9ab2ba03ef5db2ee3f97a5441f09f7ea33c77887c753dbacd1a5a3d66856cfb9e6ba26cb64fdac6f72b055e60ff2b5c6d4f799c07fc2cff12d13539ff77266199379e0741e3b41c6d6b6a352e1f8412c004ec6e53f180ecc285f8548ff862f1b0d817eb302c51f33729da1dba2d7f16c53d0d804d34250b2242e39b7f5c7059f2c0892a909d00f1aee6b8ca9a", 0xa2}, {&(0x7f00000004c0)="315cdfbaabc353f143aa98685a33c130119a3f0ee64f472833a0076b0c2622049bb051ead8c78c703d7d7b8825b345e2089b57688d3891163ae02e72252fefc3d3496f6c04835281ff0085ebce1803b3dc59f2bee3c8fcef05c2787873fe957384f63e6271f2123a72e4d8a680d067dd05134f4eaf3e255dfd145f0083b809b188b5b84f67fc945859eed5cdf345a6e749fe84f4faf0e6", 0x97}, {&(0x7f0000000040)="7fbf38a035aed5dd11a1f3cbf8c05e35b40980639fc709ced843f30f5ae33c4b042a31123909e1c20d6f", 0x2a}], 0x6}}], 0x2, 0x4000000) (rerun: 32)

5.713733688s ago: executing program 3 (id=833):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb500a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x20000000000000b8, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0xffffffffffff8001}, 0x18)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbb6, &(0x7f0000002a00)="$eJzs3M1rXOUaAPDnnHx/3Ca9XO69LYIBqYriNG1Kha5a16KCLlw2JpMSMv0wiWBCF2ndqwsRFwXpnyC4txtXgou60PoXFLFI0U3bxcg5M5OOSSaJ6cwck/5+8Oa873lP53meOU3Oe2DOBPDUmsh+pBFHIuJ8EjFW359GRH/eG4xYqx338P7VmawlUa2+/VsSSUQ8uH91pvFaSX07Uh8MRsTt15L490eb4y6trC5MVyrlxfr4+PLFK8eXVlZfmb84faF8oXzp1NSrp6ZOT021sda7V9774pkf3nj++s2PJ9/8/NB3SZyN0fpccx3tMhET6+9Js96ImG53sIL01OtJNuzbQbLV+wIAQOelTWu4/8ZY9OS9mrH49sdCkwMAAADaotoTUQUAAAAOuMT9PwAAABxwjc8BPLh/dabRiv1EQnfdOxcR47X6G88312Z6Yy3fDkZfRAz/njQ9GVF73nW8DfEnskhff1/OWnToOeTtrF2LiP9vdf6TvP7x/CnuzfWnETHZhvgTG8b7qf6zbYhfdP0APJ1unatdyDZf/9L19U9scf3r3eLatRdFX/8a67+Hm9Z/j+vvabH+e2uXMY4+eul2q7nm9d+7n/w8m8XPtk9U1N9w71rE0d6t6k/W609a1H9+lzFGZu7eaDWX1Z/V22jdrr96M+JYvprbUH/TF9Qk230/0fG5+Up5svZzi9dfOb19/Obzn7UsfuNeoBuy8z8cezv/V3YZY/x/vx5pNbdz/ekv/ck7ea9aPycfTi8vL56I6E9ez8f90bT/5Pa5NI5pvEZW/4vPbf/7v1X92d+Etfr7kP3vuVbfZuPrG2KOHDv51d7r76ys/tk9nv9Pdxnjy29uvN9qruj6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgf0ogYjSQtrffTtFSKGImI/8RwWrm8tPzy3OUPLs1mcxHj0ZfOzVfKkxExVhsn2fhE3n88PrlhPBURhyPis7GhfFyauVyZLbp4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1o1ExGgkaSki0oj4YyxNS6WiswIAAADabrzoBAAAAICOc/8PAAAAB9+m+//ev4wGu5kLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9LhZ2/dSSJi7cxQ3jL99bm+QjMDOi3d3WHDnc4D6L6eohMACtPb1K9Wq9UCUwG6zD0+kOwwP9hyZqDtuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwz/XCkVt3kohYOzOUt0x/fa6v0MyATkuLTgAoTM92k8mOO4B9rLfoBIDCuMcHaiv7R9WazfODLf/lwBNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GM1bkpYibqZ5P01LpYh/RcR49CVz85XyZEQcioifxvoGsvGJopMGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7ZZWVhemK5Xyoo6OThs7Q9G1WEP1X+YWxwy0ntqmU/AfJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACrG0srowXamUF5eKzgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo2tLK6sJ0pVJe7GCn6BoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjOnwEAAP//usELTQ==")
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r4=>r3, {0x4}}, './file0/../file0/file0\x00'})
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000d40)=@bpf_tracing={0x1a, 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="4057fcffffffff27ff"], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, 0x1c, r0, 0x8, &(0x7f0000000880)={0x2, 0x4}, 0x8, 0x10, &(0x7f00000008c0)={0x0, 0xd, 0xf3, 0x4}, 0x10, 0x184a4, 0xffffffffffffffff, 0x3, &(0x7f0000000900)=[r0, r1, r1, r0], &(0x7f0000000940)=[{0x0, 0x3, 0x7, 0x5}, {0x5, 0x1, 0x1}, {0x2, 0x2, 0xd, 0x4}], 0x10, 0x7}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_ext={0x1c, 0x12, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000005000000000000003caf9c1818110000", @ANYRES32=r0, @ANYBLOB="00000000001a0000b7020000000010a6784a7fbd3ee47a6e08000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000a525fcfffcffffff75120000fcffffff9500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x80, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000580)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0x3, 0x2, 0x7}, 0x10, 0x59eb, r5, 0x6, &(0x7f0000000980)=[r0, r0], &(0x7f0000000c00)=[{0x2, 0x1, 0x8, 0x6}, {0x0, 0x5, 0x9, 0x6}, {0x4, 0x1, 0x5, 0xc}, {0x4, 0x2, 0x1, 0x7}, {0x0, 0x2, 0xb, 0x8}, {0x3, 0x3, 0xf, 0x8}], 0x10, 0x4}, 0x94)
r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
sendto(r0, &(0x7f0000000340)="486d754ac5786384f6f78145a210d32d74048a24cfd08e53cf93150af096a1a75a80efc199a0091c049e8f81654f2c37598d6b7b402742998325aa77ee306d249e98541d74a3a3130f0316684d18c01d5a419891ae23a518bf49dea2f561c331216c60b2dbf617e18aba0aac79fc6bcf8441d3e343c3d1428177a7b9320a08d34173d859859bdeee04cddc13c9fbf2695e374ef99620f2919970218be072dcb07021dc75b8f16e525341af41304b9336a774b6e3e5110b574c3590c11cbac81c37026102d6c34e47d5bcfdf00cef0de07610efa316bc292453eda1ff93d8071f28", 0xe1, 0x4008050, &(0x7f0000000140)=@sco={0x1f, @none}, 0x80)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
perf_event_open(&(0x7f00000014c0)={0x0, 0x80, 0x0, 0xff, 0xff, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4590, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r7 = perf_event_open(&(0x7f00000014c0)={0x5, 0x80, 0x0, 0xff, 0xff, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x4}, 0x1590, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x8a, 0x3, 0x0, 0x3, 0x0, 0x10000000000, 0x8808, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_bp={0x0, 0x6}, 0x4108, 0x3, 0x0, 0x6, 0x7, 0xffffffff, 0x802, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x19)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_REFRESH(r7, 0x2402, 0x5)
close(r9)
recvmsg$unix(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96')
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00')
lseek(r6, 0x5, 0x4)

4.981174822s ago: executing program 3 (id=841):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@loopback, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8)
ioctl$TCSETS2(r1, 0x402c542b, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000440)='mm_page_free\x00', r0, 0x0, 0x1000}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x1000000, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)
r10 = open(&(0x7f0000000400)='./file0\x00', 0x64842, 0x0)
pwritev2(r10, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x88)
r12 = dup(r11)
sendfile(r12, r10, 0x0, 0x8000fffffffc)

4.806737496s ago: executing program 3 (id=842):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000480)={'tunl0\x00', &(0x7f0000000400)={'erspan0\x00', r3, 0x40, 0x20, 0x1ff, 0x7, {{0x8, 0x4, 0x1, 0x1, 0x20, 0x68, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @local, {[@timestamp_prespec={0x44, 0x4, 0x87, 0x3, 0x5}, @noop, @ra={0x94, 0x4}]}}}}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @local, 0x40000002}, 0x1c)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @remote}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "e2fa08", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$inet6(0xa, 0x80001, 0x10400000)
poll(&(0x7f00000000c0)=[{r4, 0x20d8}, {r4, 0xe1}], 0x2, 0x8)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xc0}, @remote, @remote, 0x3, 0x2, 0x5, 0x0, 0xb7, 0x0, r7})
syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0)

4.806406096s ago: executing program 32 (id=842):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000480)={'tunl0\x00', &(0x7f0000000400)={'erspan0\x00', r3, 0x40, 0x20, 0x1ff, 0x7, {{0x8, 0x4, 0x1, 0x1, 0x20, 0x68, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @local, {[@timestamp_prespec={0x44, 0x4, 0x87, 0x3, 0x5}, @noop, @ra={0x94, 0x4}]}}}}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @local, 0x40000002}, 0x1c)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @remote}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "e2fa08", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$inet6(0xa, 0x80001, 0x10400000)
poll(&(0x7f00000000c0)=[{r4, 0x20d8}, {r4, 0xe1}], 0x2, 0x8)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xc0}, @remote, @remote, 0x3, 0x2, 0x5, 0x0, 0xb7, 0x0, r7})
syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0)

2.130132568s ago: executing program 5 (id=843):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x400, 0xc1, &(0x7f0000000240)={0x0, 0x0, 0xfffa, 0x7fd, 0x9}, 0x8, 0x6, 0x7f, 0x0, 0x1, 0x100, 0x0})

2.076576459s ago: executing program 5 (id=878):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_switch\x00', r4}, 0xe)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxFRiIi7ETGdXc9lR3zWPpL7nu09XNrfe7iUi1br9r9yaXtyLTr+TOJK9prFiPjR9yJ+mns5bmN7Z22xWq1sZvXZZm1jtrG9c2O1trhSWamsl8sL8wtzn9z8uHxmY32vNpaVvvr0j7vf+nnSransSuc4zlJ76IXDOInRiPjBeQQbgJFsPGOD7givJR8Rb0fE++nzPx0j6VcTALjMWq3paE131gGAyy6f5sBy+VKWC5iKfL5Uaufw3onJfLXeaF6/V99aX27nymaikL+3Wq3MZbnCmSjkkvp8Wn5eLx+p34yItyLil+MTab20VK8uD/I/PgAwxK4cWf//O95e/wGAS6446A4AAH1n/QeA4WP9B4DhY/0HgOHTXv8nBt0NAKCPvP8HgOFj/QeAofLDW7eSo7Wfff718v3trbX6/RvLlcZaqba1VFqqb26UVur1lfQze2rHvV61Xt+Y/yi2Hsx8e6PRnG1s79yp1bfWm3fSz/W+Uymkd+32YWQAQC9vvffkL7lkRf50Ij2iYy+HwkB7Bpy3/KA7AAzMyKA7AAyM3b5geJ3iPb70AFwSXbbofUGx2y8ItVqt1vl1CThn174k/w/DqiP/76eAYcjI/8Pwkv+H4dVq5U6653+c9EYA4GKT4wd6fP//7ez8u+ybAz9ZPnrH4/PsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxsB/v/lrK9wKciny+VIt6IiJko5O6tVitzEfFmRPx5vDCe1OcH3GcA4LTyf89l+39dm/5w6oWmd68cFsci4me/vv2rB4vN5uafIsZy/x4/uN58nF0v97/3AMDxDtbp9NzxRv7Z3sOlg6Of/fnHdyOi2I6/vzcW+4fxR2M0PRejEBGT/8ll9bZcR+7iNHYfRcQXu40/F1NpDqS98+nR+EnsN/oaP/9C/Hza1j4nfxdfOIO+wLB5ksw/n3V7/vJxNT13f/6L6Qx1etn8l7zU0n46Bz6PfzD/jfSY/66eNMZHf/h+uzTxctujiC+PRhzE3u+Yfw7i53rE//CE8f/6lXff79XW+k3EtegevzPWbLO2MdvY3rmxWltcqaxU1svlhfmFuU9uflyeTXPUs71Xg39+ev3NXm3J+Cd7xC8eM/6vn3D8v/3/3R9/7RXxv/lBt/j5eOcV8ZM18RsnjL84+ftir7Yk/nKP8R/39b9+wvhP/7bz0rbhAMDgNLZ31har1cqmgsLFLyT/ZC9AN7oWvtOvWGPRvekXH7Sf6SNNrdZrxeo1Y5xF1g24CA4f+oj436A7AwAAAAAAAAAAAAAAdNWP31ga9BgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4vD4PAAD//2M9zyI=")

1.849949603s ago: executing program 2 (id=883):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xf, 0xb, &(0x7f0000000240)=ANY=[@ANYRESDEC], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x4525, 0x1000, 0x1, 0x12d}, &(0x7f0000000440)=<r3=>0x0, &(0x7f0000000640)=<r4=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000008000000000000000002a20702500000000002028207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70083850000002d00"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8200}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_MSG_RING={0x28, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r2, 0x22d0, 0x20, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x21, 0x0)
write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
r7 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x1b0, 0x17fc, 0x8, 0x0, 0x0)

1.51455601s ago: executing program 4 (id=887):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
readv(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
syz_read_part_table(0x60e, &(0x7f00000007c0)="$eJzs3D9olGccB/DvJbk7o9A4OLnUOHQSiuLoDVWSq2IhnJZCcLD/EGmmCIGTHqbo0GaImEE6dpHCdYhxUjM4KQqdizi0CBlcCnaR2iFX7u4luUAplkZK8fMZ7ve8Lz+e7/uDZ30u/K8NpVysOtVeefeTv+3vjG2u5/Nhe2LyeKfT6ZxOSjmTcsbLb60kGcnWXbM/SWVgnxvf7Vz95rf3y+0np168c/b+wtDGntXsTrJrsDmjf/Up1X82Ka/Dcu3BWC3JYveh3lpb/yi5+XyicefkwtLKifKxz7rvLyUPi/7+wRjNhTRzMV/k45FXjvpqc1nakj9/Zba+2Kydf1xvrX3bfnpwfW99+Pa5Iy/3rV69dyiZ60ZMpXfYN1X+5eAD+ZcH8ufGr00vtY4euLXn+uHm3UeNZ8O/d/qKyPL25AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Hosd3+uzNYXm7Xzj+utta9/+vGDm88nGndOLiytnKgc+7noe1jUkaJeSDMXU04yk5l8ntlXj5wuDebXHoxd3sj/Y2fy9OD63nr79rkjLydXr9471OsqZapbhrZj4q2WR9LLz+7+89z4teml1tEDt/ZcP9y8+6jxbLj/fqaaT3vjJqlu/2cAAAAAAAAAAAAAAAAAAADwhpuYPL5v6r3G6aSUMzuS/Ppl75Z9pzr6Q3o37/v2F7VS1Bs7+v8F0H5y6kXl7P2FX4pL8fOpZj7Jru+7nW9v5FzaGlve3Jn/0p8BAAD//83YiVM=")
r1 = openat(0xffffffffffffff9c, 0x0, 0x145402, 0x1d2)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x100000}], 0x1)

1.489328801s ago: executing program 2 (id=888):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x8, 0x0, 0xa, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x3ff, 0x100000001}, 0x46d8, 0x10000, 0x0, 0x1, 0x8, 0x2000a, 0xb, 0x0, 0x0, 0x0, 0x8000000000000002}, 0xffffffffffffffff, 0xffffffdffbffffff, 0xffffffffffffffff, 0x2)
r1 = epoll_create1(0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = gettid()
r4 = syz_open_procfs(r3, &(0x7f0000000000)='smaps_rollup\x00')
exit(0x100000001)
readv(r4, &(0x7f0000000080)=[{&(0x7f0000000100)=""/96, 0x60}, {&(0x7f0000000180)=""/122, 0x7a}], 0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0x10000014})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r0)
r7 = io_uring_setup(0x4956, &(0x7f0000000000)={0x0, 0xb00d, 0x0, 0x2, 0x82})
syz_io_uring_setup(0x24ed, &(0x7f0000000080)={0x0, 0xb81, 0x2000, 0x3, 0x2bf, 0x0, r7}, &(0x7f0000000100), &(0x7f00000001c0))
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)

1.354759433s ago: executing program 1 (id=891):
unshare(0x2c020400)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x101042, 0x1b6)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000100)=[0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0xe9, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x1e, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r3, &(0x7f00000014c0)=[{&(0x7f0000000340)=""/191, 0xfffffd90}], 0x1, 0x182, 0x0)
connect$x25(r2, &(0x7f0000000a80)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1, 0x2}}, 0x12)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r1, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, r0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)

1.339003334s ago: executing program 0 (id=892):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

1.286695654s ago: executing program 4 (id=893):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES32], 0x50)
pipe(&(0x7f0000000440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet6(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r1}, './file0\x00'})
perf_event_open(&(0x7f0000000040)={0x9, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x6}, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet6(r3, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca", 0x15, 0x0, 0x0, 0x0)
recvfrom$inet6(r3, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r4}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x6}}]}, 0x1, 0x50f, &(0x7f0000000680)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=")
r5 = syz_io_uring_setup(0x71fc, &(0x7f0000010400)={0x0, 0x82e1, 0x1, 0x6}, &(0x7f0000010080), &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x14, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x803, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
set_robust_list(&(0x7f0000000640)={0x0, 0x6}, 0x18)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000200)={'sit0\x00', &(0x7f00000001c0)={'sit0\x00', <r7=>0x0, 0x1, 0x40, 0xf, 0x3, {{0x8, 0x4, 0x0, 0x9, 0x20, 0x65, 0x0, 0x7f, 0x2f, 0x0, @remote, @loopback, {[@end, @timestamp={0x44, 0x8, 0x66, 0x0, 0x2, [0x800]}, @noop]}}}}})
sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@dellink={0x3c, 0x11, 0x1, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r7, 0x44034, 0x50020}, [@IFLA_IFNAME={0x14, 0x3, 'gretap0\x00'}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x13}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4040015)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x200000000622c, 0x0)

