last executing test programs:

3.047795901s ago: executing program 2 (id=2208):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564703a73"], 0x54}}, 0x0)

2.659391608s ago: executing program 2 (id=2210):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x8, @dev={0xfe, 0x80, '\x00', 0x37}, 0x2}, 0x1c)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x2000000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='kfree\x00', r2}, 0x18)
syz_usb_connect$rtl8150(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
r3 = syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', 0x8020a0, &(0x7f00000006c0)=ANY=[], 0x1, 0x3c1, &(0x7f00000008c0)="$eJzs3U2PU9UbAPCnHWgH/v+hLIyJGuMJbnTTDPgFmBhIjJNogBp0YXKRjjZTpqRtxpQYwZVbPwdx6c7E+AVY4N6dOzYuWRiuae8ttAMOvrRU4u+XzNyn95xnzrmveTbTc+/yN9d2dwb1nWwY1bMpqhFRvR9xchIVKuW2OolrMetWvNm4/POrFz/86N2t7e1zF1I6v3XprTMppROv/fD5F9+e+nH4vw++O/F9Pe6c/Pjer2d+ufPinZfuPbj0WWeQOoO01xumLF3p9YbZlW47Xe0Mdpspvd9tZ4N26uwN2v259p1u7/r1Ucr2rm4cv95vDwYp2xul3fYoDXtp2B+l7NOss5eazWbaOB7cfEp76/aFC9lWEa8f0u/sIifFwh05tLXf38rGz3D9sZbW7SVOCgD4lyrr/2ZR/8dfqf9vjX/VDtb/F8vWP1H/T/9SWd8fHceH1P8b6v9Fm63/S5WVTYYlGdf/tfL5nVFX/wMAAAAAAAAAAAAAwPPhfp438jxvTLd5PSIq5f8T53lj1fNjuR67/gd+Vj0/lmvmizvWI7pf77f2W8W2aN/aiU50ox2b0Yjfxq+EqSI+/872uc00UYmNazcn+afuRrRq8/mnoxEnZ/LXJ++XSf7pIj+V+Semczs+m38mGvHCk8fP63P5rYjxthZvvD6T34xG/PRJ9KIbVydDP8r/8nRKb7+3fSC/PukHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH9DM029EsW69/utiGOx31or2h91qJQp5fr4xYeH6+tvRjXiyevzb6Z87fH1+Y/Ey0dWdtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMGcwurGbdbvt/tKCtfk90zX/J3tq0+CP0ytF91sHmo7F00a/u9CjqC7qtDzI83xZJ3x9yZdygcHRiMOuYF7eJf98rP9HxCF96hFR7Bnfi8/2JHz1zJ7BvxOs4m0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAq/Vo0e/icyUqq54SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKzAY3djNut12fzC6UY0yeLjnScFaPL3PfLDqYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHie/B4AAP//hpn9uw==")
io_setup(0x202, &(0x7f0000000200))
readlinkat(r3, &(0x7f0000000180)='./file1\x00', &(0x7f0000001880)=""/4096, 0x1000)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb000f00000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r7 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r7, &(0x7f0000000480)={0x10, 0x0, 0x0, 0xf0ffffff}, 0xc)
close_range(r7, r7, 0x0)
sendfile(r4, r6, 0x0, 0x20000023896)
close(r4)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)

1.777582735s ago: executing program 2 (id=2224):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
getsockopt$inet6_buf(r2, 0x29, 0x2e, &(0x7f0000000300)=""/145, &(0x7f0000000200)=0x91)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000800000000096469c00", @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r2], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36e, &(0x7f00000007c0)="$eJzs3U1oM0UYwPEnaZImeXmbHERRkA6+CHpZ2uhZDNKCELC0jdgKwrbdaMialGyoRsS2J4+Kd0+Ch9KbBQ8F7VnoxZteRPDWi6BgBXVlv5LNV9PGpMH2/4OSycw8uzPZSXk27WYv3vj03UrJ0kp6Q6JJJRERkUuRrEQlEPEfo245IfLJd622A3n+wW8/PL22UUx6FWo5v/5CTik1N//Nex+m/G6ns3Kefevi19wv54+fP3nxz/o7ZUuVLVWtNZSutmo/NfQt01A7ZauiKbViGrplqHLVMupe+1f+dsza7m5T6dWdh+ndumFZSq82VcVoqkZNNepNpb+tl6tK0zT1MC0Ypni0uqrnRwzeHvNgMCH1el6fEZFUT0vxaCoDAgAAU9Wd/0edlH5Y/h/Syv83Za5QWFpVTud2/n/8zFnjwesnc37+f5rol/+/+KO3rY783zmdaOf/Ne/8oDQ8//9cbpD/92ZE98vI+X92AoPBaOYTPVWRjmdO/p/237+uwzePF9wC+T8AAAAAAAAAAAAAAAAAAAAAAP8Hl7adsW07EzwGP+1LCPznuJMGHf9ZEUk6R9/m+N9laxubknQv3HOOsfnxXnGv6D36Hc5ExBTjb7ubszaCK4+UIyvfmvt+/P5eccZtyZek7MTLomQk666nULxtL79aWFpUHj++dZlSOhyfk4w8Fo7/2l2dTnyuM97ff0KeexSK1yQj329LTUzZcSPb+/9oUalXXit0xafcfiLy860fFAAAAAAAxkxTLX3P3zVtULv3LSP5kvsxkSELkpG/+p/fL/Q9P49lnopNe/YAAAAAANwPVvODii5Ro+4WTLNfISUDm8ZQiHXUxEWkb+dEV038qi3PhGZ43fEkxLuDyX+d1xfBq3qTqOAfKZyBt5r8O6rIaOMJ5u/WRGLP/u43/XnTeUUOxF0AB+GmqFwjPNY9+HmnQvXt/Gjgdg79ibRqgo+NEgNeZ1np3U70ipUQ76mxI6MtgCc++/KP8b1BXjrxV8D7wzsfmoa9L9c5KF0FZxe9TfGJ/+IBAAAAcOvaSX9Q83K4OXwjkfDNcvjLPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYzSRr/TrKgze++xtThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYun8DAAD//7ct9c4=")
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, @perf_config_ext={0x8, 0x6}, 0x120, 0x10000, 0x33f8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105142, 0x2c)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r4, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057000000"], 0x0}, 0x94)

1.726041846s ago: executing program 4 (id=2226):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1b00, 0x10022, 0x0)

1.454008762s ago: executing program 4 (id=2228):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000001a21428c6c08586dd61bcc1d7008c292a5b01000000000000000000000000000000000000000000000000000000000001"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r5, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='ext4_insert_range\x00', r0}, 0xffffff3b)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r5, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f00000006c0)={0x384, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xe8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6903}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x52}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xef}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}, @TIPC_NLA_NODE={0xa8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "b8a52342fa0557e09b78c5bb92689ff832d62cdca34da1d15fd4801f837a8eb1"}}, @TIPC_NLA_NODE_ID={0x53, 0x3, "b6dd12f5684924b89b6988cb26cf60f28cd05676e38b815e28e4ae60d2db4b71a0a80761afcf00372d370cf93bb54645bf67a6183f06639dc40cba0edf98fe4e80467ee9a02b3447fefba1a03d66f8"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}]}, @TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}]}, @TIPC_NLA_BEARER={0xd4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}, 0xc}}, {0x14, 0x2, @in={0x2, 0x4e22, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x30, @loopback, 0x9}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x4, @local, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x1, @rand_addr=' \x01\x00', 0x2}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x3, @empty, 0x2}}}}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7700}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}]}]}, 0x384}, 0x1, 0x0, 0x0, 0x4000044}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00'}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}}, 0x0)

1.310673194s ago: executing program 0 (id=2229):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@generic={0x0, r4}, 0x18)

1.256692545s ago: executing program 0 (id=2230):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x6)

1.256086815s ago: executing program 4 (id=2231):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x2, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}}, 0x0)

1.213747786s ago: executing program 0 (id=2232):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe)
ioctl$TIOCSLCKTRMIOS(r0, 0x80047437, &(0x7f00000010c0))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000180)={0xebd186ca402cd5d0, 0x80, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xba, 0x4, @perf_bp={0x0, 0x5}, 0x1205, 0x0, 0x4, 0x7, 0x0, 0x0, 0xfffd, 0x0, 0xfffffffd, 0x0, 0xfffffffffffffffc}, 0x0, 0x7, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
syz_emit_ethernet(0x72, &(0x7f0000000340)=ANY=[], 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0xa, 0x300)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x3}, 0x94)
r4 = mq_open(&(0x7f00000000c0)='discard', 0x1, 0x10, 0x0)
mq_timedsend(r4, &(0x7f0000000240)="cc573cd55cfee33ad6c899aec942912d3125a524e0927a90aedfc14024dc6e7299b8224d8d33a13e59c5d468dd6e503e20eb08a1c63915c430b0e676b084d35e90484da909f00a1ed55305e648548234061a", 0x52, 0x5, &(0x7f00000008c0)={0x77359400})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_genetlink_get_family_id$devlink(&(0x7f0000000c80), 0xffffffffffffffff)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a00002"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3004010, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=")
ioctl$sock_SIOCBRDELBR(r6, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0)

1.133014838s ago: executing program 4 (id=2233):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb}}, @TCA_CT_MARK={0x8, 0x10, 0x80000000}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000000000)={0xfc, {"a2e3ad0e090d07f9505e1a1887f70706d038e7fd7fc6e5539b203c0a8b089b3f32356c030890e0879b0af8c6e70a9b334a959b6696048ed30af3988f7ef31952013fffe8d178708c523c921b1b5b31070d0773180acd3b78130daa61d8e8048001005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2ff7949d1f416e56c71b1931870262f5e801119242ca026bfcc21e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771a0000119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc18892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae1b9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982c04000000000000005c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80c1ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d5062c59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843ddbd8db411d8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227fff72de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e240100c0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f7524e2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e842729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458ffff5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a898a33a6d88e7cfe0e0000000000d80a4fe654578376e599aff3565b1d531f30912b9945fc83d38a155d5284edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295bf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e542ccea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000", 0x1000}}, 0x1006)

1.113504228s ago: executing program 3 (id=2234):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564703a73"], 0x54}}, 0x0)

1.01144503s ago: executing program 4 (id=2235):
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f00000008c0)="3bf58d7d45d32cfe1da7c797b82fee444b42785c24a868a4046cf670ba8f376c429a424fcc374c08887ba2bb530d843b61bf79a3879fa0", 0x37)
sendfile(r1, r0, 0x0, 0x3ffff)
write$binfmt_script(r1, &(0x7f0000000200)={'#! ', './file0', [{0x20, 'GPL\x00'}, {0x20, '\x00'}, {0x20, '[.\'#(\x13'}, {}, {0x20, ',^'}, {0x20, '&@'}, {0x20, '.-,$^#'}, {0x20, 'siox_get_data\x00'}, {0x20, 'siox_get_data\x00'}], 0xa, "c85e942167ed4cacc86a8bb6d637f811e321a56fda753acc0f675d4c0813bf48000da196f2753554f7a2e7467ddba8b4e1a55861a70e789b37557e3d8c50c149e96c9e695d336eea1ec0"}, 0x8f)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000cc0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x2, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x240400cc}, 0x4000080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='siox_get_data\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd60020008eafe2c00fe8000000000000000000000000000bbff02000000000000000000000000000132"], 0x0)

1.01108898s ago: executing program 3 (id=2236):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x800, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x2008, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x7fffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x80)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x22, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000280)="d5", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20080058)

962.429961ms ago: executing program 3 (id=2237):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r1, &(0x7f0000000400)={0x0, 0x34, 0x1, @thr={0x0, 0x0}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10)
r4 = inotify_init1(0x80000)
r5 = inotify_add_watch(r4, &(0x7f0000000200)='.\x00', 0x10000a0)
r6 = dup(r4)
inotify_rm_watch(r6, r5)

905.914302ms ago: executing program 3 (id=2238):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1b00, 0x10022, 0x0)

815.475374ms ago: executing program 2 (id=2239):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x8000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
pipe2$9p(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
r4 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}})

656.083307ms ago: executing program 2 (id=2241):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r3, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0)

580.428958ms ago: executing program 4 (id=2242):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1cb, &(0x7f00000006c0)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@grpquota}, {@mb_optimize_scan}]}, 0x3, 0x462, &(0x7f0000000780)="$eJzs28tvG0UYAPBvN482fZBQyqOlQKAgIh5JkxbogQsIJA4gIXEpx5CkVanboCZItKqgIFSOqBJ3xBGJv4ATXBBwQuIKd1SpQr1QOBmtvRs7jpM6rmO38e8nOZnZndXMt7Njz+7YAfSt8exPErEnIv6IiNFqdnWB8eq/mzcuzf1749JcEuXyO38nlXL/3Lg0VxQtjtudZybSiPTzJCJdW+/ShYtnZkulhfN5fmr57AdTSxcuPn/67OyphVML52aOHz92dPqlF2de6Eic92ZtPfjx4qEDb7x79a25E1ff++W7pIi/IY4OGd9o51Plcoer6629delk8NblB7ayMbQs64esu4Yq4380BqLWeaPx+mc9bRywpcq5dXZfLgPbWBK9bgHQG8UHfXb/W7y6N/voveuvVG+Asrhv5q/qnsGVxxZDDfe3nTQeEScu//d19oqteQ4BALDKD9n857lm8780Hqgrd0++NjSWr6Xsi4j7ImJ/RNwfUSn7YEQ8tMn6GxdJ1s5/0mttBdaibP73cr62tXr+t7JoNTaQ5/ZW4h9KTp4uLRzJz8lEDO3I8tMb1PHja79/ud6++vlf9srqL+aCeTuuDe5Yfcz87PLs7cRc7/qnEQcHm8WfrKwEJBFxICIOtlnH6We+PdR8z44W4t9AC+tMt1L+JuLpav9fjob4C8nG65NTO6O0cGSquCrW+vW3K2+vV/9txd8BWf/vanr9r8Q/ltSv1y5tvo4rf35RG9MN1/JkW9d/bcNw/v+j2eXl89MRw8mb1UbXb5+pHVvki/JZ/BOHm4//fVE7Ew9HRHYRPxIRj0bEY3nfPR4RT0TE4eahZ7eO8fOrT76/3rm5E/p/vqH/x+oL5Ce41v+1xHA0bmmeGDjz0/erKq2roLX3v2OV1ES+pZX3v1ba1d7VDAAAAHefNCL2RJJOrqRH0snJ6nf498eutLS4tPzsycUPz81XfyMwFkNp8aRrtO556HR+W1/kZxryR/Pnxl8NjFTyk3OLpfleBw99bvea8Z9Wxn/mLz/SgO2vA+towF2qbvwnvWwH0H1NP/+Hu98OoPvM/6F/NRn/I71oB9B9zT7/P+lBO4Duaxj/lv2gj7j/h/5l/EP/qh//vgAAfWNpJG79I/lmiZ3RzlES2yYR6R3RjM4kkjZHQauJPb0OcPOJXr8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMb/AQAA//9q1+es")
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x1}, 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xa)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f0000000000))
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a0101000000000000000001000000090003001e007a3200000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xfff3, 0xfff1}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x30, 0x2, [@TCA_CGROUP_EMATCHES={0x2c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8f6}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x10e, 0x2, 0x8001}, {0x3, 0x0, 0x2}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x48e7, 0x0, 0xe3e3}}}]}]}]}}, @TCA_RATE={0x6, 0x5, {0x4}}, @TCA_RATE={0x6, 0x5, {0x4, 0x6}}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x40010)

