last executing test programs:

3.032038734s ago: executing program 0 (id=512):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000028002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r4, @ANYRESDEC=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000020a01"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @netfilter}, 0x94)
r6 = socket(0x15, 0x5, 0x0)
connect$unix(r6, &(0x7f0000000080)=@abs={0xa}, 0x6e)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
close(r10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0xfdef)
ioctl$EXT4_IOC_GETSTATE(r9, 0x40046629, &(0x7f0000000280))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f0000000080)={[{@bh}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@grpjquota}, {@norecovery}, {@dioread_lock}]}, 0x3, 0x4d1, &(0x7f0000000b80)="$eJzs3dFrW9cZAPDvynbiJM7sbHvIwpaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYGxraZ/61JdCn0uh5E9oC4H2vZTSEtokfWihrYrkqyZxZVsmlpVYvx8c33PuvfL3HQsd69x7uTeAjnUqIsYioisizkZEf7o+k5ZYWy/V/R7cvzVZLUlUKtc+TSJJ19V/V5Iuj6Qv642Iv/454h/J9+OWVlbnJgqF/FLazpXnF3OlldVzs/MTM/mZ/MLYyPDF0UujF0aHdq2vl//40f///eqfLr/1mxsfjH9y5p/VtPrSbY/3oxlrTe633vWe2t+irjsilnYS7BnWlfanp92JAADQlOp3/B9GxC8i4uFL7c4GAAAAaIXK7/viqySiAgAAAOxbmdo1sEkmm14L0BeZTDa7fg3vj+NwplAslX89XVxemFq/VnYgejLTs4X8UHqt8ED0JNX2cK3+qH1+Q3skIo5FxH/7D9Xa2cliYardBz8AAACgQxzZMP//vH99/g8AAADsMwPtTgAAAABoOfN/AAAA2P82nf8n3XubCAAAANAKf7lypVoq9edfT11fWZ4rXj83lS/NZeeXJ7OTxaXF7EyxOFO7Z9/8dr+vUCwu/jYWlm/myvlSOVdaWR2fLy4vlMdrz/Uez3tONAAAAOy9Yz+/834SEWu/O1QrVQfSbU3M1cdamx3QSpmd7Z60Kg9g73W1OwGgbba5wPedn+5VIsCecz4e2GZi/78N7R0eNgAAAJ4Fgz95qvP/zgfCc8xEHjqX8//QudzgCzqX8//Q4Q5uv0vvZhve3uVcAACAlumrlSSTTc8F9kUmk81GHK09FqAnmZ4t5Ici4gcR8V5/z8Fqe7jdSQMAAAAAAAAAAAAAAAAAAAAAAADAc6ZSSaICAAAA7GsRmY+T9EH+g/2n+zYeHziQfNFfW0bEjZevvXBzolxeGq6u/+y79eUX0/Xn23EEAwAAANioPk+vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDc9uH9rsl72Mu69P0TEQKP43dFbW/a+0R8Rhx8m0f3Y65KI6NqF+Gu3I+J4o/hJNa0YSLPYGD8TEYfaHP/ILsSHTnanOv6MNfr8ZeJUbdn489edlqd179Rm41+mPv7VxrlG49/RJmOcuPt6btP4tyNOdDcef+rxk6ccf//+t9XVzbZVXokYbPj/J3kiVq48v5grrayem52fmMnP5BdGRoYvjl4avTA6lJueLeTTnw1j/Odnb36zVf8PbxJ/YJv+n26y/1/fvXn/R1vEP/PLjfG/rL3/x7eIX/3b/yr9P1DdPlivr63XH3fytXdPbtX/qU36v937f6bJ/p+9+q8Pm9wVANgDpZXVuYlCIb+k8lxWeryDKltVrqYf9B2/vM0DEwAAsOsefelvdyYAAAAAAAAAAAAAAAAAAADQuVp+E7KDT95ZoLd9XQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2NK3AQAA///VO9QU")
lstat(&(0x7f0000000040)='./file1\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
chown(&(0x7f0000000000)='./file1\x00', r11, 0x0)

2.565939611s ago: executing program 0 (id=518):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
sendmsg$key(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r7}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r8}, &(0x7f0000000000), &(0x7f00000005c0)=r9}, 0x20)
pipe2$9p(&(0x7f0000001900)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00'}, 0x10)
r12 = dup(r11)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r12}, 0x2c, {[], [], 0x6b}})

2.517858232s ago: executing program 3 (id=520):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2689064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)

2.242282556s ago: executing program 1 (id=523):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file1/file0\x00', 0x34001, &(0x7f0000000c40)={[], [{@euid_gt}, {@uid_lt}, {@obj_type={'obj_type', 0x3d, 'trans=fd,'}}, {@smackfsroot={'smackfsroot', 0x3d, ',\v'}}]}, 0x3, 0x58a, &(0x7f0000001b40)="$eJzs3T1sG2UfAPD/neOmH3nf9JXeV3pBHSpAKlJVJ+kHFKZ2RVSq1AGJBSLHjao4cRUn0EQZ0r1CdECAupQNBkYQAwNiYWRlATEjVTQCqekARv5K09QJTohjyP1+0tnPc3f2/3nu/H/sO93JAWTW8fpDGvFURFxOIobXLRuI1sLjzfVWV5aKD1eWiknUald+TiKJiAcrS8X2+knr+UhELEfE/yPi63zEyXTtLQ+0C9WFxanxcrk026qPzE1fH6kuLJ66Nj0+WZoszZx58aVz58+eGzs9tr65D2vra/nt9fXWD7ffufXtK3dvf/LpseXie+NJXIih1rL1/dhNzW2Sjwsb5p/tRbA+SvrdAHYk18rzeir9L4Yj18r6TmrrB4fBPWke0EO1wYgakFGJ/IeMav8OqB//tqe9/P1x72LzAKQed7U1NZcMNM9NxMHGscnhX5LHjkzqx5tH97Kh7EvLNyNidGDgyc9/0vr87dzobjSQnvrqYnNHPbn/07XxJzqMP0Ptc6d/UXv8W31i/HsUP7fJ+He5yxi/vf7jh5vGvxnxdMf4yVr8pEP8NCLe7DL+nde+OL/ZstpHESeic/y2ZOvzwyNXr5VLo83HjjG+PHHs5a36f3iT+M1ztgcbXzOdtn/aZf8//+azZ5a3iP/8s1vv/07b/1BEvNtl/P88+PjVzZbdu5ncr/8K2O7+TyIfd7uM/8KF49+3is4aAgAAAAAAAADALkob17IlaWGtnKaFQvMe3v/G4bRcqc6dvFqZn5loXvN2NPJp+0qr4WY9qdfHWtfjtuunN9TP5FoBc4ca9UKxUp7oc98BAAAAAAAAAAAAAAAAAADg7+LIhvv/f8017v/f+HfVwH61+V9+A/ud/Ifsejz/k761A9h7vv8hs2ryH7JL/kN2yX/ILvkP2SX/IbvkP2SX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgJ64fOlSfao9XFkq1usTAwvzU5W3Tk2UqlOF6flioViZvV6YrFQmy6VCsTL9Z++XVCrXR2Nm/sbIXKk6N1JdWHxjujI/0/5P0VK+5z0CAAAAAAAAAAAAAAAAAACAf56hxpSkhYh8s56mhULEvyLiaBLJ1Wvl0mhE/DsivsvlB+v1sX43GgAAAAAAAAAAAAAAAAAAAPaZ6sLi1Hi5XJrtXWGgFaqHIbovDGxn5YhY3t1m1N9x26/KtzZgnzedQqYKfRyUAAAAAAAAAAAAAAAAAAAgox7d9NvtK37vbYMAAAAAAAAAAAAAAAAAAAAgk9KfkoioTyeGnxvauPRAspprPEfE23euvH9jfG5udqw+//7a/LkPWvNP96P9QLfaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEeqC4tT4+VyaXaHhcEu1ul3HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB24o8AAAD//+mR0Yo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14402, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))
unshare(0x42000000)
r3 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
fcntl$dupfd(r3, 0x0, r3)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000380)=""/210, &(0x7f0000000080)=0xd2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x700, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "01"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x60}, 0x1, 0x7}, 0x0)
pipe2(&(0x7f0000001cc0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x80c, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9d8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x82\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x3, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0xfffffffc}]}]}, 0xfc}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000140)={0x0, 0x0, 0x1d, 0x19, 0x36, &(0x7f0000000740)="108c96af025ad5870bf2e00e917ad2c2452dde9d81635e752724c69ba28314b9db52e5b0bb0fdfcf97cea015b860c30d175fea29d4c6db2a387f68c2ae2da737f747b6fd0ad7f6dc499c203ede7594369e6ef1e6dc89668620f3e00ecb99ab7e7b3fc15ac694a69a961c39886bb5a184879f971d2bbe3635c98f8bd5e32d5d90c41d261c5eeb9598b9b15ddb858d7bb4388692e6af05ffe50a72ce33f5471a1713923e5b31c4e1b50a3f9f66cd5c51ad526c30b184665dd6bd5358c5c37ee56cab0ef59e95ed8bbf42bbfa2b19b87aca2685b2b5bf467d38460ab2c688f25029e0e4cd45e478c9c2c57566a065e12e20d845a561bfa052a3de1d4c44e83d6089da927a51eb917a449281012b8b3b44e90411727e2cbf6a72caf393a7a45cb77788d7eb01f008de3b370a1c14f140e126b19aaa3f921fbed3dad4eb16c1b15f4d6b7fd7b2f8f77836498d882d42536535a767a3f8c78a609c8e650ac89eb647284e32f368bface74b9eda109fe774892bd01137abb8cc2e5947347756f7cddb193fb9ebb93c08371ffaf9e46578de6e9614d34da0e9009530cc596789353cc2c5e9f17027850a4c084b922b47e80b8d2b1f9bf470885d0589e00d3b3d2d9c63fcf44baac02e79cceb6a4f92fb5dc73f1bef24bbabcb049a3c549cad23f611623dbbe93b29e0dcf55da36b8ca7aeacb5d8be9b8a0aa4b78c2323b7c856d10cbc7d2f6f0dcdc02d41f494ad01fdfa6c0e2c5202765aad1ff4af509c72776686df3243e4e7d38d06440155f5f9669f999a9abca8e50e972363f15cc0e6501f6f3b00b928ddebbcbdcab19ad4d97d8bddec0824ce42ecb35d2f93cb57c1cc161e6776c13e17a5529d116c8e6f749b4371788d552dd074cb1d210e706476b323fc2e647eb6c2f2bb989cc627e7492fb6badbf3792ae3bf7f1833709e63bc9292201566ddcad15878dfdcdecced9745fec9736033dad74cb0ec916cfb2ba1f7e19389086be1f5ba042ff89ba51a96a7f2ce21ea9c8b68d57e64ae967bf6257629ba58033916401a97609c53eeb27732b172c69bc44ed0eb2fe0c1ffcf719f82eec8c4c86bfcf7bccf856d9662c21d95b222ba0fe9602192341e04ff48ec72c47bdfd8b93a48a10b4738df376b4bc78c30e05005b8f69aa71a0a3e8a0c07bb8159f0c27b7f89eec98660e52966c2614c314e9014465e899c8c0e61a8cfe718c2bbec66c69a9e202e7e2ea2c215cd834d085a076c8834bd4364bc0fdc60221619f8fbe80064412ec07da95959198c7967f30423dfff29f55412796c779a13fe0ae01608467250dcdcb6f84e7cfe2790ffe6f855bcce80c399e2d97b6b44d7b536fc46f1c193274297f9973830470bcb896c6bbf5a1aa38dae8633883fcf1c718d74cde761a48745a5deb683a9905f5b9e5498506cd787b62a1a2c9068ad553bac6f7337b0"})
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

2.177230807s ago: executing program 0 (id=524):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
memfd_secret(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000008c0)="46504e57459663c0511ff0df510ecdec393e6b329bb14b4d63dcc54d545ba49b0cb2941b9e5e3e", 0x27}, {0x0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r3}}], 0x20, 0x2400e044}, 0x0)

2.100467218s ago: executing program 0 (id=525):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000140), 0xfc, 0x560, &(0x7f00000008c0)="$eJzs3d9rW1UcAPDvTdut+6HtYAz1QQp7cDKXrq0/JvgwH0WHA33XkGRlNF1Gk461Dtwe3IsvMgQRB6Lvvvs4/Af8KwY6GDKKPuwlctObLluTNu3StVs+H7jtOffe9Jxv7v2enpubkAAG1kT6IxfxakR8l0SMtW0bjmzjxOp+Kw+uFdMliUbjs3+SSLJ1rf2T7PehrPJKRPzxTcTJ3Pp2a0vLc4VKpbyQ1Sfr85cna0vLpy7OF2bLs+VL0zMzZ96ZmX7/vXf7Fuub5//78dM7H5359vjKD7/dO3IribNxONvWHsdTuN5emYiJ7DkZibNP7DjVh8b2kmS3O8C2DGV5PhLpGDAWQ1nWd9QYe5ZdA3bY12laAwMqkf8woFrzgNa1fZ+ug58b9z9cvQBaH//w6msjMdq8Njq4kjx2ZZRe7473of20jd//vn0rXaJ/r0MAbOr6jYg4PTy8fvxLsvFv+073sM+TbRj/4Nm5k85/3uo0/8mtzX+iw/znUIfc3Y7N8z93rw/NdJXO/z7oOP9du2k1PpTVXmrO+UaSCxcr5XRsezkiTsTI/rS+wf2cL3MrdxvdNrbP/9Ilbb81F8z6cW94/+OPKRXqhacKus39GxGvdZz/JmvHP+lw/NPn43yPbRwr336927bN499ZjV8i3uh4/B/d0Uo2vj852TwfJltnxXr/3jz2Z7f2dzv+9Pgf3Dj+8aT9fm1t6238PPqw3G3bds//fcnnzfK+bN3VQr2+MBWxL/lk/frpR49t1Vv7p/GfOL7x+Nfp/D+QJnaP8d88erN919Gtxb+z0vhLWzr+Wy/c/firn7q139vxf7tZOpGt6WX867WDT/PcAQAAAAAAwF6Ti4jDkeTya+VcLp9ffX/H0TiYq1Rr9ZMXqouXStH8rOx4jORad7rH2t4PMZW9H7ZVn36iPhMRRyLi+6EDzXq+WK2Udjt4AAAAAAAAAAAAAAAAAAAA2CMORYx2+vx/6q+h3e4dsOM2+Mpv4AXXPf+zLf34pidgT/L/HwaX/IfBJf9hcMl/GFzyHwaX/IfBJf9hcG0l/389t4MdAQAAAAAAAAAAAAAAAAAAAAAAAAAAgBfD+XPn0qWx8uBaMa2XriwtzlWvnCqVa3P5+cVivlhduJyfrVZnK+V8sTq/2d+rVKuXp6Zj8epkvVyrT9aWlr+Yry5eethYVR55JlEBAAAAAAAAAAAAAAAAAADA86W2tDxXqFTKCwoK2yoM741uKPS5sNsjEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA88n8AAAD//75iP7A=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000001000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94)
socket(0x840000000002, 0x3, 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
syz_clone(0x630c1100, 0x0, 0x3ffff, 0x0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="000088a80301030001000010040001046116dc3adcd30d8078c761b7f8ba06ff0705524c826c99b9ffe34a9d8a6262180f2b1607683484ab98343953334427db33763a059eaf9f85ac3e34d0d247663f"], 0x41)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)

2.061842079s ago: executing program 1 (id=526):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
fchdir(r0)
r1 = socket(0x11, 0xa, 0x4)
r2 = gettid()
sched_setaffinity(r2, 0x0, &(0x7f0000000000)=0xaa8)
setpriority(0x1, r2, 0x2)
getpid()
getsockname$packet(r1, 0x0, &(0x7f00000000c0))

2.00001093s ago: executing program 1 (id=527):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400))
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x29, 0x8, 0x10, 0x0, 0x1, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x20, 0x40, 0xffff9978, 0x6}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x0, 0x7fe2, 0x1}, 0x1d)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
clock_getres(0x7, 0x0)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)