1.286121215s ago: executing program 1 (id=894):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r3}, 0x18)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r1, 0x0, r5, 0x0, 0x39000, 0x0)
r6 = memfd_create(&(0x7f0000000080), 0x2)
splice(r4, 0x0, r6, 0x0, 0x408cd, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[], 0xfffffe3e)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xa, [@fwd={0x9}]}, {0x0, [0x2e, 0x0, 0x61, 0x2e, 0x0, 0x5f, 0x2e, 0x0]}}, &(0x7f00000001c0)=""/122, 0x2e, 0x7a, 0x1, 0x5, 0x10000}, 0x28)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000706300000000b70500000800000085000000b600000095a13c0d9733a0c66e66be8d83bc3e1346cb656e63d1cb6aa5816079d26c38ef9e96237fb622566353e19708a1da43887f73e89239efc97ca123606691c266f9490d58aba97d8457edda7dc5a594f38d0052f9ea0cc50acd0e6f6be1ac4faafa831510ba5aa02d3b4bc571aca0795bd401b58a384f0d423023523b0219ce66edaeaf594c22c0793eb8732e"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r8}, 0x10)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r9, 0x408c5333, &(0x7f0000000580)={0x0, 0xffffffff, 0x0, 'queue0\x00'})

1.280686555s ago: executing program 0 (id=895):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)
listen(r0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
unshare(0x22020400)
r3 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r3, 0x0, 0xddf10dc49eef0958)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8401)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x3, 0xffffffffffffffff})

1.245891785s ago: executing program 0 (id=896):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb6", 0x22f}], 0x1}}], 0x1, 0x0)
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f400002000004000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ac1414aa0000000000000000000000000600000005"], 0xfc}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f00000002c0)=@l2tp6={0xa, 0x1100, 0x0, @dev}, 0x80, 0x0}, 0x20000810)

1.084923149s ago: executing program 0 (id=897):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x2, 0x2, 0x4}, 0x50)
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000040))

952.380991ms ago: executing program 5 (id=898):
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], 0x1, 0x7b7, &(0x7f00000002c0)="$eJzs3U1sHGf5APBnXbvJ35Wiqv8qjaI0naRFSqXUXa9bF6uHsl2PnWnXu6vdNXKEUBs1TmXFaauWCuoDJZcWEAhx4li49sYNhAQSB+CERA9cuFXqCRUEEgIhJKOZ3XUce/3R1Pmg/f2s+B3PPPO+z7vezLNje2YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIhSbbZcnixFPWssLiXbjEREcn8/dmH79g2D/n51XbPLuBGl/F8cPhzHequO3X9t89H80+k40fvqRBzOm8Oxds/Re5/+/9GRwf67JHSjTu0zrhTxrTypyxdWV5dfvwmJ3ELf/cVuW0eHrfzXev55Pm1knWa2UJ1Pk6zTTGamp8uPn5vrJHNZPe2c73TThaTWTqvdZjs5U3s0mZyZmUrSifPNxcb8bLWeDlY+9VilXJ5OnptopdV2p9l4/LmJTu1cVq9njfkiplL+euQxTyW12fbzWTfpptWFJLm0sro8tdfs8qDJXbafeOTej9788O8ry/kTcqegUv+JWZmcrFQmp5+cefKpcnm0Uq5cv6K8RWxExEhEHnFTnrTcOYpD5m4O5sANB2CkX/+jHlk0YjGWIhnyMRa1mI12NGMh//qPY9si+gb1/wuP/+X3u427uf4Pqvyxa5uPR1H/T/a+OrlT/R+a60F+jPTz2Wn7G/FWrMXluBCrsRrL8fpNz+hTfowcbH/zkUYjsuhEM7JYiGqxJumvSWImpmM6yvFCnIu56EQSc5FFPdLoxPnoRDfS4hlVi3akUY1uNKMdSZyJWjwaSUzGTMzEVCSRxkScj2YsRiPmYzaqRS+XYqV43Ke25HX0my/+/OU/fPRevrwRNLnLREr5i7k86G+7BG0r9/uv/+vRj1D/P+8O+AgON259UP8BAACAz6xS8dP3/Px/LB4sluayevqV250WAAAAcICK3/yfyJuxfOnBKOXn/+UhkR/c8twAAACAg1EqrrErRcR4PNRbGlwuNeyHAAAAAMD/oOL3/yfzZjzi7WKF838AAAD4jPn2TvfY/3Bwj91O61Dpl3+NdnusdLW19EjpSjWPq165q7dfv/nyRo/dueOlw9HrpOhrenTtnlJEjNbSE6XB3S//c6jXflx8Pj66sftO9/ovbUlgY4+7tk4pT+DI2pYEjhYDfy9O9WJOXey1F/tx/TsSj89l9XSi1qw/XdwSMf/XffOVlW9EMf3vNBaOlOLSyuryxEuvrl4scrma93L1Sv8Gitvuozg8l2LE9f4jEA8On/FYcSFGf9zx3rjlzd+A/r2JR3Yfs7R5zHfidC/m9HivHb9+/ofzMScnnp6MavXISDdd6r65vmn2/SwmP+XM34mHezEPn3m41wzJonJdFq9sz6KyOYv9PRZ7ZjHWf2K9d+rtpX/8pllKp/bKYmpLFoc/YRYAt8ul4q4/16rQ/xVV6N/rPXn9v1Z3k15AX/8o98BGV/lRblAGthzlLsXGlsH+m2rdaGyr7ltfXsSWUXY4op/pxZzpvZ4YPT6krpSHHNFfW3ntt/0j+hPv/+jHXz35u5/eeHV7Px7txfSbuO/XO9TYfM7fbyyMDzpdeqa/8JMdx+3UK6UYi7jra1dei6NvvLX22MqVCy8vv7z8SqUyNV1+olx+shJjxUuFfqP2ADDE3u+xs2dE6Yk9zqrv2/iTgol4KV6N1bgYZ4urDSLioeG9jm/6M4SzcTqKk+UdzlrHN73Dy9k9zi2vxVa2xw5eV2yLndr0iD3ww6L55038pgDATXZ6jzq8n/p/do/z7utr+Zaz49i5lg/zxZv6aADA50Pa/rg03n231G5nrRcmZ2Ymq91zadJu1p5P2tnsfJpkjW7arp2rNubTpNVudpu1wQ+OZ9NO0llstZrtbjLXbCetZidbKt75Pem/9XsnXag2ulmt06qn1U6a1JqNbrXWTWazTi1p3f1sPeucS9vFzp1WWsvmslq1mzUbSae52K6lE0nSSdOktTgIzGbTRjeby/LFRtJqZwvV9tWIqC8upMls2qm1s1a32etwMFbWmGu2F4puJ7ZP/8+3+vEGgDvBG2+tXb6wurr8+idcGI1i4U/7Cb7dcwQArqdKAwAAAAAAAAAAAADAnW/75Xr52hu5InDtUHzyvQ7FDV19aGEfC/k38g5I4/YuvPjMM5d3inn27WPn9tfP8P8pwy51ffdIxN0/+0FvzZdu1Uw/iIgb2H29tEvM7T4yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2/w0AAP//naJXlA==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000906397008000b70200000000000085000000860000009500000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000100)={'macvtap0\x00', @random="b40007350060"})
r3 = io_uring_setup(0x3eaf, &(0x7f0000000100)={0x0, 0x98a2, 0x10, 0x0, 0x3cc})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x3, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x240, 0xffff, 0x0, 0x1, 0x8, 0x4, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000080)=0x454a, 0x4)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x22, &(0x7f0000000340)=[{&(0x7f0000000480)=""/233}], 0x1)
r6 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000540)={'team0\x00', &(0x7f0000000240)=@ethtool_per_queue_op={0x4b, 0x29, [0x8, 0x1, 0x2, 0xc, 0x9, 0xf94, 0xf1, 0x70b, 0xc698, 0x80000001, 0x1, 0x6, 0x1, 0x5, 0x7f, 0x10000002, 0x80000000, 0x2, 0x2, 0x0, 0x0, 0x8, 0x7, 0x2, 0x6, 0x1675, 0x1, 0xff, 0x4, 0x200, 0x2, 0x4107a2b1, 0x4, 0x6, 0x2, 0x1, 0x80000001, 0xc0000, 0x9c, 0x6, 0x2, 0x7, 0x3, 0xfffffffc, 0x200, 0x5, 0x4, 0x5, 0x0, 0x0, 0xfffffffd, 0x7, 0x8, 0x3, 0x3, 0x7, 0x4, 0x5, 0xa0000000, 0x0, 0x9733, 0x6, 0x80000001, 0x8, 0x9fd8, 0x7, 0x9, 0x8, 0x8, 0x4, 0x101, 0x7, 0x6e, 0x0, 0x6, 0x8, 0x3, 0x7, 0x165, 0x9, 0x6, 0x4, 0x9, 0x8, 0x40, 0x6, 0x5, 0x7, 0x0, 0x3, 0xffffffff, 0x2, 0x1, 0xa, 0x2, 0x471, 0x4, 0x4, 0x7, 0x3, 0x6, 0x1000, 0x3, 0x1d, 0xb, 0x8, 0x7, 0x4, 0xffff, 0x6, 0x1, 0xf202, 0x8, 0x5, 0xfd, 0x0, 0x2, 0x2, 0x0, 0x7, 0x5, 0x8000, 0x1, 0xa, 0xffff, 0xa1, 0x6, 0x9]}})
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000000)=0x659f, 0x4)
write$binfmt_script(r6, &(0x7f00000000c0), 0x28)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0x77})

933.160262ms ago: executing program 0 (id=899):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000440002000200000061bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf00000000000000006409f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000640)='memory.events.local\x00', 0x275a, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x400c9}, 0x8004)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
write$nci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8=r11], 0x4)

586.751498ms ago: executing program 2 (id=900):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340), <r1=>0x0, 0x32, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x12, 0x11, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@map_idx={0x18, 0x2, 0x5, 0x0, 0xa}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x5b, &(0x7f0000000580)=""/91, 0x40f00, 0x64, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x5, 0xb, 0x9, 0x7}, 0x10, r1, 0xffffffffffffffff, 0x4, &(0x7f00000006c0)=[r2], &(0x7f0000000700)=[{0x0, 0x4, 0xb}, {0x1, 0x4, 0x3, 0xb}, {0x5, 0x4, 0x6, 0x4}, {0x0, 0x2, 0x8, 0x9}], 0x10, 0xec}, 0x94)
r3 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000080)={0xfe4, 0x4, 0x11, 0xafb}, 0x8)
timer_create(0x0, 0x0, &(0x7f0000001240))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000600)='kfree\x00', r4}, 0x18)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x2}, {&(0x7f0000000480)=""/174, 0xae}, &(0x7f0000000340)=[{&(0x7f0000000400)=""/98, 0x62}], 0x1, 0x60, 0xfffffffefffffffe}}], 0x48, 0x4}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r6}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
recvmsg(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000800)=""/254, 0xfe}, {&(0x7f0000000900)=""/50, 0x32}, {&(0x7f0000000940)=""/55, 0x37}, {&(0x7f0000000980)=""/171, 0xab}, {&(0x7f0000000a80)=""/107, 0x6b}, {&(0x7f0000000b00)=""/232, 0xe8}, {&(0x7f0000000c00)=""/248, 0xf8}, {&(0x7f0000000d00)=""/69, 0x45}], 0x8}, 0x0)
setfsgid(0x0)
sendto$inet6(r3, &(0x7f0000000000)="d2", 0x1, 0x4054, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0xc5f}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0xfffffffc}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r7 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x50f)
socket$inet(0x2, 0x800, 0x3)
setfsgid(0xee00)
setresgid(0xffffffffffffffff, 0x0, 0x0)

577.370748ms ago: executing program 2 (id=901):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@loopback, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8)
ioctl$TCSETS2(r1, 0x402c542b, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000440)='mm_page_free\x00', r0, 0x0, 0x1000}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x1000000, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x88)

541.950999ms ago: executing program 2 (id=902):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r1, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
io_setup(0x7, &(0x7f0000000280))
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x0)

443.953311ms ago: executing program 4 (id=903):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYRESDEC=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r1}, 0x18)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x2000000000000019, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x18)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, &(0x7f0000000a80)=0x1, 0x4)
r8 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000980)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x40, 0x0}, @in6=@local, 0x4e22, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x200000004, 0x40000000007, 0x20000a0de, 0x100000000, 0x4, 0x200000003, 0x9}, {0x5}, 0x1, 0x0, 0x1, 0x0, 0x6, 0x3}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x19}, 0x3502, 0x3, 0x8, 0xa1, 0x9075, 0x800}}, 0xe8)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c)

443.532341ms ago: executing program 1 (id=904):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0xc2, &(0x7f0000000780)={[{@nodots}, {@fat=@debug}, {@dots}, {@fat=@dos1xfloppy}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x5}}, {@fat=@check_normal}, {@dots}]}, 0xfe, 0x25f, &(0x7f0000000500)="$eJzs3cFqE0EYB/AvTZqsBbVn8bDgxZOobxCkghAQqrkbaL20Imwv0VMeQ/ANfByPPkZPvUXaXVy7LSIl6WS7vx+E/dj/DjuTQCaHmeyHx5+ODj6ffFz++hZZlscgYhFnEbuxFf0o9arj1kU9jGHUFgEAtM3+/mycug+sUO/qqaIYz7YjYnQlm/64pV4BAAAAAAAAAACwYjdZ//836/8BoH2s/7/7imI826l+v11m/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQztly+XD5j1fq/gEAq2f+B4DuMf8DQPeY/wGge949qIo8zyJOF/PpfFoey9Ov30z2nucXdutWp/P5dLuqJ3svyjxv5jtV+5fX5sN4+qTMz7NXbyeNfBQH6xw4AAAAAAAAAAAAAAAAAAAAbJBn+R+N/f39Mj+/YBTX5FnE90v/D9DYvz+IR4PbHAkAAAAAAAAAAAAAAAAAAAC018mXr0ez4+PDorPFz35EsrtHr/wYUr8JjeJe3KBVtmmjaFHRj4jDUQxivfd6f///L079zQQAAAAAAAAAAAAAAAAAAN1Tb/pN3RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKd+/v/6itRjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhdwAAAP//UhGHcQ==")
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x7c7, 0x3, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x86, 0x4, 0x0, @empty, @empty}}}})
syz_read_part_table(0x5e4, &(0x7f0000000000)="$eJzs3D2LXFUYB/D/uXfeFiLrBxBcSCMKRrETF2Oha7og2gnaWqxILMRCdgcVwZcPYCtaGIUQawUFCWKsrERYYiFib2GacGTuy0xAsZlFCfx+xZznnHue57mXe9sz4c5Wd5Nakuvd7KO2GybNw33wW/L2NFm+8EQy7xOmQ2JJ8tzlJ5+6sHexzNdrq9Xj4ep802U2jJPsDdGXk3xw+eCdLj5OyVGGMNPPZ5ms9tY+78O/3/TNkrbbw/9s8nXtX8QsP+aLJIelXb38ebLMJ8ndWXT7ziVpa63daz5OdpJ2/VVs4cr+teXjQ7yT4Uub9rOjd0t9aLg2Ta21Njk6O2a2yT2Pnbv0T0W7/GX3eONSrXV6ZsxtNhcOb80mw+yR7345ynKxrp7abEqe7CSvnDzzYHcnpa8x3f7xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Zfe9ev83zTg53/2Wdfz0p2k2W49z7zreW5xS/yv713bffOtSk9f3X/rp5Td+Pfg9fyRp2xycSebrfS/2w9X3umEyrLZb9z+81cw++/jbnfXCULok35/9+WYdO5wM42uP3pa832zdHwAAAAAAAAAAAAAAAAAAAFau5sLexSbPfnWj5PlsjvvXLJJSxukiqbXWP2tnPPz/w3gOP9dvpKySUsvt1c8nu3cldf7+A93fCvSJtdZJ16L8J4/Iv/grAAD//x/vY/E=")
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)

442.251581ms ago: executing program 2 (id=905):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES32], 0x50)
pipe(&(0x7f0000000440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet6(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
sendto$inet6(r3, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca", 0x15, 0x0, 0x0, 0x0)
recvfrom$inet6(r3, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400ab0095315727a7b795dad7ba5b39d4e59bdba61c4e0fac199cdd3a19135106ba96f591881900236973de74af6db5823078c52865d1926f8ce29936d0755eca73531708735ef1046d76058123a3e3d4e45c472802c00757fd0acfef328c79609cab07a9ad18217c0a"], &(0x7f0000000040)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x5c, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x800000000}, 0x18)
set_robust_list(&(0x7f0000000640)={0x0, 0x6}, 0x18)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x200000000622c, 0x0) (fail_nth: 2)

409.556562ms ago: executing program 1 (id=906):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x2, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e80)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7f, 0x0)

329.026664ms ago: executing program 4 (id=907):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xf, 0xb, &(0x7f0000000240)=ANY=[@ANYRESDEC], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x4525, 0x1000, 0x1, 0x12d}, &(0x7f0000000440)=<r3=>0x0, &(0x7f0000000640)=<r4=>0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8200}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_MSG_RING={0x28, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r2, 0x22d0, 0x20, 0x0, 0x0, 0x0)

300.875824ms ago: executing program 1 (id=908):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40044c4)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000280), &(0x7f0000000000)=""/10, 0x2}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000180)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r3=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x800, &(0x7f00000001c0)={0x11, 0xf3, r3, 0x1, 0x2, 0x6, @random="3564521e62c7"}, 0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x6, &(0x7f0000000080)=[{0x8, 0x3, 0x80, 0x7fffffff}, {0x3, 0x6}, {0x7, 0x5, 0x4c, 0xe}, {0x744b, 0x0, 0x2, 0xea7d}, {0x4, 0xa6, 0xb, 0xfff}, {0x61, 0xad, 0x2, 0x6}]})
ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000100)='ip6_vti0\x00')

299.914254ms ago: executing program 4 (id=909):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000040)='./file0\x00', 0x80006, 0xffffffffffffffff, 0x0, 0x0, 0x0) (fail_nth: 8)

65.785548ms ago: executing program 1 (id=910):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000480)={'tunl0\x00', &(0x7f0000000400)={'erspan0\x00', r3, 0x40, 0x20, 0x1ff, 0x7, {{0x8, 0x4, 0x1, 0x1, 0x20, 0x68, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @local, {[@timestamp_prespec={0x44, 0x4, 0x87, 0x3, 0x5}, @noop, @ra={0x94, 0x4}]}}}}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @local, 0x40000002}, 0x1c)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @remote}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "e2fa08", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$inet6(0xa, 0x80001, 0x10400000)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000fca000)={0xfffffffd, {{0xa, 0x40, 0x3, @private0}}}, 0x88)
poll(&(0x7f00000000c0)=[{r4, 0x20d8}, {r4, 0xe1}], 0x2, 0x8)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xc0}, @remote, @remote, 0x3, 0x2, 0x5, 0x0, 0xb7})
syz_emit_ethernet(0x82, &(0x7f0000000040)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0)