498.25605ms ago: executing program 1 (id=2243):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000380)=0x2)
ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000180)={0x20, 0x0})

390.748912ms ago: executing program 3 (id=2244):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
socket(0x15, 0x800, 0xfff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x41, 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
gettid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x6c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000003c0)='mm_page_alloc\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x9, 0x7, 0x0, 0x0, 0x0, 0x40008, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x4c58, 0x4, 0x0, 0x0, 0x7, 0x4ac, 0x400b, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000003, 0x13, r3, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000280)=0x1)
tkill(0x0, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'bond0\x00'})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r8, 0x5425, 0x0)
socket$packet(0x11, 0x2, 0x300)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r10, 0x0, 0xae6}, 0x18)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000340)='/,O#,)\x02\x00', 0xfffffffffffffffd)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sys_enter\x00', r11}, 0x65)

371.435533ms ago: executing program 0 (id=2245):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r5, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0)

304.953654ms ago: executing program 1 (id=2246):
r0 = socket(0x2c, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="11000000040000000400000022bf000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYBLOB], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x1c, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x843b, 0x0, 0x0, 0x0, 0x28c0bf51}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0x95}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @ldst={0x0, 0x3, 0x2, 0xa, 0x3, 0xffffffffffffffc0, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, @generic={0xaa, 0x0, 0x6, 0x8, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000240)='syzkaller\x00', 0xe, 0x56, &(0x7f0000000280)=""/86, 0x40f00, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x3, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0xf, 0x800}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000400)=[r1, r2, r2], &(0x7f0000000440)=[{0x4, 0x2, 0x9, 0x6}, {0x5, 0x5, 0x2, 0x8}], 0x10, 0xb}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x3}, 0x18)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r0, 0x2}, 0x20)

304.737304ms ago: executing program 1 (id=2247):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x800, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x2008, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x7fffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x80)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x22, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000280)="d5", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20080058)

267.347494ms ago: executing program 1 (id=2248):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x6)
r2 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd26, 0x2000000, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000)

259.180485ms ago: executing program 2 (id=2249):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000785ceb2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a14001f00110001000000000000000000f1ffff09"], 0x28}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r4, @ANYRES32, @ANYRESOCT=0x0], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x11, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]})
acct(0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x89901)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
write$binfmt_misc(r5, &(0x7f0000000240), 0xfffffecc)
ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000040)=0x3b3)

244.788425ms ago: executing program 1 (id=2250):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr=0x64010102, @multicast1}, @address_request}}}}, 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba7144cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

223.308065ms ago: executing program 0 (id=2251):
prctl$PR_GET_THP_DISABLE(0x2a)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x56, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb88a8410081004a000800492700400067000004019078e0000001000000000707ba7f00000183078aac14141900000c00907809010000450685d100680004350c020064010102ac1e00017d672e321f64b224a3baced96a2f41a71c2fdc71817bff4d65661e9a44874d50c8ee87f7838cc17b186f469308e2ced61862be9b19c605af87e4376b79cb3b90da97a87f0c2fc77ea84d0d7045297583526d9af35a74cb2717802af4758ff16275713f6acd2aaa237f79effc7b95332c4c0eb874877988c3ed23543d"], 0x0)
socket(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
close(0x3)
creat(0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
faccessat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='svc_unregister\x00', r1, 0x0, 0x200002}, 0x18)
rt_sigsuspend(0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x20000023896)
close(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

173.937866ms ago: executing program 1 (id=2252):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_free\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x4000, &(0x7f0000000300)={[{@resuid}, {@dioread_nolock}, {@noblock_validity}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r2, &(0x7f00000009c0)=';', 0x1)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7fffeffd)

164.748596ms ago: executing program 0 (id=2253):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000001a21428c6c08586dd61bcc1d7008c292a5b01000000000000000000000000000000000000000000000000000000000001"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r5, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='ext4_insert_range\x00', r0}, 0xffffff3b)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r5, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f00000006c0)={0x384, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xe8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6903}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x52}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xef}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}, @TIPC_NLA_NODE={0xa8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "b8a52342fa0557e09b78c5bb92689ff832d62cdca34da1d15fd4801f837a8eb1"}}, @TIPC_NLA_NODE_ID={0x53, 0x3, "b6dd12f5684924b89b6988cb26cf60f28cd05676e38b815e28e4ae60d2db4b71a0a80761afcf00372d370cf93bb54645bf67a6183f06639dc40cba0edf98fe4e80467ee9a02b3447fefba1a03d66f8"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}]}, @TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}]}, @TIPC_NLA_BEARER={0xd4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}, 0xc}}, {0x14, 0x2, @in={0x2, 0x4e22, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x30, @loopback, 0x9}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x4, @local, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x1, @rand_addr=' \x01\x00', 0x2}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x3, @empty, 0x2}}}}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7700}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}]}]}, 0x384}, 0x1, 0x0, 0x0, 0x4000044}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00'}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}}, 0x0)

0s ago: executing program 3 (id=2254):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='mctp_key_acquire\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$kcm(0x2d, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r3}, 0x10)
r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x11c167, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r7, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000080)="da", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="b8", 0x1}], 0x1}}], 0x2, 0x0)
close(r7)
r8 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r8, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r8, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x1, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000300)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x10}}], 0x30}, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='mctp_key_acquire\x00', r9, 0x0, 0x9}, 0x18)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000240)={<r10=>r1})
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r10, 0x84, 0x4, &(0x7f0000000040)=0x3, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r11, 0x2007ffc)
sendfile(r11, r11, 0x0, 0x800000009)
epoll_ctl$EPOLL_CTL_MOD(r11, 0x3, r0, &(0x7f0000000180)={0x5})

kernel console output (not intermixed with test programs):