1.568133586s ago: executing program 1 (id=531):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x1f, &(0x7f0000000800)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, 0x1}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xc1, 0x0, 0x0, 0x0, 0x7e}, @map_fd={0x18, 0x8, 0x1, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @ringbuf_query, @map_val={0x18, 0x6, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000280)='syzkaller\x00', 0x3, 0xbc, &(0x7f0000000380)=""/188, 0x41000, 0x59, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x3, 0x5, 0x7f0958ec, 0xfffffffa}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000540)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000005c0)=[{0x5, 0x1, 0xa}], 0x10, 0x1}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r1=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)=r1, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000ffb703000000080000b70400000000000085000000a3f13c88ae1774155dd814261f1cab9da8a5476a88569dfa3bbdf8c8c303cf38781b823fed761622c501dd34dbceebb432842c80dfb1e8f57974bb8cd6f6caab379d6741be688e04494558b6ea5f951ca9debc3658841697e06c000000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x26, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
sendfile(r3, r3, 0x0, 0x800000009)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x26, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001811", @ANYRES32=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='bcache_write\x00', r3, 0x0, 0x7}, 0x18)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
dup(r5)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)

1.401220289s ago: executing program 3 (id=532):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="8c0000000001010400000000000000000a0000003c0001802c0001000000000000000000000000000000000014000400ff0100001900000000000000000000010c0002800500"], 0x8c}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r3=>0x0})
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a0000000200000001100000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES16=r3, @ANYRESOCT=0x0], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$can_bcm(r4, &(0x7f0000000200)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000d80)=ANY=[], 0x3, 0x7a6, &(0x7f00000016c0)="$eJzs3U1sHFcdAPD/GLtxXSmqCipRlKaTpEiJCO7uunWxeijb9diedr1r7a5RIoTaqnGqKO6HWlXQHCi5tIBAiBPH0mvVCzcQByQOwAmJHrhwQKrUEyoSSAiEkIxmP+K1468kdtKW38/qvrdv/vPmzXg6/52NZyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEhqs6VSOYl63lg+l26vNttqLu4wfdDfrzcUOyw3Iin+i/HxONJrOvKF9cn3Fy8n41jv3bEYL4rxuHLP/fc+/vnRkcH8OwzoZp3YY1wS8d1iUJefW11defUABnIb/eBXNzzLv9eK1/mskbeb+WJ1PkvzdjOdmZ4uPbww107n8nrWPt/uZItprZVVO81Werp2Ji3PzEyl2eT55nJjfrZazwaNj32lUipNp09NLmXVVrvZePipyXZtIa/X88Z8N6ZS+lYUMY8VO+LTeSftZNXFNL14aXVlarehFkHlDS2HNuw4xx6696PXP/zHpZVih9yuk6S/Y1bK5UqlPP3ozKOPlUqjlVJlY0Npk7gWESMRRcSB7LR8iuzfwRtu0Ug//0c98mjEcpyLNNIY6b6u/4zFeMxGK5qxWLz/09im6dfl/y89/Lc/7LTc4fw/yPJH1icfjW7+P957d3yb/F8clDeP4+B+Gu/3RjPc9lq8EVficjwXq7EaK/HqbRzPTf2M7G9/85FFI/JoRzPyWIxqtyXtt6QxE9MxHaV4JhZiLtqRxlzkUY8s2nE+2tGJrLtH1aIVWVSjE81oRRqnoxZnIo1yzMRMTEUaWUzG+WjGcjRiPmaj2u3lYlzqbvepTeO6/zvP/vKFP370TlG/FlTeYUWS4sNcEfT3HYL6yfzBuIn8P4iQ/z9rxvvHrL3G7+fhG27JWjf/j97pYQAAAAAHKOl++55ExFg80K3N5fXsG3d6WAAAAMA+6v5d87GiGCtqD0RSnP+Xtoj84LaPDQAAANgfSfcauyQiJuLBXm1wudRWXwIAAAAAn0Ldf/8/XhQTEW92G5z/AwAAwGfM97a7x/6Hd/Xv0dteOpR8rh+9dO6h5MVqUau+2G/rF1+/1mNn7mhyuN9Jt5gevXJPEhGjtexYMrj75X8P9cqPu69H129AuN29/pNWayy5uv0AYucBdN/FD+NEL+bEhV55YTClt5SJubyeTdaa9cfLSf/Lkc7rL136dkSx9O83Fg8ncfHS6srk8y+vXuiO5WrRy9UX+7eHT25gLGv9LRAPbL3GY90LMfrLnegttzS8/iO92Ud2XmYyvMy34mQv5uREr5zYuP7jxTLLk4+Xo1o9PNLJznVeXxta+/4oyre45m/FqV7MqdOnesUWo6hsGMVL14+iMjyKvW2LPY/inRNvnvvnb5tJNrXbKKZucRQAd8rF7l1/1rPQ3d0s9J+1niL/b8q7dw/mvJGj3MX1TxmD+Ydy3WjsT3Z/K073Yk73Pk+MHt0ir5S2OKK/cumV3/WP6I+899OfffP4739+89ntvTjTi+kXcd9vtsmxxTr/aFNWfbeY491tl9uuV5IY6z07YX3yygsrL1UqU9OlR0qlRysx1v2o0C/kHgC2sOszdvbwFJ5Htj6rjkHGu+/anxRMxvPxcqzGhTjbvdogIh7cuteJoT9DOLvLWevE0BNezu5ybrkeW9kce+hUEtvETg1tsS/+pFv86+B+JwBw0E7ukof3kv/P7nLevTGXn+k9OHdwdhzb5/KtfPWgNwgA/B/IWh8nE523k1YrX3qmPDNTrnYWsrTVrD2dtvLZ+SzNG52sVVuoNuazdKnV7DRrgy+OZ7N22l5eWmq2Oulcs5UuNdv5ue6T39P+o9/b2WK10clr7aV6Vm1naa3Z6FRrnXQ2b9fSpeUn63l7IWt1Z24vZbV8Lq9VO3mzkbaby61aNpmm7SwbCsxns0Ynn8uLaiNdauWL1dbViKgvL2bpbNautfKlTrPX4WBZeWOu2Vrsdjt5/er/9XZvbwD4JHjtjSuXn1tdXXl1Y2Ut2dyydeXPe4h5LWLtTq8mADBkOEsDAAAAAAAAAAAAAACfTNdfrle07npJ33BlLG4geFPlUNzMXJ/dypff7/1a9qPDW+nn7g2/07v6O8ud3z43XHn2iScubxfz5JtHFv6SRezez9b/p2x1qevbhyPu+sWPey1fu11r+kH01iJGb2j2tWSHmDt2SAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbf0vAAD//y4LUq8=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x10)

1.35592238s ago: executing program 4 (id=533):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_flowlabel\x00')
pread64(r0, &(0x7f0000000580)=""/150, 0x8f, 0x4c00)
r1 = syz_io_uring_setup(0x3aad, &(0x7f0000000140)={0x0, 0xe099, 0x8000, 0x6, 0x3e9, 0x0, r0}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
r4 = socket(0x11, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000010001fff2bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="c426f03ef0f18a1ee7"], 0x20}}, 0x24020003)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r4, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000280)={0x1, 0x8000}, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_clone(0x81000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x11, r8)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r8)
io_setup(0xe, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x110, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x8206}})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)

1.028206175s ago: executing program 3 (id=535):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
memfd_secret(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000008c0)="46504e57459663c0511ff0df510ecdec393e6b329bb14b4d63dcc54d545ba49b0cb2941b9e5e3e", 0x27}, {0x0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r3}}], 0x20, 0x2400e044}, 0x0)

1.000856645s ago: executing program 3 (id=536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x20, 0x19, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, 0x20}}, 0x8004)

980.425326ms ago: executing program 3 (id=537):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file1/file0\x00', 0x34001, &(0x7f0000000c40)={[], [{@euid_gt}, {@uid_lt}, {@obj_type={'obj_type', 0x3d, 'trans=fd,'}}, {@smackfsroot={'smackfsroot', 0x3d, ',\v'}}]}, 0x3, 0x58a, &(0x7f0000001b40)="$eJzs3T1sG2UfAPD/neOmH3nf9JXeV3pBHSpAKlJVJ+kHFKZ2RVSq1AGJBSLHjao4cRUn0EQZ0r1CdECAupQNBkYQAwNiYWRlATEjVTQCqekARv5K09QJTohjyP1+0tnPc3f2/3nu/H/sO93JAWTW8fpDGvFURFxOIobXLRuI1sLjzfVWV5aKD1eWiknUald+TiKJiAcrS8X2+knr+UhELEfE/yPi63zEyXTtLQ+0C9WFxanxcrk026qPzE1fH6kuLJ66Nj0+WZoszZx58aVz58+eGzs9tr65D2vra/nt9fXWD7ffufXtK3dvf/LpseXie+NJXIih1rL1/dhNzW2Sjwsb5p/tRbA+SvrdAHYk18rzeir9L4Yj18r6TmrrB4fBPWke0EO1wYgakFGJ/IeMav8OqB//tqe9/P1x72LzAKQed7U1NZcMNM9NxMHGscnhX5LHjkzqx5tH97Kh7EvLNyNidGDgyc9/0vr87dzobjSQnvrqYnNHPbn/07XxJzqMP0Ptc6d/UXv8W31i/HsUP7fJ+He5yxi/vf7jh5vGvxnxdMf4yVr8pEP8NCLe7DL+nde+OL/ZstpHESeic/y2ZOvzwyNXr5VLo83HjjG+PHHs5a36f3iT+M1ztgcbXzOdtn/aZf8//+azZ5a3iP/8s1vv/07b/1BEvNtl/P88+PjVzZbdu5ncr/8K2O7+TyIfd7uM/8KF49+3is4aAgAAAAAAAADALkob17IlaWGtnKaFQvMe3v/G4bRcqc6dvFqZn5loXvN2NPJp+0qr4WY9qdfHWtfjtuunN9TP5FoBc4ca9UKxUp7oc98BAAAAAAAAAAAAAAAAAADg7+LIhvv/f8017v/f+HfVwH61+V9+A/ud/Ifsejz/k761A9h7vv8hs2ryH7JL/kN2yX/ILvkP2SX/IbvkP2SX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgJ64fOlSfao9XFkq1usTAwvzU5W3Tk2UqlOF6flioViZvV6YrFQmy6VCsTL9Z++XVCrXR2Nm/sbIXKk6N1JdWHxjujI/0/5P0VK+5z0CAAAAAAAAAAAAAAAAAACAf56hxpSkhYh8s56mhULEvyLiaBLJ1Wvl0mhE/DsivsvlB+v1sX43GgAAAAAAAAAAAAAAAAAAAPaZ6sLi1Hi5XJrtXWGgFaqHIbovDGxn5YhY3t1m1N9x26/KtzZgnzedQqYKfRyUAAAAAAAAAAAAAAAAAAAgox7d9NvtK37vbYMAAAAAAAAAAAAAAAAAAAAgk9KfkoioTyeGnxvauPRAspprPEfE23euvH9jfG5udqw+//7a/LkPWvNP96P9QLfaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEeqC4tT4+VyaXaHhcEu1ul3HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB24o8AAAD//+mR0Yo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14402, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))
unshare(0x42000000)
r3 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
fcntl$dupfd(r3, 0x0, r3)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000380)=""/210, &(0x7f0000000080)=0xd2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x700, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "01"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x60}, 0x1, 0x7}, 0x0)
pipe2(&(0x7f0000001cc0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x80c, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9d8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x82\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x3, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0xfffffffc}]}]}, 0xfc}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000140)={0x0, 0x0, 0x1d, 0x19, 0x36, &(0x7f0000000740)="108c96af025ad5870bf2e00e917ad2c2452dde9d81635e752724c69ba28314b9db52e5b0bb0fdfcf97cea015b860c30d175fea29d4c6db2a387f68c2ae2da737f747b6fd0ad7f6dc499c203ede7594369e6ef1e6dc89668620f3e00ecb99ab7e7b3fc15ac694a69a961c39886bb5a184879f971d2bbe3635c98f8bd5e32d5d90c41d261c5eeb9598b9b15ddb858d7bb4388692e6af05ffe50a72ce33f5471a1713923e5b31c4e1b50a3f9f66cd5c51ad526c30b184665dd6bd5358c5c37ee56cab0ef59e95ed8bbf42bbfa2b19b87aca2685b2b5bf467d38460ab2c688f25029e0e4cd45e478c9c2c57566a065e12e20d845a561bfa052a3de1d4c44e83d6089da927a51eb917a449281012b8b3b44e90411727e2cbf6a72caf393a7a45cb77788d7eb01f008de3b370a1c14f140e126b19aaa3f921fbed3dad4eb16c1b15f4d6b7fd7b2f8f77836498d882d42536535a767a3f8c78a609c8e650ac89eb647284e32f368bface74b9eda109fe774892bd01137abb8cc2e5947347756f7cddb193fb9ebb93c08371ffaf9e46578de6e9614d34da0e9009530cc596789353cc2c5e9f17027850a4c084b922b47e80b8d2b1f9bf470885d0589e00d3b3d2d9c63fcf44baac02e79cceb6a4f92fb5dc73f1bef24bbabcb049a3c549cad23f611623dbbe93b29e0dcf55da36b8ca7aeacb5d8be9b8a0aa4b78c2323b7c856d10cbc7d2f6f0dcdc02d41f494ad01fdfa6c0e2c5202765aad1ff4af509c72776686df3243e4e7d38d06440155f5f9669f999a9abca8e50e972363f15cc0e6501f6f3b00b928ddebbcbdcab19ad4d97d8bddec0824ce42ecb35d2f93cb57c1cc161e6776c13e17a5529d116c8e6f749b4371788d552dd074cb1d210e706476b323fc2e647eb6c2f2bb989cc627e7492fb6badbf3792ae3bf7f1833709e63bc9292201566ddcad15878dfdcdecced9745fec9736033dad74cb0ec916cfb2ba1f7e19389086be1f5ba042ff89ba51a96a7f2ce21ea9c8b68d57e64ae967bf6257629ba58033916401a97609c53eeb27732b172c69bc44ed0eb2fe0c1ffcf719f82eec8c4c86bfcf7bccf856d9662c21d95b222ba0fe9602192341e04ff48ec72c47bdfd8b93a48a10b4738df376b4bc78c30e05005b8f69aa71a0a3e8a0c07bb8159f0c27b7f89eec98660e52966c2614c314e9014465e899c8c0e61a8cfe718c2bbec66c69a9e202e7e2ea2c215cd834d085a076c8834bd4364bc0fdc60221619f8fbe80064412ec07da95959198c7967f30423dfff29f55412796c779a13fe0ae01608467250dcdcb6f84e7cfe2790ffe6f855bcce80c399e2d97b6b44d7b536fc46f1c193274297f9973830470bcb896c6bbf5a1aa38dae8633883fcf1c718d74cde761a48745a5deb683a9905f5b9e5498506cd787b62a1a2c9068ad553bac6f7337b0"})
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

976.352845ms ago: executing program 2 (id=538):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x6, 0xcf, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbd, 0x2, 0x1, 0x11, 0x20, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, 'H'}, {0x5, 0x24, 0x0, 0xdf}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0x3, 0x5}, {0x6, 0x24, 0x1a, 0x401, 0x14}, [@mdlm_detail={0x54, 0x24, 0x13, 0xee, "518feaf0692c135da9476dc0a5eef1567e69a81e949fcd31f4f7d3c3b4a03d43334ecee80f3f7f40ef9a41d4cc2b43f7aa3d305c6fc23775f803abf2a9fa26b1f5b65555ccd23da8bb42fee32af87080"}, @mbim={0xc, 0x24, 0x1b, 0x401, 0x3, 0x5, 0x7, 0x1, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xf1, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x26, 0x0, 0x7}}}}}}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x41015500, &(0x7f0000000500)=0x3f)

810.339548ms ago: executing program 3 (id=539):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)

732.526349ms ago: executing program 0 (id=540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
mount$9p_fd(0x1000000000, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=f'])

656.16613ms ago: executing program 1 (id=541):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1e)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18000200ed0000000000000000000400184000002396e829430fd99bba2b56b2f517c2c7b9fcccebf4c75ca516cd7f5d295790c6778c56929c61d1d052ed1a3da6841bd2496bf9af32a07714b13ed6242bb8be6abd469826d8092a9253d3f2d53d3c1eedba18d425baa9fee21ca2ce83", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r3, 0x0, 0x3}, 0x18)
futex(0x0, 0x8c, 0x1, 0x0, 0x0, 0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff)
r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r6 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r6, r5, r5, 0x0)
keyctl$KEYCTL_MOVE(0x4, r4, r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x18)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c)
r8 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
writev(r8, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

