last executing test programs:

1.217573392s ago: executing program 3 (id=1442):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0)
truncate(&(0x7f0000000100)='./file0/file0\x00', 0x7)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000001400)=ANY=[], 0x835, 0x2)

1.11903029s ago: executing program 3 (id=1445):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
rt_sigsuspend(&(0x7f00000002c0)={[0x225c17d03]}, 0x8)

652.085867ms ago: executing program 4 (id=1455):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
unshare(0x4040080)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000240)='GPL\x00', 0x80000001, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000007fc0)=[{{&(0x7f0000000b80)={0xa, 0x4e25, 0x9, @rand_addr=' \x01\x00', 0x5}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000340)='P', 0x1}], 0x1}}], 0x1, 0x24004001)
shutdown(r3, 0x1)
setsockopt(r3, 0x84, 0x82, &(0x7f00000002c0)="1af3050000f20800", 0x8)
unshare(0x2c020400)

607.601211ms ago: executing program 4 (id=1458):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000730000"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)

545.742106ms ago: executing program 4 (id=1460):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xb9f6084ab722cbce, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESDEC=0x0], 0x0, 0x80, 0x4c, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) (async, rerun: 64)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) (rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = fsopen(&(0x7f00000002c0)='nilfs2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x2, 0x4, 0x7ffc1ffb}]})
r4 = add_key$fscrypt_v1(&(0x7f0000001000), &(0x7f0000001040)={'fscrypt:', @auto=[0x3a, 0x66, 0x63, 0x35, 0x66, 0x39, 0x62, 0x36, 0x31, 0x31, 0x61, 0x30, 0x62, 0x39, 0x32, 0x32]}, &(0x7f0000001080)={0x0, "ddbccf094c5457df7a3f7457a4e81d59f6bffca5bf7c026c91255969954a3cec19ae878c0ca3fce72e29df4e4dbd001eb127ffbed6cc47890c19c3edc50daa56", 0x26}, 0x48, 0xfffffffffffffffe) (async, rerun: 64)
fchdir(0xffffffffffffffff) (rerun: 64)
keyctl$setperm(0x5, r4, 0x13220c28)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x10, 0x7ffc1ffb}]}) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x25, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c0001"], 0xdc}}, 0x0) (async, rerun: 32)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (rerun: 32)
pipe2(&(0x7f0000000c40)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x4800)
vmsplice(r6, 0x0, 0x0, 0xa) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r7}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000008c0)=ANY=[@ANYRES8=r7, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
iopl(0x1) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) (async)
statfs(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) (async, rerun: 32)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r9, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="000427bdbd00fddbdf210e0000000500370000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000801)

444.713224ms ago: executing program 4 (id=1465):
socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)=0x1)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2)

361.82133ms ago: executing program 2 (id=1472):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3c8a2bddb1182129, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000780)=""/73)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2, 0x0, 0x200000000000006}, 0x18)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r3, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

361.48523ms ago: executing program 0 (id=1473):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3c8a2bddb1182129, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000780)=""/73)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x200000000000006}, 0x18)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

352.879202ms ago: executing program 4 (id=1474):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c72, &(0x7f0000000340)={[{@jqfmt_vfsv1}, {@acl}]}, 0xff, 0x260, &(0x7f0000000880)="$eJzs3U9IHFccB/DfzO7WqovY9lIo/QOllFYQeyv0Yi8tCEWklEJbsJTSS4sWjJKb5pRLDskxJMFTLhJyi8kxeJFcEgI5mcSDuQQSySGSQxLYsDsm+GeNxl13g/P5wDgz+ub93uB83wzCuAHkVm9EDEZEISL6IqIUEcnGBp9lS+/67mzn4mhEpfLzo6TWLtuvSl8d1x0RMxHxbUQspEn8W4yYmv995cnSj1+emCx9cX7+t84Wn2bN6sryT2vnho9fGvpm6satB8NJDEZ503k1X1Lne8Uk4v2DKPaWSIrtHgF7MXL04u1q7j+IiM9r+S9FGtkv7+TEOwul+PrsTseeenjzo1aOFWi+SqVUvQfOVIDcSSOiHEnaX3uCr26naX9/9gx/p9CV/jc+caTvn/HJsb/bPVMBzVKOWP7hSsfl7i35v1/I8g8cUtkfpZZ/GZm7W91YK9Rt1dPaQQEH7uNsVb3/9/05/VXsnH/gkJJ/yC/5h/ySf8gv+Yf8kn/IqZL8Q57JP+SX/EN+7Tv/p58f3KCAltiYfwAgXyod+3pruPkvIgMt1+75BwAAAAAAAAAAAAAAAAAA2G62c3H05dKcHou7trh2JmL1+6zp9vqF2ucRR7xb+9r1ONnUY7KnCq/3x6cNdtCgC21++7rnXnvrX/+kvfWnxyJmjkXEQLG4/fpL1q+//Xtvl5+X/mqwwBtKtux/92tr62/1bK699YeWIq5W55+BevNPGh/W1vXnn3L2b9Qb8v/TBjsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgZV4EAAD//1SRbe0=")
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x4370, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98)
splice(r1, 0x0, r4, 0x0, 0x80, 0x8)
splice(r3, 0x0, r2, 0x0, 0x100000004, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000075b095e0ab"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000611858000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x40f00, 0x4b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x1000, <r6=>0x0}, 0x8)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000005000000000000000200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200080000eaffb6030000000000008500000083000000bf090000000000145509010000000000950012000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000f10000850000008600000018110000", @ANYRES8=r0, @ANYBLOB="0000000000000000850000006d000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
r8 = syz_open_dev$usbfs(&(0x7f0000000280), 0xedfb, 0x200000)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r5, 0x400c6615, &(0x7f00000002c0))
mmap$usbfs(&(0x7f0000226000/0x1000)=nil, 0x1000, 0x0, 0x100010, r8, 0x1)

324.852474ms ago: executing program 2 (id=1475):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0)
truncate(&(0x7f0000000100)='./file0/file0\x00', 0x7)

320.221204ms ago: executing program 0 (id=1476):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = dup(r2)
ioctl$PTP_EXTTS_REQUEST2(r3, 0x43403d05, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x45}}}}}, 0x28}}, 0x4000054)
setresgid(0x0, 0x0, 0xee00)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818, &(0x7f0000002080)={[], [], 0x2c}, 0x0, 0x4e4, &(0x7f0000000240)="$eJzs3UtvVFUcAPD/TN8CdsQnD6WKxsYHpeW50IVGEzYmJhqDy9oWghQwtCZAGltdYGKihk/gY2fiJ3ClG6OuNG41bo0JMd2ALsw1Z+ZOmTJ9De200Pn9koFz7tw755x7zqHnwZ0G0LL60h+FiK0R8VtE9Fai80/oq/x1fXZq5J/ZqZFCZNlrfxfK512bnRqpnlq9bkse6S9GFLsidi2Q7sTFS6eHx8fHzufxgcliHjozfHLs5NjZoaNHDx7oOXJ46NCalDPl6drO987t3nHszSuvjBy/8taPX6f8Zvn7teWoKDWYQlvdkb7om38vazzR4Kff7rbVhAvtG5gRGpJabaqujnL/7422uFF5vfHyBxuaOaCpsizLuuqOzv0sm8lqFQqVC4BNorDyLp3GxE3NC7Ceqj/or82mmerUSP08eHO7+kKUZ0Cp3NfzV+Wd9iimOXypMjfqaFL690XE8Zl/P0uvqFuHaFaqAEAr+zaNf56pjDuqr8o7xXig5ry7872hUkTcExHbI+LefPxyf0T53Acj4qHonLsmjSjr15bm67spXj/+/KVnlUVcUhr/PZfvbc0f/1X3o6LUlse2lcvfUThxanxsf35P+qOjK8UH6z75wvPV0Hcv/frpYun31Yz/0iulXx0L5vn4q/2mmzg6PDm86oLnrr5fntJP15e/MLcTkOpxR0TsXMkHds+Ppnt26qmvdi92+vLl/2TxtNZgnyn7IuLJSv3PxE3lTzrz0MDkmXcGJi5eevZU7f7k4JHDQ4cGumN8bP9AtVXU++nny6/mwboB/fLlb65U/3ct2P7ndi5Lhdr92onG07j8+4eLzilvtf13Fl4vh1P9fJx62/Dk5PnBiM7CzNzxqB4funHtheGeG8cHK+Xv37tw/98e8d/n+XW7IiI14ocj4pGI2JPn/dGIeCwi9i5R/h9efPztxSZzt0P9jzZU/40H2k5//01dwh/1rbD8qf4PlkP9+ZHR4cnu5cq10gyu+gYCAADAHWBPRGyNQnFfZY0zm44o7tsXsWVuBWVi8ukT5949O1p5RqAUHcXqSldvzXroYL42nOLpqqGI9lLN+wfK68ZZlmU9KZ7m7+PbNrbo0PK25P2/O9/j2BrFcv9P/qx/pAXYbBraR1vsiTbgjnTr++jZmuYDWH+e14bWpf9D61px//c8Gmw6C/X/6YjrG5AVYJ0t1P/f2IB8AOvP/B9al/4PrUv/h5a0muf6lwpsP7bEOYX25iS6eKAYS38LQCmieqT6HxyX/sA/ihFrk8O2NS1pzwrqtDvWIq0oLntOewNfxJAHqr87oMlNori+zW/pQFdELNN65xrbdDVwqdkZK1fDlxv4TxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCa+D8AAP//sMPOPQ==")
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32=r4, @ANYRES32=r7, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000380)={<r10=>0xffffffffffffffff}, 0x2, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r8, &(0x7f0000000280)={0x13, 0x10, 0xfa00, {0x0, r10, 0x1}}, 0x18)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r11}, 0x10)
syz_emit_ethernet(0x12, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}, @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x5}}, {@generic={0x88fb}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000001940)='kmem_cache_free\x00', r6}, 0x18)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x40, @mcast1}, 0x1c)
syz_emit_ethernet(0xc6, &(0x7f00000007c0)={@local, @link_local, @val={@val={0x88a8, 0x0, 0x0, 0x4}, {0x8100, 0x6, 0x0, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649244e2dbc43efa86973faa71c00002e4451b57d037ad3040000002425010017b5191584cdd4fbe40a0b424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "0b000000c54af6e8dafe0800"}}}}}}}, 0x0)

303.956335ms ago: executing program 1 (id=1477):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = gettid()
ptrace(0x10, r1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10)
sendmsg$tipc(r3, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80)
r4 = dup3(r2, r3, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)

229.711941ms ago: executing program 3 (id=1478):
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000240)='./file1\x00', 0x2000010, &(0x7f0000000540)=ANY=[], 0x1, 0x1ff, &(0x7f00000002c0)="$eJzs3MtqU1scBvB12p5ecuhldEAnLnSik02tTxCkBTGg1EbUgbBLUw2JSckOmoiDjh35HMWhM0F8gb6FsyJIRx0ZaZNerTqxjZLfD8L6wkdgLULCfweytx68eVZZzZLVtBmGxmMYCmE97IQws5t6/umtQ3t5NBy1Hq7NPt9+fe/ho9v5QmF+McaF/NKNuRjj1KUPL169vfyx+d/9d1Pvx8LmzOOtL3OfNv/fvLD1delpOYvlLNbqzZjG5Xq9mS5XS3GlnFWSGO9WS2lWiuVaVmoc61er9bW1dkxrK5O5tUYpy2Jaa8dKqR2b9dhstGP6JC3XYpIkcTIX+JXixuJimu/3LjhbjUY+HQ4hTHzXFDf6siEAoK/M/4PM/D8Iduf/XO/ze5z5HwAAAAAAAAAAAAAA/gY7nc50p9OZ3l/3H2MhhPEQwv7zfu+Ts+H9H2xH/rg3HsLn9VaxVeyu3X7hVmF+Nu6ZOXzVdqtVHD7or3f7eLz/N+R6/dyp/Wi4eqXb73Y37xRO9BNh5eyPDwAAAAMhiQdOvb5Pkh/13XTk94ET1+8j4eLIuR0DAAAA+Ims/bKSVqulhiAIwkHo9zcTAADwux0O/f3eCQAAAAAAAAAAAAAAAAAAAAyu87idWL/PCAAAAAAAAAAAAAAAAAAAAAAAAH+KbwEAAP//VuHQrA==")
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
pread64(r0, &(0x7f0000001b80)=""/4084, 0xff4, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a4"], 0xe8}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000040)=0x1c, 0x4)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000240)='./file1\x00', 0x2000010, &(0x7f0000000540)=ANY=[], 0x1, 0x1ff, &(0x7f00000002c0)="$eJzs3MtqU1scBvB12p5ecuhldEAnLnSik02tTxCkBTGg1EbUgbBLUw2JSckOmoiDjh35HMWhM0F8gb6FsyJIRx0ZaZNerTqxjZLfD8L6wkdgLULCfweytx68eVZZzZLVtBmGxmMYCmE97IQws5t6/umtQ3t5NBy1Hq7NPt9+fe/ho9v5QmF+McaF/NKNuRjj1KUPL169vfyx+d/9d1Pvx8LmzOOtL3OfNv/fvLD1delpOYvlLNbqzZjG5Xq9mS5XS3GlnFWSGO9WS2lWiuVaVmoc61er9bW1dkxrK5O5tUYpy2Jaa8dKqR2b9dhstGP6JC3XYpIkcTIX+JXixuJimu/3LjhbjUY+HQ4hTHzXFDf6siEAoK/M/4PM/D8Iduf/XO/ze5z5HwAAAAAAAAAAAAAA/gY7nc50p9OZ3l/3H2MhhPEQwv7zfu+Ts+H9H2xH/rg3HsLn9VaxVeyu3X7hVmF+Nu6ZOXzVdqtVHD7or3f7eLz/N+R6/dyp/Wi4eqXb73Y37xRO9BNh5eyPDwAAAAMhiQdOvb5Pkh/13XTk94ET1+8j4eLIuR0DAAAA+Ims/bKSVqulhiAIwkHo9zcTAADwux0O/f3eCQAAAAAAAAAAAAAAAAAAAAyu87idWL/PCAAAAAAAAAAAAAAAAAAAAAAAAH+KbwEAAP//VuHQrA==") (async)
syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') (async)
pread64(r0, &(0x7f0000001b80)=""/4084, 0xff4, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a4"], 0xe8}, 0x1, 0x0, 0x0, 0x40080}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000040)=0x1c, 0x4) (async)

229.024761ms ago: executing program 2 (id=1479):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436", 0x28}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

219.520472ms ago: executing program 0 (id=1480):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000100000000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00'}, 0x10)
r1 = io_uring_setup(0x1614, &(0x7f0000000300)={0x0, 0x0, 0x100, 0x0, 0x3})
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000100)=0x2000004)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x78, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
mount_setattr(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x8800, &(0x7f00000001c0)={0xc, 0x70, 0x20000}, 0x20)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000280)='\x00!', 0x2}], 0x1, 0x7, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0xfffffffffffff001}, 0x18)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0) (fail_nth: 6)
io_uring_register$IORING_REGISTER_BUFFERS2(r1, 0xf, &(0x7f0000001580)={0x2, 0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000040)=""/155, 0x9b}, {0x0}], &(0x7f00000012c0)}, 0x20)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x8000001f)
fcntl$notify(r8, 0x402, 0x3)

194.918844ms ago: executing program 1 (id=1481):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

156.114528ms ago: executing program 0 (id=1482):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005940)={0x68, 0x2, 0x6, 0x281, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0, 0x0, 0xfffffffc}]}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000804}, 0x20048888)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x1)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000080000000a90000000030a0300000000000000000002e000000c00020000000000000000010900010073797a30"], 0xb8}}, 0x0)

155.600237ms ago: executing program 1 (id=1483):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x1, 0x301, 0x0, 0x0, {0xd, 0x0, 0xa}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8010)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fstatfs(r1, &(0x7f00000000c0)=""/103)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r3, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd)

