last executing test programs:

4.129776774s ago: executing program 4 (id=1325):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffffda9a4aa450f1113df6f67ef676da34b3eefa7f635fceddeee0", @ANYRES32, @ANYRESDEC], 0x15)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000900)={0x0, 0x0, 0x3}, 0x1)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000b80)=[{0x6, 0x10}]}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

3.779548876s ago: executing program 0 (id=1328):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020200000000000000000001b7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xfffffffb)

3.761629546s ago: executing program 0 (id=1329):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffffda9a4aa450f1113df6f67ef676da34b3eefa7f635fceddeee0", @ANYRES32, @ANYRESDEC], 0x15)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000900)={0x0, 0x0, 0x3}, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000b80)=[{0x6, 0x10}]}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

2.193954406s ago: executing program 1 (id=1374):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x383, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x4}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r3}, 0x3d)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=r0, @ANYRESDEC, @ANYBLOB="ee5d5cca172ed2af2e2293200bd6c72ce9b5de1af55e6811b4951606bfdc17c6acdbbd3384f3492d61387fc0fce203796b6b7b5998a65357697ce4ecd5d23a3a79358d2ded0ef4bae21f3576417164413c9e58679b53e360bb916311f7ce82442d676a2d3cdc79cf19636482a1429ef83f7df2", @ANYRES32=r3, @ANYRES16=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x143041, 0x0)
pwritev2(r6, 0x0, 0x0, 0xe7b, 0x0, 0x0)

2.193710386s ago: executing program 1 (id=1375):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000280)='|', 0x1, 0xc010, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc)
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000080), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000001f755be4e021ab1490f0429b87705d9dc4eb6c1c93ee51752566eeb2724d98d272e6cb7b58d1f2df568395c23528bf087efc8eb10b891bfd5ac78c9359b69b99e76ca0b068785aecbd1c90176b72fec5b2fc66ccc3efc33ccdbdfefd2385983d49a80b8f0ad122e88ec8b9e3daff10a4c002c41f4cea8b51a511ffa9ab6527b014032c517476362c030838a4b8d4e6e503b63021c9b97ccf599e5c618f2ee7f613459d3ac9e6edf3f19a3f6ff94741198053236e888751b006eed5d33721423e3d1512e6ffb23"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3, 0x0, 0x3}, 0x18)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000a80)='kfree\x00'}, 0x18)
ioctl$F2FS_IOC_DEFRAGMENT(r4, 0xc010f508, &(0x7f0000000000)={0x40a, 0x7})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r5=>0xffffffffffffffff})
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x1)
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f00000005c0))
r7 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x143041, 0x0)
pwritev2(r7, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(r6, 0x6609)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000300)=ANY=[], 0xfdef)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r8, 0xc0a85352, &(0x7f0000000180)={{0x4, 0x48}, 'port1\x00', 0x4, 0x400, 0x4, 0x19db, 0x5, 0x5, 0x3ff, 0x0, 0x1, 0x7})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r7)

2.025165107s ago: executing program 4 (id=1381):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x7b}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010029bd7000fddbdf25010000000500020002000000e0099d9548172fb0934c15e03c8963ca47c4a617c76a6ddeb3fa47014b482d95c91d5dc0c50642d40c6c92c092fe08f5fb129a867d3c0c9e9b208751bf74c3619cf99043ee5f75b6c1908872fb70cb4905e83e8fc00f9cfbec1a79ccc24a"], 0x1c}, 0x1, 0x0, 0x0, 0x24040050}, 0x20000800)
inotify_init1(0x80000)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff}, 0x106, 0x5}}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000030800000c000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x63, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x8e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
write$RDMA_USER_CM_CMD_BIND_IP(r3, &(0x7f0000000200)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x9, @mcast2, 0x6}, r4}}, 0x30)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000080)=r0, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000010a850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x50}}, 0x2)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x200}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
msgsnd(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1a0092e556113374"], 0x8, 0x800)

1.805163449s ago: executing program 4 (id=1383):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x14, 0x453, 0x4, 0x70bd2b, 0x25dfdbfc, "e4"}, 0x14}, 0x1, 0x0, 0x0, 0xc044}, 0x2080)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (fail_nth: 5)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x400000001fb, 0x101301)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000440)={0x0, 0x1005}, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

1.55837125s ago: executing program 0 (id=1385):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
epoll_create1(0x80000)
socket(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x80000)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = gettid()
sched_getparam(r2, &(0x7f0000000080))
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1, {0x9, 0x8}}, './file0\x00'})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

1.43860437s ago: executing program 0 (id=1386):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)

1.386629371s ago: executing program 0 (id=1387):
r0 = socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffefc}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x4}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8)
r5 = gettid()
r6 = gettid()
tkill(r5, 0x12)
tkill(r5, 0x1)
tkill(r6, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x10000}, 0x18)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000000380)={[{@noblock_validity}, {@resgid={'resgid', 0x3d, 0xee00}}, {@acl}, {@nouid32}, {@sysvgroups}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==")
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000200)=ANY=[@ANYRESDEC=r6])
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r7 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
mbind(&(0x7f000096a000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}, 0x1, 0x0, 0x0, 0x14000}, 0x0)
recvmmsg(r0, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1.337299811s ago: executing program 1 (id=1388):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7040000010000008500000078000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020200000000000000000001b7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xfffffffb)

1.284459592s ago: executing program 1 (id=1389):
syz_io_uring_setup(0x620d, &(0x7f0000000440)={0x0, 0xc6f, 0x20, 0x2, 0x186}, &(0x7f00000003c0), &(0x7f00000004c0))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000075630000000000000000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0xffffffffffffffe8, 0x0, 0x0, 0x6}, 0xf)

1.212099572s ago: executing program 1 (id=1390):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000002400)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x3, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r3}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000340)='net/vlan/config\x00')

1.162186232s ago: executing program 1 (id=1391):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffffda9a4aa450f1113df6f67ef676da34b3eefa7f635fceddeee0", @ANYRES32, @ANYRESDEC], 0x15)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000900)={0x0, 0x0, 0x3}, 0x1)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000b80)=[{0x6, 0x10}]}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

903.603144ms ago: executing program 4 (id=1392):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
epoll_pwait(r0, &(0x7f0000000140)=[{}], 0x1, 0x2d596fb6, 0x0, 0x0)

853.621254ms ago: executing program 3 (id=1395):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7040000010000008500000078000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020200000000000000000001b7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xfffffffb)

725.170425ms ago: executing program 0 (id=1398):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e23, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}, 0x1c)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
tgkill(0x0, 0x0, 0x5)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0000200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x10)
bind$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = accept4(r1, 0x0, 0x0, 0x0)
sendto(r4, &(0x7f0000000200)='9', 0x1, 0x0, 0x0, 0x0)
recvfrom(r3, &(0x7f0000000000)=""/44, 0x2c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, &(0x7f0000000000)={0x77359400}, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000ac0)={'wpan0\x00'})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = syz_io_uring_setup(0x111, &(0x7f0000000b00)={0x0, 0x25da, 0x2, 0x3, 0x367}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000040)=0x200, 0x0, 0x4)
io_uring_enter(r6, 0x66a8, 0x4000, 0xf, 0x0, 0x18)

700.391475ms ago: executing program 3 (id=1400):
syz_io_uring_setup(0x620d, &(0x7f0000000440)={0x0, 0xc6f, 0x20, 0x2, 0x186}, &(0x7f00000003c0), &(0x7f00000004c0))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000075630000000000000000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0xffffffffffffffe8, 0x0, 0x0, 0x6}, 0xf)

674.093506ms ago: executing program 3 (id=1403):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f'], 0x48)
r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000005b708000000090000008af8fff8ffffffb703000008000018b7040000000000008500000001fdffff94000200"/65, @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x134000, 0x1000}, 0x20)
r2 = socket$phonet(0x23, 0x2, 0x1)
r3 = socket(0xa, 0x2, 0x0)
bind$inet6(r3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000480)=0x4000, 0x4)
bind$xdp(r1, &(0x7f0000000200)={0x2c, 0x4, r4, 0x1c, r1}, 0x10)

642.525935ms ago: executing program 3 (id=1406):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a00000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a3200000000280004800800014000000001"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0xf5, 0x0, 0x4085}, 0x20000004)

594.185946ms ago: executing program 3 (id=1408):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="00d920eb5c00e900000000000000000000000020", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

574.453786ms ago: executing program 3 (id=1410):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7})
r1 = socket$inet(0x2, 0x80001, 0x84)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x9}}, 0x20)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r2, 0x0, 0x401}, 0x11)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
read$char_usb(r3, &(0x7f0000000000)=""/111, 0x6f)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2fffffffd}, 0xc)
close(r7)
write$binfmt_misc(r4, &(0x7f0000000980), 0xfdef)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x181101, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)
ioctl$TCSBRKP(r8, 0x5425, 0x6)
ioctl$TCSBRKP(r8, 0x5425, 0x80000000)

167.847708ms ago: executing program 2 (id=1418):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES8=0x0], 0x48)
r1 = socket$caif_seqpacket(0x25, 0x5, 0x5)
splice(r0, &(0x7f0000000040)=0x2, r1, &(0x7f0000000100)=0x4, 0x2, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x200200, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
dup(r3)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xe)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r4}, 0x20)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="140100002900010000000000fcdbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

142.643849ms ago: executing program 2 (id=1419):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a00000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a3200000000280004800800014000000001"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0xf5, 0x0, 0x4085}, 0x20000004)

91.522999ms ago: executing program 2 (id=1420):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)

76.241799ms ago: executing program 4 (id=1421):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x3c3800, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r1, 0xc4c03d09, &(0x7f0000000040)={0x6})
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000500)={0xda, 0xd, 0x1, 0x6, 0x8000})
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000540)=0x2c4ceefc8dd725d2)
r2 = syz_open_dev$usbfs(&(0x7f0000000580), 0x0, 0x20000)
ioctl$USBDEVFS_GET_CAPABILITIES(r2, 0x8004551a, &(0x7f00000005c0))
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000600)={0x21c, {0x2, 0x3ff, 0x5, 0xd2, 0x5}})
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000640)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r3 = syz_genetlink_get_family_id$nfc(&(0x7f00000008c0), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000900)=<r4=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000940)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000980)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000009c0)=<r7=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x3c, r3, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000000)
io_setup(0x1, &(0x7f0000000ac0)=<r8=>0x0)
r9 = eventfd2(0x3, 0x0)
io_submit(r8, 0x3, &(0x7f0000000d80)=[&(0x7f0000000b40)={0x0, 0x0, 0x0, 0x6, 0x350a, r1, &(0x7f0000000b00)="b1894b6e93afd3e083b4ab4fd2102a956d673f151c42afa5862ac4b566cfcddde3f44e344db2d0c501b6770c19822e31441494b27f5df166c964", 0x3a, 0xd086, 0x0, 0x3}, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x2, 0x7ff, r2, &(0x7f0000000b80)="9b4bed9dd8ec8c1ffdb8a37b9a8d175b12b5e861e15bdb9745fb53d24757ee53b0f984c347e92f73526941295985abdc5c14a6933e148a355855b455123c7578c0e899727aa820cc31dee451", 0x4c, 0x2, 0x0, 0x2, r2}, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x2, 0x6, r1, &(0x7f0000000c40)="e6cfcdeb585d5c83bd22573b23526d4e1d0a7ecc26b14666c839ef04c1ce890664677de42bb9a91ecd9f022cde5839d894c7a5d7457f6c0b4be8507c5fbc1522110c2dff0e8be1c21e4bf2cc85c07047abe1cc9f746316b9924c2f2d631af3526a3f5a334bbb015d566b85d36a963aae3d282d39aec6fe5c5ff0748ba9717e6b0114512756241f78b18e74e066bc1922e62ed5d822ff6fc3744394832a5dbd6d16917bf1b16adec89ad1f18458e8343eb82429e47122739e474c9b3b8645b66cbc986b29b98e5212c98fa0545c08d000bd7bdf32f82ab2ed85636c92", 0xdc, 0xb, 0x0, 0x2, r9}])
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_group_source_req(r10, 0x0, 0x2e, &(0x7f0000000dc0)={0x645, {{0x2, 0x4e22, @rand_addr=0x64010100}}, {{0x2, 0x4e24, @remote}}}, 0x108)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r11, &(0x7f0000001000)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f40)={0x50, r3, 0x4, 0x70bd25, 0x25dfdbfd, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, ':'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, ')-*/'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_FIRMWARE_NAME={0xb, 0x14, '/})]$:^'}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x40001000)
r12 = openat(0xffffffffffffff9c, &(0x7f0000001040)='./file0\x00', 0xa000, 0x108)
ioctl$SIOCSIFHWADDR(r12, 0x8924, &(0x7f0000001080)={'dvmrp1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000001180)={0x0, 0x9c, &(0x7f00000010c0)=[@in={0x2, 0x4e22, @multicast2}, @in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e22, @local}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e23, 0xc, @local, 0x8}, @in={0x2, 0x4e24, @local}]}, &(0x7f00000011c0)=0x10)
ioctl$VT_SETMODE(r12, 0x5602, &(0x7f0000001200)={0x9, 0x80, 0x6, 0x7f, 0x8})
fremovexattr(r2, &(0x7f0000001240)=@random={'trusted.', '\x00'})
sendmsg$nl_xfrm(r12, &(0x7f00000013c0)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x211}, 0xc, &(0x7f0000001380)={&(0x7f00000012c0)=@flushsa={0xa8, 0x1c, 0x400, 0x70bd29, 0x238, {0xff}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}, @algo_aead={0x89, 0x12, {{'ccm_base(fpu(ecb-cipher_null),sha1-generic)\x00'}, 0x1e8, 0xa0, "aaf245b5f32e3bf91c80ad9252f3c7fa1544ec1c59a57ba99a7690f1d5e2c491aec22957713d2a7a68f48cd2e83064ef584b48bedc29cee9d1d125f509"}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x804)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001440)={'ip6tnl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000001540)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f0000001500)={&(0x7f0000001480)=@newchain={0x44, 0x64, 0x8, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r13, {0xe, 0xe}, {0x0, 0x4}, {0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_CVLAN_ID={0x6, 0x4d, 0x39f}, @TCA_FLOWER_KEY_ICMPV4_TYPE_MASK={0x5}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010)