60.967999ms ago: executing program 4 (id=911):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="09000000070000002a00000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='\v\x00'], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18) (async)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r6 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
flistxattr(r6, 0x0, 0xdeff) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x12, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x18) (async)
r8 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r8, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @broadcast}}, 0x24) (async)
sendmmsg(r8, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}}], 0x1, 0x0) (async)
sendmmsg(r8, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) (async)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f00000007c0), 0x1, 0x74c, &(0x7f00000016c0)="$eJzs3E9rHPUbAPBnpknbX5ufG8GDeBIqVqidpKnakxDxXCj0BdSwmYSQSTZkN7WJAVsPHgRBRfBPL/oOvCiCl9L3oAjeFDwIWtN4EDys7GST6nY3jc2frfXzgdl5vt/dned5ssOXDOxsAP9ZT7YekoihiLgQEZX2fBoRh8voaMTVjdfdXlutrq+tVpNoNi/eSlpvK+c2j5W098ejfEs8HhE3ByNOvXF33vryyuxEUeSL7fFIY25hpL68cnpmbmI6n87nx0ZHz559Yez550b3rNe3X/vsl7e+fPnrj8/N/fHirWcnkxgv+46OPvbSxt9kMMY75uf3I1kfNZvNZr9rAADg3tLyv9OIgXJfiUNl1NPRg6sMAAAA2CvNI00AAADgoZdEvysAAAAA9tfm9wBur61WN7eD/P7Bzy9FxPCde4vXt/IPlPcQRxwt7084tp787c6EZONtsCtXr0XEjfEu53/SPv/uX+ed68kuj8feu9Faf8a7rX/p1voTXdafgc3fTtilzfVv/a71707+Qz3Wvws7zHFk8eQ3PfNfi3hioFv+ZCt/0iP/KzvM//nQd9/3eq75acTJ6J7/r7m2+X2IkamZIm8/ds1x4ovXT23X/7Fe+ZPt+1/YYf8/XB+b7rWWtPI/c2L7z79b/tY58U67jjQi3m3vW+P3OnI8fXP0o+36n+zR/70+/0922P9Xb678uMOXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQCmNiKFI0mwrTtMsizgeEY/FsbSo1RunpmpL85Ot5yKGYzCdminy0YiobIyT1vhMGd8Zj3WMz0bEoxHxfuV/5Tir1orJfjcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAluMRMRRJmkVEGhG/VdI0y/pdFQAAALDnhvtdAAAAALDvXP8DAADAw8/1PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAALpw/39qa62ur1dZ48vLy0mzt8unJvD6bzS1Vs2ptcSGbrtWmizyr1ubudbyiVls4F/NLV0Yaeb0xUl9euTRXW5pvXJqZm5jOL+WDB9IVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/9RQuSVpFhFpGadplkX8PyKGYzCZminy0Yh4JCK+rQweaY3P9LtoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9lx9eWV2oijyRcEugmr1gSjjXxkcigeiDEFH0O+VCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfqgvr8xOFEW+WO93JQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPRX+lMSEa3tZOWpoc5nDye/V8p9RLx6/eIHVyYajcUzrflft+YbH7bnx/pRPwAAANBp8zp98zoeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgp+rLK7MTRZEv7mPQ7x4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID782cAAAD//z5Jzng=") (async)
socket$key(0xf, 0x3, 0x2)

0s ago: executing program 0 (id=912):
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38)
write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r7, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000000b40)=[@mask_cswp={0x58, 0x114, 0x9, {{0x8, 0x5}, 0x0, 0x0, 0x402, 0x5, 0x7, 0x200000004, 0x10, 0x7}}], 0x58}, 0x0)
close_range(r0, r1, 0x0)

kernel console output (not intermixed with test programs):

