last executing test programs:

3.771099856s ago: executing program 2 (id=630):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x8808)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42)
lseek(r3, 0x5, 0x3)

3.256702164s ago: executing program 1 (id=634):
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000340)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb}, {@data_err_ignore}, {@grpquota}, {@jqfmt_vfsv0}, {@acl}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)
mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3000008)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x2)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newtaction={0x48, 0x32, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9, 0x3}, {0xfffffd91}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x4, 0x1}}}}]}]}, 0x48}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
statfs(&(0x7f0000000200)='./file1\x00', &(0x7f0000000400)=""/200)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r5}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6, 0x0, 0xffffffffffffffff}, 0x13)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000540)={0x13, 0x10, 0xfa00, {&(0x7f0000000840), 0xffffffffffffffff, 0x1}}, 0x18)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f0000000040)=<r8=>0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c800000e93fe92acbb8ebcdb7dc9d068aa8064f90c2649ce66c28de86b5192bb3e71ffeb7965e538e262c86ae8504100bd2686458bbb60323cd082da1a6bcdfc3ec51ac4f56bf491210c07d554b67e8780e1a3a60cc7acaf481a622cf914ac9e21862dad84fb94bd0d03d7333484e3b246167d2de631df121e01ebc84ae18d210711d", @ANYRES16=r10, @ANYBLOB="010023010000ffdbdf250200000008000100", @ANYRES32=r8, @ANYBLOB], 0x1c}}, 0x40000)
write$nci(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="40040321090304"], 0x7)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)

3.066807563s ago: executing program 2 (id=636):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x7)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00')

2.960135002s ago: executing program 0 (id=639):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000340)=<r2=>0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000005c0), 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={r2, r3, 0x0, 0x1, &(0x7f0000000380)='\x00'}, 0x30)
r4 = socket(0xa, 0x3, 0x87)
sendmmsg$unix(r4, &(0x7f0000004380)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f00000003c0)=[{0x0}, {&(0x7f00000007c0)="b5c780e508", 0x5}], 0x41, 0x0, 0x0, 0x4}}], 0x1, 0x40814)
setsockopt$RDS_GET_MR_FOR_DEST(r4, 0x114, 0x7, &(0x7f00000004c0)={@isdn={0x22, 0x80, 0x3, 0x5, 0x10}, {&(0x7f0000000400)=""/164, 0xa4}, &(0x7f0000000240), 0x2}, 0xa0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r5, 0x84, 0x16, &(0x7f0000000000)={0x3, [0x3, 0x0, 0xe29f]}, 0xa)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r7, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba0700000000ebffffff0000f77fff00"})
r8 = syz_open_pts(r7, 0x80c02)
r9 = dup3(r8, r7, 0x0)
read$rfkill(r9, &(0x7f0000000080), 0x8)
read$watch_queue(r9, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="58000000100003040000000000000000000000c8", @ANYRES32=0x0, @ANYBLOB="42420000000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)

2.707943161s ago: executing program 1 (id=644):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = open(0x0, 0x220000, 0x160)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000001c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000180))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000580)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0xc}, 0xb00, 0x3, 0x10000, 0x9, 0x8, 0xf7fffffa, 0x0, 0x0, 0x0, 0x0, 0xce02}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r5 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r6=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000240)={0x60000006})
write(r4, &(0x7f0000000340), 0x11000)
unshare(0x64000600)

2.626538391s ago: executing program 2 (id=646):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x8808)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42)
lseek(r3, 0x5, 0x3)

2.474401211s ago: executing program 3 (id=649):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x7)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00')

2.40936291s ago: executing program 3 (id=650):
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x10)
r1 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x3d9}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_READ=@pass_buffer={0x16, 0xa, 0x0, @fd, 0xc, 0x0, 0x0, 0x2})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0x0)
io_uring_enter(r1, 0xc54, 0xc993, 0x1, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000003c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffd}]})
rt_sigsuspend(0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x504, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPIHVD4kZR7DiKnaUJPaRnrkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep25qN6FJ7Cj+fKTRvDdv4u/3NZ336pfGL4CRdT0i9iNiIiI+jYjZ7HouO+Kj9pHc9+Tg/srhwf2VXLRan/wjl7Yn16LraxLXstcsRsQPvhPx49zzcRu7exvL1WplO6vPN2tb843dvVvrteW1ylpls1xeWlxa+OD2++Vz6+tbtYms9OXHv9//xk+TtGayK939OE/trheO4iTGI+J7FxFsCMay/kwMOxFeSj4iXo+It9PnfzbG0u8mAHCVtVqz0ZrtrgMAV10+XQPL5UvZWsBM5POlUnsN742YzlfrjebNu/WdzdX2WtlcFPJ316uVhWytcC4KuaS+mJaf1svH6rcj4rWI+PnkVFovrdSrq8P8hw8AjLBrx+b/f0+2538A4IorDjsBAGDgzP8AMHrM/wAwesz/ADB62vP/1LDTAAAGyPt/ABg95n8AGCnf//jj5GgdZp9/vfrZ7s5G/bNbq5XGRqm2s1JaqW9vldbq9bX0M3tqJ71etV7fWnwvdu7NfXOr0Zxv7O7dqdV3Npt30s/1vlMppHftD6BnAEA/r7316E+5ZEb+cCo9omsvh8JQMwMuWn7YCQBDMzbsBIChsdsXjK4zvMe3PABXRI8tep9R7PULQq1Wq3VxKQEX7MYXrP/DqOpa//e/gGHEWP+H0WX9H0ZXq5U77Z7/cdobAYDLzRo/0Ofn/69n599kPxz40erxOx5eZFYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwuXX2/y1le4HPRD5fKkW8EhFzUcjdXa9WFiLi1Yj442RhMqkvDjlnAOCs8n/NZft/3Zh9d+aZpjevHRUnIuInv/zkF/eWm83tP0RM5P452bnefJhdLw8+ewDgZJ15Oj13vZF/cnB/pXMMMp+/fTsiiu34hwcTcXgUfzzG03MxChEx/a9cVm/Lda1dnMX+g4j4fK/+52ImXQNp73x6PH4S+5VBxJ/qxM8/Ez+f5tY+J38WnzuHXGDUPErGn496PX/5uJ6eez//xXSEOrts/EteauUwHQOfxu+Mf2N9xr/rp43x3u++2y5NPd/2IOKL4xGd2Idd408nfq5P/HdPGf/PX3rz7X5trV9F3Ije8btjzTdrW/ON3b1b67XltcpaZbNcXlpcWvjg9vvl+XSNer7/bPD3D2++2q8t6f90n/jFE/r/1VP2/9f//fSHX3lB/K+/0yt+Pt54QfxkTvzaKeMvT/+22K8tib/ap/8nff9vnjL+47/sPbdtOAAwPI3dvY3larWy/bKFw7N9uYLC/1FI/spegjR6Fr41qFgT0bvpZ++0n+ljTa3WS8XqN2Kcx6obcBkcPfQR8Z9hJwMAAAAAAAAAAAAAAPQ0iN9YGnYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLr+FwAA//8Xqc+p")
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r4 = gettid()
process_vm_writev(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x80000, 0xff)
statx(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0)
setreuid(0x0, 0x0)
pipe2(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000480)='f2fs_fallocate\x00', r6}, 0x18)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000200)={<r7=>0x0, @in={{0x2, 0x4e24, @private=0xa010101}}, 0x4, 0x6, 0x5, 0x2, 0x8, 0x400000, 0x1}, &(0x7f0000000140)=0x9c)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000300)={r7, 0xe, "16f38f778b257eec88470c53f275"}, &(0x7f0000000380)=0x16)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000a00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@exit]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)

1.887188208s ago: executing program 0 (id=653):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x10000, 0x180, 0x11}, 0x18)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', r3, &(0x7f00000001c0)='./file0\x00', 0x5)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000300)={'batadv0\x00', <r4=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x37209a9529a0bee8, 0x0, '\x00', r4, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000780), 0x1}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
unlink(&(0x7f0000000340)='./cgroup.cpu/cpuset.cpus\x00')
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xbe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0xffffffff, 0x9752333b9a87418, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t')

1.848313248s ago: executing program 0 (id=654):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb904, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) (fail_nth: 2)

1.608509207s ago: executing program 2 (id=655):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002305e20000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r1], 0x48}}, 0x0)

1.277166636s ago: executing program 0 (id=656):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe80, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r5, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x40, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x80010000, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

1.275716336s ago: executing program 1 (id=657):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./mnt\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
fallocate(r1, 0x20, 0x0, 0x10000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

1.130952865s ago: executing program 4 (id=658):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r2, 0x0, 0x0)

1.077713875s ago: executing program 3 (id=659):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0xb8, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec8500000050000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bda", 0x7)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x7, 0x7], &(0x7f0000000500), 0x0, 0x2}}, 0x40)

1.062798985s ago: executing program 4 (id=660):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x6}, 0x18)
chroot(&(0x7f0000000040)='./file0/file0/file0/file0/file0\x00')

1.017804704s ago: executing program 1 (id=661):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x68d42, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)=0x2)
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000300)=0x3)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000013c0)='\x00!', 0x2}], 0x1, 0x0, 0x0)

1.017475204s ago: executing program 3 (id=662):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x78, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000002000)={0x1})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140))

1.007711815s ago: executing program 4 (id=663):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x0, 0x0, 0x0, 0x1e}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x6, 0x0, 0xff, 0x0, 0x0, 0x9}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x804)
sendmsg$tipc(r5, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)

956.919904ms ago: executing program 3 (id=664):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x10000, 0x180, 0x11}, 0x18)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', r3, &(0x7f00000001c0)='./file0\x00', 0x5)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000300)={'batadv0\x00', <r4=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x37209a9529a0bee8, 0x0, '\x00', r4, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000780), 0x1}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
unlink(&(0x7f0000000340)='./cgroup.cpu/cpuset.cpus\x00')
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xbe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0xffffffff, 0x9752333b9a87418, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t')

893.029684ms ago: executing program 2 (id=665):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x8808)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42)
lseek(r3, 0x5, 0x3)

892.808544ms ago: executing program 0 (id=666):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair(0x29, 0xd, 0x400, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000300)={'sit0\x00', <r2=>0x0, 0x80, 0x1, 0x6, 0x3, {{0x22, 0x4, 0x3, 0x7, 0x88, 0x66, 0x0, 0x5, 0x2f, 0x0, @remote, @rand_addr=0x64010100, {[@timestamp_prespec={0x44, 0x34, 0x9a, 0x3, 0x9, [{@loopback}, {@local, 0x2}, {@remote, 0x3}, {@empty, 0xfffffffa}, {@multicast1, 0x5}, {@dev={0xac, 0x14, 0x14, 0xb}, 0x8}]}, @timestamp_addr={0x44, 0x24, 0x8a, 0x1, 0x9, [{@private=0xa010100, 0x4}, {@rand_addr=0x64010102}, {@loopback, 0x7f}, {@multicast1, 0x3ff}]}, @generic={0x89, 0x5, "142b1c"}, @ssrr={0x89, 0x13, 0x67, [@rand_addr=0x64010101, @multicast2, @private=0xa010101, @rand_addr=0x64010100]}, @noop]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
mount$9p_tcp(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000140)={'trans=tcp,', {'port', 0x3d, 0x20000004e23}})
sendmsg$SEG6_CMD_SETHMAC(r5, 0x0, 0x8808)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42)
lseek(r7, 0x5, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r8, 0xc0f85403, 0x0)

870.125214ms ago: executing program 4 (id=667):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r1=>r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x18)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r4 = fcntl$dupfd(r3, 0x0, r3)
read$usbfs(r4, 0x0, 0x2300)
write$tun(r4, &(0x7f0000000400)=ANY=[], 0xa2)

869.409064ms ago: executing program 3 (id=668):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0)
fsetxattr(r0, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000080)=':\x00', 0xffdf, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)=r1}, 0x20)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@nombcache}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}], 0x0, 0x0, 0x0)
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000000)=0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x2a4)
pwritev2(r5, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
fallocate(r6, 0x8, 0x4000, 0x4000)
sched_setscheduler(r4, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'gretap0\x00', &(0x7f0000000380)={'syztnl1\x00', <r9=>0x0, 0x20, 0x7800, 0x4, 0x2, {{0x18, 0x4, 0x0, 0x0, 0x60, 0x67, 0x0, 0x8a, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x18}, @broadcast, {[@timestamp_prespec={0x44, 0xc, 0xe4, 0x3, 0x7, [{@multicast2, 0x5}]}, @timestamp_prespec={0x44, 0x3c, 0x3b, 0x3, 0x6, [{@private=0xa010102, 0x7fff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@loopback, 0x4}, {@empty, 0x8}, {@multicast2, 0x3}, {@broadcast, 0xffffffff}, {@private=0xa010102, 0x6}]}, @ra={0x94, 0x4, 0x1}]}}}}})
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYRES64=r8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10)

854.937244ms ago: executing program 1 (id=669):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x7)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00')

781.140564ms ago: executing program 1 (id=670):
creat(&(0x7f0000000200)='./file1\x00', 0x8)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, 0x0, 0x5e)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000006c0))
gettid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00'}, 0x10)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

773.992573ms ago: executing program 4 (id=671):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f00000005c0)='kfree\x00', r0}, 0x18)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000680)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='1\x00\x00\x008`\x00\x00', @ANYRES32, @ANYBLOB="3a756681bb7011e227726cd7ca28109505b88276bdef4593e6236a874cdbbf2d5710bacc010c58aa7adf05f076a13bd5cce1277b1508d5cd062c4d4630ca9260979179d59918b18a1b901d462b66b2120be55de3de82be71627f68c3466cc8d88602471c2daa90a8d0ed759ba69736f12b5144c1f4640701bc4305da84c890d280939eaa2ed5f0ae12ef52c1ed7db1c77ecacb9d27cb4966b0b94948a4550e404b064fc6953db58221001d37324ff5524ddbfb15bc4f50b37393bf715bbb72559824ab8f057cd963cdb125106a353996cf37f750", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20)
sendmsg$key(r2, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb16000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x5, 0xff, 0x0, 0x7ffc0002}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
lsm_set_self_attr(0x64, 0x0, 0xe3, 0x0)
r6 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0}, 0x18)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r7)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r6, 0x0)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@gettclass={0x24, 0x2a, 0x20, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r10, {0x10, 0xd}, {0x498c27348c87d021, 0xffe0}, {0x0, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008014}, 0x4a090)
write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x2000)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r11}, 0x10)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f8c0000000c0a01080000000000000000010000000900020073797a3200000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c0001400000000000000000140001800c000100636f756e74657200000000000000058011e70000666c6f775f6f66666c6f6164000000000900010073797a30"], 0x110}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r13 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/seq/clients\x00', 0x0, 0x0)
close_range(r13, 0xffffffffffffffff, 0x0)

564.554593ms ago: executing program 2 (id=672):
msgsnd(0x0, &(0x7f0000000c00)=ANY=[], 0xfe5, 0x800)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffe80)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='rxrpc_peer\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0x2)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x0)
setreuid(0x0, r3)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200)=@v3={0x3000000, [{0x2}, {0x4, 0x3}], r3}, 0x18, 0x3)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=[{0x18, 0x110, 0x1, 'p'}], 0x18}, 0x0)

226.456921ms ago: executing program 0 (id=673):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x1}, 0x18)
r1 = socket(0x10, 0x3, 0x9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2101, 0x0)
ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000080)={0x4e00, 0x0, 0x730, 0xbdff, 0x10, "fdffffffffffffff"})
write$binfmt_aout(r4, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r5 = syz_open_pts(r4, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0xff)
pipe(&(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r8, 0x800448f0, &(0x7f0000000000)={0x0, 0xa5, "c0b767", 0xb, 0xe})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
splice(r3, 0x0, r8, 0x0, 0x8000f28, 0x0)
splice(r7, 0x0, r3, 0x0, 0x7f, 0xe)
write(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)={{0x14, 0x453, 0x1, 0x0, 0x0, {0x5}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)