655.806721ms ago: executing program 0 (id=542):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r0 = memfd_secret(0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendto$inet6(r1, &(0x7f00000005c0)="f5", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
write$P9_RATTACH(r3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0)
close(0xffffffffffffffff)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r5=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000008c0)="46504e57459663c0511ff0df510ecdec393e6b329bb14b4d63dcc54d545ba49b0cb2941b9e5e3e", 0x27}, {0x0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r5}}], 0x20, 0x2400e044}, 0x0)

649.44597ms ago: executing program 1 (id=543):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file1/file0\x00', 0x34001, &(0x7f0000000c40)={[], [{@euid_gt}, {@uid_lt}, {@obj_type={'obj_type', 0x3d, 'trans=fd,'}}, {@smackfsroot={'smackfsroot', 0x3d, ',\v'}}]}, 0x3, 0x58a, &(0x7f0000001b40)="$eJzs3T1sG2UfAPD/neOmH3nf9JXeV3pBHSpAKlJVJ+kHFKZ2RVSq1AGJBSLHjao4cRUn0EQZ0r1CdECAupQNBkYQAwNiYWRlATEjVTQCqekARv5K09QJTohjyP1+0tnPc3f2/3nu/H/sO93JAWTW8fpDGvFURFxOIobXLRuI1sLjzfVWV5aKD1eWiknUald+TiKJiAcrS8X2+knr+UhELEfE/yPi63zEyXTtLQ+0C9WFxanxcrk026qPzE1fH6kuLJ66Nj0+WZoszZx58aVz58+eGzs9tr65D2vra/nt9fXWD7ffufXtK3dvf/LpseXie+NJXIih1rL1/dhNzW2Sjwsb5p/tRbA+SvrdAHYk18rzeir9L4Yj18r6TmrrB4fBPWke0EO1wYgakFGJ/IeMav8OqB//tqe9/P1x72LzAKQed7U1NZcMNM9NxMHGscnhX5LHjkzqx5tH97Kh7EvLNyNidGDgyc9/0vr87dzobjSQnvrqYnNHPbn/07XxJzqMP0Ptc6d/UXv8W31i/HsUP7fJ+He5yxi/vf7jh5vGvxnxdMf4yVr8pEP8NCLe7DL+nde+OL/ZstpHESeic/y2ZOvzwyNXr5VLo83HjjG+PHHs5a36f3iT+M1ztgcbXzOdtn/aZf8//+azZ5a3iP/8s1vv/07b/1BEvNtl/P88+PjVzZbdu5ncr/8K2O7+TyIfd7uM/8KF49+3is4aAgAAAAAAAADALkob17IlaWGtnKaFQvMe3v/G4bRcqc6dvFqZn5loXvN2NPJp+0qr4WY9qdfHWtfjtuunN9TP5FoBc4ca9UKxUp7oc98BAAAAAAAAAAAAAAAAAADg7+LIhvv/f8017v/f+HfVwH61+V9+A/ud/Ifsejz/k761A9h7vv8hs2ryH7JL/kN2yX/ILvkP2SX/IbvkP2SX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgJ64fOlSfao9XFkq1usTAwvzU5W3Tk2UqlOF6flioViZvV6YrFQmy6VCsTL9Z++XVCrXR2Nm/sbIXKk6N1JdWHxjujI/0/5P0VK+5z0CAAAAAAAAAAAAAAAAAACAf56hxpSkhYh8s56mhULEvyLiaBLJ1Wvl0mhE/DsivsvlB+v1sX43GgAAAAAAAAAAAAAAAAAAAPaZ6sLi1Hi5XJrtXWGgFaqHIbovDGxn5YhY3t1m1N9x26/KtzZgnzedQqYKfRyUAAAAAAAAAAAAAAAAAAAgox7d9NvtK37vbYMAAAAAAAAAAAAAAAAAAAAgk9KfkoioTyeGnxvauPRAspprPEfE23euvH9jfG5udqw+//7a/LkPWvNP96P9QLfaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEeqC4tT4+VyaXaHhcEu1ul3HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB24o8AAAD//+mR0Yo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14402, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000006d8019d40f4ea39eff4b32161fae5a940fe27533d3204f0b000a6f4fdbe8", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x42000000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x700, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "01"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x60}, 0x1, 0x7}, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000bc0)={{0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, {0xa, 0x4e24, 0xc, @private1, 0x7030236f}, 0x0, {[0x5f, 0x5, 0x7fffffff, 0x101, 0x7fff, 0x6, 0x3, 0x5]}}, 0xfffffffffffffec9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x80c, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9d8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x82\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x3, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0xfffffffc}]}]}, 0xfc}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local, 0x32, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000140)={0x0, 0x0, 0x1d, 0x19, 0x36, &(0x7f0000000740)="108c96af025ad5870bf2e00e917ad2c2452dde9d81635e752724c69ba28314b9db52e5b0bb0fdfcf97cea015b860c30d175fea29d4c6db2a387f68c2ae2da737f747b6fd0ad7f6dc499c203ede7594369e6ef1e6dc89668620f3e00ecb99ab7e7b3fc15ac694a69a961c39886bb5a184879f971d2bbe3635c98f8bd5e32d5d90c41d261c5eeb9598b9b15ddb858d7bb4388692e6af05ffe50a72ce33f5471a1713923e5b31c4e1b50a3f9f66cd5c51ad526c30b184665dd6bd5358c5c37ee56cab0ef59e95ed8bbf42bbfa2b19b87aca2685b2b5bf467d38460ab2c688f25029e0e4cd45e478c9c2c57566a065e12e20d845a561bfa052a3de1d4c44e83d6089da927a51eb917a449281012b8b3b44e90411727e2cbf6a72caf393a7a45cb77788d7eb01f008de3b370a1c14f140e126b19aaa3f921fbed3dad4eb16c1b15f4d6b7fd7b2f8f77836498d882d42536535a767a3f8c78a609c8e650ac89eb647284e32f368bface74b9eda109fe774892bd01137abb8cc2e5947347756f7cddb193fb9ebb93c08371ffaf9e46578de6e9614d34da0e9009530cc596789353cc2c5e9f17027850a4c084b922b47e80b8d2b1f9bf470885d0589e00d3b3d2d9c63fcf44baac02e79cceb6a4f92fb5dc73f1bef24bbabcb049a3c549cad23f611623dbbe93b29e0dcf55da36b8ca7aeacb5d8be9b8a0aa4b78c2323b7c856d10cbc7d2f6f0dcdc02d41f494ad01fdfa6c0e2c5202765aad1ff4af509c72776686df3243e4e7d38d06440155f5f9669f999a9abca8e50e972363f15cc0e6501f6f3b00b928ddebbcbdcab19ad4d97d8bddec0824ce42ecb35d2f93cb57c1cc161e6776c13e17a5529d116c8e6f749b4371788d552dd074cb1d210e706476b323fc2e647eb6c2f2bb989cc627e7492fb6badbf3792ae3bf7f1833709e63bc9292201566ddcad15878dfdcdecced9745fec9736033dad74cb0ec916cfb2ba1f7e19389086be1f5ba042ff89ba51a96a7f2ce21ea9c8b68d57e64ae967bf6257629ba58033916401a97609c53eeb27732b172c69bc44ed0eb2fe0c1ffcf719f82eec8c4c86bfcf7bccf856d9662c21d95b222ba0fe9602192341e04ff48ec72c47bdfd8b93a48a10b4738df376b4bc78c30e05005b8f69aa71a0a3e8a0c07bb8159f0c27b7f89eec98660e52966c2614c314e9014465e899c8c0e61a8cfe718c2bbec66c69a9e202e7e2ea2c215cd834d085a076c8834bd4364bc0fdc60221619f8fbe80064412ec07da95959198c7967f30423dfff29f55412796c779a13fe0ae01608467250dcdcb6f84e7cfe2790ffe6f855bcce80c399e2d97b6b44d7b536fc46f1c193274297f9973830470bcb896c6bbf5a1aa38dae8633883fcf1c718d74cde761a48745a5deb683a9905f5b9e5498506cd787b62a1a2c9068ad553bac6f7337b0"})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

292.981076ms ago: executing program 4 (id=544):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"})
r2 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x1)
fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f00000037c0)='posixacl\x00', 0x0, 0x0)
r3 = syz_open_pts(r1, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)=0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000003580), 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r5}, 0x10)
read(r3, 0x0, 0x2006)
close_range(r0, 0xffffffffffffffff, 0x0)

215.910717ms ago: executing program 2 (id=545):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="8c0000000001010400000000000000000a0000003c0001802c0001000000000000000000000000000000000014000400ff0100001900000000000000000000010c0002800500"], 0x8c}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r3=>0x0})
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a0000000200000001100000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES16=r3, @ANYRESOCT=0x0], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$can_bcm(r4, &(0x7f0000000200)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000d80)=ANY=[], 0x3, 0x7a6, &(0x7f00000016c0)="$eJzs3U1sHFcdAPD/GLtxXSmqCipRlKaTpEiJCO7uunWxeijb9diedr1r7a5RIoTaqnGqKO6HWlXQHCi5tIBAiBPH0mvVCzcQByQOwAmJHrhwQKrUEyoSSAiEkIxmP+K1468kdtKW38/qvrdv/vPmzXg6/52NZyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEhqs6VSOYl63lg+l26vNttqLu4wfdDfrzcUOyw3Iin+i/HxONJrOvKF9cn3Fy8n41jv3bEYL4rxuHLP/fc+/vnRkcH8OwzoZp3YY1wS8d1iUJefW11defUABnIb/eBXNzzLv9eK1/mskbeb+WJ1PkvzdjOdmZ4uPbww107n8nrWPt/uZItprZVVO81Werp2Ji3PzEyl2eT55nJjfrZazwaNj32lUipNp09NLmXVVrvZePipyXZtIa/X88Z8N6ZS+lYUMY8VO+LTeSftZNXFNL14aXVlarehFkHlDS2HNuw4xx6696PXP/zHpZVih9yuk6S/Y1bK5UqlPP3ozKOPlUqjlVJlY0Npk7gWESMRRcSB7LR8iuzfwRtu0Ug//0c98mjEcpyLNNIY6b6u/4zFeMxGK5qxWLz/09im6dfl/y89/Lc/7LTc4fw/yPJH1icfjW7+P957d3yb/F8clDeP4+B+Gu/3RjPc9lq8EVficjwXq7EaK/HqbRzPTf2M7G9/85FFI/JoRzPyWIxqtyXtt6QxE9MxHaV4JhZiLtqRxlzkUY8s2nE+2tGJrLtH1aIVWVSjE81oRRqnoxZnIo1yzMRMTEUaWUzG+WjGcjRiPmaj2u3lYlzqbvepTeO6/zvP/vKFP370TlG/FlTeYUWS4sNcEfT3HYL6yfzBuIn8P4iQ/z9rxvvHrL3G7+fhG27JWjf/j97pYQAAAAAHKOl++55ExFg80K3N5fXsG3d6WAAAAMA+6v5d87GiGCtqD0RSnP+Xtoj84LaPDQAAANgfSfcauyQiJuLBXm1wudRWXwIAAAAAn0Ldf/8/XhQTEW92G5z/AwAAwGfM97a7x/6Hd/Xv0dteOpR8rh+9dO6h5MVqUau+2G/rF1+/1mNn7mhyuN9Jt5gevXJPEhGjtexYMrj75X8P9cqPu69H129AuN29/pNWayy5uv0AYucBdN/FD+NEL+bEhV55YTClt5SJubyeTdaa9cfLSf/Lkc7rL136dkSx9O83Fg8ncfHS6srk8y+vXuiO5WrRy9UX+7eHT25gLGv9LRAPbL3GY90LMfrLnegttzS8/iO92Ud2XmYyvMy34mQv5uREr5zYuP7jxTLLk4+Xo1o9PNLJznVeXxta+/4oyre45m/FqV7MqdOnesUWo6hsGMVL14+iMjyKvW2LPY/inRNvnvvnb5tJNrXbKKZucRQAd8rF7l1/1rPQ3d0s9J+1niL/b8q7dw/mvJGj3MX1TxmD+Ydy3WjsT3Z/K073Yk73Pk+MHt0ir5S2OKK/cumV3/WP6I+899OfffP4739+89ntvTjTi+kXcd9vtsmxxTr/aFNWfbeY491tl9uuV5IY6z07YX3yygsrL1UqU9OlR0qlRysx1v2o0C/kHgC2sOszdvbwFJ5Htj6rjkHGu+/anxRMxvPxcqzGhTjbvdogIh7cuteJoT9DOLvLWevE0BNezu5ybrkeW9kce+hUEtvETg1tsS/+pFv86+B+JwBw0E7ukof3kv/P7nLevTGXn+k9OHdwdhzb5/KtfPWgNwgA/B/IWh8nE523k1YrX3qmPDNTrnYWsrTVrD2dtvLZ+SzNG52sVVuoNuazdKnV7DRrgy+OZ7N22l5eWmq2Oulcs5UuNdv5ue6T39P+o9/b2WK10clr7aV6Vm1naa3Z6FRrnXQ2b9fSpeUn63l7IWt1Z24vZbV8Lq9VO3mzkbaby61aNpmm7SwbCsxns0Ynn8uLaiNdauWL1dbViKgvL2bpbNautfKlTrPX4WBZeWOu2Vrsdjt5/er/9XZvbwD4JHjtjSuXn1tdXXl1Y2Ut2dyydeXPe4h5LWLtTq8mADBkOEsDAAAAAAAAAAAAAACfTNdfrle07npJ33BlLG4geFPlUNzMXJ/dypff7/1a9qPDW+nn7g2/07v6O8ud3z43XHn2iScubxfz5JtHFv6SRezez9b/p2x1qevbhyPu+sWPey1fu11r+kH01iJGb2j2tWSHmDt2SAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbf0vAAD//y4LUq8=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x10)

213.063997ms ago: executing program 4 (id=546):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000005000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES32=r2], 0x50)
close(r4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
inotify_rm_watch(0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
r6 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x2}, 0x18)
ioctl$SG_IO(r6, 0x2285, 0x0)
writev(r6, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)
r8 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r8, r8)

162.242008ms ago: executing program 2 (id=547):
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380), 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb}, 0x14}}, 0x48880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
creat(&(0x7f0000000180)='./file0\x00', 0x148)
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0xa1c406, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRESDEC], 0x1, 0x2a2, &(0x7f0000001140)="$eJzs3M9r02AYwPGn6dZ0k/04CXrxQS96CbMe1UOVDcSC0q2iHoSMZVpa25EUbUUwZ0/7O4ZHb4L4D+y/8DYE2WknI22zNOu633Wt3fcDI++b5323J3nJeNKSbD1ff1ta9axVuyZGWsUQ8WVHZFaKsisRblOtdiraL/cz4sutuXfbnxdfvHyczeXm86oL2aU7GVWdvvb9/ccv13/ULj37Om2asjn7aut35ufm5c0rW3+W3hQ9LaakUq2prcvVas1eLju6UvRKlurTsmN7jhYrnuPuia+Wq2trDbUrK1OTa67jeWpXGmpIQ2tVTYdZVdSyLJ2abLbTcoGkTjyjsJHP29lOfz7Z34wwDFw3azcXdmLf1VDYGExGAABgkA6u/41ozG79b3TX/yJH1P+fwlHT33rW/56evv5PSlT/l5xW/V9zG2q/tovx+h+H6q7/j8f4N8ngLBJ+rPNgT8h1sxO9J1H/AwAAAAAAAAAAAAAAAAAAAADwP9gJgpkgCGaaW0NEgrBvikgy1u8x9UI9Wz+q4usfxH7McIEPWX+MgNiDe2mRX369UC8kWtt2fOFRbn5OW2IP/m3X64VkFL/djuve+LhMhvFMz3hKbt5ox5uxh09y8fh6vTAhK4dm7vfrFAAAAAAAMPIsjcxGO9MS3d9blprSHW/dv7dbfufzAe28GqgZH5OrY+d5JAAAAAAA4CBe40PJLpcd93wayXP8W6duiJxu+t3A7EsaSRE5Ykx+UWTwJ2pfw5ShSGOUG/f69guDhEh7z3j4z6DrKgAAAAAwWjr3Ayefy9f7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0x5neImYcb/CgjxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFn8DAAD//8DvvIM=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24004859)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x79af, 0x8, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000640))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r4, 0x5421, &(0x7f0000000100)=0x100000001)
syz_open_dev$evdev(0x0, 0x2, 0x822b01)
r5 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self/attr/exec\x00', 0x2, 0x0)
write$selinux_attr(r5, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
close(r4)