y+0x1a/0x20
[   62.406602][ T4824]  _copy_from_user+0x1c/0xb0
[   62.406665][ T4824]  __x64_sys_sigaltstack+0x86/0x180
[   62.406723][ T4824]  x64_sys_call+0x1be5/0x2ff0
[   62.406808][ T4824]  do_syscall_64+0xd2/0x200
[   62.406847][ T4824]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   62.406879][ T4824]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   62.407005][ T4824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.407052][ T4824] RIP: 0033:0x7fad0940eec9
[   62.407072][ T4824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.407093][ T4824] RSP: 002b:00007fad07e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000083
[   62.407118][ T4824] RAX: ffffffffffffffda RBX: 00007fad09665fa0 RCX: 00007fad0940eec9
[   62.407134][ T4824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[   62.407150][ T4824] RBP: 00007fad07e77090 R08: 0000000000000000 R09: 0000000000000000
[   62.407163][ T4824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.407200][ T4824] R13: 00007fad09666038 R14: 00007fad09665fa0 R15: 00007ffe7e678f78
[   62.407225][ T4824]  </TASK>
[   62.477712][ T4810] syz.0.373: attempt to access beyond end of device
[   62.477712][ T4810] loop0: rw=2049, sector=185, nr_sectors = 8 limit=128
[   62.595686][ T4810] syz.0.373: attempt to access beyond end of device
[   62.595686][ T4810] loop0: rw=2049, sector=201, nr_sectors = 8 limit=128
[   62.595735][ T4810] syz.0.373: attempt to access beyond end of device
[   62.595735][ T4810] loop0: rw=2049, sector=217, nr_sectors = 8 limit=128
[   62.595776][ T4810] syz.0.373: attempt to access beyond end of device
[   62.595776][ T4810] loop0: rw=2049, sector=233, nr_sectors = 8 limit=128
[   62.595828][ T4810] syz.0.373: attempt to access beyond end of device
[   62.595828][ T4810] loop0: rw=2049, sector=249, nr_sectors = 8 limit=128
[   62.604403][ T4810] syz.0.373: attempt to access beyond end of device
[   62.604403][ T4810] loop0: rw=2049, sector=265, nr_sectors = 8 limit=128
[   62.667758][ T4810] syz.0.373: attempt to access beyond end of device
[   62.667758][ T4810] loop0: rw=2049, sector=281, nr_sectors = 8 limit=128
[   62.715417][ T4816] loop3: detected capacity change from 0 to 512
[   62.749360][ T4816] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   62.785482][ T4851] loop1: detected capacity change from 0 to 128
[   62.801490][ T4816] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   62.821183][ T4851] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   62.821805][ T4816] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.374: corrupted inode contents
[   62.848625][ T4857] loop2: detected capacity change from 0 to 2048
[   62.849696][ T4851] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   62.855311][ T4816] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #11: comm syz.3.374: mark_inode_dirty error
[   62.892903][ T4816] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.374: invalid indirect mapped block 1 (level 1)
[   62.908173][ T4816] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.374: corrupted inode contents
[   62.920986][ T4857]  loop2: p1 < > p4
[   62.925431][ T4857] loop2: p4 size 8388608 extends beyond EOD, truncated
[   62.932672][ T4816] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[   62.946384][ T4816] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.374: corrupted inode contents
[   62.961060][ T4816] EXT4-fs error (device loop3): ext4_truncate:4666: inode #11: comm syz.3.374: mark_inode_dirty error
[   62.988543][ T4816] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[   63.007090][ T4816] EXT4-fs (loop3): 1 truncate cleaned up
[   63.019185][ T4816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   63.155379][ T4869] netlink: 'syz.0.391': attribute type 10 has an invalid length.
[   63.165510][ T4869] batman_adv: batadv0: Adding interface: netdevsim1
[   63.172199][ T4869] batman_adv: batadv0: The MTU of interface netdevsim1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.197926][ T4869] batman_adv: batadv0: Not using interface netdevsim1 (retrying later): interface not active
[   63.210930][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.264797][ T4870] loop2: detected capacity change from 0 to 512
[   63.272570][ T4870] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   63.286102][ T4870] EXT4-fs (loop2): 1 truncate cleaned up
[   63.292519][ T4870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.416956][ T4869] loop0: detected capacity change from 0 to 8192
[   63.434621][ T4873] loop4: detected capacity change from 0 to 512
[   63.446765][ T4869] netlink: 28 bytes leftover after parsing attributes in process `syz.0.391'.
[   63.462573][ T4873] EXT4-fs error (device loop4): ext4_xattr_inode_iget:442: comm syz.4.393: error while reading EA inode 32 err=-116
[   63.499197][ T4873] EXT4-fs (loop4): Remounting filesystem read-only
[   63.506015][ T4873] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   63.548502][ T4875] ip6erspan0: entered promiscuous mode
[   63.569963][ T3300] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   63.624127][ T4873] EXT4-fs (loop4): 1 orphan inode deleted
[   63.649693][ T4873] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   63.777673][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.630944][ T4899] loop4: detected capacity change from 0 to 764
[   64.645320][ T4901] loop3: detected capacity change from 0 to 764
[   64.654182][ T4899] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   64.670830][ T4899] macvtap0: refused to change device tx_queue_len
[   64.682413][ T4901] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   64.703535][ T4901] macvtap0: refused to change device tx_queue_len
[   64.725571][ T4903] loop1: detected capacity change from 0 to 1024
[   64.733568][ T4903] EXT4-fs: Ignoring removed orlov option
[   64.735411][ T3299] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.743053][ T4903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.775234][ T4907] loop2: detected capacity change from 0 to 1024
[   64.782243][ T4907] EXT4-fs: Ignoring removed orlov option
[   64.790625][ T4907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.804083][   T29] kauditd_printk_skb: 313 callbacks suppressed
[   64.804145][ T4903] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[   64.804158][   T29] audit: type=1400 audit(129.578:1867): avc:  denied  { remount } for  pid=4902 comm="syz.1.404" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   64.849624][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.918594][ T4907] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[   64.937423][ T3299] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.017397][ T4917] FAULT_INJECTION: forcing a failure.
[   65.017397][ T4917] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.030564][ T4917] CPU: 1 UID: 0 PID: 4917 Comm: syz.1.408 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   65.030594][ T4917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   65.030607][ T4917] Call Trace:
[   65.030613][ T4917]  <TASK>
[   65.030621][ T4917]  __dump_stack+0x1d/0x30
[   65.030642][ T4917]  dump_stack_lvl+0xe8/0x140
[   65.030728][ T4917]  dump_stack+0x15/0x1b
[   65.030744][ T4917]  should_fail_ex+0x265/0x280
[   65.030769][ T4917]  should_fail+0xb/0x20
[   65.030814][ T4917]  should_fail_usercopy+0x1a/0x20
[   65.030840][ T4917]  strncpy_from_user+0x25/0x230
[   65.030873][ T4917]  ? kmem_cache_alloc_noprof+0x186/0x310
[   65.030982][ T4917]  ? getname_flags+0x80/0x3b0
[   65.031034][ T4917]  getname_flags+0xae/0x3b0
[   65.031063][ T4917]  io_openat_prep+0x129/0x2b0
[   65.031096][ T4917]  io_submit_sqes+0x5ef/0x1060
[   65.031135][ T4917]  __se_sys_io_uring_enter+0x1c1/0x1b70
[   65.031187][ T4917]  ? 0xffffffff81000000
[   65.031200][ T4917]  ? __rcu_read_unlock+0x4f/0x70
[   65.031222][ T4917]  ? get_pid_task+0x96/0xd0
[   65.031243][ T4917]  ? proc_fail_nth_write+0x13b/0x160
[   65.031304][ T4917]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   65.031387][ T4917]  ? vfs_write+0x7e8/0x960
[   65.031408][ T4917]  ? __rcu_read_unlock+0x4f/0x70
[   65.031429][ T4917]  ? __fget_files+0x184/0x1c0
[   65.031500][ T4917]  ? fput+0x8f/0xc0
[   65.031551][ T4917]  __x64_sys_io_uring_enter+0x78/0x90
[   65.031578][ T4917]  x64_sys_call+0x2de1/0x2ff0
[   65.031601][ T4917]  do_syscall_64+0xd2/0x200
[   65.031631][ T4917]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   65.031728][ T4917]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   65.031756][ T4917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.031778][ T4917] RIP: 0033:0x7fad0940eec9
[   65.031797][ T4917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.031815][ T4917] RSP: 002b:00007fad07e77038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   65.031845][ T4917] RAX: ffffffffffffffda RBX: 00007fad09665fa0 RCX: 00007fad0940eec9
[   65.031857][ T4917] RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000006
[   65.031871][ T4917] RBP: 00007fad07e77090 R08: 0000000000000000 R09: 0000000000000000
[   65.031883][ T4917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.031894][ T4917] R13: 00007fad09666038 R14: 00007fad09665fa0 R15: 00007ffe7e678f78
[   65.031913][ T4917]  </TASK>
[   65.288117][ T4919] loop2: detected capacity change from 0 to 2048
[   65.296231][   T29] audit: type=1326 audit(130.048:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708a85eec9 code=0x7ffc0000
[   65.319011][   T29] audit: type=1326 audit(130.048:1869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708a85eec9 code=0x7ffc0000
[   65.341803][   T29] audit: type=1326 audit(130.048:1870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f708a85eec9 code=0x7ffc0000
[   65.364664][   T29] audit: type=1326 audit(130.048:1871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f708a85ef03 code=0x7ffc0000
[   65.387339][   T29] audit: type=1326 audit(130.048:1872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f708a85d97f code=0x7ffc0000
[   65.409929][   T29] audit: type=1326 audit(130.058:1873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f708a85ef57 code=0x7ffc0000
[   65.432684][   T29] audit: type=1326 audit(130.058:1874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f708a85d710 code=0x7ffc0000
[   65.455441][   T29] audit: type=1326 audit(130.058:1875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f708a85eacb code=0x7ffc0000
[   65.475483][ T4922] loop0: detected capacity change from 0 to 2048
[   65.478098][   T29] audit: type=1326 audit(130.058:1876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.2.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f708a85db2a code=0x7ffc0000
[   65.520497][ T4919]  loop2: p2 p3 p7
[   65.548535][ T4922]  loop0: p1 < > p4
[   65.554818][ T4922] loop0: p4 size 8388608 extends beyond EOD, truncated
[   65.619557][ T4924] loop2: detected capacity change from 0 to 512
[   65.628077][ T4924] EXT4-fs (loop2): failed to initialize system zone (-117)
[   65.635322][ T4924] EXT4-fs (loop2): mount failed
[   65.842361][ T4965] loop2: detected capacity change from 0 to 764
[   65.848504][ T4968] program syz.0.426 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   65.859218][ T4965] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   65.870325][ T4965] macvtap0: refused to change device tx_queue_len
[   65.882233][ T4970] loop3: detected capacity change from 0 to 1024
[   65.889664][ T4970] EXT4-fs: Ignoring removed bh option
[   65.895198][ T4970] EXT4-fs: inline encryption not supported
[   65.901202][ T4968] sg_write: process 260 (syz.0.426) changed security contexts after opening file descriptor, this is not allowed.
[   65.914043][ T4970] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   65.955743][ T4977] FAULT_INJECTION: forcing a failure.
[   65.955743][ T4977] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.969164][ T4977] CPU: 1 UID: 0 PID: 4977 Comm: syz.1.429 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   65.969274][ T4977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   65.969371][ T4977] Call Trace:
[   65.969378][ T4977]  <TASK>
[   65.969385][ T4977]  __dump_stack+0x1d/0x30
[   65.969453][ T4977]  dump_stack_lvl+0xe8/0x140
[   65.969476][ T4977]  dump_stack+0x15/0x1b
[   65.969492][ T4977]  should_fail_ex+0x265/0x280
[   65.969578][ T4977]  should_fail+0xb/0x20
[   65.969603][ T4977]  should_fail_usercopy+0x1a/0x20
[   65.969634][ T4977]  _copy_from_user+0x1c/0xb0
[   65.969674][ T4977]  __sys_sendto+0x19e/0x330
[   65.969766][ T4977]  __x64_sys_sendto+0x76/0x90
[   65.969788][ T4977]  x64_sys_call+0x2d05/0x2ff0
[   65.969809][ T4977]  do_syscall_64+0xd2/0x200
[   65.969918][ T4977]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   65.969949][ T4977]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   65.970050][ T4977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.970124][ T4977] RIP: 0033:0x7fad0940eec9
[   65.970142][ T4977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.970163][ T4977] RSP: 002b:00007fad07e77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   65.970182][ T4977] RAX: ffffffffffffffda RBX: 00007fad09665fa0 RCX: 00007fad0940eec9
[   65.970194][ T4977] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   65.970205][ T4977] RBP: 00007fad07e77090 R08: 0000200000000040 R09: 0000000000000010
[   65.970220][ T4977] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[   65.970296][ T4977] R13: 00007fad09666038 R14: 00007fad09665fa0 R15: 00007ffe7e678f78
[   65.970320][ T4977]  </TASK>
[   66.151779][ T4969] netlink: 24 bytes leftover after parsing attributes in process `syz.4.427'.
[   66.162749][ T4969] netlink: 68 bytes leftover after parsing attributes in process `syz.4.427'.
[   66.171772][ T4969] netlink: 'syz.4.427': attribute type 2 has an invalid length.
[   66.196049][ T4970] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[   66.219153][ T4970] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.424: lblock 2 mapped to illegal pblock 2 (length 1)
[   66.238289][ T4970] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.424: lblock 0 mapped to illegal pblock 48 (length 1)
[   66.260020][ T4970] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.424: Failed to acquire dquot type 0
[   66.274798][ T4970] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6334: Corrupt filesystem
[   66.287111][ T4986] netlink: 'syz.4.433': attribute type 39 has an invalid length.
[   66.296853][ T4970] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.424: mark_inode_dirty error
[   66.328179][ T4970] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   66.339163][ T4970] EXT4-fs (loop3): 1 orphan inode deleted
[   66.347415][ T4970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.376618][   T56] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[   66.437172][ T5000] loop1: detected capacity change from 0 to 128
[   66.448408][   T56] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:4: Failed to release dquot type 0
[   66.496478][ T4970] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.424: lblock 0 mapped to illegal pblock 48 (length 1)
[   66.763018][ T5004] SELinux:  Context Ü is not valid (left unmapped).
[   66.813399][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.959173][ T5009] netlink: 68 bytes leftover after parsing attributes in process `syz.2.442'.
[   67.165225][ T5026] loop1: detected capacity change from 0 to 512
[   67.189879][ T5026] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.255629][ T5026] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.449: corrupted inode contents
[   67.295423][ T5026] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #2: comm syz.1.449: mark_inode_dirty error
[   67.344117][ T5026] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #2: comm syz.1.449: corrupted inode contents
[   67.368613][ T5048] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[   67.396631][ T5048] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[   67.414707][ T5026] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.449: mark_inode_dirty error
[   67.419159][ T5051] netlink: 68 bytes leftover after parsing attributes in process `syz.4.456'.
[   67.460151][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.480922][ T5022] loop0: detected capacity change from 0 to 512
[   67.504592][ T5056] loop3: detected capacity change from 0 to 764
[   67.518406][ T5056] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   67.529671][ T5022] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   67.534244][ T5056] macvtap0: refused to change device tx_queue_len
[   67.558842][ T5061] loop4: detected capacity change from 0 to 1024
[   67.565792][ T5061] EXT4-fs: inline encryption not supported
[   67.572220][ T5061] EXT4-fs: Ignoring removed bh option
[   67.585074][ T5022] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   67.585451][ T5061] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.621595][ T5022] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.446: corrupted inode contents
[   67.639782][ T5022] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #11: comm syz.0.446: mark_inode_dirty error
[   67.647594][ T5061] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   67.689310][ T5061] EXT4-fs (loop4): Remounting filesystem read-only
[   67.698634][ T5022] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.446: invalid indirect mapped block 1 (level 1)
[   67.717686][ T5067] veth1_macvtap: left promiscuous mode
[   67.723428][ T5067] macsec0: entered promiscuous mode
[   67.737668][ T5022] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.446: corrupted inode contents
[   67.754339][ T5022] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[   67.764321][ T5022] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.446: corrupted inode contents
[   67.779489][ T5022] EXT4-fs error (device loop0): ext4_truncate:4666: inode #11: comm syz.0.446: mark_inode_dirty error
[   67.792246][ T5022] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[   67.814871][ T5022] EXT4-fs (loop0): 1 truncate cleaned up
[   67.825500][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.840483][ T5022] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.999364][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.179585][ T5075] netlink: 'syz.1.464': attribute type 2 has an invalid length.
[   68.382230][ T5091] netlink: 'syz.0.471': attribute type 13 has an invalid length.
[   68.407720][ T5093] loop3: detected capacity change from 0 to 128
[   68.555580][ T5077] loop2: detected capacity change from 0 to 512
[   68.573891][ T5077] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   68.614607][ T5077] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   68.632529][ T5077] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #11: comm syz.2.465: corrupted inode contents
[   68.648201][ T5077] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #11: comm syz.2.465: mark_inode_dirty error
[   68.721857][ T5077] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.465: invalid indirect mapped block 1 (level 1)
[   68.748837][ T5115] loop0: detected capacity change from 0 to 128
[   68.777430][ T5115] FAULT_INJECTION: forcing a failure.
[   68.777430][ T5115] name failslab, interval 1, probability 0, space 0, times 0
[   68.790137][ T5115] CPU: 1 UID: 0 PID: 5115 Comm: syz.0.479 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   68.790165][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   68.790227][ T5115] Call Trace:
[   68.790235][ T5115]  <TASK>
[   68.790242][ T5115]  __dump_stack+0x1d/0x30
[   68.790265][ T5115]  dump_stack_lvl+0xe8/0x140
[   68.790288][ T5115]  dump_stack+0x15/0x1b
[   68.790309][ T5115]  should_fail_ex+0x265/0x280
[   68.790362][ T5115]  should_failslab+0x8c/0xb0
[   68.790391][ T5115]  kmem_cache_alloc_lru_noprof+0x55/0x310
[   68.790420][ T5115]  ? __d_alloc+0x3d/0x340
[   68.790462][ T5115]  __d_alloc+0x3d/0x340
[   68.790490][ T5115]  d_alloc+0x2e/0x100
[   68.790523][ T5115]  lookup_one_qstr_excl+0x99/0x250
[   68.790580][ T5115]  do_unlinkat+0x176/0x480
[   68.790612][ T5115]  __x64_sys_unlinkat+0x97/0xb0
[   68.790640][ T5115]  x64_sys_call+0x2ede/0x2ff0
[   68.790725][ T5115]  do_syscall_64+0xd2/0x200
[   68.790894][ T5115]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   68.790921][ T5115]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   68.790954][ T5115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.791007][ T5115] RIP: 0033:0x7fbc3de6eec9
[   68.791025][ T5115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.791041][ T5115] RSP: 002b:00007fbc3c8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[   68.791059][ T5115] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6eec9
[   68.791071][ T5115] RDX: 0000000000000000 RSI: 0000200000000380 RDI: ffffffffffffff9c
[   68.791085][ T5115] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   68.791166][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.791181][ T5115] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   68.791199][ T5115]  </TASK>
[   69.035259][ T5077] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #11: comm syz.2.465: corrupted inode contents
[   69.116520][ T5077] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[   69.135674][ T5077] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #11: comm syz.2.465: corrupted inode contents
[   69.156162][ T5077] EXT4-fs error (device loop2): ext4_truncate:4666: inode #11: comm syz.2.465: mark_inode_dirty error
[   69.178674][ T5077] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[   69.193943][ T5077] EXT4-fs (loop2): 1 truncate cleaned up
[   69.209685][ T5077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.268109][ T5123] macvlan1: entered promiscuous mode
[   69.274824][ T5123] ipvlan0: entered promiscuous mode
[   69.280745][ T5123] ipvlan0: left promiscuous mode
[   69.286124][ T5123] macvlan1: left promiscuous mode
[   69.305296][ T5126] loop0: detected capacity change from 0 to 764
[   69.313257][ T5126] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   69.362122][ T5126] macvtap0: refused to change device tx_queue_len