0s ago: executing program 4 (id=674):
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000340)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb}, {@data_err_ignore}, {@grpquota}, {@jqfmt_vfsv0}, {@acl}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)
mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3000008)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x2)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newtaction={0x48, 0x32, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9, 0x3}, {0xfffffd91}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x4, 0x1}}}}]}]}, 0x48}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
statfs(&(0x7f0000000200)='./file1\x00', &(0x7f0000000400)=""/200)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r5}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6, 0x0, 0xffffffffffffffff}, 0x13)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000540)={0x13, 0x10, 0xfa00, {&(0x7f0000000840), 0xffffffffffffffff, 0x1}}, 0x18)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f0000000040)=<r8=>0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c800000e93fe92acbb8ebcdb7dc9d068aa8064f90c2649ce66c28de86b5192bb3e71ffeb7965e538e262c86ae8504100bd2686458bbb60323cd082da1a6bcdfc3ec51ac4f56bf491210c07d554b67e8780e1a3a60cc7acaf481a622cf914ac9e21862dad84fb94bd0d03d7333484e3b246167d2de631df121e01ebc84ae18d210711da268f6ce2ee0668c01", @ANYRES16=r10, @ANYBLOB="010023010000ffdbdf250200000008000100", @ANYRES32=r8, @ANYBLOB], 0x1c}}, 0x40000)
write$nci(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="40040321090304"], 0x7)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)

kernel console output (not intermixed with test programs):

