last executing test programs:

4m43.267986055s ago: executing program 3 (id=373):
syz_clone3(&(0x7f0000000b40)={0x10000c00, &(0x7f0000000180), &(0x7f0000000340), &(0x7f00000009c0)=<r0=>0x0, {0x3c}, &(0x7f0000000ac0)=""/96, 0x60, &(0x7f0000000c00)=""/167, &(0x7f0000000a40)=[0xffffffffffffffff, 0x0, 0x0], 0x3}, 0x58)
r1 = syz_open_procfs(r0, &(0x7f0000000100)='wchan\x00')
getdents64(r1, &(0x7f0000000380)=""/45, 0x2d)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240), 0xff, 0x55c, &(0x7f0000000440)="$eJzs3c9rHFUcAPDvbDb9rU2hFPQgwR6s1G6axB8VPNSjaLGg97ok01Cy6ZbspjSxYHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzUx+7ubntkndzwdm+97O27757pv3+mbelA2gZw1mL6WIVyLi2yTi+Ip95ch3Di6Wm396eyzbklhY+OyvJJL8vaJ8kv95tMiUI377OuJsaVWVA9lLY3ZuslqrpdP5m0PNqRtDjdm5c9emqhPpRHp9ZHT0wjujI++/9+7aQ07u7DDWNy//88OnDz+68M3p+e9/eXzifhIX41i+b2Ucu7Dq0AZjMP9O+uPimoLDXahsP0n2+gDYkb68n/dHNgYcj7681wP/f19FxALQoxL9H3pUMQ8oru27dB38wnjy4eIF0Pr4y4v3RuJQ69royHyy6sooKW5k7FJWx69/PrifbdG9+xAAm7pzNyLOl8vrx78kH/927vwWyqytw/gHz8/DbP7zVrv5T2lp/hNt5j9H2/Tdndi8/5ced6GajrL53wdt57/5otVADPTluZda2f7k6rVamo1tL0fEmeg/mOU3Ws+5MP9oodO+lfO/bMvqL+aC+XE8Lh9c/ZnxarO6u6iXPbkb8Wrb+W+y1P5Jm/bPvo/LW6zjVPrgtU77No//2Vr4OeKNtu2/vKKVbLw+OdQ6H4aKs2K9v++d+r1T/Xsdf9b+RzaOfyBZuV7b2H4dPx36N+20r2P8B4oS7c//A8nnrXRR7Fa12ZwejjiQfLL+/ZHlzxb5onwW/5nTG49/7c7/wxHxxRbjv3fyXseiu2r/Liy6ZvGPb6v9t5949PGXP24//kv53Yms/d9ulT2Tf2Yr499WD3D33yAAAAAAAADsH6WIOBZJqbKULpUqlcXnO07GkVKt3mievVp/PVr7Ws8/lIqV7uMrnocYzp+HLfIja/KjEXEiIr7rO9zKV8bqtfG9Dh4AAAAAAAAAAAAAAAAAAAD2iaMd/v9/5o++vT464Jnzk9/Quzbt/934pSdgX/LvP/Qu/R96l/4PvUv/h96l/0Pv0v+hd+n/0Lv0fwAAAAAAAAAAAAAAAAAAAAAAAAAAAOiqy5cuZdvC/NPbY1l+/ObszGT95rnxtDFZmZoZq4zVp29UJur1iVpaGatPbfb31er1G8MjMXNrqJk2mkON2bkrU/WZ680r16aqE+mVtP+5RAUAAAAAAAAAAAAAAAAAAAAvlsbs3GS1VkunJSR2lCjvj8OQ6HJir0cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFj2XwAAAP//4Uw7cA==")
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r3)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="bbfb2bbd7000fddbdf25670000000800c400020000000800c3"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000e40)={0x170, r4, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IE={0x151, 0x2a, [@sec_chan_ofs={0x3e, 0x1}, @ht={0x2d, 0x1a, {0x2, 0x3, 0x7, 0x0, {0x1, 0xd, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x1}, 0x1, 0x0, 0x1}}, @ibss={0x6, 0x2, 0x2}, @mesh_chsw={0x76, 0x6, {0x9, 0x7, 0x26, 0x8d}}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @ibss={0x6, 0x2, 0x4}, @mesh_id={0x72, 0x6}, @fast_bss_trans={0x37, 0x111, {0x4, 0x7, "7fcf6d07e8a9f11474edc87facfd01c0", "8c356b3c18aad003bac24b69d273c7f4500fa48c58bbc988c27b5979572b59f0", "804edb971c41535fbef5b3e275792bf7a05b8c1041c2635b8f922f059870c1df", [{0x4, 0x21, "aec1f37e883a685aef4539c6bd97391801be6ca8e5898c7f900800837ce5d5d369"}, {0x4, 0x12, "664b4d2ce0956206020d79f8dfe9ecc22222"}, {0x2, 0x13, "219db2566398abe09f7c8c06a3d9403a867e71"}, {0x2, 0x1d, "10528982878584f7a3a06bc55700515540600d28d5e0f861083694e887"}, {0x2, 0x10, "20f81298ee6364d02a87fc21785e8b89"}, {0x3, 0x1f, "6f17ef9f9f28bfe8660e8b22f1e3a2cdd54d2aa35c762958da0d341217b68d"}, {0x4, 0x1f, "5522f18a92b000137baa60a0cd62970221ef834447e546bb3d9afb84d67c46"}]}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x40081}, 0x40000)
sendmsg$NL80211_CMD_ASSOCIATE(r1, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRESHEX=r5, @ANYBLOB="200160ffff00fddbdf252600000008000301", @ANYRES32=r5, @ANYRES32=r5], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x24000090)
renameat2(r1, &(0x7f0000000a80)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file7\x00', 0x5)
pipe2$9p(0x0, 0x800)
mount$bpf(0x0, 0x0, 0x0, 0x834, &(0x7f0000000240)=ANY=[@ANYRESHEX, @ANYRESOCT])
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x44140)
socket$kcm(0x29, 0x2, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/rt_cache\x00')
preadv(r6, &(0x7f0000000bc0)=[{&(0x7f0000000000)=""/183, 0xb7}], 0x1, 0x0, 0x0)
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
recvmmsg$unix(r7, &(0x7f0000002380)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6ff}}], 0x1, 0x0, 0x0)

4m42.354736562s ago: executing program 3 (id=391):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r0], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff41, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004680)=ANY=[@ANYBLOB="84010000100013070000000000000000ac1e0101000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d332000000ffffffff00000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c001400636d616328616573290000000000000000000000000097df380400"/312], 0x184}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0x60, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='kfree\x00', r6}, 0x18)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r1, r5}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x4000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2cb, &(0x7f0000000ac0)="$eJzs3U9LW1kYx/GfJmNiHE0Ww8AMDHOY2cxsgpN5ATNhUBgmMMUaabsoXOtNG3KbyL3BEik1m9JtX4d02V2h7RtwU7rpvjspFLpxUXqL9yaaaJLGkD9avx+Q8yTPeXKO5ihPLiTuX3t8t1Tw0gWrqum40bRU14GUOowaphrjdBDPqFVdv899ePPT1es3/svmcksrxixnV//MGGMWfn5+7/6TX15W59aeLjyLaS91c/995u3ezN4P+59W7xQ9U/RMuVI1llmvVKrWumObjaJXShtzxbEtzzbFsme7bfmCU9ncrBmrvDGf2HRtzzNWuWZKds1UK6bq1ox12yqWTTqdNvMJXW7RPubkd1dWrGzXtB8Z6o4wcrOd7nTdbL1zMr87hj0BAIBzpnf/H/b63fv/3Fo4nqX///7L/b9E/z8i9bZbXfr/b8e4IYyc62atROP3tx39PwAAAAAAAAAAAAAAAAAAAAAAF8GB7yd9308ejo27gtsxSXFJfiN/VNDP28pxYbQ+/37LV9fnP/TXhLaLIWt5415cch5t5bfy4RjmswUV5cjWopL6GJyHhjBe/je3tGgCKb1wdhr1O1v5iGLN+qZUp/qpqBQ+QHv9N0q0rp9RUt91Xj9jOtXP6LdfW+rTSurVLVXkaCM418f1D/4w5p//cyfqZ4N5AAAAAAB8DdLmyKnX70E+mBDX6XxY33J9wPf9nV7XB068vo7qR64lAgAAAAAwFl5tu2Q5ju0OEMQkDVYuDbxor8D3paE+4EBBRJNcvVvwt6RzsI1xBXE1z5gZpPydznRE/T7mRCVN/MdyhmDSf5kAAAAADJtX2z7+Bz/9ev1wRLsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBy6vfzwJrzT6WaiZ6f9nckMvZvEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhHPgcAAP//ps0YVA==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r7 = io_uring_setup(0x4e65, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x2300000000000000, 0x0, 0x0)

4m42.211546101s ago: executing program 3 (id=393):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x0, r0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0x77})
syz_clone(0x6780, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', <r3=>0x0})
bind$packet(r2, &(0x7f0000000040)={0x11, 0x1, r3, 0x1, 0x9}, 0x14)
r4 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x6, 0xa}, {0xd, 0xffe0}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040040}, 0x20048054)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB=' \x00', @ANYBLOB="010000"], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="540100a385d852320e1ff8eb3aff4340f1fedd00", @ANYRES16=0x0, @ANYBLOB="00012cbd7000fbdbdf250d00000050000180080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="140002006361696630000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100a158261b96a646da9d2b0956ea0c4319e5e6e061646154d970fa", @ANYRES32=0x0, @ANYRES64, @ANYRESHEX, @ANYBLOB="080003000700000064000180140002006d6163766c616e30000000000000000014000200626f6e645f736c6176655f30000000001400020073797a6b616c6c657230000000000000140002006d6163766c616e30000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRESDEC=r3, @ANYBLOB="214bea8fdcd73557426d9df86a7cadc8861bfc37166cf227d111370ef20b297d7a284b5f100581f85d7627a04873d24366b94de37363ba9b175b51623bff982948ed04a80cd4e48eaa844810d3bc471215d67f0e0590bb2eb495c658f2adb08b0b11a3b8a5f0c14a53b066c0c0c11086454ed566833302a9e674bec19c27e12deb74d7dcdb16a8a057662bef5624ec2ec497e087eebb7117b359e41bc84c3432888c15ee29dcd5c782de3e5ebfabc80ab0525b3bb3e3444bb4ac740f2bc5ed4b1275fbd3b9f7148b03fd9c33743fa415116bacb6d34ba3", @ANYRES32=0x0, @ANYRES32=r6, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32, @ANYRES16, @ANYRESOCT=r2, @ANYRESDEC, @ANYRES16, @ANYBLOB="08000300ee78b7f8140002006d61637365633000000000000000000008000100", @ANYRES32, @ANYBLOB="0800030002000000"], 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x20000040)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x100, 0x0, 0x0, 0x40f00, 0x0, '\x00', r3}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x27, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7, 0x0, 0x80}, 0x18)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)})
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r8, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r9}, 0x4)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x6, 0x0, 0x0, 0x0, 0x1400, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x79ca, 0x7fffffffffffffff}, 0xc28, 0x10008, 0xfb, 0x0, 0x5, 0x20007, 0x1b, 0x0, 0x0, 0x0, 0xcd}, 0x0, 0x2000002, 0xffffffffffffffff, 0x8)

4m41.647820364s ago: executing program 3 (id=403):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594bebe6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322003b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f60200000000000000b7423704b95f3d05bd2d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb566b135a5973792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288111b7414705e975eb3f", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0, 0x0, 0x9}, 0x18)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)

4m41.51926827s ago: executing program 3 (id=405):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x80)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x1010051, &(0x7f0000000b00)={[{@orlov}, {@acl}, {@noblock_validity}, {@norecovery}, {@i_version}, {@nomblk_io_submit}]}, 0x1, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x2000, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
openat(r1, &(0x7f0000000000)='./file2\x00', 0x0, 0x118)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffd1)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0400"], 0x48)
r2 = memfd_secret(0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r3, r2, 0x2e, 0x4608, @void}, 0x10)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
close(r5)
dup(r4)
sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000c00040004c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

4m40.997047368s ago: executing program 3 (id=414):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f00000001c0)}, 0x20)
syz_io_uring_setup(0xa46, &(0x7f0000001540)={0x0, 0xbce0, 0x400, 0x3, 0x201}, &(0x7f0000000680)=<r0=>0x0, &(0x7f0000000100))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r2, 0x0, 0x100000000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4)
fcntl$setstatus(r3, 0x4, 0x42000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x2400)
close(0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1}}, 0x40)

4m40.923636977s ago: executing program 32 (id=414):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f00000001c0)}, 0x20)
syz_io_uring_setup(0xa46, &(0x7f0000001540)={0x0, 0xbce0, 0x400, 0x3, 0x201}, &(0x7f0000000680)=<r0=>0x0, &(0x7f0000000100))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r2, 0x0, 0x100000000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4)
fcntl$setstatus(r3, 0x4, 0x42000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x2400)
close(0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1}}, 0x40)

1.951174328s ago: executing program 0 (id=4985):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x941c, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r2, 0x89fa, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000080)={@private1={0xfc, 0x1, '\x00', 0x1}, @broadcast, 0x0, 0x1}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
syz_emit_ethernet(0xa7, &(0x7f0000000540)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "1f00", 0x71, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private=0x38}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, [], "276aae74cd505dfb36ec33a42583bb7c432089c4556c3ad4f4cec1cf82dad5261e6d0b232d646911c7e63c"}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x2005]}, {0x8, 0x88be, 0x4305000f}}}}}}}, 0x0)
ioctl$PPPIOCSFLAGS(r4, 0x40047459, &(0x7f0000000100)=0x800042)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x6e, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffffffffe5ffffff86dd6000000000383a00fe8000000000000000000000000000aaff02000000e4ffffff0000000000000102009078000007d0608cb02b00002f00fc000000000000000000000000000001fe8000000000000000000000000000aa0000040020000000"], 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kmem_cache_free\x00', r6}, 0x18)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup2(r7, r8)

1.888522916s ago: executing program 0 (id=4987):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000001200), 0x0)

1.805763306s ago: executing program 0 (id=4989):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000380)={@multicast2, @loopback, @remote}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x2}, 0x18)
syz_usbip_server_init(0x2)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x80, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_BACKEND_IDENTIFIER={0xa, 0xa, 'kfree\x00'}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x101}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xd11}, @NBD_ATTR_BACKEND_IDENTIFIER={0x9, 0xa, 'syz0\x00'}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x80}, 0x1, 0x0, 0x0, 0x40010}, 0x4000850)
r3 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r3, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)

1.487010867s ago: executing program 2 (id=4994):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r3 = io_uring_setup(0x7a53, &(0x7f0000000240)={0x0, 0x93c6, 0x40, 0x0, 0x17c})
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000000), &(0x7f00000005c0)=r5}, 0x20)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000000)=[@ioring_restriction_sqe_flags_allowed={0x2, 0x16}], 0x1)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', <r6=>0x0, 0x2f, 0x3, 0x2, 0xea, 0x0, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10, 0x80, 0x5, 0x2}})
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@ifindex=r6, 0x1f, 0x1, 0x5, &(0x7f0000000040)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0]}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
fremovexattr(r2, &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r8)
sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000004001b0000000c00228059fe00800400008006002100", @ANYRESOCT=r7], 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'lo\x00', <r13=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r13], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

1.399615359s ago: executing program 1 (id=4995):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x28007c2, &(0x7f0000000680)={[{@delalloc}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@dax_always}]}, 0x0, 0x483, &(0x7f0000001040)="$eJzs28tvVNUfAPDvvX0APx7tD/EBolaJSaOxpQWVhRuNJsZgNNEFLms7kIaBGlqNIJFiDG5MDImujUujf4E7Y2LUlYlb3bgyJETZALqpuXfuLdNpp1A6ZWrn80lue869Z+ac79zXuefMBNCxBrI/ScS2iPg1Ivpq2YUFBmr/rl05O379ytnxJObmXvszyctdvXJ2vCxavm5rkRlMI9IPk6KShaZPnzk+Vq1WThX54ZkTbw1Pnz7zxDsnxo5VjlVOjh46dPDAyNNPjT7ZkjizuK7ueX9q7+4X37j48viRi2/++HXW3m3F9vo4WmUgC/yvuVzd6vxjerTVlbXZ9rp00t3GhrAiXRGR7a6e/Pzvi664sfP64oUP2to4YE1l96ZNzTfPzgEbWBLtbgHQHuWNPnv+LZc71PVYFy4/W3sAyuK+Viy1Ld2RFmV6Gp5vW2kgIo7M/v15tsQajUMAANT7ePyzw70R8d71r17K+h5981vSuCf//3v+d0cxh9IfEf+PiJ0RcVdE7IqIuyPysvdGxH2rbM/i/k96aZVvuays//dMMbe1sP9X9v6iv6vIbc/j70mOTlYr+4vPZDB6NmX5kWXq+Pb5Xz5ptq2+/5ctWf1lX7Box6XuhgG6ibGZsbxT2gKXz0fs6V4q/mR+JiCJiN0RsWdlb72jTEw+9uXeZoVuHv8yWjDPNPdFFt5sFv9sNMRfSurnJycXzU8Ob45qZf9weVQs9tPPF15tVv9AzN1+/C1wuRL/xMLjv7FIf1I/Xzu98jou/PZR02ea2zz+097k9XyeubdY9+7YzMypkYje5HCeX7B+9MZry3xZPjv+B/ctff7vLF6TxX9/RGQH8QMR8WBEPFS0/eGIeCQi9i0T/w/PNd9Wxh9pm/b/+YiJJa9/88d/w/5feaLr+PffNKv/1vb/wTw1WKzJr383sVRzsstFYwNX89kBAADAf0Wafwc+SYfm02k6NFT7Dv+u+F9anZqeefzo1NsnJ2rfle+PnrQc6eorxkOrk9XKSDJbvGNtfHS0GCsux0sPFOPGn3ZtyfND41PViTbHDp1ua5PzP/NHV7tbB6yxLUuuHe294w0B2qBxHj1dmD33SrgYwEbl99rQuZqf/5tjcXcA2Ejc/6FzLXX+n2vImwuAjcn9HzqX8x86VPpdu1sAtJH7P3Sk1fyufw0Tm9dHM9qTWK87JU9ElIl0XbRHYqWJLbdWuN1XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4NwAA///Xm+pu")
quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f00000000c0)=@filename='./file0\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="010000000000fddbdf2554"], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$binfmt_aout(r6, &(0x7f00000000c0)=ANY=[], 0x20)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

1.398984059s ago: executing program 4 (id=4996):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1ffffdc1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ff0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x7, @loopback, 0x4}]}, &(0x7f0000000180)=0x10)

1.333458788s ago: executing program 4 (id=4997):
r0 = socket(0x10, 0x3, 0x9)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x4480, &(0x7f00000003c0)=ANY=[], 0x83, 0x22e, &(0x7f0000000940)="$eJzs2r+LHGUYB/BnzguJFy674i8SEF+0UJsht7VFDk1AXFA0K0RBMvFmddlx99hZDlbEXKWtf4K1WNoJktLmQPwLLOyuuTKFOJLb87IJJyJiNujn08wD73zheXmHl6eY/Ze//HjYr/N+MY2VLIuVS7Ebt7Nox0r8YTdeeuHaD8+8fe3d1ze73ctvpXRl8+pGJ6V07tnv3/v0m+duTc++8+25707HXvv9/YPOL3tP7Z3f/+3qR4M6Deo0Gk9TkW6Mx9PiRlWmrUE9zFN6syqLukyDUV1O7lnvV+Pt7VkqRlvra9uTsq5TMZqlYTlL03GaTmap+LAYjFKe52l9Lfgnel/fbpo4aE5dj6ZpHv0qzt6K9Z+jFdljKXv8Uvbk9ezp3ez8QdO0lt0q/wrn//+2cKmfiai+2Ont9ObP+fqrP8YgqijjYrTi17jzmRyZ11de616+mA614/Pq5lH+5qneI4f5zf5RfiNa0T45vzHPp8X8Tu90rC3mO9GKJ07Od07Mn4kXn1/I59GKnz6IcVSxFXeyd/OfbaT0yhvd+/IXDt8DAPivydOx9r3zz3x+y/M/W5/nj+erv54P75uvVuPC6nL3TkQ9+2RYVFU5URwXq/FQtKFQLLFY9s3Eg3D30JfdCQAAAAAAAAAAAH/Hg/idcNl7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHm6/BwAA//+HytTx")
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0)
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000040)={0x14, r1, 0x400, 0x70bd2b, 0x25dedbff}, 0x14}, 0x1, 0x0, 0x0, 0x4008001}, 0x24008864)