 151.358500][   T29] audit: type=1326 audit(1757874026.829:8633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9323 comm="syz.0.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  151.358698][ T9340] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  151.415794][ T9340] ext4 filesystem being mounted at /385/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.437044][ T9340] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1848: corrupted xattr block 19: overlapping e_value 
[  151.437670][ T9342] syzkaller0: entered promiscuous mode
[  151.452206][ T9340] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  151.457305][ T9342] syzkaller0: entered allmulticast mode
[  151.466436][ T9340] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1848: corrupted xattr block 19: overlapping e_value 
[  151.485805][ T9340] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  151.494893][ T9340] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1848: corrupted xattr block 19: overlapping e_value 
[  151.594018][   T10] tipc: Node number set to 2886997007
[  151.756582][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  151.928750][ T9382] FAULT_INJECTION: forcing a failure.
[  151.928750][ T9382] name failslab, interval 1, probability 0, space 0, times 0
[  151.941556][ T9382] CPU: 1 UID: 0 PID: 9382 Comm: syz.3.1866 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  151.941633][ T9382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  151.941674][ T9382] Call Trace:
[  151.941681][ T9382]  <TASK>
[  151.941734][ T9382]  __dump_stack+0x1d/0x30
[  151.941755][ T9382]  dump_stack_lvl+0xe8/0x140
[  151.941774][ T9382]  dump_stack+0x15/0x1b
[  151.941790][ T9382]  should_fail_ex+0x265/0x280
[  151.941818][ T9382]  should_failslab+0x8c/0xb0
[  151.941888][ T9382]  kmem_cache_alloc_noprof+0x50/0x310
[  151.941921][ T9382]  ? alloc_empty_file+0x76/0x200
[  151.941953][ T9382]  alloc_empty_file+0x76/0x200
[  151.941994][ T9382]  alloc_file_pseudo+0xc6/0x160
[  151.942072][ T9382]  __shmem_file_setup+0x1de/0x210
[  151.942104][ T9382]  shmem_file_setup+0x3b/0x50
[  151.942121][ T9382]  __se_sys_memfd_create+0x2c3/0x590
[  151.942142][ T9382]  __x64_sys_memfd_create+0x31/0x40
[  151.942202][ T9382]  x64_sys_call+0x2abe/0x2ff0
[  151.942223][ T9382]  do_syscall_64+0xd2/0x200
[  151.942276][ T9382]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  151.942301][ T9382]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  151.942328][ T9382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.942348][ T9382] RIP: 0033:0x7f71bb68eba9
[  151.942431][ T9382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.942448][ T9382] RSP: 002b:00007f71ba0f6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  151.942468][ T9382] RAX: ffffffffffffffda RBX: 000000000000045c RCX: 00007f71bb68eba9
[  151.942482][ T9382] RDX: 00007f71ba0f6ef0 RSI: 0000000000000000 RDI: 00007f71bb7127e8
[  151.942576][ T9382] RBP: 0000200000002400 R08: 00007f71ba0f6bb7 R09: 00007f71ba0f6e40
[  151.942619][ T9382] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  151.942632][ T9382] R13: 00007f71ba0f6ef0 R14: 00007f71ba0f6eb0 R15: 0000200000000680
[  151.942652][ T9382]  </TASK>
[  152.298030][ T9372] loop1: detected capacity change from 0 to 512
[  152.335889][ T9391] loop4: detected capacity change from 0 to 512
[  152.352482][ T9372] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  152.364863][ T9372] EXT4-fs (loop1): orphan cleanup on readonly fs
[  152.393833][ T9372] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1861: corrupted inode contents
[  152.415050][ T9396] loop3: detected capacity change from 0 to 1024
[  152.423096][ T9396] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  152.423176][ T9372] EXT4-fs (loop1): Remounting filesystem read-only
[  152.434176][ T9396] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  152.457346][ T9372] EXT4-fs (loop1): 1 truncate cleaned up
[  152.463286][   T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  152.474027][   T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  152.474137][ T9397] loop0: detected capacity change from 0 to 512
[  152.524750][   T51] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  152.536508][ T9396] JBD2: no valid journal superblock found
[  152.541899][ T9403] netlink: 'syz.2.1871': attribute type 1 has an invalid length.
[  152.542362][ T9396] EXT4-fs (loop3): Could not load journal inode
[  152.553606][ T9391] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  152.578988][ T9403] 8021q: adding VLAN 0 to HW filter on device bond2
[  152.580669][ T9391] EXT4-fs (loop4): orphan cleanup on readonly fs
[  152.611929][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1871'.
[  152.615608][ T9396] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  152.620996][ T9397] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  152.636209][ T9397] EXT4-fs (loop0): orphan cleanup on readonly fs
[  152.643141][ T9396] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  152.651742][ T9391] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1862: corrupted inode contents
[  152.667820][ T9391] EXT4-fs (loop4): Remounting filesystem read-only
[  152.670212][ T9397] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1863: corrupted inode contents
[  152.675901][ T9391] EXT4-fs (loop4): 1 truncate cleaned up
[  152.687746][ T9397] EXT4-fs (loop0): Remounting filesystem read-only
[  152.700184][ T9397] EXT4-fs (loop0): 1 truncate cleaned up
[  152.707490][ T9403] bond2 (unregistering): Released all slaves
[  152.715421][ T3461] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  152.726318][ T3461] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  152.737009][ T3461] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  152.747251][ T3461] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  152.757944][ T3461] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  152.768620][ T3461] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  152.878295][ T9416] loop2: detected capacity change from 0 to 1024
[  152.934027][ T9416] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.1874: Allocating blocks 385-513 which overlap fs metadata
[  152.949078][ T9418] FAULT_INJECTION: forcing a failure.
[  152.949078][ T9418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.962302][ T9418] CPU: 1 UID: 0 PID: 9418 Comm: syz.3.1875 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  152.962352][ T9418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  152.962365][ T9418] Call Trace:
[  152.962373][ T9418]  <TASK>
[  152.962382][ T9418]  __dump_stack+0x1d/0x30
[  152.962413][ T9418]  dump_stack_lvl+0xe8/0x140
[  152.962435][ T9418]  dump_stack+0x15/0x1b
[  152.962453][ T9418]  should_fail_ex+0x265/0x280
[  152.962540][ T9418]  should_fail+0xb/0x20
[  152.962562][ T9418]  should_fail_usercopy+0x1a/0x20
[  152.962589][ T9418]  _copy_from_user+0x1c/0xb0
[  152.962641][ T9418]  ___sys_sendmsg+0xc1/0x1d0
[  152.962682][ T9418]  __x64_sys_sendmsg+0xd4/0x160
[  152.962714][ T9418]  x64_sys_call+0x191e/0x2ff0
[  152.962795][ T9418]  do_syscall_64+0xd2/0x200
[  152.962875][ T9418]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  152.962906][ T9418]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  152.962940][ T9418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.962962][ T9418] RIP: 0033:0x7f71bb68eba9
[  152.962988][ T9418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.963008][ T9418] RSP: 002b:00007f71ba0f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  152.963091][ T9418] RAX: ffffffffffffffda RBX: 00007f71bb8d5fa0 RCX: 00007f71bb68eba9
[  152.963106][ T9418] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  152.963121][ T9418] RBP: 00007f71ba0f7090 R08: 0000000000000000 R09: 0000000000000000
[  152.963135][ T9418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.963149][ T9418] R13: 00007f71bb8d6038 R14: 00007f71bb8d5fa0 R15: 00007ffdb4b3ee88
[  152.963171][ T9418]  </TASK>
[  153.160698][ T9426] loop1: detected capacity change from 0 to 128
[  153.175830][ T9414] EXT4-fs (loop2): pa ffff8881071cda10: logic 16, phys. 129, len 24
[  153.183890][ T9414] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  153.227155][ T9426] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  153.235071][ T9426] FAT-fs (loop1): Filesystem has been set read-only
[  153.235203][ T9432] loop4: detected capacity change from 0 to 1024
[  153.248570][ T9426] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  153.249580][ T9432] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  153.256612][ T9426] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  153.267542][ T9432] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  153.270260][ T9432] JBD2: no valid journal superblock found
[  153.290948][ T9432] EXT4-fs (loop4): Could not load journal inode
[  153.407529][ T9426] bio_check_eod: 61044 callbacks suppressed
[  153.407550][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.407550][ T9426] loop1: rw=0, sector=2065, nr_sectors = 1 limit=128
[  153.492690][ T9448] netlink: 'syz.2.1886': attribute type 1 has an invalid length.
[  153.510725][ T9446] loop0: detected capacity change from 0 to 512
[  153.519670][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.519670][ T9426] loop1: rw=0, sector=2066, nr_sectors = 1 limit=128
[  153.533256][ T9426] buffer_io_error: 59455 callbacks suppressed
[  153.533272][ T9426] Buffer I/O error on dev loop1, logical block 2066, async page read
[  153.536632][ T9448] 8021q: adding VLAN 0 to HW filter on device bond2
[  153.558841][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.558841][ T9426] loop1: rw=0, sector=2067, nr_sectors = 1 limit=128
[  153.572403][ T9426] Buffer I/O error on dev loop1, logical block 2067, async page read
[  153.629725][ T9448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1886'.
[  153.639139][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.639139][ T9426] loop1: rw=0, sector=2068, nr_sectors = 1 limit=128
[  153.652502][ T9426] Buffer I/O error on dev loop1, logical block 2068, async page read
[  153.683714][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.683714][ T9426] loop1: rw=0, sector=2069, nr_sectors = 1 limit=128
[  153.685235][ T9448] bond2 (unregistering): Released all slaves
[  153.697196][ T9426] Buffer I/O error on dev loop1, logical block 2069, async page read
[  153.711819][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.711819][ T9426] loop1: rw=0, sector=2070, nr_sectors = 1 limit=128
[  153.725262][ T9426] Buffer I/O error on dev loop1, logical block 2070, async page read
[  153.734029][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.734029][ T9426] loop1: rw=0, sector=2071, nr_sectors = 1 limit=128
[  153.747322][ T9426] Buffer I/O error on dev loop1, logical block 2071, async page read
[  153.755665][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.755665][ T9426] loop1: rw=0, sector=2072, nr_sectors = 1 limit=128
[  153.758701][ T9446] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  153.769211][ T9426] Buffer I/O error on dev loop1, logical block 2072, async page read
[  153.787943][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.787943][ T9426] loop1: rw=0, sector=2065, nr_sectors = 1 limit=128
[  153.801370][ T9426] Buffer I/O error on dev loop1, logical block 2065, async page read
[  153.810467][ T9426] syz.1.1876: attempt to access beyond end of device
[  153.810467][ T9426] loop1: rw=0, sector=2066, nr_sectors = 1 limit=128
[  153.824484][ T9426] Buffer I/O error on dev loop1, logical block 2066, async page read
[  153.834010][ T9426] Buffer I/O error on dev loop1, logical block 2067, async page read
[  153.839947][ T9457] netlink: 'syz.3.1888': attribute type 1 has an invalid length.
[  153.877780][ T9446] EXT4-fs (loop0): orphan cleanup on readonly fs
[  153.895577][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1888'.
[  153.905860][ T9446] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.1882: corrupted inode contents
[  153.924523][ T9457] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.940413][ T9446] EXT4-fs (loop0): Remounting filesystem read-only
[  153.947659][ T9446] EXT4-fs (loop0): 1 truncate cleaned up
[  153.953668][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  153.964445][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  153.989570][ T9460] bond0 (unregistering): Released all slaves
[  154.062751][   T12] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  154.204662][ T9475] loop4: detected capacity change from 0 to 512
[  154.233724][ T9475] ext4 filesystem being mounted at /372/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.298689][ T9486] FAULT_INJECTION: forcing a failure.
[  154.298689][ T9486] name failslab, interval 1, probability 0, space 0, times 0
[  154.311408][ T9486] CPU: 0 UID: 0 PID: 9486 Comm: syz.0.1896 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  154.311493][ T9486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  154.311505][ T9486] Call Trace:
[  154.311512][ T9486]  <TASK>
[  154.311519][ T9486]  __dump_stack+0x1d/0x30
[  154.311539][ T9486]  dump_stack_lvl+0xe8/0x140
[  154.311557][ T9486]  dump_stack+0x15/0x1b
[  154.311596][ T9486]  should_fail_ex+0x265/0x280
[  154.311618][ T9486]  should_failslab+0x8c/0xb0
[  154.311641][ T9486]  kmem_cache_alloc_noprof+0x50/0x310
[  154.311666][ T9486]  ? __rds_conn_create+0x3e7/0x1040
[  154.311727][ T9486]  ? security_inode_alloc+0x37/0x100
[  154.311753][ T9486]  __rds_conn_create+0x3e7/0x1040
[  154.311779][ T9486]  rds_conn_create_outgoing+0x43/0x60
[  154.311803][ T9486]  rds_sendmsg+0xbd2/0x14a0
[  154.311887][ T9486]  ? __pfx_rds_sendmsg+0x10/0x10
[  154.311914][ T9486]  __sock_sendmsg+0x145/0x180
[  154.312010][ T9486]  ____sys_sendmsg+0x31e/0x4e0
[  154.312036][ T9486]  ___sys_sendmsg+0x17b/0x1d0
[  154.312134][ T9486]  __x64_sys_sendmsg+0xd4/0x160
[  154.312207][ T9486]  x64_sys_call+0x191e/0x2ff0
[  154.312226][ T9486]  do_syscall_64+0xd2/0x200
[  154.312266][ T9486]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  154.312288][ T9486]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  154.312314][ T9486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.312376][ T9486] RIP: 0033:0x7f1f75adeba9
[  154.312391][ T9486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.312407][ T9486] RSP: 002b:00007f1f7453f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.312426][ T9486] RAX: ffffffffffffffda RBX: 00007f1f75d25fa0 RCX: 00007f1f75adeba9
[  154.312447][ T9486] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000006
[  154.312458][ T9486] RBP: 00007f1f7453f090 R08: 0000000000000000 R09: 0000000000000000
[  154.312469][ T9486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.312480][ T9486] R13: 00007f1f75d26038 R14: 00007f1f75d25fa0 R15: 00007ffe18f79648
[  154.312497][ T9486]  </TASK>
[  154.527337][ T9490] loop2: detected capacity change from 0 to 128
[  154.542636][ T9490] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  154.550631][ T9490] FAT-fs (loop2): Filesystem has been set read-only
[  154.559062][ T9490] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  154.566821][ T9492] syzkaller0: entered promiscuous mode
[  154.567050][ T9490] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  154.572498][ T9492] syzkaller0: entered allmulticast mode
[  154.902573][ T9500] vhci_hcd: invalid port number 96
[  154.907826][ T9500] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  154.928991][ T9502] FAULT_INJECTION: forcing a failure.
[  154.928991][ T9502] name failslab, interval 1, probability 0, space 0, times 0
[  154.941915][ T9502] CPU: 0 UID: 0 PID: 9502 Comm: syz.3.1903 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  154.941946][ T9502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  154.941960][ T9502] Call Trace:
[  154.942045][ T9502]  <TASK>
[  154.942054][ T9502]  __dump_stack+0x1d/0x30
[  154.942113][ T9502]  dump_stack_lvl+0xe8/0x140
[  154.942138][ T9502]  dump_stack+0x15/0x1b
[  154.942158][ T9502]  should_fail_ex+0x265/0x280
[  154.942204][ T9502]  should_failslab+0x8c/0xb0
[  154.942234][ T9502]  kmem_cache_alloc_noprof+0x50/0x310
[  154.942315][ T9502]  ? getname_flags+0x80/0x3b0
[  154.942350][ T9502]  getname_flags+0x80/0x3b0
[  154.942380][ T9502]  user_path_at+0x28/0x130
[  154.942409][ T9502]  __se_sys_chroot+0x45/0x230
[  154.942552][ T9502]  __x64_sys_chroot+0x1f/0x30
[  154.942583][ T9502]  x64_sys_call+0x214f/0x2ff0
[  154.942606][ T9502]  do_syscall_64+0xd2/0x200
[  154.942758][ T9502]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  154.942781][ T9502]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  154.942808][ T9502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.942828][ T9502] RIP: 0033:0x7f71bb68eba9
[  154.942872][ T9502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.942901][ T9502] RSP: 002b:00007f71ba0f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1
[  154.942995][ T9502] RAX: ffffffffffffffda RBX: 00007f71bb8d5fa0 RCX: 00007f71bb68eba9
[  154.943010][ T9502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000003c0
[  154.943025][ T9502] RBP: 00007f71ba0f7090 R08: 0000000000000000 R09: 0000000000000000
[  154.943039][ T9502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.943051][ T9502] R13: 00007f71bb8d6038 R14: 00007f71bb8d5fa0 R15: 00007ffdb4b3ee88
[  154.943121][ T9502]  </TASK>
[  155.243069][ T9516] loop1: detected capacity change from 0 to 512
[  155.306122][ T9516] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  155.355066][ T9518] loop3: detected capacity change from 0 to 512
[  155.365671][ T9516] EXT4-fs (loop1): 1 truncate cleaned up
[  155.392312][ T9518] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  155.420472][ T9531] SELinux: failed to load policy
[  155.444885][ T9518] EXT4-fs (loop3): orphan cleanup on readonly fs
[  155.475002][ T9518] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.1905: corrupted inode contents
[  155.527999][ T9538] loop1: detected capacity change from 0 to 512
[  155.535217][ T9538] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  155.535190][ T9534] syzkaller0: entered promiscuous mode
[  155.535256][ T9534] syzkaller0: entered allmulticast mode
[  155.557340][ T9518] EXT4-fs (loop3): Remounting filesystem read-only
[  155.557985][ T9538] EXT4-fs (loop1): 1 truncate cleaned up
[  155.563997][ T9518] EXT4-fs (loop3): 1 truncate cleaned up
[  155.575705][ T6980] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  155.586325][ T6980] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  155.623652][ T6980] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  155.728577][ T9546] SELinux: failed to load policy