ailed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   41.843848][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.848290][  T145] EXT4-fs (loop1): This should not happen!! Data will be lost
[   41.848290][  T145] 
[   41.848306][  T145] EXT4-fs (loop1): Total free blocks count 0
[   41.848359][  T145] EXT4-fs (loop1): Free/Dirty block details
[   41.848369][  T145] EXT4-fs (loop1): free_blocks=2415919104
[   41.848379][  T145] EXT4-fs (loop1): dirty_blocks=8224
[   41.848389][  T145] EXT4-fs (loop1): Block reservation details
[   41.848398][  T145] EXT4-fs (loop1): i_reserved_data_blocks=514
[   41.936973][ T3939] SELinux:  policydb magic number 0x4 does not match expected magic number 0xf97cff8c
[   41.947978][ T3939] SELinux: failed to load policy
[   41.959254][ T3939] 9pnet_fd: Insufficient options for proto=fd
[   41.976149][ T3941] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.008753][ T3943] xt_TPROXY: Can be used only with -p tcp or -p udp
[   42.018527][  T145] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   42.040123][ T3946] loop4: detected capacity change from 0 to 512
[   42.042820][ T3941] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.081152][ T3946] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.172: bg 0: block 248: padding at end of block bitmap is not set
[   42.095875][ T3946] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.172: Failed to acquire dquot type 1
[   42.110733][ T3941] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.120765][ T3946] EXT4-fs (loop4): 1 truncate cleaned up
[   42.130830][ T3946] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.157883][ T3941] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.171339][ T3946] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.184340][ T3946] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.223028][ T3941] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.234921][ T3941] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   42.246666][ T3941] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   42.258437][ T3941] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   42.282623][ T3960] loop1: detected capacity change from 0 to 1024
[   42.300637][ T3960] EXT4-fs: Ignoring removed bh option
[   42.313582][ T3681] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   42.340770][ T3681] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   42.353118][ T3681] EXT4-fs (loop3): This should not happen!! Data will be lost
[   42.353118][ T3681] 
[   42.362857][ T3681] EXT4-fs (loop3): Total free blocks count 0
[   42.368917][ T3681] EXT4-fs (loop3): Free/Dirty block details
[   42.374961][ T3681] EXT4-fs (loop3): free_blocks=2415919104
[   42.380791][ T3681] EXT4-fs (loop3): dirty_blocks=8224
[   42.386128][ T3681] EXT4-fs (loop3): Block reservation details
[   42.392174][ T3681] EXT4-fs (loop3): i_reserved_data_blocks=514
[   42.403061][ T3960] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.420120][ T3969] netlink: 'syz.0.186': attribute type 13 has an invalid length.
[   42.423726][   T28] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   42.475910][ T3973] SELinux: ebitmap: truncated map
[   42.482649][ T3973] SELinux: failed to load policy
[   42.495802][ T3969] bridge0: port 3(hsr0) entered disabled state
[   42.502072][ T3969] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.509267][ T3969] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.565378][ T3969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   42.575799][ T3969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   42.576242][ T3979] 9pnet_fd: Insufficient options for proto=fd
[   42.613878][ T3969] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   42.622992][ T3969] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   42.632117][ T3969] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   42.641208][ T3969] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   42.671802][ T3984] ref_ctr_offset mismatch. inode: 0xbe offset: 0x7 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x10
[   42.684161][ T3960] netlink: 'syz.1.182': attribute type 3 has an invalid length.
[   42.755406][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.789260][ T3992] loop3: detected capacity change from 0 to 2048
[   42.803453][ T3992] EXT4-fs: Ignoring removed bh option
[   42.811459][ T3990] loop4: detected capacity change from 0 to 2048
[   42.821268][ T3990] EXT4-fs: Ignoring removed bh option
[   42.829213][ T3998] loop0: detected capacity change from 0 to 512
[   42.838592][ T4000] FAULT_INJECTION: forcing a failure.
[   42.838592][ T4000] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   42.851728][ T4000] CPU: 0 UID: 0 PID: 4000 Comm: syz.1.195 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   42.851751][ T4000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   42.851762][ T4000] Call Trace:
[   42.851770][ T4000]  <TASK>
[   42.851778][ T4000]  dump_stack_lvl+0xf2/0x150
[   42.851809][ T4000]  dump_stack+0x15/0x1a
[   42.851833][ T4000]  should_fail_ex+0x24a/0x260
[   42.851903][ T4000]  should_fail+0xb/0x10
[   42.851934][ T4000]  should_fail_usercopy+0x1a/0x20
[   42.851971][ T4000]  _copy_from_iter+0xd5/0xd00
[   42.852037][ T4000]  ? alloc_pages_mpol+0x208/0x260
[   42.852062][ T4000]  copy_page_from_iter+0x14f/0x280
[   42.852102][ T4000]  tun_get_user+0x68b/0x25c0
[   42.852134][ T4000]  ? _parse_integer+0x27/0x30
[   42.852209][ T4000]  ? ref_tracker_alloc+0x1f5/0x2f0
[   42.852306][ T4000]  tun_chr_write_iter+0x188/0x240
[   42.852335][ T4000]  vfs_write+0x77b/0x920
[   42.852394][ T4000]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   42.852451][ T4000]  ksys_write+0xe8/0x1b0
[   42.852478][ T4000]  __x64_sys_write+0x42/0x50
[   42.852503][ T4000]  x64_sys_call+0x287e/0x2dc0
[   42.852533][ T4000]  do_syscall_64+0xc9/0x1c0
[   42.852640][ T4000]  ? clear_bhb_loop+0x55/0xb0
[   42.852676][ T4000]  ? clear_bhb_loop+0x55/0xb0
[   42.852732][ T4000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.852767][ T4000] RIP: 0033:0x7f5f5c43bc1f
[   42.852783][ T4000] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   42.852803][ T4000] RSP: 002b:00007f5f5aaa1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   42.852824][ T4000] RAX: ffffffffffffffda RBX: 00007f5f5c655fa0 RCX: 00007f5f5c43bc1f
[   42.852838][ T4000] RDX: 0000000000000066 RSI: 00004000000002c0 RDI: 00000000000000c8
[   42.852853][ T4000] RBP: 00007f5f5aaa1090 R08: 0000000000000000 R09: 0000000000000000
[   42.852920][ T4000] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000001
[   42.852934][ T4000] R13: 0000000000000000 R14: 00007f5f5c655fa0 R15: 00007fff2dcd9378
[   42.852952][ T4000]  </TASK>
[   43.066257][ T3992] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.115604][ T3990] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.135681][ T3998] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.194: bg 0: block 248: padding at end of block bitmap is not set
[   43.196090][ T3998] EXT4-fs error (device loop0): ext4_acquire_dquot:6927: comm syz.0.194: Failed to acquire dquot type 1
[   43.223016][ T3998] EXT4-fs (loop0): 1 truncate cleaned up
[   43.249376][ T3998] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.263932][ T4016] FAULT_INJECTION: forcing a failure.
[   43.263932][ T4016] name failslab, interval 1, probability 0, space 0, times 0
[   43.276648][ T4016] CPU: 0 UID: 0 PID: 4016 Comm: syz.1.199 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   43.276675][ T4016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   43.276688][ T4016] Call Trace:
[   43.276695][ T4016]  <TASK>
[   43.276774][ T4016]  dump_stack_lvl+0xf2/0x150
[   43.276805][ T4016]  dump_stack+0x15/0x1a
[   43.276828][ T4016]  should_fail_ex+0x24a/0x260
[   43.276860][ T4016]  should_failslab+0x8f/0xb0
[   43.276900][ T4016]  kmem_cache_alloc_noprof+0x52/0x320
[   43.276945][ T4016]  ? getname_flags+0x81/0x3b0
[   43.276978][ T4016]  getname_flags+0x81/0x3b0
[   43.277060][ T4016]  getname+0x17/0x20
[   43.277172][ T4016]  path_getxattrat+0x124/0x290
[   43.277210][ T4016]  __x64_sys_lgetxattr+0x5f/0x70
[   43.277246][ T4016]  x64_sys_call+0x2720/0x2dc0
[   43.277352][ T4016]  do_syscall_64+0xc9/0x1c0
[   43.277381][ T4016]  ? clear_bhb_loop+0x55/0xb0
[   43.277431][ T4016]  ? clear_bhb_loop+0x55/0xb0
[   43.277462][ T4016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.277494][ T4016] RIP: 0033:0x7f5f5c43d169
[   43.277509][ T4016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.277581][ T4016] RSP: 002b:00007f5f5aaa1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[   43.277603][ T4016] RAX: ffffffffffffffda RBX: 00007f5f5c655fa0 RCX: 00007f5f5c43d169
[   43.277617][ T4016] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000400000000000
[   43.277631][ T4016] RBP: 00007f5f5aaa1090 R08: 0000000000000000 R09: 0000000000000000
[   43.277643][ T4016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   43.277653][ T4016] R13: 0000000000000000 R14: 00007f5f5c655fa0 R15: 00007fff2dcd9378
[   43.277671][ T4016]  </TASK>
[   43.460964][ T3998] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.482549][ T3998] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.586301][ T4023] __nla_validate_parse: 7 callbacks suppressed
[   43.586320][ T4023] netlink: 16 bytes leftover after parsing attributes in process `syz.0.202'.
[   43.624613][ T4024] loop1: detected capacity change from 0 to 256
[   43.653422][ T4027] loop2: detected capacity change from 0 to 1024
[   43.660414][ T4027] EXT4-fs: Ignoring removed bh option
[   43.701199][ T3681] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   43.717158][ T4024] msdos: Bad value for 'gid'
[   43.721780][ T4024] msdos: Bad value for 'gid'
[   43.739861][ T3681] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   43.752147][ T3681] EXT4-fs (loop3): This should not happen!! Data will be lost
[   43.752147][ T3681] 
[   43.761822][ T3681] EXT4-fs (loop3): Total free blocks count 0
[   43.767905][ T3681] EXT4-fs (loop3): Free/Dirty block details
[   43.773861][ T3681] EXT4-fs (loop3): free_blocks=2415919104
[   43.779617][ T3681] EXT4-fs (loop3): dirty_blocks=8224
[   43.784928][ T3681] EXT4-fs (loop3): Block reservation details
[   43.790915][ T3681] EXT4-fs (loop3): i_reserved_data_blocks=514
[   43.799022][ T4027] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.848681][  T145] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   43.877854][ T4027] netlink: 'syz.2.203': attribute type 3 has an invalid length.
[   43.885569][ T4027] netlink: 32 bytes leftover after parsing attributes in process `syz.2.203'.
[   43.925732][ T4036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.934181][ T4036] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.957973][  T145] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   43.997917][  T145] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   44.010253][  T145] EXT4-fs (loop4): This should not happen!! Data will be lost
[   44.010253][  T145] 
[   44.019964][  T145] EXT4-fs (loop4): Total free blocks count 0
[   44.026027][  T145] EXT4-fs (loop4): Free/Dirty block details
[   44.032012][  T145] EXT4-fs (loop4): free_blocks=2415919104
[   44.037931][  T145] EXT4-fs (loop4): dirty_blocks=8144
[   44.043245][  T145] EXT4-fs (loop4): Block reservation details
[   44.049362][  T145] EXT4-fs (loop4): i_reserved_data_blocks=509
[   44.064469][ T3681] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   44.144612][ T4046] loop3: detected capacity change from 0 to 512
[   44.160374][ T4051] loop0: detected capacity change from 0 to 512
[   44.169656][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.183075][ T4046] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   44.201472][ T4057] loop4: detected capacity change from 0 to 512
[   44.202113][ T4051] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   44.210463][ T4057] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   44.227016][ T4046] EXT4-fs (loop3): 1 truncate cleaned up
[   44.235952][ T4051] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.246941][ T4046] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.277163][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   44.305077][ T4057] EXT4-fs (loop4): 1 truncate cleaned up
[   44.311446][ T4057] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.324136][ T4063] loop0: detected capacity change from 0 to 2048
[   44.326540][ T4064] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   44.340371][ T4063] EXT4-fs: Ignoring removed bh option
[   44.387091][ T4063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.477238][ T4075] process 'syz.2.216' launched './file0' with NULL argv: empty string added
[   44.477516][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.508687][   T50] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   44.528860][   T50] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   44.541133][   T50] EXT4-fs (loop0): This should not happen!! Data will be lost
[   44.541133][   T50] 
[   44.551008][   T50] EXT4-fs (loop0): Total free blocks count 0
[   44.557176][   T50] EXT4-fs (loop0): Free/Dirty block details
[   44.563085][   T50] EXT4-fs (loop0): free_blocks=2415919104
[   44.569030][   T50] EXT4-fs (loop0): dirty_blocks=2864
[   44.574349][   T50] EXT4-fs (loop0): Block reservation details
[   44.580394][   T50] EXT4-fs (loop0): i_reserved_data_blocks=212
[   44.597027][ T4082] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   44.622108][ T4081] loop3: detected capacity change from 0 to 1024
[   44.629905][   T50] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   44.655764][ T4081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.688758][ T4081] SELinux: security_context_str_to_sid (root) failed with errno=-22
[   44.709300][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.739129][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.797504][ T4093] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.222' sets config #0
[   44.806665][ T4091] loop4: detected capacity change from 0 to 2048
[   44.836386][ T4091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.866791][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.867049][ T4093] Restarting kernel threads ... done.
[   44.901762][ T4093] program syz.3.222 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   44.934083][ T4093] loop3: detected capacity change from 0 to 1024
[   44.943441][ T4093] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   44.955378][ T4093] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[   44.965937][ T4093] EXT4-fs error (device loop3): ext4_map_blocks:671: inode #3: block 2: comm syz.3.222: lblock 2 mapped to illegal pblock 2 (length 1)
[   44.993800][ T4093] EXT4-fs error (device loop3): ext4_map_blocks:671: inode #3: block 48: comm syz.3.222: lblock 0 mapped to illegal pblock 48 (length 1)
[   45.010659][ T4093] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.222: Failed to acquire dquot type 0
[   45.022176][ T4093] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5838: Corrupt filesystem
[   45.031880][ T4093] EXT4-fs error (device loop3): ext4_evict_inode:256: inode #11: comm syz.3.222: mark_inode_dirty error
[   45.043720][ T4093] EXT4-fs warning (device loop3): ext4_evict_inode:259: couldn't mark inode dirty (err -117)
[   45.054668][ T4093] EXT4-fs (loop3): 1 orphan inode deleted
[   45.061343][ T4093] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.078916][ T4093] ext4: Unknown parameter '·'
[   45.084156][ T4093] EXT4-fs error (device loop3): ext4_map_blocks:671: inode #2: block 16: comm syz.3.222: lblock 0 mapped to illegal pblock 16 (length 1)
[   45.100870][ T4093] EXT4-fs error (device loop3): ext4_map_blocks:671: inode #2: block 16: comm syz.3.222: lblock 0 mapped to illegal pblock 16 (length 1)
[   45.114785][   T11] EXT4-fs error (device loop3): ext4_map_blocks:671: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1)
[   45.115012][   T11] EXT4-fs error (device loop3): ext4_release_dquot:6950: comm kworker/u8:0: Failed to release dquot type 0
[   45.146908][ T4093] EXT4-fs error (device loop3): ext4_map_blocks:671: inode #2: block 16: comm syz.3.222: lblock 0 mapped to illegal pblock 16 (length 1)
[   45.187232][ T4107] loop1: detected capacity change from 0 to 512
[   45.195917][ T4107] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   45.208710][ T4107] EXT4-fs (loop1): 1 truncate cleaned up
[   45.215454][ T4107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.402634][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.452404][ T3307] EXT4-fs error (device loop3): __ext4_get_inode_loc:4435: comm syz-executor: Invalid inode table block 1 in block_group 0
[   45.481801][ T3307] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5838: Corrupt filesystem
[   45.492934][ T3307] EXT4-fs error (device loop3): ext4_quota_off:7194: inode #3: comm syz-executor: mark_inode_dirty error
[   45.525919][ T4115] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   45.534697][ T4114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.228'.
[   45.615609][ T4114] netlink: 'syz.2.228': attribute type 1 has an invalid length.
[   45.623450][ T4114] netlink: 'syz.2.228': attribute type 2 has an invalid length.
[   45.659574][ T4119] loop3: detected capacity change from 0 to 512
[   45.668473][ T4119] ext4: Unknown parameter 'measure'
[   45.684902][ T4119] loop3: detected capacity change from 0 to 512
[   45.716247][ T4119] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.229: bg 0: block 248: padding at end of block bitmap is not set
[   45.730941][ T4119] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.229: Failed to acquire dquot type 1
[   45.743540][ T4119] EXT4-fs (loop3): 1 truncate cleaned up
[   45.751443][ T4119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.764184][ T4119] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.776221][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.779850][ T4119] EXT4-fs error (device loop3): ext4_lookup:1817: inode #2: comm syz.3.229: deleted inode referenced: 12
[   45.847972][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.883002][ T4132] loop3: detected capacity change from 0 to 512
[   45.892126][ T4132] EXT4-fs: Ignoring removed oldalloc option
[   45.899796][ T4135] xt_TPROXY: Can be used only with -p tcp or -p udp
[   45.909677][ T4132] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.233: Parent and EA inode have the same ino 15
[   45.923512][ T4132] EXT4-fs (loop3): 1 orphan inode deleted
[   45.935935][ T4138] loop1: detected capacity change from 0 to 1024
[   45.936027][ T4132] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.942917][ T4138] EXT4-fs: Ignoring removed bh option