1.266560646s ago: executing program 1 (id=4999):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000001200), 0x0)

1.206761204s ago: executing program 1 (id=5000):
r0 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
listen(r0, 0x0)
accept4$unix(r0, 0x0, 0x0, 0x80800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x68, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0x7f}}}}, [@NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000040}, 0x44000)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000340)={[{@errors_remount}, {@nodioread_nolock}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=")

1.206484014s ago: executing program 2 (id=5001):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x181082, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r2, 0x0, 0x1034}, 0x18)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000001400)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x11}, @mpls={[], @ipv6=@gre_packet={0x2, 0x6, "3bf1d1", 0x44, 0x2f, 0xff, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}, {}, {0x8, 0x88be, 0x4, {{0x2, 0x1, 0x0, 0x3, 0x0, 0x2, 0x4}, 0x1, {0xff}}}, {0x8, 0x22eb, 0x1, {{0x5, 0x2, 0x8, 0x0, 0x0, 0x3, 0x0, 0x2}, 0x2, {0x9, 0x6, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}, 0x7a) (fail_nth: 2)

1.183396337s ago: executing program 4 (id=5002):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001d80)={0x3, 0xc, &(0x7f0000000780)=ANY=[], 0x0, 0x2bc7, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6f}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
times(&(0x7f0000000300))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r2 = gettid()
r3 = gettid()
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000040)={'gre0\x00', 0x0, 0x7, 0x700, 0x58233129, 0x3, {{0x5, 0x4, 0x1, 0x3, 0x14, 0x64, 0x0, 0xd, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x2e}}}}})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', r6, 0x0, 0x7fff}, 0x18)
tkill(r2, 0x12)
tkill(r2, 0x1)
tkill(r3, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
io_setup(0x9, &(0x7f0000000340)=<r7=>0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
io_submit(r7, 0x1, &(0x7f00000005c0)=[&(0x7f00000004c0)={0x0, 0x0, 0x20, 0x1, 0x9, r8, 0x0, 0x0, 0xfffffffffffffff5}])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r9 = syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYRES8=0x0], 0x3, 0x21f, &(0x7f0000000940)="$eJzs2j+LXFUcBuDfXRMSN2xmxH8kIB60UJtLZmqLLJKAOKBoRoiC5Ma9o8NcZ5a5w8KImK209SNYi6WdIClttvETWNhts2UK8Uoya5INY7GIO2Kep5kXzrzccziXwynu/uvffDYa1PmgmMValsXa5diNO1m0Yy3+shuvvXL95xfeu/7BW5u93pV3U7q6ea3TTSmdf/GnD7/4/qXbs3Pv/3D+xzOx1/5o/6D7295zexf2/7j26bBOwzqNJ7NUpJuTyay4WZVpa1iP8pTeqcqiLtNwXJfTI+ODarK9PU/FeGtjfXta1nUqxvM0KudpNkmz6TwVnxTDccrzPG2sB/9E/7s7TRMHzekb0TTNk9/Gudux8Wu0InsqZU9fzp69kT2/m104aJrWqqfKv8L+P94eOtTPRlRf7/R3+ovfxfjmIIZRRRmXohW/x93X5NAiX32zd+VSuqcdX1W3Dvu3dvpPHO13ohXt5f3Oop+O9s/EesTpiMN+N1rxzPJ+d2n/bLz68kPPz6MVv3wck6hiK+52H/S/7KT0xtu9R/oX7/0PAOD/Jk/3Lb2/5fnfjS/6x7gfPnK/OhUXT6127UTU889HRVWVU0EQhPth1ScTJ+HBpq96JgAAAAAAAAAAABzHSXxOuOo1AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/21/BgAA//9DWtUg")
r10 = openat$incfs(r9, &(0x7f0000000040)='.pending_reads\x00', 0x101a00, 0xc6)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000700)={0x0, <r11=>0x0}, &(0x7f0000000740)=0xc)
mount$nfs4(&(0x7f00000003c0)='gre0\x00', &(0x7f0000000680)='./file1\x00', &(0x7f00000006c0), 0x845445, &(0x7f0000000800)=ANY=[@ANYBLOB='\x00,dont_measure,sync,dont_hash,fsname=kmem_cache_free\x00,euid>', @ANYRESDEC=r11, @ANYBLOB="2c01f8b940874694c38ebb5f0c04cfd329ef141309474bb67118125462e2130b28c99c4fc4c3c6a66514338bc57a0b582852122537dabcd09ff58a87226a68bdf9618e0ce5b32bcf04324d2e932e3bb01c7a1f113c40c5fcbb6c530b14e6379c9247be7b1d5aebc5f33951bf718923fa84660b4793063e968b244d668e0d72257b213a0a70c4ee0451a5106d17a44f72885a9af37948a06c3480057641cdc8514d2051c60381ae55d4cf5712762ddf7f0667599931a80706dd5444d52388552d"])
unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0)

928.664619ms ago: executing program 5 (id=5003):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000001f)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x4)
fcntl$notify(r1, 0x402, 0x8000003d)
close_range(r0, r1, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000480)={0x1c, r2, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117, 0x56}, @void, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4050}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f00000006c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000400)={0x28, r2, 0x410, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x6, 0x3f}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4004084}, 0x80)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r8=>r6}, './file0\x00'})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r8, 0x84, 0xf, &(0x7f0000000600)={0x0, @in6={{0xa, 0x4e22, 0x3, @local, 0x9b2}}, 0xd, 0x40, 0x6a2, 0x3, 0x7fffffff}, &(0x7f00000001c0)=0x98)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r7, 0x0, 0x1}, 0x18)
r9 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r5, &(0x7f0000000300)={0x10000001})
close_range(r5, 0xffffffffffffffff, 0x0)

861.783098ms ago: executing program 0 (id=5004):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x4, &(0x7f0000000240), 0x22, 0x4d5, &(0x7f0000000580)="$eJzs3c9vG1kdAPDvTOIkzWY3WViJHwK2LAsFrWon7m602tNyAaHVSoiKE4c2JG6IYsdR4pQm9JD+D0hU4gR/AgckDkg9cecGNy7tAalABWqQOBiNPUnT1E7SNvWs4s9Hepp582x/37M1742fk3kBDK2LEbEbEWMRcT0ipvPjSZ7i427KHvf40e3FvUe3F5Not6/+M+mUZ8fi0HMyr+WvORERP/p+xE+TZ+Nubu+sLtTrtY08X2k11iub2zuXVxoLy7Xl2lq1Oj83P/vhlQ+qZ9bWtxu/e/i9lU9+/Mc/fPX+n3e/84usWlN52eF2PLfx/kXdppcO4mRGI+KTFw722TKSt2es6IrwQtKI+FxEvJOd/+2iawMADEK7PR3t6cN5AOC8SztzYElazucCpiJNy+XuHN5bMZleyK8L1pa6c2UzUUpvrNRrs/lc4UyUkiw/19l/kq8eyV+JiDcj4pfjFzr58mKzvlTURQ8ADLnXjoz//xnvjv8AwDk3UXQFAICBM/4DwPAx/gPA8DH+A8DwMf4DwPAx/gPA8DH+A8BQ+eGnn2apvZff/3rp5vbWavPm5aXa5mq5sbVYXmxurJeXm83lzj17Gie9Xr3ZXJ97P7ZuVVq1zVZlc3vnWqO5tda61rmv97VaaSCtAgCO8+bb9/6aRMTuRxc6KQ6t5WCshvMtLboCQGFGiq4AUJjRoisAFMZ3fKDHEr1P6f0nQmMRd19JdYABuPQl8/8wrMz/w/DqPf9v5IdhYP4fhle7nVjzHwCGjG/6wIv9/h9+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCoTXVSkpbztcCnIk3L5YjXI2ImSsmNlXptNiLeiIi/jJfGs/xc0ZUGAF5S+vckX//r0vS7U0dLx5L/jne2EfHzX1/91a2FVmtjLjv+r4Pjrbv58WoR9QcATrI/Tu+P4/seP7q9uJ8GWZ+H3+0uLprF3ctTt2Q0RjvbiShFxOS/kzzflV2vjJxB/N07EfHFXu1POnMjM/nKp0fjZ7FfH2j89Kn4aaesu83ei8+fQV1g2NzL+p+Pe51/aVzsbHuf/xOdHurl7fd/e8/0f+lB/zfSp/+7eNoY7//pB33L7kR8ebRX/OQgftIn/runjP+3r3ztnX5l7d9EXIre8Q/HqrQa65XN7Z3LK42F5dpyba1anZ+bn/3wygfVSmeOurI/U/2sf3z03hvHtX+yT/yJE9r/zVO2/7f/u/6Trx8T/9vf6P35v3VM/GxM/NYp4y9M/r7v8t1Z/KU+7T/p83/vlPHvP9hZOuVDAYAB2NzeWV2o12sb+c7oxtEjds56J7t2Kyz6bv7BF/0mnKedBz/rvqenflbpeR58zM4XXmG7iuyVgEF4ctIXXRMAAAAAAAAAAAAAAKCfQfybVNFtBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Pz6fwAAAP//Fx/OIg==")
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup2(r0, r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x2000000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)

830.710232ms ago: executing program 4 (id=5005):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_member(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ftruncate(r1, 0x3)

816.882244ms ago: executing program 2 (id=5006):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000070000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073"], 0xf0}}, 0x0)

723.104696ms ago: executing program 5 (id=5007):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1ffffdc1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ff0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x7, @loopback, 0x4}]}, &(0x7f0000000180)=0x10)

707.891808ms ago: executing program 2 (id=5008):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r1}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r3, 0x0, 0x2}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'ipvlan0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r5], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)

651.082965ms ago: executing program 5 (id=5009):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x28007c2, &(0x7f0000000680)={[{@delalloc}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@dax_always}]}, 0x0, 0x483, &(0x7f0000001040)="$eJzs28tvVNUfAPDvvX0APx7tD/EBolaJSaOxpQWVhRuNJsZgNNEFLms7kIaBGlqNIJFiDG5MDImujUujf4E7Y2LUlYlb3bgyJETZALqpuXfuLdNpp1A6ZWrn80lue869Z+ac79zXuefMBNCxBrI/ScS2iPg1Ivpq2YUFBmr/rl05O379ytnxJObmXvszyctdvXJ2vCxavm5rkRlMI9IPk6KShaZPnzk+Vq1WThX54ZkTbw1Pnz7zxDsnxo5VjlVOjh46dPDAyNNPjT7ZkjizuK7ueX9q7+4X37j48viRi2/++HXW3m3F9vo4WmUgC/yvuVzd6vxjerTVlbXZ9rp00t3GhrAiXRGR7a6e/Pzvi664sfP64oUP2to4YE1l96ZNzTfPzgEbWBLtbgHQHuWNPnv+LZc71PVYFy4/W3sAyuK+Viy1Ld2RFmV6Gp5vW2kgIo7M/v15tsQajUMAANT7ePyzw70R8d71r17K+h5981vSuCf//3v+d0cxh9IfEf+PiJ0RcVdE7IqIuyPysvdGxH2rbM/i/k96aZVvuays//dMMbe1sP9X9v6iv6vIbc/j70mOTlYr+4vPZDB6NmX5kWXq+Pb5Xz5ptq2+/5ctWf1lX7Box6XuhgG6ibGZsbxT2gKXz0fs6V4q/mR+JiCJiN0RsWdlb72jTEw+9uXeZoVuHv8yWjDPNPdFFt5sFv9sNMRfSurnJycXzU8Ob45qZf9weVQs9tPPF15tVv9AzN1+/C1wuRL/xMLjv7FIf1I/Xzu98jou/PZR02ea2zz+097k9XyeubdY9+7YzMypkYje5HCeX7B+9MZry3xZPjv+B/ctff7vLF6TxX9/RGQH8QMR8WBEPFS0/eGIeCQi9i0T/w/PNd9Wxh9pm/b/+YiJJa9/88d/w/5feaLr+PffNKv/1vb/wTw1WKzJr383sVRzsstFYwNX89kBAADAf0Wafwc+SYfm02k6NFT7Dv+u+F9anZqeefzo1NsnJ2rfle+PnrQc6eorxkOrk9XKSDJbvGNtfHS0GCsux0sPFOPGn3ZtyfND41PViTbHDp1ua5PzP/NHV7tbB6yxLUuuHe294w0B2qBxHj1dmD33SrgYwEbl99rQuZqf/5tjcXcA2Ejc/6FzLXX+n2vImwuAjcn9HzqX8x86VPpdu1sAtJH7P3Sk1fyufw0Tm9dHM9qTWK87JU9ElIl0XbRHYqWJLbdWuN1XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4NwAA///Xm+pu")
quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f00000000c0)=@filename='./file0\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="010000000000fddbdf2554"], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$binfmt_aout(r6, &(0x7f00000000c0)=ANY=[], 0x20)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

590.727623ms ago: executing program 5 (id=5010):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x20081e, &(0x7f00000020c0), 0x1, 0x4fb, &(0x7f0000000500)="$eJzs3U1vW1kZAODXzpeTyUwywywAIaYMAwVVdRJ3JhrNAoYVQqgSokuQ2pC4URQ7jmKnNKGL9j8gUYkVLPkBrLviJyDYsYEFEh8RqKnE4qJ7bbduajduk9hp/DzS1b3nnmu/5yS559hvEp8ARtaliLgfEZMRcSsi5lrnc60tPm9u6XWPD+6tHh7cW81Fktz4Vy6rT89Fx2NSb7WesxARP/5+xM9yL8at7+1vrlQq5Z1mcXqhUd1eqO/tX92orqyX18tbpdLy0vLip9c+KZ1aXz+oTjYPxtIGfvsXabNmW3Wd/ThNza5PPI2TGo+IH55FsCEYa/VnctgN4bXkI+K9iPgwu//nYiz7bgIAF1mSzEUy11kGAC66fJYDy+WLrVzAbOTzxWIzh/d+zOQrtXrjyu3a7tZaM1c2HxP52xuV8mIrVzgfE7m0vJQdPyuXjpSvRcS7EfHLqemsXFytVdaG+cIHAEbYW0fm//9ONed/AOCCKwy7AQDAwJn/AWD0mP8BYPSY/wFg9Jj/AWD0mP8BYPSY/wFgpPzo+vV0Sw5bn3+9dmdvd7N25+paub5ZrO6uFldrO9vF9VptPfvMnupxz1ep1baXPo7du/Pf2a43Fup7+zertd2txs3sc71vlicG0isA4GXe/eDRn3MRcf+z6WyLjrUczNVwseWH3QBgaMaG3QBgaKz2BaPrBO/xpQfgguiyRO9zChExffTqJEmSs20WcIYuf0n+H0ZVR/7fXwHDiJH/h9HVb/7/uPwA8OZJkly/a/5HvxcCAOebHD/Q4/39e63971q/HPjp2tErHp5lqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB8a6//W2ytBT4b+XyxGPF2RMzHRO72RqW8GBHvRMSfpiam0vLSkNsMAJxU/u+51vpfl+c+mj1aO5l7MpXtI+Lnv77xq7srjcbOH9Pz/356vvGwdb40jPYDAMdpz9PZvuON/OODe6vtbZDt+cf3IqLQjH94MBmHT+OPx3i2L8RERMz8J9cqN+U6chcncf9BRHyxW/9zMZvlQJornx6Nn8Z+e6Dx88/Fz2d1zX36tfjCK0dO5k6h+fBGe5SOP593u//ycSnbd7//C9kIdXKt8S99qtXDbAx8Fr89/o31GP8u9Rvj4z/8oHk0/WLdg4gvj0e0Yx92jD/t+Lke8T/qM/5fvvLVD3vVJb+JuBzd43fGWmhUtxfqe/tXN6or6+X18laptLy0vPjptU9KC1mOeqH3bPDPz66806su7f9Mj/iFY/r/jT77/9v/3frJ114S/1tf7xY/H++/JH46J36zz/grM78v9KpL46917X9b7/5f6TP+X/+2/8Ky4QDA8NT39jdXKpXyziAP2i8kBhrUwQU4SH9qzkEzuh58d1CxJuOVHpUkrxWr14hxGlk34Dxo3utJeScingy7MQAAAAAAAAAAAAAAQFeD+I+lYfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+v/AQAA//+XC86k")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
preadv2(r0, &(0x7f0000000280)=[{&(0x7f0000001200)=""/4096, 0x1000}, {0x0, 0xeffd}], 0x2, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000002c0), 0x1, 0x48000)
unshare(0x8040600)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f0000001040)={'\x00', 0xffffffff, 0x1, 0xb})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='attr/fscreate\x00')
write$cgroup_subtree(r4, 0x0, 0x4c)
ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
read(0xffffffffffffffff, &(0x7f0000000080)=""/221, 0xdd)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='afs_cm_no_server\x00', r5, 0x0, 0x100}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
fcntl$dupfd(r6, 0x406, r6)

588.262684ms ago: executing program 0 (id=5011):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x2000000000000242, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

542.97556ms ago: executing program 2 (id=5012):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r3 = io_uring_setup(0x7a53, &(0x7f0000000240)={0x0, 0x93c6, 0x40, 0x0, 0x17c})
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000000), &(0x7f00000005c0)=r5}, 0x20)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000000)=[@ioring_restriction_sqe_flags_allowed={0x2, 0x16}], 0x1)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', <r6=>0x0, 0x2f, 0x3, 0x2, 0xea, 0x0, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10, 0x80, 0x5, 0x2}})
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@ifindex=r6, 0x1f, 0x1, 0x5, &(0x7f0000000040)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0]}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
fremovexattr(r2, &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r8)
sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000004001b0000000c00228059fe00800400008006002100", @ANYRESOCT=r7], 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'lo\x00', <r13=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r13], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

453.616551ms ago: executing program 2 (id=5013):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7fff, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x80, 0x5}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ustat(0xffffffff, &(0x7f0000000440))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r4=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000240)={0x108, 0xc42, 0x9, 0x6, 0x6, 0xc002, 0x1, 0x3, r4}, 0x20)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={r4, @in6={{0xa, 0x4e21, 0x7, @private0, 0x8964}}, 0x0, 0x7cfb, 0x0, 0x80000000, 0x724aaa535e474a77, 0x1, 0xb}, 0x9c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'ipvlan1\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0305000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r6], 0x48}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r8, 0x0, 0x60, &(0x7f0000000c40)={'filter\x00', 0x104, 0x4, 0x3c8, 0x110, 0x110, 0x110, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'netdevsim0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010101, 0x8, 0x1}}}, {{@arp={@loopback, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00', {}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x80ca, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
getsockname$packet(r1, &(0x7f0000000480)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000004c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r7, <r10=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r10}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0xfee, &(0x7f0000002500)=""/4078, 0x0, 0x64}, 0x94)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'macvlan0\x00'})
sendmsg$nl_route_sched(r11, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000500)=@getchain={0x5c, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x5, 0x8}, {0xd, 0x2}, {0x11, 0xfff1}}, [{0x8, 0xb, 0xfc}, {0x8, 0xb, 0xd}, {0x8, 0xb, 0x40}, {0x8, 0xb, 0x72dd}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0xa}, {0x8, 0xb, 0xb}]}, 0x5c}, 0x1, 0x0, 0x0, 0x84}, 0x40000)