75.849749ms ago: executing program 2 (id=1422):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8ab8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000140)={@empty, <r4=>0x0}, &(0x7f0000000280)=0x14)
r5 = socket(0x10, 0x3, 0x6)
r6 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xffab}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x2, 0x2], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20008010)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'batadv_slave_0\x00', <r8=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'team0\x00', <r9=>0x0})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000440)=0x14)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
r13 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r12, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000480)={@loopback, <r14=>0x0}, &(0x7f0000000500)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', <r15=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'syztnl1\x00', &(0x7f0000000580)={'syztnl0\x00', <r16=>0x0, 0x0, 0xd, 0x6, 0x0, 0x48, @empty, @private2, 0x1, 0x1, 0x5, 0x9}})
sendmsg$ETHTOOL_MSG_EEE_GET(r2, &(0x7f0000000680)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000640)={&(0x7f0000000a00)={0x20c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x90, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x0, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x100000}, 0x18)
r17 = socket$nl_generic(0x10, 0x3, 0x10)
r18 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r17, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x28, r18, 0xc4fc9e906872338b, 0x70bd2e, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0x4, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x5, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x28}}, 0x40000)

485.36µs ago: executing program 2 (id=1423):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020200000000000000000001b7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xfffffffb)

287.29µs ago: executing program 4 (id=1424):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
capset(&(0x7f0000000240)={0x20080522}, &(0x7f0000000080)={0x200000, 0x200000, 0x5, 0x0, 0x3, 0x3ff})
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1)

0s ago: executing program 2 (id=1425):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
r3 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r3, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000340)='./file0\x00', 0x18e, &(0x7f0000000580)={[{@debug}, {@jqfmt_vfsv1}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000000}}, {@jqfmt_vfsv0}, {@data_err_abort}, {@nouid32}]}, 0x3, 0x44f, &(0x7f0000001240)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklahaYOaINEqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7K498/Xs2DM73QD61kj2TxKxPyJ+jYiharbxhJHqn5ury9N/rS5PJ1Euv/lHUjnvz9Xl6eLU4nX78sxoGpF+ksTRFuUuXr5yfmp+fvZSnh9fuvDu+OLlK0/PXZg6N3tu9uLk6dOnTk489+zkM12J866srkc+WDh2+NW3rr0+feba2z9+nRTxN8XRJSOdDj5WLne5uN46UJdOBnpYETalFBFZcw1W+v9QlKLWeEPxysc9rRywrcq5NodXysAdLIle1wDojeKHPpv/FtvOjT5678aL1QlQFvfNfKseGYg0qhOjwab5bTeNRMSZlb+/yLZofx8i3abiAYA+9G02/nmq1fgvjXvrzvt/vjY0nK+lHIyIuyPiUETcE1E5976IuH+T5Tcvkqwf/6TXtxTYBmXjv+fzta3G8d/akGu4lOcOVDKDydm5+dkT+WcyGoO7s/xEhzK+e/mXz9odqx//ZVtWfjEWzOtxfWB342tmppam/k3M9W58FHFkoFX8ydpKQBIRhyPiyBbLmHviq2PtjjXHX046vdMLjdkurDOVv4x4vNr+K9EUfyHpvD45/r+Ynz0xXlwV6/3089U32pV/6/bfXln77215/a/FP5zUr9cubr6Mq7992nZOObal67+2Y1f+9/2ppaVLExG7kteqla7fP1l7bZEvzs/iHz3euv8fjNoncTQisov4gYh4MCIeytvu4Yh4JCKOd4j/h5cefafdsduh/Wea2n+48ZSm9q8ldkXzntaJ0vnvv2l8x1pyY99/pyqp0XzPRr7/NlKvrV3NAAAA8N+TRsT+SNKxtXSajo1V/w//odibzi8sLj15duG9izPVZwSGYzAt7nRV7wdX74dO5NP6Ij/ZlD+Z3zf+vLSnks/Kmul18NDn9rXp/5nfS72uHbDtPK8F/Uv/h/6l/0P/0v+hf7Xo/3t6UQ9g57X6/f+wliwP7WRlgB3V1P8t+0EfMf+H/qX/Q/+q7/8dn78H7iSLe+LWD8lLSKxLRHpbVKM7iWSbe8H+Xge4+USvv5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6458AAAD//6EY5Cc=")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000000180)=0x6, 0x4)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x6}]}, 0x10)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=ANY=[@ANYBLOB="340000000f14eaffa7bd7000fcdbde25080045006d000300040000000800030000000000000000000000000000000000000000229e927795498506c34354ce7f9d66adc5ad2184c4269c8107afdd8603e411cd88075f3c7a92f38a519302f7b9baf28e7182579ce81f451a1ff0fa55030dc8b66e0631143861b4eeb621decc43e01f27ed7d6aecbc7aa7c24962bcca1891979421aa39a60c9d73e335999d10ed77921f50c23b5280d0ab75644d77329cb3bb4a14afedd68cf2baa9ccc82c9516627e41d2b0a504fa03b07650"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x1004)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x17, 0x2000000000000242, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r6 = socket(0x2b, 0x80801, 0x1)
setsockopt$sock_int(r6, 0x1, 0x20, &(0x7f0000000100)=0xffff8000, 0x4)
connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e23, 0x3ff, @empty, 0xfffffffe}, 0x1c)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x22842, 0x8d)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000c00)=ANY=[@ANYBLOB="d4128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf670000000000001500fdff0fff52e84407000009300000240600000ee60000bf050000000000001c63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e71a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387bfa1bc9b49da28724ba9cd79fbee8f97af876d0e30c19555ffdd7d73815b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f42407107000cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08124d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cb003841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e75414c91fce6c86287945bd8d258442760000ff010000000000000000000000300807f2f3906c1d45d05ba9df828d35376fed399fa311ff63a34f0c0b82b4f2825e729eb9b7f4c9ab3be5bc011ff29904bbc424880247fabe7325a6e8d139e99d2b2fbf7e84fca3b21c78840b858ce900a4eb9c2b8b9b7fb664d2aeac991ca09b1afc0ef7aed4541a2f7275130a9fa3853481c81e919c000000000000000000000000b1e0e4b55e0d5d8c657b4853fc18ec43be33e5f971cceda04d95c87489910ce692ee55c536d1671bffd4c9b98efb741b13f0ab26ac191c74"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x17}, 0x94)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r8, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}})
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rpc\x00')
getdents64(r9, &(0x7f0000001f80)=""/4096, 0x1000)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), r8)
sendmsg$TIPC_NL_KEY_FLUSH(r9, &(0x7f0000000600)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2040088}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)={0xb8, r10, 0x400, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4c}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd6e}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8b}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1b2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc}]}]}, 0xb8}}, 0x4)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

kernel console output (not intermixed with test programs):