[  155.755261][ T9553] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1916'.
[  155.764564][ T9555] loop1: detected capacity change from 0 to 128
[  155.783643][ T9555] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  155.791748][ T9555] FAT-fs (loop1): Filesystem has been set read-only
[  155.802042][ T9555] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  155.810254][ T9555] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  155.841603][ T9564] loop2: detected capacity change from 0 to 512
[  155.850652][ T9564] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  155.896600][ T9564] ext4 filesystem being mounted at /372/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.919077][ T9571] loop3: detected capacity change from 0 to 764
[  155.930410][ T9564] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1922: corrupted xattr block 19: overlapping e_value 
[  155.955408][ T9571] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  155.966036][ T9564] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  156.039141][ T9564] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1922: corrupted xattr block 19: overlapping e_value 
[  156.060042][ T9564] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  156.069711][ T9564] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1922: corrupted xattr block 19: overlapping e_value 
[  156.102515][ T9583] loop0: detected capacity change from 0 to 512
[  156.119993][ T9583] ext4 filesystem being mounted at /402/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.138913][ T9583] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  156.156432][ T9587] loop2: detected capacity change from 0 to 512
[  156.165787][ T9583] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1929'.
[  156.178151][ T9587] ext4 filesystem being mounted at /373/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.209425][ T9587] netlink: 'syz.2.1930': attribute type 10 has an invalid length.
[  156.219115][ T9591] FAULT_INJECTION: forcing a failure.
[  156.219115][ T9591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.232571][ T9591] CPU: 0 UID: 0 PID: 9591 Comm: syz.0.1931 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  156.232598][ T9591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  156.232609][ T9591] Call Trace:
[  156.232614][ T9591]  <TASK>
[  156.232621][ T9591]  __dump_stack+0x1d/0x30
[  156.232653][ T9591]  dump_stack_lvl+0xe8/0x140
[  156.232677][ T9591]  dump_stack+0x15/0x1b
[  156.232697][ T9591]  should_fail_ex+0x265/0x280
[  156.232732][ T9591]  should_fail+0xb/0x20
[  156.232757][ T9591]  should_fail_usercopy+0x1a/0x20
[  156.232793][ T9591]  _copy_from_iter+0xd2/0xe80
[  156.232873][ T9591]  ? __build_skb_around+0x1a0/0x200
[  156.232900][ T9591]  ? __alloc_skb+0x223/0x320
[  156.232928][ T9591]  netlink_sendmsg+0x471/0x6b0
[  156.232969][ T9591]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.233013][ T9591]  __sock_sendmsg+0x145/0x180
[  156.233042][ T9591]  ____sys_sendmsg+0x31e/0x4e0
[  156.233087][ T9591]  ___sys_sendmsg+0x17b/0x1d0
[  156.233122][ T9591]  __x64_sys_sendmsg+0xd4/0x160
[  156.233153][ T9591]  x64_sys_call+0x191e/0x2ff0
[  156.233178][ T9591]  do_syscall_64+0xd2/0x200
[  156.233254][ T9591]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  156.233326][ T9591]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  156.233370][ T9591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.233393][ T9591] RIP: 0033:0x7f1f75adeba9
[  156.233484][ T9591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.233512][ T9591] RSP: 002b:00007f1f7453f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.233533][ T9591] RAX: ffffffffffffffda RBX: 00007f1f75d25fa0 RCX: 00007f1f75adeba9
[  156.233549][ T9591] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000006
[  156.233585][ T9591] RBP: 00007f1f7453f090 R08: 0000000000000000 R09: 0000000000000000
[  156.233665][ T9591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.233676][ T9591] R13: 00007f1f75d26038 R14: 00007f1f75d25fa0 R15: 00007ffe18f79648
[  156.233779][ T9591]  </TASK>
[  156.613190][ T9597] loop4: detected capacity change from 0 to 512
[  156.614677][   T29] kauditd_printk_skb: 498 callbacks suppressed
[  156.614691][   T29] audit: type=1400 audit(1757874032.339:9102): avc:  denied  { rmdir } for  pid=3307 comm="syz-executor" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  156.653284][   T29] audit: type=1400 audit(1757874032.379:9103): avc:  denied  { unlink } for  pid=3307 comm="syz-executor" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  156.687251][ T9597] ext4 filesystem being mounted at /375/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.699156][ T9597] FAULT_INJECTION: forcing a failure.
[  156.699156][ T9597] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.712418][ T9597] CPU: 1 UID: 0 PID: 9597 Comm: syz.4.1934 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  156.712450][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  156.712452][   T29] audit: type=1326 audit(1757874032.429:9104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  156.712519][ T9597] Call Trace:
[  156.712525][ T9597]  <TASK>
[  156.712533][ T9597]  __dump_stack+0x1d/0x30
[  156.712634][ T9597]  dump_stack_lvl+0xe8/0x140
[  156.712655][ T9597]  dump_stack+0x15/0x1b
[  156.712683][ T9597]  should_fail_ex+0x265/0x280
[  156.712717][ T9597]  should_fail+0xb/0x20
[  156.712737][ T9597]  should_fail_usercopy+0x1a/0x20
[  156.712761][ T9597]  _copy_from_iter+0xd2/0xe80
[  156.712867][ T9597]  ? __build_skb_around+0x1a0/0x200
[  156.712896][ T9597]  ? __alloc_skb+0x223/0x320
[  156.712919][ T9597]  netlink_sendmsg+0x471/0x6b0
[  156.712948][ T9597]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.712973][ T9597]  __sock_sendmsg+0x145/0x180
[  156.713081][ T9597]  ____sys_sendmsg+0x31e/0x4e0
[  156.713116][ T9597]  ___sys_sendmsg+0x17b/0x1d0
[  156.713151][ T9597]  __x64_sys_sendmsg+0xd4/0x160
[  156.713180][ T9597]  x64_sys_call+0x191e/0x2ff0
[  156.713202][ T9597]  do_syscall_64+0xd2/0x200
[  156.713329][ T9597]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  156.713411][ T9597]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  156.713440][ T9597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.713509][ T9597] RIP: 0033:0x7f900a0beba9
[  156.713526][ T9597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.713544][ T9597] RSP: 002b:00007f9008b1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.713565][ T9597] RAX: ffffffffffffffda RBX: 00007f900a305fa0 RCX: 00007f900a0beba9
[  156.713578][ T9597] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000008
[  156.713629][ T9597] RBP: 00007f9008b1f090 R08: 0000000000000000 R09: 0000000000000000
[  156.713641][ T9597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.713654][ T9597] R13: 00007f900a306038 R14: 00007f900a305fa0 R15: 00007fffe3c6af38
[  156.713700][ T9597]  </TASK>
[  156.811313][ T9604] netlink: 'syz.0.1937': attribute type 1 has an invalid length.
[  156.815778][   T29] audit: type=1326 audit(1757874032.429:9105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  156.826087][ T9604] 8021q: adding VLAN 0 to HW filter on device bond1
[  156.830025][   T29] audit: type=1326 audit(1757874032.429:9106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  156.830053][   T29] audit: type=1326 audit(1757874032.429:9107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  156.830076][   T29] audit: type=1326 audit(1757874032.429:9108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  156.854758][ T9604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1937'.
[  156.856259][   T29] audit: type=1326 audit(1757874032.429:9109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  157.081673][   T29] audit: type=1326 audit(1757874032.429:9110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  157.105063][   T29] audit: type=1326 audit(1757874032.429:9111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9598 comm="syz.1.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f45494ceba9 code=0x7ffc0000
[  157.139533][ T9604] bond1 (unregistering): Released all slaves
[  157.157470][ T9612] FAULT_INJECTION: forcing a failure.
[  157.157470][ T9612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  157.170804][ T9612] CPU: 1 UID: 0 PID: 9612 Comm: syz.3.1940 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  157.170906][ T9612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  157.170919][ T9612] Call Trace:
[  157.170927][ T9612]  <TASK>
[  157.170936][ T9612]  __dump_stack+0x1d/0x30
[  157.170960][ T9612]  dump_stack_lvl+0xe8/0x140
[  157.170987][ T9612]  dump_stack+0x15/0x1b
[  157.171041][ T9612]  should_fail_ex+0x265/0x280
[  157.171065][ T9612]  should_fail+0xb/0x20
[  157.171084][ T9612]  should_fail_usercopy+0x1a/0x20
[  157.171109][ T9612]  _copy_from_user+0x1c/0xb0
[  157.171178][ T9612]  ____sys_sendmsg+0x1c5/0x4e0
[  157.171210][ T9612]  ___sys_sendmsg+0x17b/0x1d0
[  157.171251][ T9612]  __x64_sys_sendmsg+0xd4/0x160
[  157.171365][ T9612]  x64_sys_call+0x191e/0x2ff0
[  157.171388][ T9612]  do_syscall_64+0xd2/0x200
[  157.171421][ T9612]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  157.171444][ T9612]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  157.171488][ T9612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.171512][ T9612] RIP: 0033:0x7f71bb68eba9
[  157.171531][ T9612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.171628][ T9612] RSP: 002b:00007f71ba0f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  157.171651][ T9612] RAX: ffffffffffffffda RBX: 00007f71bb8d5fa0 RCX: 00007f71bb68eba9
[  157.171666][ T9612] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000005
[  157.171756][ T9612] RBP: 00007f71ba0f7090 R08: 0000000000000000 R09: 0000000000000000
[  157.171827][ T9612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.171842][ T9612] R13: 00007f71bb8d6038 R14: 00007f71bb8d5fa0 R15: 00007ffdb4b3ee88
[  157.171862][ T9612]  </TASK>
[  157.377513][ T9624] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  157.503548][ T9634] syzkaller0: entered promiscuous mode
[  157.509126][ T9634] syzkaller0: entered allmulticast mode
[  157.606273][ T9640] loop1: detected capacity change from 0 to 512
[  157.632707][ T9645] loop4: detected capacity change from 0 to 512
[  157.657704][ T9645] EXT4-fs (loop4): failed to initialize system zone (-117)
[  157.665357][ T9640] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  157.673533][ T9640] EXT4-fs (loop1): orphan cleanup on readonly fs
[  157.680438][ T9645] EXT4-fs (loop4): mount failed
[  157.707880][ T9653] netlink: 'syz.0.1953': attribute type 1 has an invalid length.
[  157.725509][ T9653] 8021q: adding VLAN 0 to HW filter on device bond1
[  157.728117][ T9640] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1943: corrupted inode contents
[  157.735612][ T9653] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1953'.
[  157.762209][ T9653] bond1 (unregistering): Released all slaves
[  157.783046][ T9640] EXT4-fs (loop1): Remounting filesystem read-only
[  157.790078][ T9640] EXT4-fs (loop1): 1 truncate cleaned up
[  157.819987][ T6980] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  157.830843][ T6980] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  157.853863][ T9661] tipc: New replicast peer: 255.255.255.255
[  157.860090][ T9661] tipc: Enabled bearer <udp:s>, priority 10
[  157.867107][ T6980] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  157.880494][ T9665] FAULT_INJECTION: forcing a failure.
[  157.880494][ T9665] name failslab, interval 1, probability 0, space 0, times 0
[  157.881008][ T9640] EXT4-fs mount: 78 callbacks suppressed
[  157.881024][ T9640] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  157.893263][ T9665] CPU: 1 UID: 0 PID: 9665 Comm: syz.0.1957 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  157.893336][ T9665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  157.893348][ T9665] Call Trace:
[  157.893356][ T9665]  <TASK>
[  157.893364][ T9665]  __dump_stack+0x1d/0x30
[  157.893387][ T9665]  dump_stack_lvl+0xe8/0x140
[  157.893407][ T9665]  dump_stack+0x15/0x1b
[  157.893424][ T9665]  should_fail_ex+0x265/0x280
[  157.893448][ T9665]  should_failslab+0x8c/0xb0
[  157.893481][ T9665]  kmem_cache_alloc_node_noprof+0x57/0x320
[  157.893510][ T9665]  ? __alloc_skb+0x101/0x320
[  157.893603][ T9665]  __alloc_skb+0x101/0x320
[  157.893625][ T9665]  inet_ifmcaddr_notify+0x64/0x120
[  157.893656][ T9665]  __ip_mc_dec_group+0x1ac/0x3d0
[  157.893706][ T9665]  ip_mc_down+0x13d/0x1c0
[  157.893744][ T9665]  inetdev_event+0x1b3/0xc10
[  157.893799][ T9665]  ? __rcu_read_unlock+0x4f/0x70
[  157.893821][ T9665]  ? ib_netdevice_event+0x281/0x5f0
[  157.893889][ T9665]  ? __pfx_arp_netdev_event+0x10/0x10
[  157.893992][ T9665]  ? __pfx_inetdev_event+0x10/0x10
[  157.894071][ T9665]  raw_notifier_call_chain+0x6f/0x1b0
[  157.894091][ T9665]  ? call_netdevice_notifiers_info+0x9c/0x100
[  157.894124][ T9665]  call_netdevice_notifiers_info+0xae/0x100
[  157.894157][ T9665]  netif_close_many+0x170/0x240
[  157.894232][ T9665]  __dev_change_net_namespace+0x682/0x15b0
[  157.894268][ T9665]  dev_change_net_namespace+0x2a/0x40
[  157.894289][ T9665]  cfg802154_switch_netns+0x88/0x290
[  157.894352][ T9665]  nl802154_wpan_phy_netns+0xcb/0x160
[  157.894400][ T9665]  genl_family_rcv_msg_doit+0x140/0x1b0
[  157.894437][ T9665]  genl_rcv_msg+0x422/0x460
[  157.894513][ T9665]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  157.894553][ T9665]  ? __pfx_nl802154_wpan_phy_netns+0x10/0x10
[  157.894584][ T9665]  ? __pfx_nl802154_post_doit+0x10/0x10
[  157.894657][ T9665]  netlink_rcv_skb+0x123/0x220
[  157.894680][ T9665]  ? __pfx_genl_rcv_msg+0x10/0x10
[  157.894730][ T9665]  genl_rcv+0x28/0x40
[  157.894757][ T9665]  netlink_unicast+0x5bd/0x690
[  157.894781][ T9665]  netlink_sendmsg+0x58b/0x6b0
[  157.894808][ T9665]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.894904][ T9665]  __sock_sendmsg+0x145/0x180
[  157.894934][ T9665]  ____sys_sendmsg+0x31e/0x4e0
[  157.894964][ T9665]  ___sys_sendmsg+0x17b/0x1d0
[  157.894999][ T9665]  __x64_sys_sendmsg+0xd4/0x160
[  157.895028][ T9665]  x64_sys_call+0x191e/0x2ff0
[  157.895050][ T9665]  do_syscall_64+0xd2/0x200
[  157.895163][ T9665]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  157.895187][ T9665]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  157.895215][ T9665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.895251][ T9665] RIP: 0033:0x7f1f75adeba9
[  157.895312][ T9665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.895331][ T9665] RSP: 002b:00007f1f7453f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  157.895378][ T9665] RAX: ffffffffffffffda RBX: 00007f1f75d25fa0 RCX: 00007f1f75adeba9
[  157.895392][ T9665] RDX: 0000000004000000 RSI: 0000200000000280 RDI: 000000000000000b
[  157.895405][ T9665] RBP: 00007f1f7453f090 R08: 0000000000000000 R09: 0000000000000000
[  157.895490][ T9665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.895503][ T9665] R13: 00007f1f75d26038 R14: 00007f1f75d25fa0 R15: 00007ffe18f79648
[  157.895521][ T9665]  </TASK>
[  158.384866][ T9682] loop2: detected capacity change from 0 to 512
[  158.403642][ T9682] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.416621][ T9682] ext4 filesystem being mounted at /381/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.429743][ T9688] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1965'.
[  158.448825][ T9690] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  158.448825][ T9690]    program syz.0.1964 not setting count and/or reply_len properly
[  158.491420][ T9694] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  158.524618][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.532544][ T9690] vcan0: tx drop: invalid sa for name 0x0000000000000004
[  158.554135][ T9697] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1969'.
[  158.656517][ T9707] loop0: detected capacity change from 0 to 128
[  158.667488][ T9709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.680103][ T9709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.691949][ T9707] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  158.700191][ T9707] FAT-fs (loop0): Filesystem has been set read-only
[  158.713712][ T9709] loop3: detected capacity change from 0 to 512
[  158.720454][ T9707] bio_check_eod: 111164 callbacks suppressed
[  158.720474][ T9707] syz.0.1973: attempt to access beyond end of device
[  158.720474][ T9707] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  158.742418][ T9709] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  158.752466][ T9707] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  158.760654][ T9707] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  158.770819][ T9709] EXT4-fs (loop3): Can't support bigalloc feature without extents feature
[  158.770819][ T9709] 
[  158.781646][ T9709] EXT4-fs (loop3): Skipping orphan cleanup due to unknown ROCOMPAT features
[  158.792082][ T9707] syz.0.1973: attempt to access beyond end of device
[  158.792082][ T9707] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  158.807100][ T9709] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.826179][ T9707] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  158.889292][ T9716] loop1: detected capacity change from 0 to 512
[  158.922741][ T9707] syz.0.1973: attempt to access beyond end of device
[  158.922741][ T9707] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  158.936848][ T9706] syz.0.1973: attempt to access beyond end of device
[  158.936848][ T9706] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  158.950305][ T9706] buffer_io_error: 110549 callbacks suppressed
[  158.950345][ T9706] Buffer I/O error on dev loop0, logical block 2065, async page read
[  158.966092][ T9706] syz.0.1973: attempt to access beyond end of device
[  158.966092][ T9706] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[  158.979447][ T3398] tipc: Node number set to 2795016275
[  158.984961][ T9706] Buffer I/O error on dev loop0, logical block 2066, async page read
[  159.014280][ T9707] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  159.022255][ T9707] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  159.032177][ T9716] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  159.038520][ T9706] syz.0.1973: attempt to access beyond end of device
[  159.038520][ T9706] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128
[  159.040347][ T9716] EXT4-fs (loop1): orphan cleanup on readonly fs