453.302931ms ago: executing program 0 (id=5014):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={<r0=>0xffffffffffffffff})
close(0x3)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000001740)=0x7ffffffd, 0x4)
connect$netlink(r1, &(0x7f0000000100)=@kern={0x10, 0x0, 0x0, 0x8000}, 0xc)
write$binfmt_script(r0, 0x0, 0x6f4000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
setsockopt(r2, 0x4, 0x7c0, &(0x7f0000000400)="1dbfe112abdc74da9bea64f944acdb6779d47c0c4a1b80862596499f7f3b75d5c550a5bc8622da3bbb1812ce6db308d8b5d7737395f4649920d448444c1f6400fa506c1c241cecf461f765e63d2987dd75011735490f08a285057b861c5c3428a94ab5e1906cc1695b40a203165f034e7304e48bdd1c63d866dbd580fae996a8bac87790abeec8a501542e8ea6cf354ec54e6004c334f8ee21e936100426ac37e95dbf761d923d1a690b41346fdf72e7e578c091c7bff22ead5fe09be6486b56c8", 0xc1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x5, 0x8, 0x8000000000005)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_bp={&(0x7f0000000300), 0x1}, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000), &(0x7f0000000300))
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x10010, r4, 0xed526000)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x6)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f00000006c0)={0x0, 'bridge0\x00', {0x101}, 0x2})
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = signalfd(r2, &(0x7f0000000500)={[0x8]}, 0x8)
ioctl$USBDEVFS_ALLOW_SUSPEND(r7, 0x5522)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), r5)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x5c, r8, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xc}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8114}, 0x40000d0)
r9 = memfd_create(&(0x7f00000005c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\x00\x00\x00\x00\x00\x00\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\x89\xa6D\xce\xac\x03\xc1\x83\xd1\xe6 |\xa75\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0VFw\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x88\xaa\x81\xc8\xa2\xdeI\xa2\xbel\x0e\xec\x17fNI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%Uh;H\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\xa2?\xcb\\Y\x1e\xfe\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5T\x8eM4\x1c\xc6\x7f\xd4\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xd0\x92\xd1\xbc\xb8\tJ\xa1\aN\x87\x95\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9gxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!d\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\x8d/o\xcd\xc8x\xdb\xe6\xd0W\xca\xc5kz\x8e9\xfa\x86\x0f\x96p', 0x3)
ioctl$FS_IOC_RESVSP(r9, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000000})
socket$nl_route(0x10, 0x3, 0x0)

419.688715ms ago: executing program 1 (id=5015):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000ac0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x401}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

402.562387ms ago: executing program 1 (id=5016):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001d80)={0x3, 0xc, &(0x7f0000000780)=ANY=[], 0x0, 0x2bc7, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6f}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
times(&(0x7f0000000300))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r2 = gettid()
r3 = gettid()
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000040)={'gre0\x00', 0x0, 0x7, 0x700, 0x58233129, 0x3, {{0x5, 0x4, 0x1, 0x3, 0x14, 0x64, 0x0, 0xd, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x2e}}}}})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', r6, 0x0, 0x7fff}, 0x18)
tkill(r2, 0x12)
tkill(r2, 0x1)
tkill(r3, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
io_setup(0x9, &(0x7f0000000340)=<r7=>0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
io_submit(r7, 0x1, &(0x7f00000005c0)=[&(0x7f00000004c0)={0x0, 0x0, 0x20, 0x1, 0x9, r8, 0x0, 0x0, 0xfffffffffffffff5}])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r9 = syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYRES8=0x0], 0x3, 0x21f, &(0x7f0000000940)="$eJzs2j+LXFUcBuDfXRMSN2xmxH8kIB60UJtLZmqLLJKAOKBoRoiC5Ma9o8NcZ5a5w8KImK209SNYi6WdIClttvETWNhts2UK8Uoya5INY7GIO2Kep5kXzrzccziXwynu/uvffDYa1PmgmMValsXa5diNO1m0Yy3+shuvvXL95xfeu/7BW5u93pV3U7q6ea3TTSmdf/GnD7/4/qXbs3Pv/3D+xzOx1/5o/6D7295zexf2/7j26bBOwzqNJ7NUpJuTyay4WZVpa1iP8pTeqcqiLtNwXJfTI+ODarK9PU/FeGtjfXta1nUqxvM0KudpNkmz6TwVnxTDccrzPG2sB/9E/7s7TRMHzekb0TTNk9/Gudux8Wu0InsqZU9fzp69kT2/m104aJrWqqfKv8L+P94eOtTPRlRf7/R3+ovfxfjmIIZRRRmXohW/x93X5NAiX32zd+VSuqcdX1W3Dvu3dvpPHO13ohXt5f3Oop+O9s/EesTpiMN+N1rxzPJ+d2n/bLz68kPPz6MVv3wck6hiK+52H/S/7KT0xtu9R/oX7/0PAOD/Jk/3Lb2/5fnfjS/6x7gfPnK/OhUXT6127UTU889HRVWVU0EQhPth1ScTJ+HBpq96JgAAAAAAAAAAABzHSXxOuOo1AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/21/BgAA//9DWtUg")
r10 = openat$incfs(r9, &(0x7f0000000040)='.pending_reads\x00', 0x101a00, 0xc6)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000700), &(0x7f0000000740)=0xc)
unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0)

402.146548ms ago: executing program 5 (id=5017):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f0000000540)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='kmem_cache_free\x00', r0, 0x0, 0x2a7203d3}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c000280050001"], 0x84}}, 0x0)

399.040278ms ago: executing program 4 (id=5018):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000070000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a"], 0xf0}}, 0x0)

309.280469ms ago: executing program 1 (id=5019):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') (fail_nth: 5)

36.298035ms ago: executing program 4 (id=5020):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x28007c2, &(0x7f0000000680)={[{@delalloc}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@dax_always}]}, 0x0, 0x483, &(0x7f0000001040)="$eJzs28tvVNUfAPDvvX0APx7tD/EBolaJSaOxpQWVhRuNJsZgNNEFLms7kIaBGlqNIJFiDG5MDImujUujf4E7Y2LUlYlb3bgyJETZALqpuXfuLdNpp1A6ZWrn80lue869Z+ac79zXuefMBNCxBrI/ScS2iPg1Ivpq2YUFBmr/rl05O379ytnxJObmXvszyctdvXJ2vCxavm5rkRlMI9IPk6KShaZPnzk+Vq1WThX54ZkTbw1Pnz7zxDsnxo5VjlVOjh46dPDAyNNPjT7ZkjizuK7ueX9q7+4X37j48viRi2/++HXW3m3F9vo4WmUgC/yvuVzd6vxjerTVlbXZ9rp00t3GhrAiXRGR7a6e/Pzvi664sfP64oUP2to4YE1l96ZNzTfPzgEbWBLtbgHQHuWNPnv+LZc71PVYFy4/W3sAyuK+Viy1Ld2RFmV6Gp5vW2kgIo7M/v15tsQajUMAANT7ePyzw70R8d71r17K+h5981vSuCf//3v+d0cxh9IfEf+PiJ0RcVdE7IqIuyPysvdGxH2rbM/i/k96aZVvuays//dMMbe1sP9X9v6iv6vIbc/j70mOTlYr+4vPZDB6NmX5kWXq+Pb5Xz5ptq2+/5ctWf1lX7Box6XuhgG6ibGZsbxT2gKXz0fs6V4q/mR+JiCJiN0RsWdlb72jTEw+9uXeZoVuHv8yWjDPNPdFFt5sFv9sNMRfSurnJycXzU8Ob45qZf9weVQs9tPPF15tVv9AzN1+/C1wuRL/xMLjv7FIf1I/Xzu98jou/PZR02ea2zz+097k9XyeubdY9+7YzMypkYje5HCeX7B+9MZry3xZPjv+B/ctff7vLF6TxX9/RGQH8QMR8WBEPFS0/eGIeCQi9i0T/w/PNd9Wxh9pm/b/+YiJJa9/88d/w/5feaLr+PffNKv/1vb/wTw1WKzJr383sVRzsstFYwNX89kBAADAf0Wafwc+SYfm02k6NFT7Dv+u+F9anZqeefzo1NsnJ2rfle+PnrQc6eorxkOrk9XKSDJbvGNtfHS0GCsux0sPFOPGn3ZtyfND41PViTbHDp1ua5PzP/NHV7tbB6yxLUuuHe294w0B2qBxHj1dmD33SrgYwEbl99rQuZqf/5tjcXcA2Ejc/6FzLXX+n2vImwuAjcn9HzqX8x86VPpdu1sAtJH7P3Sk1fyufw0Tm9dHM9qTWK87JU9ElIl0XbRHYqWJLbdWuN1XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4NwAA///Xm+pu")
quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f00000000c0)=@filename='./file0\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="010000000000fddbdf2554"], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r6 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$binfmt_aout(r6, &(0x7f00000000c0)=ANY=[], 0x20)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

0s ago: executing program 5 (id=5021):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
add_key$fscrypt_v1(&(0x7f0000000780), &(0x7f00000007c0)={'fscrypt:', @auto=[0x38, 0x37, 0x35, 0x65, 0x62, 0x61, 0x37, 0x30, 0x33, 0x37, 0x33, 0x1, 0x37, 0x37, 0x35, 0x32]}, &(0x7f0000000880)={0x0, "c7980ccd5672aceb6fbb8270bd2855f7fac7d0981385d40a316e085ec24f69d0e581fc4842ac79f740e4cb39d6858c1571afd4c06d7305fd616b94463dd445c1", 0x21}, 0x48, 0xfffffffffffffffe)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f00000000c0)="91b8a91fd3108691bbc4173c3d6f357d027273117b3d0f171ba4ac4703cad036e68907e50e9997cd9c07bd75e6ff", 0x2e}, {&(0x7f0000001c00)="4490137c227c56ee66c372f3105eb186dd8062fad2d5b5bfb0ba068e74a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9afda48e71255a747b6d03097385fb05cf8db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61210c410d799168ffc4b64677af924affd442035db81e18c2d2462d0bb25fff9d3b1ce903597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b25686866f6b53fe7e75cf6854284d501f8535bec8e020b41fb2f8", 0xea}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de21450df098c113e179a0d340", 0x30}, {&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70ca2f8ef53773c5cbdf4", 0xe1}, {&(0x7f0000000300)="9d14305f5b9176fd46a2d6cc0bf8b00ea77d12943b509e31c729441020bfc543d3aa7b29e7107a90c117dc452406d912306165e7e7628186000661e280329d16092058e2f02d853b230704e80cee683918af77403bbbf00203d23592d737fc6ed554a34c0a8b", 0x66}, {&(0x7f0000001d00)="425d01202e24be5080824df8f03955b152c26ff780ae50bf4310f40514e89a2e7e3743a0c54b1ebdae377e00b376c097a5a1177d96c558fdc88e5d092f9c4ee29801393d0b6365bb4f86cca898b6fee05d12420470228e07aa5a2047a4391883cdd86acf0d83021778eb7b5c656c244265c8906de55d53d4ef6cb26fb90479fa63a37d98b31cc593ba936e8a0a2c656ac678557413d29673226cb4c9ff71ac0403c2f63e194f4ed03165abe1faa282b6f7ea", 0xb2}], 0x6}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f58", 0x62}], 0x1}}], 0x2, 0x2090)
r1 = gettid()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
socketpair(0x5, 0x2, 0x2, &(0x7f0000000140)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r2)
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@delalloc}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==")
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', 0x0, 0x2c, 0x2)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0xfffffffd, 0xfffffffd, 0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="b40500000000000071109b0000000000851afb0400000000dc5366699a2d087d60cb55f9e1b4a6d17148ebfa211d662db919a4a26f2a4c0176f3c2b7b9557c0cacfe4809a002ed583be09419ad8f41044a4ede39e914b6a7818cc91076a2cc684c42cdbfd85fcbe61ed05b87db4cc3be93ea79"], 0x0, 0x5}, 0x94)
socket$inet(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