[   69.374997][ T3299] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.412724][ T5135] loop2: detected capacity change from 0 to 764
[   69.420896][ T5135] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   69.432116][ T5135] macvtap0: refused to change device tx_queue_len
[   69.619731][ T5146] FAULT_INJECTION: forcing a failure.
[   69.619731][ T5146] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   69.632906][ T5146] CPU: 1 UID: 0 PID: 5146 Comm: syz.1.490 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   69.632983][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   69.632999][ T5146] Call Trace:
[   69.633008][ T5146]  <TASK>
[   69.633017][ T5146]  __dump_stack+0x1d/0x30
[   69.633041][ T5146]  dump_stack_lvl+0xe8/0x140
[   69.633063][ T5146]  dump_stack+0x15/0x1b
[   69.633082][ T5146]  should_fail_ex+0x265/0x280
[   69.633155][ T5146]  should_fail+0xb/0x20
[   69.633177][ T5146]  should_fail_usercopy+0x1a/0x20
[   69.633247][ T5146]  _copy_from_user+0x1c/0xb0
[   69.633285][ T5146]  __sys_sendto+0x19e/0x330
[   69.633319][ T5146]  __x64_sys_sendto+0x76/0x90
[   69.633346][ T5146]  x64_sys_call+0x2d05/0x2ff0
[   69.633410][ T5146]  do_syscall_64+0xd2/0x200
[   69.633516][ T5146]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   69.633545][ T5146]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   69.633648][ T5146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.633676][ T5146] RIP: 0033:0x7fad0940eec9
[   69.633692][ T5146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.633712][ T5146] RSP: 002b:00007fad07e77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   69.633735][ T5146] RAX: ffffffffffffffda RBX: 00007fad09665fa0 RCX: 00007fad0940eec9
[   69.633768][ T5146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   69.633798][ T5146] RBP: 00007fad07e77090 R08: 0000200000b63fe4 R09: 000000000000001c
[   69.633813][ T5146] R10: 0000000022004001 R11: 0000000000000246 R12: 0000000000000001
[   69.633827][ T5146] R13: 00007fad09666038 R14: 00007fad09665fa0 R15: 00007ffe7e678f78
[   69.633846][ T5146]  </TASK>
[   69.634082][ T5147] syz.3.489 uses obsolete (PF_INET,SOCK_PACKET)
[   69.824343][   T29] kauditd_printk_skb: 455 callbacks suppressed
[   69.824362][   T29] audit: type=1326 audit(130.288:2328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.853392][   T29] audit: type=1326 audit(130.288:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.876132][   T29] audit: type=1326 audit(130.288:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.898885][   T29] audit: type=1326 audit(130.288:2331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.921884][   T29] audit: type=1326 audit(130.288:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.944722][   T29] audit: type=1326 audit(130.288:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.967577][   T29] audit: type=1326 audit(130.288:2334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   69.990295][   T29] audit: type=1326 audit(130.288:2335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   70.012830][   T29] audit: type=1326 audit(130.288:2336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   70.035554][   T29] audit: type=1326 audit(130.298:2337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5149 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   70.279636][ T5159] netlink: 'syz.4.494': attribute type 3 has an invalid length.
[   70.297746][ T5159] netlink: 'syz.4.494': attribute type 3 has an invalid length.
[   70.666104][ T5173] loop0: detected capacity change from 0 to 8192
[   70.677908][ T5178] FAULT_INJECTION: forcing a failure.
[   70.677908][ T5178] name failslab, interval 1, probability 0, space 0, times 0
[   70.690618][ T5178] CPU: 1 UID: 0 PID: 5178 Comm: syz.2.501 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.690652][ T5178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   70.690668][ T5178] Call Trace:
[   70.690675][ T5178]  <TASK>
[   70.690697][ T5178]  __dump_stack+0x1d/0x30
[   70.690722][ T5178]  dump_stack_lvl+0xe8/0x140
[   70.690798][ T5178]  dump_stack+0x15/0x1b
[   70.690819][ T5178]  should_fail_ex+0x265/0x280
[   70.690849][ T5178]  should_failslab+0x8c/0xb0
[   70.690948][ T5178]  kmem_cache_alloc_noprof+0x50/0x310
[   70.690980][ T5178]  ? skb_clone+0x151/0x1f0
[   70.691011][ T5178]  skb_clone+0x151/0x1f0
[   70.691033][ T5178]  __netlink_deliver_tap+0x2c9/0x500
[   70.691140][ T5178]  netlink_dump+0x836/0x8a0
[   70.691174][ T5178]  __netlink_dump_start+0x43e/0x520
[   70.691270][ T5178]  ? __pfx_tc_dump_qdisc+0x10/0x10
[   70.691345][ T5178]  rtnetlink_rcv_msg+0x552/0x6d0
[   70.691379][ T5178]  ? __pfx_tc_dump_qdisc+0x10/0x10
[   70.691409][ T5178]  ? __pfx_rtnl_dumpit+0x10/0x10
[   70.691489][ T5178]  ? __pfx_tc_dump_qdisc+0x10/0x10
[   70.691563][ T5178]  netlink_rcv_skb+0x123/0x220
[   70.691589][ T5178]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   70.691628][ T5178]  rtnetlink_rcv+0x1c/0x30
[   70.691658][ T5178]  netlink_unicast+0x5bd/0x690
[   70.691699][ T5178]  netlink_sendmsg+0x58b/0x6b0
[   70.691730][ T5178]  ? __pfx_netlink_sendmsg+0x10/0x10
[   70.691756][ T5178]  __sock_sendmsg+0x145/0x180
[   70.691791][ T5178]  ____sys_sendmsg+0x31e/0x4e0
[   70.691838][ T5178]  ___sys_sendmsg+0x17b/0x1d0
[   70.691873][ T5178]  __x64_sys_sendmsg+0xd4/0x160
[   70.691905][ T5178]  x64_sys_call+0x191e/0x2ff0
[   70.691932][ T5178]  do_syscall_64+0xd2/0x200
[   70.691978][ T5178]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.692067][ T5178]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.692100][ T5178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.692120][ T5178] RIP: 0033:0x7f708a85eec9
[   70.692205][ T5178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.692225][ T5178] RSP: 002b:00007f70892bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.692248][ T5178] RAX: ffffffffffffffda RBX: 00007f708aab5fa0 RCX: 00007f708a85eec9
[   70.692305][ T5178] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000006
[   70.692317][ T5178] RBP: 00007f70892bf090 R08: 0000000000000000 R09: 0000000000000000
[   70.692328][ T5178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.692343][ T5178] R13: 00007f708aab6038 R14: 00007f708aab5fa0 R15: 00007ffcf1696878
[   70.692400][ T5178]  </TASK>
[   70.964836][ T5183] FAULT_INJECTION: forcing a failure.
[   70.964836][ T5183] name failslab, interval 1, probability 0, space 0, times 0
[   70.977610][ T5183] CPU: 1 UID: 0 PID: 5183 Comm: syz.0.500 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.977637][ T5183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   70.977649][ T5183] Call Trace:
[   70.977655][ T5183]  <TASK>
[   70.977663][ T5183]  __dump_stack+0x1d/0x30
[   70.977689][ T5183]  dump_stack_lvl+0xe8/0x140
[   70.977778][ T5183]  dump_stack+0x15/0x1b
[   70.977793][ T5183]  should_fail_ex+0x265/0x280
[   70.977818][ T5183]  ? io_wq_create+0x4b/0x4b0
[   70.977899][ T5183]  should_failslab+0x8c/0xb0
[   70.977941][ T5183]  __kmalloc_cache_noprof+0x4c/0x320
[   70.978013][ T5183]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[   70.978036][ T5183]  io_wq_create+0x4b/0x4b0
[   70.978055][ T5183]  io_uring_alloc_task_context+0x17d/0x2d0
[   70.978085][ T5183]  __io_uring_add_tctx_node+0x1f3/0x2d0
[   70.978127][ T5183]  __io_uring_add_tctx_node_from_submit+0x69/0xc0
[   70.978152][ T5183]  __se_sys_io_uring_enter+0x195b/0x1b70
[   70.978185][ T5183]  ? 0xffffffff81000000
[   70.978201][ T5183]  ? __rcu_read_unlock+0x4f/0x70
[   70.978275][ T5183]  ? get_pid_task+0x96/0xd0
[   70.978298][ T5183]  ? proc_fail_nth_write+0x13b/0x160
[   70.978325][ T5183]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   70.978454][ T5183]  ? vfs_write+0x7e8/0x960
[   70.978527][ T5183]  ? __rcu_read_unlock+0x4f/0x70
[   70.978549][ T5183]  ? __fget_files+0x184/0x1c0
[   70.978577][ T5183]  ? fput+0x8f/0xc0
[   70.978639][ T5183]  __x64_sys_io_uring_enter+0x78/0x90
[   70.978668][ T5183]  x64_sys_call+0x2de1/0x2ff0
[   70.978695][ T5183]  do_syscall_64+0xd2/0x200
[   70.978736][ T5183]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.978843][ T5183]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.978878][ T5183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.978899][ T5183] RIP: 0033:0x7fbc3de6eec9
[   70.978913][ T5183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.978938][ T5183] RSP: 002b:00007fbc3c7ed038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   70.978962][ T5183] RAX: ffffffffffffffda RBX: 00007fbc3e0c6090 RCX: 00007fbc3de6eec9
[   70.978974][ T5183] RDX: 000000000000ed60 RSI: 00000000000048e9 RDI: 0000000000000005
[   70.978986][ T5183] RBP: 00007fbc3c7ed090 R08: 0000000000000000 R09: 0000000000000000
[   70.978997][ T5183] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[   70.979020][ T5183] R13: 00007fbc3e0c6128 R14: 00007fbc3e0c6090 R15: 00007ffc67cb0218
[   70.979044][ T5183]  </TASK>
[   70.979606][ T5173]  loop0: p1 p2[DM] p4
[   71.230792][ T5173] loop0: p1 size 196608 extends beyond EOD, truncated
[   71.245995][ T5185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.503'.
[   71.247779][ T5173] loop0: p2 start 4292936063 is beyond EOD, truncated
[   71.261764][ T5173] loop0: p4 size 50331648 extends beyond EOD, truncated
[   71.357210][ T5194] FAULT_INJECTION: forcing a failure.
[   71.357210][ T5194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.370516][ T5194] CPU: 0 UID: 0 PID: 5194 Comm: syz.0.504 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   71.370549][ T5194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   71.370562][ T5194] Call Trace:
[   71.370568][ T5194]  <TASK>
[   71.370590][ T5194]  __dump_stack+0x1d/0x30
[   71.370616][ T5194]  dump_stack_lvl+0xe8/0x140
[   71.370639][ T5194]  dump_stack+0x15/0x1b
[   71.370657][ T5194]  should_fail_ex+0x265/0x280
[   71.370684][ T5194]  should_fail+0xb/0x20
[   71.370713][ T5194]  should_fail_usercopy+0x1a/0x20
[   71.370785][ T5194]  _copy_to_user+0x20/0xa0
[   71.370819][ T5194]  simple_read_from_buffer+0xb5/0x130
[   71.370854][ T5194]  proc_fail_nth_read+0x10e/0x150
[   71.370884][ T5194]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   71.370912][ T5194]  vfs_read+0x1a8/0x770
[   71.370935][ T5194]  ? __rcu_read_unlock+0x4f/0x70
[   71.370999][ T5194]  ? __fget_files+0x184/0x1c0
[   71.371028][ T5194]  ksys_read+0xda/0x1a0
[   71.371052][ T5194]  __x64_sys_read+0x40/0x50
[   71.371076][ T5194]  x64_sys_call+0x27bc/0x2ff0
[   71.371153][ T5194]  do_syscall_64+0xd2/0x200
[   71.371185][ T5194]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   71.371263][ T5194]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   71.371292][ T5194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.371381][ T5194] RIP: 0033:0x7fbc3de6d8dc
[   71.371398][ T5194] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   71.371417][ T5194] RSP: 002b:00007fbc3c8cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   71.371519][ T5194] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6d8dc
[   71.371533][ T5194] RDX: 000000000000000f RSI: 00007fbc3c8cf0a0 RDI: 0000000000000005
[   71.371546][ T5194] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   71.371559][ T5194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   71.371602][ T5194] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   71.371622][ T5194]  </TASK>
[   71.623707][ T5185] loop2: detected capacity change from 0 to 2048
[   71.637815][ T5198] netlink: 'syz.0.506': attribute type 3 has an invalid length.
[   71.647590][ T5198] netlink: 'syz.0.506': attribute type 3 has an invalid length.
[   71.672085][ T5185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.946068][ T3299] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.287579][ T5205] loop0: detected capacity change from 0 to 512
[   72.347652][ T5205] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   72.361216][ T5200] loop3: detected capacity change from 0 to 512
[   72.409676][ T5205] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   72.430708][ T5200] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   72.446767][ T5205] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.508: corrupted inode contents
[   72.465395][ T5200] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   72.485404][ T5205] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #11: comm syz.0.508: mark_inode_dirty error
[   72.490372][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.507: corrupted inode contents
[   72.500451][ T5205] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.508: invalid indirect mapped block 1 (level 1)
[   72.520485][ T5200] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #11: comm syz.3.507: mark_inode_dirty error
[   72.526839][ T5205] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.508: corrupted inode contents
[   72.548876][ T5205] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[   72.559887][ T5205] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.508: corrupted inode contents
[   72.573760][ T5205] EXT4-fs error (device loop0): ext4_truncate:4666: inode #11: comm syz.0.508: mark_inode_dirty error
[   72.586850][ T5205] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[   72.591088][ T5200] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.507: invalid indirect mapped block 1 (level 1)
[   72.601294][ T5205] EXT4-fs (loop0): 1 truncate cleaned up
[   72.620166][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.507: corrupted inode contents
[   72.633986][ T5200] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[   72.650672][ T5205] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.674522][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.507: corrupted inode contents
[   72.689932][ T5200] EXT4-fs error (device loop3): ext4_truncate:4666: inode #11: comm syz.3.507: mark_inode_dirty error
[   72.704914][ T5200] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[   72.721843][ T5200] EXT4-fs (loop3): 1 truncate cleaned up
[   72.741931][ T5200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.883704][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.913408][ T5235] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[   72.920046][ T5235] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   72.927620][ T5235] vhci_hcd vhci_hcd.0: Device attached
[   72.982466][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.012100][ T5236] vhci_hcd: connection closed
[   73.012636][   T31] vhci_hcd: stop threads
[   73.021800][   T31] vhci_hcd: release socket
[   73.026258][   T31] vhci_hcd: disconnect device
[   73.047678][ T5242] loop3: detected capacity change from 0 to 512
[   73.054909][ T5242] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   73.057250][ T5244] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5244 comm=syz.0.517
[   73.068883][ T5242] EXT4-fs (loop3): 1 truncate cleaned up
[   73.084285][ T5242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.110083][ T5247] netlink: 'syz.0.518': attribute type 3 has an invalid length.
[   73.117971][ T5247] netlink: 'syz.0.518': attribute type 3 has an invalid length.
[   73.186715][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.255554][ T5258] netlink: 'syz.4.522': attribute type 3 has an invalid length.
[   73.263362][ T5258] netlink: 'syz.4.522': attribute type 3 has an invalid length.
[   73.959387][ T5289] netlink: 'syz.1.527': attribute type 3 has an invalid length.
[   73.968690][ T5289] netlink: 'syz.1.527': attribute type 3 has an invalid length.
[   74.055930][ T5301] netlink: 'syz.0.530': attribute type 3 has an invalid length.
[   74.066172][ T5301] netlink: 'syz.0.530': attribute type 3 has an invalid length.
[   74.091911][ T5304] loop4: detected capacity change from 0 to 2048
[   74.118708][ T5307] loop0: detected capacity change from 0 to 764
[   74.136291][ T5307] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   74.148955][ T5307] macvtap0: refused to change device tx_queue_len
[   74.149225][ T5311] FAULT_INJECTION: forcing a failure.
[   74.149225][ T5311] name failslab, interval 1, probability 0, space 0, times 0
[   74.156552][ T5304]  loop4: p1 < > p4
[   74.168147][ T5311] CPU: 1 UID: 0 PID: 5311 Comm: syz.2.533 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   74.168180][ T5311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   74.168197][ T5311] Call Trace:
[   74.168206][ T5311]  <TASK>
[   74.168217][ T5311]  __dump_stack+0x1d/0x30
[   74.168249][ T5311]  dump_stack_lvl+0xe8/0x140
[   74.168276][ T5311]  dump_stack+0x15/0x1b
[   74.168328][ T5311]  should_fail_ex+0x265/0x280
[   74.168363][ T5311]  should_failslab+0x8c/0xb0
[   74.168424][ T5311]  kmem_cache_alloc_noprof+0x50/0x310
[   74.168503][ T5311]  ? getname_kernel+0x3c/0x1f0
[   74.168547][ T5311]  ? should_fail_ex+0xdb/0x280
[   74.168599][ T5311]  getname_kernel+0x3c/0x1f0
[   74.168639][ T5311]  kern_path+0x23/0x130
[   74.168699][ T5311]  bpf_uprobe_multi_link_attach+0x231/0x910
[   74.168741][ T5311]  ? __rcu_read_unlock+0x4f/0x70
[   74.168771][ T5311]  ? __fget_files+0x184/0x1c0
[   74.168859][ T5311]  link_create+0x680/0x6e0
[   74.169012][ T5311]  __sys_bpf+0x61d/0x7b0
[   74.169060][ T5311]  __x64_sys_bpf+0x41/0x50
[   74.169104][ T5311]  x64_sys_call+0x2aea/0x2ff0
[   74.169141][ T5311]  do_syscall_64+0xd2/0x200
[   74.169205][ T5311]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   74.169261][ T5311]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   74.169335][ T5311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.169364][ T5311] RIP: 0033:0x7f708a85eec9
[   74.169385][ T5311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.169408][ T5311] RSP: 002b:00007f70892bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   74.169434][ T5311] RAX: ffffffffffffffda RBX: 00007f708aab5fa0 RCX: 00007f708a85eec9
[   74.169452][ T5311] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c
[   74.169471][ T5311] RBP: 00007f70892bf090 R08: 0000000000000000 R09: 0000000000000000
[   74.169488][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.169505][ T5311] R13: 00007f708aab6038 R14: 00007f708aab5fa0 R15: 00007ffcf1696878
[   74.169612][ T5311]  </TASK>
[   74.377045][ T5304] loop4: p4 size 8388608 extends beyond EOD, truncated
[   74.501284][ T5334] loop1: detected capacity change from 0 to 764
[   74.508656][ T5334] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   74.520315][ T5334] macvtap0: refused to change device tx_queue_len
[   74.820346][ T5362] netlink: 36 bytes leftover after parsing attributes in process `syz.3.547'.
[   74.829499][   T29] kauditd_printk_skb: 836 callbacks suppressed
[   74.829515][   T29] audit: type=1326 audit(128.588:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5359 comm="syz.2.546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708a85eec9 code=0x7ffc0000
[   74.872414][   T29] audit: type=1400 audit(128.628:3173): avc:  denied  { unlink } for  pid=3299 comm="syz-executor" name="file0" dev="tmpfs" ino=580 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   74.899831][ T5366] all: renamed from lo (while UP)
[   74.970666][ T5370] netlink: 68 bytes leftover after parsing attributes in process `syz.2.551'.
[   75.012869][ T5374] loop3: detected capacity change from 0 to 512
[   75.020597][ T5374] EXT4-fs: Ignoring removed mblk_io_submit option
[   75.027536][ T5374] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   75.038863][ T5374] EXT4-fs (loop3): 1 truncate cleaned up
[   75.045010][ T5374] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.059432][   T29] audit: type=1400 audit(128.818:3174): avc:  denied  { read } for  pid=5373 comm="syz.3.553" path="/111/bus/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   75.086897][   T29] audit: type=1400 audit(128.848:3175): avc:  denied  { bind } for  pid=5373 comm="syz.3.553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   75.284718][ T5390] netlink: 60 bytes leftover after parsing attributes in process `syz.4.557'.
[   75.319579][ T5387] netlink: 14 bytes leftover after parsing attributes in process `syz.0.556'.
[   75.334971][ T5387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   75.370848][ T5392] netlink: 36 bytes leftover after parsing attributes in process `syz.4.558'.
[   75.383113][ T5387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   75.401493][ T5387] bond0 (unregistering): Released all slaves
[   75.426644][ T5388] ip6gre0: Caught tx_queue_len zero misconfig
[   75.436058][ T5388] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   75.454196][ T5388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.463282][ T5388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.521717][ T5397] infiniband syz2: set active
[   75.526972][ T5397] infiniband syz2: added bond_slave_0
[   75.539624][ T5397] RDS/IB: syz2: added
[   75.543651][ T5397] smc: adding ib device syz2 with port count 1
[   75.549860][ T5397] smc:    ib device syz2 port 1 has pnetid 
[   75.586530][ T5401] 9pnet_fd: Insufficient options for proto=fd
[   75.596698][ T5401] loop4: detected capacity change from 0 to 512
[   75.616610][ T5401] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   75.649033][ T5401] EXT4-fs (loop4): 1 truncate cleaned up
[   75.666765][ T5401] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.718490][   T29] audit: type=1400 audit(129.478:3176): avc:  denied  { write } for  pid=5396 comm="syz.4.560" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[   75.800441][ T5410] netlink: 68 bytes leftover after parsing attributes in process `syz.1.564'.
[   75.887376][ T5418] all: renamed from lo (while UP)
[   75.925325][   T29] audit: type=1326 audit(129.678:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5419 comm="syz.1.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   75.961430][   T29] audit: type=1326 audit(129.708:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5419 comm="syz.1.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   75.984273][   T29] audit: type=1326 audit(129.708:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5419 comm="syz.1.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   76.007111][   T29] audit: type=1326 audit(129.708:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5419 comm="syz.1.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   76.029873][   T29] audit: type=1326 audit(129.708:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5419 comm="syz.1.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   76.060260][ T5422] netlink: 36 bytes leftover after parsing attributes in process `syz.1.570'.