[   45.971950][ T4138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.987051][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.028809][ T4138] netlink: 'syz.1.235': attribute type 3 has an invalid length.
[   46.036527][ T4138] netlink: 32 bytes leftover after parsing attributes in process `syz.1.235'.
[   46.067333][ T4148] netlink: 20 bytes leftover after parsing attributes in process `syz.4.239'.
[   46.137298][ T4154] netlink: 16 bytes leftover after parsing attributes in process `syz.0.242'.
[   46.175435][ T4154] ref_ctr_offset mismatch. inode: 0x129 offset: 0x7 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x10
[   46.187705][ T4150] bridge0: port 3(hsr0) entered blocking state
[   46.194049][ T4150] bridge0: port 3(hsr0) entered disabled state
[   46.200439][ T4150] hsr0: entered allmulticast mode
[   46.205515][ T4150] hsr_slave_0: entered allmulticast mode
[   46.211237][ T4150] hsr_slave_1: entered allmulticast mode
[   46.223291][ T4150] hsr0: entered promiscuous mode
[   46.230076][ T4150] bridge0: port 3(hsr0) entered blocking state
[   46.236295][ T4150] bridge0: port 3(hsr0) entered forwarding state
[   46.265674][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.285661][ T4169] loop0: detected capacity change from 0 to 2048
[   46.295165][ T4169] EXT4-fs: Ignoring removed bh option
[   46.308364][ T4171] FAULT_INJECTION: forcing a failure.
[   46.308364][ T4171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   46.321509][ T4171] CPU: 1 UID: 0 PID: 4171 Comm: syz.2.249 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   46.321533][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   46.321544][ T4171] Call Trace:
[   46.321550][ T4171]  <TASK>
[   46.321557][ T4171]  dump_stack_lvl+0xf2/0x150
[   46.321631][ T4171]  dump_stack+0x15/0x1a
[   46.321715][ T4171]  should_fail_ex+0x24a/0x260
[   46.321814][ T4171]  should_fail+0xb/0x10
[   46.321928][ T4171]  should_fail_usercopy+0x1a/0x20
[   46.322027][ T4171]  _copy_to_user+0x20/0xa0
[   46.322049][ T4171]  simple_read_from_buffer+0xa0/0x110
[   46.322080][ T4171]  proc_fail_nth_read+0xf9/0x140
[   46.322112][ T4171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   46.322217][ T4171]  vfs_read+0x19b/0x6f0
[   46.322240][ T4171]  ? __rcu_read_unlock+0x4e/0x70
[   46.322263][ T4171]  ? __fget_files+0x17c/0x1c0
[   46.322300][ T4171]  ksys_read+0xe8/0x1b0
[   46.322401][ T4171]  __x64_sys_read+0x42/0x50
[   46.322498][ T4171]  x64_sys_call+0x2874/0x2dc0
[   46.322531][ T4171]  do_syscall_64+0xc9/0x1c0
[   46.322602][ T4171]  ? clear_bhb_loop+0x55/0xb0
[   46.322645][ T4171]  ? clear_bhb_loop+0x55/0xb0
[   46.322679][ T4171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.322736][ T4171] RIP: 0033:0x7f3570ffbb7c
[   46.322753][ T4171] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   46.322774][ T4171] RSP: 002b:00007f356f667030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   46.322796][ T4171] RAX: ffffffffffffffda RBX: 00007f3571215fa0 RCX: 00007f3570ffbb7c
[   46.322810][ T4171] RDX: 000000000000000f RSI: 00007f356f6670a0 RDI: 0000000000000003
[   46.322825][ T4171] RBP: 00007f356f667090 R08: 0000000000000000 R09: 0000000000000000
[   46.322869][ T4171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.322882][ T4171] R13: 0000000000000000 R14: 00007f3571215fa0 R15: 00007ffc95d23868
[   46.322899][ T4171]  </TASK>
[   46.324319][ T4173] loop1: detected capacity change from 0 to 256
[   46.386124][ T4169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.542414][   T29] kauditd_printk_skb: 415 callbacks suppressed
[   46.542431][   T29] audit: type=1400 audit(1740731680.389:1482): avc:  denied  { create } for  pid=4172 comm="syz.1.248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   46.676851][ T4196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   46.685779][ T4196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   46.705699][ T4202] netlink: 16 bytes leftover after parsing attributes in process `syz.2.258'.
[   46.745475][ T4202] ref_ctr_offset mismatch. inode: 0x124 offset: 0x7 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x10
[   46.794392][   T29] audit: type=1400 audit(1740731680.639:1483): avc:  denied  { connect } for  pid=4206 comm="syz.2.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   46.799907][ T4207] bridge0: entered promiscuous mode
[   46.822106][ T4207] bridge0: port 3(macsec1) entered blocking state
[   46.828684][ T4207] bridge0: port 3(macsec1) entered disabled state
[   46.836569][ T4207] macsec1: entered allmulticast mode
[   46.841912][ T4207] bridge0: entered allmulticast mode
[   46.847955][ T4207] macsec1: left allmulticast mode
[   46.853019][ T4207] bridge0: left allmulticast mode
[   46.859971][ T4207] bridge0: left promiscuous mode
[   46.876395][ T4205] vlan2: entered promiscuous mode
[   46.881572][ T4205] bridge0: entered promiscuous mode
[   46.888184][ T4205] bridge0: left promiscuous mode
[   46.918614][  T145] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   46.933724][  T145] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   46.946035][  T145] EXT4-fs (loop0): This should not happen!! Data will be lost
[   46.946035][  T145] 
[   46.955762][  T145] EXT4-fs (loop0): Total free blocks count 0
[   46.961747][  T145] EXT4-fs (loop0): Free/Dirty block details
[   46.967734][  T145] EXT4-fs (loop0): free_blocks=2415919104
[   46.973472][  T145] EXT4-fs (loop0): dirty_blocks=8224
[   46.978831][  T145] EXT4-fs (loop0): Block reservation details
[   46.984834][  T145] EXT4-fs (loop0): i_reserved_data_blocks=514
[   46.995245][  T145] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   47.042355][ T4211] loop2: detected capacity change from 0 to 512
[   47.044567][ T4213] loop1: detected capacity change from 0 to 512
[   47.056808][ T4213] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   47.066893][ T4211] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   47.068234][ T4213] EXT4-fs (loop1): 1 truncate cleaned up
[   47.085068][ T4213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.099347][ T4211] EXT4-fs (loop2): 1 truncate cleaned up
[   47.105076][   T29] audit: type=1400 audit(1740731680.959:1484): avc:  denied  { ioctl } for  pid=4212 comm="syz.1.265" path="/63/bus/file1" dev="loop1" ino=15 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   47.126175][ T4211] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.143629][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.188588][   T29] audit: type=1400 audit(1740731681.039:1485): avc:  denied  { create } for  pid=4216 comm="syz.0.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   47.188588][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.241771][   T29] audit: type=1326 audit(1740731681.089:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4221 comm="syz.3.268" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feeb61ad169 code=0x0
[   47.332765][   T29] audit: type=1400 audit(1740731681.119:1487): avc:  denied  { write } for  pid=4216 comm="syz.0.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   47.355832][ T4232] SELinux: ebitmap: truncated map
[   47.362056][ T4232] SELinux: failed to load policy
[   47.367566][   T29] audit: type=1400 audit(1740731681.209:1488): avc:  denied  { load_policy } for  pid=4231 comm="syz.1.271" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   47.391993][   T29] audit: type=1326 audit(1740731681.249:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4231 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   47.415408][   T29] audit: type=1326 audit(1740731681.249:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4231 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   47.438698][   T29] audit: type=1326 audit(1740731681.249:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4231 comm="syz.1.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   47.488979][ T4240] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.501121][ T4238] tmpfs: Bad value for 'mpol'
[   47.527849][ T4240] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.578617][ T4240] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.606849][ T4252] SELinux: security policydb version 17 (MLS) not backwards compatible
[   47.616494][ T4252] SELinux: failed to load policy
[   47.621635][ T4251] SELinux: security policydb version 17 (MLS) not backwards compatible
[   47.630890][ T4251] SELinux: failed to load policy
[   47.638354][ T4240] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.649672][ T4248] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4248 comm=syz.1.275
[   47.702697][ T4240] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.715773][ T4240] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.741121][ T4240] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.764039][ T4240] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.805732][ T4270] FAULT_INJECTION: forcing a failure.
[   47.805732][ T4270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   47.818893][ T4270] CPU: 1 UID: 0 PID: 4270 Comm: syz.4.283 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   47.818922][ T4270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   47.818936][ T4270] Call Trace:
[   47.818943][ T4270]  <TASK>
[   47.818988][ T4270]  dump_stack_lvl+0xf2/0x150
[   47.819022][ T4270]  dump_stack+0x15/0x1a
[   47.819047][ T4270]  should_fail_ex+0x24a/0x260
[   47.819083][ T4270]  should_fail+0xb/0x10
[   47.819114][ T4270]  should_fail_usercopy+0x1a/0x20
[   47.819250][ T4270]  strncpy_from_user+0x25/0x210
[   47.819278][ T4270]  ? kmem_cache_alloc_noprof+0x18e/0x320
[   47.819410][ T4270]  ? getname_flags+0x81/0x3b0
[   47.819444][ T4270]  getname_flags+0xb0/0x3b0
[   47.819489][ T4270]  user_path_at+0x26/0x120
[   47.819515][ T4270]  do_sys_truncate+0x5b/0x130
[   47.819622][ T4270]  __x64_sys_truncate+0x31/0x40
[   47.819652][ T4270]  x64_sys_call+0x26d0/0x2dc0
[   47.819682][ T4270]  do_syscall_64+0xc9/0x1c0
[   47.819717][ T4270]  ? clear_bhb_loop+0x55/0xb0
[   47.819818][ T4270]  ? clear_bhb_loop+0x55/0xb0
[   47.819868][ T4270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.819896][ T4270] RIP: 0033:0x7f078f8fd169
[   47.819914][ T4270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.819935][ T4270] RSP: 002b:00007f078df61038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[   47.819957][ T4270] RAX: ffffffffffffffda RBX: 00007f078fb15fa0 RCX: 00007f078f8fd169
[   47.819976][ T4270] RDX: 0000000000000000 RSI: 000000000000b73b RDI: 0000400000000900
[   47.820008][ T4270] RBP: 00007f078df61090 R08: 0000000000000000 R09: 0000000000000000
[   47.820022][ T4270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   47.820036][ T4270] R13: 0000000000000000 R14: 00007f078fb15fa0 R15: 00007ffc4419e348
[   47.820060][ T4270]  </TASK>
[   48.049809][ T4278] loop1: detected capacity change from 0 to 128
[   48.056749][ T4278] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   48.068669][ T4280] loop0: detected capacity change from 0 to 2048
[   48.086227][ T4278] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   48.089051][ T4280] EXT4-fs: Ignoring removed bh option
[   48.102608][ T4277] SELinux: ebitmap: truncated map
[   48.111404][ T4277] SELinux: failed to load policy
[   48.122437][ T4280] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.173102][ T4289] loop3: detected capacity change from 0 to 512
[   48.180606][   T28] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   48.181342][ T4289] EXT4-fs: test_dummy_encryption option not supported
[   48.469319][ T4305] loop4: detected capacity change from 0 to 1024
[   48.590993][   T11] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   48.627019][ T4307] loop1: detected capacity change from 0 to 128
[   48.667983][ T4305] EXT4-fs: Ignoring removed nobh option
[   48.673602][ T4305] EXT4-fs: Ignoring removed bh option
[   48.698050][ T4307] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   48.752215][   T11] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   48.764498][   T11] EXT4-fs (loop0): This should not happen!! Data will be lost
[   48.764498][   T11] 
[   48.774177][   T11] EXT4-fs (loop0): Total free blocks count 0
[   48.780252][   T11] EXT4-fs (loop0): Free/Dirty block details
[   48.780983][ T4307] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   48.786217][   T11] EXT4-fs (loop0): free_blocks=2415919104
[   48.786234][   T11] EXT4-fs (loop0): dirty_blocks=8224
[   48.786316][   T11] EXT4-fs (loop0): Block reservation details
[   48.813764][   T11] EXT4-fs (loop0): i_reserved_data_blocks=514
[   48.824476][   T11] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   48.828509][ T4305] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.889004][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.904635][ T3373] IPVS: starting estimator thread 0...
[   48.994843][ T4317] IPVS: using max 2544 ests per chain, 127200 per kthread
[   48.995985][ T3303] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   49.028792][ T4329] SELinux: ebitmap: truncated map
[   49.034544][ T4329] SELinux: failed to load policy
[   49.206824][ T4353] loop2: detected capacity change from 0 to 512
[   49.227301][ T4356] netlink: 'syz.3.311': attribute type 10 has an invalid length.
[   49.235097][ T4356] __nla_validate_parse: 2 callbacks suppressed
[   49.235110][ T4356] netlink: 40 bytes leftover after parsing attributes in process `syz.3.311'.
[   49.239369][ T4353] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   49.271502][ T4356] team0: Port device geneve1 added
[   49.295152][ T4353] EXT4-fs (loop2): 1 truncate cleaned up
[   49.301243][ T4353] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.399942][ T4373] loop3: detected capacity change from 0 to 512
[   49.408850][ T4337] IPVS: You probably need to specify IP address on multicast interface.
[   49.417936][ T4337] IPVS: Error connecting to the multicast addr
[   49.418109][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.444569][ T4377] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4377 comm=syz.4.320
[   49.466228][ T4373] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.318: bg 0: block 248: padding at end of block bitmap is not set
[   49.492822][ T4384] netlink: 16 bytes leftover after parsing attributes in process `syz.0.322'.
[   49.541799][ T4373] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.318: Failed to acquire dquot type 1
[   49.563123][ T4389] x_tables: duplicate underflow at hook 1
[   49.572310][ T4390] loop2: detected capacity change from 0 to 1024
[   49.582915][ T4390] EXT4-fs: Ignoring removed nobh option
[   49.588701][ T4390] EXT4-fs: Ignoring removed bh option
[   49.618507][ T4373] EXT4-fs (loop3): 1 truncate cleaned up
[   49.626985][ T4373] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.649548][ T4373] syz.3.318 (4373) used greatest stack depth: 9272 bytes left
[   49.650583][ T4390] FAULT_INJECTION: forcing a failure.
[   49.650583][ T4390] name failslab, interval 1, probability 0, space 0, times 0
[   49.669835][ T4390] CPU: 1 UID: 0 PID: 4390 Comm: syz.2.321 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   49.669859][ T4390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   49.669950][ T4390] Call Trace:
[   49.669958][ T4390]  <TASK>
[   49.669966][ T4390]  dump_stack_lvl+0xf2/0x150
[   49.669997][ T4390]  dump_stack+0x15/0x1a
[   49.670098][ T4390]  should_fail_ex+0x24a/0x260
[   49.670134][ T4390]  should_failslab+0x8f/0xb0
[   49.670165][ T4390]  kmem_cache_alloc_node_noprof+0x59/0x320
[   49.670192][ T4390]  ? dup_task_struct+0x6c/0x710
[   49.670303][ T4390]  dup_task_struct+0x6c/0x710
[   49.670351][ T4390]  ? mod_objcg_state+0x2ea/0x4f0
[   49.670455][ T4390]  ? mod_objcg_state+0x2ea/0x4f0
[   49.670478][ T4390]  copy_process+0x3a9/0x1f50
[   49.670506][ T4390]  ? put_dec_trunc8+0x10e/0x130
[   49.670530][ T4390]  ? arch_scale_cpu_capacity+0x15/0x70
[   49.670576][ T4390]  ? __pfx_io_wq_worker+0x10/0x10
[   49.670616][ T4390]  create_io_thread+0xa6/0xd0
[   49.670688][ T4390]  ? __pfx_io_wq_worker+0x10/0x10
[   49.670726][ T4390]  create_io_worker+0xea/0x370
[   49.670758][ T4390]  io_wq_enqueue+0x35f/0x440
[   49.670783][ T4390]  ? __pfx_io_wq_work_match_item+0x10/0x10
[   49.670849][ T4390]  io_queue_iowq+0x248/0x380
[   49.670888][ T4390]  io_req_task_submit+0x8d/0xc0
[   49.670917][ T4390]  ? __pfx_io_req_task_submit+0x10/0x10
[   49.670947][ T4390]  io_handle_tw_list+0x1b9/0x200
[   49.671011][ T4390]  ? _raw_spin_unlock_irq+0x26/0x50
[   49.671066][ T4390]  tctx_task_work_run+0x6e/0x1c0
[   49.671101][ T4390]  tctx_task_work+0x40/0x80
[   49.671138][ T4390]  task_work_run+0x13a/0x1a0
[   49.671178][ T4390]  get_signal+0xe78/0x1000
[   49.671286][ T4390]  arch_do_signal_or_restart+0x95/0x4b0
[   49.671318][ T4390]  syscall_exit_to_user_mode+0x62/0x120
[   49.671346][ T4390]  do_syscall_64+0xd6/0x1c0
[   49.671379][ T4390]  ? clear_bhb_loop+0x55/0xb0
[   49.671422][ T4390]  ? clear_bhb_loop+0x55/0xb0
[   49.671455][ T4390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.671488][ T4390] RIP: 0033:0x7f3570ffd169
[   49.671507][ T4390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.671527][ T4390] RSP: 002b:00007f356f667038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
[   49.671552][ T4390] RAX: fffffffffffffdfc RBX: 00007f3571215fa0 RCX: 00007f3570ffd169
[   49.671565][ T4390] RDX: 00004000000000c0 RSI: 037dc12502000000 RDI: 0000000000000002
[   49.671576][ T4390] RBP: 00007f356f667090 R08: 0000000000000000 R09: 0000000000000000
[   49.671588][ T4390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.671599][ T4390] R13: 0000000000000000 R14: 00007f3571215fa0 R15: 00007ffc95d23868
[   49.671620][ T4390]  </TASK>
[   49.979345][ T4408] ip6gretap1: entered allmulticast mode
[   50.040611][ T4411] vhci_hcd: invalid port number 252
[   50.046073][ T4411] vhci_hcd: default hub control req: 0401 v0001 i00fc l0
[   50.115346][ T4411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.126504][ T4411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.144474][ T4420] netlink: 16 bytes leftover after parsing attributes in process `syz.4.335'.
[   50.166341][ T4424] FAULT_INJECTION: forcing a failure.
[   50.166341][ T4424] name failslab, interval 1, probability 0, space 0, times 0
[   50.179118][ T4424] CPU: 1 UID: 0 PID: 4424 Comm: syz.2.336 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   50.179150][ T4424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   50.179166][ T4424] Call Trace:
[   50.179174][ T4424]  <TASK>
[   50.179182][ T4424]  dump_stack_lvl+0xf2/0x150
[   50.179217][ T4424]  dump_stack+0x15/0x1a
[   50.179308][ T4424]  should_fail_ex+0x24a/0x260
[   50.179346][ T4424]  should_failslab+0x8f/0xb0
[   50.179397][ T4424]  kmem_cache_alloc_node_noprof+0x59/0x320
[   50.179493][ T4424]  ? __alloc_skb+0x10b/0x310
[   50.179519][ T4424]  __alloc_skb+0x10b/0x310
[   50.179545][ T4424]  netlink_alloc_large_skb+0xad/0xe0