108.882381ms ago: executing program 2 (id=1484):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000080)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r3, 0x4018f50b, &(0x7f0000000000)={0x1, 0x80, 0x2})
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=ANY=[@ANYBLOB="f000000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb0000fff720000001000000003b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="640101006c000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000ff04000000000000000000000000000000000000000080000004000000000000000000004000000000000000000000000000000000000000000000000025bd700000000000020000010000000000000000"], 0xf0}}, 0x4810)

108.001411ms ago: executing program 2 (id=1485):
socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)=0x1)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2)

107.838401ms ago: executing program 3 (id=1486):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3c8a2bddb1182129, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000780)=""/73)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2, 0x0, 0x200000000000006}, 0x18)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r3, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

98.832682ms ago: executing program 1 (id=1487):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000700000085000000110000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffc}]})
mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0)

68.884024ms ago: executing program 0 (id=1488):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x1, <r2=>0x0}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x5, 0xc, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0, @ANYRES8=r0], &(0x7f0000000000)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1f, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffeaf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x19}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}, 0x1, 0x0, 0x0, 0x20000805}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000001c000000180001801400020074756e6c30"], 0x2c}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r9}, 0x10)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8008a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
close(r11)
recvmsg$unix(r10, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r12=>0xffffffffffffffff]}}], 0x18}, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xb, &(0x7f0000001140)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000010a850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r13}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000000000008100000081"], 0x50)
write$cgroup_subtree(r12, &(0x7f0000000000)=ANY=[], 0x15)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

60.566845ms ago: executing program 3 (id=1489):
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x5)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000000109010400000000000000000500000408000519b5df400000000808a6a0eef2779bea83b6852b49ac80b058ea660006405e273243b87aab8215000000000900010073797a31a57006700c000480080001400000007708"], 0x44}}, 0x400d0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r1, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1, 0x0, 0x0, 0xa00}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)

56.212335ms ago: executing program 1 (id=1490):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0)
truncate(&(0x7f0000000100)='./file0/file0\x00', 0x7)

16.849749ms ago: executing program 4 (id=1491):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000c40)='./file0\x00', 0x808080, &(0x7f0000000c80)={[{@discard}, {@bh}, {@noblock_validity}]}, 0x2c, 0x52c, &(0x7f0000000640)="$eJzs3d9rY1kdAPBvMv2Rdjrbru7DKuqO6+oowyRtZrcs+6DriyDLssK6TyKzpc2U0qQpTbpua8EO+Oar4IBP+if4IPggzJPvvumbLyMojDo4TAWRyE1uOm2adMq0aWaazwcuOefc2/s9J3DP6T1J7glgaF2NiN2IGIuIjyNiOi3PpFu829qS4x4/3Fnce7izmIlG48N/jqRH7iy2j2+7nJ4zF/FBkh/vEre2tb26UC6XNtJ8oV5ZL9S2tm+sVBaWS8ultWJxfm5+9u2bbxXPrK2vVX7z4Dsr7330+9998f4fd7/x46TO32rtGkvadmaBDmi9L6MxdaAseefe60ewAbiUtmds0BXhmWQj4jMR8Xqa3pcbXJ0AgP5qNKajMX0w31vmBMcAAM+/5J5/KjLZfHr/PxXZbD7fnMPLvRKT2XK1Vr9+u7q5thTNOayZGM3eXimXZtO5wpkYzST5uWb6Sb7Ykb8ZES9HxM/HJ5r5/GK1vDSof3oAYMhd7hj/H423xv8T8AkBALzIjOQAMHyOjv+jA6kHAHB+3P8DwPA5MP53+60uAHAB5Tp++w8AXHwH7v9Huh7wavzkh+dXHQDgHPj8HwCGyvfefz/ZGnvp86+XPtnaXK1+cmOpVFvNVzYX84vVjfX8crW63HxmT+Vp5ytXq+tzb8bmp4V6qVYv1La2b1Wqm2v1W83net8q+WEBAAzey6/d+3MmInbfmWhu0V7LwRcC4MJzmcPwujToCgAD0/37PsAwMB8PZJ6yv+dXhO72/puJU9QH6L9rn+sx/9/tf4M7+6n/Nc6vikCfmP+H4XW6+X+zB/AiM/8Pw6vRyFjPHwCGzAnu4H1FEC64Z/78HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYVHPLZPPpWuBTkc3m8xFXImJmYjRze6Vcmo2IlyLiT+Oj40l+btCVBgBOKfv3TLr+17XpN6Y6945l/jPefI2IH/3yw198ulCvb8wl5f/aL6/fTcuLXQOM978NAMABI50F7XG6PY631/d9/HBnsb2dZwUffLu1uGgSdy/d2lVvVT4XoxEx+e/MocZkzmhh4t07EfFqZ/uz+/tn0pVPO+Mnsa/0LX40Wzh1KH72UPxsc1/rNXkvPnsGdYFhcy/pf97tdv1l42rzNb3+Moc701z87Gjn+gza/d9eo7P/a13vH1zJNfuabv3f1ZPGePMP3+25786lxudHIvaO9L/tFaFzzdSR+CMRb3Q74U+/+Wizo+gvX/jS673iN34VcS2Oi99KFeqV9UJta/vGSmVhubRcWisW5+fmZ9+++Vax0JyjLrRnqo/6xzvXX+rd/ojJHvFzx7U/Ir7a66Qdfv3fj3/w5WPif/0r3eJn45Vj4idj4tdOGH9h8rc9l+9O4i/1aP/Iofhjh/4uKbt+wvj3/7q9dMJDAYBzUNvaXl0ol0sbEqdN5Pp15svPSQMleiT+9tGha2rg9TmTxMC6JOCcPLnoB10TAAAAAAAAAAAAAACgl9r300f+9fHHcINuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX/wMAAP//OkHLZw==")
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002680)=ANY=[@ANYBLOB="140000001000010000000000000007000000000a60000000060a0b0400000000000000000200000034000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c617374000000000900010073797a30000000000900020073797a320000000014000000"], 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x0)

9.086809ms ago: executing program 0 (id=1492):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10)
sendmsg$tipc(r2, &(0x7f00000008c0)={&(0x7f0000000600)=@name={0x1e, 0x2, 0x0, {{0xc03}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80)
r3 = dup3(r1, r2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r3, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88)

1.04062ms ago: executing program 3 (id=1493):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=")
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00'}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=ANY=[], 0x835, 0x0)
truncate(&(0x7f0000000100)='./file0/file0\x00', 0x7)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000001400)=ANY=[], 0x835, 0x2)

565.02µs ago: executing program 1 (id=1494):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f8303752cd734449b668550c1f932d2b7163be4b2b9df194609a7a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db93c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf045a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c00000000000000000000000000000000e9ffffffffffffff000069c3288311b7414705e975eb3f0000", @ANYRES64], 0x8, 0x302, &(0x7f0000019380)="$eJzs3E1PE2sUwPHTF0pbAmVxc2/uTW54cu/m3s0Eqm6VxkBibCJBanxJTAaYatOxJZ0GU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGGs6bzQUloKdGx5+f8SMgfOc2aeZzqQMw2d7duvHuWzlpbVyxKMKgmIiOyIjEpQPAF3G7TjiDR6Lv8Pff3w9807d6+n0umpWaWmU3MXkkqpkbG3j5/G3GEbg7I1en/7S/Lz1u9bf25XVx7mLJWzVKFYVrqaL34q6/OmoRZzVl5TasY0dMtQuYJllJx80clnzeLSUkXphcXh+FLJsCylFyoqb1RUuajKpYoKPdBzBaVpmhqOCzrJrM7O6qljFi/4PBn8IqVSpE0ms9rjqQAAgBOguf8PivKz/1/7Z7M8dGt9xO3/NyJO//9jrrH/v/jR2dee/j8qIi37f+/4Lft//Wj9f8yv03hKddX/42QY29/dB+phLVlK6XH399f24t7auB3Q/wMAAAAAAAAAAAAAAAAAAAAAcBrsVKuJarWa8Lbe16CIREXE+75FaUhErvRhyvBRF68/zoD6B/fCIyLmy+XMcsbZugM2RcQUQ8YlId/t68FVi71PHqmaUXlnrrj1K8uZkJ1JZSVn109IYsC5nsLOxtnX9LX01IRy7K0fkHhjfVIS8lvz8Z36ZMv6iPz3b0O9Jgl5vyBFMWXRnkC9/tmEUldvpJvqY/Y4AAAAAADOAk3tann/rmnt8k797v118/sDofr99XjL+/Ow/BXu79oBAAAAADgvrMqTvG6aRumAICadx3QM3Gf8yr5UuNs9twm8FR62yvtfBp+ncbjAO/ieVNQ7ZX6flsARTkubICjHqRqrrUZ1uwrvbaN2Y2RmsvevoB388frNN/92eHk92mGlxw9CB18AAz354wMAAACgp+pNv/eTyf5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAc2jf078uRX1/Olq/1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFD8DAAD//0Ol/Yc=") (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
r0 = socket$key(0xf, 0x3, 0x2) (rerun: 32)
sendmsg$key(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x2, 0xe, 0xff, 0x8, 0x9, 0x0, 0x70bd2c, 0x25dfdbfd, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e22, 0x5, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0xfffffffd}}]}, 0x48}}, 0x46800)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r1}, 0x38)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async, rerun: 32)
r3 = creat(&(0x7f0000000100)='./file0\x00', 0xd0)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="6c00000002060103000000000000000000000004050005000000000005b801000700000034000780080008400000004008001740fffffffa060004404e200000050014008100004a9886be3a991c53416e9d6b00060005404e2000df07000640000003ff13000300686173683a6e65742c69666163650000"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x4004000) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
mmap(&(0x7f00001f8000/0x3000)=nil, 0x3000, 0x300000b, 0x4010, 0xffffffffffffffff, 0xec776000)
getresgid(&(0x7f0000002fc0), &(0x7f0000003000), &(0x7f0000003040)) (async)
ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f00000003c0)={0x0, @hci={0x1f, 0x4, 0x1}, @phonet={0x23, 0x16, 0x6}, @sco={0x1f, @none}, 0x101, 0x0, 0x0, 0x0, 0x2, 0x0, 0x101, 0xfffffffffffffffd, 0x866}) (async)
fsetxattr$security_selinux(r4, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)

0s ago: executing program 2 (id=1495):
timer_create(0x2, &(0x7f0000000140)={0x0, 0x12, 0x2}, &(0x7f0000044000))
rt_sigaction(0x12, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff, {[0x400]}}, 0x0, 0x8, &(0x7f0000000180))
timer_settime(0x0, 0x1, &(0x7f0000000240)={{}, {0x0, 0x9}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x20, &(0x7f0000000040)={&(0x7f0000000680)=""/220, 0xdc, 0x0, &(0x7f0000000a00)=""/154, 0x9a}}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