: fail, usb_gadget_register_driver returned -16
[  323.102936][T17791] loop4: detected capacity change from 0 to 2048
[  323.175567][T17799] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4536'.
[  323.239900][T17804] loop2: detected capacity change from 0 to 512
[  323.273119][T17804] ext4 filesystem being mounted at /263/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  323.343795][T17808] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  323.424007][T17810] SELinux: failed to load policy
[  323.516224][T17811] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  323.870916][T17821] loop1: detected capacity change from 0 to 128
[  323.988972][T17825] EXT4-fs: Ignoring removed bh option
[  324.008154][T17825] ext4 filesystem being mounted at /411/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  324.149998][T17835] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4548'.
[  324.286645][T17849] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17849 comm=syz.4.4550
[  324.300604][T17849] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=17849 comm=syz.4.4550
[  324.368569][T17851] SELinux: failed to load policy
[  324.728834][T17843] syz.4.4550 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  324.743179][T17843] CPU: 0 UID: 0 PID: 17843 Comm: syz.4.4550 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  324.743279][T17843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  324.743293][T17843] Call Trace:
[  324.743302][T17843]  <TASK>
[  324.743312][T17843]  __dump_stack+0x1d/0x30
[  324.743339][T17843]  dump_stack_lvl+0x95/0xd0
[  324.743359][T17843]  dump_stack+0x15/0x1b
[  324.743432][T17843]  dump_header+0x81/0x240
[  324.743456][T17843]  oom_kill_process+0x295/0x350
[  324.743476][T17843]  out_of_memory+0x97b/0xb80
[  324.743491][T17843]  try_charge_memcg+0x610/0xa10
[  324.743571][T17843]  obj_cgroup_charge_pages+0xa6/0x150
[  324.743605][T17843]  __memcg_kmem_charge_page+0x9f/0x170
[  324.743623][T17843]  __alloc_frozen_pages_noprof+0x18f/0x360
[  324.743643][T17843]  alloc_pages_mpol+0xb3/0x260
[  324.743706][T17843]  alloc_pages_noprof+0x90/0x130
[  324.743723][T17843]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  324.743806][T17843]  __kvmalloc_node_noprof+0x492/0x6b0
[  324.743822][T17843]  ? ip_set_alloc+0x24/0x30
[  324.743841][T17843]  ? ip_set_alloc+0x24/0x30
[  324.743885][T17843]  ip_set_alloc+0x24/0x30
[  324.743909][T17843]  hash_netiface_create+0x282/0x740
[  324.743929][T17843]  ? __pfx_hash_netiface_create+0x10/0x10
[  324.744027][T17843]  ip_set_create+0x3cc/0x970
[  324.744046][T17843]  ? __nla_parse+0x40/0x60
[  324.744064][T17843]  nfnetlink_rcv_msg+0x4c6/0x590
[  324.744094][T17843]  netlink_rcv_skb+0x123/0x220
[  324.744159][T17843]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  324.744192][T17843]  nfnetlink_rcv+0x167/0x16c0
[  324.744223][T17843]  ? perf_swevent_set_period+0x128/0x160
[  324.744318][T17843]  ? arch_install_hw_breakpoint+0x163/0x170
[  324.744491][T17843]  ? hw_breakpoint_add+0xa9/0xc0
[  324.744508][T17843]  ? event_sched_in+0x675/0x750
[  324.744523][T17843]  ? visit_groups_merge+0xf7e/0xfd0
[  324.744644][T17843]  ? should_fail_ex+0x30/0x280
[  324.744701][T17843]  ? selinux_nlmsg_lookup+0x99/0x890
[  324.744717][T17843]  ? __rcu_read_unlock+0x34/0x70
[  324.744732][T17843]  ? __netlink_lookup+0x266/0x2a0
[  324.744746][T17843]  netlink_unicast+0x5c0/0x690
[  324.744776][T17843]  netlink_sendmsg+0x58b/0x6b0
[  324.744824][T17843]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.744844][T17843]  __sock_sendmsg+0x145/0x180
[  324.744858][T17843]  ____sys_sendmsg+0x31e/0x4a0
[  324.744926][T17843]  ___sys_sendmsg+0x17b/0x1d0
[  324.744982][T17843]  __x64_sys_sendmsg+0xd4/0x160
[  324.745015][T17843]  x64_sys_call+0x17ba/0x3000
[  324.745043][T17843]  do_syscall_64+0xca/0x2b0
[  324.745065][T17843]  ? arch_exit_work+0x49/0x70
[  324.745094][T17843]  ? arch_exit_to_user_mode_prepare+0xb4/0xd0
[  324.745196][T17843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.745250][T17843] RIP: 0033:0x7f7d9288f749
[  324.745262][T17843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.745277][T17843] RSP: 002b:00007f7d912ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  324.745295][T17843] RAX: ffffffffffffffda RBX: 00007f7d92ae5fa0 RCX: 00007f7d9288f749
[  324.745345][T17843] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 000000000000000c
[  324.745360][T17843] RBP: 00007f7d92913f91 R08: 0000000000000000 R09: 0000000000000000
[  324.745376][T17843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  324.745390][T17843] R13: 00007f7d92ae6038 R14: 00007f7d92ae5fa0 R15: 00007ffee7259a38
[  324.745408][T17843]  </TASK>
[  325.079304][T17843] memory: usage 307200kB, limit 307200kB, failcnt 10464
[  325.086377][T17843] memory+swap: usage 307496kB, limit 9007199254740988kB, failcnt 0
[  325.094417][T17843] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[  325.101855][T17843] Memory cgroup stats for /syz4:
[  325.107215][T17843] cache 0
[  325.115204][T17843] rss 4096
[  325.118307][T17843] shmem 0
[  325.121266][T17843] mapped_file 413696
[  325.125208][T17843] dirty 0
[  325.128281][T17843] writeback 0
[  325.131558][T17843] workingset_refault_anon 2366
[  325.136530][T17843] workingset_refault_file 12098
[  325.141490][T17843] swap 303104
[  325.144969][T17843] swapcached 12288
[  325.148664][T17860] bio_check_eod: 94 callbacks suppressed
[  325.148681][T17860] syz.5.4556: attempt to access beyond end of device
[  325.148681][T17860] loop5: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  325.148880][T17843] pgpgin 333834
[  325.172046][T17843] pgpgout 333831
[  325.175662][T17843] pgfault 290887
[  325.179247][T17843] pgmajfault 1015
[  325.182940][T17843] inactive_anon 12288
[  325.187016][T17843] active_anon 0
[  325.190562][T17843] inactive_file 0
[  325.194210][T17843] active_file 0
[  325.197795][T17843] unevictable 0
[  325.201265][T17843] hierarchical_memory_limit 314572800
[  325.206850][T17843] hierarchical_memsw_limit 9223372036854771712
[  325.213159][T17843] total_cache 0
[  325.216713][T17843] total_rss 4096
[  325.220278][T17843] total_shmem 0
[  325.223758][T17843] total_mapped_file 413696
[  325.228226][T17843] total_dirty 0
[  325.231722][T17843] total_writeback 0
[  325.235628][T17843] total_workingset_refault_anon 2366
[  325.241025][T17843] total_workingset_refault_file 12098
[  325.246447][T17843] total_swap 303104
[  325.250279][T17843] total_swapcached 12288
[  325.254777][T17843] total_pgpgin 333834
[  325.258801][T17843] total_pgpgout 333831
[  325.262879][T17843] total_pgfault 290887
[  325.267232][T17843] total_pgmajfault 1015
[  325.271431][T17843] total_inactive_anon 12288
[  325.276149][T17843] total_active_anon 0
[  325.280210][T17843] total_inactive_file 0
[  325.284470][T17843] total_active_file 0
[  325.288495][T17843] total_unevictable 0
[  325.292577][T17843] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4550,pid=17842,uid=0
[  325.307594][T17843] Memory cgroup out of memory: Killed process 17842 (syz.4.4550) total-vm:96420kB, anon-rss:1136kB, file-rss:22704kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  325.388124][T17872] EXT4-fs: dax option not supported
[  325.479214][T17885] 9p: Bad value for 'rfdno'
[  325.504477][T17882] SELinux: failed to load policy
[  325.556019][T17894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4568'.
[  325.565154][T17894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4568'.
[  325.593845][T17891] netlink: 'syz.5.4567': attribute type 4 has an invalid length.
[  325.602911][T17896] syz.2.4569: attempt to access beyond end of device
[  325.602911][T17896] loop2: rw=2049, sector=154, nr_sectors = 6 limit=128
[  325.632348][T17892] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  325.648774][T17891] netlink: 'syz.5.4567': attribute type 4 has an invalid length.
[  325.670635][T17892] EXT4-fs (loop0): orphan cleanup on readonly fs
[  325.686906][T17896] syz.2.4569: attempt to access beyond end of device
[  325.686906][T17896] loop2: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  325.700825][T17896] buffer_io_error: 56 callbacks suppressed
[  325.700842][T17896] Buffer I/O error on dev loop2, logical block 79, lost async page write
[  325.708676][T17892] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.4565: corrupted inode contents
[  325.716088][T17896] syz.2.4569: attempt to access beyond end of device
[  325.716088][T17896] loop2: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  325.727578][T17891] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  325.741201][T17896] Buffer I/O error on dev loop2, logical block 80, lost async page write
[  325.747611][T17891] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  325.747772][T17891] vhci_hcd vhci_hcd.0: Device attached
[  325.811055][T17892] EXT4-fs (loop0): Remounting filesystem read-only
[  325.816945][T17904] vhci_hcd: connection closed
[  325.817968][  T409] vhci_hcd vhci_hcd.5: stop threads
[  325.825951][T17896] syz.2.4569: attempt to access beyond end of device
[  325.825951][T17896] loop2: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  325.828040][  T409] vhci_hcd vhci_hcd.5: release socket
[  325.847575][  T409] vhci_hcd vhci_hcd.5: disconnect device
[  325.859360][T17909] EXT4-fs: dax option not supported
[  325.865036][T17892] EXT4-fs (loop0): 1 truncate cleaned up
[  325.870962][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  325.881647][   T12] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  325.894752][T17911] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17911 comm=syz.4.4570
[  325.918504][   T12] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  325.949275][T17915] netlink: 'syz.1.4573': attribute type 10 has an invalid length.
[  325.957356][T17915] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4573'.
[  326.013709][T17920] set_capacity_and_notify: 10 callbacks suppressed
[  326.013794][T17920] loop1: detected capacity change from 0 to 128
[  326.134380][T17924] FAULT_INJECTION: forcing a failure.
[  326.134380][T17924] name failslab, interval 1, probability 0, space 0, times 0
[  326.147537][T17924] CPU: 0 UID: 0 PID: 17924 Comm: syz.2.4576 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  326.147610][T17924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  326.147624][T17924] Call Trace:
[  326.147633][T17924]  <TASK>
[  326.147642][T17924]  __dump_stack+0x1d/0x30
[  326.147671][T17924]  dump_stack_lvl+0x95/0xd0
[  326.147742][T17924]  dump_stack+0x15/0x1b
[  326.147764][T17924]  should_fail_ex+0x265/0x280
[  326.147790][T17924]  should_failslab+0x8c/0xb0
[  326.147820][T17924]  ? dev_load+0xa3/0xc0
[  326.147909][T17924]  __kmalloc_cache_noprof+0x65/0x4c0
[  326.147931][T17924]  ? __request_module+0x1c4/0x3e0
[  326.147998][T17924]  ? dev_load+0xa3/0xc0
[  326.148036][T17924]  __request_module+0x1c4/0x3e0
[  326.148065][T17924]  dev_load+0xa3/0xc0
[  326.148097][T17924]  dev_ioctl+0x2d1/0x960
[  326.148176][T17924]  sock_do_ioctl+0x197/0x220
[  326.148202][T17924]  sock_ioctl+0x41b/0x610
[  326.148281][T17924]  ? __pfx_sock_ioctl+0x10/0x10
[  326.148316][T17924]  __se_sys_ioctl+0xce/0x140
[  326.148388][T17924]  __x64_sys_ioctl+0x43/0x50
[  326.148414][T17924]  x64_sys_call+0x14b0/0x3000
[  326.148436][T17924]  do_syscall_64+0xca/0x2b0
[  326.148523][T17924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.148607][T17924] RIP: 0033:0x7f43830ef749
[  326.148627][T17924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.148647][T17924] RSP: 002b:00007f4381b4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  326.148673][T17924] RAX: ffffffffffffffda RBX: 00007f4383345fa0 RCX: 00007f43830ef749
[  326.148687][T17924] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000007
[  326.148746][T17924] RBP: 00007f4381b4f090 R08: 0000000000000000 R09: 0000000000000000
[  326.148758][T17924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.148779][T17924] R13: 00007f4383346038 R14: 00007f4383345fa0 R15: 00007fff23d2b448
[  326.148801][T17924]  </TASK>
[  326.390352][T17928] loop0: detected capacity change from 0 to 2048
[  326.470139][T17901] syz.4.4570 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  326.481409][T17901] CPU: 1 UID: 0 PID: 17901 Comm: syz.4.4570 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  326.481437][T17901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  326.481495][T17901] Call Trace:
[  326.481503][T17901]  <TASK>
[  326.481512][T17901]  __dump_stack+0x1d/0x30
[  326.481565][T17901]  dump_stack_lvl+0x95/0xd0
[  326.481584][T17901]  dump_stack+0x15/0x1b
[  326.481602][T17901]  dump_header+0x81/0x240
[  326.481620][T17901]  oom_kill_process+0x295/0x350
[  326.481640][T17901]  out_of_memory+0x97b/0xb80
[  326.481671][T17901]  try_charge_memcg+0x610/0xa10
[  326.481762][T17901]  charge_memcg+0x51/0xc0
[  326.481788][T17901]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  326.481839][T17901]  __read_swap_cache_async+0x17b/0x2d0
[  326.481867][T17901]  swap_cluster_readahead+0x262/0x3c0
[  326.481916][T17901]  swapin_readahead+0xde/0x820
[  326.481940][T17901]  ? mod_memcg_lruvec_state+0x1a1/0x280
[  326.482013][T17901]  ? lruvec_stat_mod_folio+0xd6/0x120
[  326.482198][T17901]  ? __rcu_read_unlock+0x4f/0x70
[  326.482216][T17901]  ? swap_cache_get_folio+0x277/0x280
[  326.482241][T17901]  do_swap_page+0x2b4/0x21e0
[  326.482282][T17901]  ? __pfx_default_wake_function+0x10/0x10
[  326.482312][T17901]  handle_mm_fault+0x9d8/0x2c60
[  326.482346][T17901]  do_user_addr_fault+0x630/0x1080
[  326.482399][T17901]  exc_page_fault+0x62/0xa0
[  326.482424][T17901]  asm_exc_page_fault+0x26/0x30
[  326.482498][T17901] RIP: 0033:0x7f7d927659ec
[  326.482514][T17901] Code: 66 0f 1f 44 00 00 69 3d c6 fc ea 00 e8 03 00 00 48 8d 1d c7 05 38 00 e8 c2 9c 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[  326.482530][T17901] RSP: 002b:00007ffee7259ba0 EFLAGS: 00010202
[  326.482546][T17901] RAX: 0000000000000000 RBX: 00007f7d92ae5fa0 RCX: 0000000000000000
[  326.482612][T17901] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055555b0b1808
[  326.482623][T17901] RBP: 00007f7d92ae7da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  326.482635][T17901] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000004fb54
[  326.482715][T17901] R13: 00007f7d92ae6090 R14: ffffffffffffffff R15: 00007ffee7259cb0
[  326.482731][T17901]  </TASK>
[  326.482753][T17901] memory: usage 307200kB, limit 307200kB, failcnt 10766
[  326.663117][T17938] SELinux: failed to load policy
[  326.666132][T17901] memory+swap: usage 225080kB, limit 9007199254740988kB, failcnt 0
[  326.666154][T17901] kmem: usage 224604kB, limit 9007199254740988kB, failcnt 0
[  326.666168][T17901] Memory cgroup stats for /syz4:
[  326.731463][T17901] cache 0
[  326.739986][T17901] rss 0
[  326.742966][T17901] shmem 0
[  326.745967][T17901] mapped_file 413696
[  326.750060][T17901] dirty 0
[  326.753014][T17901] writeback 0
[  326.756519][T17901] workingset_refault_anon 2459
[  326.761428][T17901] workingset_refault_file 12098
[  326.766432][T17901] swap 323584
[  326.770023][T17901] swapcached 0
[  326.773573][T17901] pgpgin 334184
[  326.777156][T17901] pgpgout 334184
[  326.780720][T17901] pgfault 291266
[  326.784284][T17901] pgmajfault 1057
[  326.787975][T17901] inactive_anon 0
[  326.791621][T17901] active_anon 0
[  326.795185][T17901] inactive_file 0
[  326.798931][T17901] active_file 0
[  326.802661][T17901] unevictable 0
[  326.806227][T17901] hierarchical_memory_limit 314572800
[  326.811621][T17901] hierarchical_memsw_limit 9223372036854771712
[  326.818023][T17901] total_cache 0
[  326.821493][T17901] total_rss 0
[  326.824815][T17901] total_shmem 0
[  326.828335][T17901] total_mapped_file 413696
[  326.832824][T17901] total_dirty 0
[  326.836336][T17901] total_writeback 0
[  326.840160][T17901] total_workingset_refault_anon 2459
[  326.845467][T17901] total_workingset_refault_file 12098
[  326.850872][T17901] total_swap 323584
[  326.854812][T17901] total_swapcached 0
[  326.858745][T17901] total_pgpgin 334184
[  326.862736][T17901] total_pgpgout 334184
[  326.866830][T17901] total_pgfault 291266
[  326.870904][T17901] total_pgmajfault 1057
[  326.875143][T17901] total_inactive_anon 0
[  326.879364][T17901] total_active_anon 0
[  326.883343][T17901] total_inactive_file 0
[  326.887705][T17901] total_active_file 0
[  326.891787][T17901] total_unevictable 0
[  326.895881][T17901] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4570,pid=17901,uid=0
[  326.911222][T17901] Memory cgroup out of memory: Killed process 17901 (syz.4.4570) total-vm:94504kB, anon-rss:1260kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  326.934212][   T29] kauditd_printk_skb: 563 callbacks suppressed
[  326.934230][   T29] audit: type=1400 audit(1768351145.094:35570): avc:  denied  { execute_no_trans } for  pid=17941 comm="syz.2.4585" path="/279/file1" dev="tmpfs" ino=1527 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  326.980908][T17945] loop1: detected capacity change from 0 to 512
[  326.996460][T17945] EXT4-fs: dax option not supported
[  327.055839][T17947] loop0: detected capacity change from 0 to 128
[  327.082804][T17947] syz.0.4584: attempt to access beyond end of device
[  327.082804][T17947] loop0: rw=2049, sector=154, nr_sectors = 6 limit=128
[  327.097826][T17947] syz.0.4584: attempt to access beyond end of device
[  327.097826][T17947] loop0: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  327.111629][T17947] Buffer I/O error on dev loop0, logical block 79, lost async page write
[  327.126607][T17947] syz.0.4584: attempt to access beyond end of device
[  327.126607][T17947] loop0: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  327.140808][T17947] Buffer I/O error on dev loop0, logical block 80, lost async page write
[  327.159703][T17950] netlink: 'syz.1.4586': attribute type 10 has an invalid length.
[  327.167794][T17950] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4586'.
[  327.193803][T17950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4586'.
[  327.212744][T17951] syz.0.4584: attempt to access beyond end of device
[  327.212744][T17951] loop0: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  327.247220][T17958] loop5: detected capacity change from 0 to 512
[  327.259387][T17958] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  327.272325][T17953] loop4: detected capacity change from 0 to 128
[  327.331778][T17958] EXT4-fs (loop5): orphan cleanup on readonly fs
[  327.347272][T17958] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.4588: corrupted inode contents
[  327.359764][T17958] EXT4-fs (loop5): Remounting filesystem read-only
[  327.366558][T17958] EXT4-fs (loop5): 1 truncate cleaned up
[  327.372473][ T1913] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  327.383306][ T1913] Quota error (device loop5): write_blk: dquota write failed
[  327.390812][ T1913] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries
[  327.400933][ T1913] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  327.411651][ T1913] Quota error (device loop5): write_blk: dquota write failed
[  327.419070][ T1913] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list
[  327.420092][T17969] SELinux: failed to load policy
[  327.429030][ T1913] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  327.444640][ T1913] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  327.458082][ T1913] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  327.488416][T17971] netlink: 'syz.0.4593': attribute type 10 has an invalid length.
[  327.496343][T17971] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4593'.
[  327.523279][T17971] loop0: detected capacity change from 0 to 512
[  327.531395][T17971] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  327.547467][T17971] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.4593: bg 0: block 104: invalid block bitmap
[  327.572698][T17971] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  327.581708][T17971] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.4593: invalid indirect mapped block 1 (level 1)
[  327.595321][T17971] EXT4-fs (loop0): 1 truncate cleaned up
[  327.610767][T17978] loop1: detected capacity change from 0 to 512
[  327.617771][T17976] loop4: detected capacity change from 0 to 2048
[  327.635913][T17978] EXT4-fs: dax option not supported
[  327.695780][T17983] bridge0: port 6(batadv3) entered blocking state
[  327.696633][T17987] loop1: detected capacity change from 0 to 128
[  327.702279][T17983] bridge0: port 6(batadv3) entered disabled state
[  327.762568][T17991] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  327.773325][T17991] EXT4-fs (loop4): orphan cleanup on readonly fs
[  327.787450][T17983] batadv3: entered allmulticast mode
[  327.792593][T17991] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.4598: corrupted inode contents
[  327.806994][T17991] EXT4-fs (loop4): Remounting filesystem read-only
[  327.813779][T17991] EXT4-fs (loop4): 1 truncate cleaned up
[  327.816545][T17983] batadv3: entered promiscuous mode
[  327.819696][  T409] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  327.835405][  T409] Quota error (device loop4): write_blk: dquota write failed
[  327.842928][  T409] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[  327.853238][  T409] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  327.863951][  T409] Quota error (device loop4): write_blk: dquota write failed
[  327.871492][  T409] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  327.938583][T18005] syz.1.4603: attempt to access beyond end of device
[  327.938583][T18005] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  327.968037][T18005] Buffer I/O error on dev loop1, logical block 79, lost async page write
[  327.980845][T18005] Buffer I/O error on dev loop1, logical block 80, lost async page write
[  327.990140][T18005] Buffer I/O error on dev loop1, logical block 83, lost async page write
[  327.999051][T18005] Buffer I/O error on dev loop1, logical block 84, lost async page write
[  328.061284][T18016] FAT-fs (loop11): unable to read boot sector
[  328.068866][T18016] netlink: 'syz.5.4608': attribute type 1 has an invalid length.
[  328.187769][ T1999] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled
[  328.197067][ T1999] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled
[  328.226450][T18020] EXT4-fs: Ignoring removed orlov option
[  328.232203][T18020] EXT4-fs: Ignoring removed nomblk_io_submit option
[  328.486810][T18039] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  328.525319][T18039] ext4 filesystem being mounted at /335/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  328.774224][T18047] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4617'.
[  328.852825][T18055] 9p: Bad value for 'rfdno'
[  328.872096][T18053] EXT4-fs error (device loop4): __ext4_iget:5426: inode #11: block 1: comm syz.4.4620: invalid block
[  328.896894][T18053] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.4620: couldn't read orphan inode 11 (err -117)
[  328.910546][T18050] ext4 filesystem being mounted at /424/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  328.939399][T18062] Buffer I/O error on dev loop2, logical block 79, lost async page write
[  328.976070][T18063] lo speed is unknown, defaulting to 1000
[  329.044361][T18063] lo speed is unknown, defaulting to 1000
[  329.055459][T18062] Buffer I/O error on dev loop2, logical block 80, lost async page write
[  329.123562][T18071] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  329.176129][T18074] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18074 comm=syz.1.4624
[  329.247760][T18078] netlink: 'syz.2.4626': attribute type 10 has an invalid length.
[  329.256077][T18078] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4626'.
[  329.339470][T18078] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  329.388692][T18078] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.4626: bg 0: block 104: invalid block bitmap
[  329.440573][T18078] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  329.490211][T18078] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.4626: invalid indirect mapped block 1 (level 1)
[  329.504198][T18094] netlink: 'syz.4.4630': attribute type 10 has an invalid length.
[  329.512137][T18094] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4630'.