[  159.053642][ T9706] Buffer I/O error on dev loop0, logical block 2067, async page read
[  159.094480][ T9706] syz.0.1973: attempt to access beyond end of device
[  159.094480][ T9706] loop0: rw=0, sector=2068, nr_sectors = 1 limit=128
[  159.095029][ T9716] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.1975: corrupted inode contents
[  159.107906][ T9706] Buffer I/O error on dev loop0, logical block 2068, async page read
[  159.108017][ T9706] syz.0.1973: attempt to access beyond end of device
[  159.108017][ T9706] loop0: rw=0, sector=2069, nr_sectors = 1 limit=128
[  159.141641][ T9706] Buffer I/O error on dev loop0, logical block 2069, async page read
[  159.149878][ T9706] syz.0.1973: attempt to access beyond end of device
[  159.149878][ T9706] loop0: rw=0, sector=2070, nr_sectors = 1 limit=128
[  159.163342][ T9706] Buffer I/O error on dev loop0, logical block 2070, async page read
[  159.171531][ T9706] syz.0.1973: attempt to access beyond end of device
[  159.171531][ T9706] loop0: rw=0, sector=2071, nr_sectors = 1 limit=128
[  159.179166][ T9716] EXT4-fs (loop1): Remounting filesystem read-only
[  159.184782][ T9706] Buffer I/O error on dev loop0, logical block 2071, async page read
[  159.184858][ T9706] Buffer I/O error on dev loop0, logical block 2072, async page read
[  159.192380][ T9716] EXT4-fs (loop1): 1 truncate cleaned up
[  159.199567][ T9706] Buffer I/O error on dev loop0, logical block 2065, async page read
[  159.207685][ T6976] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  159.213278][ T9706] Buffer I/O error on dev loop0, logical block 2066, async page read
[  159.221435][ T6976] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  159.255826][ T6976] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  159.281891][ T9716] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  159.343224][ T9697] Set syz1 is full, maxelem 65536 reached
[  159.756236][ T9726] loop0: detected capacity change from 0 to 512
[  159.957915][ T9727] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  159.988904][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.282189][ T9743] loop3: detected capacity change from 0 to 1024
[  160.307194][ T9743] EXT4-fs: Ignoring removed i_version option
[  160.334805][ T9743] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  160.365583][ T9743] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1982: Invalid block bitmap block 0 in block_group 0
[  160.390008][ T9743] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.1982: Failed to acquire dquot type 0
[  160.412059][ T9743] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.1982: Freeing blocks not in datazone - block = 0, count = 4096
[  160.462159][ T9755] loop4: detected capacity change from 0 to 1024
[  160.469471][ T9743] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.1982: Invalid inode bitmap blk 0 in block_group 0
[  160.483397][ T9743] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  160.492933][ T6976] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:12: Failed to release dquot type 0
[  160.515598][ T9743] EXT4-fs (loop3): 1 orphan inode deleted
[  160.521784][ T9743] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.526926][ T9755] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.572697][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.596669][ T9755] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1987: Allocating blocks 385-513 which overlap fs metadata
[  160.638202][ T9761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1990'.
[  160.682814][ T9754] EXT4-fs (loop4): pa ffff8881071cd770: logic 16, phys. 129, len 24
[  160.690961][ T9754] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  160.769099][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.934188][ T9772] FAULT_INJECTION: forcing a failure.
[  160.934188][ T9772] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.947344][ T9772] CPU: 0 UID: 0 PID: 9772 Comm: syz.4.1993 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  160.947371][ T9772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  160.947385][ T9772] Call Trace:
[  160.947393][ T9772]  <TASK>
[  160.947403][ T9772]  __dump_stack+0x1d/0x30
[  160.947455][ T9772]  dump_stack_lvl+0xe8/0x140
[  160.947476][ T9772]  dump_stack+0x15/0x1b
[  160.947494][ T9772]  should_fail_ex+0x265/0x280
[  160.947556][ T9772]  should_fail+0xb/0x20
[  160.947575][ T9772]  should_fail_usercopy+0x1a/0x20
[  160.947598][ T9772]  _copy_to_user+0x20/0xa0
[  160.947696][ T9772]  simple_read_from_buffer+0xb5/0x130
[  160.947822][ T9772]  proc_fail_nth_read+0x10e/0x150
[  160.947848][ T9772]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  160.947874][ T9772]  vfs_read+0x1a8/0x770
[  160.947894][ T9772]  ? __fput+0x555/0x650
[  160.947967][ T9772]  ? __rcu_read_unlock+0x4f/0x70
[  160.947987][ T9772]  ? __fget_files+0x184/0x1c0
[  160.948016][ T9772]  ksys_read+0xda/0x1a0
[  160.948038][ T9772]  __x64_sys_read+0x40/0x50
[  160.948110][ T9772]  x64_sys_call+0x27bc/0x2ff0
[  160.948215][ T9772]  do_syscall_64+0xd2/0x200
[  160.948265][ T9772]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  160.948312][ T9772]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  160.948339][ T9772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.948362][ T9772] RIP: 0033:0x7f900a0bd5bc
[  160.948395][ T9772] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  160.948417][ T9772] RSP: 002b:00007f9008b1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  160.948440][ T9772] RAX: ffffffffffffffda RBX: 00007f900a305fa0 RCX: 00007f900a0bd5bc
[  160.948474][ T9772] RDX: 000000000000000f RSI: 00007f9008b1f0a0 RDI: 0000000000000005
[  160.948485][ T9772] RBP: 00007f9008b1f090 R08: 0000000000000000 R09: 0000000000000000
[  160.948497][ T9772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.948571][ T9772] R13: 00007f900a306038 R14: 00007f900a305fa0 R15: 00007fffe3c6af38
[  160.948593][ T9772]  </TASK>
[  160.982875][ T9761] Set syz1 is full, maxelem 65536 reached
[  161.298148][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.725825][ T9787] syzkaller0: entered promiscuous mode
[  161.731347][ T9787] syzkaller0: entered allmulticast mode
[  161.897045][   T29] kauditd_printk_skb: 187 callbacks suppressed
[  161.897063][   T29] audit: type=1326 audit(1757874037.619:9284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  161.927173][   T29] audit: type=1326 audit(1757874037.619:9285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  161.997321][   T29] audit: type=1326 audit(1757874037.619:9286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.021402][   T29] audit: type=1326 audit(1757874037.619:9287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.045078][   T29] audit: type=1326 audit(1757874037.619:9288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.068734][   T29] audit: type=1326 audit(1757874037.619:9289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.092255][   T29] audit: type=1326 audit(1757874037.619:9290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.115877][   T29] audit: type=1326 audit(1757874037.619:9291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.139627][   T29] audit: type=1326 audit(1757874037.619:9292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.163151][   T29] audit: type=1326 audit(1757874037.619:9293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.4.2000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900a0beba9 code=0x7ffc0000
[  162.265419][ T9810] loop0: detected capacity change from 0 to 128
[  162.364761][ T9817] syzkaller0: entered promiscuous mode
[  162.370478][ T9817] syzkaller0: entered allmulticast mode
[  162.393027][ T9818] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  162.401018][ T9818] FAT-fs (loop0): Filesystem has been set read-only
[  162.410871][ T9818] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  162.418844][ T9818] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  162.469879][ T9821] netlink: 'syz.1.2012': attribute type 3 has an invalid length.
[  162.503157][ T9826] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2014'.
[  162.524973][ T9824] loop3: detected capacity change from 0 to 128
[  162.548056][ T9824] netlink: 202732 bytes leftover after parsing attributes in process `syz.3.2013'.
[  162.564431][ T9824] netlink: zone id is out of range
[  162.569721][ T9824] netlink: zone id is out of range
[  162.574927][ T9824] netlink: zone id is out of range
[  162.580081][ T9824] netlink: zone id is out of range
[  162.585315][ T9824] netlink: zone id is out of range
[  162.588180][ T9831] netlink: 'syz.1.2016': attribute type 1 has an invalid length.
[  162.590698][ T9824] netlink: zone id is out of range
[  162.601401][ T9832] ip6gre1: entered allmulticast mode
[  162.603469][ T9824] netlink: zone id is out of range
[  162.603505][ T9824] netlink: zone id is out of range
[  162.657094][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.676746][ T9837] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2016'.
[  162.715467][ T9831] 8021q: adding VLAN 0 to HW filter on device bond3
[  162.782368][ T9837] bond3 (unregistering): Released all slaves
[  162.953227][ T9851] loop1: detected capacity change from 0 to 512
[  162.998491][ T9851] EXT4-fs (loop1): failed to initialize system zone (-117)
[  163.010310][ T9851] EXT4-fs (loop1): mount failed
[  163.199104][ T9855] syzkaller0: entered promiscuous mode
[  163.204946][ T9855] syzkaller0: entered allmulticast mode
[  163.516591][ T9861] loop0: detected capacity change from 0 to 512
[  163.558179][ T9861] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  163.618198][ T9866] loop2: detected capacity change from 0 to 512
[  163.630486][ T9867] loop4: detected capacity change from 0 to 512
[  163.645802][ T9866] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  163.710325][ T9866] EXT4-fs (loop2): 1 truncate cleaned up
[  163.717076][ T9861] EXT4-fs (loop0): 1 truncate cleaned up
[  163.723200][ T9867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.738583][ T9866] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.753778][ T9861] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.790041][ T9867] ext4 filesystem being mounted at /400/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.023397][ T9882] netlink: 'syz.1.2034': attribute type 1 has an invalid length.
[  164.046967][ T9882] 8021q: adding VLAN 0 to HW filter on device bond3
[  164.057161][ T9884] tipc: Started in network mode
[  164.062172][ T9884] tipc: Node identity ac14140f, cluster identity 4711
[  164.082877][ T9882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2034'.
[  164.092292][ T9884] tipc: New replicast peer: 255.255.255.255
[  164.098436][ T9884] tipc: Enabled bearer <udp:s>, priority 10
[  164.127246][ T9882] bond3 (unregistering): Released all slaves
[  164.217802][ T9892] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2038'.
[  164.288795][ T9889] syzkaller0: entered promiscuous mode
[  164.294350][ T9889] syzkaller0: entered allmulticast mode
[  164.361305][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.382199][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.420143][ T9901] loop4: detected capacity change from 0 to 512
[  164.441250][ T9901] loop4: detected capacity change from 0 to 512
[  164.469973][ T9908] loop1: detected capacity change from 0 to 512
[  164.510185][ T9901] loop4: detected capacity change from 0 to 512
[  164.517615][ T9908] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  164.545716][ T9908] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.564577][ T9912] SELinux:  Context Ü is not valid (left unmapped).
[  164.568999][ T9908] ext4 filesystem being mounted at /423/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.591365][ T9901] loop4: detected capacity change from 0 to 512
[  164.610980][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.620697][ T9908] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.2043: corrupted xattr block 19: overlapping e_value 
[  164.623001][ T9901] loop4: detected capacity change from 0 to 512
[  164.639918][ T9910] syzkaller0: entered promiscuous mode
[  164.646504][ T9910] syzkaller0: entered allmulticast mode
[  164.646655][ T9918] loop3: detected capacity change from 0 to 512
[  164.659731][ T9918] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  164.670107][ T9908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  164.681472][ T9908] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.2043: corrupted xattr block 19: overlapping e_value 
[  164.682645][ T9923] loop2: detected capacity change from 0 to 512
[  164.702109][ T9908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  164.712552][ T9918] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.717875][ T9901] loop4: detected capacity change from 0 to 512
[  164.730001][ T9908] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.2043: corrupted xattr block 19: overlapping e_value 
[  164.745774][ T9918] ext4 filesystem being mounted at /405/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.757022][ T9923] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  164.772241][ T9901] loop4: detected capacity change from 0 to 512
[  164.779186][ T9918] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.2047: corrupted xattr block 19: overlapping e_value 
[  164.794465][ T9923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.804833][ T9901] loop4: detected capacity change from 0 to 512
[  164.816610][ T9923] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.827160][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.827749][ T9918] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[  164.851650][ T9918] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.2047: corrupted xattr block 19: overlapping e_value 
[  164.855044][ T9933] loop0: detected capacity change from 0 to 128
[  164.865402][ T9923] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.2046: corrupted xattr block 19: overlapping e_value 
[  164.885862][ T9918] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[  164.889519][ T9901] loop4: detected capacity change from 0 to 512
[  164.895275][ T9918] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.2047: corrupted xattr block 19: overlapping e_value 
[  164.903915][ T9923] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  164.925807][ T9872] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  164.937290][ T9923] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.2046: corrupted xattr block 19: overlapping e_value 
[  164.954622][ T9933] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  164.962697][ T9933] FAT-fs (loop0): Filesystem has been set read-only
[  164.965135][ T9923] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  164.969732][ T9933] bio_check_eod: 60504 callbacks suppressed
[  164.969746][ T9933] syz.0.2049: attempt to access beyond end of device
[  164.969746][ T9933] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  164.978570][ T9923] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.2046: corrupted xattr block 19: overlapping e_value 
[  165.007033][ T9901] loop4: detected capacity change from 0 to 512
[  165.018205][ T9933] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  165.023226][ T9872] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  165.026341][ T9933] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  165.056826][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.056826][ T9938] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  165.070376][ T9938] buffer_io_error: 60006 callbacks suppressed
[  165.070393][ T9938] Buffer I/O error on dev loop0, logical block 2065, async page read
[  165.082864][ T9901] loop4: detected capacity change from 0 to 512
[  165.085112][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.085112][ T9938] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[  165.104719][ T9938] Buffer I/O error on dev loop0, logical block 2066, async page read
[  165.111194][ T9941] loop1: detected capacity change from 0 to 512
[  165.128277][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.128277][ T9938] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128
[  165.132800][ T9901] loop4: detected capacity change from 0 to 512
[  165.141587][ T9938] Buffer I/O error on dev loop0, logical block 2067, async page read
[  165.147921][   T10] tipc: Node number set to 2886997007
[  165.157518][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.157518][ T9938] loop0: rw=0, sector=2068, nr_sectors = 1 limit=128
[  165.163412][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.175196][ T9938] Buffer I/O error on dev loop0, logical block 2068, async page read
[  165.193512][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.193512][ T9938] loop0: rw=0, sector=2069, nr_sectors = 1 limit=128
[  165.193647][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.206961][ T9938] Buffer I/O error on dev loop0, logical block 2069, async page read
[  165.223470][ T9901] loop4: detected capacity change from 0 to 512
[  165.224339][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.224339][ T9938] loop0: rw=0, sector=2070, nr_sectors = 1 limit=128
[  165.232019][ T9941] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.243610][ T9938] Buffer I/O error on dev loop0, logical block 2070, async page read
[  165.264328][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.264328][ T9938] loop0: rw=0, sector=2071, nr_sectors = 1 limit=128
[  165.277823][ T9938] Buffer I/O error on dev loop0, logical block 2071, async page read
[  165.279324][ T9901] loop4: detected capacity change from 0 to 512
[  165.289943][ T9938] syz.0.2049: attempt to access beyond end of device
[  165.289943][ T9938] loop0: rw=0, sector=2072, nr_sectors = 1 limit=128
[  165.305542][ T9938] Buffer I/O error on dev loop0, logical block 2072, async page read
[  165.313998][ T9933] syz.0.2049: attempt to access beyond end of device
[  165.313998][ T9933] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  165.314911][ T9941] ext4 filesystem being mounted at /425/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  165.327462][ T9933] Buffer I/O error on dev loop0, logical block 2065, async page read
[  165.347608][ T9933] Buffer I/O error on dev loop0, logical block 2066, async page read
[  165.362455][ T9901] loop4: detected capacity change from 0 to 512
[  165.370448][ T9952] loop3: detected capacity change from 0 to 128
[  165.410548][ T9952] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  165.447646][ T9901] loop4: detected capacity change from 0 to 512