0-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.549148][ T5368] bridge0: entered promiscuous mode
[   78.554618][ T5368] bridge0: left promiscuous mode
[   78.625733][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.704365][ T5382] loop2: detected capacity change from 0 to 1024
[   78.711612][ T5382] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   78.722724][ T5382] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   78.730742][ T5382] EXT4-fs (loop2): orphan cleanup on readonly fs
[   78.738256][ T5382] Quota error (device loop2): do_check_range: Getting dqdh_entries 512 out of range 0-14
[   78.748401][ T5382] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   78.758559][ T5382] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.523: Failed to acquire dquot type 0
[   78.770044][ T5382] Quota error (device loop2): do_check_range: Getting dqdh_entries 512 out of range 0-14
[   78.780103][ T5382] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   78.790192][ T5382] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.523: Failed to acquire dquot type 0
[   78.801546][ T5382] EXT4-fs error (device loop2): ext4_free_blocks:6706: comm syz.2.523: Freeing blocks not in datazone - block = 0, count = 4096
[   78.815105][ T5382] Quota error (device loop2): do_check_range: Getting dqdh_entries 512 out of range 0-14
[   78.825207][ T5382] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   78.835169][ T5382] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.523: Failed to acquire dquot type 0
[   78.846514][ T5382] EXT4-fs (loop2): 1 orphan inode deleted
[   78.852926][ T5382] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.876021][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.927400][ T5390] loop2: detected capacity change from 0 to 512
[   78.935114][ T5390] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   78.947642][   T29] audit: type=1326 audit(78.931:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5392 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[   78.977922][ T5390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.013688][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.235666][ T5421] loop3: detected capacity change from 0 to 512
[   79.274365][ T5421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.324081][ T5421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'.
[   79.334375][ T5430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.535'.
[   79.354922][ T5430] netlink: 32 bytes leftover after parsing attributes in process `syz.2.535'.
[   79.364408][ T5421] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.532: corrupted xattr block 6: invalid header
[   79.378313][ T5421] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[   79.387375][ T5421] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.532: corrupted xattr block 6: invalid header
[   79.421267][ T5421] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[   79.435007][ T5421] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.532: corrupted xattr block 6: invalid header
[   79.461803][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.486503][ T5437] loop2: detected capacity change from 0 to 512
[   79.494256][ T5437] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   79.498619][ T5443] loop3: detected capacity change from 0 to 512
[   79.513264][ T5437] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.528863][ T5443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.542099][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.560980][ T5455] program syz.2.540 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   79.570410][ T5455] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   79.590755][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.635785][ T5461] loop3: detected capacity change from 0 to 512
[   79.707211][ T5473] loop2: detected capacity change from 0 to 8192
[   79.779437][ T5485] netlink: 4 bytes leftover after parsing attributes in process `syz.3.549'.
[   79.788663][ T5485] netlink: 32 bytes leftover after parsing attributes in process `syz.3.549'.
[   79.857896][ T5493] program syz.0.552 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   79.860169][ T5489] loop3: detected capacity change from 0 to 512
[   79.873594][ T5493] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   79.884248][ T5489] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   79.903655][ T5496] netlink: 64 bytes leftover after parsing attributes in process `syz.2.553'.
[   79.913396][ T5496] netlink: 64 bytes leftover after parsing attributes in process `syz.2.553'.
[   79.914761][ T5489] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.922643][ T5498] FAULT_INJECTION: forcing a failure.
[   79.922643][ T5498] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   79.948136][ T5498] CPU: 1 UID: 0 PID: 5498 Comm: syz.0.554 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   79.948167][ T5498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   79.948180][ T5498] Call Trace:
[   79.948186][ T5498]  <TASK>
[   79.948211][ T5498]  __dump_stack+0x1d/0x30
[   79.948231][ T5498]  dump_stack_lvl+0xe8/0x140
[   79.948250][ T5498]  dump_stack+0x15/0x1b
[   79.948266][ T5498]  should_fail_ex+0x265/0x280
[   79.948413][ T5498]  should_fail+0xb/0x20
[   79.948443][ T5498]  should_fail_usercopy+0x1a/0x20
[   79.948462][ T5498]  _copy_from_user+0x1c/0xb0
[   79.948543][ T5498]  ___sys_sendmsg+0xc1/0x1d0
[   79.948575][ T5498]  __sys_sendmmsg+0x178/0x300
[   79.948602][ T5498]  __x64_sys_sendmmsg+0x57/0x70
[   79.948627][ T5498]  x64_sys_call+0x1c4a/0x3000
[   79.948649][ T5498]  do_syscall_64+0xd2/0x200
[   79.948669][ T5498]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   79.948699][ T5498]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   79.948755][ T5498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.948776][ T5498] RIP: 0033:0x7f24e081efc9
[   79.948792][ T5498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.948816][ T5498] RSP: 002b:00007f24df287038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   79.948838][ T5498] RAX: ffffffffffffffda RBX: 00007f24e0a75fa0 RCX: 00007f24e081efc9
[   79.948853][ T5498] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000006
[   79.948916][ T5498] RBP: 00007f24df287090 R08: 0000000000000000 R09: 0000000000000000
[   79.948930][ T5498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   79.948944][ T5498] R13: 00007f24e0a76038 R14: 00007f24e0a75fa0 R15: 00007ffee4155bb8
[   79.948996][ T5498]  </TASK>
[   80.125338][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.255132][ T5520] loop0: detected capacity change from 0 to 512
[   80.281360][ T3798] Bluetooth: hci0: command 0x1003 tx timeout
[   80.291672][ T4104] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   80.322166][ T5520] EXT4-fs (loop0): failed to open journal device unknown-block(0,0) -6
[   80.422869][ T5536] loop2: detected capacity change from 0 to 1024
[   80.431778][ T5536] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   80.442696][ T5536] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   80.455297][ T5536] JBD2: no valid journal superblock found
[   80.461100][ T5536] EXT4-fs (loop2): Could not load journal inode
[   80.473012][ T5528] loop3: detected capacity change from 0 to 512
[   80.489293][ T5535] loop4: detected capacity change from 0 to 512
[   80.512658][ T5535] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   80.548906][ T5528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.595948][ T5535] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.614098][ T5528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.799516][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.021900][ T5520] vlan2: entered allmulticast mode
[   81.382094][ T5569] loop4: detected capacity change from 0 to 512
[   81.607731][ T5574] loop3: detected capacity change from 0 to 2048
[   81.617364][ T5569] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.623256][ T5574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.706522][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.869456][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.885898][ T5585] loop2: detected capacity change from 0 to 256
[   81.904231][   T31] Bluetooth: hci0: Frame reassembly failed (-84)
[   81.979125][ T5604] loop2: detected capacity change from 0 to 512
[   81.986242][ T5604] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   82.003040][ T5604] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.031612][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.062399][ T5616] loop2: detected capacity change from 0 to 128
[   82.070400][ T5616] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   82.798682][ T5626] Set syz1 is full, maxelem 65536 reached
[   82.905726][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   82.919147][ T5634] bridge0: entered promiscuous mode
[   82.927483][ T5634] bridge0: left promiscuous mode
[   83.115157][   T29] kauditd_printk_skb: 250 callbacks suppressed
[   83.115170][   T29] audit: type=1400 audit(83.091:2440): avc:  denied  { setopt } for  pid=5638 comm="syz.2.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   83.140158][   T29] audit: type=1400 audit(83.091:2441): avc:  denied  { write } for  pid=5638 comm="syz.2.590" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   83.911468][ T5662] program syz.3.598 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   83.920802][ T5662] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   83.961349][ T4104] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   83.966199][ T3798] Bluetooth: hci0: command 0x1003 tx timeout
[   83.991389][ T5666] loop2: detected capacity change from 0 to 512
[   83.999401][ T5666] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   84.049141][ T5666] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.600: invalid indirect mapped block 4294967295 (level 0)
[   84.078093][ T5673] loop3: detected capacity change from 0 to 128
[   84.102895][ T5673] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   84.111539][ T5666] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.600: invalid indirect mapped block 4294967295 (level 1)
[   84.147143][ T5672] loop4: detected capacity change from 0 to 8192
[   84.161234][   T29] audit: type=1400 audit(84.141:2442): avc:  denied  { setattr } for  pid=5680 comm="syz.1.604" name="secretmem" dev="secretmem" ino=9817 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   84.183667][   T29] audit: type=1400 audit(84.141:2443): avc:  denied  { create } for  pid=5680 comm="syz.1.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   84.212008][ T5666] EXT4-fs (loop2): 1 orphan inode deleted
[   84.217794][ T5666] EXT4-fs (loop2): 1 truncate cleaned up
[   84.241929][ T5666] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.296245][ T5666] tipc: Started in network mode
[   84.301199][ T5666] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   84.320305][ T5666] tipc: New replicast peer: fe88:0000:0000:0000:0000:0000:0000:0003
[   84.328543][ T5666] tipc: Enabled bearer <udp:syz0>, priority 10
[   84.445569][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.466196][   T29] audit: type=1400 audit(84.441:2444): avc:  denied  { connect } for  pid=5670 comm="syz.4.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   84.656769][ T5693] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.664257][ T5693] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.681455][   T29] audit: type=1400 audit(84.621:2445): avc:  denied  { mount } for  pid=5692 comm="syz.2.606" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   84.703493][   T29] audit: type=1400 audit(84.631:2446): avc:  denied  { search } for  pid=5692 comm="syz.2.606" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   84.724836][   T29] audit: type=1400 audit(84.631:2447): avc:  denied  { search } for  pid=5692 comm="syz.2.606" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   84.746220][   T29] audit: type=1400 audit(84.631:2448): avc:  denied  { search } for  pid=5692 comm="syz.2.606" name="/" dev="configfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   84.752753][ T5672] FAT-fs (loop4): error, corrupted directory (invalid entries)
[   84.768320][ T5693] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.775324][ T5672] FAT-fs (loop4): Filesystem has been set read-only
[   84.789319][ T5693] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.880387][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   84.996262][ T5703] __nla_validate_parse: 7 callbacks suppressed
[   84.996278][ T5703] netlink: 64 bytes leftover after parsing attributes in process `syz.4.609'.
[   85.039124][ T5707] program syz.3.611 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   85.048771][ T5707] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   85.111615][ T5712] loop2: detected capacity change from 0 to 512
[   85.143014][ T5712] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   85.181529][ T5717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.607'.
[   85.213218][   T29] audit: type=1400 audit(85.191:2449): avc:  denied  { block_suspend } for  pid=5716 comm="syz.1.607" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   85.243297][ T5712] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.337106][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.355663][ T5727] loop4: detected capacity change from 0 to 512
[   85.406907][ T5734] netlink: 64 bytes leftover after parsing attributes in process `syz.2.617'.
[   85.457236][ T5727] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6
[   85.461481][   T23] tipc: Node number set to 1
[   85.574109][ T5738] loop3: detected capacity change from 0 to 512
[   85.580982][ T5738] EXT4-fs: Ignoring removed nobh option
[   85.594229][ T5738] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   85.605899][ T5738] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it
[   85.616044][ T5738] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.613: Corrupt directory, running e2fsck is recommended
[   85.629905][ T5738] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[   85.638204][ T5738] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.613: corrupted in-inode xattr: invalid ea_ino
[   85.659015][ T5738] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.613: couldn't read orphan inode 15 (err -117)
[   85.692307][ T5738] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.706654][ T5738] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.835275][ T5742] Set syz1 is full, maxelem 65536 reached
[   85.895043][ T5751] serio: Serial port ptm0
[   86.005004][ T5727] vlan2: entered allmulticast mode
[   86.101956][ T5770] loop3: detected capacity change from 0 to 8192
[   86.164079][ T5791] loop3: detected capacity change from 0 to 512
[   86.175697][ T5795] loop0: detected capacity change from 0 to 512
[   86.183525][ T5791] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   86.208297][ T5791] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.215953][ T5795] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.239312][ T5797] loop4: detected capacity change from 0 to 8192
[   86.246553][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.248666][ T5795] EXT4-fs error (device loop0): ext4_xattr_block_get:597: inode #12: comm syz.0.631: corrupted xattr block 6: invalid header
[   86.270096][ T5795] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=12
[   86.279623][ T5795] EXT4-fs error (device loop0): ext4_xattr_block_get:597: inode #12: comm syz.0.631: corrupted xattr block 6: invalid header
[   86.292869][ T5797]  loop4: p1 p2 p3 p4
[   86.293193][ T5795] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=12
[   86.296996][ T5797] loop4: p1 size 196608 extends beyond EOD, truncated
[   86.306451][ T5795] EXT4-fs error (device loop0): ext4_xattr_block_get:597: inode #12: comm syz.0.631: corrupted xattr block 6: invalid header
[   86.330103][ T5797] loop4: p2 start 164919041 is beyond EOD, truncated
[   86.337259][ T5797] loop4: p3 size 66846464 extends beyond EOD, truncated
[   86.345109][ T5797] loop4: p4 size 37048832 extends beyond EOD, truncated
[   86.366004][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.535489][ T5828] loop3: detected capacity change from 0 to 512
[   86.542202][ T5828] EXT4-fs: Ignoring removed nobh option
[   86.548265][ T5830] loop4: detected capacity change from 0 to 512
[   86.549450][ T5828] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   86.555666][ T5830] EXT4-fs: Ignoring removed nobh option
[   86.566163][ T5828] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it
[   86.573174][ T5830] EXT4-fs (loop4): orphan cleanup on readonly fs
[   86.581939][ T5828] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.634: Corrupt directory, running e2fsck is recommended
[   86.588245][ T5830] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -13
[   86.602864][ T5828] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[   86.611071][ T5830] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   86.617578][ T5828] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.634: corrupted in-inode xattr: invalid ea_ino
[   86.634141][ T5830] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.636: attempt to clear invalid blocks 2 len 1