[  329.543308][T18094] dummy0: entered promiscuous mode
[  329.556860][T18078] EXT4-fs (loop2): 1 truncate cleaned up
[  329.560450][T18094] bridge0: port 7(dummy0) entered blocking state
[  329.569083][T18094] bridge0: port 7(dummy0) entered disabled state
[  329.580153][T18096] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  329.645953][T18096] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.4630: bg 0: block 104: invalid block bitmap
[  329.680939][T18097] EXT4-fs: Ignoring removed bh option
[  329.684807][T18096] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  329.697620][T18094] dummy0: entered allmulticast mode
[  329.731066][T18096] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.4630: invalid indirect mapped block 1 (level 1)
[  329.774879][T18096] EXT4-fs (loop4): 1 truncate cleaned up
[  329.884717][T18097] ext4 filesystem being mounted at /181/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  330.610456][T18121] msdos filesystem being mounted at /337/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  330.689437][T18121] bio_check_eod: 10 callbacks suppressed
[  330.689453][T18121] syz.1.4636: attempt to access beyond end of device
[  330.689453][T18121] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  330.737318][T18121] syz.1.4636: attempt to access beyond end of device
[  330.737318][T18121] loop1: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  330.751194][T18121] Buffer I/O error on dev loop1, logical block 79, lost async page write
[  330.766577][T18124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  330.781618][T18127] netlink: 'syz.2.4639': attribute type 10 has an invalid length.
[  330.787850][T18130] 9p: Bad value for 'rfdno'
[  330.789700][T18127] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4639'.
[  330.794727][T18124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  330.807399][T18127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4639'.
[  330.820257][T18121] syz.1.4636: attempt to access beyond end of device
[  330.820257][T18121] loop1: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  330.820298][T18121] Buffer I/O error on dev loop1, logical block 80, lost async page write
[  330.850751][T18121] syz.1.4636: attempt to access beyond end of device
[  330.850751][T18121] loop1: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  330.899879][T18135] ext4 filesystem being mounted at /313/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  330.919545][T18137] ext4 filesystem being mounted at /183/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  330.921591][T18135] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4642: iget: bad i_size value: 2533274857506816
[  330.950926][T18137] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  330.967356][T18135] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4642: iget: bad i_size value: 2533274857506816
[  331.028007][T18148] netlink: 'syz.2.4646': attribute type 10 has an invalid length.
[  331.035966][T18148] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4646'.
[  331.055634][T18148] set_capacity_and_notify: 20 callbacks suppressed
[  331.055654][T18148] loop2: detected capacity change from 0 to 512
[  331.074873][T18151] loop4: detected capacity change from 0 to 512
[  331.081743][T18151] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  331.105253][T18151] EXT4-fs: error: could not find journal device path
[  331.157803][T18148] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  331.174820][T18157] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18157 comm=syz.1.4648
[  331.212035][T18148] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.4646: bg 0: block 104: invalid block bitmap
[  331.231110][T18148] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  331.250542][T18148] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.4646: invalid indirect mapped block 1 (level 1)
[  331.266722][T18148] EXT4-fs (loop2): 1 truncate cleaned up
[  331.279401][T18158] loop4: detected capacity change from 0 to 8192
[  331.296022][T18158] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  331.337053][T18158] vfat filesystem being mounted at /316/file2 supports timestamps until 2107-12-31 (0x10391447e)
[  331.358227][T18158] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001)
[  331.366313][T18158] FAT-fs (loop4): Filesystem has been set read-only
[  331.477554][T18167] loop0: detected capacity change from 0 to 2048
[  331.498719][T18167] ext4 filesystem being mounted at /429/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.543817][T18173] 9p: Bad value for 'rfdno'
[  331.581998][T18176] loop2: detected capacity change from 0 to 512
[  331.607069][T18176] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  331.621803][T18175] netlink: 'syz.4.4655': attribute type 10 has an invalid length.
[  331.629777][T18175] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4655'.
[  331.631145][T18176] EXT4-fs (loop2): orphan cleanup on readonly fs
[  331.648774][T18175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4655'.
[  331.674746][T18176] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.4654: corrupted inode contents
[  331.687648][T18176] EXT4-fs (loop2): Remounting filesystem read-only
[  331.695757][T18176] EXT4-fs (loop2): 1 truncate cleaned up
[  331.701876][ T1913] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  331.712637][ T1913] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  331.723712][ T1913] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  331.767811][T18180] loop0: detected capacity change from 0 to 512
[  331.780088][T18182] loop4: detected capacity change from 0 to 512
[  331.800375][T18180] ext4 filesystem being mounted at /430/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.837356][T18182] ext4 filesystem being mounted at /319/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.856456][T18188] loop5: detected capacity change from 0 to 128
[  331.856673][T18180] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  331.882774][   T29] kauditd_printk_skb: 273 callbacks suppressed
[  331.882792][   T29] audit: type=1326 audit(3536702303.173:35835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  331.884075][T18182] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4657: iget: bad i_size value: 2533274857506816
[  331.913161][   T29] audit: type=1326 audit(3536702303.173:35836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  331.949480][   T29] audit: type=1326 audit(3536702303.173:35837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  331.973418][   T29] audit: type=1326 audit(3536702303.173:35838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  331.997269][   T29] audit: type=1326 audit(3536702303.173:35839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  332.001634][T12406] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  332.021202][   T29] audit: type=1326 audit(3536702303.173:35840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  332.032223][T12406] CPU: 1 UID: 0 PID: 12406 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  332.032306][T12406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  332.032415][T12406] Call Trace:
[  332.032424][T12406]  <TASK>
[  332.032432][T12406]  __dump_stack+0x1d/0x30
[  332.032458][T12406]  dump_stack_lvl+0x95/0xd0
[  332.032480][T12406]  dump_stack+0x15/0x1b
[  332.032509][T12406]  dump_header+0x81/0x240
[  332.032556][T12406]  oom_kill_process+0x295/0x350
[  332.032579][T12406]  out_of_memory+0x97b/0xb80
[  332.032634][T12406]  try_charge_memcg+0x610/0xa10
[  332.032672][T12406]  charge_memcg+0x51/0xc0
[  332.032770][T12406]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  332.032802][T12406]  __read_swap_cache_async+0x17b/0x2d0
[  332.032833][T12406]  swap_cluster_readahead+0x262/0x3c0
[  332.032892][T12406]  swapin_readahead+0xde/0x820
[  332.032969][T12406]  ? __rcu_read_unlock+0x4f/0x70
[  332.032990][T12406]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  332.033012][T12406]  ? __rcu_read_unlock+0x4f/0x70
[  332.033055][T12406]  ? __rcu_read_unlock+0x4f/0x70
[  332.033075][T12406]  ? swap_cache_get_folio+0x277/0x280
[  332.033102][T12406]  do_swap_page+0x2b4/0x21e0
[  332.033191][T12406]  ? _raw_spin_unlock+0x26/0x50
[  332.033215][T12406]  ? __schedule+0x85f/0xcd0
[  332.033306][T12406]  ? __pfx_default_wake_function+0x10/0x10
[  332.033349][T12406]  handle_mm_fault+0x9d8/0x2c60
[  332.033386][T12406]  do_user_addr_fault+0x630/0x1080
[  332.033432][T12406]  exc_page_fault+0x62/0xa0
[  332.033459][T12406]  asm_exc_page_fault+0x26/0x30
[  332.033518][T12406] RIP: 0033:0x7f41ff571fc5
[  332.033535][T12406] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 95 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  332.033553][T12406] RSP: 002b:00007ffe7e858268 EFLAGS: 00010246
[  332.033571][T12406] RAX: 0000000000000000 RBX: 000000000000034f RCX: 00007f41ff571fc3
[  332.033585][T12406] RDX: 00007ffe7e858280 RSI: 0000000000000000 RDI: 0000000000000000
[  332.033625][T12406] RBP: 00007ffe7e8582ec R08: 0000000003218469 R09: 0000000000000000
[  332.033638][T12406] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  332.033651][T12406] R13: 00000000000927c0 R14: 0000000000050f5b R15: 00007ffe7e858340
[  332.033669][T12406]  </TASK>
[  332.033677][T12406] memory: usage 307200kB, limit 307200kB, failcnt 8072
[  332.055893][   T29] audit: type=1326 audit(3536702303.173:35841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  332.066334][T12406] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0
[  332.076497][   T29] audit: type=1326 audit(3536702303.173:35842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  332.079777][T12406] kmem: usage 307148kB, limit 9007199254740988kB, failcnt 0
[  332.082720][   T29] audit: type=1326 audit(3536702303.173:35843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  332.087122][T12406] Memory cgroup stats for 
[  332.091720][   T29] audit: type=1326 audit(3536702303.173:35844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.4.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  332.095880][T12406] /syz1
[  332.120817][T18189] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4657: iget: bad i_size value: 2533274857506816
[  332.125235][T12406] :
[  332.137223][T18188] msdos filesystem being mounted at /185/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  332.162042][T12406] cache 0
[  332.194984][T18192] 9pnet_virtio: no channels available for device 127.0.0.1
[  332.198115][T12406] rss 0
[  332.204023][T18188] syz.5.4658: attempt to access beyond end of device
[  332.204023][T18188] loop5: rw=2049, sector=154, nr_sectors = 6 limit=128
[  332.207477][T12406] shmem 0
[  332.212295][T18188] syz.5.4658: attempt to access beyond end of device
[  332.212295][T18188] loop5: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  332.231831][T12406] mapped_file 413696
[  332.231846][T12406] dirty 0
[  332.231853][T12406] writeback 0
[  332.231862][T12406] workingset_refault_anon 1467
[  332.231870][T12406] workingset_refault_file 10203
[  332.231878][T12406] swap 167936
[  332.231885][T12406] swapcached 53248
[  332.231908][T12406] pgpgin 277991
[  332.231915][T12406] pgpgout 277978
[  332.231921][T12406] pgfault 357631
[  332.231929][T12406] pgmajfault 918
[  332.238080][T18188] Buffer I/O error on dev loop5, logical block 79, lost async page write
[  332.246156][T12406] inactive_anon 53248
[  332.275320][T18188] syz.5.4658: attempt to access beyond end of device
[  332.275320][T18188] loop5: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  332.279093][T12406] active_anon 0
[  332.282249][T18188] Buffer I/O error on dev loop5, logical block 80, lost async page write
[  332.298932][T18188] syz.5.4658: attempt to access beyond end of device
[  332.298932][T18188] loop5: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  332.313002][T12406] inactive_file 0
[  332.313017][T12406] active_file 0
[  332.430274][T18196] loop0: detected capacity change from 0 to 512
[  332.433010][T12406] unevictable 0
[  332.433023][T12406] hierarchical_memory_limit 314572800
[  332.433034][T12406] hierarchical_memsw_limit 9223372036854771712
[  332.433046][T12406] total_cache 0
[  332.433066][T12406] total_rss 0
[  332.469284][T18198] 9pnet_virtio: no channels available for device 127.0.0.1
[  332.476643][T12406] total_shmem 0
[  332.583690][T18196] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  332.584218][T12406] total_mapped_file 413696
[  332.587787][T18196] EXT4-fs (loop0): orphan cleanup on readonly fs
[  332.593219][T12406] total_dirty 0
[  332.593233][T12406] total_writeback 0
[  332.593242][T12406] total_workingset_refault_anon 1467
[  332.601429][T18196] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.4661: corrupted inode contents
[  332.602993][T12406] total_workingset_refault_file 10203
[  332.603005][T12406] total_swap 167936
[  332.606570][T18196] EXT4-fs (loop0): Remounting filesystem read-only
[  332.613612][T12406] total_swapcached 53248
[  332.617547][T18196] EXT4-fs (loop0): 1 truncate cleaned up
[  332.625071][T12406] total_pgpgin 277991
[  332.625085][T12406] total_pgpgout 277978
[  332.625095][T12406] total_pgfault 357631
[  332.629610][ T1999] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  332.635887][T12406] total_pgmajfault 918
[  332.635896][T12406] total_inactive_anon 53248
[  332.639380][ T1999] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  332.643372][T12406] total_active_anon 0
[  332.643384][T12406] total_inactive_file 0
[  332.649279][ T1999] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  332.660743][T12406] total_active_file 0
[  332.660756][T12406] total_unevictable 0
[  332.752447][T18204] 9p: Bad value for 'rfdno'
[  332.752662][T12406] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4648,pid=18150,uid=0
[  332.776274][T12406] Memory cgroup out of memory: Killed process 18150 (syz.1.4648) total-vm:96420kB, anon-rss:1264kB, file-rss:22704kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  332.788738][T18206] loop2: detected capacity change from 0 to 128
[  332.822524][T18208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.842427][T18208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.853455][T18206] vfat filesystem being mounted at /296/bus supports timestamps until 2107-12-31 (0x10391447e)
[  332.917786][T18214] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  332.929378][T18214] EXT4-fs (loop1): orphan cleanup on readonly fs
[  332.942661][T18214] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.4667: corrupted inode contents
[  332.955026][T18214] EXT4-fs (loop1): Remounting filesystem read-only
[  332.961764][T18214] EXT4-fs (loop1): 1 truncate cleaned up
[  332.967772][ T1000] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  332.978595][ T1000] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  332.990423][ T1000] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  333.063636][T18224] netlink: 'syz.2.4670': attribute type 10 has an invalid length.
[  333.071626][T18224] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4670'.
[  333.091003][T18224] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  333.095150][T18226] EXT4-fs: Ignoring removed oldalloc option
[  333.100849][T18224] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.4670: bg 0: block 104: invalid block bitmap
[  333.116134][T18226] EXT4-fs: Ignoring removed i_version option
[  333.118727][T18224] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  333.124437][T18226] EXT4-fs: Ignoring removed nomblk_io_submit option
[  333.140277][T18224] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.4670: invalid indirect mapped block 1 (level 1)
[  333.153834][T18224] EXT4-fs (loop2): 1 truncate cleaned up
[  333.154947][T18226] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  333.181440][T18226] EXT4-fs (loop0): 1 truncate cleaned up
[  333.214478][T18226] Invalid ELF header magic: != ELF
[  333.243768][T18232] msdos filesystem being mounted at /300/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  333.259209][T18232] syz.2.4673: attempt to access beyond end of device
[  333.259209][T18232] loop2: rw=2049, sector=154, nr_sectors = 6 limit=128
[  333.273490][T18232] syz.2.4673: attempt to access beyond end of device
[  333.273490][T18232] loop2: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  333.284841][T18236] EXT4-fs: dax option not supported
[  333.287624][T18232] Buffer I/O error on dev loop2, logical block 79, lost async page write
[  333.302780][T18232] Buffer I/O error on dev loop2, logical block 80, lost async page write
[  333.336398][T18240] 9p: Bad value for 'rfdno'
[  333.368195][T18242] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  333.433509][T18250] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  333.457023][T18250] EXT4-fs: error: could not find journal device path
[  333.465852][T18251] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  333.465902][T18253] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  333.489208][T18251] EXT4-fs (loop0): orphan cleanup on readonly fs
[  333.498119][T18251] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.4679: corrupted inode contents
[  333.513757][T18251] EXT4-fs (loop0): Remounting filesystem read-only
[  333.528525][T18251] EXT4-fs (loop0): 1 truncate cleaned up
[  333.534545][   T52] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  333.545260][   T52] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  333.556490][   T52] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  333.704878][T18272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  333.714698][T18272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  333.746152][T18277] msdos filesystem being mounted at /322/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  333.759969][T18277] Buffer I/O error on dev loop4, logical block 79, lost async page write
[  333.769117][T18277] Buffer I/O error on dev loop4, logical block 80, lost async page write
[  333.778428][T18277] Buffer I/O error on dev loop4, logical block 83, lost async page write
[  333.787266][T18277] Buffer I/O error on dev loop4, logical block 84, lost async page write
[  334.060281][T18283] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  334.483861][T18298] EXT4-fs error (device loop5): __ext4_iget:5426: inode #11: block 1: comm syz.5.4694: invalid block
[  334.510289][T18298] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.4694: couldn't read orphan inode 11 (err -117)
[  334.526061][T18305] vfat filesystem being mounted at /309/bus supports timestamps until 2107-12-31 (0x10391447e)
[  334.636697][T18300] ext4 filesystem being mounted at /326/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  334.681692][T18314] msdos filesystem being mounted at /189/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  334.697142][T18312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4703'.
[  334.835485][T18320] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4699: bg 0: block 345: padding at end of block bitmap is not set
[  334.850557][T18320] EXT4-fs (loop4): Remounting filesystem read-only
[  334.943928][T18322] ext4 filesystem being mounted at /310/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  334.997736][T18330] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  335.006084][T18330] EXT4-fs (loop0): orphan cleanup on readonly fs
[  335.014371][T18330] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.4707: corrupted inode contents
[  335.032433][T18337] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  335.067718][T18330] EXT4-fs (loop0): Remounting filesystem read-only
[  335.075596][T18330] EXT4-fs (loop0): 1 truncate cleaned up
[  335.078526][T18341] netlink: 'syz.1.4711': attribute type 10 has an invalid length.
[  335.089467][T18341] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4711'.
[  335.098804][ T1913] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  335.109795][ T1913] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  335.111004][T18341] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  335.129634][ T1913] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  335.130921][T18341] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.4711: bg 0: block 104: invalid block bitmap
[  335.153685][T18341] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  335.167364][T18341] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.4711: invalid indirect mapped block 1 (level 1)
[  335.181625][T18341] EXT4-fs (loop1): 1 truncate cleaned up
[  335.194322][T18344] EXT4-fs error (device loop5): __ext4_iget:5426: inode #11: block 1: comm syz.5.4712: invalid block
[  335.215971][T18344] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.4712: couldn't read orphan inode 11 (err -117)
[  335.303018][T18347] EXT4-fs error (device loop5): __ext4_iget:5426: inode #11: block 1: comm syz.5.4713: invalid block
[  335.321261][T18347] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.4713: couldn't read orphan inode 11 (err -117)
[  335.366328][T18350] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  335.557578][T18374] EXT4-fs: Ignoring removed bh option
[  335.568543][T18374] ext4 filesystem being mounted at /192/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  335.659559][T18380] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  335.683439][T18380] EXT4-fs: error: could not find journal device path
[  335.827087][T18350] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  335.835716][T18350] Symlink component flag not implemented
[  335.841462][T18350] Symlink component flag not implemented
[  335.847399][T18350] Symlink component flag not implemented (7)
[  335.853637][T18350] Symlink component flag not implemented (116)
[  335.873409][T18386] set_capacity_and_notify: 24 callbacks suppressed
[  335.873427][T18386] loop2: detected capacity change from 0 to 512
[  335.877685][T18383] EXT4-fs error (device loop0): __ext4_iget:5426: inode #11: block 1: comm syz.0.4727: invalid block
[  335.898660][T18383] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.4727: couldn't read orphan inode 11 (err -117)
[  335.913317][T18386] EXT4-fs error (device loop2): __ext4_iget:5426: inode #11: block 1: comm syz.2.4726: invalid block
[  335.927408][T18386] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4726: couldn't read orphan inode 11 (err -117)
[  336.000236][T18397] loop1: detected capacity change from 0 to 2048
[  336.178897][T18401] loop4: detected capacity change from 0 to 2048
[  336.186343][T18406] SELinux: failed to load policy
[  336.274607][T18416] loop4: detected capacity change from 0 to 512
[  336.293029][T18419] loop0: detected capacity change from 0 to 512
[  336.303612][T18416] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  336.327611][T18416] EXT4-fs: error: could not find journal device path
[  336.385112][T18423] SELinux: failed to load policy
[  336.385320][T18419] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  336.436734][T18427] loop5: detected capacity change from 0 to 512
[  336.448257][T18419] EXT4-fs (loop0): orphan cleanup on readonly fs
[  336.466126][T18419] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.4735: corrupted inode contents
[  336.488514][T18427] EXT4-fs error (device loop5): __ext4_iget:5426: inode #11: block 1: comm syz.5.4741: invalid block
[  336.498186][T18419] EXT4-fs (loop0): Remounting filesystem read-only
[  336.506550][T18419] EXT4-fs (loop0): 1 truncate cleaned up
[  336.507730][T18429] 9pnet_virtio: no channels available for device 127.0.0.1
[  336.520290][ T1913] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  336.530986][ T1913] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  336.548021][T18427] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.4741: couldn't read orphan inode 11 (err -117)
[  336.564752][ T1913] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  336.577565][T18432] loop1: detected capacity change from 0 to 2048
[  336.591645][T18434] loop4: detected capacity change from 0 to 512
[  336.648501][T18438] 9pnet_virtio: no channels available for device 127.0.0.1
[  336.664273][   T29] kauditd_printk_skb: 749 callbacks suppressed