[   50.179580][ T4424]  netlink_sendmsg+0x3b4/0x6e0
[   50.179624][ T4424]  ? __pfx_netlink_sendmsg+0x10/0x10
[   50.179707][ T4424]  __sock_sendmsg+0x140/0x180
[   50.179746][ T4424]  ____sys_sendmsg+0x326/0x4b0
[   50.179854][ T4424]  __sys_sendmsg+0x19d/0x230
[   50.179900][ T4424]  __x64_sys_sendmsg+0x46/0x50
[   50.179937][ T4424]  x64_sys_call+0x2734/0x2dc0
[   50.179968][ T4424]  do_syscall_64+0xc9/0x1c0
[   50.180003][ T4424]  ? clear_bhb_loop+0x55/0xb0
[   50.180036][ T4424]  ? clear_bhb_loop+0x55/0xb0
[   50.180089][ T4424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.180122][ T4424] RIP: 0033:0x7f3570ffd169
[   50.180138][ T4424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.180225][ T4424] RSP: 002b:00007f356f667038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.180264][ T4424] RAX: ffffffffffffffda RBX: 00007f3571215fa0 RCX: 00007f3570ffd169
[   50.180280][ T4424] RDX: 0000000000000040 RSI: 0000400000000200 RDI: 0000000000000003
[   50.180295][ T4424] RBP: 00007f356f667090 R08: 0000000000000000 R09: 0000000000000000
[   50.180309][ T4424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.180323][ T4424] R13: 0000000000000000 R14: 00007f3571215fa0 R15: 00007ffc95d23868
[   50.180345][ T4424]  </TASK>
[   50.417717][   T35] IPVS: starting estimator thread 0...
[   50.429698][ T4436] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   50.464478][ T4442] loop3: detected capacity change from 0 to 512
[   50.477877][ T4442] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.343: bg 0: block 248: padding at end of block bitmap is not set
[   50.492424][ T4444] loop2: detected capacity change from 0 to 2048
[   50.500831][ T4444] EXT4-fs: Ignoring removed bh option
[   50.504891][ T4437] IPVS: using max 2016 ests per chain, 100800 per kthread
[   50.506501][ T4442] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.343: Failed to acquire dquot type 1
[   50.525708][ T4442] EXT4-fs (loop3): 1 truncate cleaned up
[   50.531700][ T4442] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.728062][ T4455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.346'.
[   50.752346][   T11] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   50.768298][   T11] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   50.780662][   T11] EXT4-fs (loop2): This should not happen!! Data will be lost
[   50.780662][   T11] 
[   50.790352][   T11] EXT4-fs (loop2): Total free blocks count 0
[   50.796429][   T11] EXT4-fs (loop2): Free/Dirty block details
[   50.802349][   T11] EXT4-fs (loop2): free_blocks=2415919104
[   50.808181][   T11] EXT4-fs (loop2): dirty_blocks=8224
[   50.813483][   T11] EXT4-fs (loop2): Block reservation details
[   50.819626][   T11] EXT4-fs (loop2): i_reserved_data_blocks=514
[   50.847644][   T28] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   50.860338][   T28] EXT4-fs (loop2): This should not happen!! Data will be lost
[   50.860338][   T28] 
[   50.886388][ T4463] FAULT_INJECTION: forcing a failure.
[   50.886388][ T4463] name failslab, interval 1, probability 0, space 0, times 0
[   50.899222][ T4463] CPU: 0 UID: 0 PID: 4463 Comm: syz.1.351 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   50.899246][ T4463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   50.899260][ T4463] Call Trace:
[   50.899265][ T4463]  <TASK>
[   50.899272][ T4463]  dump_stack_lvl+0xf2/0x150
[   50.899303][ T4463]  dump_stack+0x15/0x1a
[   50.899441][ T4463]  should_fail_ex+0x24a/0x260
[   50.899479][ T4463]  ? alloc_mnt_ns+0x71/0x270
[   50.899578][ T4463]  should_failslab+0x8f/0xb0
[   50.899610][ T4463]  __kmalloc_cache_noprof+0x4e/0x320
[   50.899631][ T4463]  alloc_mnt_ns+0x71/0x270
[   50.899660][ T4463]  copy_mnt_ns+0xa8/0x5d0
[   50.899688][ T4463]  ? kmem_cache_alloc_noprof+0x22c/0x320
[   50.899711][ T4463]  ? create_new_namespaces+0x3c/0x430
[   50.899739][ T4463]  create_new_namespaces+0x89/0x430
[   50.899795][ T4463]  ? security_capable+0x81/0x90
[   50.899830][ T4463]  unshare_nsproxy_namespaces+0xe6/0x120
[   50.899866][ T4463]  ksys_unshare+0x3c9/0x6e0
[   50.899896][ T4463]  __x64_sys_unshare+0x1f/0x30
[   50.899929][ T4463]  x64_sys_call+0x1a3e/0x2dc0
[   50.899952][ T4463]  do_syscall_64+0xc9/0x1c0
[   50.900070][ T4463]  ? clear_bhb_loop+0x55/0xb0
[   50.900100][ T4463]  ? clear_bhb_loop+0x55/0xb0
[   50.900127][ T4463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.900151][ T4463] RIP: 0033:0x7f5f5c43d169
[   50.900165][ T4463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.900237][ T4463] RSP: 002b:00007f5f5aaa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   50.900256][ T4463] RAX: ffffffffffffffda RBX: 00007f5f5c655fa0 RCX: 00007f5f5c43d169
[   50.900339][ T4463] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040020000
[   50.900349][ T4463] RBP: 00007f5f5aaa1090 R08: 0000000000000000 R09: 0000000000000000
[   50.900359][ T4463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.900370][ T4463] R13: 0000000000000001 R14: 00007f5f5c655fa0 R15: 00007fff2dcd9378
[   50.900388][ T4463]  </TASK>
[   51.128581][ T4469] FAULT_INJECTION: forcing a failure.
[   51.128581][ T4469] name failslab, interval 1, probability 0, space 0, times 0
[   51.141334][ T4469] CPU: 0 UID: 0 PID: 4469 Comm: syz.2.347 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   51.141358][ T4469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   51.141370][ T4469] Call Trace:
[   51.141376][ T4469]  <TASK>
[   51.141383][ T4469]  dump_stack_lvl+0xf2/0x150
[   51.141422][ T4469]  dump_stack+0x15/0x1a
[   51.141446][ T4469]  should_fail_ex+0x24a/0x260
[   51.141543][ T4469]  ? audit_log_d_path+0x8e/0x150
[   51.141584][ T4469]  should_failslab+0x8f/0xb0
[   51.141612][ T4469]  __kmalloc_cache_noprof+0x4e/0x320
[   51.141641][ T4469]  audit_log_d_path+0x8e/0x150
[   51.141680][ T4469]  audit_log_d_path_exe+0x42/0x70
[   51.141769][ T4469]  audit_log_task+0x1ec/0x250
[   51.141807][ T4469]  audit_seccomp+0x68/0x130
[   51.141835][ T4469]  __seccomp_filter+0x6fa/0x1180
[   51.141857][ T4469]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   51.141923][ T4469]  ? vfs_write+0x644/0x920
[   51.141947][ T4469]  ? putname+0xcf/0xf0
[   51.142016][ T4469]  __secure_computing+0x9f/0x1c0
[   51.142038][ T4469]  syscall_trace_enter+0xd1/0x1f0
[   51.142066][ T4469]  ? fpregs_assert_state_consistent+0x83/0xa0
[   51.142094][ T4469]  do_syscall_64+0xaa/0x1c0
[   51.142179][ T4469]  ? clear_bhb_loop+0x55/0xb0
[   51.142274][ T4469]  ? clear_bhb_loop+0x55/0xb0
[   51.142377][ T4469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.142452][ T4469] RIP: 0033:0x7f3570ffd169
[   51.142465][ T4469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.142553][ T4469] RSP: 002b:00007f356f667038 EFLAGS: 00000246 ORIG_RAX: 0000000000000026
[   51.142569][ T4469] RAX: ffffffffffffffda RBX: 00007f3571215fa0 RCX: 00007f3570ffd169
[   51.142579][ T4469] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   51.142589][ T4469] RBP: 00007f356f667090 R08: 0000000000000000 R09: 0000000000000000
[   51.142599][ T4469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.142609][ T4469] R13: 0000000000000000 R14: 00007f3571215fa0 R15: 00007ffc95d23868
[   51.142705][ T4469]  </TASK>
[   51.420046][ T4477] loop4: detected capacity change from 0 to 1024
[   51.437267][ T4477] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   51.457154][ T4477] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   51.479304][ T4477] EXT4-fs (loop4): orphan cleanup on readonly fs
[   51.488621][ T4477] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5838: Corrupt filesystem
[   51.507200][ T4489] vhci_hcd: invalid port number 252
[   51.512438][ T4489] vhci_hcd: default hub control req: 0401 v0001 i00fc l0
[   51.561573][ T4492] netlink: 'syz.3.360': attribute type 10 has an invalid length.
[   51.569493][ T4492] netlink: 2 bytes leftover after parsing attributes in process `syz.3.360'.
[   51.578630][ T4492] team0: entered promiscuous mode
[   51.583733][ T4492] team_slave_0: entered promiscuous mode
[   51.589487][ T4492] team_slave_1: entered promiscuous mode
[   51.595223][ T4492] geneve1: entered promiscuous mode
[   51.600978][ T4492] bridge0: port 4(team0) entered blocking state
[   51.607360][ T4492] bridge0: port 4(team0) entered disabled state
[   51.613983][ T4492] team0: entered allmulticast mode
[   51.619168][ T4492] team_slave_0: entered allmulticast mode
[   51.624919][ T4492] team_slave_1: entered allmulticast mode
[   51.630690][ T4492] geneve1: entered allmulticast mode
[   51.642889][ T4492] bridge0: port 4(team0) entered blocking state
[   51.649296][ T4492] bridge0: port 4(team0) entered forwarding state
[   51.675459][ T4489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   51.686787][ T4477] EXT4-fs (loop4): Remounting filesystem read-only
[   51.688447][ T4489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   51.694599][ T4492] netlink: 28 bytes leftover after parsing attributes in process `syz.3.360'.
[   51.710609][ T4477] __quota_error: 346 callbacks suppressed
[   51.710621][ T4477] Quota error (device loop4): write_blk: dquota write failed
[   51.723859][ T4477] Quota error (device loop4): write_blk: dquota write failed
[   51.731363][ T4477] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[   51.741808][ T4477] Quota error (device loop4): v2_write_file_info: Can't write info structure
[   51.751025][ T4477] EXT4-fs (loop4): 1 orphan inode deleted
[   51.758506][ T4477] SELinux: (dev loop4, type ext4) getxattr errno 5
[   51.794691][   T29] audit: type=1400 audit(1740731685.639:1834): avc:  denied  { ioctl } for  pid=4476 comm="syz.4.354" path="/dev/input/event2" dev="devtmpfs" ino=245 ioctlcmd=0x4591 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   51.843245][ T4502] FAULT_INJECTION: forcing a failure.
[   51.843245][ T4502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   51.856575][ T4502] CPU: 0 UID: 0 PID: 4502 Comm: syz.3.363 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   51.856627][ T4502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   51.856639][ T4502] Call Trace:
[   51.856646][ T4502]  <TASK>
[   51.856655][ T4502]  dump_stack_lvl+0xf2/0x150
[   51.856685][ T4502]  dump_stack+0x15/0x1a
[   51.856705][ T4502]  should_fail_ex+0x24a/0x260
[   51.856733][ T4502]  should_fail+0xb/0x10
[   51.856830][ T4502]  should_fail_usercopy+0x1a/0x20
[   51.856868][ T4502]  _copy_from_user+0x1c/0xa0
[   51.856960][ T4502]  copy_msghdr_from_user+0x54/0x2a0
[   51.857000][ T4502]  ? __fget_files+0x17c/0x1c0
[   51.857040][ T4502]  __sys_sendmsg+0x13e/0x230
[   51.857108][ T4502]  __x64_sys_sendmsg+0x46/0x50
[   51.857139][ T4502]  x64_sys_call+0x2734/0x2dc0
[   51.857171][ T4502]  do_syscall_64+0xc9/0x1c0
[   51.857203][ T4502]  ? clear_bhb_loop+0x55/0xb0
[   51.857232][ T4502]  ? clear_bhb_loop+0x55/0xb0
[   51.857286][ T4502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.857337][ T4502] RIP: 0033:0x7feeb61ad169
[   51.857351][ T4502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.857383][ T4502] RSP: 002b:00007feeb4817038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   51.857400][ T4502] RAX: ffffffffffffffda RBX: 00007feeb63c5fa0 RCX: 00007feeb61ad169
[   51.857413][ T4502] RDX: 0000000004000000 RSI: 0000400000000080 RDI: 0000000000000005
[   51.857481][ T4502] RBP: 00007feeb4817090 R08: 0000000000000000 R09: 0000000000000000
[   51.857492][ T4502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.857503][ T4502] R13: 0000000000000000 R14: 00007feeb63c5fa0 R15: 00007ffef4197ff8
[   51.857520][ T4502]  </TASK>
[   52.106847][   T29] audit: type=1326 audit(1740731685.929:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.3.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb61ad169 code=0x7ffc0000
[   52.130332][   T29] audit: type=1326 audit(1740731685.929:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.3.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feeb61ad169 code=0x7ffc0000
[   52.148266][ T4510] FAULT_INJECTION: forcing a failure.
[   52.148266][ T4510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   52.153811][   T29] audit: type=1326 audit(1740731685.929:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.3.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb61ad169 code=0x7ffc0000
[   52.166984][ T4510] CPU: 0 UID: 0 PID: 4510 Comm: syz.1.367 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   52.167009][ T4510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   52.167021][ T4510] Call Trace:
[   52.167029][ T4510]  <TASK>
[   52.167037][ T4510]  dump_stack_lvl+0xf2/0x150
[   52.167114][ T4510]  dump_stack+0x15/0x1a
[   52.167188][ T4510]  should_fail_ex+0x24a/0x260
[   52.167262][ T4510]  should_fail+0xb/0x10
[   52.167294][ T4510]  should_fail_usercopy+0x1a/0x20
[   52.167359][ T4510]  strncpy_from_user+0x25/0x210
[   52.167404][ T4510]  ? kmem_cache_alloc_noprof+0x18e/0x320
[   52.167431][ T4510]  ? getname_flags+0x81/0x3b0
[   52.167473][ T4510]  getname_flags+0xb0/0x3b0
[   52.167552][ T4510]  user_path_at+0x26/0x120
[   52.167578][ T4510]  __se_sys_utimes+0xc6/0x210
[   52.167621][ T4510]  __x64_sys_utimes+0x31/0x40
[   52.167658][ T4510]  x64_sys_call+0x286a/0x2dc0
[   52.167768][ T4510]  do_syscall_64+0xc9/0x1c0
[   52.167880][ T4510]  ? clear_bhb_loop+0x55/0xb0
[   52.167912][ T4510]  ? clear_bhb_loop+0x55/0xb0
[   52.168018][ T4510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.168051][ T4510] RIP: 0033:0x7f5f5c43d169
[   52.168075][ T4510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.168134][ T4510] RSP: 002b:00007f5f5aaa1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000eb
[   52.168156][ T4510] RAX: ffffffffffffffda RBX: 00007f5f5c655fa0 RCX: 00007f5f5c43d169
[   52.168171][ T4510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00004000000002c0
[   52.168186][ T4510] RBP: 00007f5f5aaa1090 R08: 0000000000000000 R09: 0000000000000000
[   52.168200][ T4510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.168214][ T4510] R13: 0000000000000001 R14: 00007f5f5c655fa0 R15: 00007fff2dcd9378
[   52.168236][ T4510]  </TASK>
[   52.374237][   T29] audit: type=1326 audit(1740731685.929:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.3.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feeb61ad169 code=0x7ffc0000
[   52.397589][   T29] audit: type=1326 audit(1740731685.929:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.3.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeb61ad169 code=0x7ffc0000
[   52.482895][ T4520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.370'.
[   52.496881][ T4520] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.507681][ T4514] loop1: detected capacity change from 0 to 2048
[   52.557299][ T4520] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.567398][ T4526] program syz.2.372 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   52.617446][ T4531] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   52.628948][ T4520] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.676974][ T4531] netlink: 16 bytes leftover after parsing attributes in process `syz.3.374'.
[   52.686034][ T4531] netlink: 4 bytes leftover after parsing attributes in process `syz.3.374'.
[   52.709536][ T4520] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.751224][ T4542] Cannot find add_set index 0 as target
[   52.771459][ T4543] loop2: detected capacity change from 0 to 1024
[   52.783269][ T4543] EXT4-fs: Ignoring removed orlov option
[   52.789109][ T4543] EXT4-fs: Ignoring removed nomblk_io_submit option
[   52.796100][ T4520] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   52.807958][ T4520] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   52.829387][ T4548] vhci_hcd: invalid port number 252
[   52.834624][ T4548] vhci_hcd: default hub control req: 0401 v0001 i00fc l0
[   52.854320][ T4520] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   52.868559][ T4548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.877667][ T4548] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.884069][ T4552] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.908769][ T4520] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   52.936676][ T4552] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.962176][ T4560] loop3: detected capacity change from 0 to 512
[   52.970210][ T4560] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   52.996571][ T4552] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.999567][ T4560] EXT4-fs (loop3): 1 truncate cleaned up
[   53.063460][ T4552] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   53.098536][ T4573] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   53.121400][ T4574] netlink: 'syz.4.387': attribute type 3 has an invalid length.
[   53.124648][ T4552] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   53.147199][ T4552] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   53.161540][ T4552] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   53.170566][ T4574] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   53.173902][ T4552] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   53.184799][ T4574] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   53.497917][ T4588] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4588 comm=syz.1.388
[   53.939432][ T4608] loop0: detected capacity change from 0 to 2048
[   53.951890][ T4608] EXT4-fs: Ignoring removed bh option
[   54.118838][ T4628] loop3: detected capacity change from 0 to 512
[   54.173084][ T4628] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   54.332088][  T143] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   54.367902][  T143] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   54.380185][  T143] EXT4-fs (loop0): This should not happen!! Data will be lost
[   54.380185][  T143] 
[   54.389976][  T143] EXT4-fs (loop0): Total free blocks count 0
[   54.396007][  T143] EXT4-fs (loop0): Free/Dirty block details
[   54.401950][  T143] EXT4-fs (loop0): free_blocks=2415919104
[   54.407748][  T143] EXT4-fs (loop0): dirty_blocks=8224
[   54.413054][  T143] EXT4-fs (loop0): Block reservation details
[   54.419155][  T143] EXT4-fs (loop0): i_reserved_data_blocks=514
[   54.431292][  T143] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   54.443933][  T143] EXT4-fs (loop0): This should not happen!! Data will be lost
[   54.443933][  T143] 
[   54.502075][ T4657] __nla_validate_parse: 2 callbacks suppressed
[   54.502163][ T4657] netlink: 96 bytes leftover after parsing attributes in process `syz.3.416'.
[   54.517181][ T4661] loop1: detected capacity change from 0 to 512
[   54.538712][ T4661] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   54.564664][ T4663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.419'.
[   54.573834][ T4663] IPVS: Error joining to the multicast group