[   86.645427][ T5828] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.634: couldn't read orphan inode 15 (err -117)
[   86.670152][ T5830] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.636: invalid indirect mapped block 1819239214 (level 0)
[   86.670475][ T5828] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.686212][ T5830] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.636: invalid indirect mapped block 1819239214 (level 1)
[   86.698191][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.711106][ T5830] EXT4-fs (loop4): 1 truncate cleaned up
[   86.726940][ T5830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   86.745332][ T5830] EXT4-fs error (device loop4): ext4_lookup:1784: inode #2: comm syz.4.636: 'file1' linked to parent dir
[   86.757212][ T5830] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   86.767004][ T5830] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   86.783886][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.892700][ T5846] FAULT_INJECTION: forcing a failure.
[   86.892700][ T5846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   86.905804][ T5846] CPU: 1 UID: 0 PID: 5846 Comm: syz.2.639 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   86.905834][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   86.905848][ T5846] Call Trace:
[   86.905855][ T5846]  <TASK>
[   86.905863][ T5846]  __dump_stack+0x1d/0x30
[   86.905885][ T5846]  dump_stack_lvl+0xe8/0x140
[   86.905905][ T5846]  dump_stack+0x15/0x1b
[   86.905984][ T5846]  should_fail_ex+0x265/0x280
[   86.906036][ T5846]  should_fail+0xb/0x20
[   86.906051][ T5846]  should_fail_usercopy+0x1a/0x20
[   86.906077][ T5846]  _copy_from_user+0x1c/0xb0
[   86.906106][ T5846]  memdup_user+0x5e/0xd0
[   86.906212][ T5846]  strndup_user+0x68/0xb0
[   86.906240][ T5846]  __se_sys_mount+0x4d/0x2e0
[   86.906280][ T5846]  ? fput+0x8f/0xc0
[   86.906300][ T5846]  ? ksys_write+0x192/0x1a0
[   86.906340][ T5846]  __x64_sys_mount+0x67/0x80
[   86.906369][ T5846]  x64_sys_call+0x2b51/0x3000
[   86.906390][ T5846]  do_syscall_64+0xd2/0x200
[   86.906408][ T5846]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   86.906517][ T5846]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   86.906553][ T5846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.906573][ T5846] RIP: 0033:0x7f7cf44cefc9
[   86.906587][ T5846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.906624][ T5846] RSP: 002b:00007f7cf2f2f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   86.906643][ T5846] RAX: ffffffffffffffda RBX: 00007f7cf4725fa0 RCX: 00007f7cf44cefc9
[   86.906657][ T5846] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 0000000000000000
[   86.906669][ T5846] RBP: 00007f7cf2f2f090 R08: 0000200000000180 R09: 0000000000000000
[   86.906681][ T5846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.906711][ T5846] R13: 00007f7cf4726038 R14: 00007f7cf4725fa0 R15: 00007ffc314c44b8
[   86.906734][ T5846]  </TASK>
[   87.142344][ T5848] 9pnet_fd: Insufficient options for proto=fd
[   87.187942][ T5860] netlink: 'syz.1.644': attribute type 1 has an invalid length.
[   87.210554][ T5860] 8021q: adding VLAN 0 to HW filter on device bond2
[   87.264189][ T5908] loop2: detected capacity change from 0 to 128
[   87.273924][ T5908] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   87.290867][ T5860] bond2: (slave veth3): Enslaving as an active interface with a down link
[   87.325521][ T5914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.647'.
[   87.334922][ T5914] netlink: 32 bytes leftover after parsing attributes in process `syz.0.647'.
[   87.336475][ T5912] 8021q: adding VLAN 0 to HW filter on device batadv1
[   87.374411][ T5912] bond2: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[   87.400374][ T5921] loop4: detected capacity change from 0 to 512
[   87.435408][ T5921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   87.557105][ T5942] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   87.565249][ T5945] loop3: detected capacity change from 0 to 4096
[   87.593698][ T5945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.635420][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.675125][ T5957] veth0_to_team: entered promiscuous mode
[   88.087534][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   88.109247][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   88.153215][ T6005] program syz.4.662 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   88.159866][ T6007] netlink: 7 bytes leftover after parsing attributes in process `syz.2.663'.
[   88.162813][   T29] kauditd_printk_skb: 131 callbacks suppressed
[   88.162825][   T29] audit: type=1400 audit(88.131:2581): avc:  denied  { bind } for  pid=6006 comm="syz.2.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   88.171908][ T6005] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   88.185940][ T6007] netlink: 7 bytes leftover after parsing attributes in process `syz.2.663'.
[   88.221780][   T29] audit: type=1400 audit(88.191:2582): avc:  denied  { setopt } for  pid=6006 comm="syz.2.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   88.307195][   T29] audit: type=1400 audit(88.281:2583): avc:  denied  { ioctl } for  pid=6006 comm="syz.2.663" path="socket:[11069]" dev="sockfs" ino=11069 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   88.584487][ T6029] netlink: 72 bytes leftover after parsing attributes in process `syz.2.668'.
[   88.639691][   T29] audit: type=1400 audit(88.611:2584): avc:  denied  { bind } for  pid=6031 comm="syz.0.670" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   88.659469][   T29] audit: type=1400 audit(88.611:2585): avc:  denied  { node_bind } for  pid=6031 comm="syz.0.670" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   88.659549][   T29] audit: type=1400 audit(88.611:2586): avc:  denied  { mount } for  pid=6034 comm="syz.2.671" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   88.755904][   T29] audit: type=1400 audit(88.721:2587): avc:  denied  { kexec_image_load } for  pid=6031 comm="syz.0.670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[   88.852896][   T29] audit: type=1326 audit(88.831:2588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[   88.937395][   T29] audit: type=1326 audit(88.851:2589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[   88.960188][   T29] audit: type=1326 audit(88.851:2590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[   89.007481][ T6050] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:20000
[   89.124692][ T6061] netlink: 72 bytes leftover after parsing attributes in process `syz.3.682'.
[   89.193171][ T6069] loop2: detected capacity change from 0 to 512
[   89.215713][ T6069] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.257568][ T6069] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.686: corrupted xattr block 6: invalid header
[   89.323931][ T6069] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   89.340013][ T6080] netlink: 'syz.0.687': attribute type 1 has an invalid length.
[   89.347708][ T6080] netlink: 56 bytes leftover after parsing attributes in process `syz.0.687'.
[   89.356811][ T6069] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.686: corrupted xattr block 6: invalid header
[   89.372015][ T6069] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   89.384031][ T6069] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.686: corrupted xattr block 6: invalid header
[   89.456528][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.536632][  T389] Bluetooth: hci0: Frame reassembly failed (-84)
[   90.196948][ T6122] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.290072][ T6122] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.350582][ T6122] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.443821][ T6122] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.537284][   T41] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.587962][   T41] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.625147][   T41] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.669584][   T41] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.812070][ T6148] __nla_validate_parse: 4 callbacks suppressed
[   90.812089][ T6148] netlink: 64 bytes leftover after parsing attributes in process `syz.0.706'.
[   90.904591][ T6155] netlink: 64 bytes leftover after parsing attributes in process `syz.0.706'.
[   91.084985][ T6154] Set syz1 is full, maxelem 65536 reached
[   91.145678][ T6163] loop4: detected capacity change from 0 to 512
[   91.218242][ T6175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'.
[   91.308066][ T6186] loop4: detected capacity change from 0 to 2048
[   91.365603][ T6186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.393822][ T6186] bridge0: entered promiscuous mode
[   91.399345][ T6186] bridge0: left promiscuous mode
[   91.426633][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.454623][ T6207] program syz.3.728 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   91.474353][ T6207] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   91.564783][ T4104] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   91.600256][ T6229] IPv6: NLM_F_CREATE should be specified when creating new route
[   91.620919][ T6223] loop3: detected capacity change from 0 to 512
[   91.667424][ T6223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.822301][ T6223] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.733: bg 0: block 18: invalid block bitmap
[   91.857488][ T6237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.889015][ T6250] program syz.4.742 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   91.905335][ T6237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.928022][ T6250] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   92.041096][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.124236][ T6259] loop4: detected capacity change from 0 to 512
[   92.134158][ T6259] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.4.746: corrupted xattr block 95: invalid header
[   92.149164][ T6259] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.746: bg 0: block 7: invalid block bitmap
[   92.161969][ T6259] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   92.171052][ T6259] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2967: inode #11: comm syz.4.746: corrupted xattr block 95: invalid header
[   92.185942][ T6259] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[   92.197240][ T6259] EXT4-fs (loop4): 1 orphan inode deleted
[   92.204588][ T6259] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.217987][ T6259] FAULT_INJECTION: forcing a failure.
[   92.217987][ T6259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.231071][ T6259] CPU: 0 UID: 0 PID: 6259 Comm: syz.4.746 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.231101][ T6259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   92.231114][ T6259] Call Trace:
[   92.231121][ T6259]  <TASK>
[   92.231128][ T6259]  __dump_stack+0x1d/0x30
[   92.231153][ T6259]  dump_stack_lvl+0xe8/0x140
[   92.231179][ T6259]  dump_stack+0x15/0x1b
[   92.231257][ T6259]  should_fail_ex+0x265/0x280
[   92.231277][ T6259]  should_fail+0xb/0x20
[   92.231291][ T6259]  should_fail_usercopy+0x1a/0x20
[   92.231310][ T6259]  strncpy_from_user+0x25/0x230
[   92.231393][ T6259]  ? kmem_cache_alloc_noprof+0x242/0x480
[   92.231427][ T6259]  ? getname_flags+0x80/0x3b0
[   92.231544][ T6259]  getname_flags+0xae/0x3b0
[   92.231573][ T6259]  do_sys_openat2+0x60/0x110
[   92.231595][ T6259]  __x64_sys_openat+0xf2/0x120
[   92.231617][ T6259]  x64_sys_call+0x2eab/0x3000
[   92.231656][ T6259]  do_syscall_64+0xd2/0x200
[   92.231740][ T6259]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   92.231770][ T6259]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   92.231913][ T6259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.232050][ T6259] RIP: 0033:0x7f4945afefc9
[   92.232121][ T6259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.232138][ T6259] RSP: 002b:00007f494455f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   92.232159][ T6259] RAX: ffffffffffffffda RBX: 00007f4945d55fa0 RCX: 00007f4945afefc9
[   92.232174][ T6259] RDX: 0000000000511a01 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   92.232192][ T6259] RBP: 00007f494455f090 R08: 0000000000000000 R09: 0000000000000000
[   92.232206][ T6259] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[   92.232220][ T6259] R13: 00007f4945d56038 R14: 00007f4945d55fa0 R15: 00007ffcc2dc20d8
[   92.232275][ T6259]  </TASK>
[   92.481917][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.721530][ T6301] program syz.3.753 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   92.746033][ T6301] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   92.788905][ T6308] netlink: 64 bytes leftover after parsing attributes in process `syz.4.755'.
[   92.813817][ T6312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'.
[   92.831456][ T1036] IPVS: starting estimator thread 0...
[   92.839006][ T6312] netlink: 32 bytes leftover after parsing attributes in process `syz.3.757'.
[   92.921348][ T6314] IPVS: using max 2544 ests per chain, 127200 per kthread
[   93.436044][ T6341] netlink: 28 bytes leftover after parsing attributes in process `syz.2.769'.
[   93.471739][ T6339] bridge0: entered promiscuous mode
[   93.487325][ T6343] vti0: entered allmulticast mode
[   93.506597][ T6341] netlink: 28 bytes leftover after parsing attributes in process `syz.2.769'.
[   93.528991][ T6339] bridge0: left promiscuous mode
[   93.702284][ T6352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.772'.
[   93.733824][ T6354] loop3: detected capacity change from 0 to 256
[   93.745591][ T6352] netlink: 32 bytes leftover after parsing attributes in process `syz.1.772'.
[   93.780357][ T6354] FAT-fs (loop3): Directory bread(block 64) failed
[   93.807299][ T6354] FAT-fs (loop3): Directory bread(block 65) failed
[   93.824798][   T29] kauditd_printk_skb: 275 callbacks suppressed
[   93.824812][   T29] audit: type=1326 audit(93.801:2866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[   93.867462][ T6354] FAT-fs (loop3): Directory bread(block 66) failed
[   93.897285][ T6354] FAT-fs (loop3): Directory bread(block 67) failed
[   93.923195][ T6354] FAT-fs (loop3): Directory bread(block 68) failed
[   93.954898][ T6354] FAT-fs (loop3): Directory bread(block 69) failed
[   93.968986][   T29] audit: type=1326 audit(93.841:2867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[   93.991697][   T29] audit: type=1326 audit(93.841:2868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[   94.014331][   T29] audit: type=1326 audit(93.841:2869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[   94.036968][   T29] audit: type=1326 audit(93.841:2870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[   94.059774][   T29] audit: type=1326 audit(93.841:2871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f24e0820ee7 code=0x7ffc0000
[   94.082384][   T29] audit: type=1326 audit(93.841:2872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f24e0820e5c code=0x7ffc0000
[   94.104962][   T29] audit: type=1326 audit(93.841:2873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f24e0820d94 code=0x7ffc0000
[   94.116610][ T6354] FAT-fs (loop3): Directory bread(block 70) failed
[   94.127685][   T29] audit: type=1326 audit(93.841:2874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f24e0820d94 code=0x7ffc0000
[   94.151244][ T6354] FAT-fs (loop3): Directory bread(block 71) failed
[   94.156723][   T29] audit: type=1326 audit(93.841:2875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.0.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f24e081dc2a code=0x7ffc0000
[   94.190356][ T6363] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.234552][ T6354] FAT-fs (loop3): Directory bread(block 72) failed
[   94.253374][ T6354] FAT-fs (loop3): Directory bread(block 73) failed
[   94.327963][ T6363] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.344698][ T6377] loop4: detected capacity change from 0 to 2048
[   94.370117][ T6377] bridge0: entered promiscuous mode
[   94.383703][ T6388] loop3: detected capacity change from 0 to 512
[   94.536302][ T6363] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.595118][ T6388] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.785: corrupted xattr block 6: invalid header
[   94.618540][ T6377] bridge0: left promiscuous mode
[   94.644571][ T6388] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[   94.666688][ T6363] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.716286][ T6388] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.785: corrupted xattr block 6: invalid header
[   94.813892][   T31] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.877976][   T31] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.942980][ T6388] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[   94.957478][   T31] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.982739][ T6404] usb usb7: usbfs: process 6404 (syz.0.786) did not claim interface 0 before use
[   94.992380][ T6388] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.785: corrupted xattr block 6: invalid header
[   95.103898][   T31] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.431518][ T6431] netlink: 'syz.1.795': attribute type 39 has an invalid length.