[   76.091202][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.117959][ T5426] loop3: detected capacity change from 0 to 128
[   76.143583][ T5430] loop1: detected capacity change from 0 to 2048
[   76.155237][ T5428] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   76.155704][ T5424] capability: warning: `syz.2.571' uses deprecated v2 capabilities in a way that may be insecure
[   76.182781][ T5424] SELinux:  policydb magic number 0x75636573 does not match expected magic number 0xf97cff8c
[   76.195352][ T5424] SELinux: failed to load policy
[   76.203470][ T5437] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   76.211935][ T5437] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   76.213837][ T5430] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.356134][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.457624][ T5105] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[   76.495764][ T5456] FAULT_INJECTION: forcing a failure.
[   76.495764][ T5456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   76.508955][ T5456] CPU: 0 UID: 0 PID: 5456 Comm: syz.3.583 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.508990][ T5456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   76.509040][ T5456] Call Trace:
[   76.509047][ T5456]  <TASK>
[   76.509057][ T5456]  __dump_stack+0x1d/0x30
[   76.509083][ T5456]  dump_stack_lvl+0xe8/0x140
[   76.509103][ T5456]  dump_stack+0x15/0x1b
[   76.509145][ T5456]  should_fail_ex+0x265/0x280
[   76.509249][ T5456]  should_fail+0xb/0x20
[   76.509272][ T5456]  should_fail_usercopy+0x1a/0x20
[   76.509300][ T5456]  _copy_to_user+0x20/0xa0
[   76.509342][ T5456]  simple_read_from_buffer+0xb5/0x130
[   76.509468][ T5456]  proc_fail_nth_read+0x10e/0x150
[   76.509503][ T5456]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   76.509537][ T5456]  vfs_read+0x1a8/0x770
[   76.509561][ T5456]  ? __rcu_read_unlock+0x4f/0x70
[   76.509622][ T5456]  ? __fget_files+0x184/0x1c0
[   76.509648][ T5456]  ? user_path_at+0x109/0x130
[   76.509693][ T5456]  ksys_read+0xda/0x1a0
[   76.509759][ T5456]  __x64_sys_read+0x40/0x50
[   76.509787][ T5456]  x64_sys_call+0x27bc/0x2ff0
[   76.509817][ T5456]  do_syscall_64+0xd2/0x200
[   76.509850][ T5456]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   76.509878][ T5456]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   76.509911][ T5456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.509933][ T5456] RIP: 0033:0x7fd71d24d8dc
[   76.509948][ T5456] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   76.509964][ T5456] RSP: 002b:00007fd71bcb7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   76.510015][ T5456] RAX: ffffffffffffffda RBX: 00007fd71d4a5fa0 RCX: 00007fd71d24d8dc
[   76.510027][ T5456] RDX: 000000000000000f RSI: 00007fd71bcb70a0 RDI: 0000000000000005
[   76.510115][ T5456] RBP: 00007fd71bcb7090 R08: 0000000000000000 R09: 0000000000000000
[   76.510135][ T5456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.510149][ T5456] R13: 00007fd71d4a6038 R14: 00007fd71d4a5fa0 R15: 00007ffed7a9b1f8
[   76.510172][ T5456]  </TASK>
[   76.544953][ T5451] SELinux: failed to load policy
[   76.742597][ T5459] __nla_validate_parse: 2 callbacks suppressed
[   76.742611][ T5459] netlink: 36 bytes leftover after parsing attributes in process `syz.3.584'.
[   76.790331][ T5464] FAULT_INJECTION: forcing a failure.
[   76.790331][ T5464] name failslab, interval 1, probability 0, space 0, times 0
[   76.803082][ T5464] CPU: 1 UID: 0 PID: 5464 Comm: syz.4.586 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.803116][ T5464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   76.803132][ T5464] Call Trace:
[   76.803139][ T5464]  <TASK>
[   76.803148][ T5464]  __dump_stack+0x1d/0x30
[   76.803174][ T5464]  dump_stack_lvl+0xe8/0x140
[   76.803247][ T5464]  dump_stack+0x15/0x1b
[   76.803269][ T5464]  should_fail_ex+0x265/0x280
[   76.803296][ T5464]  should_failslab+0x8c/0xb0
[   76.803328][ T5464]  kmem_cache_alloc_node_noprof+0x57/0x320
[   76.803366][ T5464]  ? __alloc_skb+0x101/0x320
[   76.803460][ T5464]  __alloc_skb+0x101/0x320
[   76.803497][ T5464]  netlink_alloc_large_skb+0xba/0xf0
[   76.803607][ T5464]  netlink_sendmsg+0x3cf/0x6b0
[   76.803705][ T5464]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.803824][ T5464]  __sock_sendmsg+0x145/0x180
[   76.803898][ T5464]  ____sys_sendmsg+0x31e/0x4e0
[   76.804013][ T5464]  ___sys_sendmsg+0x17b/0x1d0
[   76.804137][ T5464]  __x64_sys_sendmsg+0xd4/0x160
[   76.804172][ T5464]  x64_sys_call+0x191e/0x2ff0
[   76.804276][ T5464]  do_syscall_64+0xd2/0x200
[   76.804314][ T5464]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   76.804343][ T5464]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   76.804381][ T5464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.804443][ T5464] RIP: 0033:0x7f7f007feec9
[   76.804462][ T5464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.804485][ T5464] RSP: 002b:00007f7eff267038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.804510][ T5464] RAX: ffffffffffffffda RBX: 00007f7f00a55fa0 RCX: 00007f7f007feec9
[   76.804526][ T5464] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[   76.804541][ T5464] RBP: 00007f7eff267090 R08: 0000000000000000 R09: 0000000000000000
[   76.804557][ T5464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.804642][ T5464] R13: 00007f7f00a56038 R14: 00007f7f00a55fa0 R15: 00007ffc02b251e8
[   76.804666][ T5464]  </TASK>
[   77.012457][ T5444] loop2: detected capacity change from 0 to 512
[   77.030958][ T5468] IPv6: NLM_F_CREATE should be specified when creating new route
[   77.049519][ T5471] netlink: 68 bytes leftover after parsing attributes in process `syz.4.589'.
[   77.066584][ T5444] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   77.120608][ T5444] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   77.141886][ T5444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #11: comm syz.2.578: corrupted inode contents
[   77.155959][ T5444] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #11: comm syz.2.578: mark_inode_dirty error
[   77.179527][ T5444] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.578: invalid indirect mapped block 1 (level 1)
[   77.210813][ T5444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #11: comm syz.2.578: corrupted inode contents
[   77.253489][ T5444] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[   77.264048][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.275176][ T5444] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #11: comm syz.2.578: corrupted inode contents
[   77.299591][ T5444] EXT4-fs error (device loop2): ext4_truncate:4666: inode #11: comm syz.2.578: mark_inode_dirty error
[   77.312901][ T5444] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[   77.325228][ T5444] EXT4-fs (loop2): 1 truncate cleaned up
[   77.342675][ T5444] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.493190][ T3299] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.542001][ T5501] loop2: detected capacity change from 0 to 128
[   77.980940][ T5536] loop1: detected capacity change from 0 to 512
[   78.002358][ T5536] EXT4-fs: Ignoring removed bh option
[   78.028434][ T5536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.109897][ T5544] nfs: Unknown parameter ''
[   78.132345][ T5544] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=5544 comm=syz.1.612
[   78.213401][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.376829][ T5572] loop4: detected capacity change from 0 to 764
[   78.390693][ T5572] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   78.407533][ T5576] validate_nla: 7 callbacks suppressed
[   78.407548][ T5576] netlink: 'syz.3.624': attribute type 13 has an invalid length.
[   78.422408][ T5572] macvtap0: refused to change device tx_queue_len
[   78.568883][ T5576] hsr0: left promiscuous mode
[   78.662037][ T3441] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   78.675915][ T3441] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   78.684855][ T3441] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   78.700942][ T3441] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   78.719761][ T5597] all: renamed from lo (while UP)
[   78.744350][ T5599] all: renamed from lo (while UP)
[   78.800334][ T5603] netlink: 68 bytes leftover after parsing attributes in process `syz.2.630'.
[   78.840907][ T5607] FAULT_INJECTION: forcing a failure.
[   78.840907][ T5607] name failslab, interval 1, probability 0, space 0, times 0
[   78.853682][ T5607] CPU: 1 UID: 0 PID: 5607 Comm: syz.2.632 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.853767][ T5607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   78.853780][ T5607] Call Trace:
[   78.853785][ T5607]  <TASK>
[   78.853792][ T5607]  __dump_stack+0x1d/0x30
[   78.853813][ T5607]  dump_stack_lvl+0xe8/0x140
[   78.853831][ T5607]  dump_stack+0x15/0x1b
[   78.853852][ T5607]  should_fail_ex+0x265/0x280
[   78.853882][ T5607]  should_failslab+0x8c/0xb0
[   78.853947][ T5607]  kmem_cache_alloc_noprof+0x50/0x310
[   78.854025][ T5607]  ? alloc_empty_file+0x76/0x200
[   78.854059][ T5607]  alloc_empty_file+0x76/0x200
[   78.854098][ T5607]  path_openat+0x68/0x2170
[   78.854122][ T5607]  ? path_openat+0x1bf8/0x2170
[   78.854189][ T5607]  ? _parse_integer_limit+0x170/0x190
[   78.854218][ T5607]  ? _parse_integer+0x27/0x40
[   78.854244][ T5607]  ? kstrtoull+0x111/0x140
[   78.854336][ T5607]  do_filp_open+0x109/0x230
[   78.854370][ T5607]  file_open_name+0xfa/0x120
[   78.854521][ T5607]  __se_sys_acct+0xf0/0x490
[   78.854552][ T5607]  __x64_sys_acct+0x1f/0x30
[   78.854578][ T5607]  x64_sys_call+0x2f2b/0x2ff0
[   78.854626][ T5607]  do_syscall_64+0xd2/0x200
[   78.854655][ T5607]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   78.854679][ T5607]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   78.854760][ T5607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.854784][ T5607] RIP: 0033:0x7f708a85eec9
[   78.854799][ T5607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.854837][ T5607] RSP: 002b:00007f70892bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[   78.854860][ T5607] RAX: ffffffffffffffda RBX: 00007f708aab5fa0 RCX: 00007f708a85eec9
[   78.854908][ T5607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[   78.854924][ T5607] RBP: 00007f70892bf090 R08: 0000000000000000 R09: 0000000000000000
[   78.854939][ T5607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.854954][ T5607] R13: 00007f708aab6038 R14: 00007f708aab5fa0 R15: 00007ffcf1696878
[   78.854977][ T5607]  </TASK>
[   79.234697][ T5614] FAULT_INJECTION: forcing a failure.
[   79.234697][ T5614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   79.247840][ T5614] CPU: 0 UID: 0 PID: 5614 Comm: syz.2.634 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   79.247915][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   79.247930][ T5614] Call Trace:
[   79.247938][ T5614]  <TASK>
[   79.247946][ T5614]  __dump_stack+0x1d/0x30
[   79.247970][ T5614]  dump_stack_lvl+0xe8/0x140
[   79.248060][ T5614]  dump_stack+0x15/0x1b
[   79.248079][ T5614]  should_fail_ex+0x265/0x280
[   79.248108][ T5614]  should_fail+0xb/0x20
[   79.248133][ T5614]  should_fail_usercopy+0x1a/0x20
[   79.248218][ T5614]  _copy_from_user+0x1c/0xb0
[   79.248293][ T5614]  sel_write_load+0x192/0x380
[   79.248325][ T5614]  ? __pfx_sel_write_load+0x10/0x10
[   79.248355][ T5614]  vfs_write+0x269/0x960
[   79.248382][ T5614]  ? __rcu_read_unlock+0x4f/0x70
[   79.248555][ T5614]  ? __fget_files+0x184/0x1c0
[   79.248589][ T5614]  ksys_write+0xda/0x1a0
[   79.248617][ T5614]  __x64_sys_write+0x40/0x50
[   79.248707][ T5614]  x64_sys_call+0x27fe/0x2ff0
[   79.248733][ T5614]  do_syscall_64+0xd2/0x200
[   79.248769][ T5614]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   79.248851][ T5614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.248878][ T5614] RIP: 0033:0x7f708a85eec9
[   79.248955][ T5614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.248977][ T5614] RSP: 002b:00007f70892bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   79.249000][ T5614] RAX: ffffffffffffffda RBX: 00007f708aab5fa0 RCX: 00007f708a85eec9
[   79.249016][ T5614] RDX: 0000000000000065 RSI: 0000200000000280 RDI: 0000000000000003
[   79.249031][ T5614] RBP: 00007f70892bf090 R08: 0000000000000000 R09: 0000000000000000
[   79.249071][ T5614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   79.249086][ T5614] R13: 00007f708aab6038 R14: 00007f708aab5fa0 R15: 00007ffcf1696878
[   79.249110][ T5614]  </TASK>
[   79.493893][ T5622] netlink: 'syz.4.637': attribute type 3 has an invalid length.
[   79.502060][ T5622] netlink: 'syz.4.637': attribute type 3 has an invalid length.
[   79.516948][ T5624] all: renamed from lo (while UP)
[   79.831934][ T5674] batadv_slave_1: entered promiscuous mode
[   79.842881][ T5674] loop4: detected capacity change from 0 to 164
[   79.859431][ T5673] batadv_slave_1: left promiscuous mode
[   79.878670][ T5678] SELinux:  policydb version -2 does not match my version range 15-35
[   79.888780][ T5678] SELinux: failed to load policy
[   79.959969][   T29] kauditd_printk_skb: 514 callbacks suppressed
[   79.959988][   T29] audit: type=1326 audit(129.968:3696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   79.992120][   T29] audit: type=1326 audit(129.998:3697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.014929][   T29] audit: type=1326 audit(129.998:3698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.037699][   T29] audit: type=1326 audit(129.998:3699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.060461][   T29] audit: type=1326 audit(129.998:3700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.083248][   T29] audit: type=1326 audit(129.998:3701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.106159][   T29] audit: type=1326 audit(129.998:3702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.129042][   T29] audit: type=1326 audit(129.998:3703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.152070][   T29] audit: type=1326 audit(129.998:3704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.174825][   T29] audit: type=1326 audit(129.998:3705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5683 comm="syz.1.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   80.410665][ T5694] loop1: detected capacity change from 0 to 512
[   80.437143][ T5694] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   80.509621][ T5698] FAULT_INJECTION: forcing a failure.
[   80.509621][ T5698] name failslab, interval 1, probability 0, space 0, times 0
[   80.522333][ T5698] CPU: 0 UID: 0 PID: 5698 Comm: syz.4.657 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   80.522438][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   80.522451][ T5698] Call Trace:
[   80.522459][ T5698]  <TASK>
[   80.522468][ T5698]  __dump_stack+0x1d/0x30
[   80.522562][ T5698]  dump_stack_lvl+0xe8/0x140
[   80.522590][ T5698]  dump_stack+0x15/0x1b
[   80.522627][ T5698]  should_fail_ex+0x265/0x280
[   80.522650][ T5698]  ? sctp_add_bind_addr+0x71/0x1e0
[   80.522809][ T5698]  should_failslab+0x8c/0xb0
[   80.522840][ T5698]  __kmalloc_cache_noprof+0x4c/0x320
[   80.522880][ T5698]  sctp_add_bind_addr+0x71/0x1e0
[   80.522921][ T5698]  sctp_do_bind+0x427/0x4b0
[   80.522967][ T5698]  sctp_connect_new_asoc+0x153/0x3a0
[   80.522995][ T5698]  sctp_sendmsg+0xf10/0x18d0
[   80.523031][ T5698]  ? selinux_socket_sendmsg+0x171/0x1b0
[   80.523065][ T5698]  ? __pfx_sctp_sendmsg+0x10/0x10
[   80.523163][ T5698]  inet_sendmsg+0xc2/0xd0
[   80.523260][ T5698]  __sock_sendmsg+0x102/0x180
[   80.523294][ T5698]  ____sys_sendmsg+0x345/0x4e0
[   80.523327][ T5698]  ___sys_sendmsg+0x17b/0x1d0
[   80.523432][ T5698]  __sys_sendmmsg+0x178/0x300
[   80.523473][ T5698]  __x64_sys_sendmmsg+0x57/0x70
[   80.523522][ T5698]  x64_sys_call+0x1c4a/0x2ff0
[   80.523543][ T5698]  do_syscall_64+0xd2/0x200
[   80.523572][ T5698]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   80.523600][ T5698]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   80.523682][ T5698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.523708][ T5698] RIP: 0033:0x7f7f007feec9
[   80.523722][ T5698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.523759][ T5698] RSP: 002b:00007f7eff267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   80.523783][ T5698] RAX: ffffffffffffffda RBX: 00007f7f00a55fa0 RCX: 00007f7f007feec9
[   80.523800][ T5698] RDX: 0000000000000002 RSI: 0000200000000540 RDI: 0000000000000003
[   80.523816][ T5698] RBP: 00007f7eff267090 R08: 0000000000000000 R09: 0000000000000000
[   80.523832][ T5698] R10: 00000000000c88c4 R11: 0000000000000246 R12: 0000000000000001
[   80.523847][ T5698] R13: 00007f7f00a56038 R14: 00007f7f00a55fa0 R15: 00007ffc02b251e8
[   80.523929][ T5698]  </TASK>
[   81.144860][ T5706] loop4: detected capacity change from 0 to 764
[   81.227114][ T5694] EXT4-fs (loop1): 1 truncate cleaned up
[   81.233553][ T5694] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.259229][ T5706] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   81.433987][ T5706] macvtap0: refused to change device tx_queue_len
[   81.448165][ T5712] macvtap0: refused to change device tx_queue_len
[   81.455027][ T5714] loop0: detected capacity change from 0 to 764
[   81.474209][ T5714] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   81.503927][ T5714] macvtap0: refused to change device tx_queue_len
[   81.571125][ T5717] netlink: 'syz.3.665': attribute type 3 has an invalid length.
[   81.589085][ T5717] netlink: 'syz.3.665': attribute type 3 has an invalid length.
[   81.870970][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.925587][ T5728] loop1: detected capacity change from 0 to 764
[   81.973739][ T5728] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   81.994638][ T5728] macvtap0: refused to change device tx_queue_len
[   82.198056][ T5745] loop4: detected capacity change from 0 to 764
[   82.210874][ T5745] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   82.222139][ T5745] macvtap0: refused to change device tx_queue_len
[   82.320794][ T5749] netlink: 'syz.3.676': attribute type 3 has an invalid length.
[   82.339114][ T5749] netlink: 'syz.3.676': attribute type 3 has an invalid length.
[   82.474818][ T5697] loop2: detected capacity change from 0 to 512
[   82.535418][ T5763] loop2: detected capacity change from 0 to 764
[   82.554293][ T5766] netlink: 'syz.3.681': attribute type 3 has an invalid length.
[   82.563077][ T5763] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   82.563449][ T5766] netlink: 'syz.3.681': attribute type 3 has an invalid length.
[   82.580730][ T5763] macvtap0: refused to change device tx_queue_len
[   82.796575][ T5788] usb usb8: usbfs: process 5788 (syz.1.683) did not claim interface 0 before use
[   82.986217][ T5799] netlink: 'syz.3.686': attribute type 3 has an invalid length.
[   83.259708][ T5824] program syz.4.690 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   83.417548][ T5834] loop4: detected capacity change from 0 to 764
[   83.425703][ T5834] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   83.451136][ T5834] macvtap0: refused to change device tx_queue_len
[   83.710023][ T5851] validate_nla: 3 callbacks suppressed
[   83.710054][ T5851] netlink: 'syz.0.701': attribute type 3 has an invalid length.
[   83.723293][ T5851] netlink: 'syz.0.701': attribute type 3 has an invalid length.
[   83.931401][ T5867] SELinux: failed to load policy
[   84.003693][ T5884] geneve0: entered allmulticast mode
[   84.062843][ T5886] loop1: detected capacity change from 0 to 764
[   84.070088][ T5886] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   84.080048][ T5886] macvtap0: refused to change device tx_queue_len
[   84.243073][ T5842] syz.4.695 (5842) used greatest stack depth: 9872 bytes left
[   84.369929][ T5897] netlink: 68 bytes leftover after parsing attributes in process `syz.4.713'.
[   84.403134][ T5899] netlink: 'syz.4.714': attribute type 3 has an invalid length.
[   84.411182][ T5899] netlink: 'syz.4.714': attribute type 3 has an invalid length.
[   84.692161][ T5911] netlink: 'syz.2.715': attribute type 3 has an invalid length.
[   84.716082][ T5911] netlink: 'syz.2.715': attribute type 3 has an invalid length.
[   85.011846][ T5921] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   85.019135][ T5921] IPv6: NLM_F_CREATE should be set when creating new route
[   85.026405][ T5921] IPv6: NLM_F_CREATE should be set when creating new route
[   85.063134][   T29] kauditd_printk_skb: 217 callbacks suppressed
[   85.063152][   T29] audit: type=1326 audit(129.508:3923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5923 comm="syz.1.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   85.092475][ T5924] FAULT_INJECTION: forcing a failure.
[   85.092475][ T5924] name failslab, interval 1, probability 0, space 0, times 0
[   85.102646][   T29] audit: type=1326 audit(129.538:3924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5923 comm="syz.1.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fad0940d710 code=0x7ffc0000
[   85.105356][ T5924] CPU: 0 UID: 0 PID: 5924 Comm: syz.1.718 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.105394][ T5924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   85.105411][ T5924] Call Trace:
[   85.105420][ T5924]  <TASK>
[   85.105439][ T5924]  __dump_stack+0x1d/0x30
[   85.105467][ T5924]  dump_stack_lvl+0xe8/0x140
[   85.105494][ T5924]  dump_stack+0x15/0x1b
[   85.105518][ T5924]  should_fail_ex+0x265/0x280
[   85.105550][ T5924]  ? audit_log_d_path+0x8d/0x150
[   85.105640][ T5924]  should_failslab+0x8c/0xb0
[   85.105744][ T5924]  __kmalloc_cache_noprof+0x4c/0x320