[   54.592501][ T4661] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   54.697880][ T4676] loop2: detected capacity change from 0 to 4096
[   54.826875][ T4693] netlink: 96 bytes leftover after parsing attributes in process `syz.3.430'.
[   54.992590][ T4707] loop3: detected capacity change from 0 to 2048
[   55.009501][ T4707] EXT4-fs: Ignoring removed bh option
[   55.073541][ T4716] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4716 comm=syz.2.434
[   55.331500][ T4721] loop4: detected capacity change from 0 to 512
[   55.338576][ T4721] EXT4-fs: test_dummy_encryption option not supported
[   55.407206][   T28] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   55.434905][   T28] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   55.447256][   T28] EXT4-fs (loop3): This should not happen!! Data will be lost
[   55.447256][   T28] 
[   55.456985][   T28] EXT4-fs (loop3): Total free blocks count 0
[   55.462998][   T28] EXT4-fs (loop3): Free/Dirty block details
[   55.468915][   T28] EXT4-fs (loop3): free_blocks=2415919104
[   55.474643][   T28] EXT4-fs (loop3): dirty_blocks=8224
[   55.479950][   T28] EXT4-fs (loop3): Block reservation details
[   55.485993][   T28] EXT4-fs (loop3): i_reserved_data_blocks=514
[   55.529251][   T50] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   55.541896][   T50] EXT4-fs (loop3): This should not happen!! Data will be lost
[   55.541896][   T50] 
[   55.862677][ T4727] loop0: detected capacity change from 0 to 1024
[   55.969119][ T4727] EXT4-fs: Ignoring removed bh option
[   55.983000][ T4731] netlink: 96 bytes leftover after parsing attributes in process `syz.1.445'.
[   56.036217][ T4739] FAULT_INJECTION: forcing a failure.
[   56.036217][ T4739] name failslab, interval 1, probability 0, space 0, times 0
[   56.038875][ T4727] netlink: 'syz.0.443': attribute type 3 has an invalid length.
[   56.048947][ T4739] CPU: 1 UID: 0 PID: 4739 Comm: syz.3.441 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   56.048975][ T4739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   56.048991][ T4739] Call Trace:
[   56.048998][ T4739]  <TASK>
[   56.049007][ T4739]  dump_stack_lvl+0xf2/0x150
[   56.049049][ T4739]  dump_stack+0x15/0x1a
[   56.049158][ T4739]  should_fail_ex+0x24a/0x260
[   56.049265][ T4739]  should_failslab+0x8f/0xb0
[   56.049376][ T4739]  kmem_cache_alloc_node_noprof+0x59/0x320
[   56.049402][ T4739]  ? __alloc_skb+0x10b/0x310
[   56.049427][ T4739]  __alloc_skb+0x10b/0x310
[   56.049447][ T4739]  ? audit_log_start+0x34c/0x6b0
[   56.049566][ T4739]  audit_log_start+0x368/0x6b0
[   56.049605][ T4739]  audit_seccomp+0x4b/0x130
[   56.049637][ T4739]  __seccomp_filter+0x6fa/0x1180
[   56.049727][ T4739]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   56.049805][ T4739]  ? vfs_write+0x644/0x920
[   56.049838][ T4739]  __secure_computing+0x9f/0x1c0
[   56.049938][ T4739]  syscall_trace_enter+0xd1/0x1f0
[   56.049965][ T4739]  ? fpregs_assert_state_consistent+0x83/0xa0
[   56.049991][ T4739]  do_syscall_64+0xaa/0x1c0
[   56.050041][ T4739]  ? clear_bhb_loop+0x55/0xb0
[   56.050072][ T4739]  ? clear_bhb_loop+0x55/0xb0
[   56.050103][ T4739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.050132][ T4739] RIP: 0033:0x7feeb61ad169
[   56.050156][ T4739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.050176][ T4739] RSP: 002b:00007feeb4817038 EFLAGS: 00000246 ORIG_RAX: 000000000000008c
[   56.050214][ T4739] RAX: ffffffffffffffda RBX: 00007feeb63c5fa0 RCX: 00007feeb61ad169
[   56.050229][ T4739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   56.050243][ T4739] RBP: 00007feeb4817090 R08: 0000000000000000 R09: 0000000000000000
[   56.050292][ T4739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.050303][ T4739] R13: 0000000000000000 R14: 00007feeb63c5fa0 R15: 00007ffef4197ff8
[   56.050319][ T4739]  </TASK>
[   56.110352][ T4741] loop3: detected capacity change from 0 to 512
[   56.112396][ T4727] netlink: 32 bytes leftover after parsing attributes in process `syz.0.443'.
[   56.147191][ T4735] hub 9-0:1.0: USB hub found
[   56.261169][ T4741] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.448: bg 0: block 248: padding at end of block bitmap is not set
[   56.294517][ T4735] hub 9-0:1.0: 8 ports detected
[   56.302337][ T4741] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.448: Failed to acquire dquot type 1
[   56.324375][ T4741] EXT4-fs (loop3): 1 truncate cleaned up
[   56.330522][ T4741] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.437558][ T4753] loop1: detected capacity change from 0 to 2048
[   56.446254][ T4753] EXT4-fs: Ignoring removed bh option
[   56.607274][ T4772] vhci_hcd: invalid port number 252
[   56.612556][ T4772] vhci_hcd: default hub control req: 0401 v0001 i00fc l0
[   56.658305][ T4772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.667725][ T4772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.766467][  T145] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   56.781755][  T145] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   56.793990][  T145] EXT4-fs (loop1): This should not happen!! Data will be lost
[   56.793990][  T145] 
[   56.803760][  T145] EXT4-fs (loop1): Total free blocks count 0
[   56.809789][  T145] EXT4-fs (loop1): Free/Dirty block details
[   56.815798][  T145] EXT4-fs (loop1): free_blocks=2415919104
[   56.821596][  T145] EXT4-fs (loop1): dirty_blocks=8224
[   56.826930][  T145] EXT4-fs (loop1): Block reservation details
[   56.832929][  T145] EXT4-fs (loop1): i_reserved_data_blocks=514
[   56.844494][  T145] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   56.857105][  T145] EXT4-fs (loop1): This should not happen!! Data will be lost
[   56.857105][  T145] 
[   56.867304][   T29] kauditd_printk_skb: 819 callbacks suppressed
[   56.867319][   T29] audit: type=1400 audit(1740731690.729:2655): avc:  denied  { unlink } for  pid=2982 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   57.075992][ T4778] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4778 comm=syz.1.459
[   57.095044][   T29] audit: type=1107 audit(1740731690.949:2656): pid=4776 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[   57.392495][   T29] audit: type=1326 audit(1740731691.239:2657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   57.442025][   T29] audit: type=1326 audit(1740731691.269:2658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   57.465490][   T29] audit: type=1326 audit(1740731691.269:2659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   57.488883][   T29] audit: type=1326 audit(1740731691.269:2660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   57.600499][ T4801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.610158][ T4801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.689425][   T29] audit: type=1400 audit(1740731691.509:2661): avc:  denied  { write } for  pid=4807 comm="syz.4.472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   57.713773][ T4826] loop2: detected capacity change from 0 to 512
[   57.732221][ T4826] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   57.811095][ T4835] FAULT_INJECTION: forcing a failure.
[   57.811095][ T4835] name failslab, interval 1, probability 0, space 0, times 0
[   57.823879][ T4835] CPU: 0 UID: 0 PID: 4835 Comm: syz.4.480 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   57.823905][ T4835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   57.823917][ T4835] Call Trace:
[   57.823924][ T4835]  <TASK>
[   57.823932][ T4835]  dump_stack_lvl+0xf2/0x150
[   57.823964][ T4835]  dump_stack+0x15/0x1a
[   57.824008][ T4835]  should_fail_ex+0x24a/0x260
[   57.824037][ T4835]  ? assoc_array_insert+0x85/0x1930
[   57.824069][ T4835]  should_failslab+0x8f/0xb0
[   57.824135][ T4835]  __kmalloc_cache_noprof+0x4e/0x320
[   57.824160][ T4835]  assoc_array_insert+0x85/0x1930
[   57.824199][ T4835]  ? selinux_key_permission+0x162/0x180
[   57.824238][ T4835]  __key_link_begin+0x9a/0x150
[   57.824341][ T4835]  key_link+0xbb/0x3d0
[   57.824376][ T4835]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[   57.824406][ T4835]  ? __pfx_keyring_search_iterator+0x10/0x10
[   57.824526][ T4835]  __se_sys_keyctl+0x8b2/0xbb0
[   57.824645][ T4835]  ? __rcu_read_unlock+0x4e/0x70
[   57.824673][ T4835]  ? bpf_trace_run2+0x123/0x1d0
[   57.824706][ T4835]  ? __bpf_trace_sys_enter+0x10/0x30
[   57.824738][ T4835]  ? trace_sys_enter+0xcd/0x110
[   57.824828][ T4835]  __x64_sys_keyctl+0x67/0x80
[   57.824909][ T4835]  x64_sys_call+0x163d/0x2dc0
[   57.824942][ T4835]  do_syscall_64+0xc9/0x1c0
[   57.824980][ T4835]  ? clear_bhb_loop+0x55/0xb0
[   57.825013][ T4835]  ? clear_bhb_loop+0x55/0xb0
[   57.825054][ T4835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.825214][ T4835] RIP: 0033:0x7f078f8fd169
[   57.825231][ T4835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.825253][ T4835] RSP: 002b:00007f078df61038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[   57.825275][ T4835] RAX: ffffffffffffffda RBX: 00007f078fb15fa0 RCX: 00007f078f8fd169
[   57.825321][ T4835] RDX: 00000000301c7650 RSI: 00000000301c7650 RDI: 0000000000000008
[   57.825335][ T4835] RBP: 00007f078df61090 R08: 0000000000000000 R09: 0000000000000000
[   57.825349][ T4835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.825360][ T4835] R13: 0000000000000000 R14: 00007f078fb15fa0 R15: 00007ffc4419e348
[   57.825378][ T4835]  </TASK>
[   58.098666][ T4841] loop4: detected capacity change from 0 to 2048
[   58.115326][ T4841] EXT4-fs: Ignoring removed bh option
[   58.235682][   T29] audit: type=1326 audit(1740731692.079:2662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4848 comm="syz.1.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   58.274194][   T29] audit: type=1326 audit(1740731692.119:2663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4848 comm="syz.1.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   58.287502][ T4857] loop2: detected capacity change from 0 to 512
[   58.297615][   T29] audit: type=1326 audit(1740731692.119:2664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4848 comm="syz.1.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   58.346514][ T4857] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.465300][ T4862] netlink: 8 bytes leftover after parsing attributes in process `syz.0.489'.
[   58.495475][ T4862] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   58.497816][   T28] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   58.521628][   T28] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   58.528404][ T4862] SELinux:  policydb magic number 0x1a does not match expected magic number 0xf97cff8c
[   58.533906][   T28] EXT4-fs (loop4): This should not happen!! Data will be lost
[   58.533906][   T28] 
[   58.553436][   T28] EXT4-fs (loop4): Total free blocks count 0
[   58.559564][   T28] EXT4-fs (loop4): Free/Dirty block details
[   58.559746][ T4867] loop2: detected capacity change from 0 to 512
[   58.565489][   T28] EXT4-fs (loop4): free_blocks=2415919104
[   58.565508][   T28] EXT4-fs (loop4): dirty_blocks=8224
[   58.573707][ T4862] SELinux: failed to load policy
[   58.577614][   T28] EXT4-fs (loop4): Block reservation details
[   58.593892][   T28] EXT4-fs (loop4): i_reserved_data_blocks=514
[   58.604096][   T28] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   58.606627][ T4867] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.616900][   T28] EXT4-fs (loop4): This should not happen!! Data will be lost
[   58.616900][   T28] 
[   58.640765][ T4867] netlink: 96 bytes leftover after parsing attributes in process `syz.2.490'.
[   58.754450][ T4882] loop0: detected capacity change from 0 to 2048
[   58.762862][ T4882] EXT4-fs: Ignoring removed bh option
[   58.871918][ T4893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   58.881002][ T4893] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   58.973213][  T145] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   58.988571][  T145] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   59.000942][  T145] EXT4-fs (loop0): This should not happen!! Data will be lost
[   59.000942][  T145] 
[   59.010770][  T145] EXT4-fs (loop0): Total free blocks count 0
[   59.016812][  T145] EXT4-fs (loop0): Free/Dirty block details
[   59.022788][  T145] EXT4-fs (loop0): free_blocks=2415919104
[   59.028533][  T145] EXT4-fs (loop0): dirty_blocks=8224
[   59.033838][  T145] EXT4-fs (loop0): Block reservation details
[   59.039834][  T145] EXT4-fs (loop0): i_reserved_data_blocks=514
[   59.049613][  T145] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   59.062323][  T145] EXT4-fs (loop0): This should not happen!! Data will be lost
[   59.062323][  T145] 
[   59.115944][ T4896] loop1: detected capacity change from 0 to 2048
[   59.122685][ T4896] EXT4-fs: Ignoring removed bh option
[   59.223137][ T4903] vhci_hcd: invalid port number 252
[   59.228407][ T4903] vhci_hcd: default hub control req: 0401 v0001 i00fc l0
[   59.268746][ T4903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.277668][ T4903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.312588][ T4906] netlink: 96 bytes leftover after parsing attributes in process `syz.2.503'.
[   59.387338][ T3681] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   59.403648][ T3681] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   59.415920][ T3681] EXT4-fs (loop1): This should not happen!! Data will be lost
[   59.415920][ T3681] 
[   59.425601][ T3681] EXT4-fs (loop1): Total free blocks count 0
[   59.431598][ T3681] EXT4-fs (loop1): Free/Dirty block details
[   59.437595][ T3681] EXT4-fs (loop1): free_blocks=2415919104
[   59.443333][ T3681] EXT4-fs (loop1): dirty_blocks=8224
[   59.448745][ T3681] EXT4-fs (loop1): Block reservation details
[   59.454752][ T3681] EXT4-fs (loop1): i_reserved_data_blocks=514
[   59.465136][ T3681] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   59.477773][ T3681] EXT4-fs (loop1): This should not happen!! Data will be lost
[   59.477773][ T3681] 
[   59.539062][ T4917] loop2: detected capacity change from 0 to 164
[   59.568018][ T4910] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'.
[   59.577060][ T4910] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'.
[   59.585983][ T4910] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'.
[   59.605951][ T4920] loop2: detected capacity change from 0 to 2048
[   59.612673][ T4920] EXT4-fs: Ignoring removed bh option
[   59.667375][ T4926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.511'.
[   59.679048][ T4926] ip6gre1: entered allmulticast mode
[   59.757735][ T4930] loop1: detected capacity change from 0 to 512
[   59.770200][ T4930] EXT4-fs: test_dummy_encryption option not supported
[   59.860408][ T4932] netlink: 'syz.0.513': attribute type 13 has an invalid length.
[   59.870490][ T4932] FAULT_INJECTION: forcing a failure.
[   59.870490][ T4932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.883640][ T4932] CPU: 0 UID: 0 PID: 4932 Comm: syz.0.513 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   59.883727][ T4932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   59.883741][ T4932] Call Trace:
[   59.883746][ T4932]  <TASK>
[   59.883753][ T4932]  dump_stack_lvl+0xf2/0x150
[   59.883813][ T4932]  dump_stack+0x15/0x1a
[   59.883836][ T4932]  should_fail_ex+0x24a/0x260
[   59.883869][ T4932]  should_fail+0xb/0x10
[   59.883951][ T4932]  should_fail_usercopy+0x1a/0x20
[   59.883983][ T4932]  _copy_from_user+0x1c/0xa0
[   59.884066][ T4932]  do_ip6t_set_ctl+0x42c/0x8c0
[   59.884123][ T4932]  ? kstrtouint+0x77/0xc0
[   59.884149][ T4932]  nf_setsockopt+0x195/0x1b0
[   59.884196][ T4932]  ipv6_setsockopt+0x10f/0x130
[   59.884234][ T4932]  tcp_setsockopt+0x93/0xb0
[   59.884266][ T4932]  sock_common_setsockopt+0x64/0x80
[   59.884310][ T4932]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   59.884342][ T4932]  __sys_setsockopt+0x187/0x200
[   59.884367][ T4932]  __x64_sys_setsockopt+0x66/0x80
[   59.884390][ T4932]  x64_sys_call+0x282e/0x2dc0
[   59.884485][ T4932]  do_syscall_64+0xc9/0x1c0
[   59.884515][ T4932]  ? clear_bhb_loop+0x55/0xb0
[   59.884626][ T4932]  ? clear_bhb_loop+0x55/0xb0
[   59.884680][ T4932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.884707][ T4932] RIP: 0033:0x7f8c74c1d169
[   59.884727][ T4932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.884746][ T4932] RSP: 002b:00007f8c73281038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   59.884767][ T4932] RAX: ffffffffffffffda RBX: 00007f8c74e35fa0 RCX: 00007f8c74c1d169
[   59.884780][ T4932] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 000000000000000a
[   59.884793][ T4932] RBP: 00007f8c73281090 R08: 0000000000000528 R09: 0000000000000000
[   59.884824][ T4932] R10: 00004000000001c0 R11: 0000000000000246 R12: 0000000000000001
[   59.884837][ T4932] R13: 0000000000000000 R14: 00007f8c74e35fa0 R15: 00007fff9dd40218
[   59.884857][ T4932]  </TASK>
[   60.088799][   T28] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   60.104119][   T28] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   60.116398][   T28] EXT4-fs (loop2): This should not happen!! Data will be lost
[   60.116398][   T28] 
[   60.126440][   T28] EXT4-fs (loop2): Total free blocks count 0
[   60.132447][   T28] EXT4-fs (loop2): Free/Dirty block details
[   60.138393][   T28] EXT4-fs (loop2): free_blocks=2415919104
[   60.144128][   T28] EXT4-fs (loop2): dirty_blocks=8224
[   60.149461][   T28] EXT4-fs (loop2): Block reservation details
[   60.155460][   T28] EXT4-fs (loop2): i_reserved_data_blocks=514
[   60.165769][ T3401] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   60.178437][ T3401] EXT4-fs (loop2): This should not happen!! Data will be lost
[   60.178437][ T3401] 
[   60.465798][ T4937] loop0: detected capacity change from 0 to 2048
[   60.474001][ T4940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.493979][ T4937] EXT4-fs: Ignoring removed bh option
[   60.508889][ T4940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.770780][ T4945] loop3: detected capacity change from 0 to 1024
[   60.777661][ T4945] EXT4-fs: Ignoring removed bh option
[   60.796408][ T4951] netlink: 96 bytes leftover after parsing attributes in process `syz.2.514'.
[   60.837282][ T4945] netlink: 'syz.3.517': attribute type 3 has an invalid length.
[   60.845032][ T4945] netlink: 32 bytes leftover after parsing attributes in process `syz.3.517'.
[   60.861461][ T4957] loop2: detected capacity change from 0 to 164
[   60.879193][ T4959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.521'.
[   60.916923][ T4959] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.955725][ T4963] netlink: 'syz.2.522': attribute type 2 has an invalid length.
[   60.963426][ T4963] netlink: 119 bytes leftover after parsing attributes in process `syz.2.522'.
[   61.076548][   T28] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   61.107898][   T28] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   61.120250][   T28] EXT4-fs (loop0): This should not happen!! Data will be lost