[   95.626297][ T6442] loop3: detected capacity change from 0 to 512
[   95.797202][ T6442] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[   95.891089][ T6455] bridge0: entered promiscuous mode
[   95.926275][ T6455] bridge0: left promiscuous mode
[   96.073910][ T6461] sctp: [Deprecated]: syz.1.805 (pid 6461) Use of struct sctp_assoc_value in delayed_ack socket option.
[   96.073910][ T6461] Use struct sctp_sack_info instead
[   96.122229][ T6459] bond1: Removing last ns target with arp_interval on
[   96.236846][ T6502] bridge0: entered promiscuous mode
[   96.246405][ T6502] bridge0: left promiscuous mode
[   96.334001][ T6505] bridge0: entered promiscuous mode
[   96.345332][ T6511] __nla_validate_parse: 14 callbacks suppressed
[   96.345349][ T6511] netlink: 64 bytes leftover after parsing attributes in process `syz.2.810'.
[   96.360600][ T6505] bridge0: left promiscuous mode
[   96.457395][ T6528] netlink: 20 bytes leftover after parsing attributes in process `syz.2.817'.
[   96.480261][ T6442] vlan2: entered allmulticast mode
[   96.632989][ T6563] program syz.2.829 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   96.645925][ T6565] netlink: 20 bytes leftover after parsing attributes in process `syz.3.830'.
[   96.664647][ T6563] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   96.690107][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.832'.
[   96.716149][ T6572] netlink: 32 bytes leftover after parsing attributes in process `syz.3.832'.
[   96.728889][ T6575] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'.
[   96.738535][ T6575] netlink: 32 bytes leftover after parsing attributes in process `syz.2.834'.
[   96.756161][ T6576] netlink: 64 bytes leftover after parsing attributes in process `syz.0.833'.
[   96.768348][ T6576] netlink: 64 bytes leftover after parsing attributes in process `syz.0.833'.
[   96.770090][ T6580] can0: slcan on ptm0.
[   96.811993][ T6580] loop3: detected capacity change from 0 to 1024
[   96.816728][ T6587] loop2: detected capacity change from 0 to 512
[   96.830929][ T6587] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   96.841598][ T6580] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   96.857937][ T6587] EXT4-fs mount: 4 callbacks suppressed
[   96.857949][ T6587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.877130][ T6580] EXT4-fs (loop3): mount failed
[   96.900522][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.932104][ T6580] can0 (unregistered): slcan off ptm0.
[   96.939486][ T6580] Falling back ldisc for ptm0.
[   97.021139][ T6623] netlink: 'syz.2.850': attribute type 12 has an invalid length.
[   97.030081][ T6626] loop3: detected capacity change from 0 to 512
[   97.038499][ T6623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=6623 comm=syz.2.850
[   97.051052][ T6623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=6623 comm=syz.2.850
[   97.063693][ T6623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2584 sclass=netlink_route_socket pid=6623 comm=syz.2.850
[   97.065965][ T6626] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[   97.076297][ T6623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=6623 comm=syz.2.850
[   97.076323][ T6623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=6623 comm=syz.2.850
[   97.109847][ T6623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6623 comm=syz.2.850
[   97.168003][ T6638] loop4: detected capacity change from 0 to 512
[   97.180721][ T6638] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   97.193371][ T6638] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.220696][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.242673][ T6648] loop4: detected capacity change from 0 to 256
[   97.264037][ T6651] loop2: detected capacity change from 0 to 1024
[   97.270816][ T6651] EXT4-fs: inline encryption not supported
[   97.287233][ T6651] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.300284][ T6626] vlan2: entered allmulticast mode
[   97.318593][ T6664] netlink: 'syz.4.858': attribute type 4 has an invalid length.
[   97.330250][ T6664] netlink: 'syz.4.858': attribute type 4 has an invalid length.
[   97.381364][ T6668] loop3: detected capacity change from 0 to 512
[   97.406973][ T6668] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.424049][ T6668] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.860: corrupted xattr block 6: invalid header
[   97.437378][ T6668] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[   97.446453][ T6668] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.860: corrupted xattr block 6: invalid header
[   97.460010][ T6668] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[   97.469035][ T6668] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.860: corrupted xattr block 6: invalid header
[   97.516905][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.645698][ T6678] loop3: detected capacity change from 0 to 128
[   97.654274][ T6678] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   97.814025][ T6691] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.869316][ T6695] bridge0: entered promiscuous mode
[   97.875011][ T6695] bridge0: left promiscuous mode
[   97.945096][ T6691] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.038895][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.062559][ T6691] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.106080][ T6691] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.194562][   T67] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.211047][   T67] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.234256][   T67] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.243086][   T67] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.418564][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   98.447782][ T6753] loop3: detected capacity change from 0 to 512
[   98.485869][ T6753] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[   98.612812][ T6753] vlan2: entered allmulticast mode
[   98.871789][   T29] kauditd_printk_skb: 443 callbacks suppressed
[   98.871858][   T29] audit: type=1400 audit(98.851:3318): avc:  denied  { read } for  pid=6769 comm="syz.3.886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   99.297737][ T6787] FAULT_INJECTION: forcing a failure.
[   99.297737][ T6787] name failslab, interval 1, probability 0, space 0, times 0
[   99.310418][ T6787] CPU: 1 UID: 0 PID: 6787 Comm: syz.1.890 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   99.310442][ T6787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   99.310454][ T6787] Call Trace:
[   99.310460][ T6787]  <TASK>
[   99.310466][ T6787]  __dump_stack+0x1d/0x30
[   99.310508][ T6787]  dump_stack_lvl+0xe8/0x140
[   99.310531][ T6787]  dump_stack+0x15/0x1b
[   99.310551][ T6787]  should_fail_ex+0x265/0x280
[   99.310625][ T6787]  should_failslab+0x8c/0xb0
[   99.310652][ T6787]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   99.310680][ T6787]  ? __alloc_skb+0x101/0x320
[   99.310757][ T6787]  __alloc_skb+0x101/0x320
[   99.310855][ T6787]  netlink_alloc_large_skb+0xbf/0xf0
[   99.310926][ T6787]  netlink_sendmsg+0x3cf/0x6b0
[   99.310944][ T6787]  ? __pfx_netlink_sendmsg+0x10/0x10
[   99.310962][ T6787]  __sock_sendmsg+0x145/0x180
[   99.311036][ T6787]  ____sys_sendmsg+0x31e/0x4e0
[   99.311068][ T6787]  ___sys_sendmsg+0x17b/0x1d0
[   99.311096][ T6787]  __x64_sys_sendmsg+0xd4/0x160
[   99.311197][ T6787]  x64_sys_call+0x191e/0x3000
[   99.311219][ T6787]  do_syscall_64+0xd2/0x200
[   99.311237][ T6787]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   99.311264][ T6787]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   99.311310][ T6787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.311347][ T6787] RIP: 0033:0x7ff1627eefc9
[   99.311360][ T6787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.311375][ T6787] RSP: 002b:00007ff16124f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.311394][ T6787] RAX: ffffffffffffffda RBX: 00007ff162a45fa0 RCX: 00007ff1627eefc9
[   99.311479][ T6787] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   99.311490][ T6787] RBP: 00007ff16124f090 R08: 0000000000000000 R09: 0000000000000000
[   99.311501][ T6787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.311512][ T6787] R13: 00007ff162a46038 R14: 00007ff162a45fa0 R15: 00007ffd784d5978
[   99.311529][ T6787]  </TASK>
[   99.654451][ T6785] loop4: detected capacity change from 0 to 512
[   99.661583][ T6785] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   99.702716][ T6785] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.730226][ T6793] netlink: 28 bytes leftover after parsing attributes in process `syz.1.891'.
[   99.752677][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.796625][   T29] audit: type=1326 audit(99.761:3319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.819335][   T29] audit: type=1326 audit(99.761:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.841936][   T29] audit: type=1326 audit(99.761:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.864594][   T29] audit: type=1326 audit(99.771:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.864626][   T29] audit: type=1326 audit(99.771:3323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.864655][   T29] audit: type=1326 audit(99.771:3324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.864705][   T29] audit: type=1326 audit(99.771:3325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[   99.951218][   T29] audit: type=1326 audit(99.841:3326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  100.026144][   T29] audit: type=1326 audit(99.841:3327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6796 comm="syz.1.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  100.041315][ T6809] netlink: 'syz.4.892': attribute type 5 has an invalid length.
[  100.336861][ T6809] loop4: detected capacity change from 0 to 512
[  100.344968][ T6809] EXT4-fs (loop4): invalid first ino: 0
[  100.441332][ T3798] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  100.449512][ T6807] vlan0: entered allmulticast mode
[  100.673283][ T6830] netlink: 'syz.2.900': attribute type 21 has an invalid length.
[  100.848549][ T6854] loop4: detected capacity change from 0 to 512
[  100.998293][ T6869] loop2: detected capacity change from 0 to 512
[  101.018838][ T6871] FAULT_INJECTION: forcing a failure.
[  101.018838][ T6871] name failslab, interval 1, probability 0, space 0, times 0
[  101.031503][ T6871] CPU: 1 UID: 0 PID: 6871 Comm: syz.0.918 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  101.031544][ T6871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  101.031556][ T6871] Call Trace:
[  101.031563][ T6871]  <TASK>
[  101.031570][ T6871]  __dump_stack+0x1d/0x30
[  101.031628][ T6871]  dump_stack_lvl+0xe8/0x140
[  101.031651][ T6871]  dump_stack+0x15/0x1b
[  101.031670][ T6871]  should_fail_ex+0x265/0x280
[  101.031691][ T6871]  should_failslab+0x8c/0xb0
[  101.031790][ T6871]  __kvmalloc_node_noprof+0x12e/0x670
[  101.031823][ T6871]  ? pfifo_fast_init+0x19a/0x360
[  101.031857][ T6871]  pfifo_fast_init+0x19a/0x360
[  101.031965][ T6871]  qdisc_create_dflt+0xef/0x2d0
[  101.032032][ T6871]  mq_init+0x1b6/0x380
[  101.032052][ T6871]  ? __rcu_read_unlock+0x4f/0x70
[  101.032082][ T6871]  qdisc_create_dflt+0xef/0x2d0
[  101.032223][ T6871]  ? dev_activate+0xbb/0x9e0
[  101.032256][ T6871]  dev_activate+0xde/0x9e0
[  101.032285][ T6871]  ? _raw_spin_unlock_bh+0x36/0x40
[  101.032310][ T6871]  __dev_open+0x472/0x530
[  101.032381][ T6871]  __dev_change_flags+0x163/0x400
[  101.032414][ T6871]  netif_change_flags+0x5a/0xd0
[  101.032445][ T6871]  dev_change_flags+0xce/0x180
[  101.032483][ T6871]  dev_ifsioc+0x44b/0xaa0
[  101.032508][ T6871]  ? __rcu_read_unlock+0x4f/0x70
[  101.032532][ T6871]  dev_ioctl+0x70a/0x960
[  101.032553][ T6871]  sock_do_ioctl+0x197/0x220
[  101.032580][ T6871]  sock_ioctl+0x41b/0x610
[  101.032644][ T6871]  ? __pfx_sock_ioctl+0x10/0x10
[  101.032663][ T6871]  __se_sys_ioctl+0xce/0x140
[  101.032686][ T6871]  __x64_sys_ioctl+0x43/0x50
[  101.032760][ T6871]  x64_sys_call+0x1816/0x3000
[  101.032780][ T6871]  do_syscall_64+0xd2/0x200
[  101.032798][ T6871]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  101.032824][ T6871]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  101.032921][ T6871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.033008][ T6871] RIP: 0033:0x7f24e081efc9
[  101.033023][ T6871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.033040][ T6871] RSP: 002b:00007f24df287038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  101.033061][ T6871] RAX: ffffffffffffffda RBX: 00007f24e0a75fa0 RCX: 00007f24e081efc9
[  101.033075][ T6871] RDX: 0000200000002280 RSI: 0000000000008914 RDI: 0000000000000004
[  101.033087][ T6871] RBP: 00007f24df287090 R08: 0000000000000000 R09: 0000000000000000
[  101.033162][ T6871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.033176][ T6871] R13: 00007f24e0a76038 R14: 00007f24e0a75fa0 R15: 00007ffee4155bb8
[  101.033196][ T6871]  </TASK>
[  101.033335][ T6871] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  101.313318][ T6869] journal_path: Non-blockdev passed as './bus'
[  101.319695][ T6869] EXT4-fs: error: could not find journal device path
[  101.319970][ T6854] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6
[  101.688649][ T6892] Set syz1 is full, maxelem 65536 reached
[  101.724168][ T6854] vlan2: entered allmulticast mode
[  101.819329][ T6915] __nla_validate_parse: 7 callbacks suppressed
[  101.819343][ T6915] netlink: 64 bytes leftover after parsing attributes in process `syz.0.930'.
[  101.904168][ T6921] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.966366][ T6921] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.994068][ T6932] loop4: detected capacity change from 0 to 1024
[  102.016244][ T6921] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.030661][ T6937] netlink: 'syz.2.937': attribute type 1 has an invalid length.
[  102.040627][ T6937] loop5: detected capacity change from 0 to 7
[  102.040632][ T6932] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.067035][ T6921] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.092987][   T48] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  102.102205][   T48] Buffer I/O error on dev loop5, logical block 0, async page read
[  102.110188][ T6937] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  102.119400][ T6937] Buffer I/O error on dev loop5, logical block 0, async page read
[  102.127577][ T6937]  loop5: unable to read partition table
[  102.144526][ T6937] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  102.159811][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.200040][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.214491][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.233428][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.243967][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.391942][ T6961] Set syz1 is full, maxelem 65536 reached
[  102.417857][ T6977] netlink: 64 bytes leftover after parsing attributes in process `syz.1.945'.
[  102.431607][ T6982] loop2: detected capacity change from 0 to 512
[  102.449446][ T6982] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.468617][ T6982] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.947: corrupted xattr block 6: invalid header
[  102.480278][ T6974] vlan2: entered allmulticast mode
[  102.485489][ T6982] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  102.495866][ T6982] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.947: corrupted xattr block 6: invalid header
[  102.509126][ T6982] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  102.518345][ T6982] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.947: corrupted xattr block 6: invalid header
[  102.544849][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.582281][ T7006] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  102.589718][ T7006] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  102.603881][ T7006] vhci_hcd: invalid port number 85
[  102.609038][ T7006] vhci_hcd: default hub control req: 1f12 v0000 i0055 l0
[  102.639569][ T7009] loop2: detected capacity change from 0 to 128
[  102.648251][ T7009] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  103.062094][ T7040] program syz.1.963 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  103.082571][ T7040] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  103.092493][ T7042] netlink: 64 bytes leftover after parsing attributes in process `syz.4.964'.
[  103.104516][ T7042] netlink: 64 bytes leftover after parsing attributes in process `syz.4.964'.
[  103.457763][ T7062] netlink: 28 bytes leftover after parsing attributes in process `syz.1.973'.
[  103.477681][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  103.497969][ T7064] netlink: 28 bytes leftover after parsing attributes in process `syz.0.974'.
[  103.514217][ T7068] netlink: 28 bytes leftover after parsing attributes in process `syz.1.973'.
[  103.524513][ T7064] netlink: 28 bytes leftover after parsing attributes in process `syz.0.974'.
[  103.574831][ T7070] netlink: 20 bytes leftover after parsing attributes in process `syz.2.975'.
[  103.583882][ T7075] bridge0: port 1(gretap0) entered blocking state