'syz.0.737': attribute type 13 has an invalid length.
[   88.504628][ T5869] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   88.546207][ T5881] loop1: detected capacity change from 0 to 512
[   88.553020][ T5881] EXT4-fs: Ignoring removed bh option
[   88.560303][ T5881] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   88.569917][ T5881] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   88.591537][ T5881] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[   88.616031][ T5881] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   88.625593][ T5890] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma?
[   88.637904][ T5881] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.687024][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.734990][ T5892] netlink: 96 bytes leftover after parsing attributes in process `syz.1.744'.
[   88.744026][ T5892] netlink: 80 bytes leftover after parsing attributes in process `syz.1.744'.
[   89.020357][ T5894] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma?
[   89.162460][ T5899] netlink: 12 bytes leftover after parsing attributes in process `syz.2.746'.
[   89.470050][ T5909] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   89.470050][ T5909]    program syz.3.750 not setting count and/or reply_len properly
[   89.503026][   T29] kauditd_printk_skb: 288 callbacks suppressed
[   89.503045][   T29] audit: type=1400 audit(1755494537.991:3724): avc:  denied  { create } for  pid=5910 comm="syz.3.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   89.532919][   T29] audit: type=1400 audit(1755494538.001:3725): avc:  denied  { write } for  pid=5910 comm="syz.3.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   89.583093][ T5915] lo speed is unknown, defaulting to 1000
[   89.691535][ T5929] lo speed is unknown, defaulting to 1000
[   89.887750][ T5938] netlink: 14 bytes leftover after parsing attributes in process `syz.1.760'.
[   89.904372][ T5941] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma?
[   89.916523][   T29] audit: type=1326 audit(1755494538.411:3726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   89.940750][   T29] audit: type=1326 audit(1755494538.411:3727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   89.965078][ T5938] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   89.976567][ T5938] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   89.985735][   T29] audit: type=1326 audit(1755494538.421:3728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   90.009404][   T29] audit: type=1326 audit(1755494538.421:3729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   90.032905][   T29] audit: type=1326 audit(1755494538.421:3730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   90.056432][   T29] audit: type=1326 audit(1755494538.421:3731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   90.079983][   T29] audit: type=1326 audit(1755494538.421:3732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   90.103454][   T29] audit: type=1326 audit(1755494538.421:3733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.2.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   90.129116][ T5938] bond0 (unregistering): Released all slaves
[   90.365476][ T5962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   90.374604][ T5962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   90.430130][ T5975] netlink: 'syz.0.770': attribute type 30 has an invalid length.
[   90.482308][ T5976] loop4: detected capacity change from 0 to 512
[   90.488964][ T5976] EXT4-fs: Ignoring removed bh option
[   90.498141][ T5976] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   90.507242][ T5976] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   90.526869][ T5976] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[   90.533336][ T5980] loop0: detected capacity change from 0 to 1024
[   90.539160][ T5976] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   90.543435][ T5980] journal_path: Non-blockdev passed as './bus'
[   90.552288][ T5976] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.557201][ T5980] EXT4-fs: error: could not find journal device path
[   90.751457][ T5989] vhci_hcd: default hub control req: 0310 v0009 i0003 l0
[   90.845206][ T5997] netlink: 128 bytes leftover after parsing attributes in process `syz.2.780'.
[   90.877013][ T5997] loop7: detected capacity change from 0 to 7
[   90.884643][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   90.893930][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[   90.903868][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   90.906203][ T6004] loop0: detected capacity change from 0 to 164
[   90.913169][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[   90.927757][ T5997]  loop7: unable to read partition table
[   90.937496][ T5997] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[   90.969854][ T6004] syz.0.782: attempt to access beyond end of device
[   90.969854][ T6004] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   90.983994][ T6004] syz.0.782: attempt to access beyond end of device
[   90.983994][ T6004] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164
[   90.986867][ T6015] netlink: 'syz.1.785': attribute type 30 has an invalid length.
[   91.017277][ T6017] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma?
[   91.156159][ T6024] loop1: detected capacity change from 0 to 512
[   91.163169][ T6024] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   91.269888][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.336034][ T6034] loop1: detected capacity change from 0 to 1024
[   91.342748][ T6034] journal_path: Non-blockdev passed as './bus'
[   91.349026][ T6034] EXT4-fs: error: could not find journal device path
[   91.410354][ T6041] loop1: detected capacity change from 0 to 512
[   91.422402][ T6041] EXT4-fs: Ignoring removed bh option
[   91.427988][ T6041] ext4: Unknown parameter 'nouser_xattr'
[   91.435587][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.794'.
[   91.520897][ T6046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.529810][ T6046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.549361][ T6046] binfmt_misc: register: failed to install interpreter file ./file0
[   91.564968][ T6050] loop4: detected capacity change from 0 to 1024
[   91.583326][ T6050] EXT4-fs: Ignoring removed orlov option
[   91.645819][ T6050] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.662546][ T6050] FAULT_INJECTION: forcing a failure.
[   91.662546][ T6050] name failslab, interval 1, probability 0, space 0, times 0
[   91.675400][ T6050] CPU: 0 UID: 0 PID: 6050 Comm: syz.4.799 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   91.675435][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   91.675448][ T6050] Call Trace:
[   91.675455][ T6050]  <TASK>
[   91.675463][ T6050]  __dump_stack+0x1d/0x30
[   91.675487][ T6050]  dump_stack_lvl+0xe8/0x140
[   91.675528][ T6050]  dump_stack+0x15/0x1b
[   91.675548][ T6050]  should_fail_ex+0x265/0x280
[   91.675572][ T6050]  should_failslab+0x8c/0xb0
[   91.675648][ T6050]  kmem_cache_alloc_lru_noprof+0x55/0x310
[   91.675690][ T6050]  ? __d_alloc+0x3d/0x340
[   91.675722][ T6050]  __d_alloc+0x3d/0x340
[   91.675829][ T6050]  d_alloc_parallel+0x53/0xc60
[   91.675862][ T6050]  ? __rcu_read_unlock+0x4f/0x70
[   91.675963][ T6050]  ? __d_lookup+0x316/0x340
[   91.675996][ T6050]  ? try_to_unlazy+0x25e/0x3a0
[   91.676029][ T6050]  path_openat+0x6b5/0x2170
[   91.676130][ T6050]  do_filp_open+0x109/0x230
[   91.676154][ T6050]  do_sys_openat2+0xa6/0x110
[   91.676188][ T6050]  __x64_sys_openat+0xf2/0x120
[   91.676340][ T6050]  x64_sys_call+0x2e9c/0x2ff0
[   91.676362][ T6050]  do_syscall_64+0xd2/0x200
[   91.676391][ T6050]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   91.676440][ T6050]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   91.676548][ T6050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.676571][ T6050] RIP: 0033:0x7f9cb6d2ebe9
[   91.676588][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.676608][ T6050] RSP: 002b:00007f9cb5797038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   91.676631][ T6050] RAX: ffffffffffffffda RBX: 00007f9cb6f55fa0 RCX: 00007f9cb6d2ebe9
[   91.676646][ T6050] RDX: 000000000000275a RSI: 0000200000000600 RDI: ffffffffffffff9c
[   91.676706][ T6050] RBP: 00007f9cb5797090 R08: 0000000000000000 R09: 0000000000000000
[   91.676718][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.676729][ T6050] R13: 00007f9cb6f56038 R14: 00007f9cb6f55fa0 R15: 00007ffe4f1b4bb8
[   91.676747][ T6050]  </TASK>
[   91.678528][ T6052] netlink: 204 bytes leftover after parsing attributes in process `syz.1.800'.
[   91.951841][ T6056] loop1: detected capacity change from 0 to 512
[   92.007426][ T6056] EXT4-fs: Ignoring removed mblk_io_submit option
[   92.061246][ T6056] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   92.113978][ T6059] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6059 comm=syz.0.801
[   92.128524][ T6056] EXT4-fs (loop1): 1 truncate cleaned up
[   92.134821][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.144549][ T6056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.258116][ T6059] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   92.258116][ T6059]    program syz.0.801 not setting count and/or reply_len properly
[   92.330977][ T6043] Set syz1 is full, maxelem 65536 reached
[   92.344930][ T6062] lo speed is unknown, defaulting to 1000
[   92.384850][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.428632][ T6070] netlink: 'syz.0.805': attribute type 30 has an invalid length.
[   92.465675][ T6072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.474643][ T6072] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.483079][ T6082] FAULT_INJECTION: forcing a failure.
[   92.483079][ T6082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.486321][ T6072] netlink: 'syz.2.806': attribute type 13 has an invalid length.
[   92.496486][ T6082] CPU: 0 UID: 0 PID: 6082 Comm: syz.4.808 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   92.496556][ T6082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   92.496568][ T6082] Call Trace:
[   92.496575][ T6082]  <TASK>
[   92.496583][ T6082]  __dump_stack+0x1d/0x30
[   92.496605][ T6082]  dump_stack_lvl+0xe8/0x140
[   92.496625][ T6082]  dump_stack+0x15/0x1b
[   92.496646][ T6082]  should_fail_ex+0x265/0x280
[   92.496668][ T6082]  should_fail+0xb/0x20
[   92.496685][ T6082]  should_fail_usercopy+0x1a/0x20
[   92.496706][ T6082]  _copy_from_user+0x1c/0xb0
[   92.496767][ T6082]  __copy_msghdr+0x244/0x300
[   92.496853][ T6082]  ___sys_sendmsg+0x109/0x1d0
[   92.496942][ T6082]  __x64_sys_sendmsg+0xd4/0x160
[   92.497024][ T6082]  x64_sys_call+0x191e/0x2ff0
[   92.497045][ T6082]  do_syscall_64+0xd2/0x200
[   92.497147][ T6082]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   92.497171][ T6082]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   92.497194][ T6082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.497252][ T6082] RIP: 0033:0x7f9cb6d2ebe9
[   92.497279][ T6082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.497298][ T6082] RSP: 002b:00007f9cb5797038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.497318][ T6082] RAX: ffffffffffffffda RBX: 00007f9cb6f55fa0 RCX: 00007f9cb6d2ebe9
[   92.497331][ T6082] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000005
[   92.497344][ T6082] RBP: 00007f9cb5797090 R08: 0000000000000000 R09: 0000000000000000
[   92.497356][ T6082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.497368][ T6082] R13: 00007f9cb6f56038 R14: 00007f9cb6f55fa0 R15: 00007ffe4f1b4bb8
[   92.497386][ T6082]  </TASK>
[   92.600347][ T6088] loop0: detected capacity change from 0 to 164
[   92.647691][ T6088] syz.0.811: attempt to access beyond end of device
[   92.647691][ T6088] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   92.656464][ T6088] syz.0.811: attempt to access beyond end of device
[   92.656464][ T6088] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164
[   92.717402][ T6072] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   92.769248][ T6092] loop0: detected capacity change from 0 to 128
[   92.842934][ T6101] loop1: detected capacity change from 0 to 512
[   92.849782][ T6101] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   92.953849][ T6111] loop3: detected capacity change from 0 to 1024
[   92.960810][ T6111] journal_path: Non-blockdev passed as './bus'
[   92.967388][ T6111] EXT4-fs: error: could not find journal device path
[   92.993176][ T6114] loop4: detected capacity change from 0 to 512
[   92.999988][ T6114] EXT4-fs: Ignoring removed bh option
[   93.006310][ T6114] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   93.015529][ T6114] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   93.025632][ T6114] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[   93.035550][ T6114] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   93.044252][ T6114] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.287237][ T6132] loop2: detected capacity change from 0 to 1024
[   93.306930][ T6132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.319784][ T6132] ext4 filesystem being mounted at /166/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.324808][ T6136] loop0: detected capacity change from 0 to 512
[   93.331312][ T6132] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.338667][ T6136] EXT4-fs warning (device loop0): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   93.389567][ T6142] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6142 comm=syz.2.829
[   93.628261][ T6157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   93.636857][ T6157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.649672][ T6157] netlink: 'syz.0.836': attribute type 13 has an invalid length.
[   93.667581][ T6157] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   93.770310][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.805775][ T6167] FAULT_INJECTION: forcing a failure.
[   93.805775][ T6167] name failslab, interval 1, probability 0, space 0, times 0
[   93.818536][ T6167] CPU: 1 UID: 0 PID: 6167 Comm: syz.1.839 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   93.818573][ T6167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   93.818587][ T6167] Call Trace:
[   93.818595][ T6167]  <TASK>
[   93.818603][ T6167]  __dump_stack+0x1d/0x30
[   93.818665][ T6167]  dump_stack_lvl+0xe8/0x140
[   93.818685][ T6167]  dump_stack+0x15/0x1b
[   93.818700][ T6167]  should_fail_ex+0x265/0x280
[   93.818790][ T6167]  should_failslab+0x8c/0xb0
[   93.818811][ T6167]  kmem_cache_alloc_node_noprof+0x57/0x320
[   93.818874][ T6167]  ? __alloc_skb+0x101/0x320
[   93.818907][ T6167]  __alloc_skb+0x101/0x320
[   93.818941][ T6167]  netlink_alloc_large_skb+0xba/0xf0
[   93.819054][ T6167]  netlink_sendmsg+0x3cf/0x6b0
[   93.819077][ T6167]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.819100][ T6167]  __sock_sendmsg+0x142/0x180
[   93.819127][ T6167]  ____sys_sendmsg+0x31e/0x4e0
[   93.819214][ T6167]  ___sys_sendmsg+0x17b/0x1d0
[   93.819240][ T6167]  __x64_sys_sendmsg+0xd4/0x160
[   93.819292][ T6167]  x64_sys_call+0x191e/0x2ff0
[   93.819316][ T6167]  do_syscall_64+0xd2/0x200
[   93.819345][ T6167]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   93.819381][ T6167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.819404][ T6167] RIP: 0033:0x7f3b0ee0ebe9
[   93.819494][ T6167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.819514][ T6167] RSP: 002b:00007f3b0d86f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.819559][ T6167] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0ebe9
[   93.819571][ T6167] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000005
[   93.819582][ T6167] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[   93.819666][ T6167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.819678][ T6167] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[   93.819697][ T6167]  </TASK>
[   93.934908][ T6175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.037904][ T6175] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.062411][ T6173] netlink: 'syz.4.838': attribute type 13 has an invalid length.
[   94.080629][ T6185] loop1: detected capacity change from 0 to 164
[   94.086588][ T6173] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.096080][ T6185] syz.1.841: attempt to access beyond end of device
[   94.096080][ T6185] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   94.110369][ T6185] syz.1.841: attempt to access beyond end of device
[   94.110369][ T6185] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   94.125028][   T48] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2
[   94.144068][ T6173] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   94.207552][ T6188] loop1: detected capacity change from 0 to 512
[   94.232699][ T6188] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   94.291653][ T6197] loop0: detected capacity change from 0 to 128
[   94.348134][ T6203] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[   94.363168][ T6207] loop3: detected capacity change from 0 to 128
[   94.364191][ T6205] loop2: detected capacity change from 0 to 512
[   94.376247][ T6205] EXT4-fs: Ignoring removed bh option
[   94.381761][ T6205] ext4: Unknown parameter 'nouser_xattr'
[   94.389646][ T6208] loop1: detected capacity change from 0 to 512
[   94.396742][ T6208] EXT4-fs: Ignoring removed bh option
[   94.404476][ T6208] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   94.413638][ T6208] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   94.438976][ T6208] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[   94.452315][ T6213] loop2: detected capacity change from 0 to 164
[   94.460781][ T6208] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   94.461301][ T6213] syz.2.853: attempt to access beyond end of device
[   94.461301][ T6213] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   94.483746][ T6213] syz.2.853: attempt to access beyond end of device
[   94.483746][ T6213] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[   94.498928][ T6208] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.589899][   T29] kauditd_printk_skb: 339 callbacks suppressed