[  336.664292][   T29] audit: type=1326 audit(3536702308.191:36564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18437 comm="syz.5.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  336.704676][   T29] audit: type=1326 audit(3536702308.202:36565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18437 comm="syz.5.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  336.708285][T18434] ext4 filesystem being mounted at /331/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  336.728549][   T29] audit: type=1326 audit(3536702308.202:36566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18437 comm="syz.5.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  336.762632][   T29] audit: type=1326 audit(3536702308.202:36567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18437 comm="syz.5.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  336.798946][   T29] audit: type=1326 audit(3536702308.328:36568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18433 comm="syz.4.4744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  336.800229][T18434] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4744: iget: bad i_size value: 2533274857506816
[  336.835994][   T29] audit: type=1326 audit(3536702308.328:36569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18433 comm="syz.4.4744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  336.847664][T18434] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4744: iget: bad i_size value: 2533274857506816
[  336.859687][   T29] audit: type=1326 audit(3536702308.328:36570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18433 comm="syz.4.4744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  336.896171][   T29] audit: type=1326 audit(3536702308.328:36571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18433 comm="syz.4.4744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  336.920034][   T29] audit: type=1326 audit(3536702308.328:36572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18433 comm="syz.4.4744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  336.943888][   T29] audit: type=1326 audit(3536702308.328:36573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18433 comm="syz.4.4744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  336.988554][T18447] loop4: detected capacity change from 0 to 2048
[  337.054069][T18455] loop0: detected capacity change from 0 to 512
[  337.066666][T18449] SELinux: failed to load policy
[  337.076297][T18455] ext4 filesystem being mounted at /449/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  337.091627][T18455] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  337.161965][T18465] EXT4-fs error (device loop4): __ext4_iget:5426: inode #11: block 1: comm syz.4.4755: invalid block
[  337.184623][T18463] 9pnet_virtio: no channels available for device 127.0.0.1
[  337.333925][T18473] 9p: Bad value for 'rfdno'
[  337.357011][T18465] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.4755: couldn't read orphan inode 11 (err -117)
[  337.474581][T18480] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  337.934364][T18470] syz.0.4753 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  337.945534][T18470] CPU: 1 UID: 0 PID: 18470 Comm: syz.0.4753 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  337.945562][T18470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  337.945573][T18470] Call Trace:
[  337.945586][T18470]  <TASK>
[  337.945594][T18470]  __dump_stack+0x1d/0x30
[  337.945621][T18470]  dump_stack_lvl+0x95/0xd0
[  337.945711][T18470]  dump_stack+0x15/0x1b
[  337.945732][T18470]  dump_header+0x81/0x240
[  337.945751][T18470]  oom_kill_process+0x295/0x350
[  337.945791][T18470]  out_of_memory+0x97b/0xb80
[  337.945813][T18470]  try_charge_memcg+0x610/0xa10
[  337.945862][T18470]  charge_memcg+0x51/0xc0
[  337.945896][T18470]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  337.945961][T18470]  __read_swap_cache_async+0x17b/0x2d0
[  337.946092][T18470]  swap_cluster_readahead+0x262/0x3c0
[  337.946127][T18470]  swapin_readahead+0xde/0x820
[  337.946164][T18470]  ? mod_memcg_lruvec_state+0x1a1/0x280
[  337.946232][T18470]  ? lruvec_stat_mod_folio+0xd6/0x120
[  337.946259][T18470]  ? __rcu_read_unlock+0x4f/0x70
[  337.946282][T18470]  ? swap_cache_get_folio+0x277/0x280
[  337.946396][T18470]  do_swap_page+0x2b4/0x21e0
[  337.946434][T18470]  ? __pfx_default_wake_function+0x10/0x10
[  337.946480][T18470]  handle_mm_fault+0x9d8/0x2c60
[  337.946536][T18470]  do_user_addr_fault+0x630/0x1080
[  337.946570][T18470]  exc_page_fault+0x62/0xa0
[  337.946614][T18470]  asm_exc_page_fault+0x26/0x30
[  337.946647][T18470] RIP: 0033:0x7f3f85c074e0
[  337.946666][T18470] Code: 6e c7 89 13 48 8b 50 08 0f 16 40 50 0f 11 00 48 89 50 50 48 8b 50 10 48 89 78 10 48 89 50 40 48 89 d7 eb b2 66 0f 1f 44 00 00 <64> 48 8b 0c 25 10 00 00 00 8b 91 08 03 00 00 48 8d b9 08 03 00 00
[  337.946688][T18470] RSP: 002b:00007ffdc223e8c8 EFLAGS: 00010202
[  337.946705][T18470] RAX: 00000000fffffffa RBX: 00007f3f85e35fa0 RCX: 0000000000000000
[  337.946717][T18470] RDX: 00007ffdc223e910 RSI: 0000000000000000 RDI: 0000000000000000
[  337.946729][T18470] RBP: 00007f3f85e37da0 R08: 000000001380e00f R09: 7fffffffffffffff
[  337.946742][T18470] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000529d2
[  337.946763][T18470] R13: 00007ffdc223ea30 R14: ffffffffffffffff R15: 00007ffdc223ea50
[  337.946785][T18470]  </TASK>
[  337.946794][T18470] memory: usage 307200kB, limit 307200kB, failcnt 6815
[  337.968620][T18498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4767'.
[  337.970943][T18470] memory+swap: usage 307696kB, limit 9007199254740988kB, failcnt 0
[  337.970962][T18470] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[  337.970978][T18470] Memory cgroup stats for 
[  338.049701][T18496] SELinux: failed to load policy
[  338.053952][T18470] /syz0:
[  338.193536][T18470] cache 0
[  338.205811][T18470] rss 0
[  338.208748][T18470] shmem 0
[  338.211868][T18470] mapped_file 413696
[  338.216005][T18470] dirty 0
[  338.219127][T18470] writeback 4096
[  338.222810][T18470] workingset_refault_anon 715
[  338.227590][T18470] workingset_refault_file 8323
[  338.232505][T18470] swap 507904
[  338.235980][T18470] swapcached 8192
[  338.239623][T18470] pgpgin 349333
[  338.243134][T18470] pgpgout 349331
[  338.246774][T18470] pgfault 384508
[  338.250339][T18470] pgmajfault 454
[  338.254336][T18470] inactive_anon 8192
[  338.258477][T18470] active_anon 0
[  338.262009][T18470] inactive_file 0
[  338.265834][T18470] active_file 0
[  338.269433][T18470] unevictable 0
[  338.272663][T18504] 9pnet_virtio: no channels available for device 127.0.0.1
[  338.272972][T18470] hierarchical_memory_limit 314572800
[  338.285503][T18470] hierarchical_memsw_limit 9223372036854771712
[  338.291784][T18470] total_cache 0
[  338.295435][T18470] total_rss 0
[  338.298961][T18470] total_shmem 0
[  338.302563][T18470] total_mapped_file 413696
[  338.307079][T18470] total_dirty 0
[  338.310697][T18470] total_writeback 4096
[  338.314822][T18470] total_workingset_refault_anon 715
[  338.320058][T18470] total_workingset_refault_file 8323
[  338.325605][T18470] total_swap 507904
[  338.329455][T18470] total_swapcached 8192
[  338.333843][T18470] total_pgpgin 349333
[  338.338103][T18470] total_pgpgout 349331
[  338.342238][T18470] total_pgfault 384508
[  338.346518][T18470] total_pgmajfault 454
[  338.350793][T18470] total_inactive_anon 8192
[  338.355224][T18470] total_active_anon 0
[  338.359809][T18470] total_inactive_file 0
[  338.364275][T18470] total_active_file 0
[  338.368537][T18470] total_unevictable 0
[  338.372530][T18470] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.4753,pid=18470,uid=0
[  338.387444][T18470] Memory cgroup out of memory: Killed process 18470 (syz.0.4753) total-vm:94240kB, anon-rss:1248kB, file-rss:22564kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  338.476387][T18515] 9p: Bad value for 'rfdno'
[  338.546021][T18520] netlink: 'syz.1.4775': attribute type 10 has an invalid length.
[  338.553977][T18520] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4775'.
[  338.576523][T18520] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  338.630915][T18518] EXT4-fs error (device loop4): __ext4_iget:5426: inode #11: block 1: comm syz.4.4772: invalid block
[  338.637234][T18520] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.4775: bg 0: block 104: invalid block bitmap
[  338.642605][T18518] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.4772: couldn't read orphan inode 11 (err -117)
[  338.679259][T18533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  338.697004][T18520] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  338.708928][T18535] vfat filesystem being mounted at /322/bus supports timestamps until 2107-12-31 (0x10391447e)
[  338.711741][T18520] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.4775: invalid indirect mapped block 1 (level 1)
[  338.723959][T18533] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  338.771199][T18520] EXT4-fs (loop1): 1 truncate cleaned up
[  338.986654][T18549] EXT4-fs error (device loop1): __ext4_iget:5426: inode #11: block 1: comm syz.1.4785: invalid block
[  339.014047][T18549] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.4785: couldn't read orphan inode 11 (err -117)
[  339.044041][T18555] ext4 filesystem being mounted at /341/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  339.077243][T18555] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4787: iget: bad i_size value: 2533274857506816
[  339.112365][T18555] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4787: iget: bad i_size value: 2533274857506816
[  339.320950][T18568] ext4 filesystem being mounted at /343/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  339.350892][T18572] EXT4-fs error (device loop2): __ext4_iget:5426: inode #11: block 1: comm syz.2.4792: invalid block
[  339.380835][T18572] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4792: couldn't read orphan inode 11 (err -117)
[  339.408656][T18575] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  339.409761][T18568] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, 
[  339.432485][T18575] EXT4-fs: error: could not find journal device path
[  339.447614][T18568] block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  339.478580][T18577] vfat filesystem being mounted at /454/bus supports timestamps until 2107-12-31 (0x10391447e)
[  339.598474][T18584] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  339.623600][T18584] EXT4-fs (loop2): orphan cleanup on readonly fs
[  339.641016][T18594] netlink: 'syz.4.4799': attribute type 10 has an invalid length.
[  339.648971][T18594] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4799'.
[  339.687243][T18584] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.4795: corrupted inode contents
[  339.704523][T18599] msdos filesystem being mounted at /376/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  339.718758][T18584] EXT4-fs (loop2): Remounting filesystem read-only
[  339.725621][T18584] EXT4-fs (loop2): 1 truncate cleaned up
[  339.731679][ T1000] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  339.736451][T18594] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  339.742615][ T1000] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  339.775854][T18594] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.4799: bg 0: block 104: invalid block bitmap
[  339.775989][T18596] EXT4-fs: dax option not supported
[  339.794293][ T1000] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  339.810454][T18594] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  339.811166][T18599] bio_check_eod: 64 callbacks suppressed
[  339.811182][T18599] syz.1.4801: attempt to access beyond end of device
[  339.811182][T18599] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  339.851216][T18599] syz.1.4801: attempt to access beyond end of device
[  339.851216][T18599] loop1: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  339.865375][T18599] buffer_io_error: 36 callbacks suppressed
[  339.865392][T18599] Buffer I/O error on dev loop1, logical block 79, lost async page write
[  339.868560][T18604] 9p: Bad value for 'rfdno'
[  339.871357][T18599] syz.1.4801: attempt to access beyond end of device
[  339.871357][T18599] loop1: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  339.889573][T18594] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.4799: invalid indirect mapped block 1 (level 1)
[  339.898727][T18599] Buffer I/O error on dev loop1, logical block 80, lost async page write
[  339.899116][T18599] syz.1.4801: attempt to access beyond end of device
[  339.899116][T18599] loop1: rw=2049, sector=162, nr_sectors = 6 limit=128
[  339.948368][T18599] syz.1.4801: attempt to access beyond end of device
[  339.948368][T18599] loop1: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  339.971019][T18594] EXT4-fs (loop4): 1 truncate cleaned up
[  340.031562][T18614] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4807'.
[  340.040757][T18614] netlink: 21 bytes leftover after parsing attributes in process `syz.0.4807'.
[  340.043194][T18612] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4806'.
[  340.103055][T18619] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  340.108528][T18616] vfat filesystem being mounted at /458/bus supports timestamps until 2107-12-31 (0x10391447e)
[  340.126739][T18619] EXT4-fs: error: could not find journal device path
[  340.196102][T18622] netlink: 'syz.5.4811': attribute type 10 has an invalid length.
[  340.204203][T18622] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4811'.
[  340.230308][T18624] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  340.239061][T18622] dummy0: entered promiscuous mode
[  340.257375][T18622] bridge0: port 5(dummy0) entered blocking state
[  340.263930][T18622] bridge0: port 5(dummy0) entered disabled state
[  340.274151][T18622] dummy0: entered allmulticast mode
[  340.280821][T18624] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  340.298187][T18622] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  340.343617][T18622] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.4811: bg 0: block 104: invalid block bitmap
[  340.384214][T18637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  340.393064][T18637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  340.401938][T18622] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  340.416165][T18641] msdos filesystem being mounted at /380/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  340.430218][T18622] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.4811: invalid indirect mapped block 1 (level 1)
[  340.442148][T18643] 9p: Bad value for 'rfdno'
[  340.444695][T18622] EXT4-fs (loop5): 1 truncate cleaned up
[  340.449689][T18641] syz.1.4819: attempt to access beyond end of device
[  340.449689][T18641] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  340.468988][T18639] ext4 filesystem being mounted at /460/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  340.498398][T18639] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  340.502422][T18648] syz.1.4819: attempt to access beyond end of device
[  340.502422][T18648] loop1: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  340.531242][T18647] msdos filesystem being mounted at /348/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  340.554523][T18647] syz.4.4820: attempt to access beyond end of device
[  340.554523][T18647] loop4: rw=2049, sector=154, nr_sectors = 6 limit=128
[  340.569284][T18647] syz.4.4820: attempt to access beyond end of device
[  340.569284][T18647] loop4: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  340.583080][T18647] Buffer I/O error on dev loop4, logical block 79, lost async page write
[  340.592734][T18647] syz.4.4820: attempt to access beyond end of device
[  340.592734][T18647] loop4: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  340.606944][T18647] Buffer I/O error on dev loop4, logical block 80, lost async page write
[  340.617245][T18647] Buffer I/O error on dev loop4, logical block 83, lost async page write
[  340.625955][T18647] Buffer I/O error on dev loop4, logical block 84, lost async page write
[  340.627178][T18650] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4821'.
[  340.707524][T18661] set_capacity_and_notify: 26 callbacks suppressed
[  340.707569][T18661] loop5: detected capacity change from 0 to 128
[  340.728714][T18661] vfat filesystem being mounted at /213/bus supports timestamps until 2107-12-31 (0x10391447e)
[  340.814442][T18675] loop0: detected capacity change from 0 to 512
[  340.827971][T18676] loop1: detected capacity change from 0 to 512
[  340.842128][T18676] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  340.850619][T18676] EXT4-fs (loop1): orphan cleanup on readonly fs
[  340.857279][T18675] ext4 filesystem being mounted at /467/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  340.870495][T18676] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.4829: corrupted inode contents
[  340.873899][T18677] loop4: detected capacity change from 0 to 512
[  340.889133][T18675] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  340.904124][T18676] EXT4-fs (loop1): Remounting filesystem read-only
[  340.915841][T18676] EXT4-fs (loop1): 1 truncate cleaned up
[  340.921666][  T409] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  340.932366][  T409] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  340.932668][T18683] loop5: detected capacity change from 0 to 512
[  340.956810][T18677] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  340.965069][T18677] EXT4-fs (loop4): orphan cleanup on readonly fs
[  340.976330][T18677] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.4830: corrupted inode contents
[  340.981926][T18683] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  340.998920][  T409] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  341.017084][T18677] EXT4-fs (loop4): Remounting filesystem read-only
[  341.024124][T18677] EXT4-fs (loop4): 1 truncate cleaned up
[  341.030387][  T385] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  341.041094][  T385] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  341.061045][  T385] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  341.073206][T18683] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.4833: iget: bad i_size value: 2533274857506816
[  341.087602][T18683] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.4833: iget: bad i_size value: 2533274857506816
[  341.154802][T18697] loop5: detected capacity change from 0 to 256
[  341.162236][T18697] vfat: Unknown parameter '0x0000000000000000ÿÿ'
[  341.173107][T18697] loop5: detected capacity change from 0 to 512
[  341.180994][T18697] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  341.193041][T18697] EXT4-fs (loop5): 1 truncate cleaned up
[  341.229837][T18700] loop0: detected capacity change from 0 to 128
[  341.237549][T18700] msdos filesystem being mounted at /470/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  341.250230][T18700] Buffer I/O error on dev loop0, logical block 79, lost async page write
[  341.259139][T18700] Buffer I/O error on dev loop0, logical block 80, lost async page write
[  341.268272][T18700] Buffer I/O error on dev loop0, logical block 83, lost async page write
[  341.277124][T18700] Buffer I/O error on dev loop0, logical block 84, lost async page write
[  341.310215][T18702] loop5: detected capacity change from 0 to 512
[  341.317089][T18702] EXT4-fs: dax option not supported
[  341.438215][T18709] loop0: detected capacity change from 0 to 512
[  341.452755][T18709] ext4 filesystem being mounted at /472/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  341.471657][T18709] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  341.595118][T18717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.603822][T18717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.652544][T18722] ext4 filesystem being mounted at /351/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  341.667043][   T29] kauditd_printk_skb: 376 callbacks suppressed
[  341.667062][   T29] audit: type=1326 audit(3536702313.441:36932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.669167][T18722] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4847: iget: bad i_size value: 2533274857506816
[  341.673795][   T29] audit: type=1326 audit(3536702313.441:36933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.702351][T18722] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4847: iget: bad i_size value: 2533274857506816
[  341.709634][   T29] audit: type=1326 audit(3536702313.441:36934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.769842][   T29] audit: type=1326 audit(3536702313.441:36935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.793609][   T29] audit: type=1326 audit(3536702313.441:36936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.817380][   T29] audit: type=1326 audit(3536702313.441:36937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.841457][   T29] audit: type=1326 audit(3536702313.441:36938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.866096][   T29] audit: type=1326 audit(3536702313.441:36939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.890050][   T29] audit: type=1326 audit(3536702313.441:36940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  341.913833][   T29] audit: type=1326 audit(3536702313.441:36941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18721 comm="syz.4.4847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9288f749 code=0x7ffc0000
[  342.022810][T18730] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  342.204565][T18736] msdos filesystem being mounted at /218/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  342.232604][T18735] EXT4-fs (loop1): 1 truncate cleaned up
[  342.302431][T18738] netlink: 'syz.1.4851': attribute type 1 has an invalid length.
[  342.333623][T18738] 8021q: adding VLAN 0 to HW filter on device bond1
[  342.357191][T18735] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.4851: bg 0: block 465: padding at end of block bitmap is not set
[  342.372303][T18735] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  342.385143][T18735] EXT4-fs (loop1): This should not happen!! Data will be lost
[  342.385143][T18735] 
[  342.394857][T18735] EXT4-fs (loop1): Total free blocks count 0
[  342.400961][T18735] EXT4-fs (loop1): Free/Dirty block details
[  342.406980][T18735] EXT4-fs (loop1): free_blocks=0
[  342.412054][T18735] EXT4-fs (loop1): dirty_blocks=2220
[  342.417424][T18735] EXT4-fs (loop1): Block reservation details
[  342.423692][T18735] EXT4-fs (loop1): i_reserved_data_blocks=2220
[  342.452970][   T12] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 164 with error 28
[  342.466060][   T12] EXT4-fs (loop1): This should not happen!! Data will be lost
[  342.466060][   T12] 
[  342.587447][T18746] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  342.596144][T18746] EXT4-fs (loop5): orphan cleanup on readonly fs
[  342.622698][T18746] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.4856: corrupted inode contents
[  342.635190][T18746] EXT4-fs (loop5): Remounting filesystem read-only
[  342.642136][T18746] EXT4-fs (loop5): 1 truncate cleaned up
[  342.663866][  T385] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  342.674700][  T385] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  342.686417][  T385] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  342.712602][T18751] FAULT_INJECTION: forcing a failure.
[  342.712602][T18751] name failslab, interval 1, probability 0, space 0, times 0
[  342.725500][T18751] CPU: 0 UID: 0 PID: 18751 Comm: syz.1.4855 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  342.725530][T18751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  342.725545][T18751] Call Trace:
[  342.725554][T18751]  <TASK>
[  342.725564][T18751]  __dump_stack+0x1d/0x30
[  342.725603][T18751]  dump_stack_lvl+0x95/0xd0
[  342.725628][T18751]  dump_stack+0x15/0x1b
[  342.725649][T18751]  should_fail_ex+0x265/0x280
[  342.725673][T18751]  should_failslab+0x8c/0xb0
[  342.725698][T18751]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  342.725729][T18751]  ? __alloc_skb+0x2ff/0x4b0
[  342.725758][T18751]  __alloc_skb+0x2ff/0x4b0
[  342.725779][T18751]  ? __alloc_skb+0x228/0x4b0
[  342.725810][T18751]  __tipc_nl_compat_dumpit+0x9e/0x640
[  342.725849][T18751]  ? __rcu_read_unlock+0x4f/0x70
[  342.725871][T18751]  ? mod_node_page_state+0x1c/0xa0