[  165.454606][ T9952] ext4 filesystem being mounted at /406/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  165.755682][ T9901] loop4: detected capacity change from 0 to 512
[  165.785395][ T9901] loop4: detected capacity change from 0 to 512
[  165.831043][ T3305] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  165.840872][ T9901] loop4: detected capacity change from 0 to 512
[  165.871563][ T9901] loop4: detected capacity change from 0 to 512
[  165.892620][ T9901] loop4: detected capacity change from 0 to 512
[  165.906678][ T9968] syzkaller0: entered promiscuous mode
[  165.911549][ T9901] loop4: detected capacity change from 0 to 512
[  165.912337][ T9968] syzkaller0: entered allmulticast mode
[  165.934588][ T9901] loop4: detected capacity change from 0 to 512
[  165.967035][ T9901] loop4: detected capacity change from 0 to 512
[  165.991537][ T9901] loop4: detected capacity change from 0 to 512
[  166.026722][ T9901] loop4: detected capacity change from 0 to 512
[  166.072843][ T9901] loop4: detected capacity change from 0 to 512
[  166.102885][ T9901] loop4: detected capacity change from 0 to 512
[  166.123970][ T9980] syzkaller0: entered promiscuous mode
[  166.125183][ T9901] loop4: detected capacity change from 0 to 512
[  166.129543][ T9980] syzkaller0: entered allmulticast mode
[  166.159787][ T9901] loop4: detected capacity change from 0 to 512
[  166.201617][ T9901] loop4: detected capacity change from 0 to 512
[  166.234995][ T9901] loop4: detected capacity change from 0 to 512
[  166.275455][ T9901] loop4: detected capacity change from 0 to 512
[  166.299244][ T9997] loop0: detected capacity change from 0 to 128
[  166.309320][ T9997] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  166.317492][ T9997] FAT-fs (loop0): Filesystem has been set read-only
[  166.324147][ T9997] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  166.332067][ T9997] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  166.363341][ T9995] loop3: detected capacity change from 0 to 512
[  166.378680][ T9901] loop4: detected capacity change from 0 to 512
[  166.415192][ T9995] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  166.429377][ T9995] EXT4-fs (loop3): orphan cleanup on readonly fs
[  166.438334][ T9995] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.2061: corrupted inode contents
[  166.450449][ T9995] EXT4-fs (loop3): Remounting filesystem read-only
[  166.457171][ T9995] EXT4-fs (loop3): 1 truncate cleaned up
[  166.470234][ T9901] loop4: detected capacity change from 0 to 512
[  166.477643][   T39] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  166.488351][   T39] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  166.523757][ T9901] loop4: detected capacity change from 0 to 512
[  166.532617][   T39] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  166.555925][ T9901] loop4: detected capacity change from 0 to 512
[  166.561415][ T9995] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  166.612966][ T9901] loop4: detected capacity change from 0 to 512
[  166.660735][ T9901] loop4: detected capacity change from 0 to 512
[  166.700803][ T9901] loop4: detected capacity change from 0 to 512
[  166.745868][ T9901] loop4: detected capacity change from 0 to 512
[  166.783253][ T9901] loop4: detected capacity change from 0 to 512
[  166.826457][ T9901] loop4: detected capacity change from 0 to 512
[  166.855047][ T9901] loop4: detected capacity change from 0 to 512
[  166.888049][ T9901] loop4: detected capacity change from 0 to 512
[  166.922045][ T9901] loop4: detected capacity change from 0 to 512
[  166.957062][ T9901] loop4: detected capacity change from 0 to 512
[  166.999696][ T9901] loop4: detected capacity change from 0 to 512
[  167.072498][ T9901] loop4: detected capacity change from 0 to 512
[  167.100555][ T9901] loop4: detected capacity change from 0 to 512
[  167.135927][ T9901] loop4: detected capacity change from 0 to 512
[  167.171571][ T9901] loop4: detected capacity change from 0 to 512
[  167.209309][ T9901] loop4: detected capacity change from 0 to 512
[  167.229542][ T9901] loop4: detected capacity change from 0 to 512
[  167.245142][T10024] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  167.282400][ T9901] loop4: detected capacity change from 0 to 512
[  167.322872][ T9901] loop4: detected capacity change from 0 to 512
[  167.348721][ T9901] loop4: detected capacity change from 0 to 512
[  167.372841][ T9901] loop4: detected capacity change from 0 to 512
[  167.401119][ T9901] loop4: detected capacity change from 0 to 512
[  167.423704][ T9901] loop4: detected capacity change from 0 to 512
[  167.458261][ T9901] loop4: detected capacity change from 0 to 512
[  167.471319][T10056] loop2: detected capacity change from 0 to 128
[  167.487848][T10049] syzkaller0: entered promiscuous mode
[  167.493486][T10049] syzkaller0: entered allmulticast mode
[  167.502467][ T9901] loop4: detected capacity change from 0 to 512
[  167.527509][ T9901] loop4: detected capacity change from 0 to 512
[  167.557005][ T9901] loop4: detected capacity change from 0 to 512
[  167.586578][ T9901] loop4: detected capacity change from 0 to 512
[  167.706661][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.730650][T10071] netlink: 'syz.3.2077': attribute type 1 has an invalid length.
[  167.750841][T10071] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.767836][T10071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2077'.
[  167.782720][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  167.782738][   T29] audit: type=1326 audit(1757874043.293:9413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.784336][T10071] bond0 (unregistering): Released all slaves
[  167.789098][   T29] audit: type=1326 audit(1757874043.293:9414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.842750][   T29] audit: type=1326 audit(1757874043.293:9415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.866589][   T29] audit: type=1326 audit(1757874043.293:9416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.890244][   T29] audit: type=1326 audit(1757874043.293:9417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.914517][   T29] audit: type=1326 audit(1757874043.321:9418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.938048][   T29] audit: type=1326 audit(1757874043.321:9419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.960914][T10077] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=10077 comm=syz.4.2078
[  167.961764][   T29] audit: type=1326 audit(1757874043.321:9420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  167.998136][   T29] audit: type=1326 audit(1757874043.321:9421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  168.021891][   T29] audit: type=1326 audit(1757874043.321:9422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10075 comm="syz.0.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f75adeba9 code=0x7ffc0000
[  168.073964][T10079] tipc: New replicast peer: 255.255.255.255
[  168.080153][T10079] tipc: Enabled bearer <udp:s >, priority 10
[  168.108494][T10081] loop0: detected capacity change from 0 to 164
[  168.190951][T10087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2083'.
[  168.363747][T10096] loop3: detected capacity change from 0 to 512
[  168.371955][T10096] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  168.403514][T10096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.422295][T10096] ext4 filesystem being mounted at /413/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.443370][T10096] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.2085: corrupted xattr block 19: overlapping e_value 
[  168.461673][T10096] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[  168.498850][T10096] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.2085: corrupted xattr block 19: overlapping e_value 
[  168.525595][T10096] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[  168.539405][T10096] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.2085: corrupted xattr block 19: overlapping e_value 
[  168.561764][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.587195][T10087] net_ratelimit: 18 callbacks suppressed
[  168.587218][T10087] Set syz1 is full, maxelem 65536 reached
[  168.639868][T10107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2088'.
[  168.669569][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.703853][T10110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2091'.
[  168.706376][T10112] tipc: New replicast peer: 255.255.255.255
[  168.719096][T10112] tipc: Enabled bearer <udp:s >, priority 10
[  168.757581][T10117] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2090'.
[  168.803132][T10114] loop0: detected capacity change from 0 to 8192
[  168.912172][T10129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2097'.
[  168.949982][T10132] loop4: detected capacity change from 0 to 512
[  168.969165][T10132] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  169.019986][T10132] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.038491][T10141] loop1: detected capacity change from 0 to 164
[  169.061921][T10132] ext4 filesystem being mounted at /408/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.110706][T10117] Set syz1 is full, maxelem 65536 reached
[  169.123215][T10141] FAULT_INJECTION: forcing a failure.
[  169.123215][T10141] name failslab, interval 1, probability 0, space 0, times 0
[  169.135922][T10132] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.2100: corrupted xattr block 19: overlapping e_value 
[  169.149792][T10141] CPU: 0 UID: 0 PID: 10141 Comm: syz.1.2102 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  169.149826][T10141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  169.149915][T10141] Call Trace:
[  169.149922][T10141]  <TASK>
[  169.149930][T10141]  __dump_stack+0x1d/0x30
[  169.149956][T10141]  dump_stack_lvl+0xe8/0x140
[  169.149977][T10141]  dump_stack+0x15/0x1b
[  169.149995][T10141]  should_fail_ex+0x265/0x280
[  169.150053][T10141]  should_failslab+0x8c/0xb0
[  169.150080][T10141]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  169.150166][T10141]  ? kstrdup_const+0x3e/0x50
[  169.150196][T10141]  kstrdup+0x3e/0xd0
[  169.150221][T10141]  kstrdup_const+0x3e/0x50
[  169.150293][T10141]  __kernfs_new_node+0x3f/0x350
[  169.150322][T10141]  ? bpf_trace_run2+0x124/0x1c0
[  169.150351][T10141]  ? kobject_uevent_env+0x28d/0x570
[  169.150515][T10141]  ? add_uevent_var+0x17d/0x1d0
[  169.150557][T10141]  kernfs_new_node+0xd0/0x140
[  169.150664][T10141]  kernfs_create_link+0x70/0x130
[  169.150718][T10141]  sysfs_do_create_link_sd+0x6a/0x100
[  169.150744][T10141]  sysfs_create_link+0x51/0x70
[  169.150767][T10141]  driver_sysfs_add+0x54/0x160
[  169.150796][T10141]  device_bind_driver+0x17/0x60
[  169.150881][T10141]  usb_driver_claim_interface+0x1af/0x280
[  169.150974][T10141]  proc_disconnect_claim+0x2e2/0x370
[  169.151020][T10141]  usbdev_ioctl+0xe30/0x1710
[  169.151121][T10141]  ? __pfx_usbdev_ioctl+0x10/0x10
[  169.151150][T10141]  __se_sys_ioctl+0xce/0x140
[  169.151183][T10141]  __x64_sys_ioctl+0x43/0x50
[  169.151203][T10141]  x64_sys_call+0x1816/0x2ff0
[  169.151292][T10141]  do_syscall_64+0xd2/0x200
[  169.151396][T10141]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  169.151421][T10141]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  169.151465][T10141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.151488][T10141] RIP: 0033:0x7f45494ceba9
[  169.151506][T10141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.151526][T10141] RSP: 002b:00007f4547f2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  169.151557][T10141] RAX: ffffffffffffffda RBX: 00007f4549715fa0 RCX: 00007f45494ceba9
[  169.151607][T10141] RDX: 0000200000000000 RSI: 000000008108551b RDI: 000000000000000e
[  169.151621][T10141] RBP: 00007f4547f2f090 R08: 0000000000000000 R09: 0000000000000000
[  169.151635][T10141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.151658][T10141] R13: 00007f4549716038 R14: 00007f4549715fa0 R15: 00007ffff8c99418
[  169.151678][T10141]  </TASK>
[  169.153076][T10132] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  169.243916][T10141] pim6reg: entered allmulticast mode
[  169.261924][T10132] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.2100: corrupted xattr block 19: overlapping e_value 
[  169.271631][T10141] pim6reg: left allmulticast mode
[  169.290433][T10147] loop3: detected capacity change from 0 to 164
[  169.364738][T10132] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  169.383270][T10147] iso9660: Bad value for 'map'
[  169.386335][T10132] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.2100: corrupted xattr block 19: overlapping e_value 
[  169.488999][T10147] pim6reg: entered allmulticast mode
[  169.495129][T10147] pim6reg: left allmulticast mode
[  169.508749][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.532931][T10153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2104'.
[  169.533435][T10152] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2105'.
[  169.585851][T10158] loop4: detected capacity change from 0 to 128
[  169.596242][T10158] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  169.604274][T10158] FAT-fs (loop4): Filesystem has been set read-only
[  169.612161][T10158] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  169.620166][T10158] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  169.653343][T10166] loop2: detected capacity change from 0 to 128
[  169.686705][ T3303] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  169.694725][ T3303] FAT-fs (loop0): Filesystem has been set read-only
[  169.702934][T10166] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  169.710914][T10166] FAT-fs (loop2): Filesystem has been set read-only
[  169.717974][T10166] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  169.725848][T10166] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  169.818586][T10177] loop3: detected capacity change from 0 to 128
[  170.038101][T10177] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  170.053313][T10177] ext4 filesystem being mounted at /418/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  170.315051][T10166] bio_check_eod: 105034 callbacks suppressed
[  170.315074][T10166] syz.2.2109: attempt to access beyond end of device
[  170.315074][T10166] loop2: rw=0, sector=2071, nr_sectors = 1 limit=128
[  170.315976][T10158] syz.4.2107: attempt to access beyond end of device
[  170.315976][T10158] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[  170.321216][T10166] syz.2.2109: attempt to access beyond end of device
[  170.321216][T10166] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128
[  170.343537][T10158] syz.4.2107: attempt to access beyond end of device
[  170.343537][T10158] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128
[  170.361410][T10191] loop0: detected capacity change from 0 to 8192
[  170.380856][T10158] syz.4.2107: attempt to access beyond end of device
[  170.380856][T10158] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128
[  170.394743][T10166] syz.2.2109: attempt to access beyond end of device
[  170.394743][T10166] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  170.408856][T10166] syz.2.2109: attempt to access beyond end of device
[  170.408856][T10166] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  170.411092][T10158] syz.4.2107: attempt to access beyond end of device
[  170.411092][T10158] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128
[  170.422146][T10166] buffer_io_error: 104053 callbacks suppressed
[  170.422159][T10166] Buffer I/O error on dev loop2, logical block 2066, async page read
[  170.435333][T10158] Buffer I/O error on dev loop4, logical block 2071, async page read
[  170.441748][T10166] syz.2.2109: attempt to access beyond end of device
[  170.441748][T10166] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[  170.451123][T10158] syz.4.2107: attempt to access beyond end of device
[  170.451123][T10158] loop4: rw=0, sector=2072, nr_sectors = 1 limit=128
[  170.457995][T10166] Buffer I/O error on dev loop2, logical block 2067, async page read
[  170.462693][T10166] Buffer I/O error on dev loop2, logical block 2068, async page read
[  170.471274][T10158] Buffer I/O error on dev loop4, logical block 2072, async page read
[  170.508891][T10166] Buffer I/O error on dev loop2, logical block 2069, async page read
[  170.508980][T10158] Buffer I/O error on dev loop4, logical block 2065, async page read
[  170.516978][T10166] Buffer I/O error on dev loop2, logical block 2070, async page read
[  170.527607][T10158] Buffer I/O error on dev loop4, logical block 2066, async page read
[  170.542166][T10158] Buffer I/O error on dev loop4, logical block 2067, async page read
[  170.629692][ T3305] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  170.751630][T10204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2119'.
[  170.766546][T10206] loop2: detected capacity change from 0 to 512
[  170.789261][T10208] netlink: 'syz.3.2118': attribute type 10 has an invalid length.
[  170.797364][T10208] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2118'.
[  170.806599][T10206] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  170.814219][T10208] dummy0: entered promiscuous mode
[  170.826239][T10208] bridge0: port 3(dummy0) entered blocking state
[  170.832796][T10208] bridge0: port 3(dummy0) entered disabled state
[  170.839642][T10208] dummy0: entered allmulticast mode
[  170.845895][T10206] EXT4-fs (loop2): 1 truncate cleaned up
[  170.852225][T10206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.852254][T10208] bridge0: port 3(dummy0) entered blocking state
[  170.852413][T10208] bridge0: port 3(dummy0) entered forwarding state
[  170.915702][T10214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.937528][T10214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.973153][T10214] loop1: detected capacity change from 0 to 512
[  170.980762][T10214] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  171.006742][T10214] EXT4-fs (loop1): Can't support bigalloc feature without extents feature
[  171.006742][T10214] 
[  171.017636][T10214] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[  171.021034][T10222] netlink: 'syz.3.2125': attribute type 1 has an invalid length.
[  171.027504][T10214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  171.113986][T10227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2125'.
[  171.136668][T10222] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.226121][T10227] bond0 (unregistering): Released all slaves
[  171.235772][T10229] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  171.255428][T10233] loop4: detected capacity change from 0 to 512