[   94.589916][   T29] audit: type=1326 audit(1755494543.081:4071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.619878][   T29] audit: type=1326 audit(1755494543.081:4072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.643503][   T29] audit: type=1326 audit(1755494543.081:4073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.667034][   T29] audit: type=1326 audit(1755494543.081:4074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.690558][   T29] audit: type=1326 audit(1755494543.081:4075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.714400][   T29] audit: type=1326 audit(1755494543.081:4076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.737900][   T29] audit: type=1326 audit(1755494543.081:4077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.761469][   T29] audit: type=1326 audit(1755494543.081:4078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.786578][   T29] audit: type=1326 audit(1755494543.081:4079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.810559][   T29] audit: type=1326 audit(1755494543.081:4080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.2.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[   94.835144][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.844580][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.890090][ T6218] netlink: 'syz.2.854': attribute type 13 has an invalid length.
[   94.921119][ T6218] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   94.944619][ T6229] netlink: 'syz.4.856': attribute type 30 has an invalid length.
[   95.075772][ T6235] loop4: detected capacity change from 0 to 128
[   95.168862][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.218901][ T6247] tmpfs: Bad value for 'nr_blocks'
[   95.279868][ T6252] netlink: 8 bytes leftover after parsing attributes in process `syz.1.863'.
[   95.291830][ T6249] loop4: detected capacity change from 0 to 512
[   95.301336][ T6249] EXT4-fs: Ignoring removed bh option
[   95.310494][ T6249] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   95.319689][ T6249] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   95.353494][ T6249] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[   95.369652][ T6257] netlink: 'syz.0.867': attribute type 30 has an invalid length.
[   95.394417][ T6249] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   95.407838][ T6249] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.433093][ T6258] loop1: detected capacity change from 0 to 512
[   95.475010][ T6258] EXT4-fs warning (device loop1): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   95.486477][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.517872][ T6261] loop2: detected capacity change from 0 to 512
[   95.534173][ T6261] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   95.549589][ T6265] loop4: detected capacity change from 0 to 128
[   95.642805][ T6281] loop0: detected capacity change from 0 to 512
[   95.650180][ T6281] EXT4-fs: Ignoring removed bh option
[   95.657553][ T6281] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   95.667308][ T6281] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   95.691928][ T6281] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[   95.711849][ T6283] FAULT_INJECTION: forcing a failure.
[   95.711849][ T6283] name failslab, interval 1, probability 0, space 0, times 0
[   95.724871][ T6283] CPU: 0 UID: 0 PID: 6283 Comm: syz.2.876 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   95.724976][ T6283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   95.724990][ T6283] Call Trace:
[   95.724997][ T6283]  <TASK>
[   95.725006][ T6283]  __dump_stack+0x1d/0x30
[   95.725032][ T6283]  dump_stack_lvl+0xe8/0x140
[   95.725059][ T6283]  dump_stack+0x15/0x1b
[   95.725140][ T6283]  should_fail_ex+0x265/0x280
[   95.725161][ T6283]  should_failslab+0x8c/0xb0
[   95.725182][ T6283]  kmem_cache_alloc_noprof+0x50/0x310
[   95.725205][ T6283]  ? skb_clone+0x151/0x1f0
[   95.725228][ T6283]  skb_clone+0x151/0x1f0
[   95.725288][ T6283]  nfnetlink_rcv+0x305/0x1690
[   95.725316][ T6283]  ? nlmon_xmit+0x4f/0x60
[   95.725343][ T6283]  ? consume_skb+0x49/0x150
[   95.725441][ T6283]  ? nlmon_xmit+0x4f/0x60
[   95.725470][ T6283]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   95.725522][ T6283]  ? __dev_queue_xmit+0x1200/0x2000
[   95.725540][ T6283]  ? __dev_queue_xmit+0x182/0x2000
[   95.725585][ T6283]  ? ref_tracker_free+0x37d/0x3e0
[   95.725619][ T6283]  netlink_unicast+0x5bd/0x690
[   95.725657][ T6283]  netlink_sendmsg+0x58b/0x6b0
[   95.725693][ T6283]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.725712][ T6283]  __sock_sendmsg+0x142/0x180
[   95.725744][ T6283]  ____sys_sendmsg+0x31e/0x4e0
[   95.725787][ T6283]  ___sys_sendmsg+0x17b/0x1d0
[   95.725817][ T6283]  __x64_sys_sendmsg+0xd4/0x160
[   95.725895][ T6283]  x64_sys_call+0x191e/0x2ff0
[   95.725977][ T6283]  do_syscall_64+0xd2/0x200
[   95.726005][ T6283]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   95.726029][ T6283]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   95.726057][ T6283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.726080][ T6283] RIP: 0033:0x7fac5d5aebe9
[   95.726098][ T6283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.726117][ T6283] RSP: 002b:00007fac5c017038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   95.726180][ T6283] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d5aebe9
[   95.726195][ T6283] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: 0000000000000006
[   95.726210][ T6283] RBP: 00007fac5c017090 R08: 0000000000000000 R09: 0000000000000000
[   95.726270][ T6283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.726282][ T6283] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffd1e297218
[   95.726299][ T6283]  </TASK>
[   95.975426][ T6281] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   96.003116][ T6289] netlink: 'syz.3.878': attribute type 21 has an invalid length.
[   96.036996][ T6289] netlink: 156 bytes leftover after parsing attributes in process `syz.3.878'.
[   96.046071][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.3.878'.
[   96.073828][ T6274] Falling back ldisc for ttyS3.
[   96.092359][ T6299] loop3: detected capacity change from 0 to 512
[   96.092723][ T6294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.108966][ T6299] EXT4-fs: Ignoring removed bh option
[   96.114515][ T6299] ext4: Unknown parameter 'nouser_xattr'
[   96.126210][ T6294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   96.195301][ T6294] netlink: 'syz.4.880': attribute type 13 has an invalid length.
[   96.195364][ T6307] loop1: detected capacity change from 0 to 512
[   96.219351][ T6294] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.334010][ T6318] loop3: detected capacity change from 0 to 128
[   96.385048][ T6321] loop3: detected capacity change from 0 to 1024
[   96.391973][ T6321] journal_path: Non-blockdev passed as './bus'
[   96.398422][ T6321] EXT4-fs: error: could not find journal device path
[   96.406391][ T6323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.889'.
[   96.418463][ T6323] netlink: 'syz.1.889': attribute type 1 has an invalid length.
[   96.437002][ T6323] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.444979][ T5375] EXT4-fs unmount: 1 callbacks suppressed
[   96.444998][ T5375] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.480596][ T6327] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.496750][ T6327] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[   96.509196][ T6327] bond0: (slave vxcan3): Error -95 calling set_mac_address
[   96.546395][ T6323] gretap1: entered promiscuous mode
[   96.585429][ T6323] macvlan2: entered promiscuous mode
[   96.590829][ T6323] macvlan2: entered allmulticast mode
[   96.606425][ T6323] bond0: entered promiscuous mode
[   96.619704][ T6323] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   96.627189][ T6341] loop2: detected capacity change from 0 to 512
[   96.645798][ T6341] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[   96.656731][ T6323] bond0: left promiscuous mode
[   96.703649][ T6343] lo speed is unknown, defaulting to 1000
[   96.728923][ T6346] lo speed is unknown, defaulting to 1000
[   96.761381][ T6348] loop1: detected capacity change from 0 to 512
[   96.772634][ T6351] loop2: detected capacity change from 0 to 512
[   96.872615][ T6364] loop4: detected capacity change from 0 to 512
[   96.888957][ T6364] EXT4-fs: Ignoring removed bh option
[   96.913603][ T6364] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   96.922763][ T6364] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   96.933237][ T6364] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[   96.944137][ T6364] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   96.954088][ T6364] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.980184][ T6373] netlink: 20 bytes leftover after parsing attributes in process `syz.0.908'.
[   97.030096][ T6435] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[   97.108359][ T6441] loop3: detected capacity change from 0 to 512
[   97.117507][ T6441] EXT4-fs: Ignoring removed bh option
[   97.130661][ T6441] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   97.139807][ T6441] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   97.151115][ T6441] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[   97.155516][ T6437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.170000][ T6437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.185858][ T6441] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   97.198480][ T6441] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.229417][ T6437] netlink: 'syz.2.911': attribute type 13 has an invalid length.
[   97.296080][ T6437] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   97.336701][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.393149][ T6454] loop3: detected capacity change from 0 to 512
[   97.402785][ T6454] EXT4-fs: Ignoring removed bh option
[   97.411591][ T6454] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   97.420947][ T6454] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   97.433051][ T6454] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[   97.448294][ T6454] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   97.465603][ T6454] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.510309][ T6457] lo speed is unknown, defaulting to 1000
[   97.595997][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.625270][ T6458] loop1: detected capacity change from 0 to 4096
[   97.643461][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.657460][ T6458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.693229][ T6464] loop4: detected capacity change from 0 to 512
[   97.730400][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.892816][ T6486] FAULT_INJECTION: forcing a failure.
[   97.892816][ T6486] name failslab, interval 1, probability 0, space 0, times 0
[   97.905651][ T6486] CPU: 1 UID: 0 PID: 6486 Comm: syz.4.928 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   97.905753][ T6486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   97.905767][ T6486] Call Trace:
[   97.905774][ T6486]  <TASK>
[   97.905782][ T6486]  __dump_stack+0x1d/0x30
[   97.905802][ T6486]  dump_stack_lvl+0xe8/0x140
[   97.905849][ T6486]  dump_stack+0x15/0x1b
[   97.905867][ T6486]  should_fail_ex+0x265/0x280
[   97.905956][ T6486]  should_failslab+0x8c/0xb0
[   97.905982][ T6486]  __kmalloc_node_noprof+0xa9/0x410
[   97.906012][ T6486]  ? __vmalloc_node_range_noprof+0x3f9/0xe00
[   97.906046][ T6486]  __vmalloc_node_range_noprof+0x3f9/0xe00
[   97.906124][ T6486]  ? cred_has_capability+0x210/0x280
[   97.906149][ T6486]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   97.906191][ T6486]  __vmalloc_noprof+0x83/0xc0
[   97.906220][ T6486]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   97.906249][ T6486]  bpf_prog_alloc_no_stats+0x47/0x3a0
[   97.906418][ T6486]  ? bpf_prog_alloc+0x2a/0x150
[   97.906445][ T6486]  bpf_prog_alloc+0x3c/0x150
[   97.906504][ T6486]  bpf_prog_load+0x514/0x1070
[   97.906540][ T6486]  ? security_bpf+0x2b/0x90
[   97.906578][ T6486]  __sys_bpf+0x462/0x7b0
[   97.906655][ T6486]  __x64_sys_bpf+0x41/0x50
[   97.906748][ T6486]  x64_sys_call+0x2aea/0x2ff0
[   97.906770][ T6486]  do_syscall_64+0xd2/0x200
[   97.906797][ T6486]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   97.906846][ T6486]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   97.906872][ T6486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.906895][ T6486] RIP: 0033:0x7f9cb6d2ebe9
[   97.906993][ T6486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.907013][ T6486] RSP: 002b:00007f9cb5797038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   97.907053][ T6486] RAX: ffffffffffffffda RBX: 00007f9cb6f55fa0 RCX: 00007f9cb6d2ebe9
[   97.907073][ T6486] RDX: 0000000000000090 RSI: 0000200000000000 RDI: 0000000000000005
[   97.907084][ T6486] RBP: 00007f9cb5797090 R08: 0000000000000000 R09: 0000000000000000
[   97.907096][ T6486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.907150][ T6486] R13: 00007f9cb6f56038 R14: 00007f9cb6f55fa0 R15: 00007ffe4f1b4bb8
[   97.907169][ T6486]  </TASK>
[   97.907179][ T6486] syz.4.928: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null)
[   97.961908][ T6492] loop1: detected capacity change from 0 to 164
[   97.964479][ T6486] ,cpuset=/,mems_allowed=0
[   98.159423][ T6486] CPU: 1 UID: 0 PID: 6486 Comm: syz.4.928 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   98.159485][ T6486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   98.159495][ T6486] Call Trace:
[   98.159501][ T6486]  <TASK>
[   98.159509][ T6486]  __dump_stack+0x1d/0x30
[   98.159605][ T6486]  dump_stack_lvl+0xe8/0x140
[   98.159626][ T6486]  dump_stack+0x15/0x1b
[   98.159645][ T6486]  warn_alloc+0x12b/0x1a0
[   98.159718][ T6486]  ? should_failslab+0x8c/0xb0
[   98.159744][ T6486]  __vmalloc_node_range_noprof+0x497/0xe00
[   98.159782][ T6486]  ? cred_has_capability+0x210/0x280
[   98.159802][ T6486]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   98.159895][ T6486]  __vmalloc_noprof+0x83/0xc0
[   98.159924][ T6486]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[   98.159948][ T6486]  bpf_prog_alloc_no_stats+0x47/0x3a0
[   98.159973][ T6486]  ? bpf_prog_alloc+0x2a/0x150
[   98.160118][ T6486]  bpf_prog_alloc+0x3c/0x150
[   98.160180][ T6486]  bpf_prog_load+0x514/0x1070
[   98.160255][ T6486]  ? security_bpf+0x2b/0x90
[   98.160303][ T6486]  __sys_bpf+0x462/0x7b0
[   98.160335][ T6486]  __x64_sys_bpf+0x41/0x50
[   98.160359][ T6486]  x64_sys_call+0x2aea/0x2ff0
[   98.160381][ T6486]  do_syscall_64+0xd2/0x200
[   98.160430][ T6486]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   98.160455][ T6486]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   98.160540][ T6486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.160563][ T6486] RIP: 0033:0x7f9cb6d2ebe9
[   98.160579][ T6486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.160647][ T6486] RSP: 002b:00007f9cb5797038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   98.160667][ T6486] RAX: ffffffffffffffda RBX: 00007f9cb6f55fa0 RCX: 00007f9cb6d2ebe9
[   98.160681][ T6486] RDX: 0000000000000090 RSI: 0000200000000000 RDI: 0000000000000005
[   98.160694][ T6486] RBP: 00007f9cb5797090 R08: 0000000000000000 R09: 0000000000000000
[   98.160707][ T6486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.160743][ T6486] R13: 00007f9cb6f56038 R14: 00007f9cb6f55fa0 R15: 00007ffe4f1b4bb8
[   98.160762][ T6486]  </TASK>
[   98.160770][ T6486] Mem-Info:
[   98.161539][ T6492] syz.1.930: attempt to access beyond end of device
[   98.161539][ T6492] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   98.173139][ T6486] active_anon:20699 inactive_anon:1 isolated_anon:0
[   98.173139][ T6486]  active_file:23798 inactive_file:2236 isolated_file:0
[   98.173139][ T6486]  unevictable:0 dirty:281 writeback:0
[   98.173139][ T6486]  slab_reclaimable:3293 slab_unreclaimable:82337
[   98.173139][ T6486]  mapped:29404 shmem:17068 pagetables:1049
[   98.173139][ T6486]  sec_pagetables:0 bounce:0
[   98.173139][ T6486]  kernel_misc_reclaimable:0
[   98.173139][ T6486]  free:1797409 free_pcp:3911 free_cma:0
[   98.184379][ T6492] syz.1.930: attempt to access beyond end of device
[   98.184379][ T6492] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   98.186708][ T6486] Node 0 active_anon:82796kB inactive_anon:4kB active_file:95192kB inactive_file:8944kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117616kB dirty:1124kB writeback:0kB shmem:68272kB kernel_stack:4448kB pagetables:4196kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   98.266421][ T6497] loop3: detected capacity change from 0 to 128
[   98.267946][ T6486] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   98.337715][ T6499] syz.3.932: attempt to access beyond end of device
[   98.337715][ T6499] loop3: rw=2049, sector=801, nr_sectors = 8 limit=128
[   98.340915][ T6486] lowmem_reserve[]:
[   98.359090][ T6499] syz.3.932: attempt to access beyond end of device
[   98.359090][ T6499] loop3: rw=2049, sector=833, nr_sectors = 8 limit=128
[   98.365413][ T6486]  0 2883 7862 7862
[   98.365447][ T6486] Node 0 
[   98.382458][ T6499] syz.3.932: attempt to access beyond end of device
[   98.382458][ T6499] loop3: rw=2049, sector=865, nr_sectors = 8 limit=128
[   98.393814][ T6486] DMA32 free:2949312kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952844kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB
[   98.596572][ T6486] lowmem_reserve[]: 0 0 4978 4978
[   98.601754][ T6486] Node 0 Normal free:4224604kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:82572kB inactive_anon:4kB active_file:95192kB inactive_file:9420kB unevictable:0kB writepending:1700kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:11792kB local_pcp:6920kB free_cma:0kB
[   98.633828][ T6486] lowmem_reserve[]: 0 0 0 0
[   98.638404][ T6486] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   98.651411][ T6486] Node 0 DMA32: 4*4kB (M) 4*8kB (M) 3*16kB (M) 3*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949312kB