[  342.725966][T18751]  ? lruvec_stat_mod_folio+0xea/0x120
[  342.725990][T18751]  ? __alloc_skb+0x327/0x4b0
[  342.726013][T18751]  ? should_fail_ex+0xdb/0x280
[  342.726110][T18751]  tipc_nl_compat_dumpit+0x39a/0x420
[  342.726144][T18751]  tipc_nl_compat_recv+0x64e/0x800
[  342.726252][T18751]  ? refill_obj_stock+0x254/0x2e0
[  342.726290][T18751]  ? __pfx_tipc_nl_node_dump_link+0x10/0x10
[  342.726314][T18751]  ? __pfx_tipc_nl_compat_link_stat_dump+0x10/0x10
[  342.726401][T18751]  genl_family_rcv_msg_doit+0x143/0x1b0
[  342.726433][T18751]  genl_rcv_msg+0x422/0x460
[  342.726576][T18751]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  342.726646][T18751]  netlink_rcv_skb+0x123/0x220
[  342.726678][T18751]  ? __pfx_genl_rcv_msg+0x10/0x10
[  342.726712][T18751]  genl_rcv+0x28/0x40
[  342.726762][T18751]  netlink_unicast+0x5c0/0x690
[  342.726795][T18751]  netlink_sendmsg+0x58b/0x6b0
[  342.726879][T18751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.726914][T18751]  __sock_sendmsg+0x145/0x180
[  342.726941][T18751]  ____sys_sendmsg+0x31e/0x4a0
[  342.726975][T18751]  ___sys_sendmsg+0x17b/0x1d0
[  342.727019][T18751]  __x64_sys_sendmsg+0xd4/0x160
[  342.727053][T18751]  x64_sys_call+0x17ba/0x3000
[  342.727109][T18751]  do_syscall_64+0xca/0x2b0
[  342.727141][T18751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.727161][T18751] RIP: 0033:0x7f41ff53f749
[  342.727178][T18751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.727199][T18751] RSP: 002b:00007f41fdfa7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.727241][T18751] RAX: ffffffffffffffda RBX: 00007f41ff795fa0 RCX: 00007f41ff53f749
[  342.727296][T18751] RDX: 0000000000040000 RSI: 0000200000000100 RDI: 0000000000000003
[  342.727310][T18751] RBP: 00007f41fdfa7090 R08: 0000000000000000 R09: 0000000000000000
[  342.727386][T18751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.727462][T18751] R13: 00007f41ff796038 R14: 00007f41ff795fa0 R15: 00007ffe7e857f28
[  342.727480][T18751]  </TASK>
[  343.123260][T18765] msdos filesystem being mounted at /356/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  343.202789][T18755] EXT4-fs mount: 169 callbacks suppressed
[  343.202809][T18755] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.221395][T18755] ext4 filesystem being mounted at /221/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  343.223677][T18767] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.238530][T18755] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.4858: iget: bad i_size value: 2533274857506816
[  343.245372][T18767] ext4 filesystem being mounted at /385/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  343.265753][T18755] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.4858: iget: bad i_size value: 2533274857506816
[  343.393950][T18774] syz!: rxe_newlink: already configured on team_slave_0
[  343.657273][T14489] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.693923][T18767] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  343.780116][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.816193][T18787] FAT-fs (loop5): bogus number of FAT sectors
[  343.822569][T18787] FAT-fs (loop5): Can't find a valid FAT filesystem
[  343.950262][T18794] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  343.967653][T18805] vfat filesystem being mounted at /477/bus supports timestamps until 2107-12-31 (0x10391447e)
[  343.988105][T18803] msdos filesystem being mounted at /361/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  343.997235][T18794] EXT4-fs (loop5): orphan cleanup on readonly fs
[  344.028148][T18794] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.4872: corrupted inode contents
[  344.048234][T18794] EXT4-fs (loop5): Remounting filesystem read-only
[  344.056930][T18794] EXT4-fs (loop5): 1 truncate cleaned up
[  344.062822][  T409] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  344.073771][  T409] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  344.095536][  T409] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  344.096785][T18809] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.119864][T18794] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  344.144711][T18794] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.159173][T18813] vfat filesystem being mounted at /478/bus supports timestamps until 2107-12-31 (0x10391447e)
[  344.171077][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.252937][T18818] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.274663][T18818] ext4 filesystem being mounted at /388/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  344.306876][T18818] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  344.335120][T18830] netlink: 80 bytes leftover after parsing attributes in process `syz.5.4883'.
[  344.354953][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.411845][T18839] vfat filesystem being mounted at /225/file1 supports timestamps until 2107-12-31 (0x10391447e)
[  344.595526][T18851] msdos filesystem being mounted at /391/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  344.617340][T18851] bio_check_eod: 176 callbacks suppressed
[  344.617379][T18851] syz.1.4890: attempt to access beyond end of device
[  344.617379][T18851] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  344.640561][T18851] syz.1.4890: attempt to access beyond end of device
[  344.640561][T18851] loop1: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  344.654647][T18851] buffer_io_error: 108 callbacks suppressed
[  344.654664][T18851] Buffer I/O error on dev loop1, logical block 79, lost async page write
[  344.669934][T18851] syz.1.4890: attempt to access beyond end of device
[  344.669934][T18851] loop1: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  344.683844][T18851] Buffer I/O error on dev loop1, logical block 80, lost async page write
[  344.705362][T18849] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4889'.
[  344.725706][T18858] netlink: 'syz.2.4893': attribute type 4 has an invalid length.
[  344.728177][T18851] syz.1.4890: attempt to access beyond end of device
[  344.728177][T18851] loop1: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  344.770338][T18858] netlink: 'syz.2.4893': attribute type 4 has an invalid length.
[  344.787167][ T3885] lo speed is unknown, defaulting to 1000
[  344.793018][ T3885] syz1: Port: 1 Link ACTIVE
[  344.799830][T18858] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  344.806553][T18858] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  344.814339][T18858] vhci_hcd vhci_hcd.0: Device attached
[  344.817109][T18862] EXT4-fs (loop4): 1 truncate cleaned up
[  344.820166][ T3427] lo speed is unknown, defaulting to 1000
[  344.827848][T18862] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.853378][T18863] vhci_hcd: connection closed
[  344.853500][ T2046] vhci_hcd vhci_hcd.2: stop threads
[  344.863531][ T2046] vhci_hcd vhci_hcd.2: release socket
[  344.869029][ T2046] vhci_hcd vhci_hcd.2: disconnect device
[  344.887574][T18869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4895'.
[  344.928502][T18873] netlink: 'syz.4.4894': attribute type 1 has an invalid length.
[  344.951288][T18873] 8021q: adding VLAN 0 to HW filter on device bond2
[  344.977261][T18879] 8021q: adding VLAN 0 to HW filter on device bond0
[  344.978436][T18862] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4894: bg 0: block 465: padding at end of block bitmap is not set
[  344.986334][T18879] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  345.012658][T18862] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  345.022625][T18879] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  345.025746][T18862] EXT4-fs (loop4): This should not happen!! Data will be lost
[  345.025746][T18862] 
[  345.043195][T18862] EXT4-fs (loop4): Total free blocks count 0
[  345.049312][T18862] EXT4-fs (loop4): Free/Dirty block details
[  345.055388][T18862] EXT4-fs (loop4): free_blocks=0
[  345.060481][T18862] EXT4-fs (loop4): dirty_blocks=3972
[  345.065930][T18862] EXT4-fs (loop4): Block reservation details
[  345.072124][T18862] EXT4-fs (loop4): i_reserved_data_blocks=3972
[  345.198770][T18902] netlink: 'syz.0.4901': attribute type 21 has an invalid length.
[  345.312590][T18902] netlink: 'syz.0.4901': attribute type 1 has an invalid length.
[  345.320460][T18902] netlink: 144 bytes leftover after parsing attributes in process `syz.0.4901'.
[  345.340963][T12783] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.355215][T18922] FAULT_INJECTION: forcing a failure.
[  345.355215][T18922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  345.368631][T18922] CPU: 1 UID: 0 PID: 18922 Comm: syz.0.4903 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  345.368662][T18922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  345.368673][T18922] Call Trace:
[  345.368760][T18922]  <TASK>
[  345.368769][T18922]  __dump_stack+0x1d/0x30
[  345.368814][T18922]  dump_stack_lvl+0x95/0xd0
[  345.368837][T18922]  dump_stack+0x15/0x1b
[  345.368856][T18922]  should_fail_ex+0x265/0x280
[  345.368878][T18922]  should_fail+0xb/0x20
[  345.368954][T18922]  should_fail_usercopy+0x1a/0x20
[  345.369075][T18922]  _copy_from_iter+0xcf/0xe70
[  345.369098][T18922]  ? __alloc_skb+0x396/0x4b0
[  345.369119][T18922]  ? __alloc_skb+0x228/0x4b0
[  345.369216][T18922]  netlink_sendmsg+0x471/0x6b0
[  345.369350][T18922]  ? __pfx_netlink_sendmsg+0x10/0x10
[  345.369377][T18922]  __sock_sendmsg+0x145/0x180
[  345.369515][T18922]  ____sys_sendmsg+0x31e/0x4a0
[  345.369599][T18922]  ___sys_sendmsg+0x17b/0x1d0
[  345.369712][T18922]  __x64_sys_sendmsg+0xd4/0x160
[  345.369740][T18922]  x64_sys_call+0x17ba/0x3000
[  345.369761][T18922]  do_syscall_64+0xca/0x2b0
[  345.369796][T18922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.369815][T18922] RIP: 0033:0x7f3f85bdf749
[  345.369831][T18922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.369874][T18922] RSP: 002b:00007f3f84647038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  345.369894][T18922] RAX: ffffffffffffffda RBX: 00007f3f85e35fa0 RCX: 00007f3f85bdf749
[  345.369905][T18922] RDX: 0000000020010000 RSI: 0000200000000080 RDI: 0000000000000003
[  345.369917][T18922] RBP: 00007f3f84647090 R08: 0000000000000000 R09: 0000000000000000
[  345.369928][T18922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.369973][T18922] R13: 00007f3f85e36038 R14: 00007f3f85e35fa0 R15: 00007ffdc223e7d8
[  345.369990][T18922]  </TASK>
[  346.069051][T18946] set_capacity_and_notify: 18 callbacks suppressed
[  346.069077][T18946] loop0: detected capacity change from 0 to 256
[  346.075902][T18944] loop5: detected capacity change from 0 to 128
[  346.089016][T18946] vfat filesystem being mounted at /486/file1 supports timestamps until 2107-12-31 (0x10391447e)
[  346.103032][T18944] msdos filesystem being mounted at /227/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  346.136258][T18944] syz.5.4906: attempt to access beyond end of device
[  346.136258][T18944] loop5: rw=2049, sector=154, nr_sectors = 6 limit=128
[  346.150321][T18944] syz.5.4906: attempt to access beyond end of device
[  346.150321][T18944] loop5: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  346.164322][T18944] Buffer I/O error on dev loop5, logical block 79, lost async page write
[  346.216404][T18944] syz.5.4906: attempt to access beyond end of device
[  346.216404][T18944] loop5: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  346.229208][T18959] 9p: Bad value for 'rfdno'
[  346.230188][T18944] Buffer I/O error on dev loop5, logical block 80, lost async page write
[  346.267343][T18961] syz.5.4906: attempt to access beyond end of device
[  346.267343][T18961] loop5: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  346.295818][T18967] loop2: detected capacity change from 0 to 128
[  346.304545][T18967] vfat filesystem being mounted at /341/bus supports timestamps until 2107-12-31 (0x10391447e)
[  346.336090][T18969] loop1: detected capacity change from 0 to 512
[  346.354609][T18970] loop4: detected capacity change from 0 to 512
[  346.379729][T18969] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.395976][T18970] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  346.403272][T18969] ext4 filesystem being mounted at /398/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  346.404492][T18970] EXT4-fs (loop4): orphan cleanup on readonly fs
[  346.427544][T18970] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.4913: corrupted inode contents
[  346.440493][T18969] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  346.463500][T18980] loop5: detected capacity change from 0 to 512
[  346.467437][T18970] EXT4-fs (loop4): Remounting filesystem read-only
[  346.477452][T18970] EXT4-fs (loop4): 1 truncate cleaned up
[  346.483399][   T31] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  346.494054][   T31] __quota_error: 243 callbacks suppressed
[  346.494070][   T31] Quota error (device loop4): write_blk: dquota write failed
[  346.507712][   T31] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[  346.518010][   T31] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  346.528787][   T31] Quota error (device loop4): write_blk: dquota write failed
[  346.528912][T18980] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.536266][   T31] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list
[  346.536377][   T31] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  346.549842][T18980] ext4 filesystem being mounted at /228/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  346.559133][   T31] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  346.559816][   T31] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  346.600366][T18980] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  346.610527][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.615962][T18970] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  346.644306][T18970] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.683143][T14489] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.686570][T18986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  346.711106][T18986] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  346.776877][T18998] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  346.788127][T18998] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  346.833797][T19005] 9p: Bad value for 'rfdno'
[  346.852842][T19007] loop1: detected capacity change from 0 to 512
[  346.880543][T19007] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.893352][T19007] ext4 filesystem being mounted at /402/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  346.909544][   T29] audit: type=1326 audit(3536702318.953:37173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19006 comm="syz.1.4925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41ff53f749 code=0x7ffc0000
[  346.911086][T19009] SELinux: failed to load policy
[  346.935422][T19007] EXT4-fs error (device loop1): ext4_lookup:1785: inode #12: comm syz.1.4925: iget: bad i_size value: 2533274857506816
[  346.951463][   T29] audit: type=1326 audit(3536702318.974:37174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19006 comm="syz.1.4925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41ff53f749 code=0x7ffc0000
[  346.963547][T19013] SELinux:  policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c
[  346.975733][   T29] audit: type=1326 audit(3536702318.974:37175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19006 comm="syz.1.4925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41ff53f749 code=0x7ffc0000
[  346.988537][T19013] SELinux: failed to load policy
[  347.009845][   T29] audit: type=1326 audit(3536702318.974:37176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19006 comm="syz.1.4925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41ff53f749 code=0x7ffc0000
[  347.016585][T19007] EXT4-fs error (device loop1): ext4_lookup:1785: inode #12: comm syz.1.4925: iget: bad i_size value: 2533274857506816
[  347.100813][T19017] loop4: detected capacity change from 0 to 512
[  347.135218][T19017] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  347.159145][T19017] EXT4-fs: error: could not find journal device path
[  347.171643][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.244385][T19026] loop5: detected capacity change from 0 to 512
[  347.274891][T19029] loop1: detected capacity change from 0 to 2048
[  347.307868][T19032] 9p: Bad value for 'rfdno'
[  347.314983][T19029] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.325975][T19030] SELinux: failed to load policy
[  347.337694][T19026] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.355887][T19026] ext4 filesystem being mounted at /233/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.381260][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.426607][T19040] SELinux: failed to load policy
[  347.433066][T19026] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.4933: iget: bad i_size value: 2533274857506816
[  347.448496][T19026] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.4933: iget: bad i_size value: 2533274857506816
[  347.479473][T19043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.492436][T19044] EXT4-fs error (device loop2): __ext4_iget:5426: inode #11: block 1: comm syz.2.4940: invalid block
[  347.503953][T19043] ext4 filesystem being mounted at /373/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.503953][T19044] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4940: couldn't read orphan inode 11 (err -117)
[  347.504717][T19044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.534918][T19051] EXT4-fs: dax option not supported
[  347.551499][T19043] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4941: iget: bad i_size value: 2533274857506816
[  347.565649][T19043] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.4941: iget: bad i_size value: 2533274857506816
[  347.591662][T19048] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  347.601862][T14489] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.623404][T19048] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.4942: bg 0: block 104: invalid block bitmap
[  347.636340][T19048] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  347.646378][T19048] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.4942: invalid indirect mapped block 1 (level 1)
[  347.663641][T13459] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.679154][T19056] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  347.702824][T19056] EXT4-fs: error: could not find journal device path
[  347.714977][T19048] EXT4-fs (loop0): 1 truncate cleaned up
[  347.715621][T12783] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.735511][T19048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.766745][T19058] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  347.776114][T11880] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.790724][T19061] 9p: Bad value for 'rfdno'
[  347.796291][T19058] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(8)
[  347.802844][T19058] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  347.810687][T19058] vhci_hcd vhci_hcd.0: Device attached
[  347.860488][T19071] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(11)
[  347.867277][T19071] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  347.874970][T19071] vhci_hcd vhci_hcd.0: Device attached
[  347.900160][T19058] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(10)
[  347.906999][T19058] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  347.914719][T19058] vhci_hcd vhci_hcd.0: Device attached
[  347.925638][T19070] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.957968][T19077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.970993][T19077] ext4 filesystem being mounted at /493/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.981704][ T3412] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  347.993415][T19077] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  348.012633][T19074] vhci_hcd: connection closed
[  348.012633][T19072] vhci_hcd: connection closed
[  348.017455][  T409] vhci_hcd vhci_hcd.4: stop threads
[  348.027657][  T409] vhci_hcd vhci_hcd.4: release socket
[  348.033243][  T409] vhci_hcd vhci_hcd.4: disconnect device
[  348.040035][T13459] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.041725][T19059] vhci_hcd: connection closed
[  348.049518][ T3412] usb 9-3: new full-speed USB device number 4 using vhci_hcd
[  348.065042][T19062] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  348.080617][  T409] vhci_hcd vhci_hcd.4: stop threads
[  348.086026][  T409] vhci_hcd vhci_hcd.4: release socket
[  348.091550][  T409] vhci_hcd vhci_hcd.4: disconnect device
[  348.091860][T19083] SELinux: failed to load policy
[  348.098687][T11880] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.119116][  T409] vhci_hcd vhci_hcd.4: stop threads
[  348.124422][  T409] vhci_hcd vhci_hcd.4: release socket
[  348.129984][  T409] vhci_hcd vhci_hcd.4: disconnect device
[  348.151850][T19085] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.165852][T19085] ext4 filesystem being mounted at /349/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  348.181494][T19085] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  348.211681][T13459] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.254424][T19097] FAULT_INJECTION: forcing a failure.
[  348.254424][T19097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  348.267718][T19097] CPU: 1 UID: 0 PID: 19097 Comm: syz.2.4956 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  348.267776][T19097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  348.267791][T19097] Call Trace:
[  348.267815][T19097]  <TASK>
[  348.267825][T19097]  __dump_stack+0x1d/0x30
[  348.267853][T19097]  dump_stack_lvl+0x95/0xd0
[  348.267878][T19097]  dump_stack+0x15/0x1b
[  348.267900][T19097]  should_fail_ex+0x265/0x280
[  348.267925][T19097]  should_fail+0xb/0x20
[  348.267968][T19097]  should_fail_usercopy+0x1a/0x20
[  348.267995][T19097]  _copy_from_user+0x1c/0xb0
[  348.268070][T19097]  memdup_user+0x5e/0xd0
[  348.268092][T19097]  strndup_user+0x68/0xb0
[  348.268113][T19097]  __se_sys_mount+0x8e/0x2e0
[  348.268137][T19097]  ? fput+0x8f/0xc0
[  348.268187][T19097]  ? ksys_write+0x192/0x1a0
[  348.268209][T19097]  __x64_sys_mount+0x67/0x80
[  348.268243][T19097]  x64_sys_call+0x2cca/0x3000
[  348.268270][T19097]  do_syscall_64+0xca/0x2b0
[  348.268388][T19097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.268415][T19097] RIP: 0033:0x7f43830ef749
[  348.268435][T19097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.268502][T19097] RSP: 002b:00007f4381b4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  348.268566][T19097] RAX: ffffffffffffffda RBX: 00007f4383345fa0 RCX: 00007f43830ef749
[  348.268583][T19097] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000480
[  348.268598][T19097] RBP: 00007f4381b4f090 R08: 0000000000000000 R09: 0000000000000000
[  348.268614][T19097] R10: 0000000000801400 R11: 0000000000000246 R12: 0000000000000001
[  348.268628][T19097] R13: 00007f4383346038 R14: 00007f4383345fa0 R15: 00007fff23d2b448
[  348.268650][T19097]  </TASK>
[  348.529479][T19105] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.582111][T19115] SELinux: failed to load policy
[  348.596416][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.614705][T19116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.667090][T19116] ext4 filesystem being mounted at /497/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  348.688471][T19129] FAULT_INJECTION: forcing a failure.
[  348.688471][T19129] name failslab, interval 1, probability 0, space 0, times 0
[  348.701324][T19129] CPU: 0 UID: 0 PID: 19129 Comm: syz.1.4970 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  348.701354][T19129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  348.701368][T19129] Call Trace:
[  348.701404][T19129]  <TASK>
[  348.701414][T19129]  __dump_stack+0x1d/0x30
[  348.701512][T19129]  dump_stack_lvl+0x95/0xd0
[  348.701535][T19129]  dump_stack+0x15/0x1b
[  348.701556][T19129]  should_fail_ex+0x265/0x280
[  348.701582][T19129]  should_failslab+0x8c/0xb0
[  348.701606][T19129]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  348.701638][T19129]  ? __alloc_skb+0x2ff/0x4b0
[  348.701703][T19129]  __alloc_skb+0x2ff/0x4b0