136.825388ms ago: executing program 4 (id=548):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x14, 0x19, 0xa, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x8004)

116.619409ms ago: executing program 2 (id=549):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
chmod(&(0x7f0000000000)='./file0\x00', 0x121)

109.530139ms ago: executing program 4 (id=550):
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)

87.861349ms ago: executing program 2 (id=551):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000028002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r4, @ANYRESDEC=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000020a01"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @netfilter}, 0x94)
r6 = socket(0x15, 0x5, 0x0)
connect$unix(r6, &(0x7f0000000080)=@abs={0xa}, 0x6e)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
close(r9)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0xfdef)
ioctl$EXT4_IOC_GETSTATE(r8, 0x40046629, &(0x7f0000000280))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f0000000080)={[{@bh}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@grpjquota}, {@norecovery}, {@dioread_lock}]}, 0x3, 0x4d1, &(0x7f0000000b80)="$eJzs3dFrW9cZAPDvynbiJM7sbHvIwpaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYGxraZ/61JdCn0uh5E9oC4H2vZTSEtokfWihrYrkqyZxZVsmlpVYvx8c33PuvfL3HQsd69x7uTeAjnUqIsYioisizkZEf7o+k5ZYWy/V/R7cvzVZLUlUKtc+TSJJ19V/V5Iuj6Qv642Iv/454h/J9+OWVlbnJgqF/FLazpXnF3OlldVzs/MTM/mZ/MLYyPDF0UujF0aHdq2vl//40f///eqfLr/1mxsfjH9y5p/VtPrSbY/3oxlrTe633vWe2t+irjsilnYS7BnWlfanp92JAADQlOp3/B9GxC8i4uFL7c4GAAAAaIXK7/viqySiAgAAAOxbmdo1sEkmm14L0BeZTDa7fg3vj+NwplAslX89XVxemFq/VnYgejLTs4X8UHqt8ED0JNX2cK3+qH1+Q3skIo5FxH/7D9Xa2cliYardBz8AAACgQxzZMP//vH99/g8AAADsMwPtTgAAAABoOfN/AAAA2P82nf8n3XubCAAAANAKf7lypVoq9edfT11fWZ4rXj83lS/NZeeXJ7OTxaXF7EyxOFO7Z9/8dr+vUCwu/jYWlm/myvlSOVdaWR2fLy4vlMdrz/Uez3tONAAAAOy9Yz+/834SEWu/O1QrVQfSbU3M1cdamx3QSpmd7Z60Kg9g73W1OwGgbba5wPedn+5VIsCecz4e2GZi/78N7R0eNgAAAJ4Fgz95qvP/zgfCc8xEHjqX8//QudzgCzqX8//Q4Q5uv0vvZhve3uVcAACAlumrlSSTTc8F9kUmk81GHK09FqAnmZ4t5Ici4gcR8V5/z8Fqe7jdSQMAAAAAAAAAAAAAAAAAAAAAAADAc6ZSSaICAAAA7GsRmY+T9EH+g/2n+zYeHziQfNFfW0bEjZevvXBzolxeGq6u/+y79eUX0/Xn23EEAwAAANioPk+vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDc9uH9rsl72Mu69P0TEQKP43dFbW/a+0R8Rhx8m0f3Y65KI6NqF+Gu3I+J4o/hJNa0YSLPYGD8TEYfaHP/ILsSHTnanOv6MNfr8ZeJUbdn489edlqd179Rm41+mPv7VxrlG49/RJmOcuPt6btP4tyNOdDcef+rxk6ccf//+t9XVzbZVXokYbPj/J3kiVq48v5grrayem52fmMnP5BdGRoYvjl4avTA6lJueLeTTnw1j/Odnb36zVf8PbxJ/YJv+n26y/1/fvXn/R1vEP/PLjfG/rL3/x7eIX/3b/yr9P1DdPlivr63XH3fytXdPbtX/qU36v937f6bJ/p+9+q8Pm9wVANgDpZXVuYlCIb+k8lxWeryDKltVrqYf9B2/vM0DEwAAsOsefelvdyYAAAAAAAAAAAAAAAAAAADQuVp+E7KDT95ZoLd9XQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2NK3AQAA///VO9QU")
lstat(&(0x7f0000000040)='./file1\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
chown(&(0x7f0000000000)='./file1\x00', r10, 0x0)

36.21455ms ago: executing program 4 (id=552):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file0\x00', 0x0, &(0x7f0000002480)=ANY=[], 0xfe, 0x1222, &(0x7f00000024c0)="$eJzs3E9rXFUYB+DXSdrUxPxRa7UF6cFudHNJsnCjIEFSkA4obSO0gnBrbnTIdSbMHQIjYnTl1o0fwK24dCeIO91k42dwl41LF+qVzrTaaUeDFjtpeJ7NvMw5P+a9M8OBM8y5By9/9v72VpVt5b1oPPJKNHYipn9LkaIRt30cL7z0/Q/PXrl2/dJas7l+OaWLa1dXXkwpLZz/9q0Pv3ruu97cm18vfDMT+0tvH/y8+tP+mf2zB79ffa9VpVaV2p1eytONTqeX3yiLtNmqtrOU3iiLvCpSq10V3ZHxrbKzs9NPeXtzfnanW1RVytv9tF30U6+Tet1+yt/NW+2UZVmanw3ux8aXv9R1HVHXJ+Jk1HVdPxqz0YjHYj4WYjGW4vF4Ip6M0/FUnImn45k4O5g16b4BAAAAAAAAAAAAAAAAAADgeBl3/n/unvP/n0eMO/9/fsLNAwAAAAAAAAAAAAAAAAAAwDFx5dr1S2vN5vrllE5FlJ/ubuxuDB+H42tb0YoyiliOxfg1Bqf/h4b1yWiuL6eBpfik3LuV39vdmBrNrwxuJ3BP/uJrzfWVYT6N5mdi9s78aizG6fH51bvyFwb5U/H8hTvyWSzGj+9EJ8rYjJvZv/IfraT06uvNu17/3GAeAAAAHAdZ+tPY/XuW/d34MH/Y7wM399fLY/f303FuerLXTkTV/2A7L8uiO/HidkfDZ/Yi4og09p+LRkQcgTb+oThx6Jy5CTT2xVzEfcSnRr5IR+J9fhiLw1aOqf91XeLBuPWhz0y6DwAAAAAAAAAAAP6dB/F3wklfIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAH+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvgoAAP//SPnJBA==")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc)
r0 = syz_clone(0x308000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x8, r0)
wait4(r0, 0x0, 0x80000000, 0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000180)='net/raw6\x00')
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000440)={0x0, 0x1328000, 0x800}, 0x20)
syz_clone(0x0, 0x0, 0x24, 0x0, 0x0, 0x0)
pread64(r1, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