[   98.667750][ T6486] Node 0 Normal: 406*4kB (M) 479*8kB (UM) 392*16kB (UME) 295*32kB (UME) 191*64kB (ME) 139*128kB (UME) 50*256kB (UME) 30*512kB (UM) 8*1024kB (UM) 4*2048kB (U) 1008*4096kB (UM) = 4224496kB
[   98.686426][ T6486] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   98.695845][ T6486] 43218 total pagecache pages
[   98.700614][ T6486] 1 pages in swap cache
[   98.704916][ T6486] Free swap  = 124992kB
[   98.709083][ T6486] Total swap = 124996kB
[   98.713246][ T6486] 2097051 pages RAM
[   98.717161][ T6486] 0 pages HighMem/MovableOnly
[   98.721850][ T6486] 80440 pages reserved
[   98.737567][ T6499] syz.3.932: attempt to access beyond end of device
[   98.737567][ T6499] loop3: rw=2049, sector=897, nr_sectors = 8 limit=128
[   98.751229][ T6499] syz.3.932: attempt to access beyond end of device
[   98.751229][ T6499] loop3: rw=2049, sector=929, nr_sectors = 8 limit=128
[   98.765168][ T6499] syz.3.932: attempt to access beyond end of device
[   98.765168][ T6499] loop3: rw=2049, sector=961, nr_sectors = 8 limit=128
[   98.779035][ T6499] syz.3.932: attempt to access beyond end of device
[   98.779035][ T6499] loop3: rw=2049, sector=993, nr_sectors = 8 limit=128
[   98.792770][ T6499] syz.3.932: attempt to access beyond end of device
[   98.792770][ T6499] loop3: rw=2049, sector=1025, nr_sectors = 8 limit=128
[   98.810659][ T6505] /dev/nullb0: Can't lookup blockdev
[   98.831199][ T6507] tmpfs: Bad value for 'nr_blocks'
[   98.838914][ T6503] lo speed is unknown, defaulting to 1000
[   98.872629][ T6511] loop4: detected capacity change from 0 to 1024
[   98.884920][ T6511] EXT4-fs: Ignoring removed nomblk_io_submit option
[   98.918888][ T6503] loop1: detected capacity change from 0 to 4096
[   98.935067][ T6503] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.955858][ T6511] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.963531][ T6503] FAULT_INJECTION: forcing a failure.
[   98.963531][ T6503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.977727][ T6523] lo speed is unknown, defaulting to 1000
[   98.981285][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.1.931 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   98.981317][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   98.981329][ T6503] Call Trace:
[   98.981335][ T6503]  <TASK>
[   98.981343][ T6503]  __dump_stack+0x1d/0x30
[   98.981479][ T6503]  dump_stack_lvl+0xe8/0x140
[   98.981499][ T6503]  dump_stack+0x15/0x1b
[   98.981515][ T6503]  should_fail_ex+0x265/0x280
[   98.981542][ T6503]  should_fail+0xb/0x20
[   98.981560][ T6503]  should_fail_usercopy+0x1a/0x20
[   98.981581][ T6503]  _copy_to_user+0x20/0xa0
[   98.981608][ T6503]  simple_read_from_buffer+0xb5/0x130
[   98.981699][ T6503]  proc_fail_nth_read+0x10e/0x150
[   98.981725][ T6503]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.981748][ T6503]  vfs_read+0x1a8/0x770
[   98.981803][ T6503]  ? __rcu_read_unlock+0x4f/0x70
[   98.981822][ T6503]  ? __fget_files+0x184/0x1c0
[   98.981842][ T6503]  ? finish_task_switch+0xad/0x2b0
[   98.981861][ T6503]  ksys_read+0xda/0x1a0
[   98.981882][ T6503]  __x64_sys_read+0x40/0x50
[   98.981983][ T6503]  x64_sys_call+0x27bc/0x2ff0
[   98.982003][ T6503]  do_syscall_64+0xd2/0x200
[   98.982027][ T6503]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   98.982059][ T6503]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   98.982082][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.982150][ T6503] RIP: 0033:0x7f3b0ee0d5fc
[   98.982166][ T6503] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   98.982184][ T6503] RSP: 002b:00007f3b0d86f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   98.982204][ T6503] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0d5fc
[   98.982319][ T6503] RDX: 000000000000000f RSI: 00007f3b0d86f0a0 RDI: 0000000000000008
[   98.982332][ T6503] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[   98.982344][ T6503] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[   98.982356][ T6503] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[   98.982373][ T6503]  </TASK>
[   99.035177][ T6534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.204246][ T6534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.212440][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.233060][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.242805][ T6520] netlink: 'syz.3.938': attribute type 13 has an invalid length.
[   99.279595][ T6542] loop2: detected capacity change from 0 to 128
[   99.301994][ T6520] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.325359][ T6545] netlink: 'syz.1.945': attribute type 30 has an invalid length.
[   99.427286][ T6553] loop1: detected capacity change from 0 to 2048
[   99.455223][ T6553] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.469054][ T6553] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   99.481951][ T6553] FAULT_INJECTION: forcing a failure.
[   99.481951][ T6553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   99.495284][ T6553] CPU: 1 UID: 0 PID: 6553 Comm: syz.1.947 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[   99.495317][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   99.495330][ T6553] Call Trace:
[   99.495337][ T6553]  <TASK>
[   99.495358][ T6553]  __dump_stack+0x1d/0x30
[   99.495381][ T6553]  dump_stack_lvl+0xe8/0x140
[   99.495419][ T6553]  dump_stack+0x15/0x1b
[   99.495437][ T6553]  should_fail_ex+0x265/0x280
[   99.495470][ T6553]  should_fail+0xb/0x20
[   99.495553][ T6553]  should_fail_usercopy+0x1a/0x20
[   99.495581][ T6553]  strncpy_from_user+0x25/0x230
[   99.495610][ T6553]  ? kmem_cache_alloc_noprof+0x186/0x310
[   99.495638][ T6553]  ? getname_flags+0x80/0x3b0
[   99.495676][ T6553]  getname_flags+0xae/0x3b0
[   99.495700][ T6553]  __se_sys_quotactl+0x16a/0x670
[   99.495767][ T6553]  ? fput+0x8f/0xc0
[   99.495898][ T6553]  __x64_sys_quotactl+0x55/0x70
[   99.495919][ T6553]  x64_sys_call+0x15d6/0x2ff0
[   99.495943][ T6553]  do_syscall_64+0xd2/0x200
[   99.495966][ T6553]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   99.496048][ T6553]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   99.496073][ T6553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.496103][ T6553] RIP: 0033:0x7f3b0ee0ebe9
[   99.496119][ T6553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.496139][ T6553] RSP: 002b:00007f3b0d86f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[   99.496191][ T6553] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0ebe9
[   99.496204][ T6553] RDX: 0000000000000000 RSI: 0000200000000b40 RDI: ffffffff80000900
[   99.496217][ T6553] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[   99.496228][ T6553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.496241][ T6553] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[   99.496259][ T6553]  </TASK>
[   99.698275][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.737207][   T29] kauditd_printk_skb: 466 callbacks suppressed
[   99.737224][   T29] audit: type=1400 audit(1755494548.231:4547): avc:  denied  { write } for  pid=6564 comm="syz.4.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   99.792793][   T29] audit: type=1326 audit(1755494548.231:4548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.817721][   T29] audit: type=1326 audit(1755494548.231:4549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.841971][   T29] audit: type=1326 audit(1755494548.231:4550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.865822][   T29] audit: type=1326 audit(1755494548.231:4551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.889318][   T29] audit: type=1326 audit(1755494548.231:4552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.913291][   T29] audit: type=1326 audit(1755494548.231:4553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.936916][   T29] audit: type=1326 audit(1755494548.231:4554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.961045][   T29] audit: type=1326 audit(1755494548.231:4555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[   99.985641][   T29] audit: type=1326 audit(1755494548.231:4556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6564 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  100.054115][ T6577] loop2: detected capacity change from 0 to 512
[  100.061178][ T6577] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  100.137902][ T6579] Failed to initialize the IGMP autojoin socket (err -2)
[  100.271422][ T6582] Failed to initialize the IGMP autojoin socket (err -2)
[  100.294781][ T6584] netlink: 'syz.3.956': attribute type 30 has an invalid length.
[  100.425889][ T6586] ref_ctr_offset mismatch. inode: 0x210 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000
[  100.746448][ T6606] loop3: detected capacity change from 0 to 512
[  100.758026][ T6609] FAULT_INJECTION: forcing a failure.
[  100.758026][ T6609] name failslab, interval 1, probability 0, space 0, times 0
[  100.770848][ T6609] CPU: 0 UID: 0 PID: 6609 Comm: syz.1.966 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  100.770881][ T6609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  100.770970][ T6609] Call Trace:
[  100.770976][ T6609]  <TASK>
[  100.770984][ T6609]  __dump_stack+0x1d/0x30
[  100.771041][ T6609]  dump_stack_lvl+0xe8/0x140
[  100.771063][ T6609]  dump_stack+0x15/0x1b
[  100.771080][ T6609]  should_fail_ex+0x265/0x280
[  100.771099][ T6609]  ? audit_log_d_path+0x8d/0x150
[  100.771124][ T6609]  should_failslab+0x8c/0xb0
[  100.771240][ T6609]  __kmalloc_cache_noprof+0x4c/0x320
[  100.771285][ T6609]  audit_log_d_path+0x8d/0x150
[  100.771357][ T6609]  audit_log_d_path_exe+0x42/0x70
[  100.771383][ T6609]  audit_log_task+0x1e9/0x250
[  100.771442][ T6609]  audit_seccomp+0x61/0x100
[  100.771520][ T6609]  ? __seccomp_filter+0x68c/0x10d0
[  100.771571][ T6609]  __seccomp_filter+0x69d/0x10d0
[  100.771593][ T6609]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  100.771619][ T6609]  ? vfs_write+0x7e8/0x960
[  100.771641][ T6609]  ? __rcu_read_unlock+0x4f/0x70
[  100.771699][ T6609]  ? __fget_files+0x184/0x1c0
[  100.771727][ T6609]  __secure_computing+0x82/0x150
[  100.771749][ T6609]  syscall_trace_enter+0xcf/0x1e0
[  100.771774][ T6609]  do_syscall_64+0xac/0x200
[  100.771859][ T6609]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  100.771888][ T6609]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  100.771913][ T6609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.771948][ T6609] RIP: 0033:0x7f3b0ee0ebe9
[  100.771963][ T6609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.771978][ T6609] RSP: 002b:00007f3b0d86f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[  100.771997][ T6609] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0ebe9
[  100.772075][ T6609] RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffffffffff
[  100.772089][ T6609] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[  100.772102][ T6609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.772115][ T6609] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[  100.772134][ T6609]  </TASK>
[  101.016258][ T6617] loop1: detected capacity change from 0 to 512
[  101.023486][ T6617] EXT4-fs: Ignoring removed bh option
[  101.068638][ T6617] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  101.078271][ T6617] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  101.092485][ T6623] loop2: detected capacity change from 0 to 1024
[  101.100304][ T6623] EXT4-fs: Ignoring removed nomblk_io_submit option
[  101.108109][ T6617] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  101.118305][ T6617] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  101.127203][ T6617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.142628][ T6623] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.179163][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.211183][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.282759][ T6638] loop1: detected capacity change from 0 to 512
[  101.302734][ T6638] EXT4-fs (loop1): orphan cleanup on readonly fs
[  101.310291][ T6638] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.975: bad orphan inode 13
[  101.327636][ T6638] ext4_test_bit(bit=12, block=18) = 1
[  101.333182][ T6638] is_bad_inode(inode)=0
[  101.337516][ T6638] NEXT_ORPHAN(inode)=2130706432
[  101.342413][ T6638] max_ino=32
[  101.345664][ T6638] i_nlink=1
[  101.357972][ T6638] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  101.373056][ T6660] loop3: detected capacity change from 0 to 128
[  101.376063][ T6657] netlink: 16 bytes leftover after parsing attributes in process `syz.2.983'.
[  101.419232][ T6663] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2564 sclass=netlink_route_socket pid=6663 comm=syz.2.985
[  101.436735][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.500218][ T6667] loop1: detected capacity change from 0 to 512
[  101.507203][ T6667] EXT4-fs: Ignoring removed bh option
[  101.517591][ T6667] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  101.526839][ T6667] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  101.536209][ T6667] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  101.546894][ T6667] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  101.556539][ T6667] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.605098][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.715294][ T6682] loop1: detected capacity change from 0 to 512
[  101.793063][ T6689] loop2: detected capacity change from 0 to 164
[  101.866476][ T6695] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2564 sclass=netlink_route_socket pid=6695 comm=syz.2.997
[  101.881956][ T6695] FAULT_INJECTION: forcing a failure.
[  101.881956][ T6695] name failslab, interval 1, probability 0, space 0, times 0
[  101.894871][ T6695] CPU: 1 UID: 0 PID: 6695 Comm: syz.2.997 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  101.894905][ T6695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.894919][ T6695] Call Trace:
[  101.894927][ T6695]  <TASK>
[  101.894935][ T6695]  __dump_stack+0x1d/0x30
[  101.895038][ T6695]  dump_stack_lvl+0xe8/0x140
[  101.895056][ T6695]  dump_stack+0x15/0x1b
[  101.895115][ T6695]  should_fail_ex+0x265/0x280
[  101.895138][ T6695]  should_failslab+0x8c/0xb0
[  101.895165][ T6695]  kmem_cache_alloc_noprof+0x50/0x310
[  101.895193][ T6695]  ? skb_clone+0x151/0x1f0
[  101.895216][ T6695]  skb_clone+0x151/0x1f0
[  101.895328][ T6695]  __netlink_deliver_tap+0x2c9/0x500
[  101.895354][ T6695]  netlink_unicast+0x66b/0x690
[  101.895451][ T6695]  netlink_sendmsg+0x58b/0x6b0
[  101.895508][ T6695]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.895531][ T6695]  __sock_sendmsg+0x142/0x180
[  101.895600][ T6695]  sock_write_iter+0x165/0x1b0
[  101.895630][ T6695]  do_iter_readv_writev+0x49c/0x540
[  101.895689][ T6695]  vfs_writev+0x2df/0x8b0
[  101.895721][ T6695]  ? xfd_validate_state+0x45/0xf0
[  101.895803][ T6695]  do_writev+0xe7/0x210
[  101.895832][ T6695]  __x64_sys_writev+0x45/0x50
[  101.895897][ T6695]  x64_sys_call+0x1e9a/0x2ff0
[  101.895992][ T6695]  do_syscall_64+0xd2/0x200
[  101.896040][ T6695]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  101.896070][ T6695]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  101.896092][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.896123][ T6695] RIP: 0033:0x7fac5d5aebe9
[  101.896140][ T6695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.896158][ T6695] RSP: 002b:00007fac5c017038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  101.896180][ T6695] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d5aebe9
[  101.896211][ T6695] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 000000000000000a
[  101.896224][ T6695] RBP: 00007fac5c017090 R08: 0000000000000000 R09: 0000000000000000
[  101.896237][ T6695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.896250][ T6695] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffd1e297218
[  101.896268][ T6695]  </TASK>
[  101.896285][ T6695] netlink: 'syz.2.997': attribute type 4 has an invalid length.
[  102.157130][ T6701] loop1: detected capacity change from 0 to 512
[  102.173749][ T6705] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:0000:0000 with DS=0xd
[  102.174588][ T6701] EXT4-fs: Ignoring removed bh option
[  102.188255][ T6701] ext4: Unknown parameter 'nouser_xattr'
[  102.196730][ T6704] loop2: detected capacity change from 0 to 512
[  102.225820][ T6704] EXT4-fs: Ignoring removed bh option
[  102.247146][ T6704] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  102.256237][ T6704] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  102.301167][ T6709] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2564 sclass=netlink_route_socket pid=6709 comm=syz.4.1003
[  102.303489][ T6704] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  102.315812][ T6714] netlink: 'syz.1.1005': attribute type 30 has an invalid length.
[  102.327782][ T6704] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  102.341121][ T6704] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.366307][ T6709] netlink: 'syz.4.1003': attribute type 4 has an invalid length.
[  102.389166][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.432058][ T6717] loop4: detected capacity change from 0 to 128
[  102.456976][ T6717] Buffer I/O error on dev loop4, logical block 72, lost async page write
[  102.471503][ T6715] Buffer I/O error on dev loop4, logical block 72, lost async page write
[  102.552433][ T6733] loop2: detected capacity change from 0 to 512
[  102.559896][ T6733] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  102.617648][ T6744] loop2: detected capacity change from 0 to 512
[  102.624622][ T6744] EXT4-fs: Ignoring removed bh option
[  102.630043][ T6744] ext4: Unknown parameter 'nouser_xattr'
[  102.647830][ T6746] netlink: 'syz.0.1017': attribute type 30 has an invalid length.
[  102.673104][ T6748] Failed to initialize the IGMP autojoin socket (err -2)
[  102.774721][ T6762] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1023'.
[  102.825323][ T6762] usb usb8: usbfs: process 6762 (syz.3.1023) did not claim interface 0 before use
[  102.851722][ T6770] Failed to initialize the IGMP autojoin socket (err -2)
[  102.855290][ T6772] loop2: detected capacity change from 0 to 512
[  102.877346][ T6776] loop3: detected capacity change from 0 to 128
[  102.930398][ T6778] loop3: detected capacity change from 0 to 1024