[  348.701732][T19129]  ? __alloc_skb+0x228/0x4b0
[  348.701760][T19129]  netlink_alloc_large_skb+0xbf/0xf0
[  348.701789][T19129]  netlink_sendmsg+0x3cf/0x6b0
[  348.701869][T19129]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.701946][T19129]  __sock_sendmsg+0x145/0x180
[  348.701965][T19129]  ____sys_sendmsg+0x31e/0x4a0
[  348.701996][T19129]  ___sys_sendmsg+0x17b/0x1d0
[  348.702171][T19129]  __x64_sys_sendmsg+0xd4/0x160
[  348.702207][T19129]  x64_sys_call+0x17ba/0x3000
[  348.702241][T19129]  do_syscall_64+0xca/0x2b0
[  348.702274][T19129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.702300][T19129] RIP: 0033:0x7f41ff53f749
[  348.702375][T19129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.702394][T19129] RSP: 002b:00007f41fdfa7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  348.702453][T19129] RAX: ffffffffffffffda RBX: 00007f41ff795fa0 RCX: 00007f41ff53f749
[  348.702468][T19129] RDX: 0000000000000050 RSI: 0000200000000880 RDI: 0000000000000006
[  348.702482][T19129] RBP: 00007f41fdfa7090 R08: 0000000000000000 R09: 0000000000000000
[  348.702497][T19129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  348.702509][T19129] R13: 00007f41ff796038 R14: 00007f41ff795fa0 R15: 00007ffe7e857f28
[  348.702527][T19129]  </TASK>
[  348.969455][T19116] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  348.994422][T19133] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  349.013694][T19133] EXT4-fs (loop2): orphan cleanup on readonly fs
[  349.027305][T19133] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.4968: corrupted inode contents
[  349.070746][T19133] EXT4-fs (loop2): Remounting filesystem read-only
[  349.073738][T19146] SELinux: failed to load policy
[  349.078144][T11880] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.092774][T19133] EXT4-fs (loop2): 1 truncate cleaned up
[  349.098895][ T1913] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  349.109713][ T1913] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  349.121640][ T1913] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  349.122568][T19143] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.151889][T19133] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  349.186454][T19133] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.196654][T12783] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.228255][T19154] EXT4-fs: inline encryption not supported
[  349.236631][T19156] vfat filesystem being mounted at /498/file1 supports timestamps until 2107-12-31 (0x10391447e)
[  349.271112][T19154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.312379][T19158] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  349.314729][T19154] EXT4-fs error (device loop1): mb_free_blocks:2037: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  349.340044][T19154] EXT4-fs (loop1): Remounting filesystem read-only
[  349.386783][T19170] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  349.410560][T19170] EXT4-fs: error: could not find journal device path
[  349.478236][T19178] netlink: 'syz.0.4989': attribute type 4 has an invalid length.
[  349.570006][T12406] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.583801][T19178] netlink: 'syz.0.4989': attribute type 4 has an invalid length.
[  349.629002][T19178] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  349.635613][T19178] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  349.643603][T19178] vhci_hcd vhci_hcd.0: Device attached
[  349.691186][T19182] vhci_hcd: connection closed
[  349.691474][   T12] vhci_hcd vhci_hcd.0: stop threads
[  349.701632][   T12] vhci_hcd vhci_hcd.0: release socket
[  349.707126][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  349.734205][T19185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.768185][T19185] ext4 filesystem being mounted at /357/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  349.789625][T19158] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  349.796698][T19185] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  349.813170][T19158] Symlink component flag not implemented
[  349.818970][T19158] Symlink component flag not implemented
[  349.824797][T19158] Symlink component flag not implemented (7)
[  349.830992][T19158] Symlink component flag not implemented (116)
[  349.843991][T13459] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.865260][T19194] netlink: 9 bytes leftover after parsing attributes in process `syz.1.4990'.
[  349.932870][T19196] EXT4-fs: dax option not supported
[  349.999815][T19200] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=19200 comm=syz.4.4997
[  350.019411][T19200] vfat filesystem being mounted at /385/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  350.073643][T19200] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=19200 comm=syz.4.4997
[  350.087268][T19211] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  350.111139][T19211] EXT4-fs: error: could not find journal device path
[  350.120802][T19210] FAULT_INJECTION: forcing a failure.
[  350.120802][T19210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  350.134025][T19210] CPU: 0 UID: 0 PID: 19210 Comm: syz.2.5001 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  350.134127][T19210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  350.134140][T19210] Call Trace:
[  350.134148][T19210]  <TASK>
[  350.134157][T19210]  __dump_stack+0x1d/0x30
[  350.134185][T19210]  dump_stack_lvl+0x95/0xd0
[  350.134208][T19210]  dump_stack+0x15/0x1b
[  350.134270][T19210]  should_fail_ex+0x265/0x280
[  350.134295][T19210]  should_fail+0xb/0x20
[  350.134318][T19210]  should_fail_usercopy+0x1a/0x20
[  350.134345][T19210]  _copy_from_iter+0xcf/0xe70
[  350.134423][T19210]  ? lockref_put_return+0xf7/0x130
[  350.134450][T19210]  ? __rcu_read_unlock+0x4f/0x70
[  350.134524][T19210]  tun_get_user+0x3d0/0x2670
[  350.134553][T19210]  ? _parse_integer_limit+0x170/0x190
[  350.134580][T19210]  ? ref_tracker_alloc+0x1f2/0x2f0
[  350.134609][T19210]  ? selinux_file_permission+0x1e2/0x320
[  350.134709][T19210]  tun_chr_write_iter+0x15e/0x210
[  350.134737][T19210]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  350.134762][T19210]  vfs_write+0x52a/0x960
[  350.134788][T19210]  ksys_write+0xda/0x1a0
[  350.134892][T19210]  __x64_sys_write+0x40/0x50
[  350.134915][T19210]  x64_sys_call+0x2847/0x3000
[  350.134941][T19210]  do_syscall_64+0xca/0x2b0
[  350.135001][T19210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.135023][T19210] RIP: 0033:0x7f43830ef749
[  350.135041][T19210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.135139][T19210] RSP: 002b:00007f4381b4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  350.135222][T19210] RAX: ffffffffffffffda RBX: 00007f4383345fa0 RCX: 00007f43830ef749
[  350.135249][T19210] RDX: 000000000000007a RSI: 0000200000001400 RDI: 0000000000000003
[  350.135265][T19210] RBP: 00007f4381b4f090 R08: 0000000000000000 R09: 0000000000000000
[  350.135319][T19210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.135332][T19210] R13: 00007f4383346038 R14: 00007f4383345fa0 R15: 00007fff23d2b448
[  350.135351][T19210]  </TASK>
[  350.378318][T19216] capability: warning: `syz.4.5002' uses deprecated v2 capabilities in a way that may be insecure
[  350.398620][T19216] vfat filesystem being mounted at /386/file1 supports timestamps until 2107-12-31 (0x10391447e)
[  350.412629][T19213] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  350.423211][T19213] EXT4-fs (loop1): orphan cleanup on readonly fs
[  350.439805][T19213] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.5000: corrupted inode contents
[  350.452383][T19213] EXT4-fs (loop1): Remounting filesystem read-only
[  350.459460][T19213] EXT4-fs (loop1): 1 truncate cleaned up
[  350.465680][ T1913] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  350.476682][ T1913] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  350.496245][ T1913] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  350.507154][T19213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  350.522941][T19213] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.526601][T19219] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  350.554470][T19223] msdos filesystem being mounted at /387/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  350.567476][T19228] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5006'.
[  350.574768][T19219] ext4 filesystem being mounted at /504/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  350.582884][T19223] syz.4.5005: attempt to access beyond end of device
[  350.582884][T19223] loop4: rw=2049, sector=154, nr_sectors = 6 limit=128
[  350.610284][T19219] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  350.638743][T19223] syz.4.5005: attempt to access beyond end of device
[  350.638743][T19223] loop4: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  350.653193][T19223] Buffer I/O error on dev loop4, logical block 79, lost async page write
[  350.665819][T19232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5008'.
[  350.674501][T19223] syz.4.5005: attempt to access beyond end of device
[  350.674501][T19223] loop4: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  350.688560][T19223] Buffer I/O error on dev loop4, logical block 80, lost async page write
[  350.694082][T19234] EXT4-fs: dax option not supported
[  350.731149][T11880] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.755950][T19223] syz.4.5005: attempt to access beyond end of device
[  350.755950][T19223] loop4: rw=8388608, sector=154, nr_sectors = 2 limit=128
[  350.796158][T19237] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  350.822542][T19237] ext4 filesystem being mounted at /247/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  350.861568][T19237] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.5010: iget: bad i_size value: 2533274857506816
[  350.875726][T19237] EXT4-fs error (device loop5): ext4_lookup:1785: inode #12: comm syz.5.5010: iget: bad i_size value: 2533274857506816
[  350.920459][T19248] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5013'.
[  350.933824][T19252] set_capacity_and_notify: 26 callbacks suppressed
[  350.933844][T19252] loop1: detected capacity change from 0 to 128
[  350.941344][T19248] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5013'.
[  350.950510][T19252] vfat filesystem being mounted at /419/file1 supports timestamps until 2107-12-31 (0x10391447e)
[  350.957193][T19255] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19255 comm=syz.0.5014
[  350.980300][T19254] netlink: 9 bytes leftover after parsing attributes in process `syz.4.5018'.
[  350.980862][T14489] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.056230][T19258] FAULT_INJECTION: forcing a failure.
[  351.056230][T19258] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.069524][T19258] CPU: 1 UID: 0 PID: 19258 Comm: syz.1.5019 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  351.069602][T19258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  351.069614][T19258] Call Trace:
[  351.069622][T19258]  <TASK>
[  351.069631][T19258]  __dump_stack+0x1d/0x30
[  351.069660][T19258]  dump_stack_lvl+0x95/0xd0
[  351.069686][T19258]  dump_stack+0x15/0x1b
[  351.069708][T19258]  should_fail_ex+0x265/0x280
[  351.069734][T19258]  should_fail+0xb/0x20
[  351.069757][T19258]  should_fail_usercopy+0x1a/0x20
[  351.069780][T19258]  _copy_to_user+0x20/0xa0
[  351.069875][T19258]  simple_read_from_buffer+0xb5/0x130
[  351.069897][T19258]  proc_fail_nth_read+0x10e/0x150
[  351.069922][T19258]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.070015][T19258]  vfs_read+0x1a8/0x770
[  351.070040][T19258]  ? __rcu_read_unlock+0x4f/0x70
[  351.070062][T19258]  ? __fget_files+0x184/0x1c0
[  351.070082][T19258]  ? mutex_lock+0x58/0x90
[  351.070204][T19258]  ksys_read+0xda/0x1a0
[  351.070224][T19258]  __x64_sys_read+0x40/0x50
[  351.070245][T19258]  x64_sys_call+0x2889/0x3000
[  351.070271][T19258]  do_syscall_64+0xca/0x2b0
[  351.070341][T19258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.070363][T19258] RIP: 0033:0x7f41ff53e15c
[  351.070381][T19258] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  351.070463][T19258] RSP: 002b:00007f41fdfa7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  351.070488][T19258] RAX: ffffffffffffffda RBX: 00007f41ff795fa0 RCX: 00007f41ff53e15c
[  351.070502][T19258] RDX: 000000000000000f RSI: 00007f41fdfa70a0 RDI: 0000000000000006
[  351.070515][T19258] RBP: 00007f41fdfa7090 R08: 0000000000000000 R09: 0000000000000000
[  351.070528][T19258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.070542][T19258] R13: 00007f41ff796038 R14: 00007f41ff795fa0 R15: 00007ffe7e857f28
[  351.070620][T19258]  </TASK>
[  351.268783][T19259] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5017'.
[  351.301796][T19262] loop4: detected capacity change from 0 to 512
[  351.327599][T19262] EXT4-fs: dax option not supported
[  351.426957][   T29] kauditd_printk_skb: 278 callbacks suppressed
[  351.426975][   T29] audit: type=1326 audit(3536702323.688:37443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  351.433331][T19246] ==================================================================
[  351.457155][   T29] audit: type=1326 audit(3536702323.688:37444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  351.465315][T19246] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[  351.465361][T19246] 
[  351.489551][   T29] audit: type=1326 audit(3536702323.688:37445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  351.499286][T19246] read-write to 0xffffffff86809a00 of 8 bytes by interrupt on cpu 1:
[  351.499311][T19246]  tick_do_update_jiffies64+0x113/0x1c0
[  351.501638][   T29] audit: type=1326 audit(3536702323.688:37446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  351.525627][T19246]  tick_nohz_handler+0x8d/0x3d0
[  351.525666][T19246]  __hrtimer_run_queues+0x20f/0x5a0
[  351.525691][T19246]  hrtimer_interrupt+0x21a/0x460
[  351.525714][T19246]  __sysvec_apic_timer_interrupt+0x5f/0x1d0
[  351.525740][T19246]  sysvec_apic_timer_interrupt+0x6f/0x80
[  351.525766][T19246]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  351.525786][T19246]  console_flush_all+0x541/0x6c0
[  351.525803][T19246]  console_unlock+0x97/0x270
[  351.605588][T19246]  vprintk_emit+0x39f/0x5c0
[  351.610112][T19246]  vprintk_default+0x26/0x30
[  351.614743][T19246]  vprintk+0x1d/0x30
[  351.618731][T19246]  _printk+0x79/0xa0
[  351.622807][T19246]  kauditd_hold_skb+0x1b1/0x1c0
[  351.627767][T19246]  kauditd_send_queue+0x273/0x2c0
[  351.632801][T19246]  kauditd_thread+0x442/0x680
[  351.637485][T19246]  kthread+0x489/0x510
[  351.641660][T19246]  ret_from_fork+0x149/0x290
[  351.646355][T19246]  ret_from_fork_asm+0x1a/0x30
[  351.651303][T19246] 
[  351.653633][T19246] read to 0xffffffff86809a00 of 8 bytes by task 19246 on cpu 0:
[  351.661277][T19246]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[  351.667621][T19246]  count_shadow_nodes+0x6a/0x230
[  351.672830][T19246]  do_shrink_slab+0x63/0x680
[  351.677512][T19246]  shrink_slab+0x4f5/0x840
[  351.681942][T19246]  shrink_node+0x6a9/0x2010
[  351.686458][T19246]  do_try_to_free_pages+0x3f6/0xcd0
[  351.691669][T19246]  try_to_free_mem_cgroup_pages+0x1ab/0x410
[  351.697668][T19246]  try_charge_memcg+0x383/0xa10
[  351.702539][T19246]  obj_cgroup_charge_pages+0xa6/0x150
[  351.707928][T19246]  __memcg_kmem_charge_page+0x9f/0x170
[  351.713490][T19246]  __alloc_frozen_pages_noprof+0x18f/0x360
[  351.719445][T19246]  alloc_pages_mpol+0xb3/0x260
[  351.724224][T19246]  alloc_pages_noprof+0x90/0x130
[  351.729269][T19246]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  351.735280][T19246]  __kvmalloc_node_noprof+0x492/0x6b0
[  351.740761][T19246]  ip_set_alloc+0x24/0x30
[  351.745366][T19246]  hash_netiface_create+0x282/0x740
[  351.750666][T19246]  ip_set_create+0x3cc/0x970
[  351.755263][T19246]  nfnetlink_rcv_msg+0x4c6/0x590
[  351.760213][T19246]  netlink_rcv_skb+0x123/0x220
[  351.765106][T19246]  nfnetlink_rcv+0x167/0x16c0
[  351.769816][T19246]  netlink_unicast+0x5c0/0x690
[  351.774605][T19246]  netlink_sendmsg+0x58b/0x6b0
[  351.779397][T19246]  __sock_sendmsg+0x145/0x180
[  351.784107][T19246]  ____sys_sendmsg+0x31e/0x4a0
[  351.788901][T19246]  ___sys_sendmsg+0x17b/0x1d0
[  351.793591][T19246]  __x64_sys_sendmsg+0xd4/0x160
[  351.798547][T19246]  x64_sys_call+0x17ba/0x3000
[  351.803246][T19246]  do_syscall_64+0xca/0x2b0
[  351.807862][T19246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.813769][T19246] 
[  351.816191][T19246] value changed: 0x0000000100001445 -> 0x0000000100001446
[  351.823401][T19246] 
[  351.825814][T19246] Reported by Kernel Concurrency Sanitizer on:
[  351.832054][T19246] CPU: 0 UID: 0 PID: 19246 Comm: syz.0.5014 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  351.842242][T19246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  351.852307][T19246] ==================================================================
[  351.867386][   T29] audit: type=1326 audit(3536702323.804:37447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30ad0cf749 code=0x7ffc0000
[  351.891753][   T29] audit: type=1326 audit(3536702323.804:37448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f30ad0cf783 code=0x7ffc0000
[  351.915569][   T29] audit: type=1326 audit(3536702323.804:37449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f30ad0cf807 code=0x7ffc0000
[  351.937091][T19246] syz.0.5014 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  351.939501][   T29] audit: type=1326 audit(3536702323.804:37450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f30ad086bdd code=0x7ffc0000
[  351.939536][   T29] audit: type=1326 audit(3536702323.804:37451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f30ad103e89 code=0x7ffc0000
[  351.939575][   T29] audit: type=1326 audit(3536702323.804:37452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19263 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f30ad086c47 code=0x7ffc0000
[  351.953681][T19246] CPU: 0 UID: 0 PID: 19246 Comm: syz.0.5014 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  351.953711][T19246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  351.953724][T19246] Call Trace:
[  351.953732][T19246]  <TASK>
[  351.953742][T19246]  __dump_stack+0x1d/0x30
[  351.953834][T19246]  dump_stack_lvl+0x95/0xd0
[  351.953856][T19246]  dump_stack+0x15/0x1b
[  351.953911][T19246]  dump_header+0x81/0x240
[  351.953933][T19246]  oom_kill_process+0x295/0x350
[  351.953957][T19246]  out_of_memory+0x97b/0xb80
[  351.953981][T19246]  try_charge_memcg+0x610/0xa10
[  351.954077][T19246]  obj_cgroup_charge_pages+0xa6/0x150
[  351.954107][T19246]  __memcg_kmem_charge_page+0x9f/0x170
[  351.954136][T19246]  __alloc_frozen_pages_noprof+0x18f/0x360
[  351.954266][T19246]  alloc_pages_mpol+0xb3/0x260
[  351.954297][T19246]  alloc_pages_noprof+0x90/0x130
[  351.954383][T19246]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  351.954420][T19246]  __kvmalloc_node_noprof+0x492/0x6b0
[  351.954446][T19246]  ? ip_set_alloc+0x24/0x30
[  351.954523][T19246]  ? ip_set_alloc+0x24/0x30
[  351.954553][T19246]  ip_set_alloc+0x24/0x30
[  351.954651][T19246]  hash_netiface_create+0x282/0x740
[  351.954684][T19246]  ? __pfx_hash_netiface_create+0x10/0x10
[  351.954726][T19246]  ip_set_create+0x3cc/0x970
[  351.954772][T19246]  ? __nla_parse+0x40/0x60
[  351.954862][T19246]  nfnetlink_rcv_msg+0x4c6/0x590
[  351.954889][T19246]  ? __list_del_entry_valid_or_report+0x65/0x130
[  351.954999][T19246]  netlink_rcv_skb+0x123/0x220
[  351.955031][T19246]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  351.955063][T19246]  nfnetlink_rcv+0x167/0x16c0
[  351.955162][T19246]  ? kmem_cache_free+0xe3/0x3a0
[  351.955188][T19246]  ? __kfree_skb+0x109/0x150
[  351.955277][T19246]  ? nlmon_xmit+0x4f/0x60
[  351.955297][T19246]  ? consume_skb+0x49/0x150
[  351.955375][T19246]  ? nlmon_xmit+0x4f/0x60
[  351.955396][T19246]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  351.955427][T19246]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  351.955515][T19246]  ? __dev_queue_xmit+0x148/0x1ee0
[  351.955544][T19246]  ? ref_tracker_free+0x37d/0x3e0
[  351.955572][T19246]  ? __netlink_deliver_tap+0x4dc/0x500
[  351.955624][T19246]  netlink_unicast+0x5c0/0x690
[  351.955726][T19246]  netlink_sendmsg+0x58b/0x6b0
[  351.955759][T19246]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.955791][T19246]  __sock_sendmsg+0x145/0x180
[  351.955812][T19246]  ____sys_sendmsg+0x31e/0x4a0
[  351.955894][T19246]  ___sys_sendmsg+0x17b/0x1d0
[  351.955934][T19246]  __x64_sys_sendmsg+0xd4/0x160
[  351.956018][T19246]  x64_sys_call+0x17ba/0x3000
[  351.956043][T19246]  do_syscall_64+0xca/0x2b0
[  351.956131][T19246]  ? arch_exit_work+0x49/0x70
[  351.956158][T19246]  ? arch_exit_to_user_mode_prepare+0xb4/0xd0
[  351.956251][T19246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.956281][T19246] RIP: 0033:0x7f3f85bdf749
[  351.956299][T19246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.956318][T19246] RSP: 002b:00007f3f84647038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.956341][T19246] RAX: ffffffffffffffda RBX: 00007f3f85e35fa0 RCX: 00007f3f85bdf749
[  351.956355][T19246] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 000000000000000c
[  351.956446][T19246] RBP: 00007f3f85c63f91 R08: 0000000000000000 R09: 0000000000000000
[  351.956460][T19246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  351.956474][T19246] R13: 00007f3f85e36038 R14: 00007f3f85e35fa0 R15: 00007ffdc223e7d8
[  351.956494][T19246]  </TASK>
[  351.956518][T19246] memory: usage 307200kB, limit 307200kB, failcnt 7107
[  352.084241][T19269] loop5: detected capacity change from 0 to 512
[  352.089267][T19246] memory+swap: usage 307692kB, limit 9007199254740988kB, failcnt 0
[  352.089295][T19246] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0
[  352.089309][T19246] Memory cgroup stats for /syz0:
[  352.093501][T19246] cache 0
[  352.131880][T19269] EXT4-fs: Ignoring removed bh option
[  352.135566][T19246] rss 4096
[  352.135578][T19246] shmem 0
[  352.358925][T19269] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  352.366025][T19246] mapped_file 413696
[  352.366040][T19246] dirty 0
[  352.366050][T19246] writeback 8192
[  352.366058][T19246] workingset_refault_anon 753
[  352.366068][T19246] workingset_refault_file 8658
[  352.369525][T19269] ext4 filesystem being mounted at /249/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  352.376172][T19246] swap 503808
[  352.463778][T19246] swapcached 24576
[  352.467574][T19246] pgpgin 355419
[  352.471062][T19246] pgpgout 355412
[  352.474623][T19246] pgfault 393845
[  352.478225][T19246] pgmajfault 488
[  352.481797][T19246] inactive_anon 12288
[  352.485781][T19246] active_anon 4096
[  352.489607][T19246] inactive_file 0
[  352.493337][T19246] active_file 0
[  352.496809][T19246] unevictable 0
[  352.500294][T19246] hierarchical_memory_limit 314572800
[  352.505754][T19246] hierarchical_memsw_limit 9223372036854771712
[  352.512258][T19246] total_cache 0
[  352.515809][T19246] total_rss 4096
[  352.519471][T19246] total_shmem 0
[  352.523025][T19246] total_mapped_file 413696
[  352.527531][T19246] total_dirty 0
[  352.531220][T19246] total_writeback 8192
[  352.535305][T19246] total_workingset_refault_anon 753
[  352.540542][T19246] total_workingset_refault_file 8658
[  352.545928][T19246] total_swap 503808
[  352.549788][T19246] total_swapcached 24576
[  352.554040][T19246] total_pgpgin 355419
[  352.558128][T19246] total_pgpgout 355412
[  352.562220][T19246] total_pgfault 393845
[  352.566353][T19246] total_pgmajfault 488
[  352.570625][T19246] total_inactive_anon 12288
[  352.575214][T19246] total_active_anon 4096
[  352.579583][T19246] total_inactive_file 0
[  352.583944][T19246] total_active_file 0
[  352.588001][T19246] total_unevictable 0
[  352.592083][T19246] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.5014,pid=19245,uid=0
[  352.606979][T19246] Memory cgroup out of memory: Killed process 19245 (syz.0.5014) total-vm:94372kB, anon-rss:1248kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  352.625223][T14489] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.898787][ T3412] usb 9-3: enqueue for inactive port 2
[  352.904301][ T3412] usb 9-3: enqueue for inactive port 2
[  352.976665][ T3412] vhci_hcd vhci_hcd.4: vhci_device speed not set