[   61.120250][   T28] 
[   61.130013][   T28] EXT4-fs (loop0): Total free blocks count 0
[   61.136092][   T28] EXT4-fs (loop0): Free/Dirty block details
[   61.141997][   T28] EXT4-fs (loop0): free_blocks=2415919104
[   61.147843][   T28] EXT4-fs (loop0): dirty_blocks=8224
[   61.153133][   T28] EXT4-fs (loop0): Block reservation details
[   61.159157][   T28] EXT4-fs (loop0): i_reserved_data_blocks=514
[   61.171767][ T4970] netlink: 'syz.3.524': attribute type 13 has an invalid length.
[   61.180211][   T28] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   61.192797][   T28] EXT4-fs (loop0): This should not happen!! Data will be lost
[   61.192797][   T28] 
[   61.193955][ T4970] bridge0: port 5(syz_tun) entered blocking state
[   61.208980][ T4970] bridge0: port 5(syz_tun) entered disabled state
[   61.242436][ T4970] syz_tun: entered allmulticast mode
[   61.274122][ T4970] syz_tun: entered promiscuous mode
[   61.279977][ T4970] bridge0: port 5(syz_tun) entered blocking state
[   61.286486][ T4970] bridge0: port 5(syz_tun) entered forwarding state
[   61.318240][ T4970] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0)
[   61.352446][ T4978] SELinux:  Context Ü is not valid (left unmapped).
[   61.377958][ T4970] syz.3.524 (4970) used greatest stack depth: 8600 bytes left
[   61.410088][ T4989] loop2: detected capacity change from 0 to 512
[   61.427945][ T4959] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.502291][ T4959] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.537961][ T4997] bridge1: entered promiscuous mode
[   61.543325][ T4997] bridge1: entered allmulticast mode
[   61.551385][ T4997] team0: Port device bridge1 added
[   61.626731][ T4959] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.670193][ T5014] SELinux:  Context system_u:object_r:dpkg_var_lib_t:s0 is not valid (left unmapped).
[   61.740231][ T4959] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.762730][ T4959] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.776046][ T4959] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.809381][ T4959] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.867851][ T5037] loop1: detected capacity change from 0 to 1024
[   61.882458][ T5037] EXT4-fs: Ignoring removed bh option
[   61.884742][   T29] kauditd_printk_skb: 166 callbacks suppressed
[   61.884757][   T29] audit: type=1400 audit(1740731695.729:2831): avc:  denied  { mounton } for  pid=5036 comm="syz.1.534" path="/119/file1" dev="tmpfs" ino=655 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   61.942615][   T29] audit: type=1400 audit(1740731695.789:2832): avc:  denied  { mount } for  pid=5036 comm="syz.1.534" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   61.947903][ T5037] netlink: 'syz.1.534': attribute type 3 has an invalid length.
[   61.964278][   T29] audit: type=1400 audit(1740731695.789:2833): avc:  denied  { write } for  pid=5036 comm="syz.1.534" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   61.971934][ T5037] netlink: 32 bytes leftover after parsing attributes in process `syz.1.534'.
[   61.993614][   T29] audit: type=1400 audit(1740731695.789:2834): avc:  denied  { add_name } for  pid=5036 comm="syz.1.534" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   62.023111][   T29] audit: type=1400 audit(1740731695.789:2835): avc:  denied  { create } for  pid=5036 comm="syz.1.534" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   62.043347][   T29] audit: type=1400 audit(1740731695.789:2836): avc:  denied  { read write } for  pid=5036 comm="syz.1.534" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   62.066077][   T29] audit: type=1400 audit(1740731695.789:2837): avc:  denied  { open } for  pid=5036 comm="syz.1.534" path="/119/file1/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   62.090515][ T5031] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5031 comm=syz.4.533
[   62.104834][   T29] audit: type=1400 audit(1740731695.959:2838): avc:  denied  { audit_write } for  pid=5029 comm="syz.4.533" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   62.125983][   T29] audit: type=1107 audit(1740731695.959:2839): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[   62.150517][   T29] audit: type=1326 audit(1740731695.979:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5036 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c43d169 code=0x7ffc0000
[   62.204189][ T5053] loop4: detected capacity change from 0 to 2048
[   62.211619][ T5053] EXT4-fs: Ignoring removed bh option
[   62.380182][ T5097] loop3: detected capacity change from 0 to 2048
[   62.389200][ T5097] EXT4-fs: Ignoring removed bh option
[   62.466522][ T5117] FAULT_INJECTION: forcing a failure.
[   62.466522][ T5117] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   62.479652][ T5117] CPU: 1 UID: 0 PID: 5117 Comm: syz.1.540 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   62.479682][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   62.479697][ T5117] Call Trace:
[   62.479705][ T5117]  <TASK>
[   62.479714][ T5117]  dump_stack_lvl+0xf2/0x150
[   62.479792][ T5117]  dump_stack+0x15/0x1a
[   62.479819][ T5117]  should_fail_ex+0x24a/0x260
[   62.479896][ T5117]  should_fail+0xb/0x10
[   62.479927][ T5117]  should_fail_usercopy+0x1a/0x20
[   62.479987][ T5117]  _copy_from_user+0x1c/0xa0
[   62.480025][ T5117]  __sys_bpf+0x14e/0x7a0
[   62.480064][ T5117]  __x64_sys_bpf+0x43/0x50
[   62.480146][ T5117]  x64_sys_call+0x2914/0x2dc0
[   62.480173][ T5117]  do_syscall_64+0xc9/0x1c0
[   62.480202][ T5117]  ? clear_bhb_loop+0x55/0xb0
[   62.480275][ T5117]  ? clear_bhb_loop+0x55/0xb0
[   62.480307][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.480340][ T5117] RIP: 0033:0x7f5f5c43d169
[   62.480359][ T5117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.480381][ T5117] RSP: 002b:00007f5f5aaa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   62.480404][ T5117] RAX: ffffffffffffffda RBX: 00007f5f5c655fa0 RCX: 00007f5f5c43d169
[   62.480485][ T5117] RDX: 0000000000000040 RSI: 00004000000005c0 RDI: 000000000000001c
[   62.480499][ T5117] RBP: 00007f5f5aaa1090 R08: 0000000000000000 R09: 0000000000000000
[   62.480515][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.480530][ T5117] R13: 0000000000000000 R14: 00007f5f5c655fa0 R15: 00007fff2dcd9378
[   62.480552][ T5117]  </TASK>
[   62.702090][ T5122] loop0: detected capacity change from 0 to 512
[   62.714986][ T4551] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   62.738554][ T5122] EXT4-fs: Ignoring removed i_version option
[   62.777785][ T5122] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   62.801736][ T5126] netlink: 32 bytes leftover after parsing attributes in process `syz.1.543'.
[   62.907206][ T5122] EXT4-fs (loop0): 1 truncate cleaned up
[   62.932153][ T5094] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   62.968497][ T5094] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   62.980825][ T5094] EXT4-fs (loop3): This should not happen!! Data will be lost
[   62.980825][ T5094] 
[   62.990540][ T5094] EXT4-fs (loop3): Total free blocks count 0
[   62.996572][ T5094] EXT4-fs (loop3): Free/Dirty block details
[   63.002561][ T5094] EXT4-fs (loop3): free_blocks=2415919104
[   63.008331][ T5094] EXT4-fs (loop3): dirty_blocks=8224
[   63.013614][ T5094] EXT4-fs (loop3): Block reservation details
[   63.019797][ T5094] EXT4-fs (loop3): i_reserved_data_blocks=514
[   63.028650][ T3681] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   63.030530][ T5094] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   63.040928][ T3681] EXT4-fs (loop4): This should not happen!! Data will be lost
[   63.040928][ T3681] 
[   63.053397][ T5094] EXT4-fs (loop3): This should not happen!! Data will be lost
[   63.053397][ T5094] 
[   63.063031][ T3681] EXT4-fs (loop4): Total free blocks count 0
[   63.063045][ T3681] EXT4-fs (loop4): Free/Dirty block details
[   63.063057][ T3681] EXT4-fs (loop4): free_blocks=2415919104
[   63.063101][ T3681] EXT4-fs (loop4): dirty_blocks=8224
[   63.095917][ T3681] EXT4-fs (loop4): Block reservation details
[   63.101930][ T3681] EXT4-fs (loop4): i_reserved_data_blocks=514
[   63.129788][ T5139] loop0: detected capacity change from 0 to 164
[   63.179420][ T5136] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5136 comm=syz.2.545
[   63.186217][ T3681] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   63.204851][ T3681] EXT4-fs (loop4): This should not happen!! Data will be lost
[   63.204851][ T3681] 
[   63.218601][ T5142] loop1: detected capacity change from 0 to 1024
[   63.251858][ T5146] loop0: detected capacity change from 0 to 512
[   63.258703][ T5146] EXT4-fs: test_dummy_encryption option not supported
[   63.295512][ T5142] EXT4-fs: Ignoring removed bh option
[   63.428898][ T5151] loop3: detected capacity change from 0 to 1024
[   63.436490][ T5142] netlink: 'syz.1.550': attribute type 3 has an invalid length.
[   63.729019][ T5158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   63.777910][ T5158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   63.909264][ T5170] loop3: detected capacity change from 0 to 512
[   63.927528][ T5171] loop2: detected capacity change from 0 to 2048
[   63.934439][ T5171] EXT4-fs: Ignoring removed bh option
[   63.969238][ T5170] ext4 filesystem being mounted at /99/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   64.173380][ T5183] loop0: detected capacity change from 0 to 164
[   64.214290][ T5181] loop3: detected capacity change from 0 to 8192
[   64.225956][ T5185] loop1: detected capacity change from 0 to 1024
[   64.235690][ T5185] EXT4-fs: Ignoring removed bh option
[   64.265224][ T5181]  loop3: p1 p2[DM] p4
[   64.286459][ T5181] loop3: p1 size 196608 extends beyond EOD, truncated
[   64.298563][ T5181] loop3: p2 start 4292936063 is beyond EOD, truncated
[   64.305451][ T5181] loop3: p4 size 50331648 extends beyond EOD, truncated
[   64.311580][ T5191] loop0: detected capacity change from 0 to 1024
[   64.316666][ T5192] netlink: 'syz.1.558': attribute type 3 has an invalid length.
[   64.320294][ T5191] EXT4-fs: Ignoring removed bh option
[   64.332434][ T5087] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   64.368431][ T3000]  loop3: p1 p2[DM] p4
[   64.381759][ T3000] loop3: p1 size 196608 extends beyond EOD, truncated
[   64.389457][ T5087] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   64.401763][ T5087] EXT4-fs (loop2): This should not happen!! Data will be lost
[   64.401763][ T5087] 
[   64.411548][ T5087] EXT4-fs (loop2): Total free blocks count 0
[   64.417620][ T5087] EXT4-fs (loop2): Free/Dirty block details
[   64.423572][ T5087] EXT4-fs (loop2): free_blocks=2415919104
[   64.428833][ T5191] netlink: 'syz.0.562': attribute type 3 has an invalid length.
[   64.429379][ T5087] EXT4-fs (loop2): dirty_blocks=8224
[   64.442396][ T5087] EXT4-fs (loop2): Block reservation details
[   64.448420][ T5087] EXT4-fs (loop2): i_reserved_data_blocks=514
[   64.487398][ T3000] loop3: p2 start 4292936063 is beyond EOD, truncated
[   64.494296][ T3000] loop3: p4 size 50331648 extends beyond EOD, truncated
[   64.551426][ T5208] vhci_hcd: invalid port number 252
[   64.555085][ T3464] udevd[3464]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   64.556699][ T5208] vhci_hcd: default hub control req: 0401 v0001 i00fc l0
[   64.577719][ T5201] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5201 comm=syz.4.564
[   64.577888][ T4762] udevd[4762]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   64.604754][   T40] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   64.617359][   T40] EXT4-fs (loop2): This should not happen!! Data will be lost
[   64.617359][   T40] 
[   64.653877][ T3464] udevd[3464]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   64.665213][ T4762] udevd[4762]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   64.708382][ T5208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   64.726735][ T5208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   64.839275][ T5220] loop0: detected capacity change from 0 to 512
[   64.848980][ T5218] loop1: detected capacity change from 0 to 1024
[   64.857351][ T5218] EXT4-fs: Ignoring removed bh option
[   64.885507][ T5220] ext4 filesystem being mounted at /102/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   64.907763][ T5230] __nla_validate_parse: 10 callbacks suppressed
[   64.907781][ T5230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.570'.
[   64.950870][ T5218] netlink: 'syz.1.567': attribute type 3 has an invalid length.
[   64.958590][ T5218] netlink: 32 bytes leftover after parsing attributes in process `syz.1.567'.
[   65.068183][ T5239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.089031][ T5241] loop4: detected capacity change from 0 to 1024
[   65.095577][ T5239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.113146][ T5241] EXT4-fs: Ignoring removed bh option
[   65.144074][ T5241] netlink: 'syz.4.576': attribute type 3 has an invalid length.
[   65.151858][ T5241] netlink: 32 bytes leftover after parsing attributes in process `syz.4.576'.
[   65.293703][ T5256] loop3: detected capacity change from 0 to 164
[   65.386343][ T5263] loop1: detected capacity change from 0 to 512
[   65.597855][ T5263] ext4 filesystem being mounted at /129/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   65.612995][ T5270] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5270 comm=syz.3.580
[   66.038505][ T5286] netlink: 8 bytes leftover after parsing attributes in process `syz.1.588'.
[   66.109584][ T5286] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.142743][ T5291] loop3: detected capacity change from 0 to 1024
[   66.166033][ T5291] EXT4-fs: Ignoring removed bh option
[   66.194002][ T5286] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.228767][ T5291] netlink: 'syz.3.591': attribute type 3 has an invalid length.
[   66.236504][ T5291] netlink: 32 bytes leftover after parsing attributes in process `syz.3.591'.
[   66.236895][ T5300] loop4: detected capacity change from 0 to 2048
[   66.287133][ T5286] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.305928][ T5300] IPv6: Can't replace route, no match found
[   66.357522][ T5286] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.438637][ T5321] FAULT_INJECTION: forcing a failure.
[   66.438637][ T5321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   66.451842][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.3.600 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   66.451870][ T5321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   66.451902][ T5321] Call Trace:
[   66.451910][ T5321]  <TASK>
[   66.451918][ T5321]  dump_stack_lvl+0xf2/0x150
[   66.451949][ T5321]  dump_stack+0x15/0x1a
[   66.452055][ T5321]  should_fail_ex+0x24a/0x260
[   66.452091][ T5321]  should_fail+0xb/0x10
[   66.452117][ T5321]  should_fail_usercopy+0x1a/0x20
[   66.452148][ T5321]  strncpy_from_user+0x25/0x210
[   66.452171][ T5321]  ? kmem_cache_alloc_noprof+0x18e/0x320
[   66.452207][ T5321]  ? getname_flags+0x81/0x3b0
[   66.452241][ T5321]  getname_flags+0xb0/0x3b0
[   66.452273][ T5321]  user_path_at+0x26/0x120
[   66.452295][ T5321]  do_utimes+0xc7/0x1f0
[   66.452408][ T5321]  __x64_sys_futimesat+0xd4/0x1a0
[   66.452482][ T5321]  ? __bpf_trace_sys_enter+0x10/0x30
[   66.452511][ T5321]  x64_sys_call+0x2d2e/0x2dc0
[   66.452680][ T5321]  do_syscall_64+0xc9/0x1c0
[   66.452711][ T5321]  ? clear_bhb_loop+0x55/0xb0
[   66.452738][ T5321]  ? clear_bhb_loop+0x55/0xb0
[   66.452766][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.452830][ T5321] RIP: 0033:0x7feeb61ad169
[   66.452880][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.452899][ T5321] RSP: 002b:00007feeb4817038 EFLAGS: 00000246 ORIG_RAX: 0000000000000105
[   66.452919][ T5321] RAX: ffffffffffffffda RBX: 00007feeb63c5fa0 RCX: 00007feeb61ad169
[   66.452980][ T5321] RDX: 0000000000000000 RSI: 0000400000000240 RDI: ffffffffffffffff
[   66.452992][ T5321] RBP: 00007feeb4817090 R08: 0000000000000000 R09: 0000000000000000
[   66.453005][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.453025][ T5321] R13: 0000000000000000 R14: 00007feeb63c5fa0 R15: 00007ffef4197ff8
[   66.453047][ T5321]  </TASK>
[   66.688318][ T5326] loop4: detected capacity change from 0 to 2048
[   66.697699][ T5326] EXT4-fs: Ignoring removed orlov option
[   66.946095][ T5336] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5336 comm=syz.0.601
[   66.986290][   T29] kauditd_printk_skb: 540 callbacks suppressed
[   66.986373][   T29] audit: type=1107 audit(1740731700.839:3381): pid=5322 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[   67.362843][   T29] audit: type=1400 audit(1740731701.209:3382): avc:  denied  { append } for  pid=5346 comm="syz.0.607" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   67.441769][ T5347] loop0: detected capacity change from 0 to 764
[   67.473633][ T3680] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   67.503469][ T3680] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   67.516058][ T3680] EXT4-fs (loop4): This should not happen!! Data will be lost
[   67.516058][ T3680] 
[   67.525732][ T3680] EXT4-fs (loop4): Total free blocks count 0
[   67.531736][ T3680] EXT4-fs (loop4): Free/Dirty block details
[   67.537682][ T3680] EXT4-fs (loop4): free_blocks=2415919104
[   67.543421][ T3680] EXT4-fs (loop4): dirty_blocks=8192
[   67.548745][ T3680] EXT4-fs (loop4): Block reservation details
[   67.554748][ T3680] EXT4-fs (loop4): i_reserved_data_blocks=512
[   67.583330][ T5082] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   67.596135][ T5082] EXT4-fs (loop4): This should not happen!! Data will be lost
[   67.596135][ T5082] 
[   67.605842][   T29] audit: type=1326 audit(1740731701.429:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.629214][   T29] audit: type=1326 audit(1740731701.429:3384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.652598][   T29] audit: type=1326 audit(1740731701.429:3385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.675925][   T29] audit: type=1326 audit(1740731701.429:3386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.699352][   T29] audit: type=1326 audit(1740731701.429:3387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.782712][ T5350] loop0: detected capacity change from 0 to 512
[   67.790229][ T5352] loop2: detected capacity change from 0 to 1024
[   67.792448][   T29] audit: type=1326 audit(1740731701.619:3388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.804757][ T5350] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   67.819935][   T29] audit: type=1326 audit(1740731701.619:3389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5348 comm="syz.0.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c74c1d169 code=0x7ffc0000