[  102.967887][ T6778] EXT4-fs: Ignoring removed nomblk_io_submit option
[  102.996252][ T6778] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.090039][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.126000][ T6793] netlink: 'syz.4.1037': attribute type 32 has an invalid length.
[  103.234416][ T6810] netlink: 'syz.0.1043': attribute type 30 has an invalid length.
[  103.247439][ T6801] Falling back ldisc for ttyS3.
[  103.267915][ T6814] loop3: detected capacity change from 0 to 512
[  103.275580][ T6816] loop4: detected capacity change from 0 to 128
[  103.294083][ T6814] EXT4-fs: Ignoring removed bh option
[  103.309099][ T6814] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  103.318411][ T6814] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  103.355251][ T6814] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  103.387347][ T6814] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  103.447462][ T6814] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.486439][ T6838] loop1: detected capacity change from 0 to 2048
[  103.600959][ T6852] netlink: 'syz.1.1061': attribute type 4 has an invalid length.
[  103.610141][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.623663][ T6840] Falling back ldisc for ttyS3.
[  103.636738][ T6855] loop2: detected capacity change from 0 to 128
[  103.653890][ T6856] FAULT_INJECTION: forcing a failure.
[  103.653890][ T6856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  103.667320][ T6856] CPU: 0 UID: 0 PID: 6856 Comm: syz.1.1064 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  103.667367][ T6856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  103.667380][ T6856] Call Trace:
[  103.667388][ T6856]  <TASK>
[  103.667397][ T6856]  __dump_stack+0x1d/0x30
[  103.667502][ T6856]  dump_stack_lvl+0xe8/0x140
[  103.667523][ T6856]  dump_stack+0x15/0x1b
[  103.667542][ T6856]  should_fail_ex+0x265/0x280
[  103.667565][ T6856]  should_fail+0xb/0x20
[  103.667581][ T6856]  should_fail_usercopy+0x1a/0x20
[  103.667668][ T6856]  _copy_from_user+0x1c/0xb0
[  103.667693][ T6856]  ___sys_sendmsg+0xc1/0x1d0
[  103.667773][ T6856]  __x64_sys_sendmsg+0xd4/0x160
[  103.667800][ T6856]  x64_sys_call+0x191e/0x2ff0
[  103.667834][ T6856]  do_syscall_64+0xd2/0x200
[  103.667857][ T6856]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  103.667884][ T6856]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  103.667912][ T6856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.667933][ T6856] RIP: 0033:0x7f3b0ee0ebe9
[  103.667955][ T6856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.667971][ T6856] RSP: 002b:00007f3b0d86f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.667990][ T6856] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0ebe9
[  103.668002][ T6856] RDX: 0000000000040010 RSI: 0000200000000980 RDI: 0000000000000004
[  103.668017][ T6856] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[  103.668029][ T6856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.668040][ T6856] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[  103.668162][ T6856]  </TASK>
[  103.883544][ T6867] loop1: detected capacity change from 0 to 164
[  103.891984][ T6867] bio_check_eod: 109 callbacks suppressed
[  103.892001][ T6867] syz.1.1067: attempt to access beyond end of device
[  103.892001][ T6867] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  103.914293][ T6867] syz.1.1067: attempt to access beyond end of device
[  103.914293][ T6867] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  103.940350][ T6868] loop4: detected capacity change from 0 to 1024
[  103.948847][ T6868] EXT4-fs: Ignoring removed nomblk_io_submit option
[  103.962933][ T6872] loop2: detected capacity change from 0 to 512
[  103.970111][ T6872] EXT4-fs: Ignoring removed bh option
[  103.978044][ T6868] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.990373][ T6872] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  103.999554][ T6872] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  104.027278][ T6876] loop1: detected capacity change from 0 to 2048
[  104.034804][ T6872] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  104.035677][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.054788][ T6872] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  104.065249][ T6876] EXT4-fs (loop1): failed to initialize system zone (-117)
[  104.072896][ T6872] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.085454][ T6876] EXT4-fs (loop1): mount failed
[  104.126795][ T6881] loop3: detected capacity change from 0 to 512
[  104.133326][ T6885] loop4: detected capacity change from 0 to 512
[  104.141576][ T6881] EXT4-fs warning (device loop3): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  104.154655][ T6885] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  104.163341][ T6885] EXT4-fs (loop4): orphan cleanup on readonly fs
[  104.170485][ T6885] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1074: Failed to acquire dquot type 1
[  104.182782][ T6885] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1074: bg 0: block 40: padding at end of block bitmap is not set
[  104.198275][ T6890] FAULT_INJECTION: forcing a failure.
[  104.198275][ T6890] name failslab, interval 1, probability 0, space 0, times 0
[  104.211217][ T6890] CPU: 0 UID: 0 PID: 6890 Comm: syz.3.1078 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  104.211279][ T6890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  104.211299][ T6890] Call Trace:
[  104.211358][ T6890]  <TASK>
[  104.211392][ T6890]  __dump_stack+0x1d/0x30
[  104.211516][ T6890]  dump_stack_lvl+0xe8/0x140
[  104.211532][ T6890]  dump_stack+0x15/0x1b
[  104.211546][ T6890]  should_fail_ex+0x265/0x280
[  104.211576][ T6890]  ? __se_sys_memfd_create+0x1cc/0x590
[  104.211627][ T6890]  should_failslab+0x8c/0xb0
[  104.211648][ T6890]  __kmalloc_cache_noprof+0x4c/0x320
[  104.211727][ T6890]  ? fput+0x8f/0xc0
[  104.211828][ T6890]  __se_sys_memfd_create+0x1cc/0x590
[  104.211847][ T6890]  __x64_sys_memfd_create+0x31/0x40
[  104.211864][ T6890]  x64_sys_call+0x2abe/0x2ff0
[  104.211883][ T6890]  do_syscall_64+0xd2/0x200
[  104.211909][ T6890]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  104.211930][ T6890]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  104.211992][ T6890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.212058][ T6890] RIP: 0033:0x7f8dc2ffebe9
[  104.212073][ T6890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.212088][ T6890] RSP: 002b:00007f8dc1a66e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  104.212107][ T6890] RAX: ffffffffffffffda RBX: 00000000000004e5 RCX: 00007f8dc2ffebe9
[  104.212119][ T6890] RDX: 00007f8dc1a66ef0 RSI: 0000000000000000 RDI: 00007f8dc30827e8
[  104.212135][ T6890] RBP: 0000200000000980 R08: 00007f8dc1a66bb7 R09: 00007f8dc1a66e40
[  104.212145][ T6890] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  104.212156][ T6890] R13: 00007f8dc1a66ef0 R14: 00007f8dc1a66eb0 R15: 0000200000000100
[  104.212171][ T6890]  </TASK>
[  104.213069][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.232607][ T6885] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  104.276673][ T6900] Failed to initialize the IGMP autojoin socket (err -2)
[  104.281119][ T6885] EXT4-fs (loop4): 1 truncate cleaned up
[  104.301826][ T6902] random: crng reseeded on system resumption
[  104.306580][ T6885] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  104.319101][ T6902] vhci_hcd: invalid port number 23
[  104.448797][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.449446][ T6903] loop2: detected capacity change from 0 to 512
[  104.518479][ T6907] loop2: detected capacity change from 0 to 1024
[  104.544414][ T6907] EXT4-fs: Ignoring removed nomblk_io_submit option
[  104.594033][ T6915] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1088'.
[  104.619465][ T6907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.650173][ T6922] loop1: detected capacity change from 0 to 512
[  104.666804][ T6926] Failed to initialize the IGMP autojoin socket (err -2)
[  104.676798][ T6922] EXT4-fs: Ignoring removed bh option
[  104.706825][ T6922] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  104.716032][ T6922] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  104.745598][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.762262][ T6928] netlink: 'syz.3.1091': attribute type 10 has an invalid length.
[  104.773992][ T6928] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  104.794515][ T6922] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  104.809122][ T6935] loop2: detected capacity change from 0 to 128
[  104.820512][ T6922] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  104.830891][ T6922] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.859804][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.877617][   T29] kauditd_printk_skb: 776 callbacks suppressed
[  104.877634][   T29] audit: type=1326 audit(1755494553.371:5331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6934 comm="syz.2.1093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[  104.912486][   T29] audit: type=1326 audit(1755494553.381:5332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6934 comm="syz.2.1093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[  104.935977][   T29] audit: type=1326 audit(1755494553.381:5333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6934 comm="syz.2.1093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[  104.959675][   T29] audit: type=1326 audit(1755494553.381:5334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6934 comm="syz.2.1093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5d5aebe9 code=0x7ffc0000
[  104.984169][   T29] audit: type=1326 audit(1755494553.461:5335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6945 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0ee0ebe9 code=0x7ffc0000
[  104.993819][ T6950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.007657][   T29] audit: type=1326 audit(1755494553.461:5336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6945 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f3b0ee0ebe9 code=0x7ffc0000
[  105.007694][   T29] audit: type=1326 audit(1755494553.461:5337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6945 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0ee0ebe9 code=0x7ffc0000
[  105.040610][ T6950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.063301][   T29] audit: type=1326 audit(1755494553.461:5338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6945 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f3b0ee0ebe9 code=0x7ffc0000
[  105.094481][   T29] audit: type=1326 audit(1755494553.461:5339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6945 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b0ee0ebe9 code=0x7ffc0000
[  105.117915][   T29] audit: type=1326 audit(1755494553.461:5340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6945 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f3b0ee0ebe9 code=0x7ffc0000
[  105.126890][ T6950] netlink: 'syz.1.1100': attribute type 13 has an invalid length.
[  105.166247][ T6950] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  105.324105][ T6973] loop2: detected capacity change from 0 to 512
[  105.331282][ T6973] EXT4-fs: Ignoring removed bh option
[  105.331500][ T6971] netlink: 'syz.4.1107': attribute type 3 has an invalid length.
[  105.345126][ T6973] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  105.354322][ T6973] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  105.367598][ T6973] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  105.377953][ T6973] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  105.386784][ T6973] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.452327][ T6978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.461122][ T6978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.479045][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.488464][ T6978] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  105.746145][ T7001] loop2: detected capacity change from 0 to 128
[  105.759040][ T7001] syz.2.1119: attempt to access beyond end of device
[  105.759040][ T7001] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128
[  105.779976][ T7011] loop3: detected capacity change from 0 to 512
[  105.786899][ T7011] EXT4-fs: Ignoring removed bh option
[  105.792791][ T7011] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  105.802031][ T7011] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  105.844428][ T7020] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1126'.
[  105.854344][ T7011] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  105.855120][ T7020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1126'.
[  105.874855][ T7011] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  105.883914][ T7011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.968103][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.038043][ T7034] loop4: detected capacity change from 0 to 164
[  106.062828][ T7034] syz.4.1133: attempt to access beyond end of device
[  106.062828][ T7034] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  106.080163][ T7034] syz.4.1133: attempt to access beyond end of device
[  106.080163][ T7034] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[  106.135175][ T7041] loop3: detected capacity change from 0 to 1024
[  106.142139][ T7041] EXT4-fs: Ignoring removed nomblk_io_submit option
[  106.157369][ T7041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.195400][ T7047] loop2: detected capacity change from 0 to 512
[  106.219337][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.432861][ T7067] loop3: detected capacity change from 0 to 512
[  106.440396][ T7067] EXT4-fs warning (device loop3): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  106.497167][ T7075] loop1: detected capacity change from 0 to 512
[  106.802929][ T7104] FAULT_INJECTION: forcing a failure.
[  106.802929][ T7104] name failslab, interval 1, probability 0, space 0, times 0
[  106.820211][ T7104] CPU: 0 UID: 0 PID: 7104 Comm: syz.2.1165 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  106.820234][ T7104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  106.820243][ T7104] Call Trace:
[  106.820247][ T7104]  <TASK>
[  106.820252][ T7104]  __dump_stack+0x1d/0x30
[  106.820268][ T7104]  dump_stack_lvl+0xe8/0x140
[  106.820281][ T7104]  dump_stack+0x15/0x1b
[  106.820294][ T7104]  should_fail_ex+0x265/0x280
[  106.820308][ T7104]  should_failslab+0x8c/0xb0
[  106.820325][ T7104]  kmem_cache_alloc_noprof+0x50/0x310
[  106.820345][ T7104]  ? __mpol_dup+0x42/0x1b0
[  106.820369][ T7104]  __mpol_dup+0x42/0x1b0
[  106.820391][ T7104]  mbind_range+0x1e8/0x440
[  106.820407][ T7104]  ? mas_find+0x5d5/0x700
[  106.820430][ T7104]  __se_sys_mbind+0x648/0xac0
[  106.820463][ T7104]  __x64_sys_mbind+0x78/0x90
[  106.820492][ T7104]  x64_sys_call+0x2932/0x2ff0
[  106.820514][ T7104]  do_syscall_64+0xd2/0x200
[  106.820538][ T7104]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  106.820560][ T7104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.820578][ T7104] RIP: 0033:0x7fac5d5aebe9
[  106.820605][ T7104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.820624][ T7104] RSP: 002b:00007fac5c017038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  106.820647][ T7104] RAX: ffffffffffffffda RBX: 00007fac5d7d5fa0 RCX: 00007fac5d5aebe9
[  106.820661][ T7104] RDX: 0000000000000004 RSI: 0000000000800000 RDI: 0000200000001000
[  106.820674][ T7104] RBP: 00007fac5c017090 R08: 0000000000000000 R09: 0000000000000002
[  106.820688][ T7104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.820699][ T7104] R13: 00007fac5d7d6038 R14: 00007fac5d7d5fa0 R15: 00007ffd1e297218
[  106.820715][ T7104]  </TASK>
[  107.016374][ T7104] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1165'.
[  107.083381][ T7119] loop2: detected capacity change from 0 to 1024
[  107.090345][ T7119] EXT4-fs: Ignoring removed nomblk_io_submit option
[  107.097202][ T7119] /dev/loop2: Can't open blockdev
[  107.224423][ T7141] Failed to initialize the IGMP autojoin socket (err -2)
[  107.357642][ T7149] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  107.357642][ T7149]    program syz.2.1183 not setting count and/or reply_len properly
[  107.371878][ T7148] loop4: detected capacity change from 0 to 512
[  107.381518][ T7148] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  107.392457][ T7151] loop1: detected capacity change from 0 to 1024
[  107.484075][ T7151] EXT4-fs: Ignoring removed nomblk_io_submit option
[  107.523845][ T7163] loop4: detected capacity change from 0 to 1024
[  107.537076][ T7151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.543984][ T7163] EXT4-fs: Ignoring removed nomblk_io_submit option
[  107.556255][ T7163] /dev/loop4: Can't open blockdev
[  107.571808][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.753598][ T7175] Falling back ldisc for ttyS3.
[  107.817729][ T7181] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  107.817729][ T7181]    program syz.1.1197 not setting count and/or reply_len properly
[  107.945212][ T7192] loop2: detected capacity change from 0 to 512
[  107.952646][ T7192] /dev/loop2: Can't open blockdev
[  107.952833][ T7185] loop4: detected capacity change from 0 to 512
[  107.978168][ T7185] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  107.988853][ T7187] Falling back ldisc for ttyS3.
[  108.068963][ T7203] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1207'.
[  108.073534][ T7197] Falling back ldisc for ttyS3.
[  108.104448][ T7205] validate_nla: 6 callbacks suppressed
[  108.104467][ T7205] netlink: 'syz.3.1208': attribute type 30 has an invalid length.
[  108.166310][ T7210] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  108.166310][ T7210]    program syz.1.1210 not setting count and/or reply_len properly
[  108.216655][ T7213] loop3: detected capacity change from 0 to 164
[  108.256076][ T7213] syz.3.1211: attempt to access beyond end of device
[  108.256076][ T7213] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  108.272100][ T7215] loop2: detected capacity change from 0 to 128
[  108.280468][ T7213] syz.3.1211: attempt to access beyond end of device