0s ago: executing program 2 (id=553):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000028002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r4, @ANYRESDEC=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000020a01"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @netfilter}, 0x94)
r6 = socket(0x15, 0x5, 0x0)
connect$unix(r6, &(0x7f0000000080)=@abs={0xa}, 0x6e)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
close(r10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0xfdef)
ioctl$EXT4_IOC_GETSTATE(r9, 0x40046629, &(0x7f0000000280))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f0000000080)={[{@bh}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@grpjquota}, {@norecovery}, {@dioread_lock}]}, 0x3, 0x4d1, &(0x7f0000000b80)="$eJzs3dFrW9cZAPDvynbiJM7sbHvIwpaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYGxraZ/61JdCn0uh5E9oC4H2vZTSEtokfWihrYrkqyZxZVsmlpVYvx8c33PuvfL3HQsd69x7uTeAjnUqIsYioisizkZEf7o+k5ZYWy/V/R7cvzVZLUlUKtc+TSJJ19V/V5Iuj6Qv642Iv/454h/J9+OWVlbnJgqF/FLazpXnF3OlldVzs/MTM/mZ/MLYyPDF0UujF0aHdq2vl//40f///eqfLr/1mxsfjH9y5p/VtPrSbY/3oxlrTe633vWe2t+irjsilnYS7BnWlfanp92JAADQlOp3/B9GxC8i4uFL7c4GAAAAaIXK7/viqySiAgAAAOxbmdo1sEkmm14L0BeZTDa7fg3vj+NwplAslX89XVxemFq/VnYgejLTs4X8UHqt8ED0JNX2cK3+qH1+Q3skIo5FxH/7D9Xa2cliYardBz8AAACgQxzZMP//vH99/g8AAADsMwPtTgAAAABoOfN/AAAA2P82nf8n3XubCAAAANAKf7lypVoq9edfT11fWZ4rXj83lS/NZeeXJ7OTxaXF7EyxOFO7Z9/8dr+vUCwu/jYWlm/myvlSOVdaWR2fLy4vlMdrz/Uez3tONAAAAOy9Yz+/834SEWu/O1QrVQfSbU3M1cdamx3QSpmd7Z60Kg9g73W1OwGgbba5wPedn+5VIsCecz4e2GZi/78N7R0eNgAAAJ4Fgz95qvP/zgfCc8xEHjqX8//QudzgCzqX8//Q4Q5uv0vvZhve3uVcAACAlumrlSSTTc8F9kUmk81GHK09FqAnmZ4t5Ici4gcR8V5/z8Fqe7jdSQMAAAAAAAAAAAAAAAAAAAAAAADAc6ZSSaICAAAA7GsRmY+T9EH+g/2n+zYeHziQfNFfW0bEjZevvXBzolxeGq6u/+y79eUX0/Xn23EEAwAAANioPk+vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDc9uH9rsl72Mu69P0TEQKP43dFbW/a+0R8Rhx8m0f3Y65KI6NqF+Gu3I+J4o/hJNa0YSLPYGD8TEYfaHP/ILsSHTnanOv6MNfr8ZeJUbdn489edlqd179Rm41+mPv7VxrlG49/RJmOcuPt6btP4tyNOdDcef+rxk6ccf//+t9XVzbZVXokYbPj/J3kiVq48v5grrayem52fmMnP5BdGRoYvjl4avTA6lJueLeTTnw1j/Odnb36zVf8PbxJ/YJv+n26y/1/fvXn/R1vEP/PLjfG/rL3/x7eIX/3b/yr9P1DdPlivr63XH3fytXdPbtX/qU36v937f6bJ/p+9+q8Pm9wVANgDpZXVuYlCIb+k8lxWeryDKltVrqYf9B2/vM0DEwAAsOsefelvdyYAAAAAAAAAAAAAAAAAAADQuVp+E7KDT95ZoLd9XQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2NK3AQAA///VO9QU")
lstat(&(0x7f0000000040)='./file1\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
chown(&(0x7f0000000000)='./file1\x00', r11, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts.
[   22.365295][   T29] audit: type=1400 audit(1751082577.951:62): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.366154][ T3292] cgroup: Unknown subsys name 'net'
[   22.388139][   T29] audit: type=1400 audit(1751082577.951:63): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.415475][   T29] audit: type=1400 audit(1751082577.981:64): avc:  denied  { unmount } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.571311][ T3292] cgroup: Unknown subsys name 'cpuset'
[   22.577369][ T3292] cgroup: Unknown subsys name 'rlimit'
[   22.667263][   T29] audit: type=1400 audit(1751082578.251:65): avc:  denied  { setattr } for  pid=3292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.694812][   T29] audit: type=1400 audit(1751082578.251:66): avc:  denied  { create } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.715380][   T29] audit: type=1400 audit(1751082578.251:67): avc:  denied  { write } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.716534][ T3295] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   22.735877][   T29] audit: type=1400 audit(1751082578.251:68): avc:  denied  { read } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.764766][   T29] audit: type=1400 audit(1751082578.261:69): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   22.768781][ T3292] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.789533][   T29] audit: type=1400 audit(1751082578.261:70): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.823279][   T29] audit: type=1400 audit(1751082578.331:71): avc:  denied  { relabelto } for  pid=3295 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.846702][ T3304] chnl_net:caif_netlink_parms(): no params data found
[   23.940604][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.947768][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.954999][ T3304] bridge_slave_0: entered allmulticast mode
[   23.961322][ T3304] bridge_slave_0: entered promiscuous mode
[   23.969497][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.976616][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.983869][ T3304] bridge_slave_1: entered allmulticast mode
[   23.990264][ T3304] bridge_slave_1: entered promiscuous mode
[   24.010006][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.021408][ T3305] chnl_net:caif_netlink_parms(): no params data found
[   24.035311][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.085918][ T3304] team0: Port device team_slave_0 added
[   24.100542][ T3317] chnl_net:caif_netlink_parms(): no params data found
[   24.109724][ T3304] team0: Port device team_slave_1 added
[   24.133630][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.140653][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.166648][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.189740][ T3310] chnl_net:caif_netlink_parms(): no params data found
[   24.201577][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.208532][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.234461][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.252277][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.259374][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.266634][ T3305] bridge_slave_0: entered allmulticast mode
[   24.273566][ T3305] bridge_slave_0: entered promiscuous mode
[   24.279942][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.287021][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.294211][ T3305] bridge_slave_1: entered allmulticast mode
[   24.300512][ T3305] bridge_slave_1: entered promiscuous mode
[   24.334557][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.357175][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.401054][ T3304] hsr_slave_0: entered promiscuous mode
[   24.407093][ T3304] hsr_slave_1: entered promiscuous mode
[   24.417906][ T3305] team0: Port device team_slave_0 added
[   24.424315][ T3305] team0: Port device team_slave_1 added
[   24.432104][ T3313] chnl_net:caif_netlink_parms(): no params data found
[   24.440907][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.447974][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.455332][ T3317] bridge_slave_0: entered allmulticast mode
[   24.461656][ T3317] bridge_slave_0: entered promiscuous mode
[   24.468291][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.475427][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.482737][ T3317] bridge_slave_1: entered allmulticast mode
[   24.489031][ T3317] bridge_slave_1: entered promiscuous mode
[   24.495357][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.502491][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.509639][ T3310] bridge_slave_0: entered allmulticast mode
[   24.516000][ T3310] bridge_slave_0: entered promiscuous mode
[   24.533566][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.540613][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.547948][ T3310] bridge_slave_1: entered allmulticast mode
[   24.554404][ T3310] bridge_slave_1: entered promiscuous mode
[   24.567708][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.574746][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.600809][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.622587][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.640749][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.647695][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.673708][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.689990][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.715962][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.737489][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.747200][ T3317] team0: Port device team_slave_0 added
[   24.753893][ T3317] team0: Port device team_slave_1 added
[   24.799323][ T3310] team0: Port device team_slave_0 added
[   24.807490][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.814470][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.840423][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.851572][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.858523][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.884508][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.895222][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.902274][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.909380][ T3313] bridge_slave_0: entered allmulticast mode
[   24.916005][ T3313] bridge_slave_0: entered promiscuous mode
[   24.924613][ T3305] hsr_slave_0: entered promiscuous mode
[   24.930598][ T3305] hsr_slave_1: entered promiscuous mode
[   24.936469][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   24.944099][ T3305] Cannot create hsr debugfs directory
[   24.950196][ T3310] team0: Port device team_slave_1 added
[   24.970424][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.977680][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.984885][ T3313] bridge_slave_1: entered allmulticast mode
[   24.991321][ T3313] bridge_slave_1: entered promiscuous mode
[   25.021860][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.028877][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.054807][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.072088][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   25.085377][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.092491][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.118993][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.136489][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   25.162826][ T3317] hsr_slave_0: entered promiscuous mode
[   25.168820][ T3317] hsr_slave_1: entered promiscuous mode
[   25.174765][ T3317] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.182336][ T3317] Cannot create hsr debugfs directory
[   25.201612][ T3313] team0: Port device team_slave_0 added
[   25.208146][ T3313] team0: Port device team_slave_1 added
[   25.223008][ T3310] hsr_slave_0: entered promiscuous mode
[   25.229093][ T3310] hsr_slave_1: entered promiscuous mode
[   25.234966][ T3310] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.242545][ T3310] Cannot create hsr debugfs directory
[   25.269869][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.276866][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.302813][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.331111][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.338117][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.364119][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.409305][ T3313] hsr_slave_0: entered promiscuous mode
[   25.415504][ T3313] hsr_slave_1: entered promiscuous mode
[   25.421387][ T3313] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.428982][ T3313] Cannot create hsr debugfs directory
[   25.457722][ T3304] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   25.468552][ T3304] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   25.483083][ T3304] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   25.509489][ T3304] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   25.547643][ T3305] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   25.556660][ T3305] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   25.576358][ T3305] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   25.588737][ T3305] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   25.619393][ T3310] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   25.631588][ T3310] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   25.639926][ T3310] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   25.648360][ T3310] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   25.695249][ T3317] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   25.703838][ T3317] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   25.716485][ T3317] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   25.725308][ T3317] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   25.760478][ T3313] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   25.770296][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.782086][ T3313] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   25.797921][ T3313] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   25.806545][ T3313] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   25.822484][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   25.838213][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.855091][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.867821][ T3304] 8021q: adding VLAN 0 to HW filter on device team0
[   25.876018][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.883075][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.895191][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.902265][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.923083][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.930197][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.942892][ T3310] 8021q: adding VLAN 0 to HW filter on device team0
[   25.965121][ T2186] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.972206][ T2186] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.985878][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.996969][ T2186] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.004157][ T2186] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.021153][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.028216][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.048725][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.056803][ T3317] 8021q: adding VLAN 0 to HW filter on device team0
[   26.070451][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.077550][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.091420][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.098514][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.114716][ T3313] 8021q: adding VLAN 0 to HW filter on device team0
[   26.128160][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.135257][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.155091][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.162224][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.198820][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.248231][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.259502][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.302465][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.328696][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.395043][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.423135][ T3304] veth0_vlan: entered promiscuous mode
[   26.449473][ T3304] veth1_vlan: entered promiscuous mode
[   26.462509][ T3304] veth0_macvtap: entered promiscuous mode
[   26.487105][ T3304] veth1_macvtap: entered promiscuous mode
[   26.499381][ T3310] veth0_vlan: entered promiscuous mode
[   26.516376][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.528294][ T3313] veth0_vlan: entered promiscuous mode
[   26.536737][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.544613][ T3305] veth0_vlan: entered promiscuous mode
[   26.553334][ T3310] veth1_vlan: entered promiscuous mode
[   26.561666][ T3304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.570379][ T3304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.579144][ T3304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.587878][ T3304] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.600360][ T3313] veth1_vlan: entered promiscuous mode
[   26.611538][ T3305] veth1_vlan: entered promiscuous mode
[   26.632635][ T3305] veth0_macvtap: entered promiscuous mode
[   26.649821][ T3313] veth0_macvtap: entered promiscuous mode
[   26.656718][ T3305] veth1_macvtap: entered promiscuous mode
[   26.673396][ T3313] veth1_macvtap: entered promiscuous mode
[   26.688908][ T3310] veth0_macvtap: entered promiscuous mode
[   26.696835][ T3310] veth1_macvtap: entered promiscuous mode
[   26.705912][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.725028][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.734936][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.743260][ T3304] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   26.749716][ T3317] veth0_vlan: entered promiscuous mode
[   26.765537][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.775202][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.783938][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.803173][ T3305] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.811963][ T3305] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.820705][ T3305] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.829396][ T3305] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.842139][ T3310] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.850962][ T3310] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.859775][ T3310] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.868565][ T3310] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.888780][ T3317] veth1_vlan: entered promiscuous mode
[   26.903084][ T3313] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.911865][ T3313] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.920555][ T3313] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.929259][ T3313] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.963659][ T3477] netlink: 'syz.1.6': attribute type 13 has an invalid length.
[   26.971289][ T3477] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6'.
[   26.994544][ T3317] veth0_macvtap: entered promiscuous mode
[   27.007964][ T3317] veth1_macvtap: entered promiscuous mode
[   27.035429][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.054993][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.066721][ T3484] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1'.
[   27.077816][ T3486] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7'.
[   27.086667][ T3486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7'.
[   27.095338][ T3486] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7'.
[   27.105119][ T3317] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.113991][ T3317] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.122726][ T3317] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.127542][ T3489] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   27.127542][ T3489]    program +}[@ not setting count and/or reply_len properly
[   27.131499][ T3317] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.160270][ T3486] loop2: detected capacity change from 0 to 764
[   27.166674][ T3484] hsr_slave_0: left promiscuous mode
[   27.175868][ T3486] Symlink component flag not implemented
[   27.182618][ T3484] hsr_slave_1: left promiscuous mode
[   27.185661][ T3486] Symlink component flag not implemented (101)
[   27.218017][ T3491] process 'syz.1.8' launched './file0' with NULL argv: empty string added
[   27.343116][ T3502] loop4: detected capacity change from 0 to 1024
[   27.374167][ T3502] =======================================================
[   27.374167][ T3502] WARNING: The mand mount option has been deprecated and
[   27.374167][ T3502]          and is ignored by this kernel. Remove the mand
[   27.374167][ T3502]          option from the mount to silence this warning.
[   27.374167][ T3502] =======================================================
[   27.410205][ T3506] loop2: detected capacity change from 0 to 2048
[   27.424742][ T3506] EXT4-fs: Ignoring removed mblk_io_submit option
[   27.448577][ T3512] netlink: 'syz.3.16': attribute type 13 has an invalid length.
[   27.459970][ T3506] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   27.477162][ T3509] loop1: detected capacity change from 0 to 8192
[   27.503715][ T3502] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   27.516918][   T29] kauditd_printk_skb: 92 callbacks suppressed
[   27.516930][   T29] audit: type=1400 audit(1751082583.101:164): avc:  denied  { mount } for  pid=3501 comm="syz.4.12" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   27.573104][ T3512] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.580333][ T3512] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.599232][ T3509] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[   27.607926][ T3509] FAT-fs (loop1): Filesystem has been set read-only
[   27.616966][   T29] audit: type=1400 audit(1751082583.181:165): avc:  denied  { mount } for  pid=3499 comm="syz.1.11" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   27.650335][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.650636][   T29] audit: type=1400 audit(1751082583.201:166): avc:  denied  { create } for  pid=3503 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   27.678610][   T29] audit: type=1400 audit(1751082583.201:167): avc:  denied  { setopt } for  pid=3503 comm="syz.2.14" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   27.681776][ T3521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14'.
[   27.698972][   T29] audit: type=1400 audit(1751082583.201:168): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   27.766119][ T3512] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   27.776750][ T3512] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   27.808532][ T3512] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   27.817799][ T3512] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   27.827004][ T3512] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   27.836167][ T3512] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   27.866229][ T3523] loop4: detected capacity change from 0 to 512
[   27.905897][ T3509] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[   27.914979][ T3523] EXT4-fs: Ignoring removed bh option