[  171.268234][T10233] EXT4-fs: Ignoring removed nobh option
[  171.337220][T10233] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #3: comm syz.4.2128: corrupted inode contents
[  171.355840][T10233] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #3: comm syz.4.2128: mark_inode_dirty error
[  171.369744][T10233] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #3: comm syz.4.2128: corrupted inode contents
[  171.404133][T10233] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.2128: mark_inode_dirty error
[  171.416375][T10233] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.2128: Failed to acquire dquot type 0
[  171.428514][T10233] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2128: corrupted inode contents
[  171.440851][T10233] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #16: comm syz.4.2128: mark_inode_dirty error
[  171.458830][T10233] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2128: corrupted inode contents
[  171.483049][T10233] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.2128: mark_inode_dirty error
[  171.495687][T10233] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2128: corrupted inode contents
[  171.529573][T10233] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  171.538962][T10233] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2128: corrupted inode contents
[  171.554828][T10233] EXT4-fs error (device loop4): ext4_truncate:4666: inode #16: comm syz.4.2128: mark_inode_dirty error
[  171.567110][T10233] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  171.579063][T10233] EXT4-fs (loop4): 1 truncate cleaned up
[  171.590402][T10233] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.603985][T10233] ext4 filesystem being mounted at /414/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.721894][T10259] FAULT_INJECTION: forcing a failure.
[  171.721894][T10259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.735026][T10259] CPU: 1 UID: 0 PID: 10259 Comm: syz.3.2135 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  171.735057][T10259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  171.735068][T10259] Call Trace:
[  171.735075][T10259]  <TASK>
[  171.735082][T10259]  __dump_stack+0x1d/0x30
[  171.735118][T10259]  dump_stack_lvl+0xe8/0x140
[  171.735140][T10259]  dump_stack+0x15/0x1b
[  171.735156][T10259]  should_fail_ex+0x265/0x280
[  171.735247][T10259]  should_fail+0xb/0x20
[  171.735271][T10259]  should_fail_usercopy+0x1a/0x20
[  171.735294][T10259]  _copy_from_iter+0xd2/0xe80
[  171.735321][T10259]  ? skb_set_owner_w+0x16a/0x1c0
[  171.735360][T10259]  ? sock_alloc_send_pskb+0x456/0x4f0
[  171.735391][T10259]  skb_copy_datagram_from_iter+0xb1/0x490
[  171.735418][T10259]  ? __rcu_read_unlock+0x4f/0x70
[  171.735519][T10259]  ? skb_put+0xa9/0xf0
[  171.735553][T10259]  packet_sendmsg+0x25bf/0x31f0
[  171.735576][T10259]  ? __account_obj_stock+0x211/0x350
[  171.735621][T10259]  ? avc_has_perm+0xf7/0x180
[  171.735652][T10259]  ? selinux_socket_sendmsg+0x175/0x1b0
[  171.735691][T10259]  ? __pfx_packet_sendmsg+0x10/0x10
[  171.735789][T10259]  __sock_sendmsg+0x145/0x180
[  171.735825][T10259]  ____sys_sendmsg+0x345/0x4e0
[  171.735858][T10259]  ___sys_sendmsg+0x17b/0x1d0
[  171.735912][T10259]  __sys_sendmmsg+0x178/0x300
[  171.735950][T10259]  __x64_sys_sendmmsg+0x57/0x70
[  171.735982][T10259]  x64_sys_call+0x1c4a/0x2ff0
[  171.736010][T10259]  do_syscall_64+0xd2/0x200
[  171.736038][T10259]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  171.736065][T10259]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  171.736127][T10259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.736148][T10259] RIP: 0033:0x7f71bb68eba9
[  171.736164][T10259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.736184][T10259] RSP: 002b:00007f71ba0f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  171.736208][T10259] RAX: ffffffffffffffda RBX: 00007f71bb8d5fa0 RCX: 00007f71bb68eba9
[  171.736230][T10259] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 000000000000000e
[  171.736246][T10259] RBP: 00007f71ba0f7090 R08: 0000000000000000 R09: 0000000000000000
[  171.736259][T10259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.736272][T10259] R13: 00007f71bb8d6038 R14: 00007f71bb8d5fa0 R15: 00007ffdb4b3ee88
[  171.736294][T10259]  </TASK>
[  171.985834][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.200599][T10267] netlink: 'syz.3.2139': attribute type 1 has an invalid length.
[  172.224692][T10267] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.266267][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2139'.
[  172.283995][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.315318][T10267] bond0 (unregistering): Released all slaves
[  172.323426][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.361130][T10275] loop2: detected capacity change from 0 to 512
[  172.369828][T10275] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  172.398993][T10275] EXT4-fs (loop2): 1 truncate cleaned up
[  172.410977][T10284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  172.414472][T10275] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.419842][T10286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2148'.
[  172.441241][T10284] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  172.459140][T10284] loop4: detected capacity change from 0 to 512
[  172.479299][T10284] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  172.491672][T10284] EXT4-fs (loop4): Can't support bigalloc feature without extents feature
[  172.491672][T10284] 
[  172.502617][T10284] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features
[  172.524178][T10284] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  172.658123][T10299] loop1: detected capacity change from 0 to 764
[  172.675138][T10299] FAULT_INJECTION: forcing a failure.
[  172.675138][T10299] name failslab, interval 1, probability 0, space 0, times 0
[  172.688009][T10299] CPU: 1 UID: 0 PID: 10299 Comm: syz.1.2152 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  172.688040][T10299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  172.688053][T10299] Call Trace:
[  172.688060][T10299]  <TASK>
[  172.688069][T10299]  __dump_stack+0x1d/0x30
[  172.688093][T10299]  dump_stack_lvl+0xe8/0x140
[  172.688187][T10299]  dump_stack+0x15/0x1b
[  172.688204][T10299]  should_fail_ex+0x265/0x280
[  172.688230][T10299]  should_failslab+0x8c/0xb0
[  172.688316][T10299]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  172.688343][T10299]  ? __d_alloc+0x3d/0x340
[  172.688410][T10299]  __d_alloc+0x3d/0x340
[  172.688464][T10299]  d_alloc_parallel+0x53/0xc60
[  172.688579][T10299]  ? __rcu_read_unlock+0x4f/0x70
[  172.688603][T10299]  ? __d_lookup+0x316/0x340
[  172.688632][T10299]  ? try_to_unlazy+0x25e/0x3a0
[  172.688693][T10299]  path_openat+0x6b5/0x2170
[  172.688712][T10299]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  172.688743][T10299]  do_filp_open+0x109/0x230
[  172.688771][T10299]  do_sys_openat2+0xa6/0x110
[  172.688854][T10299]  __x64_sys_open+0xe6/0x110
[  172.688962][T10299]  x64_sys_call+0x1457/0x2ff0
[  172.689017][T10299]  do_syscall_64+0xd2/0x200
[  172.689132][T10299]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  172.689159][T10299]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  172.689193][T10299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.689322][T10299] RIP: 0033:0x7f45494ceba9
[  172.689340][T10299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.689363][T10299] RSP: 002b:00007f4547f2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  172.689383][T10299] RAX: ffffffffffffffda RBX: 00007f4549715fa0 RCX: 00007f45494ceba9
[  172.689396][T10299] RDX: 00000000000000b0 RSI: 0000000000009042 RDI: 0000200000000180
[  172.689408][T10299] RBP: 00007f4547f2f090 R08: 0000000000000000 R09: 0000000000000000
[  172.689420][T10299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.689463][T10299] R13: 00007f4549716038 R14: 00007f4549715fa0 R15: 00007ffff8c99418
[  172.689484][T10299]  </TASK>
[  172.983582][T10312] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in;
[  172.983582][T10312]    program syz.1.2156 not setting count and/or reply_len properly
[  173.040888][T10315] loop7: detected capacity change from 0 to 16384
[  173.257308][T10320] loop1: detected capacity change from 0 to 764
[  173.276534][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.297280][T10316] loop7: detected capacity change from 16384 to 0
[  173.305946][    C0] I/O error, dev loop7, sector 9216 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[  173.333249][T10323] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  173.389210][   T29] kauditd_printk_skb: 164 callbacks suppressed
[  173.389490][   T29] audit: type=1400 audit(1757874048.532:9585): avc:  denied  { connect } for  pid=10321 comm="syz.3.2159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  173.455113][T10332] netlink: 'syz.3.2164': attribute type 1 has an invalid length.
[  173.463345][   T29] audit: type=1326 audit(1757874048.597:9586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.486968][   T29] audit: type=1326 audit(1757874048.597:9587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.510844][   T29] audit: type=1326 audit(1757874048.597:9588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.534972][   T29] audit: type=1326 audit(1757874048.597:9589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.558599][   T29] audit: type=1326 audit(1757874048.597:9590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.582280][   T29] audit: type=1326 audit(1757874048.597:9591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.589975][T10336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2164'.
[  173.605790][   T29] audit: type=1326 audit(1757874048.597:9592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.605843][   T29] audit: type=1326 audit(1757874048.597:9593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.605897][   T29] audit: type=1326 audit(1757874048.597:9594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10331 comm="syz.3.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bb68eba9 code=0x7ffc0000
[  173.674224][T10332] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.698272][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.777799][T10336] bond0 (unregistering): Released all slaves
[  173.784226][T10341] FAULT_INJECTION: forcing a failure.
[  173.784226][T10341] name failslab, interval 1, probability 0, space 0, times 0
[  173.797083][T10341] CPU: 0 UID: 0 PID: 10341 Comm: syz.4.2165 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  173.797174][T10341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  173.797189][T10341] Call Trace:
[  173.797197][T10341]  <TASK>
[  173.797207][T10341]  __dump_stack+0x1d/0x30
[  173.797308][T10341]  dump_stack_lvl+0xe8/0x140
[  173.797326][T10341]  dump_stack+0x15/0x1b
[  173.797370][T10341]  should_fail_ex+0x265/0x280
[  173.797400][T10341]  should_failslab+0x8c/0xb0
[  173.797426][T10341]  __kmalloc_noprof+0xa5/0x3e0
[  173.797466][T10341]  ? security_msg_msg_alloc+0x45/0x100
[  173.797556][T10341]  ? should_fail_ex+0xdb/0x280
[  173.797577][T10341]  security_msg_msg_alloc+0x45/0x100
[  173.797600][T10341]  load_msg+0x226/0x2f0
[  173.797619][T10341]  do_mq_timedsend+0x23e/0x6b0
[  173.797681][T10341]  __x64_sys_mq_timedsend+0xd1/0x160
[  173.797738][T10341]  x64_sys_call+0x1d10/0x2ff0
[  173.797759][T10341]  do_syscall_64+0xd2/0x200
[  173.797789][T10341]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  173.797895][T10341]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  173.797928][T10341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.797979][T10341] RIP: 0033:0x7f900a0beba9
[  173.797999][T10341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.798017][T10341] RSP: 002b:00007f9008b1f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f2
[  173.798037][T10341] RAX: ffffffffffffffda RBX: 00007f900a305fa0 RCX: 00007f900a0beba9
[  173.798050][T10341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  173.798065][T10341] RBP: 00007f9008b1f090 R08: 0000000000000000 R09: 0000000000000000
[  173.798080][T10341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.798122][T10341] R13: 00007f900a306038 R14: 00007f900a305fa0 R15: 00007fffe3c6af38
[  173.798141][T10341]  </TASK>
[  173.995243][T10343] FAULT_INJECTION: forcing a failure.
[  173.995243][T10343] name failslab, interval 1, probability 0, space 0, times 0
[  174.007952][T10343] CPU: 0 UID: 0 PID: 10343 Comm: syz.1.2167 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  174.007985][T10343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  174.008036][T10343] Call Trace:
[  174.008044][T10343]  <TASK>
[  174.008105][T10343]  __dump_stack+0x1d/0x30
[  174.008130][T10343]  dump_stack_lvl+0xe8/0x140
[  174.008153][T10343]  dump_stack+0x15/0x1b
[  174.008173][T10343]  should_fail_ex+0x265/0x280
[  174.008226][T10343]  should_failslab+0x8c/0xb0
[  174.008303][T10343]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  174.008388][T10343]  ? sidtab_sid2str_get+0xa0/0x130
[  174.008410][T10343]  kmemdup_noprof+0x2b/0x70
[  174.008439][T10343]  sidtab_sid2str_get+0xa0/0x130
[  174.008463][T10343]  security_sid_to_context_core+0x1eb/0x2e0
[  174.008484][T10343]  security_sid_to_context+0x27/0x40
[  174.008562][T10343]  selinux_lsmprop_to_secctx+0x67/0xf0
[  174.008588][T10343]  security_lsmprop_to_secctx+0x43/0x80
[  174.008622][T10343]  audit_log_task_context+0x77/0x190
[  174.008663][T10343]  audit_log_task+0xf4/0x250
[  174.008721][T10343]  audit_seccomp+0x61/0x100
[  174.008751][T10343]  ? __seccomp_filter+0x68c/0x10d0
[  174.008777][T10343]  __seccomp_filter+0x69d/0x10d0
[  174.008818][T10343]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  174.008868][T10343]  ? vfs_write+0x7e8/0x960
[  174.008935][T10343]  ? __rcu_read_unlock+0x4f/0x70
[  174.008956][T10343]  ? __fget_files+0x184/0x1c0
[  174.009012][T10343]  __secure_computing+0x82/0x150
[  174.009037][T10343]  syscall_trace_enter+0xcf/0x1e0
[  174.009104][T10343]  do_syscall_64+0xac/0x200
[  174.009178][T10343]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  174.009203][T10343]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  174.009299][T10343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.009319][T10343] RIP: 0033:0x7f45494ceba9
[  174.009335][T10343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.009352][T10343] RSP: 002b:00007f4547f2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a
[  174.009372][T10343] RAX: ffffffffffffffda RBX: 00007f4549715fa0 RCX: 00007f45494ceba9
[  174.009387][T10343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[  174.009402][T10343] RBP: 00007f4547f2f090 R08: 0000000000000000 R09: 0000000000000000
[  174.009471][T10343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.009485][T10343] R13: 00007f4549716038 R14: 00007f4549715fa0 R15: 00007ffff8c99418
[  174.009506][T10343]  </TASK>
[  174.341856][T10352] netlink: 'syz.0.2170': attribute type 1 has an invalid length.
[  174.357397][T10352] 8021q: adding VLAN 0 to HW filter on device bond1
[  174.396386][T10352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2170'.
[  174.454769][T10352] bond1 (unregistering): Released all slaves
[  174.561674][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2174'.
[  174.575900][T10366] loop3: detected capacity change from 0 to 512
[  174.638351][T10370] loop1: detected capacity change from 0 to 512
[  174.690181][T10366] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  174.698604][T10366] EXT4-fs (loop3): orphan cleanup on readonly fs
[  174.705505][T10379] loop4: detected capacity change from 0 to 128
[  174.716520][T10366] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.2172: corrupted inode contents
[  174.756990][T10379] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  174.765082][T10379] FAT-fs (loop4): Filesystem has been set read-only
[  174.784240][T10379] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  174.792152][T10379] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  174.800332][T10384] netlink: 'syz.2.2181': attribute type 1 has an invalid length.
[  174.824293][T10366] EXT4-fs (loop3): Remounting filesystem read-only
[  174.841324][T10366] EXT4-fs (loop3): 1 truncate cleaned up
[  174.853655][ T6976] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  174.864275][ T6976] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  174.895065][T10370] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  174.903099][ T6976] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  174.908387][T10384] 8021q: adding VLAN 0 to HW filter on device bond2
[  174.922821][T10366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  174.931563][T10370] EXT4-fs (loop1): orphan cleanup on readonly fs
[  174.953058][T10370] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.2173: corrupted inode contents
[  174.984392][T10370] EXT4-fs (loop1): Remounting filesystem read-only
[  174.984733][T10388] bond2 (unregistering): Released all slaves
[  175.007895][T10370] EXT4-fs (loop1): 1 truncate cleaned up
[  175.013991][   T39] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  175.024842][   T39] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  175.050211][   T39] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  175.066842][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.088183][T10370] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  175.120686][T10397] tipc: New replicast peer: 255.255.255.255
[  175.126840][T10397] tipc: Enabled bearer <udp:s >, priority 10
[  175.226554][T10403] loop3: detected capacity change from 0 to 512
[  175.251290][T10403] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  175.273470][T10405] __nla_validate_parse: 3 callbacks suppressed
[  175.273489][T10405] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2188'.
[  175.305871][T10403] EXT4-fs (loop3): 1 truncate cleaned up
[  175.312439][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.323919][T10403] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.336756][T10405] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2188'.
[  175.376480][T10410] FAULT_INJECTION: forcing a failure.
[  175.376480][T10410] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.389883][T10410] CPU: 0 UID: 0 PID: 10410 Comm: syz.1.2189 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  175.389956][T10410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  175.389970][T10410] Call Trace:
[  175.389976][T10410]  <TASK>
[  175.389986][T10410]  __dump_stack+0x1d/0x30
[  175.390010][T10410]  dump_stack_lvl+0xe8/0x140