[  108.280468][ T7213] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  108.297600][ T7215] syz.2.1213: attempt to access beyond end of device
[  108.297600][ T7215] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128
[  108.324295][ T7215] syz.2.1213: attempt to access beyond end of device
[  108.324295][ T7215] loop2: rw=2049, sector=144, nr_sectors = 2 limit=128
[  108.338184][ T7215] Buffer I/O error on dev loop2, logical block 72, lost async page write
[  108.356293][ T7220] netlink: 'syz.4.1214': attribute type 3 has an invalid length.
[  108.369429][ T7214] syz.2.1213: attempt to access beyond end of device
[  108.369429][ T7214] loop2: rw=2049, sector=144, nr_sectors = 2 limit=128
[  108.382902][ T7214] Buffer I/O error on dev loop2, logical block 72, lost async page write
[  108.402696][ T7226] loop3: detected capacity change from 0 to 128
[  108.470343][ T7228] loop4: detected capacity change from 0 to 512
[  108.494680][ T7228] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  108.868641][ T7246] netlink: 'syz.4.1222': attribute type 3 has an invalid length.
[  108.869654][ T7244] loop2: detected capacity change from 0 to 512
[  108.888265][ T7247] netlink: 'syz.0.1224': attribute type 30 has an invalid length.
[  109.123647][ T7258] Falling back ldisc for ttyS3.
[  109.146006][ T7264] loop2: detected capacity change from 0 to 1024
[  109.163605][ T7264] EXT4-fs: Ignoring removed nomblk_io_submit option
[  109.176688][ T7274] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  109.183350][ T7274] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  109.190817][ T7274] vhci_hcd vhci_hcd.0: Device attached
[  109.206378][ T7264] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.218735][ T7274] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(11)
[  109.225500][ T7274] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  109.233074][ T7274] vhci_hcd vhci_hcd.0: Device attached
[  109.263922][ T7274] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  109.265673][ T7295] loop1: detected capacity change from 0 to 512
[  109.273759][ T7282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.292906][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.297913][ T7282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.310425][ T7274] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(15)
[  109.317134][ T7274] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  109.324808][ T7274] vhci_hcd vhci_hcd.0: Device attached
[  109.358769][ T7274] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(17)
[  109.365414][ T7274] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  109.373072][ T7274] vhci_hcd vhci_hcd.0: Device attached
[  109.379841][ T7274] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(19)
[  109.386619][ T7274] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  109.394524][ T7274] vhci_hcd vhci_hcd.0: Device attached
[  109.422768][ T7274] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  109.432127][ T7274] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  109.440625][ T7274] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  109.449973][ T7274] vhci_hcd vhci_hcd.0: port 0 already used
[  109.460025][ T7274] FAULT_INJECTION: forcing a failure.
[  109.460025][ T7274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.473213][ T7274] CPU: 0 UID: 0 PID: 7274 Comm: syz.4.1235 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  109.473245][ T7274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  109.473258][ T7274] Call Trace:
[  109.473265][ T7274]  <TASK>
[  109.473275][ T7274]  __dump_stack+0x1d/0x30
[  109.473308][ T7274]  dump_stack_lvl+0xe8/0x140
[  109.473355][ T7274]  dump_stack+0x15/0x1b
[  109.473375][ T7274]  should_fail_ex+0x265/0x280
[  109.473421][ T7274]  should_fail+0xb/0x20
[  109.473437][ T7274]  should_fail_usercopy+0x1a/0x20
[  109.473536][ T7274]  _copy_to_user+0x20/0xa0
[  109.473676][ T7274]  simple_read_from_buffer+0xb5/0x130
[  109.473696][ T7274]  proc_fail_nth_read+0x10e/0x150
[  109.473721][ T7274]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  109.473804][ T7274]  vfs_read+0x1a8/0x770
[  109.473876][ T7274]  ? __rcu_read_unlock+0x4f/0x70
[  109.473896][ T7274]  ? __fget_files+0x184/0x1c0
[  109.473991][ T7274]  ksys_read+0xda/0x1a0
[  109.474016][ T7274]  __x64_sys_read+0x40/0x50
[  109.474035][ T7274]  x64_sys_call+0x27bc/0x2ff0
[  109.474081][ T7274]  do_syscall_64+0xd2/0x200
[  109.474129][ T7274]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  109.474157][ T7274]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  109.474181][ T7274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.474206][ T7274] RIP: 0033:0x7f9cb6d2d5fc
[  109.474367][ T7274] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  109.474383][ T7274] RSP: 002b:00007f9cb5797030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  109.474402][ T7274] RAX: ffffffffffffffda RBX: 00007f9cb6f55fa0 RCX: 00007f9cb6d2d5fc
[  109.474414][ T7274] RDX: 000000000000000f RSI: 00007f9cb57970a0 RDI: 000000000000001f
[  109.474429][ T7274] RBP: 00007f9cb5797090 R08: 0000000000000000 R09: 0000000000000000
[  109.474444][ T7274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.474457][ T7274] R13: 00007f9cb6f56038 R14: 00007f9cb6f55fa0 R15: 00007ffe4f1b4bb8
[  109.474491][ T7274]  </TASK>
[  109.644339][   T23] vhci_hcd: vhci_device speed not set
[  109.703161][ T7283] vhci_hcd: connection closed
[  109.703338][ T7275] vhci_hcd: connection closed
[  109.708361][ T7305] vhci_hcd: connection closed
[  109.713080][ T7302] vhci_hcd: connection closed
[  109.717949][ T7298] vhci_hcd: connection closed
[  109.733555][   T12] vhci_hcd: stop threads
[  109.742563][   T12] vhci_hcd: release socket
[  109.747164][   T12] vhci_hcd: disconnect device
[  109.760201][   T23] usb 9-1: new full-speed USB device number 2 using vhci_hcd
[  109.769458][   T12] vhci_hcd: stop threads
[  109.773943][   T12] vhci_hcd: release socket
[  109.778550][   T12] vhci_hcd: disconnect device
[  109.793084][   T12] vhci_hcd: stop threads
[  109.797468][   T12] vhci_hcd: release socket
[  109.802497][   T12] vhci_hcd: disconnect device
[  109.808370][   T12] vhci_hcd: stop threads
[  109.812744][   T12] vhci_hcd: release socket
[  109.813842][ T7317] Falling back ldisc for ttyS3.
[  109.817253][   T12] vhci_hcd: disconnect device
[  109.828274][   T12] vhci_hcd: stop threads
[  109.832562][   T12] vhci_hcd: release socket
[  109.837171][   T12] vhci_hcd: disconnect device
[  109.964059][   T29] kauditd_printk_skb: 508 callbacks suppressed
[  109.964091][   T29] audit: type=1326 audit(1755494558.461:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  109.996283][   T29] audit: type=1326 audit(1755494558.491:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.020060][   T29] audit: type=1326 audit(1755494558.491:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.043836][   T29] audit: type=1326 audit(1755494558.491:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.068038][   T29] audit: type=1326 audit(1755494558.491:5853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.072225][ T7342] loop4: detected capacity change from 0 to 512
[  110.091825][   T29] audit: type=1326 audit(1755494558.491:5854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.121534][   T29] audit: type=1326 audit(1755494558.491:5855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.145050][   T29] audit: type=1326 audit(1755494558.491:5856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.168547][   T29] audit: type=1326 audit(1755494558.491:5857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.191558][ T7342] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix.
[  110.192303][   T29] audit: type=1326 audit(1755494558.491:5858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7341 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cb6d2ebe9 code=0x7ffc0000
[  110.230639][ T7342] EXT4-fs (loop4): mount failed
[  110.275277][ T7349] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  110.292331][ T7352] Failed to initialize the IGMP autojoin socket (err -2)
[  110.338306][ T7361] bond1: entered promiscuous mode
[  110.343454][ T7361] bond1: entered allmulticast mode
[  110.349978][ T7361] 8021q: adding VLAN 0 to HW filter on device bond1
[  110.360253][ T7361] bond1 (unregistering): Released all slaves
[  110.586256][ T7369] Falling back ldisc for ttyS3.
[  110.586760][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1261'.
[  110.788244][ T7379] Failed to initialize the IGMP autojoin socket (err -2)
[  110.823389][ T7384] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  110.921060][ T7394] Failed to initialize the IGMP autojoin socket (err -2)
[  110.943956][ T7390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.962880][ T7390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.982998][ T7390] netlink: 'syz.4.1274': attribute type 13 has an invalid length.
[  111.012936][ T7390] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  111.051604][ T7404] loop3: detected capacity change from 0 to 512
[  111.189085][ T7408] loop1: detected capacity change from 0 to 512
[  111.225918][ T7408] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.1280: casefold flag without casefold feature
[  111.242668][ T7413] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  111.243611][ T7410] Failed to initialize the IGMP autojoin socket (err -2)
[  111.261407][ T7408] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1280: couldn't read orphan inode 15 (err -117)
[  111.275165][ T7408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.294538][ T7417] loop2: detected capacity change from 0 to 1024
[  111.301600][ T7417] EXT4-fs: Ignoring removed nomblk_io_submit option
[  111.331715][ T7417] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.345277][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.365349][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.387015][ T7426] loop1: detected capacity change from 0 to 128
[  111.397904][ T7426] bio_check_eod: 1 callbacks suppressed
[  111.397921][ T7426] syz.1.1286: attempt to access beyond end of device
[  111.397921][ T7426] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128
[  111.419035][ T7426] syz.1.1286: attempt to access beyond end of device
[  111.419035][ T7426] loop1: rw=2049, sector=144, nr_sectors = 2 limit=128
[  111.432584][ T7426] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  111.443315][ T7425] syz.1.1286: attempt to access beyond end of device
[  111.443315][ T7425] loop1: rw=2049, sector=144, nr_sectors = 2 limit=128
[  111.456844][ T7425] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  111.466455][ T7425] syz.1.1286: attempt to access beyond end of device
[  111.466455][ T7425] loop1: rw=2049, sector=146, nr_sectors = 26 limit=128
[  111.498333][ T7435] loop2: detected capacity change from 0 to 128
[  111.524353][ T7435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1290'.
[  111.555166][ T7439] loop2: detected capacity change from 0 to 512
[  111.578903][ T7442] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  111.601064][ T7444] loop3: detected capacity change from 0 to 1024
[  111.608574][ T7444] EXT4-fs: Ignoring removed nomblk_io_submit option
[  111.621828][ T7448] Failed to initialize the IGMP autojoin socket (err -2)
[  111.634701][ T7444] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.661168][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.706862][ T7454] loop4: detected capacity change from 0 to 1024
[  111.716059][ T7454] EXT4-fs: Ignoring removed nomblk_io_submit option
[  111.736295][ T7458] loop2: detected capacity change from 0 to 164
[  111.746514][ T7454] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.759065][ T7458] /dev/loop2: Can't open blockdev
[  111.795444][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.834561][ T7474] mmap: syz.2.1307 (7474) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  111.886377][ T7480] Failed to initialize the IGMP autojoin socket (err -2)
[  111.911299][ T7484] loop4: detected capacity change from 0 to 512
[  111.928917][ T7488] loop1: detected capacity change from 0 to 1024
[  111.944900][ T7488] EXT4-fs: Ignoring removed nomblk_io_submit option
[  111.955247][ T7488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.058851][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.073290][ T7506] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1319'.
[  112.076280][ T7498] netlink: 'syz.0.1317': attribute type 13 has an invalid length.
[  112.113385][ T7498] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  112.175016][ T7521] netlink: 'syz.4.1325': attribute type 3 has an invalid length.
[  112.216523][ T7525] loop2: detected capacity change from 0 to 1024
[  112.223574][ T7525] EXT4-fs: Ignoring removed nomblk_io_submit option
[  112.235258][ T7525] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.256705][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.294855][ T7531] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.294855][ T7531]    program syz.4.1329 not setting count and/or reply_len properly
[  112.339583][ T7536] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.339583][ T7536]    program syz.4.1331 not setting count and/or reply_len properly
[  112.458746][ T7547] loop2: detected capacity change from 0 to 1024
[  112.466181][ T7547] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  112.475825][ T7547] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  112.486430][ T7547] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: comm syz.2.1336: inode #100663328: comm syz.2.1336: iget: illegal inode #
[  112.501412][ T7547] EXT4-fs (loop2): Remounting filesystem read-only
[  112.508013][ T7547] EXT4-fs (loop2): no journal found
[  112.513266][ T7547] EXT4-fs (loop2): can't get journal size
[  112.520187][ T7547] EXT4-fs (loop2): failed to initialize system zone (-22)
[  112.527486][ T7547] EXT4-fs (loop2): mount failed
[  112.543239][ T7552] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.543239][ T7552]    program syz.4.1338 not setting count and/or reply_len properly
[  112.572133][ T7547] infiniband syz!: set active
[  112.576926][ T7547] infiniband syz!: added team_slave_0
[  112.583882][ T7547] syz!: rxe_create_qp: returned err = -2
[  112.584688][ T7554] blktrace: Concurrent blktraces are not allowed on loop8
[  112.589566][ T7547] infiniband syz!: Couldn't create ib_mad QP1
[  112.589696][ T7547] infiniband syz!: Couldn't open port 1
[  112.613885][ T7547] RDS/IB: syz!: added
[  112.618067][ T7547] smc: adding ib device syz! with port count 1
[  112.624481][ T7547] smc:    ib device syz! port 1 has pnetid 
[  112.681077][ T7560] loop4: detected capacity change from 0 to 1024
[  112.688008][ T7560] EXT4-fs: Ignoring removed nomblk_io_submit option
[  112.705944][ T7560] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.735147][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.976318][ T7586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.986512][ T7586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.003664][ T7587] syz.1.1352 uses obsolete (PF_INET,SOCK_PACKET)
[  113.025164][ T7598] loop2: detected capacity change from 0 to 1024
[  113.025242][ T7584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.032307][ T7598] EXT4-fs: Ignoring removed nomblk_io_submit option
[  113.043005][ T7584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.057989][ T7598] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.069823][ T7584] netlink: 'syz.3.1350': attribute type 13 has an invalid length.
[  113.085647][ T7584] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  113.242183][ T7618] syz.1.1362 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  113.665748][ T7636] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1368'.
[  113.674760][ T7636] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1368'.
[  113.687580][ T7636] Failed to initialize the IGMP autojoin socket (err -2)
[  114.091323][ T7646] netlink: 'syz.2.1372': attribute type 3 has an invalid length.
[  114.216391][ T7668] loop3: detected capacity change from 0 to 164
[  114.224954][ T7668] syz.3.1381: attempt to access beyond end of device
[  114.224954][ T7668] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  114.239463][ T7668] syz.3.1381: attempt to access beyond end of device
[  114.239463][ T7668] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  114.459290][ T7663] loop2: detected capacity change from 0 to 2048
[  114.509798][ T7663]  loop2: p2 p3 p7
[  114.562334][ T7689] loop2: detected capacity change from 0 to 512
[  114.616019][ T7693] FAULT_INJECTION: forcing a failure.
[  114.616019][ T7693] name failslab, interval 1, probability 0, space 0, times 0
[  114.629601][ T7693] CPU: 1 UID: 0 PID: 7693 Comm: syz.3.1391 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  114.629695][ T7693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  114.629701][ T7693] Call Trace:
[  114.629704][ T7693]  <TASK>
[  114.629708][ T7693]  __dump_stack+0x1d/0x30
[  114.629721][ T7693]  dump_stack_lvl+0xe8/0x140
[  114.629731][ T7693]  dump_stack+0x15/0x1b
[  114.629748][ T7693]  should_fail_ex+0x265/0x280
[  114.629759][ T7693]  ? allocate_file_region_entries+0xd2/0x310
[  114.629795][ T7693]  should_failslab+0x8c/0xb0
[  114.629807][ T7693]  __kmalloc_cache_noprof+0x4c/0x320
[  114.629874][ T7693]  allocate_file_region_entries+0xd2/0x310
[  114.629888][ T7693]  region_chg+0x232/0x2d0
[  114.629932][ T7693]  hugetlb_fault+0xf3a/0x1b50
[  114.629974][ T7693]  ? hugetlb_fault+0x1061/0x1b50
[  114.630001][ T7693]  handle_mm_fault+0x1861/0x2c20
[  114.630012][ T7693]  ? __rcu_read_unlock+0x4f/0x70
[  114.630025][ T7693]  ? find_vma+0x6c/0xa0
[  114.630035][ T7693]  do_user_addr_fault+0x3fe/0x1090
[  114.630085][ T7693]  exc_page_fault+0x62/0xa0
[  114.630097][ T7693]  asm_exc_page_fault+0x26/0x30
[  114.630110][ T7693] RIP: 0010:rep_stos_alternative+0x40/0x80
[  114.630170][ T7693] Code: c9 75 f6 e9 52 04 02 00 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47
[  114.630180][ T7693] RSP: 0018:ffffc90000ed3ca8 EFLAGS: 00050206
[  114.630189][ T7693] RAX: 0000000000000000 RBX: 00007ffffffff001 RCX: 0000000000200000