[   27.951554][ T3523] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   27.980426][   T29] audit: type=1400 audit(1751082583.561:169): avc:  denied  { write } for  pid=3499 comm="syz.1.11" name="kcm" dev="proc" ino=4026532617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   28.002054][ T3523] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.002936][   T29] audit: type=1400 audit(1751082583.561:170): avc:  denied  { allowed } for  pid=3499 comm="syz.1.11" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   28.034298][   T29] audit: type=1400 audit(1751082583.561:171): avc:  denied  { create } for  pid=3499 comm="syz.1.11" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   28.056557][ T3523] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.063493][   T29] audit: type=1400 audit(1751082583.651:172): avc:  denied  { setattr } for  pid=3522 comm="syz.4.17" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   28.091654][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.125556][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.168554][ T3529] loop2: detected capacity change from 0 to 1024
[   28.171247][ T3512] syz.3.16 (3512) used greatest stack depth: 10824 bytes left
[   28.183488][ T3527] netlink: 14 bytes leftover after parsing attributes in process `syz.4.18'.
[   28.203487][   T29] audit: type=1400 audit(1751082583.791:173): avc:  denied  { create } for  pid=3528 comm="syz.2.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   28.203994][ T3529] netlink: 68 bytes leftover after parsing attributes in process `syz.2.19'.
[   28.233279][ T3527] hsr_slave_0: left promiscuous mode
[   28.242543][ T3527] hsr_slave_1: left promiscuous mode
[   28.304868][ T3529] loop2: detected capacity change from 0 to 512
[   28.311562][ T3533] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   28.311562][ T3533]    program +}[@ not setting count and/or reply_len properly
[   28.334837][ T3529] EXT4-fs: Ignoring removed orlov option
[   28.341256][ T3529] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   28.350268][ T3529] EXT4-fs (loop2): orphan cleanup on readonly fs
[   28.364623][ T3529] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.19: bg 0: block 248: padding at end of block bitmap is not set
[   28.379344][ T3538] netlink: 14 bytes leftover after parsing attributes in process `syz.1.22'.
[   28.388734][ T3538] hsr_slave_0: left promiscuous mode
[   28.389650][ T3535] loop3: detected capacity change from 0 to 1024
[   28.401593][ T3538] hsr_slave_1: left promiscuous mode
[   28.404147][ T3529] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.19: Failed to acquire dquot type 1
[   28.423175][ T3529] EXT4-fs (loop2): 1 truncate cleaned up
[   28.443773][ T3529] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   28.456788][ T3535] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   28.477156][ T3529] EXT4-fs: Ignoring removed orlov option
[   28.492108][ T3529] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   28.503025][ T3529] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   28.513153][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.523743][ T3529] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.19: Abort forced by user
[   28.533764][ T3529] EXT4-fs (loop2): Remounting filesystem read-only
[   28.540292][ T3529] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   28.548831][ T3529] ext4 filesystem being remounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   28.555779][ T3549] loop3: detected capacity change from 0 to 512
[   28.565572][ T3529] syz.2.19 (3529) used greatest stack depth: 9576 bytes left
[   28.578957][ T3549] EXT4-fs: Ignoring removed bh option
[   28.586282][ T3549] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   28.595908][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.617438][ T3549] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.630549][ T3549] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.648584][ T3552] netlink: 'syz.2.26': attribute type 13 has an invalid length.
[   28.668604][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.708985][ T3552] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.716228][ T3552] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.752876][ T3552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   28.763412][ T3552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   28.793921][ T3552] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   28.803064][ T3552] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   28.812116][ T3552] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   28.821205][ T3552] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   28.949036][ T3562] loop2: detected capacity change from 0 to 1024
[   29.059253][ T3576] 9pnet_fd: Insufficient options for proto=fd
[   29.518715][ T3586] netlink: 60 bytes leftover after parsing attributes in process `syz.4.30'.
[   29.532594][ T3586] loop4: detected capacity change from 0 to 764
[   29.540599][ T3586] Symlink component flag not implemented
[   29.546446][ T3586] Symlink component flag not implemented (101)
[   29.600030][ T3588] loop4: detected capacity change from 0 to 764
[   31.075170][ T3603] loop3: detected capacity change from 0 to 764
[   31.260322][ T3621] netlink: 'syz.2.43': attribute type 13 has an invalid length.
[   31.311989][ T3624] loop4: detected capacity change from 0 to 764
[   31.351692][ T3624] Symlink component flag not implemented
[   31.357367][ T3624] Symlink component flag not implemented (101)
[   31.372844][ T3603] Symlink component flag not implemented
[   31.389090][ T3627] netlink: 'syz.0.46': attribute type 13 has an invalid length.
[   31.404700][ T3603] Symlink component flag not implemented (101)
[   31.545744][ T3627] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.552955][ T3627] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.557058][ T3638] loop4: detected capacity change from 0 to 1024
[   31.625732][ T3627] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   31.630010][ T3648] loop2: detected capacity change from 0 to 764
[   31.636370][ T3627] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   31.662650][ T3649] 9pnet_fd: Insufficient options for proto=fd
[   31.679223][ T3648] Symlink component flag not implemented
[   31.688572][ T3648] Symlink component flag not implemented (101)
[   31.704377][ T3627] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.713538][ T3627] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.722669][ T3627] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.731805][ T3627] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.776549][ T3659] 9pnet_fd: Insufficient options for proto=fd
[   31.794401][ T3659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   31.805118][ T3659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   31.815641][ T3659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   31.831933][ T3659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   31.854441][ T3662] loop1: detected capacity change from 0 to 512
[   31.927001][ T3664] loop3: detected capacity change from 0 to 512
[   32.048722][ T3676] __nla_validate_parse: 16 callbacks suppressed
[   32.048737][ T3676] netlink: 60 bytes leftover after parsing attributes in process `syz.0.65'.
[   32.059660][ T3678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.64'.
[   32.073166][ T3676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'.
[   32.073205][ T3678] netlink: 32 bytes leftover after parsing attributes in process `syz.3.64'.
[   32.073220][ T3678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.64'.
[   32.081993][ T3676] netlink: 40 bytes leftover after parsing attributes in process `syz.0.65'.
[   32.099940][ T3676] loop0: detected capacity change from 0 to 764
[   32.125345][ T3676] Symlink component flag not implemented
[   32.140784][ T3676] Symlink component flag not implemented (101)
[   32.153928][ T3680] loop3: detected capacity change from 0 to 1024
[   32.180599][ T3680] netlink: 68 bytes leftover after parsing attributes in process `syz.3.66'.
[   32.217396][ T3680] loop3: detected capacity change from 0 to 512
[   32.225400][ T3680] EXT4-fs: Ignoring removed orlov option
[   32.232079][ T3680] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   32.249718][ T3680] EXT4-fs (loop3): orphan cleanup on readonly fs
[   32.257500][ T3680] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.66: bg 0: block 248: padding at end of block bitmap is not set
[   32.273050][ T3680] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.66: Failed to acquire dquot type 1
[   32.285124][ T3680] EXT4-fs (loop3): 1 truncate cleaned up
[   32.292462][ T3680] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   32.309521][ T3680] EXT4-fs: Ignoring removed orlov option
[   32.315850][ T3680] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   32.324761][ T3680] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[   32.355876][ T3680] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.66: Abort forced by user
[   32.393193][ T3680] EXT4-fs (loop3): Remounting filesystem read-only
[   32.399764][ T3680] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   32.456929][ T3680] ext4 filesystem being remounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   32.490605][ T3700] FAULT_INJECTION: forcing a failure.
[   32.490605][ T3700] name failslab, interval 1, probability 0, space 0, times 1
[   32.503360][ T3700] CPU: 0 UID: 0 PID: 3700 Comm: syz.4.73 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) 
[   32.503389][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   32.503404][ T3700] Call Trace:
[   32.503409][ T3700]  <TASK>
[   32.503415][ T3700]  __dump_stack+0x1d/0x30
[   32.503436][ T3700]  dump_stack_lvl+0xe8/0x140
[   32.503452][ T3700]  dump_stack+0x15/0x1b
[   32.503518][ T3700]  should_fail_ex+0x265/0x280
[   32.503567][ T3700]  should_failslab+0x8c/0xb0
[   32.503587][ T3700]  kmem_cache_alloc_noprof+0x50/0x310
[   32.503683][ T3700]  ? getname_flags+0x80/0x3b0
[   32.503708][ T3700]  getname_flags+0x80/0x3b0
[   32.503729][ T3700]  user_path_at+0x28/0x130
[   32.503751][ T3700]  __x64_sys_umount+0x85/0xe0
[   32.503782][ T3700]  x64_sys_call+0x2915/0x2fb0
[   32.503823][ T3700]  do_syscall_64+0xd2/0x200
[   32.503915][ T3700]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   32.503942][ T3700]  ? clear_bhb_loop+0x40/0x90
[   32.503963][ T3700]  ? clear_bhb_loop+0x40/0x90
[   32.503982][ T3700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   32.504051][ T3700] RIP: 0033:0x7f576802e929
[   32.504071][ T3700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   32.504088][ T3700] RSP: 002b:00007f5766697038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   32.504111][ T3700] RAX: ffffffffffffffda RBX: 00007f5768255fa0 RCX: 00007f576802e929
[   32.504122][ T3700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0
[   32.504135][ T3700] RBP: 00007f5766697090 R08: 0000000000000000 R09: 0000000000000000
[   32.504145][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   32.504155][ T3700] R13: 0000000000000000 R14: 00007f5768255fa0 R15: 00007fff7210be58
[   32.504251][ T3700]  </TASK>
[   32.737928][ T3680] syz.3.66 (3680) used greatest stack depth: 9304 bytes left
[   32.745794][   T29] kauditd_printk_skb: 320 callbacks suppressed
[   32.745884][   T29] audit: type=1326 audit(1751082588.331:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3702 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576802e929 code=0x7ffc0000
[   32.798746][   T29] audit: type=1326 audit(1751082588.331:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3702 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576802e929 code=0x7ffc0000
[   32.821965][   T29] audit: type=1326 audit(1751082588.331:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3702 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f576802e929 code=0x7ffc0000
[   32.846007][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.860597][   T29] audit: type=1326 audit(1751082588.441:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3702 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576802e929 code=0x7ffc0000
[   32.884351][   T29] audit: type=1326 audit(1751082588.441:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3702 comm="syz.4.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576802e929 code=0x7ffc0000
[   32.912257][   T29] audit: type=1400 audit(1751082588.501:495): avc:  denied  { read } for  pid=3709 comm="syz.4.78" dev="nsfs" ino=4026532809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   32.933305][   T29] audit: type=1400 audit(1751082588.501:496): avc:  denied  { open } for  pid=3709 comm="syz.4.78" path="net:[4026532809]" dev="nsfs" ino=4026532809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   32.981174][ T3712] netlink: 60 bytes leftover after parsing attributes in process `syz.2.79'.
[   32.989968][ T3712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.79'.
[   32.998677][ T3712] netlink: 40 bytes leftover after parsing attributes in process `syz.2.79'.
[   33.054118][ T3710] Zero length message leads to an empty skb
[   33.114082][   T29] audit: type=1326 audit(1751082588.551:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3707 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   33.137552][   T29] audit: type=1326 audit(1751082588.551:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3707 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   33.160638][   T29] audit: type=1326 audit(1751082588.551:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3707 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   33.184354][ T3712] loop2: detected capacity change from 0 to 764
[   33.240488][ T3712] Symlink component flag not implemented
[   33.785648][ T3712] Symlink component flag not implemented (101)
[   33.896752][ T3737] loop2: detected capacity change from 0 to 1024
[   34.028077][ T3742] hsr_slave_0: left promiscuous mode
[   34.063919][ T3737] loop2: detected capacity change from 0 to 512
[   34.081379][ T3743] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   34.081379][ T3743]    program +}[@ not setting count and/or reply_len properly
[   34.098343][ T3737] EXT4-fs: Ignoring removed orlov option
[   34.110012][ T3742] hsr_slave_1: left promiscuous mode
[   34.116665][ T3737] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   34.144246][ T3737] EXT4-fs (loop2): orphan cleanup on readonly fs
[   34.159534][ T3737] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.84: bg 0: block 248: padding at end of block bitmap is not set
[   34.197908][ T3737] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.84: Failed to acquire dquot type 1
[   34.231304][ T3737] EXT4-fs (loop2): 1 truncate cleaned up
[   34.293265][ T3750] netlink: 'syz.3.91': attribute type 13 has an invalid length.
[   34.321154][ T3737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   34.341267][ T3737] EXT4-fs: Ignoring removed orlov option
[   34.347152][ T3737] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   34.347152][ T3752] loop4: detected capacity change from 0 to 2048
[   34.351822][ T3752] EXT4-fs: Ignoring removed mblk_io_submit option
[   34.368522][ T3737] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   34.392522][ T3737] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.84: Abort forced by user
[   34.402745][ T3737] EXT4-fs (loop2): Remounting filesystem read-only
[   34.403255][ T3752] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.409244][ T3737] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   34.409275][ T3737] ext4 filesystem being remounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   34.463662][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.479172][ T3760] loop3: detected capacity change from 0 to 764
[   34.492498][ T3760] Symlink component flag not implemented
[   34.498312][ T3760] Symlink component flag not implemented (101)
[   34.531522][ T3762] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   34.531522][ T3762]    program +}[@ not setting count and/or reply_len properly
[   34.617725][ T3769] mmap: syz.3.98 (3769) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   34.681598][ T3767] loop1: detected capacity change from 0 to 1024
[   34.698687][ T3767] EXT4-fs: Ignoring removed i_version option
[   34.752252][ T3767] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.776733][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.805068][ T3767] FAULT_INJECTION: forcing a failure.
[   34.805068][ T3767] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   34.818260][ T3767] CPU: 1 UID: 0 PID: 3767 Comm: syz.1.97 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) 
[   34.818283][ T3767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   34.818326][ T3767] Call Trace:
[   34.818331][ T3767]  <TASK>
[   34.818337][ T3767]  __dump_stack+0x1d/0x30
[   34.818373][ T3767]  dump_stack_lvl+0xe8/0x140
[   34.818391][ T3767]  dump_stack+0x15/0x1b
[   34.818405][ T3767]  should_fail_ex+0x265/0x280
[   34.818445][ T3767]  should_fail+0xb/0x20
[   34.818470][ T3767]  should_fail_usercopy+0x1a/0x20
[   34.818573][ T3767]  _copy_from_iter+0xcf/0xe40
[   34.818602][ T3767]  ? __build_skb_around+0x1a0/0x200
[   34.818630][ T3767]  ? __alloc_skb+0x223/0x320
[   34.818664][ T3767]  netlink_sendmsg+0x471/0x6b0
[   34.818683][ T3767]  ? __pfx_netlink_sendmsg+0x10/0x10
[   34.818700][ T3767]  __sock_sendmsg+0x142/0x180
[   34.818722][ T3767]  ____sys_sendmsg+0x31e/0x4e0
[   34.818772][ T3767]  ___sys_sendmsg+0x17b/0x1d0
[   34.818805][ T3767]  __x64_sys_sendmsg+0xd4/0x160
[   34.818839][ T3767]  x64_sys_call+0x2999/0x2fb0
[   34.818935][ T3767]  do_syscall_64+0xd2/0x200
[   34.818968][ T3767]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   34.819027][ T3767]  ? clear_bhb_loop+0x40/0x90
[   34.819044][ T3767]  ? clear_bhb_loop+0x40/0x90
[   34.819062][ T3767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.819111][ T3767] RIP: 0033:0x7f30875ee929
[   34.819124][ T3767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.819138][ T3767] RSP: 002b:00007f3085c57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   34.819155][ T3767] RAX: ffffffffffffffda RBX: 00007f3087815fa0 RCX: 00007f30875ee929
[   34.819167][ T3767] RDX: 0000000000000010 RSI: 0000200000000400 RDI: 000000000000000d
[   34.819179][ T3767] RBP: 00007f3085c57090 R08: 0000000000000000 R09: 0000000000000000
[   34.819192][ T3767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.819249][ T3767] R13: 0000000000000000 R14: 00007f3087815fa0 R15: 00007ffeae36c9a8
[   34.819265][ T3767]  </TASK>
[   35.090253][ T3783] SELinux: ebitmap start bit (2147483904) is beyond the end of the bitmap (1472)
[   35.100491][ T3783] SELinux: failed to load policy
[   35.114006][ T3789] loop0: detected capacity change from 0 to 1024
[   35.115444][ T3304] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   35.152779][ T3791] loop4: detected capacity change from 0 to 1024
[   35.159725][ T3304] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 88: padding at end of block bitmap is not set
[   35.182194][ T3791] EXT4-fs (loop4): orphan cleanup on readonly fs
[   35.188938][ T3304] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   35.199874][ T3791] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.105: Failed to acquire dquot type 0
[   35.213093][ T3789] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.228388][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.239342][ T3791] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   35.264702][ T3789] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3789 comm=syz.0.96
[   35.294453][ T3791] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.105: corrupted inode contents
[   35.317791][ T3800] loop1: detected capacity change from 0 to 764
[   35.317919][ T3791] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #13: comm syz.4.105: mark_inode_dirty error
[   35.337322][ T3800] Symlink component flag not implemented
[   35.343320][ T3800] Symlink component flag not implemented (101)
[   35.361925][ T3791] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.105: corrupted inode contents
[   35.395621][ T3791] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.105: mark_inode_dirty error
[   35.411021][ T3791] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.105: corrupted inode contents
[   35.423971][ T3791] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[   35.427725][ T3804] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   35.427725][ T3804]    program +}[@ not setting count and/or reply_len properly
[   35.433124][ T3791] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #13: comm syz.4.105: corrupted inode contents
[   35.461857][ T3791] EXT4-fs error (device loop4): ext4_truncate:4597: inode #13: comm syz.4.105: mark_inode_dirty error
[   35.473336][ T3791] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[   35.494006][ T3791] EXT4-fs (loop4): 1 truncate cleaned up
[   35.500272][ T3791] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   35.528700][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.769623][ T3818] loop4: detected capacity change from 0 to 764
[   36.484231][ T3818] Symlink component flag not implemented
[   36.491276][ T3818] Symlink component flag not implemented (101)
[   36.585130][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.747030][ T3831] loop1: detected capacity change from 0 to 512
[   36.763727][ T3832] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   36.763727][ T3832]    program +}[@ not setting count and/or reply_len properly
[   36.797814][ T3831] EXT4-fs: Ignoring removed bh option
[   36.805195][ T3834] loop2: detected capacity change from 0 to 1024
[   36.829496][ T3831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   36.861859][ T3831] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.891060][ T3831] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.958982][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.013458][ T3844] serio: Serial port pts0
[   37.050599][ T3847] serio: Serial port pts1
[   37.090639][ T3851] __nla_validate_parse: 20 callbacks suppressed
[   37.097035][ T3851] netlink: 16 bytes leftover after parsing attributes in process `syz.2.131'.
[   37.203706][ T3861] netlink: 12 bytes leftover after parsing attributes in process `syz.3.123'.