[   85.105788][ T5924]  audit_log_d_path+0x8d/0x150
[   85.105851][ T5924]  audit_log_d_path_exe+0x42/0x70
[   85.105893][ T5924]  audit_log_task+0x1e9/0x250
[   85.105936][ T5924]  audit_seccomp+0x61/0x100
[   85.106094][ T5924]  ? __seccomp_filter+0x68c/0x10d0
[   85.106125][ T5924]  __seccomp_filter+0x69d/0x10d0
[   85.106209][ T5924]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   85.106247][ T5924]  ? vfs_write+0x7e8/0x960
[   85.106277][ T5924]  ? __rcu_read_unlock+0x4f/0x70
[   85.106317][ T5924]  ? __fget_files+0x184/0x1c0
[   85.106356][ T5924]  __secure_computing+0x82/0x150
[   85.106387][ T5924]  syscall_trace_enter+0xcf/0x1e0
[   85.106420][ T5924]  do_syscall_64+0xac/0x200
[   85.106525][ T5924]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   85.106564][ T5924]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   85.106603][ T5924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.106632][ T5924] RIP: 0033:0x7fad0940eec9
[   85.106652][ T5924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.106736][ T5924] RSP: 002b:00007fad07e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   85.106829][ T5924] RAX: ffffffffffffffda RBX: 00007fad09665fa0 RCX: 00007fad0940eec9
[   85.106886][ T5924] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffffffffff
[   85.106904][ T5924] RBP: 00007fad07e77090 R08: 0000000000000000 R09: 0000000000000000
[   85.106921][ T5924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.106982][ T5924] R13: 00007fad09666038 R14: 00007fad09665fa0 R15: 00007ffe7e678f78
[   85.107009][ T5924]  </TASK>
[   85.179624][ T5932] loop2: detected capacity change from 0 to 512
[   85.181936][   T29] audit: type=1326 audit(129.538:3925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5923 comm="syz.1.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fad0940d97f code=0x7ffc0000
[   85.190268][ T5932] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   85.197296][   T29] audit: type=1326 audit(129.538:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5923 comm="syz.1.718" exe="<no_memory>" sig=0 arch=c000003e syscall=313 compat=0 ip=0x7fad0940eec9 code=0x7ffc0000
[   85.201732][ T5932] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002]
[   85.206239][   T29] audit: type=1326 audit(129.598:3927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5926 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   85.241483][ T5932] EXT4-fs (loop2): orphan cleanup on readonly fs
[   85.246438][   T29] audit: type=1326 audit(129.598:3928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5926 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   85.293954][ T5932] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #13: comm syz.2.720: iget: bad i_size value: 12154761577498
[   85.301286][   T29] audit: type=1326 audit(129.598:3929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5926 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   85.309565][ T5932] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.720: couldn't read orphan inode 13 (err -117)
[   85.317532][   T29] audit: type=1326 audit(129.598:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5926 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   85.329456][ T5934] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64
[   85.333556][   T29] audit: type=1326 audit(129.598:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5926 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   85.382538][ T5932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   85.575883][ T5940] netlink: 68 bytes leftover after parsing attributes in process `syz.3.724'.
[   85.636819][ T3299] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.688652][ T5953] netlink: 'syz.2.728': attribute type 2 has an invalid length.
[   85.708951][ T5943] SELinux: failed to load policy
[   85.805184][ T5971] netlink: 68 bytes leftover after parsing attributes in process `syz.0.735'.
[   85.892920][ T5977] loop0: detected capacity change from 0 to 1024
[   85.900043][ T5977] EXT4-fs: Ignoring removed nomblk_io_submit option
[   85.909971][ T5985] FAULT_INJECTION: forcing a failure.
[   85.909971][ T5985] name failslab, interval 1, probability 0, space 0, times 0
[   85.922651][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: syz.1.740 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.922791][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   85.922803][ T5985] Call Trace:
[   85.922809][ T5985]  <TASK>
[   85.922816][ T5985]  __dump_stack+0x1d/0x30
[   85.922910][ T5985]  dump_stack_lvl+0xe8/0x140
[   85.922935][ T5985]  dump_stack+0x15/0x1b
[   85.923010][ T5985]  should_fail_ex+0x265/0x280
[   85.923056][ T5985]  ? audit_log_d_path+0x8d/0x150
[   85.923132][ T5985]  should_failslab+0x8c/0xb0
[   85.923157][ T5985]  __kmalloc_cache_noprof+0x4c/0x320
[   85.923250][ T5985]  audit_log_d_path+0x8d/0x150
[   85.923291][ T5985]  audit_log_d_path_exe+0x42/0x70
[   85.923330][ T5985]  audit_log_task+0x1e9/0x250
[   85.923359][ T5985]  audit_seccomp+0x61/0x100
[   85.923406][ T5985]  ? __seccomp_filter+0x68c/0x10d0
[   85.923431][ T5985]  __seccomp_filter+0x69d/0x10d0
[   85.923452][ T5985]  ? __list_add_valid_or_report+0x38/0xe0
[   85.923545][ T5985]  ? _raw_spin_unlock+0x26/0x50
[   85.923631][ T5985]  __secure_computing+0x82/0x150
[   85.923654][ T5985]  syscall_trace_enter+0xcf/0x1e0
[   85.923678][ T5985]  do_syscall_64+0xac/0x200
[   85.923706][ T5985]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   85.923751][ T5985]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   85.923778][ T5985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.923799][ T5985] RIP: 0033:0x7fad0940d8dc
[   85.923818][ T5985] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   85.923841][ T5985] RSP: 002b:00007fad07e77030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.923891][ T5985] RAX: ffffffffffffffda RBX: 00007fad09665fa0 RCX: 00007fad0940d8dc
[   85.923907][ T5985] RDX: 000000000000000f RSI: 00007fad07e770a0 RDI: 0000000000000005
[   85.923987][ T5985] RBP: 00007fad07e77090 R08: 0000000000000000 R09: 0000000000000000
[   85.924024][ T5985] R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000002
[   85.924036][ T5985] R13: 00007fad09666038 R14: 00007fad09665fa0 R15: 00007ffe7e678f78
[   85.924055][ T5985]  </TASK>
[   86.147239][ T5977] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002]
[   86.155715][ T5977] System zones: 0-1, 3-12
[   86.176366][ T5977] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.231577][ T5977] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.737: bg 0: block 88: padding at end of block bitmap is not set
[   86.262450][ T6000] geneve0: entered allmulticast mode
[   86.270885][ T6002] netlink: 12 bytes leftover after parsing attributes in process `syz.1.747'.
[   86.280899][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.304997][ T6002] netlink: 68 bytes leftover after parsing attributes in process `syz.1.747'.
[   86.437395][ T6018] loop2: detected capacity change from 0 to 256
[   86.597493][ T6032] FAULT_INJECTION: forcing a failure.
[   86.597493][ T6032] name failslab, interval 1, probability 0, space 0, times 0
[   86.610203][ T6032] CPU: 0 UID: 0 PID: 6032 Comm: syz.0.760 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   86.610230][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   86.610242][ T6032] Call Trace:
[   86.610248][ T6032]  <TASK>
[   86.610254][ T6032]  __dump_stack+0x1d/0x30
[   86.610277][ T6032]  dump_stack_lvl+0xe8/0x140
[   86.610300][ T6032]  dump_stack+0x15/0x1b
[   86.610353][ T6032]  should_fail_ex+0x265/0x280
[   86.610383][ T6032]  should_failslab+0x8c/0xb0
[   86.610462][ T6032]  __kvmalloc_node_noprof+0x123/0x4e0
[   86.610561][ T6032]  ? seq_read_iter+0x13e/0x940
[   86.610603][ T6032]  seq_read_iter+0x13e/0x940
[   86.610648][ T6032]  proc_reg_read_iter+0x10d/0x180
[   86.610713][ T6032]  copy_splice_read+0x442/0x660
[   86.610782][ T6032]  ? __pfx_copy_splice_read+0x10/0x10
[   86.610813][ T6032]  splice_direct_to_actor+0x26f/0x680
[   86.610834][ T6032]  ? __pfx_direct_splice_actor+0x10/0x10
[   86.610865][ T6032]  do_splice_direct+0xda/0x150
[   86.610943][ T6032]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   86.610989][ T6032]  do_sendfile+0x380/0x650
[   86.611029][ T6032]  __x64_sys_sendfile64+0x105/0x150
[   86.611069][ T6032]  x64_sys_call+0x2bb0/0x2ff0
[   86.611096][ T6032]  do_syscall_64+0xd2/0x200
[   86.611308][ T6032]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   86.611339][ T6032]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   86.611375][ T6032]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.611428][ T6032] RIP: 0033:0x7fbc3de6eec9
[   86.611447][ T6032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.611471][ T6032] RSP: 002b:00007fbc3c8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   86.611495][ T6032] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6eec9
[   86.611511][ T6032] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[   86.611526][ T6032] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   86.611541][ T6032] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[   86.611581][ T6032] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   86.611675][ T6032]  </TASK>
[   86.851286][ T6034] netlink: 12 bytes leftover after parsing attributes in process `syz.2.761'.
[   86.861158][ T6034] netlink: 68 bytes leftover after parsing attributes in process `syz.2.761'.
[   86.890178][ T6039] loop0: detected capacity change from 0 to 512
[   86.925096][ T6039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.952487][ T6039] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #4: comm syz.0.763: corrupted inode contents
[   86.964887][ T6039] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #4: comm syz.0.763: mark_inode_dirty error
[   86.995098][ T6039] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #4: comm syz.0.763: corrupted inode contents
[   87.013625][ T6039] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #4: comm syz.0.763: mark_inode_dirty error
[   87.026620][ T6039] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.763: Failed to acquire dquot type 1
[   87.027886][ T6048] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #4: comm syz.0.763: corrupted inode contents
[   87.074661][ T6048] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #4: comm syz.0.763: mark_inode_dirty error
[   87.087670][ T6048] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #4: comm syz.0.763: corrupted inode contents
[   87.100023][ T6048] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #4: comm syz.0.763: mark_inode_dirty error
[   87.112786][ T6048] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.763: Failed to acquire dquot type 1
[   87.256867][ T6039] syz.0.763 (6039) used greatest stack depth: 9552 bytes left
[   87.332231][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.365384][ T6068] netlink: 'syz.3.772': attribute type 3 has an invalid length.
[   87.430033][ T6071] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6071 comm=syz.3.773
[   87.494420][ T6080] netlink: 12 bytes leftover after parsing attributes in process `syz.3.775'.
[   87.505607][ T6080] netlink: 68 bytes leftover after parsing attributes in process `syz.3.775'.
[   87.535168][ T6082] loop0: detected capacity change from 0 to 512
[   87.543120][ T6082] EXT4-fs: Ignoring removed nomblk_io_submit option
[   87.559836][ T6082] EXT4-fs: Ignoring removed i_version option
[   87.570960][ T6082] EXT4-fs (loop0): 1 orphan inode deleted
[   87.580283][ T6082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.654854][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.802039][ T6091] vhci_hcd: invalid port number 96
[   87.807298][ T6091] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   87.886425][ T6103] loop2: detected capacity change from 0 to 764
[   87.906231][ T6103] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   87.934792][ T6103] macvtap0: refused to change device tx_queue_len
[   87.967308][ T6106] syz.0.785 (6106) used greatest stack depth: 8448 bytes left
[   88.020868][ T6111] netlink: 'syz.0.787': attribute type 1 has an invalid length.
[   88.086604][ T6116] netlink: 68 bytes leftover after parsing attributes in process `syz.3.788'.
[   88.154940][ T6119] loop0: detected capacity change from 0 to 2048
[   88.176869][ T6121] netlink: 'syz.3.790': attribute type 3 has an invalid length.
[   88.206727][ T6119]  loop0: p1 < > p4
[   88.211278][ T6119] loop0: p4 size 8388608 extends beyond EOD, truncated
[   88.372699][ T6108] loop1: detected capacity change from 0 to 512
[   88.401849][ T6108] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   88.433984][ T6135] SELinux: failed to load policy
[   88.447456][ T6145] loop4: detected capacity change from 0 to 512
[   88.464494][ T6108] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   88.467137][ T6145] EXT4-fs (loop4): can't mount with both data=journal and delalloc
[   88.487726][ T6149] loop0: detected capacity change from 0 to 512
[   88.492433][ T6108] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #11: comm syz.1.786: corrupted inode contents
[   88.508216][ T6108] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #11: comm syz.1.786: mark_inode_dirty error
[   88.521199][ T6108] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.786: invalid indirect mapped block 1 (level 1)
[   88.539855][ T6108] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #11: comm syz.1.786: corrupted inode contents
[   88.553650][ T6108] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   88.584119][ T6108] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #11: comm syz.1.786: corrupted inode contents
[   88.600080][ T6108] EXT4-fs error (device loop1): ext4_truncate:4666: inode #11: comm syz.1.786: mark_inode_dirty error
[   88.613186][ T6108] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   88.634050][ T6108] EXT4-fs (loop1): 1 truncate cleaned up
[   88.661437][ T6108] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.755742][ T6169] validate_nla: 1 callbacks suppressed
[   88.755760][ T6169] netlink: 'syz.3.805': attribute type 3 has an invalid length.
[   88.769351][ T6169] netlink: 'syz.3.805': attribute type 3 has an invalid length.
[   88.791288][ T6171] FAULT_INJECTION: forcing a failure.
[   88.791288][ T6171] name failslab, interval 1, probability 0, space 0, times 0
[   88.804141][ T6171] CPU: 1 UID: 0 PID: 6171 Comm: syz.0.806 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   88.804193][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   88.804210][ T6171] Call Trace:
[   88.804218][ T6171]  <TASK>
[   88.804227][ T6171]  __dump_stack+0x1d/0x30
[   88.804251][ T6171]  dump_stack_lvl+0xe8/0x140
[   88.804275][ T6171]  dump_stack+0x15/0x1b
[   88.804296][ T6171]  should_fail_ex+0x265/0x280
[   88.804327][ T6171]  should_failslab+0x8c/0xb0
[   88.804365][ T6171]  __kmalloc_cache_node_noprof+0x54/0x320
[   88.804449][ T6171]  ? __get_vm_area_node+0x106/0x1d0
[   88.804487][ T6171]  __get_vm_area_node+0x106/0x1d0
[   88.804527][ T6171]  __vmalloc_node_range_noprof+0x273/0xe00
[   88.804635][ T6171]  ? kernel_read_file+0x2c3/0x500
[   88.804671][ T6171]  ? avc_has_perm_noaudit+0x1b1/0x200
[   88.804762][ T6171]  ? avc_has_perm+0xf7/0x180
[   88.804797][ T6171]  ? selinux_kernel_load_from_file+0x1f5/0x230
[   88.804901][ T6171]  ? kernel_read_file+0x2c3/0x500
[   88.804965][ T6171]  vmalloc_noprof+0x82/0xc0
[   88.805021][ T6171]  ? kernel_read_file+0x2c3/0x500
[   88.805055][ T6171]  kernel_read_file+0x2c3/0x500
[   88.805114][ T6171]  __se_sys_finit_module+0x2d3/0x460
[   88.805168][ T6171]  __x64_sys_finit_module+0x3e/0x50
[   88.805269][ T6171]  x64_sys_call+0x2a92/0x2ff0
[   88.805296][ T6171]  do_syscall_64+0xd2/0x200
[   88.805368][ T6171]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   88.805399][ T6171]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   88.805439][ T6171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.805489][ T6171] RIP: 0033:0x7fbc3de6eec9
[   88.805509][ T6171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.805533][ T6171] RSP: 002b:00007fbc3c8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   88.805559][ T6171] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6eec9
[   88.805575][ T6171] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000004
[   88.805591][ T6171] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   88.805683][ T6171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.805697][ T6171] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   88.805721][ T6171]  </TASK>
[   88.805731][ T6171] syz.0.806: vmalloc error: size 136, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0
[   89.045655][ T6171] CPU: 1 UID: 0 PID: 6171 Comm: syz.0.806 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   89.045688][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   89.045749][ T6171] Call Trace:
[   89.045757][ T6171]  <TASK>
[   89.045768][ T6171]  __dump_stack+0x1d/0x30
[   89.045799][ T6171]  dump_stack_lvl+0xe8/0x140
[   89.045837][ T6171]  dump_stack+0x15/0x1b
[   89.045862][ T6171]  warn_alloc+0x12b/0x1a0
[   89.045907][ T6171]  __vmalloc_node_range_noprof+0x297/0xe00
[   89.045989][ T6171]  ? avc_has_perm_noaudit+0x1b1/0x200
[   89.046016][ T6171]  ? avc_has_perm+0xf7/0x180
[   89.046045][ T6171]  ? selinux_kernel_load_from_file+0x1f5/0x230
[   89.046092][ T6171]  ? kernel_read_file+0x2c3/0x500
[   89.046126][ T6171]  vmalloc_noprof+0x82/0xc0
[   89.046164][ T6171]  ? kernel_read_file+0x2c3/0x500
[   89.046201][ T6171]  kernel_read_file+0x2c3/0x500
[   89.046310][ T6171]  __se_sys_finit_module+0x2d3/0x460
[   89.046364][ T6171]  __x64_sys_finit_module+0x3e/0x50
[   89.046398][ T6171]  x64_sys_call+0x2a92/0x2ff0
[   89.046433][ T6171]  do_syscall_64+0xd2/0x200
[   89.046468][ T6171]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   89.046495][ T6171]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   89.046568][ T6171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.046593][ T6171] RIP: 0033:0x7fbc3de6eec9
[   89.046611][ T6171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.046633][ T6171] RSP: 002b:00007fbc3c8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   89.046657][ T6171] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6eec9
[   89.046671][ T6171] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000004
[   89.046683][ T6171] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   89.046723][ T6171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   89.046739][ T6171] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   89.046761][ T6171]  </TASK>
[   89.053397][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.056491][ T6171] Mem-Info:
[   89.257771][ T6171] active_anon:4344 inactive_anon:5 isolated_anon:0
[   89.257771][ T6171]  active_file:20174 inactive_file:2264 isolated_file:0
[   89.257771][ T6171]  unevictable:0 dirty:623 writeback:0
[   89.257771][ T6171]  slab_reclaimable:3256 slab_unreclaimable:40874
[   89.257771][ T6171]  mapped:29499 shmem:364 pagetables:1300
[   89.257771][ T6171]  sec_pagetables:0 bounce:0
[   89.257771][ T6171]  kernel_misc_reclaimable:0
[   89.257771][ T6171]  free:1864293 free_pcp:9174 free_cma:0
[   89.302651][ T6171] Node 0 active_anon:17260kB inactive_anon:20kB active_file:84060kB inactive_file:9056kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117996kB dirty:2492kB writeback:0kB shmem:1456kB kernel_stack:3328kB pagetables:5316kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   89.330014][ T6171] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   89.358671][ T6171] lowmem_reserve[]: 0 2883 7862 7862
[   89.364058][ T6171] Node 0 DMA32 free:2949200kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952832kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB
[   89.394499][ T6171] lowmem_reserve[]: 0 0 4978 4978
[   89.399763][ T6171] Node 0 Normal free:4489820kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16796kB inactive_anon:20kB active_file:84060kB inactive_file:9056kB unevictable:0kB writepending:2492kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:32532kB local_pcp:28688kB free_cma:0kB
[   89.432148][ T6171] lowmem_reserve[]: 0 0 0 0
[   89.437046][ T6171] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   89.439333][ T6203] FAULT_INJECTION: forcing a failure.
[   89.439333][ T6203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   89.449884][ T6171] Node 0 DMA32: 2*4kB (M) 
[   89.462931][ T6203] CPU: 0 UID: 0 PID: 6203 Comm: syz.3.813 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   89.462964][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   89.462983][ T6203] Call Trace:
[   89.462992][ T6203]  <TASK>
[   89.463003][ T6203]  __dump_stack+0x1d/0x30
[   89.463033][ T6203]  dump_stack_lvl+0xe8/0x140
[   89.463109][ T6203]  dump_stack+0x15/0x1b
[   89.463131][ T6203]  should_fail_ex+0x265/0x280
[   89.463166][ T6203]  should_fail+0xb/0x20
[   89.463245][ T6203]  should_fail_usercopy+0x1a/0x20
[   89.463280][ T6203]  _copy_from_user+0x1c/0xb0
[   89.463327][ T6203]  ___sys_sendmsg+0xc1/0x1d0
[   89.463520][ T6203]  __x64_sys_sendmsg+0xd4/0x160
[   89.463567][ T6203]  x64_sys_call+0x191e/0x2ff0
[   89.463596][ T6203]  do_syscall_64+0xd2/0x200
[   89.463638][ T6203]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   89.463709][ T6203]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   89.463747][ T6203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.463777][ T6203] RIP: 0033:0x7fd71d24eec9
[   89.463798][ T6203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.463822][ T6203] RSP: 002b:00007fd71bcb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   89.463906][ T6203] RAX: ffffffffffffffda RBX: 00007fd71d4a5fa0 RCX: 00007fd71d24eec9
[   89.463924][ T6203] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000003
[   89.463941][ T6203] RBP: 00007fd71bcb7090 R08: 0000000000000000 R09: 0000000000000000
[   89.463958][ T6203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   89.463975][ T6203] R13: 00007fd71d4a6038 R14: 00007fd71d4a5fa0 R15: 00007ffed7a9b1f8