[  114.630196][ T7693] RDX: 0000000000000000 RSI: 0000200000200000 RDI: 0000200000200000
[  114.630274][ T7693] RBP: 0000200000200000 R08: 0001c90000ed3e0f R09: 0000000000000000
[  114.630280][ T7693] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000200000
[  114.630287][ T7693] R13: ffffc90000ed3e08 R14: 0000000000200000 R15: 0000200000400000
[  114.630296][ T7693]  iov_iter_zero+0xfc/0xd60
[  114.630309][ T7693]  ? hugetlbfs_read_iter+0x1e4/0x370
[  114.630362][ T7693]  hugetlbfs_read_iter+0x1f1/0x370
[  114.630376][ T7693]  ? __pfx_hugetlbfs_read_iter+0x10/0x10
[  114.630462][ T7693]  vfs_read+0x649/0x770
[  114.630477][ T7693]  ? __pfx_hugetlbfs_read_iter+0x10/0x10
[  114.630516][ T7693]  ksys_read+0xda/0x1a0
[  114.630544][ T7693]  __x64_sys_read+0x40/0x50
[  114.630555][ T7693]  x64_sys_call+0x27bc/0x2ff0
[  114.630690][ T7693]  do_syscall_64+0xd2/0x200
[  114.630702][ T7693]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  114.630772][ T7693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.630783][ T7693] RIP: 0033:0x7f8dc2ffebe9
[  114.630790][ T7693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.630799][ T7693] RSP: 002b:00007f8dc1a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  114.630809][ T7693] RAX: ffffffffffffffda RBX: 00007f8dc3225fa0 RCX: 00007f8dc2ffebe9
[  114.630816][ T7693] RDX: 00000000fffffdef RSI: 0000200000000000 RDI: 0000000000000003
[  114.630878][ T7693] RBP: 00007f8dc1a67090 R08: 0000000000000000 R09: 0000000000000000
[  114.630884][ T7693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.630890][ T7693] R13: 00007f8dc3226038 R14: 00007f8dc3225fa0 R15: 00007ffecff15b28
[  114.630899][ T7693]  </TASK>
[  114.955273][   T23] usb 9-1: enqueue for inactive port 0
[  114.960794][   T23] usb 9-1: enqueue for inactive port 0
[  114.979485][ T7695] loop2: detected capacity change from 0 to 1024
[  114.991604][ T7695] EXT4-fs: Ignoring removed nomblk_io_submit option
[  115.030159][ T7702] FAULT_INJECTION: forcing a failure.
[  115.030159][ T7702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.043403][ T7702] CPU: 1 UID: 0 PID: 7702 Comm: syz.3.1395 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  115.043438][ T7702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  115.043450][ T7702] Call Trace:
[  115.043457][ T7702]  <TASK>
[  115.043467][ T7702]  __dump_stack+0x1d/0x30
[  115.043493][ T7702]  dump_stack_lvl+0xe8/0x140
[  115.043578][ T7702]  dump_stack+0x15/0x1b
[  115.043596][ T7702]  should_fail_ex+0x265/0x280
[  115.043617][ T7702]  should_fail+0xb/0x20
[  115.043634][ T7702]  should_fail_usercopy+0x1a/0x20
[  115.043701][ T7702]  strncpy_from_user+0x25/0x230
[  115.043756][ T7702]  ? __kmalloc_cache_noprof+0x189/0x320
[  115.044004][ T7702]  __se_sys_memfd_create+0x1ff/0x590
[  115.044025][ T7702]  __x64_sys_memfd_create+0x31/0x40
[  115.044043][ T7702]  x64_sys_call+0x2abe/0x2ff0
[  115.044065][ T7702]  do_syscall_64+0xd2/0x200
[  115.044091][ T7702]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  115.044115][ T7702]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  115.044140][ T7702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.044161][ T7702] RIP: 0033:0x7f8dc2ffebe9
[  115.044227][ T7702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.044279][ T7702] RSP: 002b:00007f8dc1a66e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  115.044345][ T7702] RAX: ffffffffffffffda RBX: 0000000000000550 RCX: 00007f8dc2ffebe9
[  115.044359][ T7702] RDX: 00007f8dc1a66ef0 RSI: 0000000000000000 RDI: 00007f8dc30827e8
[  115.044372][ T7702] RBP: 0000200000001780 R08: 00007f8dc1a66bb7 R09: 00007f8dc1a66e40
[  115.044384][ T7702] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  115.044397][ T7702] R13: 00007f8dc1a66ef0 R14: 00007f8dc1a66eb0 R15: 00002000000003c0
[  115.044417][ T7702]  </TASK>
[  115.044431][ T7703] loop2: detected capacity change from 0 to 164
[  115.057214][   T23] vhci_hcd: vhci_device speed not set
[  115.267532][ T7708] loop3: detected capacity change from 0 to 128
[  115.277219][   T29] kauditd_printk_skb: 705 callbacks suppressed
[  115.277316][   T29] audit: type=1326 audit(1755494563.751:6562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.307449][   T29] audit: type=1326 audit(1755494563.761:6563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.331419][   T29] audit: type=1326 audit(1755494563.761:6564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.355551][   T29] audit: type=1326 audit(1755494563.761:6565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.359527][ T7708] syz.3.1397: attempt to access beyond end of device
[  115.359527][ T7708] loop3: rw=2049, sector=138, nr_sectors = 112 limit=128
[  115.379257][   T29] audit: type=1326 audit(1755494563.761:6566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.416667][   T29] audit: type=1326 audit(1755494563.761:6567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.440339][   T29] audit: type=1326 audit(1755494563.761:6568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.463846][   T29] audit: type=1326 audit(1755494563.761:6569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.487658][   T29] audit: type=1326 audit(1755494563.761:6570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.511159][   T29] audit: type=1326 audit(1755494563.761:6571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7707 comm="syz.3.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8dc2ffebe9 code=0x7ffc0000
[  115.535756][ T7703] syz.2.1394: attempt to access beyond end of device
[  115.535756][ T7703] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  115.549726][ T7703] syz.2.1394: attempt to access beyond end of device
[  115.549726][ T7703] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  115.594457][ T7716] loop2: detected capacity change from 0 to 1024
[  115.601288][ T7716] EXT4-fs: Ignoring removed nomblk_io_submit option
[  115.617235][ T7720] loop1: detected capacity change from 0 to 512
[  115.670456][ T7730] loop2: detected capacity change from 0 to 128
[  115.723230][ T7736] loop1: detected capacity change from 0 to 512
[  115.731707][ T7738] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  115.731707][ T7738]    program syz.4.1410 not setting count and/or reply_len properly
[  115.749356][ T7736] EXT4-fs: Ignoring removed bh option
[  115.756197][ T7736] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  115.765457][ T7736] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  115.776157][ T7736] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  115.814429][ T7743] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  115.814429][ T7743]    program syz.3.1412 not setting count and/or reply_len properly
[  115.841067][ T7736] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  115.870702][ T7750] loop4: detected capacity change from 0 to 1024
[  115.877698][ T7750] EXT4-fs: Ignoring removed nomblk_io_submit option
[  115.971254][ T7758] loop3: detected capacity change from 0 to 128
[  115.994306][ T7758] syz.3.1418: attempt to access beyond end of device
[  115.994306][ T7758] loop3: rw=2049, sector=138, nr_sectors = 112 limit=128
[  116.029455][ T7762] loop4: detected capacity change from 0 to 512
[  116.036817][ T7762] EXT4-fs: Ignoring removed nobh option
[  116.045447][ T7762] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #3: comm syz.4.1419: corrupted inode contents
[  116.057536][ T7762] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #3: comm syz.4.1419: mark_inode_dirty error
[  116.069274][ T7762] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #3: comm syz.4.1419: corrupted inode contents
[  116.073555][ T7757] Falling back ldisc for ttyS3.
[  116.082066][ T7762] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.1419: mark_inode_dirty error
[  116.099974][ T7762] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1419: Failed to acquire dquot type 0
[  116.112330][ T7762] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1419: corrupted inode contents
[  116.126146][ T7762] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #16: comm syz.4.1419: mark_inode_dirty error
[  116.142650][ T7762] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1419: corrupted inode contents
[  116.157709][ T7762] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.1419: mark_inode_dirty error
[  116.169605][ T7762] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1419: corrupted inode contents
[  116.183924][ T7762] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  116.192867][ T7762] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.1419: corrupted inode contents
[  116.206753][ T7762] EXT4-fs error (device loop4): ext4_truncate:4666: inode #16: comm syz.4.1419: mark_inode_dirty error
[  116.219068][ T7762] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  116.228891][ T7762] EXT4-fs (loop4): 1 truncate cleaned up
[  116.235752][ T7762] ext4 filesystem being mounted at /281/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.244121][ T7776] loop1: detected capacity change from 0 to 164
[  116.297626][ T7784] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  116.297626][ T7784]    program syz.2.1428 not setting count and/or reply_len properly
[  116.307879][ T7786] netlink: 'syz.1.1429': attribute type 30 has an invalid length.
[  116.333218][ T7778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.342394][ T7778] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.366917][ T7778] netlink: 'syz.3.1426': attribute type 13 has an invalid length.
[  116.380199][ T7778] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  116.424482][ T7796] FAULT_INJECTION: forcing a failure.
[  116.424482][ T7796] name failslab, interval 1, probability 0, space 0, times 0
[  116.437295][ T7796] CPU: 0 UID: 0 PID: 7796 Comm: syz.1.1432 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  116.437369][ T7796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  116.437380][ T7796] Call Trace:
[  116.437386][ T7796]  <TASK>
[  116.437395][ T7796]  __dump_stack+0x1d/0x30
[  116.437415][ T7796]  dump_stack_lvl+0xe8/0x140
[  116.437432][ T7796]  dump_stack+0x15/0x1b
[  116.437470][ T7796]  should_fail_ex+0x265/0x280
[  116.437495][ T7796]  should_failslab+0x8c/0xb0
[  116.437570][ T7796]  kmem_cache_alloc_noprof+0x50/0x310
[  116.437600][ T7796]  ? create_new_namespaces+0x3c/0x3d0
[  116.437664][ T7796]  create_new_namespaces+0x3c/0x3d0
[  116.437691][ T7796]  unshare_nsproxy_namespaces+0xe8/0x120
[  116.437753][ T7796]  ksys_unshare+0x3d0/0x6d0
[  116.437777][ T7796]  ? ksys_write+0x192/0x1a0
[  116.437938][ T7796]  __x64_sys_unshare+0x1f/0x30
[  116.437972][ T7796]  x64_sys_call+0x2911/0x2ff0
[  116.437990][ T7796]  do_syscall_64+0xd2/0x200
[  116.438013][ T7796]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  116.438037][ T7796]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  116.438107][ T7796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.438130][ T7796] RIP: 0033:0x7f3b0ee0ebe9
[  116.438145][ T7796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.438228][ T7796] RSP: 002b:00007f3b0d86f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  116.438250][ T7796] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0ebe9
[  116.438265][ T7796] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400
[  116.438278][ T7796] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[  116.438289][ T7796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.438301][ T7796] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[  116.438403][ T7796]  </TASK>
[  116.668432][ T7802] loop1: detected capacity change from 0 to 1024
[  116.675627][ T7802] EXT4-fs: Ignoring removed nomblk_io_submit option
[  116.693762][ T7798] Falling back ldisc for ttyS3.
[  116.752876][ T7807] Failed to initialize the IGMP autojoin socket (err -2)
[  117.169163][ T7818] loop3: detected capacity change from 0 to 1024
[  117.176213][ T7818] EXT4-fs: Ignoring removed nomblk_io_submit option
[  117.240275][ T7829] FAULT_INJECTION: forcing a failure.
[  117.240275][ T7829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.253472][ T7829] CPU: 0 UID: 0 PID: 7829 Comm: syz.1.1444 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  117.253562][ T7829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  117.253573][ T7829] Call Trace:
[  117.253580][ T7829]  <TASK>
[  117.253587][ T7829]  __dump_stack+0x1d/0x30
[  117.253607][ T7829]  dump_stack_lvl+0xe8/0x140
[  117.253625][ T7829]  dump_stack+0x15/0x1b
[  117.253664][ T7829]  should_fail_ex+0x265/0x280
[  117.253688][ T7829]  should_fail+0xb/0x20
[  117.253706][ T7829]  should_fail_usercopy+0x1a/0x20
[  117.253725][ T7829]  _copy_to_user+0x20/0xa0
[  117.253755][ T7829]  simple_read_from_buffer+0xb5/0x130
[  117.253774][ T7829]  proc_fail_nth_read+0x10e/0x150
[  117.253797][ T7829]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  117.253935][ T7829]  vfs_read+0x1a8/0x770
[  117.253959][ T7829]  ? __rcu_read_unlock+0x4f/0x70
[  117.253983][ T7829]  ? __fget_files+0x184/0x1c0
[  117.254043][ T7829]  ksys_read+0xda/0x1a0
[  117.254067][ T7829]  __x64_sys_read+0x40/0x50
[  117.254090][ T7829]  x64_sys_call+0x27bc/0x2ff0
[  117.254114][ T7829]  do_syscall_64+0xd2/0x200
[  117.254153][ T7829]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  117.254175][ T7829]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  117.254196][ T7829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.254241][ T7829] RIP: 0033:0x7f3b0ee0d5fc
[  117.254256][ T7829] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  117.254315][ T7829] RSP: 002b:00007f3b0d86f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  117.254334][ T7829] RAX: ffffffffffffffda RBX: 00007f3b0f035fa0 RCX: 00007f3b0ee0d5fc
[  117.254346][ T7829] RDX: 000000000000000f RSI: 00007f3b0d86f0a0 RDI: 0000000000000007
[  117.254412][ T7829] RBP: 00007f3b0d86f090 R08: 0000000000000000 R09: 0000000000000000
[  117.254424][ T7829] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001
[  117.254435][ T7829] R13: 00007f3b0f036038 R14: 00007f3b0f035fa0 R15: 00007fffe4939498
[  117.254453][ T7829]  </TASK>
[  117.475495][ T7836] loop2: detected capacity change from 0 to 1024
[  117.482534][ T7836] EXT4-fs: Ignoring removed nomblk_io_submit option
[  117.569971][ T7846] loop2: detected capacity change from 0 to 1024
[  117.590028][ T7846] EXT4-fs: Ignoring removed nomblk_io_submit option
[  117.620473][ T7851] netlink: 'syz.4.1452': attribute type 30 has an invalid length.
[  117.648095][ T7855] loop1: detected capacity change from 0 to 1024
[  117.655352][ T7855] EXT4-fs: Ignoring removed nomblk_io_submit option
[  117.680688][ T7857] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  117.745608][ T7863] Failed to initialize the IGMP autojoin socket (err -2)
[  117.809962][ T7874] loop2: detected capacity change from 0 to 2048
[  117.857942][ T7879] loop1: detected capacity change from 0 to 1024
[  117.866492][ T7879] EXT4-fs: Ignoring removed nomblk_io_submit option
[  117.948353][ T7896] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  117.959405][ T7887] Falling back ldisc for ttyS3.
[  117.999235][ T7907] loop4: detected capacity change from 0 to 128
[  118.046723][ T7910] loop2: detected capacity change from 0 to 1024
[  118.058396][ T7910] EXT4-fs: Ignoring removed nomblk_io_submit option
[  118.100472][ T7917] loop3: detected capacity change from 0 to 128
[  118.193524][ T7930] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1482'.
[  118.223531][ T7932] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  118.293954][ T7936] Falling back ldisc for ttyS3.
[  118.319458][ T7946] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1489'.
[  118.328861][ T7948] loop4: detected capacity change from 0 to 512
[  118.348797][ T7948] EXT4-fs: Ignoring removed bh option
[  118.356144][ T7956] ==================================================================
[  118.364277][ T7956] BUG: KCSAN: data-race in mas_state_walk / mas_wmb_replace
[  118.371581][ T7956] 
[  118.373905][ T7956] write to 0xffff888104ac1800 of 8 bytes by task 7955 on cpu 1:
[  118.381616][ T7956]  mas_wmb_replace+0x20d/0x14a0
[  118.386490][ T7956]  mas_wr_store_entry+0x1773/0x2b50
[  118.391780][ T7956]  mas_store_prealloc+0x74d/0x9e0
[  118.396806][ T7956]  vma_iter_store_new+0x1c5/0x200
[  118.401838][ T7956]  mmap_region+0x1100/0x1630
[  118.406436][ T7956]  do_mmap+0x9b3/0xbe0
[  118.410512][ T7956]  vm_mmap_pgoff+0x17a/0x2e0
[  118.415106][ T7956]  ksys_mmap_pgoff+0xc2/0x310
[  118.419794][ T7956]  x64_sys_call+0x14a3/0x2ff0
[  118.424473][ T7956]  do_syscall_64+0xd2/0x200
[  118.428985][ T7956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.434886][ T7956] 
[  118.437217][ T7956] read to 0xffff888104ac1800 of 8 bytes by task 7956 on cpu 0:
[  118.444783][ T7956]  mas_state_walk+0x485/0x650
[  118.449495][ T7956]  mas_walk+0x60/0x150
[  118.453569][ T7956]  lock_vma_under_rcu+0x8d/0x160
[  118.458512][ T7956]  do_user_addr_fault+0x233/0x1090
[  118.463639][ T7956]  exc_page_fault+0x62/0xa0
[  118.468611][ T7956]  asm_exc_page_fault+0x26/0x30
[  118.473459][ T7956] 
[  118.475781][ T7956] value changed: 0xffff88810005f341 -> 0xffff888104ac1800
[  118.483065][ T7956] 
[  118.485490][ T7956] Reported by Kernel Concurrency Sanitizer on:
[  118.491729][ T7956] CPU: 0 UID: 0 PID: 7956 Comm: syz.1.1494 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
[  118.504145][ T7956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.514295][ T7956] ==================================================================
[  118.523043][ T3393] usb usb10-port1: attempt power cycle
[  118.530142][ T7948] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  118.539253][ T7948] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  118.539939][ T7956] loop1: detected capacity change from 0 to 128
[  118.554040][ T7956] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615'
[  118.562717][ T7948] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  118.571990][ T7954] loop3: detected capacity change from 0 to 1024
[  118.579015][ T7954] EXT4-fs: Ignoring removed nomblk_io_submit option
[  118.586538][ T7948] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  120.383705][ T3393] usb usb10-port1: unable to enumerate USB device