[   37.212765][ T3861] netlink: 20 bytes leftover after parsing attributes in process `syz.3.123'.
[   37.225384][ T3853] loop1: detected capacity change from 0 to 2048
[   37.243237][ T3853] ext2: Unknown parameter 'smackfstransmute'
[   37.430426][ T3874] netlink: 24 bytes leftover after parsing attributes in process `syz.3.137'.
[   37.448979][ T3873] loop4: detected capacity change from 0 to 1024
[   37.490074][ T3874] loop3: detected capacity change from 0 to 512
[   37.534595][ T3874] EXT4-fs: Ignoring removed bh option
[   37.844035][   T29] kauditd_printk_skb: 276 callbacks suppressed
[   37.844048][   T29] audit: type=1326 audit(1751082593.431:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.047956][   T29] audit: type=1326 audit(1751082593.461:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.071452][   T29] audit: type=1326 audit(1751082593.461:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.094678][   T29] audit: type=1326 audit(1751082593.461:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.118016][   T29] audit: type=1326 audit(1751082593.461:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.141282][   T29] audit: type=1326 audit(1751082593.461:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.164502][   T29] audit: type=1326 audit(1751082593.461:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.187729][   T29] audit: type=1326 audit(1751082593.461:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3882 comm="syz.1.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   38.221251][ T3874] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   38.234907][ T3890] netlink: 60 bytes leftover after parsing attributes in process `syz.1.142'.
[   38.254526][ T3890] netlink: 4 bytes leftover after parsing attributes in process `syz.1.142'.
[   38.263472][ T3890] netlink: 40 bytes leftover after parsing attributes in process `syz.1.142'.
[   38.285024][ T3890] loop1: detected capacity change from 0 to 764
[   38.293923][ T3890] Symlink component flag not implemented
[   38.296243][ T3874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.299652][ T3890] Symlink component flag not implemented (101)
[   38.333007][   T29] audit: type=1326 audit(1751082593.821:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   38.334331][ T3895] serio: Serial port pts0
[   38.356345][   T29] audit: type=1326 audit(1751082593.821:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   38.380384][ T3874] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.493902][ T3903] serio: Serial port pts0
[   38.596722][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.608282][ T3911] netlink: 14 bytes leftover after parsing attributes in process `syz.4.151'.
[   38.636594][ T3912] netlink: 'syz.1.150': attribute type 13 has an invalid length.
[   38.638898][ T3911] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   38.638898][ T3911]    program +}[@ not setting count and/or reply_len properly
[   38.724507][ T3912] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.731711][ T3912] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.738527][ T3921] loop4: detected capacity change from 0 to 1024
[   38.788049][ T3912] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   38.797949][ T3912] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   38.824937][ T3923] loop2: detected capacity change from 0 to 1024
[   38.853083][ T3912] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   38.862172][ T3912] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   38.871156][ T3912] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   38.880141][ T3912] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   38.893731][ T3919] loop3: detected capacity change from 0 to 8192
[   38.940577][ T3925] 9pnet_fd: Insufficient options for proto=fd
[   39.101206][ T3941] serio: Serial port pts0
[   39.151782][ T3943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.163'.
[   39.162398][ T3943] netlink: 'syz.0.163': attribute type 1 has an invalid length.
[   39.201930][ T3946] netlink: 24 bytes leftover after parsing attributes in process `syz.4.164'.
[   39.216133][ T3946] loop4: detected capacity change from 0 to 512
[   39.223774][ T3946] EXT4-fs: Ignoring removed bh option
[   39.236562][ T3946] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   39.254491][ T3946] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.267245][ T3946] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.294018][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.319456][ T3951] loop4: detected capacity change from 0 to 1024
[   39.328701][ T3951] EXT4-fs: Ignoring removed nobh option
[   39.334389][ T3951] EXT4-fs: Ignoring removed oldalloc option
[   39.345925][ T3951] EXT4-fs: Ignoring removed orlov option
[   39.363451][ T3951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.403224][ T3951] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.165: Allocating blocks 497-513 which overlap fs metadata
[   39.469400][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.574246][ T3959] loop3: detected capacity change from 0 to 512
[   39.585569][ T3959] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   39.598257][ T3961] netlink: 'syz.4.169': attribute type 13 has an invalid length.
[   39.613043][ T3959] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[   39.622346][ T3959] System zones: 0-2, 18-18, 34-34
[   39.628286][ T3959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.641906][ T3959] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.665629][ T3961] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.672972][ T3961] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.760495][ T3961] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   39.771209][ T3961] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   39.807142][ T3961] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.816181][ T3961] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.825438][ T3961] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.834529][ T3961] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.852837][ T3973] serio: Serial port pts0
[   39.878913][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.907208][ T3975] netlink: 'syz.3.175': attribute type 13 has an invalid length.
[   39.998081][ T3982] netlink: 'syz.2.177': attribute type 13 has an invalid length.
[   40.043583][ T3987] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   40.043583][ T3987]    program syz.3.181 not setting count and/or reply_len properly
[   40.103462][ T3992] loop0: detected capacity change from 0 to 2048
[   40.110170][ T3992] EXT4-fs: Ignoring removed mblk_io_submit option
[   40.143241][ T4000] loop2: detected capacity change from 0 to 1024
[   40.158756][ T3981] loop4: detected capacity change from 0 to 8192
[   40.184076][ T3992] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.222379][ T4000] loop2: detected capacity change from 0 to 512
[   40.236601][ T4000] EXT4-fs: Ignoring removed orlov option
[   40.271524][ T4000] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   40.298181][ T4015] netlink: 'syz.1.193': attribute type 13 has an invalid length.
[   40.306205][ T4000] EXT4-fs (loop2): orphan cleanup on readonly fs
[   40.314315][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.319863][ T4000] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.186: bg 0: block 248: padding at end of block bitmap is not set
[   40.338005][ T4000] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.186: Failed to acquire dquot type 1
[   40.350582][ T4000] EXT4-fs (loop2): 1 truncate cleaned up
[   40.356965][ T4000] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   40.376925][ T4000] EXT4-fs: Ignoring removed orlov option
[   40.383849][ T4000] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   40.393784][ T4000] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   40.406790][ T4023] netlink: 'syz.1.195': attribute type 13 has an invalid length.
[   40.422182][ T4000] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.186: Abort forced by user
[   40.434502][ T4000] EXT4-fs (loop2): Remounting filesystem read-only
[   40.441174][ T4000] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   40.453521][ T4000] ext4 filesystem being remounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   40.473124][ T4028] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   40.473124][ T4028]    program +}[@ not setting count and/or reply_len properly
[   40.491596][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.576209][ T4036] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   40.576209][ T4036]    program +}[@ not setting count and/or reply_len properly
[   40.596407][ T4042] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   40.610177][ T4044] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   40.610177][ T4044]    program +}[@ not setting count and/or reply_len properly
[   40.641163][ T4046] netlink: 'syz.0.206': attribute type 13 has an invalid length.
[   40.733947][ T4056] loop0: detected capacity change from 0 to 1024
[   40.750110][ T4056] loop0: detected capacity change from 0 to 512
[   40.757836][ T4056] EXT4-fs: Ignoring removed orlov option
[   40.764382][ T4056] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   40.776570][ T4059] hsr_slave_0: left promiscuous mode
[   40.777764][ T4056] EXT4-fs (loop0): orphan cleanup on readonly fs
[   40.788351][ T4059] hsr_slave_1: left promiscuous mode
[   40.803147][ T4056] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.210: bg 0: block 248: padding at end of block bitmap is not set
[   40.817750][ T4056] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.210: Failed to acquire dquot type 1
[   40.833161][ T4056] EXT4-fs (loop0): 1 truncate cleaned up
[   40.842319][ T4059] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   40.842319][ T4059]    program +}[@ not setting count and/or reply_len properly
[   40.859723][ T4056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   40.888543][ T4056] EXT4-fs: Ignoring removed orlov option
[   40.898331][ T4056] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   40.914475][ T4056] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   40.942083][ T4056] EXT4-fs error (device loop0): __ext4_remount:6736: comm syz.0.210: Abort forced by user
[   40.956542][ T4056] EXT4-fs (loop0): Remounting filesystem read-only
[   40.963136][ T4056] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   40.967573][ T4074] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   40.967573][ T4074]    program +}[@ not setting count and/or reply_len properly
[   40.992140][ T4056] ext4 filesystem being remounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   41.034970][ T4078] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[   41.044622][ T4078] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[   41.055133][ T4076] loop4: detected capacity change from 0 to 2048
[   41.062221][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.065206][ T4076] EXT4-fs: Ignoring removed mblk_io_submit option
[   41.084782][ T4083] netlink: 'syz.1.220': attribute type 13 has an invalid length.
[   41.107088][ T4076] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.201769][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.264206][ T4107] netlink: 'syz.0.230': attribute type 10 has an invalid length.
[   41.284732][ T4110] loop1: detected capacity change from 0 to 1024
[   41.329004][ T4113] loop4: detected capacity change from 0 to 512
[   41.356216][    C0] hrtimer: interrupt took 30461 ns
[   41.357247][ T4113] EXT4-fs: Ignoring removed bh option
[   41.371970][ T4115] netlink: 'syz.1.233': attribute type 13 has an invalid length.
[   41.372025][ T4113] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   41.416851][ T4113] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.435975][ T4113] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.472460][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.502496][ T4128] loop4: detected capacity change from 0 to 2048
[   41.509543][ T4128] EXT4-fs: Ignoring removed mblk_io_submit option
[   41.556653][ T4128] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.587225][ T4141] netlink: 'syz.1.244': attribute type 13 has an invalid length.
[   41.633234][ T4146] loop3: detected capacity change from 0 to 764
[   41.652857][ T4146] Symlink component flag not implemented
[   41.658578][ T4146] Symlink component flag not implemented (101)
[   41.680017][ T4152] loop1: detected capacity change from 0 to 512
[   41.689629][ T4152] EXT4-fs: Ignoring removed bh option
[   41.700921][ T4152] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   41.706506][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.741132][ T4152] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.762163][ T4152] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.808780][ T4169] loop0: detected capacity change from 0 to 128
[   41.809465][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.944537][ T4182] loop4: detected capacity change from 0 to 2048
[   41.953086][ T4182] EXT4-fs: Ignoring removed mblk_io_submit option
[   41.977710][ T4182] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.008083][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.033045][ T4198] loop1: detected capacity change from 0 to 1024
[   42.040013][ T4198] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   42.053337][ T4198] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.269: Invalid block bitmap block 0 in block_group 0
[   42.067104][ T4198] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.269: Failed to acquire dquot type 0
[   42.085725][ T4198] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.269: Freeing blocks not in datazone - block = 0, count = 4096
[   42.100227][ T4198] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.269: Invalid inode bitmap blk 0 in block_group 0
[   42.114423][ T4198] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[   42.114919][   T41] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 0
[   42.123090][ T4198] EXT4-fs (loop1): 1 orphan inode deleted
[   42.141379][ T4198] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.157441][ T4198] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   42.170888][ T4206] __nla_validate_parse: 31 callbacks suppressed
[   42.170901][ T4206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.271'.
[   42.186026][ T4206] netlink: 20 bytes leftover after parsing attributes in process `syz.4.271'.
[   42.251915][ T4216] netlink: 14 bytes leftover after parsing attributes in process `syz.0.275'.
[   42.270439][ T4216] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   42.270439][ T4216]    program +}[@ not setting count and/or reply_len properly
[   42.333231][ T4224] loop4: detected capacity change from 0 to 1024
[   42.346353][ T4224] EXT4-fs: Ignoring removed i_version option
[   42.365657][ T4224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.456070][ T4237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.284'.
[   42.465030][ T4237] netlink: 20 bytes leftover after parsing attributes in process `syz.0.284'.
[   42.613131][ T4252] FAULT_INJECTION: forcing a failure.
[   42.613131][ T4252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   42.626426][ T4252] CPU: 0 UID: 0 PID: 4252 Comm: syz.3.291 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) 
[   42.626453][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   42.626465][ T4252] Call Trace:
[   42.626472][ T4252]  <TASK>
[   42.626479][ T4252]  __dump_stack+0x1d/0x30
[   42.626522][ T4252]  dump_stack_lvl+0xe8/0x140
[   42.626584][ T4252]  dump_stack+0x15/0x1b
[   42.626601][ T4252]  should_fail_ex+0x265/0x280
[   42.626630][ T4252]  should_fail+0xb/0x20
[   42.626672][ T4252]  should_fail_usercopy+0x1a/0x20
[   42.626701][ T4252]  _copy_from_iter+0xcf/0xe40
[   42.626770][ T4252]  ? __build_skb_around+0x1a0/0x200
[   42.626800][ T4252]  ? __alloc_skb+0x223/0x320
[   42.626863][ T4252]  netlink_sendmsg+0x471/0x6b0
[   42.626886][ T4252]  ? __pfx_netlink_sendmsg+0x10/0x10
[   42.627047][ T4252]  __sock_sendmsg+0x142/0x180
[   42.627070][ T4252]  ____sys_sendmsg+0x31e/0x4e0
[   42.627142][ T4252]  ___sys_sendmsg+0x17b/0x1d0
[   42.627179][ T4252]  __x64_sys_sendmsg+0xd4/0x160
[   42.627212][ T4252]  x64_sys_call+0x2999/0x2fb0
[   42.627282][ T4252]  do_syscall_64+0xd2/0x200
[   42.627380][ T4252]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   42.627405][ T4252]  ? clear_bhb_loop+0x40/0x90
[   42.627426][ T4252]  ? clear_bhb_loop+0x40/0x90
[   42.627445][ T4252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.627511][ T4252] RIP: 0033:0x7fa3316ee929
[   42.627527][ T4252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.627543][ T4252] RSP: 002b:00007fa32fd57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   42.627561][ T4252] RAX: ffffffffffffffda RBX: 00007fa331915fa0 RCX: 00007fa3316ee929
[   42.627571][ T4252] RDX: 0000000000040050 RSI: 0000200000000280 RDI: 0000000000000006
[   42.627581][ T4252] RBP: 00007fa32fd57090 R08: 0000000000000000 R09: 0000000000000000
[   42.627610][ T4252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.627620][ T4252] R13: 0000000000000000 R14: 00007fa331915fa0 R15: 00007ffdba06a6e8
[   42.627678][ T4252]  </TASK>
[   42.629424][ T4254] netlink: 60 bytes leftover after parsing attributes in process `syz.0.292'.
[   42.700607][ T4259] loop0: detected capacity change from 0 to 764
[   42.712765][ T4254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.292'.
[   42.729572][ T4254] netlink: 40 bytes leftover after parsing attributes in process `syz.0.292'.
[   42.739271][ T4261] netlink: 12 bytes leftover after parsing attributes in process `syz.3.295'.
[   42.754340][ T4261] netlink: 20 bytes leftover after parsing attributes in process `syz.3.295'.
[   42.889873][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.899156][ T4254] Symlink component flag not implemented
[   42.908382][ T4254] Symlink component flag not implemented (101)
[   42.942923][   T29] kauditd_printk_skb: 846 callbacks suppressed
[   42.942936][   T29] audit: type=1326 audit(1751082598.531:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   42.975069][   T29] audit: type=1326 audit(1751082598.531:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   42.998483][   T29] audit: type=1326 audit(1751082598.531:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.021889][   T29] audit: type=1326 audit(1751082598.531:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.045357][   T29] audit: type=1326 audit(1751082598.531:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.068668][   T29] audit: type=1326 audit(1751082598.531:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.092226][   T29] audit: type=1326 audit(1751082598.531:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.115559][   T29] audit: type=1326 audit(1751082598.531:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.138951][   T29] audit: type=1326 audit(1751082598.531:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.162349][   T29] audit: type=1326 audit(1751082598.531:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30875ee929 code=0x7ffc0000
[   43.217815][ T4280] loop1: detected capacity change from 0 to 512
[   43.226052][ T4280] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   43.239249][ T4280] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   43.252812][ T4280] EXT4-fs (loop1): 1 truncate cleaned up
[   43.254917][ T3317] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 88: padding at end of block bitmap is not set
[   43.258779][ T4280] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.284516][ T3317] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   43.297519][ T4280] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: comm syz.1.303: inode #86: comm syz.1.303: iget: illegal inode #
[   43.312502][ T4280] EXT4-fs error (device loop1): ext4_xattr_inode_iget:442: comm syz.1.303: error while reading EA inode 86 err=-117
[   43.325743][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.350223][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.359480][ T4283] loop3: detected capacity change from 0 to 8192
[   43.396126][ T4287] loop1: detected capacity change from 0 to 1024
[   43.491799][ T4295] loop4: detected capacity change from 0 to 2048
[   43.562031][ T4302] loop1: detected capacity change from 0 to 764
[   43.569895][ T4302] Symlink component flag not implemented
[   43.575881][ T4302] Symlink component flag not implemented (101)
[   43.788794][ T4310] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   43.837417][ T4320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.847389][ T4320] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.942038][ T4331] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   43.942038][ T4331]    program +}[@ not setting count and/or reply_len properly
[   44.006932][ T4337] loop1: detected capacity change from 0 to 764
[   44.014753][ T4337] Symlink component flag not implemented
[   44.022060][ T4337] Symlink component flag not implemented (101)
[   44.041600][ T4338] futex_wake_op: syz.0.322 tries to shift op by -1; fix this program
[   44.057816][ T4339] tmpfs: Bad value for 'mpol'
[   44.072944][ T4338] tmpfs: Bad value for 'mpol'
[   44.215650][ T4359] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   44.215650][ T4359]    program +}[@ not setting count and/or reply_len properly
[   44.295839][ T4366] loop3: detected capacity change from 0 to 764
[   44.306580][ T4366] Symlink component flag not implemented
[   44.312673][ T4366] Symlink component flag not implemented (101)
[   44.338280][ T4367] loop1: detected capacity change from 0 to 512
[   44.351436][ T4367] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   44.366602][ T4363] loop2: detected capacity change from 0 to 512
[   44.391935][ T4363] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.404578][ T4363] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.409193][ T4376] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   44.409193][ T4376]    program +}[@ not setting count and/or reply_len properly