[   89.464001][ T6203]  </TASK>
[   89.637729][ T6171] 3*8kB (M) 3*16kB (M) 2*32kB (M) 3*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949200kB
[   89.651913][ T6171] Node 0 Normal: 4*4kB (UM) 3*8kB (UME) 2*16kB (U) 32*32kB (UME) 102*64kB (UME) 84*128kB (UME) 54*256kB (UME) 21*512kB (UME) 14*1024kB (UM) 8*2048kB (UME) 1078*4096kB (UM) = 4489160kB
[   89.670638][ T6171] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   89.680062][ T6171] 20685 total pagecache pages
[   89.684795][ T6171] 5 pages in swap cache
[   89.689013][ T6171] Free swap  = 124976kB
[   89.693196][ T6171] Total swap = 124996kB
[   89.697494][ T6171] 2097051 pages RAM
[   89.701328][ T6171] 0 pages HighMem/MovableOnly
[   89.706132][ T6171] 80443 pages reserved
[   89.725737][ T6208] __nla_validate_parse: 1 callbacks suppressed
[   89.725758][ T6208] netlink: 68 bytes leftover after parsing attributes in process `syz.3.815'.
[   89.746250][ T6210] macvtap0: refused to change device tx_queue_len
[   89.757246][ T6210] batman_adv: batadv0: Adding interface: dummy0
[   89.763652][ T6210] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.789479][ T6210] batman_adv: batadv0: Interface activated: dummy0
[   89.829901][ T6213] netlink: 176 bytes leftover after parsing attributes in process `syz.3.817'.
[   89.901251][ T6218] netlink: 'syz.3.819': attribute type 39 has an invalid length.
[   89.958221][ T6226] loop4: detected capacity change from 0 to 764
[   89.981058][ T6226] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   89.996242][ T6227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.819'.
[   90.009466][ T6226] macvtap0: refused to change device tx_queue_len
[   90.047013][ T6234] FAULT_INJECTION: forcing a failure.
[   90.047013][ T6234] name failslab, interval 1, probability 0, space 0, times 0
[   90.048745][ T6232] netlink: 'syz.1.823': attribute type 3 has an invalid length.
[   90.059814][ T6234] CPU: 1 UID: 0 PID: 6234 Comm: syz.0.824 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   90.059920][ T6234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   90.059939][ T6234] Call Trace:
[   90.059947][ T6234]  <TASK>
[   90.059957][ T6234]  __dump_stack+0x1d/0x30
[   90.059986][ T6234]  dump_stack_lvl+0xe8/0x140
[   90.060023][ T6234]  dump_stack+0x15/0x1b
[   90.060047][ T6234]  should_fail_ex+0x265/0x280
[   90.060081][ T6234]  should_failslab+0x8c/0xb0
[   90.060117][ T6234]  __kvmalloc_node_noprof+0x123/0x4e0
[   90.060240][ T6234]  ? proc_sys_call_handler+0x243/0x4a0
[   90.060346][ T6234]  proc_sys_call_handler+0x243/0x4a0
[   90.060432][ T6234]  ? __pfx_proc_sys_write+0x10/0x10
[   90.060473][ T6234]  proc_sys_write+0x22/0x30
[   90.060567][ T6234]  vfs_write+0x52a/0x960
[   90.060605][ T6234]  ksys_write+0xda/0x1a0
[   90.060639][ T6234]  __x64_sys_write+0x40/0x50
[   90.060669][ T6234]  x64_sys_call+0x27fe/0x2ff0
[   90.060745][ T6234]  do_syscall_64+0xd2/0x200
[   90.060785][ T6234]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   90.060870][ T6234]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   90.060908][ T6234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.060939][ T6234] RIP: 0033:0x7fbc3de6eec9
[   90.060960][ T6234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.061058][ T6234] RSP: 002b:00007fbc3c8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.061146][ T6234] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6eec9
[   90.061163][ T6234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   90.061200][ T6234] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   90.061263][ T6234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.061280][ T6234] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   90.061308][ T6234]  </TASK>
[   90.114201][   T29] kauditd_printk_skb: 407 callbacks suppressed
[   90.114221][   T29] audit: type=1326 audit(131.348:4331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.131046][ T6232] netlink: 'syz.1.823': attribute type 3 has an invalid length.
[   90.132566][   T29] audit: type=1326 audit(131.348:4332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.317705][   T29] audit: type=1326 audit(131.348:4333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.340538][   T29] audit: type=1326 audit(131.348:4334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.363221][   T29] audit: type=1326 audit(131.348:4335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.386038][   T29] audit: type=1326 audit(131.348:4336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.408750][   T29] audit: type=1326 audit(131.348:4337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.431581][   T29] audit: type=1326 audit(131.348:4338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbc3de6d97f code=0x7ffc0000
[   90.454177][   T29] audit: type=1326 audit(131.348:4339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.476928][   T29] audit: type=1326 audit(131.348:4340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6235 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbc3de6eec9 code=0x7ffc0000
[   90.508759][ T6264] netlink: 68 bytes leftover after parsing attributes in process `syz.1.828'.
[   90.588108][ T6266] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6266 comm=syz.0.830
[   90.648268][ T6280] netlink: 'syz.2.835': attribute type 3 has an invalid length.
[   90.657099][ T6280] netlink: 'syz.2.835': attribute type 3 has an invalid length.
[   91.636195][ T6320] FAULT_INJECTION: forcing a failure.
[   91.636195][ T6320] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   91.649353][ T6320] CPU: 0 UID: 0 PID: 6320 Comm: syz.0.844 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   91.649387][ T6320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   91.649403][ T6320] Call Trace:
[   91.649412][ T6320]  <TASK>
[   91.649421][ T6320]  __dump_stack+0x1d/0x30
[   91.649444][ T6320]  dump_stack_lvl+0xe8/0x140
[   91.649525][ T6320]  dump_stack+0x15/0x1b
[   91.649546][ T6320]  should_fail_ex+0x265/0x280
[   91.649575][ T6320]  should_fail+0xb/0x20
[   91.649597][ T6320]  should_fail_usercopy+0x1a/0x20
[   91.649657][ T6320]  _copy_from_user+0x1c/0xb0
[   91.649689][ T6320]  proc_submiturb+0x43/0xa0
[   91.649776][ T6320]  usbdev_ioctl+0xcc2/0x1710
[   91.649807][ T6320]  ? __pfx_usbdev_ioctl+0x10/0x10
[   91.649871][ T6320]  __se_sys_ioctl+0xcb/0x140
[   91.649896][ T6320]  __x64_sys_ioctl+0x43/0x50
[   91.649913][ T6320]  x64_sys_call+0x1816/0x2ff0
[   91.649934][ T6320]  do_syscall_64+0xd2/0x200
[   91.649962][ T6320]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   91.650034][ T6320]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   91.650061][ T6320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.650089][ T6320] RIP: 0033:0x7fbc3de6eec9
[   91.650107][ T6320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.650130][ T6320] RSP: 002b:00007fbc3c8cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.650238][ T6320] RAX: ffffffffffffffda RBX: 00007fbc3e0c5fa0 RCX: 00007fbc3de6eec9
[   91.650253][ T6320] RDX: 0000200000000140 RSI: 000000008038550a RDI: 0000000000000003
[   91.650274][ T6320] RBP: 00007fbc3c8cf090 R08: 0000000000000000 R09: 0000000000000000
[   91.650289][ T6320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.650305][ T6320] R13: 00007fbc3e0c6038 R14: 00007fbc3e0c5fa0 R15: 00007ffc67cb0218
[   91.650387][ T6320]  </TASK>
[   91.853372][ T6324] blktrace: Concurrent blktraces are not allowed on sg0
[   92.008118][   T37] bond0 (unregistering): Released all slaves
[   92.033627][   T37] bond1 (unregistering): Released all slaves
[   92.051207][   T37] bond2 (unregistering): Released all slaves
[   92.072707][   T37] bond3 (unregistering): Released all slaves
[   92.076532][ T6334] loop0: detected capacity change from 0 to 2048
[   92.156924][ T6334]  loop0: p1 < > p4
[   92.171469][ T6334] loop0: p4 size 8388608 extends beyond EOD, truncated
[   92.211931][   T37] hsr_slave_0: left promiscuous mode
[   92.228351][   T37] hsr_slave_1: left promiscuous mode
[   92.314455][ T6348] SELinux: failed to load policy
[   92.361374][ T6350] bridge_slave_0: left allmulticast mode
[   92.367101][ T6350] bridge_slave_0: left promiscuous mode
[   92.372836][ T6350] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.385422][ T6350] bridge_slave_1: left allmulticast mode
[   92.391197][ T6350] bridge_slave_1: left promiscuous mode
[   92.397058][ T6350] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.407350][ T6351] loop0: detected capacity change from 0 to 512
[   92.414018][ T6351] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   92.431447][ T6350] team0: Port device team_slave_0 removed
[   92.447853][ T6350] team0: Port device team_slave_1 removed
[   92.454789][ T6350] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.462250][ T6350] batman_adv: batadv0: Removing interface: batadv_slave_0
[   92.483310][ T6350] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.490836][ T6350] batman_adv: batadv0: Removing interface: batadv_slave_1
[   92.510313][ T6350] batman_adv: batadv0: Removing interface: netdevsim1
[   92.534888][ T6353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.647274][ T6353] loop1: detected capacity change from 0 to 8192
[   92.688513][ T6353]  loop1: p4 < >
[   92.720086][ T6321] chnl_net:caif_netlink_parms(): no params data found
[   92.723986][ T6365] loop4: detected capacity change from 0 to 512
[   92.818790][ T6321] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.825971][ T6321] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.834964][ T6321] bridge_slave_0: entered allmulticast mode
[   92.855366][ T6321] bridge_slave_0: entered promiscuous mode
[   92.872459][ T6321] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.879734][ T6321] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.888698][ T6321] bridge_slave_1: entered allmulticast mode
[   92.895332][ T6321] bridge_slave_1: entered promiscuous mode
[   92.915544][ T6321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.979887][ T6321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.020686][ T6321] team0: Port device team_slave_0 added
[   93.027233][ T6381] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6381 comm=syz.0.862
[   93.042216][ T6321] team0: Port device team_slave_1 added
[   93.066512][ T6321] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.073589][ T6321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.099567][ T6321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.109533][ T6372] loop4: detected capacity change from 0 to 512
[   93.117649][ T6321] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.117666][ T6321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.117700][ T6321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.143803][ T6384] blktrace: Concurrent blktraces are not allowed on sg0
[   93.170093][ T6372] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   93.191522][ T6372] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   93.192825][ T6321] hsr_slave_0: entered promiscuous mode
[   93.209224][ T6372] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.861: corrupted inode contents
[   93.212999][ T6321] hsr_slave_1: entered promiscuous mode
[   93.231782][ T6387] loop0: detected capacity change from 0 to 256
[   93.232811][ T6321] debugfs: 'hsr0' already exists in 'hsr'
[   93.239161][ T6372] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #11: comm syz.4.861: mark_inode_dirty error
[   93.243888][ T6321] Cannot create hsr debugfs directory
[   93.263981][ T6387] FAT-fs (loop0): Directory bread(block 64) failed
[   93.267474][ T6372] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.861: invalid indirect mapped block 1 (level 1)
[   93.271628][ T6387] FAT-fs (loop0): Directory bread(block 65) failed
[   93.286215][ T6372] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.861: corrupted inode contents
[   93.304326][ T6387] FAT-fs (loop0): Directory bread(block 66) failed
[   93.306151][ T6372] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[   93.310940][ T6387] FAT-fs (loop0): Directory bread(block 67) failed
[   93.310982][ T6387] FAT-fs (loop0): Directory bread(block 68) failed
[   93.311004][ T6387] FAT-fs (loop0): Directory bread(block 69) failed
[   93.311055][ T6387] FAT-fs (loop0): Directory bread(block 70) failed
[   93.311137][ T6387] FAT-fs (loop0): Directory bread(block 71) failed
[   93.311164][ T6387] FAT-fs (loop0): Directory bread(block 72) failed
[   93.325753][ T6372] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.861: corrupted inode contents
[   93.326662][ T6387] FAT-fs (loop0): Directory bread(block 73) failed
[   93.386153][ T6372] EXT4-fs error (device loop4): ext4_truncate:4666: inode #11: comm syz.4.861: mark_inode_dirty error
[   93.386974][ T6372] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[   93.387961][ T6372] EXT4-fs (loop4): 1 truncate cleaned up
[   93.392902][ T6372] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.550746][ T6321] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   93.572435][ T6321] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   93.595651][ T6402] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   93.597584][ T6321] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   93.634494][ T6321] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   93.701284][ T6321] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.713454][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.718736][ T6321] 8021q: adding VLAN 0 to HW filter on device team0
[   93.748194][ T1017] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.755343][ T1017] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.772189][ T1017] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.779351][ T1017] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.868104][ T6437] loop1: detected capacity change from 0 to 764
[   93.879938][ T6321] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.884429][ T6439] loop4: detected capacity change from 0 to 764
[   93.893747][ T6437] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   93.906769][ T6437] macvtap0: refused to change device tx_queue_len
[   93.914196][ T6439] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   93.926788][ T6439] macvtap0: refused to change device tx_queue_len
[   94.026437][ T6321] veth0_vlan: entered promiscuous mode
[   94.041660][ T6321] veth1_vlan: entered promiscuous mode
[   94.068562][ T6321] veth0_macvtap: entered promiscuous mode
[   94.084014][ T6321] veth1_macvtap: entered promiscuous mode
[   94.107354][ T6321] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.122937][ T6321] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.140724][ T1017] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.163125][   T31] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.172463][   T37] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.184086][   T37] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.493395][ T6472] loop5: detected capacity change from 0 to 512
[   94.544714][ T6472] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.632489][ T6484] loop0: detected capacity change from 0 to 2048
[   94.707138][ T6484] Alternate GPT is invalid, using primary GPT.
[   94.713438][ T6484]  loop0: p1 p2 p3
[   94.858859][ T6492] loop4: detected capacity change from 0 to 2048
[   94.896849][ T6492]  loop4: p1 < > p4
[   94.901335][ T6498] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6498 comm=syz.0.886
[   94.920079][ T6492] loop4: p4 size 8388608 extends beyond EOD, truncated
[   94.938372][ T6500] netlink: 'syz.1.890': attribute type 3 has an invalid length.
[   94.946381][ T6500] netlink: 'syz.1.890': attribute type 3 has an invalid length.
[   95.072723][ T6512] loop4: detected capacity change from 0 to 512
[   95.099887][ T6512] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.189407][   T29] kauditd_printk_skb: 267 callbacks suppressed
[   95.189424][   T29] audit: type=1326 audit(128.508:4608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7f007fd710 code=0x7ffc0000
[   95.218465][   T29] audit: type=1326 audit(128.508:4609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f7f007fdc17 code=0x7ffc0000
[   95.241386][   T29] audit: type=1326 audit(128.508:4610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7f007fd710 code=0x7ffc0000
[   95.264292][   T29] audit: type=1326 audit(128.508:4611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   95.287354][   T29] audit: type=1326 audit(128.508:4612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   95.310772][   T29] audit: type=1326 audit(128.508:4613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   95.333630][   T29] audit: type=1326 audit(128.508:4614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7f007fef03 code=0x7ffc0000
[   95.356176][   T29] audit: type=1326 audit(128.508:4615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7f007fef03 code=0x7ffc0000
[   95.378716][   T29] audit: type=1326 audit(128.508:4616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   95.401571][   T29] audit: type=1326 audit(128.508:4617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6504 comm="syz.4.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f007feec9 code=0x7ffc0000
[   95.411253][ T6523] netlink: 'syz.0.899': attribute type 2 has an invalid length.
[   95.431006][ T6321] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.450701][ T6528] loop5: detected capacity change from 0 to 764
[   95.458294][ T6528] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   95.468704][ T6528] macvtap0: refused to change device tx_queue_len
[   95.702115][ T6533] rdma_op ffff888106831d80 conn xmit_rdma 0000000000000000
[   95.757916][ T6537] netlink: 'syz.2.901': attribute type 3 has an invalid length.
[   95.765771][ T6537] netlink: 'syz.2.901': attribute type 3 has an invalid length.
[   95.856392][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.875204][ T6541] loop1: detected capacity change from 0 to 512
[   96.036462][ T6558] FAULT_INJECTION: forcing a failure.
[   96.036462][ T6558] name failslab, interval 1, probability 0, space 0, times 0
[   96.049392][ T6558] CPU: 1 UID: 0 PID: 6558 Comm: syz.4.909 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.049425][ T6558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   96.049461][ T6558] Call Trace:
[   96.049469][ T6558]  <TASK>
[   96.049478][ T6558]  __dump_stack+0x1d/0x30
[   96.049504][ T6558]  dump_stack_lvl+0xe8/0x140
[   96.049586][ T6558]  dump_stack+0x15/0x1b
[   96.049606][ T6558]  should_fail_ex+0x265/0x280
[   96.049636][ T6558]  should_failslab+0x8c/0xb0
[   96.049666][ T6558]  __kvmalloc_node_noprof+0x123/0x4e0
[   96.049704][ T6558]  ? simple_xattr_alloc+0x43/0x90
[   96.049766][ T6558]  simple_xattr_alloc+0x43/0x90
[   96.049848][ T6558]  shmem_initxattrs+0x18c/0x350
[   96.049882][ T6558]  security_inode_init_security+0x259/0x330
[   96.049919][ T6558]  ? __pfx_shmem_initxattrs+0x10/0x10
[   96.050026][ T6558]  shmem_mknod+0xad/0x180
[   96.050101][ T6558]  shmem_mkdir+0x33/0x70
[   96.050124][ T6558]  vfs_mkdir+0x213/0x340
[   96.050145][ T6558]  do_mkdirat+0x132/0x3f0
[   96.050167][ T6558]  __x64_sys_mkdirat+0x4c/0x60
[   96.050191][ T6558]  x64_sys_call+0x2b7/0x2ff0
[   96.050283][ T6558]  do_syscall_64+0xd2/0x200
[   96.050312][ T6558]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   96.050336][ T6558]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   96.050396][ T6558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.050424][ T6558] RIP: 0033:0x7f7f007fd617
[   96.050443][ T6558] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.050467][ T6558] RSP: 002b:00007f7eff266e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   96.050491][ T6558] RAX: ffffffffffffffda RBX: 00007f7eff266ef0 RCX: 00007f7f007fd617
[   96.050506][ T6558] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[   96.050553][ T6558] RBP: 0000200000000280 R08: 0000000000000000 R09: 0000000000000000
[   96.050570][ T6558] R10: 0000200000000280 R11: 0000000000000246 R12: 0000200000000040
[   96.050583][ T6558] R13: 00007f7eff266eb0 R14: 0000000000000000 R15: ffffffffffffffff
[   96.050602][ T6558]  </TASK>
[   96.274556][ T6563] ==================================================================
[   96.282689][ T6563] BUG: KCSAN: data-race in mas_state_walk / mas_wmb_replace
[   96.290016][ T6563] 
[   96.292353][ T6563] write to 0xffff88810478ae00 of 8 bytes by task 6561 on cpu 0:
[   96.300022][ T6563]  mas_wmb_replace+0xe45/0x14a0
[   96.304908][ T6563]  mas_wr_store_entry+0x1773/0x2b50
[   96.310128][ T6563]  mas_store_prealloc+0x74d/0x9e0
[   96.315177][ T6563]  vma_iter_store_new+0x1c5/0x200
[   96.320215][ T6563]  vma_complete+0x125/0x580
[   96.324724][ T6563]  __split_vma+0x5d9/0x650
[   96.329245][ T6563]  vma_modify+0x3f2/0xc80
[   96.333582][ T6563]  vma_modify_flags+0x101/0x130
[   96.338441][ T6563]  mprotect_fixup+0x2cc/0x570
[   96.343228][ T6563]  do_mprotect_pkey+0x6d6/0x980
[   96.348089][ T6563]  __x64_sys_mprotect+0x48/0x60
[   96.353039][ T6563]  x64_sys_call+0x274e/0x2ff0
[   96.357726][ T6563]  do_syscall_64+0xd2/0x200
[   96.362248][ T6563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.368162][ T6563] 
[   96.370484][ T6563] read to 0xffff88810478ae00 of 8 bytes by task 6563 on cpu 1:
[   96.378029][ T6563]  mas_state_walk+0x485/0x650
[   96.382720][ T6563]  mas_walk+0x60/0x150
[   96.386806][ T6563]  lock_vma_under_rcu+0x8d/0x160
[   96.391762][ T6563]  do_user_addr_fault+0x233/0x1090
[   96.396915][ T6563]  exc_page_fault+0x62/0xa0
[   96.401430][ T6563]  asm_exc_page_fault+0x26/0x30
[   96.406291][ T6563] 
[   96.408618][ T6563] value changed: 0xffff8881044bcf0e -> 0xffff88810478ae00
[   96.415830][ T6563] 
[   96.418156][ T6563] Reported by Kernel Concurrency Sanitizer on:
[   96.424304][ T6563] CPU: 1 UID: 0 PID: 6563 Comm: syz.4.911 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.433941][ T6563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   96.444090][ T6563] ==================================================================