[  175.390032][T10410]  dump_stack+0x15/0x1b
[  175.390053][T10410]  should_fail_ex+0x265/0x280
[  175.390124][T10410]  should_fail+0xb/0x20
[  175.390144][T10410]  should_fail_usercopy+0x1a/0x20
[  175.390242][T10410]  _copy_from_user+0x1c/0xb0
[  175.390294][T10410]  __copy_msghdr+0x244/0x300
[  175.390323][T10410]  ___sys_sendmsg+0x109/0x1d0
[  175.390358][T10410]  __x64_sys_sendmsg+0xd4/0x160
[  175.390453][T10410]  x64_sys_call+0x191e/0x2ff0
[  175.390478][T10410]  do_syscall_64+0xd2/0x200
[  175.390597][T10410]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  175.390625][T10410]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  175.390656][T10410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.390680][T10410] RIP: 0033:0x7f45494ceba9
[  175.390741][T10410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.390820][T10410] RSP: 002b:00007f4547f2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.390846][T10410] RAX: ffffffffffffffda RBX: 00007f4549715fa0 RCX: 00007f45494ceba9
[  175.390863][T10410] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000009
[  175.390879][T10410] RBP: 00007f4547f2f090 R08: 0000000000000000 R09: 0000000000000000
[  175.390895][T10410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.390908][T10410] R13: 00007f4549716038 R14: 00007f4549715fa0 R15: 00007ffff8c99418
[  175.390925][T10410]  </TASK>
[  175.591352][T10412] syz_tun: refused to change device tx_queue_len
[  175.668155][T10420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2193'.
[  175.677152][T10379] bio_check_eod: 40551 callbacks suppressed
[  175.677168][T10379] syz.4.2179: attempt to access beyond end of device
[  175.677168][T10379] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128
[  175.685222][T10418] loop2: detected capacity change from 0 to 512
[  175.696743][T10379] syz.4.2179: attempt to access beyond end of device
[  175.696743][T10379] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128
[  175.717630][T10418] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  175.717724][T10379] syz.4.2179: attempt to access beyond end of device
[  175.717724][T10379] loop4: rw=0, sector=2072, nr_sectors = 1 limit=128
[  175.741380][T10379] syz.4.2179: attempt to access beyond end of device
[  175.741380][T10379] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  175.754988][T10379] syz.4.2179: attempt to access beyond end of device
[  175.754988][T10379] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  175.768489][T10379] syz.4.2179: attempt to access beyond end of device
[  175.768489][T10379] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[  175.770555][T10418] EXT4-fs (loop2): 1 truncate cleaned up
[  175.781849][T10379] buffer_io_error: 40441 callbacks suppressed
[  175.781939][T10379] Buffer I/O error on dev loop4, logical block 2067, async page read
[  175.810568][T10418] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.823398][T10379] syz.4.2179: attempt to access beyond end of device
[  175.823398][T10379] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[  175.836756][T10379] Buffer I/O error on dev loop4, logical block 2068, async page read
[  175.845510][T10379] syz.4.2179: attempt to access beyond end of device
[  175.845510][T10379] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128
[  175.858857][T10379] Buffer I/O error on dev loop4, logical block 2069, async page read
[  175.867288][T10379] syz.4.2179: attempt to access beyond end of device
[  175.867288][T10379] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128
[  175.880556][T10379] Buffer I/O error on dev loop4, logical block 2070, async page read
[  175.888956][T10379] syz.4.2179: attempt to access beyond end of device
[  175.888956][T10379] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128
[  175.902336][T10379] Buffer I/O error on dev loop4, logical block 2071, async page read
[  175.910835][T10379] Buffer I/O error on dev loop4, logical block 2072, async page read
[  175.919365][T10379] Buffer I/O error on dev loop4, logical block 2065, async page read
[  175.927626][T10379] Buffer I/O error on dev loop4, logical block 2066, async page read
[  175.935897][T10379] Buffer I/O error on dev loop4, logical block 2067, async page read
[  175.944691][T10379] Buffer I/O error on dev loop4, logical block 2068, async page read
[  176.108621][T10431] netlink: 'syz.1.2196': attribute type 1 has an invalid length.
[  176.145302][T10431] 8021q: adding VLAN 0 to HW filter on device bond3
[  176.190237][T10433] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  176.218676][T10431] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2196'.
[  176.248812][T10431] bond3 (unregistering): Released all slaves
[  176.289943][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.304068][T10438] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10438 comm=syz.4.2199
[  176.390203][T10440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2200'.
[  176.390234][T10440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2200'.
[  176.501073][T10446] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2202'.
[  176.521515][T10450] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2204'.
[  176.522814][T10449] loop0: detected capacity change from 0 to 764
[  176.567807][T10446] loop1: detected capacity change from 0 to 1024
[  176.579490][T10446] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  176.581477][T10449] FAULT_INJECTION: forcing a failure.
[  176.581477][T10449] name failslab, interval 1, probability 0, space 0, times 0
[  176.581508][T10449] CPU: 0 UID: 0 PID: 10449 Comm: syz.0.2203 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  176.581536][T10449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  176.581557][T10449] Call Trace:
[  176.581564][T10449]  <TASK>
[  176.581573][T10449]  __dump_stack+0x1d/0x30
[  176.581596][T10449]  dump_stack_lvl+0xe8/0x140
[  176.581617][T10449]  dump_stack+0x15/0x1b
[  176.581636][T10449]  should_fail_ex+0x265/0x280
[  176.581662][T10449]  should_failslab+0x8c/0xb0
[  176.581768][T10449]  kmem_cache_alloc_noprof+0x50/0x310
[  176.581799][T10449]  ? security_inode_alloc+0x37/0x100
[  176.581898][T10449]  security_inode_alloc+0x37/0x100
[  176.581944][T10449]  inode_init_always_gfp+0x4b7/0x500
[  176.581970][T10449]  ? __pfx_isofs_iget5_test+0x10/0x10
[  176.582133][T10449]  ? __pfx_isofs_alloc_inode+0x10/0x10
[  176.582169][T10449]  alloc_inode+0x58/0x170
[  176.582192][T10449]  ? __pfx_isofs_iget5_set+0x10/0x10
[  176.582226][T10449]  iget5_locked+0x4a/0xa0
[  176.582392][T10449]  __isofs_iget+0xdc/0x1100
[  176.582425][T10449]  ? get_page_from_freelist+0x1378/0x13d0
[  176.582462][T10449]  ? __rcu_read_unlock+0x4f/0x70
[  176.582550][T10449]  ? folio_mark_accessed+0x1b6/0x3d0
[  176.582589][T10449]  ? find_get_block_common+0x736/0x960
[  176.582626][T10449]  isofs_get_blocks+0x185/0x490
[  176.582758][T10449]  ? get_rock_ridge_filename+0x54c/0x5b0
[  176.582782][T10449]  isofs_bread+0x5b/0x100
[  176.582819][T10449]  isofs_lookup+0x1a8/0x930
[  176.582858][T10449]  ? __pfx_isofs_lookup+0x10/0x10
[  176.582899][T10449]  path_openat+0xcf0/0x2170
[  176.582944][T10449]  do_filp_open+0x109/0x230
[  176.582974][T10449]  do_sys_openat2+0xa6/0x110
[  176.583016][T10449]  __x64_sys_open+0xe6/0x110
[  176.583079][T10449]  x64_sys_call+0x1457/0x2ff0
[  176.583136][T10449]  do_syscall_64+0xd2/0x200
[  176.583242][T10449]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  176.583298][T10449]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  176.583331][T10449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.583355][T10449] RIP: 0033:0x7f1f75adeba9
[  176.583376][T10449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.583396][T10449] RSP: 002b:00007f1f7453f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  176.583419][T10449] RAX: ffffffffffffffda RBX: 00007f1f75d25fa0 RCX: 00007f1f75adeba9
[  176.583434][T10449] RDX: 0000000000000088 RSI: 0000000000109042 RDI: 0000200000000180
[  176.583448][T10449] RBP: 00007f1f7453f090 R08: 0000000000000000 R09: 0000000000000000
[  176.583536][T10449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.583549][T10449] R13: 00007f1f75d26038 R14: 00007f1f75d25fa0 R15: 00007ffe18f79648
[  176.583570][T10449]  </TASK>
[  176.585705][T10446] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  176.585855][T10446] System zones: 0-1, 2-3, 4-36, 98-101, 102-102
[  176.586512][T10446] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  176.650422][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.684261][T10453] loop3: detected capacity change from 0 to 512
[  176.955372][T10453] EXT4-fs: Ignoring removed i_version option
[  176.965741][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.982309][T10453] EXT4-fs (loop3): 1 truncate cleaned up
[  176.982879][T10453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.018371][T10463] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  177.030140][T10466] loop0: detected capacity change from 0 to 1024
[  177.030551][T10466] EXT4-fs: inline encryption not supported
[  177.030573][T10466] EXT4-fs: dax option not supported
[  177.150753][T10468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.150836][T10468] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.160342][T10453] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.183603][T10468] loop2: detected capacity change from 0 to 1024
[  177.203685][T10472] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2211'.
[  177.207825][T10468] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.218238][T10473] loop1: detected capacity change from 0 to 512
[  177.252703][T10473] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  177.252849][T10473] EXT4-fs (loop1): orphan cleanup on readonly fs
[  177.254386][T10473] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.2206: corrupted inode contents
[  177.254648][T10473] EXT4-fs (loop1): Remounting filesystem read-only
[  177.254723][T10473] EXT4-fs (loop1): 1 truncate cleaned up
[  177.257664][ T6980] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  177.257692][ T6980] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  177.257774][ T6980] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  177.346425][T10473] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  177.541224][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.573157][T10482] loop3: detected capacity change from 0 to 512
[  177.586688][T10482] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  177.606017][T10482] EXT4-fs (loop3): orphan cleanup on readonly fs
[  177.624208][T10493] loop4: detected capacity change from 0 to 512
[  177.633311][T10493] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  177.648729][T10482] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.2213: corrupted inode contents
[  177.662788][T10482] EXT4-fs (loop3): Remounting filesystem read-only
[  177.675565][T10482] EXT4-fs (loop3): 1 truncate cleaned up
[  177.676495][T10493] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.693991][  T781] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  177.704689][  T781] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  177.716423][T10493] ext4 filesystem being mounted at /423/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.727887][  T781] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  177.739685][T10482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  177.764924][T10493] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.2215: corrupted xattr block 19: overlapping e_value 
[  177.792609][T10493] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  177.808325][T10493] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.2215: corrupted xattr block 19: overlapping e_value 
[  177.840814][T10493] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  177.854608][T10493] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.2215: corrupted xattr block 19: overlapping e_value 
[  177.886367][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.927770][T10508] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  177.963254][T10511] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2222'.
[  177.978403][T10516] loop2: detected capacity change from 0 to 128
[  177.987028][T10509] loop3: detected capacity change from 0 to 1764
[  178.000312][T10509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.014669][T10518] loop1: detected capacity change from 0 to 128
[  178.016916][T10509] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.030801][T10516] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  178.038791][T10516] FAT-fs (loop2): Filesystem has been set read-only
[  178.057076][T10518] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  178.059117][T10520] syzkaller0: entered promiscuous mode
[  178.065177][T10518] FAT-fs (loop1): Filesystem has been set read-only
[  178.070754][T10520] syzkaller0: entered allmulticast mode
[  178.080701][T10518] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  178.091101][T10518] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  178.101284][T10516] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  178.109389][T10516] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  178.645052][T10545] tipc: Enabling of bearer <udp:s > rejected, already enabled
[  178.694447][T10540] loop0: detected capacity change from 0 to 512
[  178.825179][T10540] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  178.851725][T10540] EXT4-fs (loop0): orphan cleanup on readonly fs
[  178.878971][T10556] syzkaller0: entered promiscuous mode
[  178.884518][T10556] syzkaller0: entered allmulticast mode
[  178.911021][T10540] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2232: corrupted inode contents
[  178.946465][T10540] EXT4-fs (loop0): Remounting filesystem read-only
[  178.962664][T10540] EXT4-fs (loop0): 1 truncate cleaned up
[  178.971479][ T6976] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  178.982084][ T6976] __quota_error: 335 callbacks suppressed
[  178.982121][ T6976] Quota error (device loop0): write_blk: dquota write failed
[  178.995355][ T6976] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries
[  179.005491][ T6976] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  179.016167][ T6976] Quota error (device loop0): write_blk: dquota write failed
[  179.023739][ T6976] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list
[  179.034870][ T6976] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  179.045014][ T6976] Quota error (device loop0): v2_write_file_info: Can't write info structure
[  179.065448][ T6976] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  179.115576][   T29] audit: type=1326 audit(1757874053.892:9905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10563 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6931d6eba9 code=0x7ffc0000
[  179.146195][T10564] netlink: 'syz.2.2241': attribute type 1 has an invalid length.
[  179.150284][   T29] audit: type=1326 audit(1757874053.911:9906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10563 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6931d6eba9 code=0x7ffc0000
[  179.177660][   T29] audit: type=1326 audit(1757874053.911:9907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10563 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6931d6eba9 code=0x7ffc0000
[  179.201258][   T29] audit: type=1326 audit(1757874053.911:9908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10563 comm="syz.2.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6931d6eba9 code=0x7ffc0000
[  179.235986][T10570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.244614][T10570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.256540][T10570] loop4: detected capacity change from 0 to 512
[  179.258662][T10564] 8021q: adding VLAN 0 to HW filter on device bond2
[  179.265394][T10570] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  179.285742][T10570] EXT4-fs (loop4): Can't support bigalloc feature without extents feature
[  179.285742][T10570] 
[  179.289901][T10569] bond2 (unregistering): Released all slaves
[  179.296519][T10570] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features
[  179.367142][T10577] netlink: 'syz.0.2245': attribute type 1 has an invalid length.
[  179.405050][T10577] 8021q: adding VLAN 0 to HW filter on device bond1
[  179.433412][T10577] bond1 (unregistering): Released all slaves
[  179.471514][T10589] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10589 comm=syz.2.2249
[  179.517126][T10595] loop1: detected capacity change from 0 to 512
[  179.518021][T10595] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  179.565217][T10595] EXT4-fs (loop1): 1 truncate cleaned up
[  179.727091][T10601] ==================================================================
[  179.735224][T10601] BUG: KCSAN: data-race in filemap_splice_read / filemap_splice_read
[  179.743319][T10601] 
[  179.745660][T10601] write to 0xffff88811d6b7828 of 8 bytes by task 10595 on cpu 0:
[  179.753400][T10601]  filemap_splice_read+0x4f4/0x740
[  179.758537][T10601]  ext4_file_splice_read+0x8f/0xb0
[  179.763669][T10601]  splice_direct_to_actor+0x26f/0x680
[  179.769160][T10601]  do_splice_direct+0xda/0x150
[  179.774261][T10601]  do_sendfile+0x380/0x650
[  179.778808][T10601]  __x64_sys_sendfile64+0x105/0x150
[  179.784138][T10601]  x64_sys_call+0x2bb0/0x2ff0
[  179.788931][T10601]  do_syscall_64+0xd2/0x200
[  179.793528][T10601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.799546][T10601] 
[  179.801982][T10601] write to 0xffff88811d6b7828 of 8 bytes by task 10601 on cpu 1:
[  179.809900][T10601]  filemap_splice_read+0x4f4/0x740
[  179.815047][T10601]  ext4_file_splice_read+0x8f/0xb0
[  179.820291][T10601]  splice_direct_to_actor+0x26f/0x680
[  179.825683][T10601]  do_splice_direct+0xda/0x150
[  179.830557][T10601]  do_sendfile+0x380/0x650
[  179.835181][T10601]  __x64_sys_sendfile64+0x105/0x150
[  179.840506][T10601]  x64_sys_call+0x2bb0/0x2ff0
[  179.845252][T10601]  do_syscall_64+0xd2/0x200
[  179.849793][T10601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.855797][T10601] 
[  179.858139][T10601] value changed: 0x00000000000000de -> 0x00000000000000df
[  179.865644][T10601] 
[  179.867994][T10601] Reported by Kernel Concurrency Sanitizer on:
[  179.874171][T10601] CPU: 1 UID: 0 PID: 10601 Comm: syz.1.2252 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  179.884004][T10601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  179.894165][T10601] ==================================================================
[  183.216951][ T3405] page_pool_release_retry() stalled pool shutdown: id 132, 1 inflight 60 sec