[  103.590385][ T7075] bridge0: port 1(gretap0) entered disabled state
[  103.635129][ T7084] netlink: 4 bytes leftover after parsing attributes in process `syz.1.976'.
[  103.638769][ T7075] gretap0: entered allmulticast mode
[  103.651021][ T7075] gretap0: entered promiscuous mode
[  103.660687][ T7086] program syz.4.981 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  103.670446][ T7086] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  103.683454][ T7075] bridge0: port 1(gretap0) entered blocking state
[  103.689988][ T7075] bridge0: port 1(gretap0) entered forwarding state
[  103.720059][ T7095] loop4: detected capacity change from 0 to 512
[  103.738119][ T7095] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.769397][ T7095] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.984: corrupted xattr block 6: invalid header
[  103.821286][ T7095] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  103.842682][ T7095] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.984: corrupted xattr block 6: invalid header
[  103.876333][ T7095] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  103.886407][ T7095] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.984: corrupted xattr block 6: invalid header
[  103.906800][   T29] kauditd_printk_skb: 384 callbacks suppressed
[  103.906815][   T29] audit: type=1326 audit(103.881:3712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  103.943922][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.949553][   T29] audit: type=1326 audit(103.881:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  103.975804][   T29] audit: type=1326 audit(103.881:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  103.998954][   T29] audit: type=1326 audit(103.881:3715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.021874][   T29] audit: type=1326 audit(103.881:3716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.044850][   T29] audit: type=1326 audit(103.881:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.067738][   T29] audit: type=1326 audit(103.881:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.090584][   T29] audit: type=1326 audit(103.881:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.113441][   T29] audit: type=1326 audit(103.881:3720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.136085][   T29] audit: type=1326 audit(103.881:3721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7121 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  104.197391][ T7118] Set syz1 is full, maxelem 65536 reached
[  104.263947][ T7129] loop3: detected capacity change from 0 to 512
[  104.275000][ T7145] can0: slcan on ptm0.
[  104.288988][ T7129] EXT4-fs: Ignoring removed nobh option
[  104.296351][ T7129] EXT4-fs (loop3): failed to initialize system zone (-117)
[  104.303721][ T7129] EXT4-fs (loop3): mount failed
[  104.385827][ T7167] FAULT_INJECTION: forcing a failure.
[  104.385827][ T7167] name failslab, interval 1, probability 0, space 0, times 0
[  104.398666][ T7167] CPU: 1 UID: 0 PID: 7167 Comm: syz.1.1004 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  104.398693][ T7167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  104.398705][ T7167] Call Trace:
[  104.398767][ T7167]  <TASK>
[  104.398775][ T7167]  __dump_stack+0x1d/0x30
[  104.398797][ T7167]  dump_stack_lvl+0xe8/0x140
[  104.398873][ T7167]  dump_stack+0x15/0x1b
[  104.398889][ T7167]  should_fail_ex+0x265/0x280
[  104.398909][ T7167]  should_failslab+0x8c/0xb0
[  104.399008][ T7167]  __kmalloc_noprof+0xa5/0x570
[  104.399093][ T7167]  ? ip_options_get+0x52/0x350
[  104.399109][ T7167]  ip_options_get+0x52/0x350
[  104.399155][ T7167]  ip_cmsg_send+0x49e/0x5f0
[  104.399173][ T7167]  udp_sendmsg+0x851/0x13c0
[  104.399189][ T7167]  ? _raw_spin_unlock_bh+0x36/0x40
[  104.399204][ T7167]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  104.399233][ T7167]  ? __rcu_read_unlock+0x4f/0x70
[  104.399292][ T7167]  ? __pfx_ip4_datagram_release_cb+0x10/0x10
[  104.399350][ T7167]  ? __pfx_udp_sendmsg+0x10/0x10
[  104.399420][ T7167]  inet_sendmsg+0xac/0xd0
[  104.399432][ T7167]  __sock_sendmsg+0x102/0x180
[  104.399514][ T7167]  ____sys_sendmsg+0x31e/0x4e0
[  104.399617][ T7167]  ___sys_sendmsg+0x17b/0x1d0
[  104.399635][ T7167]  __x64_sys_sendmsg+0xd4/0x160
[  104.399648][ T7167]  x64_sys_call+0x191e/0x3000
[  104.399661][ T7167]  do_syscall_64+0xd2/0x200
[  104.399671][ T7167]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  104.399749][ T7167]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  104.399869][ T7167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.399921][ T7167] RIP: 0033:0x7ff1627eefc9
[  104.399930][ T7167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.400011][ T7167] RSP: 002b:00007ff16124f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.400023][ T7167] RAX: ffffffffffffffda RBX: 00007ff162a45fa0 RCX: 00007ff1627eefc9
[  104.400031][ T7167] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000006
[  104.400038][ T7167] RBP: 00007ff16124f090 R08: 0000000000000000 R09: 0000000000000000
[  104.400065][ T7167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.400072][ T7167] R13: 00007ff162a46038 R14: 00007ff162a45fa0 R15: 00007ffd784d5978
[  104.400083][ T7167]  </TASK>
[  104.631901][ T7145] can0 (unregistered): slcan off ptm0.
[  104.638497][ T7145] Falling back ldisc for ptm0.
[  104.697344][ T7173] loop3: detected capacity change from 0 to 512
[  104.704586][ T7173] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  104.723074][ T7173] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.776651][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.309862][ T7239] loop3: detected capacity change from 0 to 512
[  105.345486][ T7239] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  105.467283][ T7208] loop2: detected capacity change from 0 to 164
[  105.482863][ T7208] syz.2.1018: attempt to access beyond end of device
[  105.482863][ T7208] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  105.511278][ T7208] syz.2.1018: attempt to access beyond end of device
[  105.511278][ T7208] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  105.795891][ T7259] pimreg: entered allmulticast mode
[  105.804506][ T7259] pimreg: left allmulticast mode
[  106.019615][ T7281] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.026711][ T7281] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.038990][ T7281] 8021q: adding VLAN 0 to HW filter on device $H�
[  106.050555][ T7281] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  106.068579][ T7283] can0: slcan on ptm0.
[  106.160214][ T7283] can0 (unregistered): slcan off ptm0.
[  106.313919][ T7312] loop2: detected capacity change from 0 to 512
[  106.351592][ T7312] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  106.361273][ T7312] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1039: bg 0: block 104: invalid block bitmap
[  106.416281][ T7312] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  106.439462][ T7312] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1039: invalid indirect mapped block 1 (level 1)
[  106.489865][ T7312] EXT4-fs (loop2): 1 truncate cleaned up
[  106.510363][ T7312] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.566046][ T7313] vlan2: entered allmulticast mode
[  106.682952][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.768797][ T7324] loop2: detected capacity change from 0 to 128
[  106.797886][ T7324] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  107.051089][ T7344] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.114489][ T7344] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.164345][ T7344] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.213971][ T7344] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.296248][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.312138][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.323916][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.335925][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.570505][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  107.593162][ T7370] vlan0: entered allmulticast mode
[  107.893411][ T7400] FAULT_INJECTION: forcing a failure.
[  107.893411][ T7400] name failslab, interval 1, probability 0, space 0, times 0
[  107.906412][ T7400] CPU: 1 UID: 0 PID: 7400 Comm: +}[@ Not tainted syzkaller #0 PREEMPT(voluntary) 
[  107.906441][ T7400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.906456][ T7400] Call Trace:
[  107.906462][ T7400]  <TASK>
[  107.906469][ T7400]  __dump_stack+0x1d/0x30
[  107.906534][ T7400]  dump_stack_lvl+0xe8/0x140
[  107.906557][ T7400]  dump_stack+0x15/0x1b
[  107.906574][ T7400]  should_fail_ex+0x265/0x280
[  107.906615][ T7400]  should_failslab+0x8c/0xb0
[  107.906646][ T7400]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  107.906679][ T7400]  ? __alloc_skb+0x101/0x320
[  107.906781][ T7400]  __alloc_skb+0x101/0x320
[  107.906863][ T7400]  pfkey_sendmsg+0xd7/0x900
[  107.907001][ T7400]  ? avc_has_perm+0xf7/0x180
[  107.907021][ T7400]  ? selinux_socket_sendmsg+0x175/0x1b0
[  107.907063][ T7400]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  107.907092][ T7400]  __sock_sendmsg+0x145/0x180
[  107.907115][ T7400]  ____sys_sendmsg+0x31e/0x4e0
[  107.907195][ T7400]  ___sys_sendmsg+0x17b/0x1d0
[  107.907228][ T7400]  __x64_sys_sendmsg+0xd4/0x160
[  107.907249][ T7400]  x64_sys_call+0x191e/0x3000
[  107.907270][ T7400]  do_syscall_64+0xd2/0x200
[  107.907361][ T7400]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  107.907388][ T7400]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  107.907422][ T7400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.907445][ T7400] RIP: 0033:0x7ff1627eefc9
[  107.907515][ T7400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.907534][ T7400] RSP: 002b:00007ff16124f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  107.907551][ T7400] RAX: ffffffffffffffda RBX: 00007ff162a45fa0 RCX: 00007ff1627eefc9
[  107.907563][ T7400] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  107.907574][ T7400] RBP: 00007ff16124f090 R08: 0000000000000000 R09: 0000000000000000
[  107.907586][ T7400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.907597][ T7400] R13: 00007ff162a46038 R14: 00007ff162a45fa0 R15: 00007ffd784d5978
[  107.907669][ T7400]  </TASK>
[  108.216186][ T7409] can0: slcan on ptm0.
[  108.252710][ T7417] loop4: detected capacity change from 0 to 512
[  108.292029][ T7409] can0 (unregistered): slcan off ptm0.
[  108.314440][ T7417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.363771][ T7417] 9pnet_fd: Insufficient options for proto=fd
[  108.460939][ T7436] __nla_validate_parse: 17 callbacks suppressed
[  108.460958][ T7436] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1069'.
[  108.577123][ T7423] vlan0: entered allmulticast mode
[  108.618754][ T7449] can0: slcan on ptm0.
[  108.661330][ T7449] can0 (unregistered): slcan off ptm0.
[  108.667105][ T7449] Falling back ldisc for ptm0.
[  108.763193][ T7463] gretap0: left allmulticast mode
[  108.768376][ T7463] gretap0: left promiscuous mode
[  108.773568][ T7463] bridge0: port 1(gretap0) entered disabled state
[  108.788258][ T7463] bond0: (slave dummy0): Releasing backup interface
[  108.808154][ T7463] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  108.866675][ T7468] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1078'.
[  108.876679][ T7468] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1078'.
[  108.913967][   T29] kauditd_printk_skb: 187 callbacks suppressed
[  108.913982][   T29] audit: type=1326 audit(108.891:3909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  108.943426][   T29] audit: type=1326 audit(108.891:3910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  108.966319][   T29] audit: type=1326 audit(108.891:3911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  108.989433][   T29] audit: type=1326 audit(108.891:3912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.012272][   T29] audit: type=1326 audit(108.891:3913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.035532][   T29] audit: type=1326 audit(108.891:3914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.039578][ T7477] atomic_op ffff88812980bd28 conn xmit_atomic 0000000000000000
[  109.058424][   T29] audit: type=1326 audit(108.891:3915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.088943][   T29] audit: type=1326 audit(108.891:3916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.111811][   T29] audit: type=1326 audit(108.891:3917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.134617][   T29] audit: type=1326 audit(108.891:3918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7469 comm="syz.1.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  109.183259][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.193515][ T7485] loop2: detected capacity change from 0 to 512
[  109.217234][ T7485] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6
[  109.265965][ T7498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1088'.
[  109.276700][ T7500] loop3: detected capacity change from 0 to 1024
[  109.293930][ T7500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.358705][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.459886][ T7485] vlan2: entered allmulticast mode
[  109.901996][ T7533] can0: slcan on ptm0.
[  109.991471][ T7533] can0 (unregistered): slcan off ptm0.
[  110.260784][ T7550] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1096'.
[  110.980761][ T7572] loop2: detected capacity change from 0 to 512
[  111.010256][ T7572] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6
[  111.193331][ T7572] vlan2: entered allmulticast mode
[  111.293596][ T7590] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1106'.
[  111.347663][ T7593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1107'.
[  111.357431][ T7593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1107'.
[  111.368702][ T7595] can0: slcan on ptm0.
[  111.421650][ T7595] can0 (unregistered): slcan off ptm0.
[  111.421950][ T7607] can0: slcan on ptm1.
[  111.427547][ T7595] Falling back ldisc for ptm0.
[  111.456399][ T7612] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1112'.
[  111.466372][ T7612] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1112'.
[  111.491355][ T7607] can0 (unregistered): slcan off ptm1.
[  111.606744][ T7638] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  111.618773][ T7639] loop3: detected capacity change from 0 to 512
[  111.644397][ T7639] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  112.016946][ T7659] bond0: (slave dummy0): Releasing backup interface
[  112.056367][ T7659] bridge_slave_0: left promiscuous mode
[  112.062162][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.165402][ T7659] bridge_slave_1: left allmulticast mode
[  112.171095][ T7659] bridge_slave_1: left promiscuous mode
[  112.176745][ T7659] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.256292][ T7659] bond0: (slave bond_slave_0): Releasing backup interface
[  112.267928][ T7659] bond0: (slave bond_slave_1): Releasing backup interface
[  112.283219][ T7659] team0: Port device team_slave_0 removed
[  112.294156][ T7659] team0: Port device team_slave_1 removed
[  112.356668][ T7659] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.364794][ T7659] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.411405][ T7661] Set syz1 is full, maxelem 65536 reached
[  112.426518][ T7659] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  112.434226][ T7659] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.443937][ T7659] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  112.462258][ T7665] can0: slcan on ptm0.
[  112.473725][ T3402] sy�: Port: 1 Link DOWN
[  112.569220][ T7683] pimreg: entered allmulticast mode
[  112.571985][ T7666] can0 (unregistered): slcan off ptm0.
[  112.575157][ T7683] pimreg: left allmulticast mode
[  112.580696][ T7666] Falling back ldisc for ptm0.
[  112.602912][ T7659] syz.4.1126 (7659) used greatest stack depth: 9760 bytes left
[  112.654634][ T7693] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.702686][ T7639] vlan2: entered allmulticast mode
[  112.713508][ T7693] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.783464][ T7693] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.834930][ T7693] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.903886][   T41] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.916267][   T67] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.927472][  T389] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.938760][   T67] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.450060][ T7738] loop2: detected capacity change from 0 to 512
[  113.457767][ T7738] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  113.480088][ T7738] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.542373][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.545698][ T7736] Set syz1 is full, maxelem 65536 reached
[  113.607884][ T7757] xt_connbytes: Forcing CT accounting to be enabled
[  113.615527][ T7757] set match dimension is over the limit!
[  113.652137][ T7761] loop2: detected capacity change from 0 to 512
[  113.665555][ T7766] loop4: detected capacity change from 0 to 512
[  113.680861][ T7761] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6