[   44.452246][ T4364] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   44.503241][ T3304] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   44.635268][ T4388] validate_nla: 5 callbacks suppressed
[   44.635283][ T4388] netlink: 'syz.1.346': attribute type 13 has an invalid length.
[   45.146854][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.304025][ T4415] loop1: detected capacity change from 0 to 1024
[   45.316750][ T4413] netlink: 'syz.4.358': attribute type 13 has an invalid length.
[   45.433136][ T4421] sg_write: 1 callbacks suppressed
[   45.433196][ T4421] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   45.433196][ T4421]    program +}[@ not setting count and/or reply_len properly
[   45.647546][ T4440] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   45.647546][ T4440]    program syz.3.368 not setting count and/or reply_len properly
[   45.730509][ T4448] FAULT_INJECTION: forcing a failure.
[   45.730509][ T4448] name failslab, interval 1, probability 0, space 0, times 0
[   45.733759][ T4449] serio: Serial port pts0
[   45.743196][ T4448] CPU: 1 UID: 0 PID: 4448 Comm: syz.0.363 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) 
[   45.743290][ T4448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.743301][ T4448] Call Trace:
[   45.743389][ T4448]  <TASK>
[   45.743397][ T4448]  __dump_stack+0x1d/0x30
[   45.743432][ T4448]  dump_stack_lvl+0xe8/0x140
[   45.743450][ T4448]  dump_stack+0x15/0x1b
[   45.743543][ T4448]  should_fail_ex+0x265/0x280
[   45.743639][ T4448]  should_failslab+0x8c/0xb0
[   45.743662][ T4448]  __kvmalloc_node_noprof+0x123/0x4e0
[   45.743688][ T4448]  ? alloc_fdtable+0xa5/0x1b0
[   45.743716][ T4448]  ? __kmalloc_cache_noprof+0x22e/0x320
[   45.743813][ T4448]  alloc_fdtable+0xa5/0x1b0
[   45.743843][ T4448]  dup_fd+0x4c7/0x540
[   45.743871][ T4448]  ? _raw_spin_unlock+0x26/0x50
[   45.743915][ T4448]  ksys_unshare+0x346/0x6d0
[   45.743941][ T4448]  ? ksys_write+0x192/0x1a0
[   45.744031][ T4448]  __x64_sys_unshare+0x1f/0x30
[   45.744057][ T4448]  x64_sys_call+0x2d4b/0x2fb0
[   45.744077][ T4448]  do_syscall_64+0xd2/0x200
[   45.744095][ T4448]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.744200][ T4448]  ? clear_bhb_loop+0x40/0x90
[   45.744220][ T4448]  ? clear_bhb_loop+0x40/0x90
[   45.744241][ T4448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.744308][ T4448] RIP: 0033:0x7f4bbf4ee929
[   45.744323][ T4448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.744339][ T4448] RSP: 002b:00007f4bbdb15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   45.744357][ T4448] RAX: ffffffffffffffda RBX: 00007f4bbf716160 RCX: 00007f4bbf4ee929
[   45.744369][ T4448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064000600
[   45.744382][ T4448] RBP: 00007f4bbdb15090 R08: 0000000000000000 R09: 0000000000000000
[   45.744406][ T4448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.744417][ T4448] R13: 0000000000000000 R14: 00007f4bbf716160 R15: 00007ffc996e3ca8
[   45.744461][ T4448]  </TASK>
[   45.813601][ T4457] loop1: detected capacity change from 0 to 1024
[   46.005804][ T4468] loop3: detected capacity change from 0 to 128
[   46.099865][ T4473] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   46.099865][ T4473]    program +}[@ not setting count and/or reply_len properly
[   46.219446][ T4480] loop2: detected capacity change from 0 to 512
[   46.250506][ T4480] EXT4-fs: Ignoring removed bh option
[   46.294140][ T4480] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   46.317492][ T4492] program syz.4.392 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   46.357591][ T4480] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.406328][ T4480] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.433845][ T4509] loop4: detected capacity change from 0 to 1024
[   46.446338][ T4507] loop1: detected capacity change from 0 to 128
[   46.471707][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.597504][ T4518] loop4: detected capacity change from 0 to 1024
[   46.632110][ T4518] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.785208][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.802483][ T4536] program syz.3.411 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   46.915054][ T4545] loop2: detected capacity change from 0 to 1024
[   47.106712][ T4556] serio: Serial port pts0
[   47.329038][ T4574] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=127 sclass=netlink_route_socket pid=4574 comm=syz.0.426
[   47.401790][ T4580] loop2: detected capacity change from 0 to 2048
[   47.420284][ T4583] __nla_validate_parse: 13 callbacks suppressed
[   47.420299][ T4583] netlink: 14 bytes leftover after parsing attributes in process `syz.4.431'.
[   47.422194][ T4580] EXT4-fs: Ignoring removed mblk_io_submit option
[   47.447869][ T4583] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   47.472873][ T4580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.486064][ T4583] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   47.496798][ T4583] bond0 (unregistering): Released all slaves
[   47.506769][ T4580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.430'.
[   47.519513][ T4592] loop3: detected capacity change from 0 to 1024
[   47.599660][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.691396][ T4603] netlink: 60 bytes leftover after parsing attributes in process `syz.2.438'.
[   47.713373][ T4603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.438'.
[   47.722216][ T4603] netlink: 40 bytes leftover after parsing attributes in process `syz.2.438'.
[   47.756973][ T4603] loop2: detected capacity change from 0 to 764
[   47.785581][ T4603] Symlink component flag not implemented
[   47.798834][ T4603] Symlink component flag not implemented (101)
[   47.851042][ T4617] serio: Serial port pts0
[   47.885401][ T4621] netlink: 14 bytes leftover after parsing attributes in process `syz.3.445'.
[   47.906337][ T4621] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   47.906337][ T4621]    program +}[@ not setting count and/or reply_len properly
[   47.974577][   T29] kauditd_printk_skb: 832 callbacks suppressed
[   47.974593][   T29] audit: type=1326 audit(1751082603.561:2460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.004375][   T29] audit: type=1326 audit(1751082603.561:2461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.031562][ T4629] netlink: 'syz.2.449': attribute type 13 has an invalid length.
[   48.044471][ T4636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.452'.
[   48.060998][   T29] audit: type=1326 audit(1751082603.561:2462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.070870][ T4632] loop4: detected capacity change from 0 to 1024
[   48.084401][   T29] audit: type=1326 audit(1751082603.561:2463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.114111][   T29] audit: type=1326 audit(1751082603.561:2464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.137422][   T29] audit: type=1326 audit(1751082603.561:2465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.160830][   T29] audit: type=1326 audit(1751082603.561:2466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.184218][   T29] audit: type=1326 audit(1751082603.561:2467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.207610][   T29] audit: type=1326 audit(1751082603.561:2468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.230991][   T29] audit: type=1326 audit(1751082603.561:2469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.3.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3316ee929 code=0x7ffc0000
[   48.327194][ T4643] netlink: 60 bytes leftover after parsing attributes in process `syz.1.446'.
[   48.338347][ T4643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.446'.
[   48.347217][ T4643] netlink: 40 bytes leftover after parsing attributes in process `syz.1.446'.
[   48.365216][ T4643] loop1: detected capacity change from 0 to 764
[   48.402929][ T4643] Symlink component flag not implemented
[   48.413038][ T4643] Symlink component flag not implemented (101)
[   48.422780][ T4647] 9pnet_fd: Insufficient options for proto=fd
[   48.653423][ T4671] loop1: detected capacity change from 0 to 1024
[   49.122267][ T4680] loop4: detected capacity change from 0 to 512
[   49.164427][ T4680] EXT4-fs (loop4): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   49.303881][ T4686] loop3: detected capacity change from 0 to 512
[   49.332115][ T4690] chnl_net:caif_netlink_parms(): no params data found
[   49.347159][ T4686] EXT4-fs: Ignoring removed bh option
[   49.358749][ T4680] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   49.395867][ T4686] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   49.443779][ T4686] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.470335][ T4686] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.519475][ T4703] loop1: detected capacity change from 0 to 764
[   49.563894][ T4703] Symlink component flag not implemented
[   49.577192][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.586548][ T4703] Symlink component flag not implemented (101)
[   49.605498][ T4707] loop2: detected capacity change from 0 to 1024
[   49.612933][ T3317] EXT4-fs (loop4): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   49.618159][ T4707] EXT4-fs: Ignoring removed i_version option
[   49.655386][ T4707] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.669296][ T4711] serio: Serial port pts0
[   51.170077][ T4744] loop0: detected capacity change from 0 to 512
[   51.893687][ T4770] loop3: detected capacity change from 0 to 1024
[   51.901772][ T4769] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   51.901772][ T4769]    program +}[@ not setting count and/or reply_len properly
[   51.958454][ T4744] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.991218][ T3305] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 88: padding at end of block bitmap is not set
[   52.009229][ T4744] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.034017][ T3305] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   52.071515][ T4778] loop1: detected capacity change from 0 to 164
[   52.088854][ T4778] iso9660: Unknown parameter 'ÿÿ'
[   52.113281][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.122880][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.704182][ T4802] __nla_validate_parse: 9 callbacks suppressed
[   52.704196][ T4802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.512'.
[   52.744496][ T4790] loop1: detected capacity change from 0 to 8192
[   52.773786][ T4804] netlink: 24 bytes leftover after parsing attributes in process `syz.3.513'.
[   52.818728][ T4806] loop0: detected capacity change from 0 to 512
[   52.878314][ T4806] EXT4-fs: Ignoring removed bh option
[   52.900974][ T4804] loop3: detected capacity change from 0 to 512
[   52.929155][ T4806] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.950443][ T4804] EXT4-fs: Ignoring removed bh option
[   52.990530][ T4804] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   53.026190][ T4806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.056069][ T4806] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.057846][ T4804] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.081168][ T4804] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.123512][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.176885][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.196637][   T29] kauditd_printk_skb: 434 callbacks suppressed
[   53.196650][   T29] audit: type=1326 audit(1751082608.781:2903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.236444][   T29] audit: type=1326 audit(1751082608.811:2904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.259944][   T29] audit: type=1326 audit(1751082608.811:2905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.283407][   T29] audit: type=1326 audit(1751082608.811:2906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.306894][   T29] audit: type=1326 audit(1751082608.811:2907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.330361][   T29] audit: type=1326 audit(1751082608.811:2908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.353942][   T29] audit: type=1326 audit(1751082608.811:2909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.377388][   T29] audit: type=1326 audit(1751082608.811:2910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.400870][   T29] audit: type=1326 audit(1751082608.811:2911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.424401][   T29] audit: type=1326 audit(1751082608.811:2912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4823 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f20673de929 code=0x7ffc0000
[   53.465623][ T4830] loop1: detected capacity change from 0 to 1024
[   53.599713][ T4837] loop0: detected capacity change from 0 to 1024
[   53.659737][ T4837] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.738912][ T4849] FAULT_INJECTION: forcing a failure.
[   53.738912][ T4849] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   53.752160][ T4849] CPU: 0 UID: 0 PID: 4849 Comm: syz.4.528 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) 
[   53.752189][ T4849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.752201][ T4849] Call Trace:
[   53.752208][ T4849]  <TASK>
[   53.752215][ T4849]  __dump_stack+0x1d/0x30
[   53.752245][ T4849]  dump_stack_lvl+0xe8/0x140
[   53.752266][ T4849]  dump_stack+0x15/0x1b
[   53.752281][ T4849]  should_fail_ex+0x265/0x280
[   53.752337][ T4849]  should_fail+0xb/0x20
[   53.752416][ T4849]  should_fail_usercopy+0x1a/0x20
[   53.752442][ T4849]  _copy_to_user+0x20/0xa0
[   53.752465][ T4849]  simple_read_from_buffer+0xb5/0x130
[   53.752497][ T4849]  proc_fail_nth_read+0x100/0x140
[   53.752605][ T4849]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   53.752638][ T4849]  vfs_read+0x1a0/0x6f0
[   53.752680][ T4849]  ? __rcu_read_unlock+0x4f/0x70
[   53.752703][ T4849]  ? __rcu_read_unlock+0x4f/0x70
[   53.752722][ T4849]  ? __fget_files+0x184/0x1c0
[   53.752741][ T4849]  ksys_read+0xda/0x1a0
[   53.752841][ T4849]  __x64_sys_read+0x40/0x50
[   53.752872][ T4849]  x64_sys_call+0x2d77/0x2fb0
[   53.752891][ T4849]  do_syscall_64+0xd2/0x200
[   53.752951][ T4849]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   53.753026][ T4849]  ? clear_bhb_loop+0x40/0x90
[   53.753043][ T4849]  ? clear_bhb_loop+0x40/0x90
[   53.753064][ T4849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.753086][ T4849] RIP: 0033:0x7f576802d33c
[   53.753102][ T4849] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   53.753141][ T4849] RSP: 002b:00007f5766697030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   53.753157][ T4849] RAX: ffffffffffffffda RBX: 00007f5768255fa0 RCX: 00007f576802d33c
[   53.753167][ T4849] RDX: 000000000000000f RSI: 00007f57666970a0 RDI: 0000000000000004
[   53.753177][ T4849] RBP: 00007f5766697090 R08: 0000000000000000 R09: 0000000000000000
[   53.753187][ T4849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.753197][ T4849] R13: 0000000000000000 R14: 00007f5768255fa0 R15: 00007fff7210be58
[   53.753217][ T4849]  </TASK>
[   53.999400][ T4843] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   54.039774][ T4853] netlink: 24 bytes leftover after parsing attributes in process `syz.4.530'.
[   54.055217][ T4853] loop4: detected capacity change from 0 to 512
[   54.081599][ T4853] EXT4-fs: Ignoring removed bh option
[   54.111167][ T4853] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   54.194047][ T4861] loop1: detected capacity change from 0 to 1024
[   54.207918][ T4853] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.232377][ T4853] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   54.251307][ T4861] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.298639][ T4862] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   54.325056][ T4866] netlink: 60 bytes leftover after parsing attributes in process `syz.3.532'.
[   54.337966][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.360627][ T4861] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.531: Allocating blocks 449-513 which overlap fs metadata
[   54.490744][ T4866] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'.
[   54.499554][ T4866] netlink: 40 bytes leftover after parsing attributes in process `syz.3.532'.
[   54.512771][ T4862] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   54.525003][ T4862] EXT4-fs (loop0): This should not happen!! Data will be lost
[   54.525003][ T4862] 
[   54.534692][ T4862] EXT4-fs (loop0): Total free blocks count 0
[   54.540760][ T4862] EXT4-fs (loop0): Free/Dirty block details
[   54.546647][ T4862] EXT4-fs (loop0): free_blocks=68451041280
[   54.552512][ T4862] EXT4-fs (loop0): dirty_blocks=16
[   54.557612][ T4862] EXT4-fs (loop0): Block reservation details
[   54.563626][ T4862] EXT4-fs (loop0): i_reserved_data_blocks=1
[   54.575120][ T4866] loop3: detected capacity change from 0 to 764
[   54.586862][ T4866] Symlink component flag not implemented
[   54.592840][ T4866] Symlink component flag not implemented (101)
[   54.606030][ T4857] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28
[   54.747456][ T4882] loop3: detected capacity change from 0 to 1024
[   54.963003][ T4855] EXT4-fs (loop1): pa ffff8881067807e0: logic 48, phys. 177, len 21
[   54.971074][ T4855] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   55.053870][ T4896] loop1: detected capacity change from 0 to 1024
[   55.105675][ T4896] 9pnet_fd: Insufficient options for proto=fd
[   55.406501][ T4899] serio: Serial port pts0
[   55.439507][ T4901] netlink: 60 bytes leftover after parsing attributes in process `syz.2.545'.
[   55.448487][ T4901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.545'.
[   55.457290][ T4901] netlink: 40 bytes leftover after parsing attributes in process `syz.2.545'.
[   55.472236][ T4901] loop2: detected capacity change from 0 to 764
[   55.480804][ T4901] Symlink component flag not implemented
[   55.488221][ T4901] Symlink component flag not implemented (101)
[   55.498062][ T4904] netlink: 14 bytes leftover after parsing attributes in process `syz.4.546'.
[   55.511769][ T4904] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   55.511769][ T4904]    program +}[@ not setting count and/or reply_len properly
[   55.539342][ T4906] loop2: detected capacity change from 0 to 128
[   55.617472][ T4914] loop2: detected capacity change from 0 to 512
[   55.626277][ T4914] EXT4-fs: Ignoring removed bh option
[   55.640791][ T4914] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   55.655388][ T4914] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.665929][ T4916] loop4: detected capacity change from 0 to 8192
[   55.737190][ T4920] ==================================================================
[   55.745312][ T4920] BUG: KCSAN: data-race in fat12_ent_put / fat_mirror_bhs
[   55.752428][ T4920] 
[   55.754749][ T4920] write to 0xffff88813788e337 of 1 bytes by task 4916 on cpu 1:
[   55.762380][ T4920]  fat12_ent_put+0x74/0x170
[   55.766881][ T4920]  fat_ent_write+0x6c/0xe0
[   55.771289][ T4920]  fat_chain_add+0x15b/0x3f0
[   55.775880][ T4920]  fat_get_block+0x46c/0x5e0
[   55.780460][ T4920]  __block_write_begin_int+0x400/0xf90
[   55.785919][ T4920]  cont_write_begin+0x5fc/0x970
[   55.790763][ T4920]  fat_write_begin+0x4f/0xe0
[   55.795348][ T4920]  generic_perform_write+0x184/0x490
[   55.800624][ T4920]  __generic_file_write_iter+0x9e/0x120
[   55.806159][ T4920]  generic_file_write_iter+0x8d/0x2f0
[   55.811577][ T4920]  vfs_write+0x4a0/0x8e0
[   55.815834][ T4920]  __x64_sys_pwrite64+0xfd/0x150
[   55.820815][ T4920]  x64_sys_call+0xe45/0x2fb0
[   55.825404][ T4920]  do_syscall_64+0xd2/0x200
[   55.829899][ T4920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.835780][ T4920] 
[   55.838092][ T4920] read to 0xffff88813788e200 of 512 bytes by task 4920 on cpu 0:
[   55.845792][ T4920]  fat_mirror_bhs+0x1df/0x320
[   55.850461][ T4920]  fat_alloc_clusters+0x98b/0xa80
[   55.855479][ T4920]  fat_get_block+0x258/0x5e0
[   55.860061][ T4920]  __block_write_begin_int+0x400/0xf90
[   55.865515][ T4920]  cont_write_begin+0x5fc/0x970
[   55.870351][ T4920]  fat_write_begin+0x4f/0xe0
[   55.874932][ T4920]  generic_perform_write+0x184/0x490
[   55.880203][ T4920]  __generic_file_write_iter+0x9e/0x120
[   55.885749][ T4920]  generic_file_write_iter+0x8d/0x2f0
[   55.891128][ T4920]  __kernel_write_iter+0x256/0x4c0
[   55.896418][ T4920]  dump_user_range+0x407/0x8c0
[   55.901185][ T4920]  elf_core_dump+0x1dc2/0x1f80
[   55.905937][ T4920]  do_coredump+0x1dfd/0x27b0
[   55.910520][ T4920]  get_signal+0xd85/0xf70
[   55.914842][ T4920]  arch_do_signal_or_restart+0x96/0x480
[   55.920376][ T4920]  irqentry_exit_to_user_mode+0x5e/0xa0
[   55.925915][ T4920]  irqentry_exit+0x12/0x50
[   55.930325][ T4920]  asm_exc_page_fault+0x26/0x30
[   55.935161][ T4920] 
[   55.937469][ T4920] Reported by Kernel Concurrency Sanitizer on:
[   55.943603][ T4920] CPU: 0 UID: 0 PID: 4920 Comm: syz.4.552 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) 
[   55.955922][ T4920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.965964][ T4920] ==================================================================
[   55.975902][ T4922] loop2: detected capacity change from 0 to 512
[   55.982527][ T4922] EXT4-fs: Ignoring removed bh option
[   55.995909][ T4922] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   56.032778][ T4922] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.083411][ T4920] syz.4.552 (4920) used greatest stack depth: 9048 bytes left
[   56.448131][ T2186] bridge_slave_1: left allmulticast mode
[   56.453857][ T2186] bridge_slave_1: left promiscuous mode
[   56.459557][ T2186] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.467383][ T2186] bridge_slave_0: left allmulticast mode
[   56.473121][ T2186] bridge_slave_0: left promiscuous mode
[   56.478791][ T2186] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.604609][ T2186] batman_adv: batadv0: Removing interface: batadv_slave_0
[   56.612398][ T2186] batman_adv: batadv0: Removing interface: batadv_slave_1
[   56.640583][ T2186] team0 (unregistering): Port device team_slave_1 removed
[   56.649706][ T2186] team0 (unregistering): Port device team_slave_0 removed