[   67.830430][ T5352] EXT4-fs: Ignoring removed bh option
[   67.853018][   T29] audit: type=1326 audit(1740731701.629:3390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5353 comm="syz.4.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   67.881914][ T5356] loop4: detected capacity change from 0 to 1024
[   67.901060][ T5350] EXT4-fs (loop0): 1 truncate cleaned up
[   67.912860][ T5286] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.924934][ T5286] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.935208][ T5356] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c018, mo2=0002]
[   67.936644][ T5286] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.943424][ T5356] System zones: 0-1, 3-12
[   67.955115][ T5286] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.995358][ T5354] FAULT_INJECTION: forcing a failure.
[   67.995358][ T5354] name failslab, interval 1, probability 0, space 0, times 0
[   68.008164][ T5354] CPU: 1 UID: 0 PID: 5354 Comm: +}[@ Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   68.008200][ T5354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   68.008215][ T5354] Call Trace:
[   68.008222][ T5354]  <TASK>
[   68.008230][ T5354]  dump_stack_lvl+0xf2/0x150
[   68.008392][ T5354]  dump_stack+0x15/0x1a
[   68.008451][ T5354]  should_fail_ex+0x24a/0x260
[   68.008481][ T5354]  ? audit_log_d_path+0x8e/0x150
[   68.008537][ T5354]  should_failslab+0x8f/0xb0
[   68.008581][ T5354]  __kmalloc_cache_noprof+0x4e/0x320
[   68.008690][ T5354]  audit_log_d_path+0x8e/0x150
[   68.008731][ T5354]  audit_log_d_path_exe+0x42/0x70
[   68.008772][ T5354]  audit_log_task+0x1ec/0x250
[   68.008810][ T5354]  audit_seccomp+0x68/0x130
[   68.008896][ T5354]  __seccomp_filter+0x6fa/0x1180
[   68.008926][ T5354]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   68.008984][ T5354]  ? vfs_write+0x644/0x920
[   68.009015][ T5354]  __secure_computing+0x9f/0x1c0
[   68.009038][ T5354]  syscall_trace_enter+0xd1/0x1f0
[   68.009084][ T5354]  ? fpregs_assert_state_consistent+0x83/0xa0
[   68.009114][ T5354]  do_syscall_64+0xaa/0x1c0
[   68.009152][ T5354]  ? clear_bhb_loop+0x55/0xb0
[   68.009181][ T5354]  ? clear_bhb_loop+0x55/0xb0
[   68.009265][ T5354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.009326][ T5354] RIP: 0033:0x7f078f8fd169
[   68.009345][ T5354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.009367][ T5354] RSP: 002b:00007f078df61038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   68.009385][ T5354] RAX: ffffffffffffffda RBX: 00007f078fb15fa0 RCX: 00007f078f8fd169
[   68.009398][ T5354] RDX: 0400000000000000 RSI: 0000000000000000 RDI: 000000000000000b
[   68.009462][ T5354] RBP: 00007f078df61090 R08: 0000000000000000 R09: 0000000000000000
[   68.009477][ T5354] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[   68.009491][ T5354] R13: 0000000000000000 R14: 00007f078fb15fa0 R15: 00007ffc4419e348
[   68.009509][ T5354]  </TASK>
[   68.010312][ T5364] loop3: detected capacity change from 0 to 2048
[   68.032387][ T5350] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   68.063756][ T5364] EXT4-fs: Ignoring removed bh option
[   68.074883][ T5352] netlink: 'syz.2.610': attribute type 3 has an invalid length.
[   68.089755][ T5366] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=56 sclass=netlink_xfrm_socket pid=5366 comm=syz.1.613
[   68.091111][ T5352] netlink: 32 bytes leftover after parsing attributes in process `syz.2.610'.
[   68.262177][ T5366] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=51 sclass=netlink_xfrm_socket pid=5366 comm=syz.1.613
[   68.394626][ T3298] EXT4-fs unmount: 85 callbacks suppressed
[   68.394642][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.473351][ T5383] netlink: 96 bytes leftover after parsing attributes in process `syz.1.617'.
[   68.526262][ T5386] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   68.550441][ T5388] loop0: detected capacity change from 0 to 164
[   68.551787][   T40] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   68.583840][   T40] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   68.596149][   T40] EXT4-fs (loop3): This should not happen!! Data will be lost
[   68.596149][   T40] 
[   68.605872][   T40] EXT4-fs (loop3): Total free blocks count 0
[   68.611863][   T40] EXT4-fs (loop3): Free/Dirty block details
[   68.612559][ T5390] loop1: detected capacity change from 0 to 256
[   68.617788][   T40] EXT4-fs (loop3): free_blocks=2415919104
[   68.617805][   T40] EXT4-fs (loop3): dirty_blocks=8224
[   68.635216][   T40] EXT4-fs (loop3): Block reservation details
[   68.641217][   T40] EXT4-fs (loop3): i_reserved_data_blocks=514
[   68.655703][   T40] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   68.668306][   T40] EXT4-fs (loop3): This should not happen!! Data will be lost
[   68.668306][   T40] 
[   68.669907][ T5390] vfat: Bad value for 'shortname'
[   68.697237][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.761993][ T5401] loop2: detected capacity change from 0 to 2048
[   68.785210][ T5401] ext4: Bad value for 'journal_dev'
[   68.789578][ T5406] loop0: detected capacity change from 0 to 512
[   68.825109][ T5406] EXT4-fs: test_dummy_encryption option not supported
[   68.960188][ T5417] loop2: detected capacity change from 0 to 2048
[   68.970050][ T5417] EXT4-fs: Ignoring removed bh option
[   68.996781][ T5417] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.291897][ T5413] bridge0: port 3(hsr0) entered blocking state
[   69.298145][ T5413] bridge0: port 3(hsr0) entered disabled state
[   69.304858][ T5413] hsr0: entered allmulticast mode
[   69.309962][ T5413] hsr_slave_0: entered allmulticast mode
[   69.315628][ T5413] hsr_slave_1: entered allmulticast mode
[   69.346406][ T5413] hsr0: entered promiscuous mode
[   69.391090][ T5434] loop3: detected capacity change from 0 to 512
[   69.402005][ T5413] bridge0: port 3(hsr0) entered blocking state
[   69.408236][ T5413] bridge0: port 3(hsr0) entered forwarding state
[   69.489219][ T5436] loop1: detected capacity change from 0 to 1024
[   69.498876][ T5436] EXT4-fs: Ignoring removed bh option
[   69.501027][ T5434] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.541764][ T5434] ext4 filesystem being mounted at /112/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   69.562615][ T5436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.599989][ T5436] netlink: 'syz.1.634': attribute type 3 has an invalid length.
[   69.607786][ T5436] netlink: 32 bytes leftover after parsing attributes in process `syz.1.634'.
[   69.620656][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.649982][   T40] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   69.689116][ T5445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.698946][   T40] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   69.711186][   T40] EXT4-fs (loop2): This should not happen!! Data will be lost
[   69.711186][   T40] 
[   69.720875][   T40] EXT4-fs (loop2): Total free blocks count 0
[   69.726917][   T40] EXT4-fs (loop2): Free/Dirty block details
[   69.732898][   T40] EXT4-fs (loop2): free_blocks=2415919104
[   69.738688][   T40] EXT4-fs (loop2): dirty_blocks=8224
[   69.739082][ T5445] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.743965][   T40] EXT4-fs (loop2): Block reservation details
[   69.757783][   T40] EXT4-fs (loop2): i_reserved_data_blocks=514
[   69.873306][ T3681] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   69.889187][ T5464] vlan2: entered allmulticast mode
[   69.894785][ T5464] bond0: entered allmulticast mode
[   69.899970][ T5464] bond_slave_0: entered allmulticast mode
[   69.905734][ T5464] bond_slave_1: entered allmulticast mode
[   69.916182][ T5464] bond0: left allmulticast mode
[   69.921085][ T5464] bond_slave_0: left allmulticast mode
[   69.926688][ T5464] bond_slave_1: left allmulticast mode
[   69.986202][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.065382][ T5474] loop2: detected capacity change from 0 to 2048
[   70.072182][ T5474] EXT4-fs: Ignoring removed bh option
[   70.147429][ T5474] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.433060][ T5491] netlink: 96 bytes leftover after parsing attributes in process `syz.4.651'.
[   70.629684][ T5496] loop4: detected capacity change from 0 to 512
[   70.636455][ T5496] EXT4-fs: test_dummy_encryption option not supported
[   70.644543][ T5494] loop3: detected capacity change from 0 to 512
[   70.778262][ T5494] EXT4-fs warning (device loop3): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   70.795214][ T5494] EXT4-fs (loop3): mount failed
[   70.852407][   T40] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   71.100354][ T5505] FAULT_INJECTION: forcing a failure.
[   71.100354][ T5505] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.113522][ T5505] CPU: 1 UID: 0 PID: 5505 Comm: syz.0.654 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   71.113549][ T5505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   71.113641][ T5505] Call Trace:
[   71.113649][ T5505]  <TASK>
[   71.113658][ T5505]  dump_stack_lvl+0xf2/0x150
[   71.113687][ T5505]  dump_stack+0x15/0x1a
[   71.113713][ T5505]  should_fail_ex+0x24a/0x260
[   71.113749][ T5505]  should_fail+0xb/0x10
[   71.113801][ T5505]  should_fail_usercopy+0x1a/0x20
[   71.113835][ T5505]  _copy_to_user+0x20/0xa0
[   71.113858][ T5505]  simple_read_from_buffer+0xa0/0x110
[   71.113893][ T5505]  proc_fail_nth_read+0xf9/0x140
[   71.113945][ T5505]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   71.113974][ T5505]  vfs_read+0x19b/0x6f0
[   71.113999][ T5505]  ? __rcu_read_unlock+0x4e/0x70
[   71.114106][ T5505]  ? __fget_files+0x17c/0x1c0
[   71.114148][ T5505]  ksys_read+0xe8/0x1b0
[   71.114208][ T5505]  __x64_sys_read+0x42/0x50
[   71.114232][ T5505]  x64_sys_call+0x2874/0x2dc0
[   71.114280][ T5505]  do_syscall_64+0xc9/0x1c0
[   71.114349][ T5505]  ? clear_bhb_loop+0x55/0xb0
[   71.114383][ T5505]  ? clear_bhb_loop+0x55/0xb0
[   71.114412][ T5505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.114437][ T5505] RIP: 0033:0x7f8c74c1bb7c
[   71.114524][ T5505] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   71.114542][ T5505] RSP: 002b:00007f8c73281030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   71.114561][ T5505] RAX: ffffffffffffffda RBX: 00007f8c74e35fa0 RCX: 00007f8c74c1bb7c
[   71.114576][ T5505] RDX: 000000000000000f RSI: 00007f8c732810a0 RDI: 0000000000000006
[   71.114590][ T5505] RBP: 00007f8c73281090 R08: 0000000000000000 R09: 0000000000000000
[   71.114605][ T5505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   71.114672][ T5505] R13: 0000000000000000 R14: 00007f8c74e35fa0 R15: 00007fff9dd40218
[   71.114690][ T5505]  </TASK>
[   71.308888][   T40] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   71.321138][   T40] EXT4-fs (loop2): This should not happen!! Data will be lost
[   71.321138][   T40] 
[   71.330873][   T40] EXT4-fs (loop2): Total free blocks count 0
[   71.336923][   T40] EXT4-fs (loop2): Free/Dirty block details
[   71.342888][   T40] EXT4-fs (loop2): free_blocks=2415919104
[   71.348735][   T40] EXT4-fs (loop2): dirty_blocks=8224
[   71.354059][   T40] EXT4-fs (loop2): Block reservation details
[   71.360102][   T40] EXT4-fs (loop2): i_reserved_data_blocks=514
[   71.381307][   T28] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   71.409459][ T5512] loop1: detected capacity change from 0 to 512
[   71.530810][ T5512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.547943][ T5512] ext4 filesystem being mounted at /143/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   71.627599][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.673217][ T5524] netlink: 96 bytes leftover after parsing attributes in process `syz.3.662'.
[   71.776549][ T5537] loop2: detected capacity change from 0 to 2048
[   71.783377][ T5537] EXT4-fs: Ignoring removed bh option
[   71.821290][ T5535] loop0: detected capacity change from 0 to 2048
[   71.821459][ T5541] SELinux:  Context : is not valid (left unmapped).
[   71.830873][ T5535] EXT4-fs: Ignoring removed bh option
[   71.852407][ T5537] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.864578][ T5541] loop3: detected capacity change from 0 to 1024
[   71.873492][ T5541] EXT4-fs: Ignoring removed oldalloc option
[   71.879587][ T5541] EXT4-fs: Ignoring removed bh option
[   71.912829][ T5535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.926740][ T5541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.118944][   T40] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   72.145540][ T5559] netlink: 8 bytes leftover after parsing attributes in process `syz.4.671'.
[   72.174843][   T29] kauditd_printk_skb: 398 callbacks suppressed
[   72.174858][   T29] audit: type=1400 audit(1740731706.009:3789): avc:  denied  { ioctl } for  pid=5552 comm="syz.4.671" path="socket:[11812]" dev="sockfs" ino=11812 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   72.205803][   T29] audit: type=1400 audit(1740731706.019:3790): avc:  denied  { sys_module } for  pid=5552 comm="syz.4.671" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   72.228228][ T5568] SELinux: failed to load policy
[   72.234486][ T5568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.671'.
[   72.243369][ T5568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.671'.
[   72.413074][   T29] audit: type=1400 audit(1740731706.079:3791): avc:  denied  { load_policy } for  pid=5552 comm="syz.4.671" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   72.448626][   T40] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   72.460974][   T40] EXT4-fs (loop2): This should not happen!! Data will be lost
[   72.460974][   T40] 
[   72.470913][   T40] EXT4-fs (loop2): Total free blocks count 0
[   72.476972][   T40] EXT4-fs (loop2): Free/Dirty block details
[   72.482869][   T40] EXT4-fs (loop2): free_blocks=2415919104
[   72.488654][   T40] EXT4-fs (loop2): dirty_blocks=8224
[   72.493998][   T40] EXT4-fs (loop2): Block reservation details
[   72.500023][   T40] EXT4-fs (loop2): i_reserved_data_blocks=514
[   72.509977][   T40] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   72.526616][   T40] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   72.538913][   T40] EXT4-fs (loop0): This should not happen!! Data will be lost
[   72.538913][   T40] 
[   72.548688][   T40] EXT4-fs (loop0): Total free blocks count 0
[   72.554766][   T40] EXT4-fs (loop0): Free/Dirty block details
[   72.560740][   T40] EXT4-fs (loop0): free_blocks=2415919104
[   72.566479][   T40] EXT4-fs (loop0): dirty_blocks=8224
[   72.571779][   T40] EXT4-fs (loop0): Block reservation details
[   72.577787][   T40] EXT4-fs (loop0): i_reserved_data_blocks=514
[   72.587108][ T3681] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   72.589634][   T40] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28
[   72.609924][ T5568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.671'.
[   72.738306][ T5577] loop4: detected capacity change from 0 to 1024
[   72.765500][ T5577] EXT4-fs: Ignoring removed bh option
[   72.785567][   T40] ==================================================================
[   72.793679][   T40] BUG: KCSAN: data-race in __stop_tty / n_tty_receive_char
[   72.800887][   T40] 
[   72.803213][   T40] write to 0xffff8881182769bc of 1 bytes by task 5580 on cpu 0:
[   72.810846][   T40]  __stop_tty+0x42/0x90
[   72.815008][   T40]  n_tty_ioctl_helper+0x223/0x240
[   72.820047][   T40]  n_tty_ioctl+0xfd/0x200
[   72.824386][   T40]  tty_ioctl+0x87a/0xbe0
[   72.828642][   T40]  __se_sys_ioctl+0xc9/0x140
[   72.833240][   T40]  __x64_sys_ioctl+0x43/0x50
[   72.837839][   T40]  x64_sys_call+0x1690/0x2dc0
[   72.842527][   T40]  do_syscall_64+0xc9/0x1c0
[   72.847047][   T40]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.852946][   T40] 
[   72.855272][   T40] read to 0xffff8881182769bc of 1 bytes by task 40 on cpu 1:
[   72.862638][   T40]  n_tty_receive_char+0x3d/0x680
[   72.867578][   T40]  n_tty_receive_buf_standard+0x4bd/0x2e30
[   72.873406][   T40]  n_tty_receive_buf_common+0x830/0xbd0
[   72.878970][   T40]  n_tty_receive_buf2+0x33/0x40
[   72.883835][   T40]  tty_ldisc_receive_buf+0x63/0x100
[   72.889045][   T40]  tty_port_default_receive_buf+0x59/0x90
[   72.894779][   T40]  flush_to_ldisc+0x1ce/0x410
[   72.899467][   T40]  process_scheduled_works+0x4db/0xa20
[   72.904933][   T40]  worker_thread+0x51d/0x6f0
[   72.909528][   T40]  kthread+0x4ae/0x520
[   72.913618][   T40]  ret_from_fork+0x4b/0x60
[   72.918043][   T40]  ret_from_fork_asm+0x1a/0x30
[   72.922813][   T40] 
[   72.925135][   T40] value changed: 0x00 -> 0x01
[   72.929807][   T40] 
[   72.932125][   T40] Reported by Kernel Concurrency Sanitizer on:
[   72.938269][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u8:2 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[   72.948941][   T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   72.958998][   T40] Workqueue: events_unbound flush_to_ldisc
[   72.964815][   T40] ==================================================================
[   72.990491][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.000888][ T5577] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.023665][ T5577] netlink: 'syz.4.674': attribute type 3 has an invalid length.
[   73.031487][ T5577] netlink: 32 bytes leftover after parsing attributes in process `syz.4.674'.
[   73.042020][   T29] audit: type=1400 audit(1740731706.899:3792): avc:  denied  { unlink } for  pid=3307 comm="syz-executor" name="rdma.current" dev="tmpfs" ino=700 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":"
[   73.066720][   T29] audit: type=1326 audit(1740731706.899:3793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.4.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   73.090192][   T29] audit: type=1326 audit(1740731706.899:3794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.4.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   73.113723][   T29] audit: type=1326 audit(1740731706.899:3795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.4.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   73.137129][   T29] audit: type=1326 audit(1740731706.899:3796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.4.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   73.160582][   T29] audit: type=1326 audit(1740731706.899:3797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.4.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   73.183900][   T29] audit: type=1326 audit(1740731706.899:3798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.4.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f078f8fd169 code=0x7ffc0000
[   73.210313][ T5580] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5580 comm=syz.0.673
[   73.310290][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.