[  113.684025][ T7766] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.731325][ T7766] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1149: corrupted xattr block 6: invalid header
[  113.748679][ T7766] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  113.757881][ T7766] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1149: corrupted xattr block 6: invalid header
[  113.771351][ T7766] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  113.780438][ T7766] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1149: corrupted xattr block 6: invalid header
[  113.816042][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.835077][ T7782] __nla_validate_parse: 3 callbacks suppressed
[  113.835129][ T7782] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1153'.
[  113.878691][ T7761] vlan2: entered allmulticast mode
[  113.889664][ T7786] loop4: detected capacity change from 0 to 512
[  113.897058][ T7786] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  113.913248][ T7786] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.940466][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.969640][   T29] kauditd_printk_skb: 332 callbacks suppressed
[  113.969655][   T29] audit: type=1326 audit(113.941:4251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  113.999208][   T29] audit: type=1326 audit(113.941:4252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  114.022241][   T29] audit: type=1326 audit(113.941:4253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  114.027633][ T7803] loop4: detected capacity change from 0 to 1024
[  114.045178][   T29] audit: type=1326 audit(113.941:4254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  114.045251][   T29] audit: type=1326 audit(113.941:4255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  114.052463][ T7803] EXT4-fs: inline encryption not supported
[  114.074420][   T29] audit: type=1326 audit(113.961:4256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7802 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f4945b31885 code=0x7ffc0000
[  114.126806][ T7803] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.152697][   T29] audit: type=1326 audit(114.131:4257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7802 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  114.153108][   T29] audit: type=1326 audit(114.131:4258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  114.198586][   T29] audit: type=1326 audit(114.131:4259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.4.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  114.229681][   T29] audit: type=1326 audit(114.201:4260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7809 comm="syz.2.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  114.254862][ T7810] loop2: detected capacity change from 0 to 128
[  114.261994][ T7810] EXT4-fs: Ignoring removed nobh option
[  114.270203][ T7810] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  114.293963][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  114.720972][ T7839] loop3: detected capacity change from 0 to 512
[  114.749225][ T7839] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  114.870065][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.240006][ T7839] vlan2: entered allmulticast mode
[  115.446409][ T7864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1171'.
[  115.482580][ T7864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1171'.
[  115.549334][ T7867] loop3: detected capacity change from 0 to 128
[  115.596848][ T7867] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  115.744134][ T7884] loop4: detected capacity change from 0 to 512
[  115.773596][ T7884] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.804713][ T7884] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1179: corrupted xattr block 6: invalid header
[  115.841102][ T7884] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  115.878410][ T7884] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1179: corrupted xattr block 6: invalid header
[  115.884633][ T7898] loop2: detected capacity change from 0 to 512
[  115.908448][ T7884] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  115.921280][ T7884] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1179: corrupted xattr block 6: invalid header
[  115.956030][ T7898] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6
[  115.994775][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.031575][  T389] Bluetooth: hci0: Frame reassembly failed (-84)
[  116.112941][ T7916] loop4: detected capacity change from 0 to 256
[  116.119573][ T7916] vfat: Unknown parameter '�'
[  116.191388][   T67] Bluetooth: hci1: Frame reassembly failed (-84)
[  116.211612][ T7898] vlan2: entered allmulticast mode
[  116.383653][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  116.413816][ T7929] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1186'.
[  116.440637][ T7929] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1186'.
[  116.532326][ T7941] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1191'.
[  116.556223][ T7943] can0: slcan on ptm2.
[  116.563965][ T7941] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1191'.
[  116.631619][ T7943] can0 (unregistered): slcan off ptm2.
[  116.640182][ T7951] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1193'.
[  116.865219][ T7967] loop3: detected capacity change from 0 to 512
[  116.913356][ T7967] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  117.166365][ T7967] vlan2: entered allmulticast mode
[  117.517761][ T7988] bridge0: entered promiscuous mode
[  117.532593][ T7988] bridge0: left promiscuous mode
[  117.542490][ T7985] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1199'.
[  117.562792][ T7985] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1199'.
[  118.041573][ T4104] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  118.201236][ T7923] Bluetooth: hci1: command 0x1003 tx timeout
[  118.207326][ T3798] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  118.589751][ T8018] loop4: detected capacity change from 0 to 512
[  118.724102][ T8018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.807897][ T8018] can0: slcan on ttyS3.
[  118.819196][ T8020] vlan0: entered allmulticast mode
[  118.954072][ T8028] __nla_validate_parse: 4 callbacks suppressed
[  118.954088][ T8028] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1211'.
[  118.969851][ T8036] EXT4-fs error (device loop4): ext4_lookup:1787: inode #14: comm syz.4.1209: invalid fast symlink length 39
[  118.982297][ T8028] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1211'.
[  118.991488][ T8036] EXT4-fs (loop4): Remounting filesystem read-only
[  119.031450][ T8018] can0 (unregistered): slcan off ttyS3.
[  119.042252][   T29] kauditd_printk_skb: 28 callbacks suppressed
[  119.042268][   T29] audit: type=1326 audit(119.021:4289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8017 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  119.105706][ T8043] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1213'.
[  119.119602][ T8043] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1213'.
[  119.129107][   T29] audit: type=1326 audit(119.021:4290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8017 comm="syz.4.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4945afefc9 code=0x7ffc0000
[  119.132801][ T8045] can0: slcan on ptm0.
[  119.210032][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.233740][ T8049] can0 (unregistered): slcan off ptm0.
[  119.260183][ T8063] can0: slcan on ptm1.
[  119.310704][ T8076] loop2: detected capacity change from 0 to 4096
[  119.311595][ T8068] bridge0: entered promiscuous mode
[  119.322549][ T8063] can0 (unregistered): slcan off ptm1.
[  119.340309][ T8068] bridge0: left promiscuous mode
[  119.341556][ T8076] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.398086][ T8086] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1220'.
[  119.412093][ T8091] loop4: detected capacity change from 0 to 512
[  119.438467][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.456039][   T29] audit: type=1326 audit(119.431:4291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.478940][   T29] audit: type=1326 audit(119.431:4292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.501761][   T29] audit: type=1326 audit(119.431:4293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.524615][   T29] audit: type=1326 audit(119.431:4294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.547660][   T29] audit: type=1326 audit(119.431:4295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.570515][   T29] audit: type=1326 audit(119.431:4296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.593389][   T29] audit: type=1326 audit(119.431:4297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.616317][   T29] audit: type=1326 audit(119.431:4298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8094 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1627eefc9 code=0x7ffc0000
[  119.640294][ T8091] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6
[  119.734235][ T8110] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1225'.
[  119.763939][ T8113] FAULT_INJECTION: forcing a failure.
[  119.763939][ T8113] name failslab, interval 1, probability 0, space 0, times 0
[  119.776611][ T8113] CPU: 1 UID: 0 PID: 8113 Comm: syz.2.1227 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  119.776642][ T8113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  119.776656][ T8113] Call Trace:
[  119.776663][ T8113]  <TASK>
[  119.776751][ T8113]  __dump_stack+0x1d/0x30
[  119.776776][ T8113]  dump_stack_lvl+0xe8/0x140
[  119.776800][ T8113]  dump_stack+0x15/0x1b
[  119.776820][ T8113]  should_fail_ex+0x265/0x280
[  119.776842][ T8113]  should_failslab+0x8c/0xb0
[  119.776882][ T8113]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  119.776911][ T8113]  ? __alloc_skb+0x101/0x320
[  119.776944][ T8113]  __alloc_skb+0x101/0x320
[  119.776989][ T8113]  netlink_alloc_large_skb+0xbf/0xf0
[  119.777024][ T8113]  netlink_sendmsg+0x3cf/0x6b0
[  119.777047][ T8113]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.777069][ T8113]  __sock_sendmsg+0x145/0x180
[  119.777098][ T8113]  ____sys_sendmsg+0x31e/0x4e0
[  119.777141][ T8113]  ___sys_sendmsg+0x17b/0x1d0
[  119.777173][ T8113]  __x64_sys_sendmsg+0xd4/0x160
[  119.777198][ T8113]  x64_sys_call+0x191e/0x3000
[  119.777248][ T8113]  do_syscall_64+0xd2/0x200
[  119.777269][ T8113]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  119.777294][ T8113]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  119.777326][ T8113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.777419][ T8113] RIP: 0033:0x7f7cf44cefc9
[  119.777434][ T8113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.777471][ T8113] RSP: 002b:00007f7cf2f2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.777491][ T8113] RAX: ffffffffffffffda RBX: 00007f7cf4725fa0 RCX: 00007f7cf44cefc9
[  119.777505][ T8113] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005
[  119.777520][ T8113] RBP: 00007f7cf2f2f090 R08: 0000000000000000 R09: 0000000000000000
[  119.777534][ T8113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.777546][ T8113] R13: 00007f7cf4726038 R14: 00007f7cf4725fa0 R15: 00007ffc314c44b8
[  119.777566][ T8113]  </TASK>
[  119.918025][ T8091] vlan2: entered allmulticast mode
[  120.002011][ T8121] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1228'.
[  120.016696][ T8118] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1225'.
[  120.113720][ T8130] bridge0: entered promiscuous mode
[  120.142891][ T8130] bridge0: left promiscuous mode
[  120.172588][ T8133] FAULT_INJECTION: forcing a failure.
[  120.172588][ T8133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.185679][ T8133] CPU: 1 UID: 0 PID: 8133 Comm: syz.1.1234 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  120.185745][ T8133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  120.185757][ T8133] Call Trace:
[  120.185762][ T8133]  <TASK>
[  120.185769][ T8133]  __dump_stack+0x1d/0x30
[  120.185793][ T8133]  dump_stack_lvl+0xe8/0x140
[  120.185816][ T8133]  dump_stack+0x15/0x1b
[  120.185846][ T8133]  should_fail_ex+0x265/0x280
[  120.185914][ T8133]  should_fail+0xb/0x20
[  120.185930][ T8133]  should_fail_usercopy+0x1a/0x20
[  120.185952][ T8133]  _copy_to_user+0x20/0xa0
[  120.185979][ T8133]  simple_read_from_buffer+0xb5/0x130
[  120.186007][ T8133]  proc_fail_nth_read+0x10e/0x150
[  120.186110][ T8133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.186144][ T8133]  vfs_read+0x1a8/0x770
[  120.186187][ T8133]  ? __rcu_read_unlock+0x4f/0x70
[  120.186240][ T8133]  ? __fget_files+0x184/0x1c0
[  120.186349][ T8133]  ksys_read+0xda/0x1a0
[  120.186373][ T8133]  __x64_sys_read+0x40/0x50
[  120.186395][ T8133]  x64_sys_call+0x27c0/0x3000
[  120.186416][ T8133]  do_syscall_64+0xd2/0x200
[  120.186516][ T8133]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  120.186564][ T8133]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  120.186598][ T8133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.186618][ T8133] RIP: 0033:0x7ff1627ed9dc
[  120.186632][ T8133] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  120.186722][ T8133] RSP: 002b:00007ff16124f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  120.186743][ T8133] RAX: ffffffffffffffda RBX: 00007ff162a45fa0 RCX: 00007ff1627ed9dc
[  120.186835][ T8133] RDX: 000000000000000f RSI: 00007ff16124f0a0 RDI: 0000000000000005
[  120.186847][ T8133] RBP: 00007ff16124f090 R08: 0000000000000000 R09: 0000000000000000
[  120.186861][ T8133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  120.186873][ T8133] R13: 00007ff162a46038 R14: 00007ff162a45fa0 R15: 00007ffd784d5978
[  120.186891][ T8133]  </TASK>
[  120.427048][ T8142] pimreg: tun_chr_ioctl cmd 35111
[  120.801629][ T8165] loop3: detected capacity change from 0 to 128
[  120.847889][ T8171] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  120.866814][ T8165] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  121.227005][ T8201] vlan0: entered allmulticast mode
[  121.437452][ T8214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1250'.
[  121.605599][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  121.699188][ T8240] FAULT_INJECTION: forcing a failure.
[  121.699188][ T8240] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  121.712587][ T8240] CPU: 0 UID: 0 PID: 8240 Comm: syz.3.1254 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  121.712617][ T8240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  121.712638][ T8240] Call Trace:
[  121.712645][ T8240]  <TASK>
[  121.712651][ T8240]  __dump_stack+0x1d/0x30
[  121.712741][ T8240]  dump_stack_lvl+0xe8/0x140
[  121.712763][ T8240]  dump_stack+0x15/0x1b
[  121.712782][ T8240]  should_fail_ex+0x265/0x280
[  121.712802][ T8240]  should_fail_alloc_page+0xf2/0x100
[  121.712966][ T8240]  __alloc_frozen_pages_noprof+0xff/0x360
[  121.712994][ T8240]  alloc_pages_mpol+0xb3/0x260
[  121.713018][ T8240]  vma_alloc_folio_noprof+0x1aa/0x300
[  121.713049][ T8240]  handle_mm_fault+0xec2/0x2be0
[  121.713100][ T8240]  ? vma_start_read+0x141/0x1f0
[  121.713136][ T8240]  do_user_addr_fault+0x630/0x1080
[  121.713178][ T8240]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  121.713206][ T8240]  exc_page_fault+0x62/0xa0
[  121.713257][ T8240]  asm_exc_page_fault+0x26/0x30
[  121.713279][ T8240] RIP: 0033:0x7f1ac07cc4cb
[  121.713303][ T8240] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[  121.713323][ T8240] RSP: 002b:00007f1abf284e10 EFLAGS: 00010246
[  121.713342][ T8240] RAX: 00007f1abf286f30 RBX: 00007f1ac0a47640 RCX: 0000000000000000
[  121.713405][ T8240] RDX: 00007f1abf286f78 RSI: 00007f1ac087edf8 RDI: 00007f1abf284e30
[  121.713419][ T8240] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  121.713432][ T8240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.713446][ T8240] R13: 00007f1ac0a76038 R14: 00007f1ac0a75fa0 R15: 00007ffc2b4bdf08
[  121.713466][ T8240]  </TASK>
[  121.713478][ T8240] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  121.914196][ T8242] can0: slcan on ptm0.
[  121.946074][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[  121.961484][ T8242] can0 (unregistered): slcan off ptm0.
[  122.089317][ T8266] loop3: detected capacity change from 0 to 512
[  122.107541][ T8266] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  122.209470][ T8266] vlan2: entered allmulticast mode
[  122.267429][ T8283] lo speed is unknown, defaulting to 1000
[  122.273496][ T8283] lo speed is unknown, defaulting to 1000
[  122.279358][ T8283] lo speed is unknown, defaulting to 1000
[  122.285739][ T8283] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  122.295130][ T8283] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  122.302394][ T8284] loop4: detected capacity change from 0 to 1024
[  122.309557][ T8284] EXT4-fs: inline encryption not supported
[  122.320435][ T8283] lo speed is unknown, defaulting to 1000
[  122.326846][ T8283] lo speed is unknown, defaulting to 1000
[  122.335476][ T8284] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.349001][ T8283] lo speed is unknown, defaulting to 1000
[  122.355493][ T8283] lo speed is unknown, defaulting to 1000
[  122.364000][ T8283] lo speed is unknown, defaulting to 1000
[  122.374279][ T8293] bridge0: entered promiscuous mode
[  122.380554][ T8293] bridge0: left promiscuous mode
[  122.409578][ T8283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1262'.
[  123.095718][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.171103][ T8328] netlink: 'syz.1.1273': attribute type 2 has an invalid length.
[  123.339371][ T8349] can0: slcan on ptm0.
[  123.401355][ T8349] can0 (unregistered): slcan off ptm0.
[  123.411689][ T8349] Falling back ldisc for ptm0.
[  123.465707][ T8359] SELinux: failed to load policy
[  123.474135][ T8359] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8359 comm=syz.1.1280
[  123.961361][ T7923] Bluetooth: hci0: command 0x1003 tx timeout
[  123.967394][ T3798] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  124.049684][ T8381] program syz.2.1286 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  124.071280][ T8381] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  124.108597][ T8385] __nla_validate_parse: 1 callbacks suppressed
[  124.108613][ T8385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1287'.
[  124.126546][ T8385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1287'.
[  124.157425][   T29] kauditd_printk_skb: 162 callbacks suppressed
[  124.157442][   T29] audit: type=1400 audit(124.071:4461): avc:  denied  { watch } for  pid=8378 comm="syz.4.1285" path="/217/control" dev="tmpfs" ino=1182 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  124.185873][   T29] audit: type=1326 audit(124.131:4462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.208861][   T29] audit: type=1326 audit(124.131:4463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.231772][   T29] audit: type=1326 audit(124.131:4464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.254807][   T29] audit: type=1326 audit(124.131:4465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.277898][   T29] audit: type=1326 audit(124.131:4466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.301192][   T29] audit: type=1326 audit(124.131:4467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.315792][ T8388] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1288'.
[  124.324162][   T29] audit: type=1326 audit(124.131:4468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.355992][   T29] audit: type=1326 audit(124.131:4469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.360638][ T8392] loop4: detected capacity change from 0 to 512
[  124.378827][   T29] audit: type=1326 audit(124.131:4470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8386 comm="syz.0.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24e081efc9 code=0x7ffc0000
[  124.412488][ T8387] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.422618][ T8393] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1288'.
[  124.543848][ T8387] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.623851][ T8387] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.652076][ T8392] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.673865][ T8387] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.687802][ T8392] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1290: corrupted xattr block 6: invalid header
[  124.701115][ T8392] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  124.710662][ T8392] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1290: corrupted xattr block 6: invalid header
[  124.739858][   T67] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.749557][   T67] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.769455][   T67] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.778083][ T8392] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=12
[  124.797825][   T67] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.806898][ T8392] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.1290: corrupted xattr block 6: invalid header
[  124.842660][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.854740][ T8440] SELinux:  Context system_u:object_r:udev_var_run_t:s0 is not valid (left unmapped).
[  124.884174][ T8440] 8021q: adding VLAN 0 to HW filter on device bond2
[  124.892978][ T8440] bond0: (slave bond2): Enslaving as an active interface with an up link
[  124.921496][ T8440] bridge_slave_0: left promiscuous mode
[  124.927226][ T8440] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.936597][ T8440] bridge_slave_1: left allmulticast mode
[  124.942423][ T8440] bridge_slave_1: left promiscuous mode
[  124.948126][ T8440] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.958850][ T8440] bond0: (slave bond_slave_0): Releasing backup interface
[  124.970965][ T8440] bond0: (slave bond_slave_1): Releasing backup interface
[  124.983564][ T8440] team0: Port device team_slave_0 removed
[  124.993221][ T8440] team0: Port device team_slave_1 removed
[  125.000252][ T8440] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.007675][ T8440] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.017287][ T8440] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.025047][ T8440] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.035113][ T8440] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  125.194526][ T8491] sit0: Caught tx_queue_len zero misconfig
[  125.289286][ T8493] x_tables: ip_tables: osf match: only valid for protocol 6
[  125.318236][ T8495] 9pnet: Could not find request transport: fd
[  125.344143][ T8500] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1302'.
[  125.390510][ T8500] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1302'.
[  125.444434][ T8502] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1303'.
[  125.692322][ T8524] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  125.698082][ T8528] can0: slcan on ptm1.
[  125.698884][ T8524] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  125.711105][ T8524] vhci_hcd vhci_hcd.0: Device attached
[  125.734075][ T8526] vhci_hcd: connection closed
[  125.734239][   T41] vhci_hcd: stop threads
[  125.743416][   T41] vhci_hcd: release socket
[  125.747892][   T41] vhci_hcd: disconnect device
[  125.771557][ T8528] can0 (unregistered): slcan off ptm1.
[  125.777390][ T8528] Falling back ldisc for ptm1.
[  125.914641][ T8538] loop3: detected capacity change from 0 to 512
[  125.922023][ T8538] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  125.959031][ T8538] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.987610][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.042622][ T8549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1314'.
[  126.052948][ T8549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1314'.
[  126.095031][ T8551] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.156848][ T8551] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.216743][ T8551] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.296159][ T8551] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.352440][   T31] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.364363][   T31] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.379199][   T41] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.387983][   T41] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.681305][ T3798] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  126.723022][ T8588] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1319'.
[  127.220004][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[  127.362723][ T8627] loop3: detected capacity change from 0 to 1024
[  127.370006][ T8627] EXT4-fs: inline encryption not supported
[  127.389675][ T8627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.586035][   T41] Bluetooth: hci1: Frame reassembly failed (-84)
[  127.719982][ T8642] FAULT_INJECTION: forcing a failure.
[  127.719982][ T8642] name failslab, interval 1, probability 0, space 0, times 0
[  127.732791][ T8642] CPU: 1 UID: 0 PID: 8642 Comm: syz.2.1331 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  127.732818][ T8642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  127.732832][ T8642] Call Trace:
[  127.732839][ T8642]  <TASK>
[  127.732920][ T8642]  __dump_stack+0x1d/0x30
[  127.732944][ T8642]  dump_stack_lvl+0xe8/0x140
[  127.732967][ T8642]  dump_stack+0x15/0x1b
[  127.732987][ T8642]  should_fail_ex+0x265/0x280
[  127.733029][ T8642]  ? audit_log_d_path+0x8d/0x150
[  127.733049][ T8642]  should_failslab+0x8c/0xb0
[  127.733080][ T8642]  __kmalloc_cache_noprof+0x4c/0x4a0
[  127.733111][ T8642]  audit_log_d_path+0x8d/0x150
[  127.733202][ T8642]  audit_log_d_path_exe+0x42/0x70
[  127.733298][ T8642]  audit_log_task+0x1e9/0x250
[  127.733381][ T8642]  ? kstrtouint+0x76/0xc0
[  127.733411][ T8642]  audit_seccomp+0x61/0x100
[  127.733519][ T8642]  ? __seccomp_filter+0x82d/0x1250
[  127.733549][ T8642]  __seccomp_filter+0x83e/0x1250
[  127.733581][ T8642]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  127.733639][ T8642]  ? vfs_write+0x7e8/0x960
[  127.733662][ T8642]  ? __rcu_read_unlock+0x4f/0x70
[  127.733689][ T8642]  ? __fget_files+0x184/0x1c0
[  127.733764][ T8642]  __secure_computing+0x82/0x150
[  127.733793][ T8642]  syscall_trace_enter+0xcf/0x1e0
[  127.733819][ T8642]  do_syscall_64+0xac/0x200
[  127.733914][ T8642]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  127.733941][ T8642]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  127.733973][ T8642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.734045][ T8642] RIP: 0033:0x7f7cf44cefc9
[  127.734062][ T8642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.734082][ T8642] RSP: 002b:00007f7cf2f2f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  127.734100][ T8642] RAX: ffffffffffffffda RBX: 00007f7cf4725fa0 RCX: 00007f7cf44cefc9
[  127.734133][ T8642] RDX: 0000000000001003 RSI: 0000200000002f80 RDI: 0000000000000008
[  127.734147][ T8642] RBP: 00007f7cf2f2f090 R08: 0000000000000000 R09: 0000000000000000
[  127.734159][ T8642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.734170][ T8642] R13: 00007f7cf4726038 R14: 00007f7cf4725fa0 R15: 00007ffc314c44b8
[  127.734188][ T8642]  </TASK>
[  128.070521][ T8661] can0: slcan on ptm2.
[  128.141276][ T8661] can0 (unregistered): slcan off ptm2.
[  128.147274][ T8661] Falling back ldisc for ptm2.
[  128.152839][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.242962][ T8683] loop3: detected capacity change from 0 to 128
[  128.252273][ T8683] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  128.302814][ T8693] can0: slcan on ptm2.
[  128.341517][ T8693] can0 (unregistered): slcan off ptm2.
[  128.347481][ T8693] Falling back ldisc for ptm2.
[  128.568674][ T8730] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.613887][ T8730] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.663673][ T8730] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.723302][ T8730] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.780628][  T388] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.791075][  T388] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.802237][  T388] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.813515][  T388] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.861084][ T8753] can0: slcan on ptm2.
[  128.891623][ T8753] can0 (unregistered): slcan off ptm2.
[  128.897455][ T8753] Falling back ldisc for ptm2.
[  128.958590][ T8756] lo speed is unknown, defaulting to 1000
[  129.032125][ T8759] lo speed is unknown, defaulting to 1000
[  129.106962][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  129.176825][   T29] kauditd_printk_skb: 508 callbacks suppressed
[  129.176889][   T29] audit: type=1326 audit(129.151:4979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.241249][ T7923] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  129.245028][ T4104] Bluetooth: hci0: command 0x1003 tx timeout
[  129.248837][   T29] audit: type=1326 audit(129.191:4980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.255562][ T8835] __nla_validate_parse: 7 callbacks suppressed
[  129.255575][ T8835] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1379'.
[  129.276270][   T29] audit: type=1326 audit(129.191:4981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.276329][   T29] audit: type=1326 audit(129.191:4982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.337706][   T29] audit: type=1326 audit(129.191:4983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.360831][   T29] audit: type=1326 audit(129.191:4984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.383789][   T29] audit: type=1326 audit(129.191:4985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.406961][   T29] audit: type=1326 audit(129.191:4986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.429819][   T29] audit: type=1326 audit(129.191:4987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.452717][   T29] audit: type=1326 audit(129.191:4988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cf44cefc9 code=0x7ffc0000
[  129.476081][ T8843] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1379'.
[  129.543519][ T8847] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  129.641313][ T3798] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  129.913176][ T8862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1386'.
[  129.923036][ T8862] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1386'.
[  130.307464][ T8864] vlan2: entered allmulticast mode
[  130.454795][ T8886] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1393'.
[  130.465076][ T8886] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1393'.
[  130.494121][ T8891] loop3: detected capacity change from 0 to 512
[  130.505211][ T8894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1396'.
[  130.514828][ T8894] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1396'.
[  130.526070][ T8891] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.553637][ T8891] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.1395: corrupted xattr block 6: invalid header
[  130.567773][ T8891] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  130.577094][ T8891] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.1395: corrupted xattr block 6: invalid header
[  130.590802][ T8891] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  130.600405][ T8891] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.1395: corrupted xattr block 6: invalid header
[  130.630764][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.716182][ T8920] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1406'.
[  130.718310][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1407'.
[  130.794924][ T8934] batadv_slave_1: entered promiscuous mode
[  130.802154][ T8934] batadv_slave_1: left promiscuous mode
[  130.924550][ T8942] 9pnet: Could not find request transport: fd
[  131.355627][ T8974] can0: slcan on ptm1.
[  131.357852][ T8973] loop5: detected capacity change from 0 to 7
[  131.409322][   T48] ==================================================================
[  131.417642][   T48] BUG: KCSAN: data-race in lo_ioctl / loop_queue_rq
[  131.424414][   T48] 
[  131.426739][   T48] write to 0xffff88810230d480 of 4 bytes by task 8982 on cpu 0:
[  131.434466][   T48]  lo_ioctl+0xa66/0x12b0
[  131.438726][   T48]  blkdev_ioctl+0x356/0x440
[  131.443234][   T48]  __se_sys_ioctl+0xce/0x140
[  131.447826][   T48]  __x64_sys_ioctl+0x43/0x50
[  131.452939][   T48]  x64_sys_call+0x1816/0x3000
[  131.457641][   T48]  do_syscall_64+0xd2/0x200
[  131.462162][   T48]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.468063][   T48] 
[  131.470432][   T48] read to 0xffff88810230d480 of 4 bytes by task 48 on cpu 1:
[  131.477874][   T48]  loop_queue_rq+0x4f/0x680
[  131.482387][   T48]  blk_mq_dispatch_rq_list+0x2a6/0xf80
[  131.487861][   T48]  __blk_mq_sched_dispatch_requests+0xb83/0xc60
[  131.494123][   T48]  blk_mq_sched_dispatch_requests+0x86/0x120
[  131.500120][   T48]  blk_mq_run_hw_queue+0x17e/0x220
[  131.505270][   T48]  blk_mq_run_hw_queues+0x180/0x250
[  131.510468][   T48]  blk_mq_requeue_work+0x3b9/0x3f0
[  131.515583][   T48]  process_scheduled_works+0x4ce/0x9d0
[  131.521138][   T48]  worker_thread+0x582/0x770
[  131.525729][   T48]  kthread+0x489/0x510
[  131.529801][   T48]  ret_from_fork+0x122/0x1b0
[  131.534407][   T48]  ret_from_fork_asm+0x1a/0x30
[  131.539169][   T48] 
[  131.541485][   T48] value changed: 0x00000001 -> 0x00000002
[  131.547201][   T48] 
[  131.549525][   T48] Reported by Kernel Concurrency Sanitizer on:
[  131.555686][   T48] CPU: 1 UID: 0 PID: 48 Comm: kworker/1:1H Not tainted syzkaller #0 PREEMPT(voluntary) 
[  131.565690][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  131.575854][   T48] Workqueue: kblockd blk_mq_requeue_work
[  131.581495][   T48] ==================================================================
[  131.589861][   T48] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  131.590804][ T8974] can0 (unregistered): slcan off ptm1.
[  131.599123][   T48] Buffer I/O error on dev loop5, logical block 0, async page read
[  131.621423][ T8973] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  131.630790][ T8973] Buffer I/O error on dev loop5, logical block 0, async page read
[  131.638635][ T8973]  loop5: unable to read partition table
[  131.664731][ T8974] Falling back ldisc for ptm1.
[  131.678481][ T8973] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  132.201280][ T3798] Bluetooth: hci0: Opcode 0x1003 failed: -110