last executing test programs:

2m44.095785701s ago: executing program 1 (id=378):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r2], 0x50}}, 0x2)

2m44.095188452s ago: executing program 3 (id=379):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001880)=@newtaction={0x8c, 0x30, 0xffff, 0x0, 0x25dfdbff, {}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x1b, 0x1, {0x1000, 0x10000003, 0xfffffffa, 0x0, 0x4000000, {}, {0x0, 0x0, 0xfffc, 0x0, 0x0, 0x8}, 0x8, 0x0, 0xfffffff8}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x2}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

2m44.044731205s ago: executing program 3 (id=380):
r0 = socket$inet6(0xa, 0x3, 0xff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x25}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x540000})
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e26, 0x1001ffe, @private0}, 0x1c)
write(r0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

2m44.044087176s ago: executing program 3 (id=381):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x8001}, 0x18)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r1, &(0x7f0000000500)="0730e89b", &(0x7f0000000480)=@tcp=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50)

2m44.035539116s ago: executing program 1 (id=383):
unshare(0x2040400)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

2m44.020432237s ago: executing program 3 (id=384):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000280)={[{@i_version}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x2000007, 0x12, 0xffffffffffffffff, 0x0)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)

2m43.964168432s ago: executing program 1 (id=385):
r0 = socket$inet6(0xa, 0x3, 0x5)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
getsockname$packet(r0, 0x0, &(0x7f00000001c0))

2m43.871866269s ago: executing program 1 (id=387):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000022c0), 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==")
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40000, 0x0)

2m43.73592852s ago: executing program 1 (id=389):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_io_uring_setup(0x151d, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendfile(r3, r2, 0x0, 0x17)

2m43.584134862s ago: executing program 3 (id=392):
r0 = socket$inet6(0xa, 0x3, 0xff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00'})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e26, 0x1001ffe, @private0}, 0x1c)
write(r0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

2m43.155905796s ago: executing program 3 (id=396):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2897f334}]}]}], {0x14, 0x10}}, 0x8c}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

2m43.128330759s ago: executing program 32 (id=396):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2897f334}]}]}], {0x14, 0x10}}, 0x8c}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

2m42.98774532s ago: executing program 1 (id=398):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r0, r2, 0x25, 0x4, @val=@tracing={0x0, 0x20000000}}, 0x1c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000008000000000000006e14000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', r2}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000140)={r3, r4}, 0x5)

2m42.954484262s ago: executing program 33 (id=398):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r0, r2, 0x25, 0x4, @val=@tracing={0x0, 0x20000000}}, 0x1c)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000008000000000000006e14000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', r2}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000140)={r3, r4}, 0x5)

2m28.024104363s ago: executing program 4 (id=573):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000003, &(0x7f0000000280)={[{@discard}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@noauto_da_alloc}]}, 0x1, 0x4f3, &(0x7f0000000bc0)="$eJzs3d9rXFkdAPDvvcnspt2sk0WRteDuYivp6nYm2bi7QaRWEH0qWOt7jMkkhEwyITOpzVA0xVdBEFHBJ598EfwDBOmfIEJB30WLItrqgw/aKzNzp03TmSQlP8adfD5wes+55977PWeauT/mHu4N4Mx6KyKuRcRIRLwdEcV8fpqnuVZhp7Pco4d3FlopiSy7+fckknxed1ut8mhEvNJZJcYi4utfjfhW8nzc+nZzdb5arWzm5XJjbaNc325eWVmbX64sV9ZnZqbfn/1g9r3ZqSx3pH5eiIirX37w4x/84itXf/POt/8499fL32k16wsf77Q7IhaOFKCPzrY/887u5rc+o82TCDYAI3l/CnsrbgymPQAA7K91jn8xIj7VPv8vxkj7bA4AAAAYJtkXx+M/SUQGAAAADK00IsYjSUv5WIDxSNNSqTOG92NxPq3W6o3PLtW21hdbdRETUUiXVqqVqXys8EQUklZ5up1/Wn53T3kmIl6LiB8Vz7XLpYVadXHQP34AAADAGfHKm89e//+rmLbzAAAAwJCZ6FsAAAAAhoVLfgAAABh+rv8BAABgqH3t+vVWyrrv8V68tb21Wrt1ZbFSXy2tbS2UFmqbG6XlWm25/cy+tT6b+X43U63VNj4X61u3y41KvVGubzfn1mpb6425lfbrwAEAAIABeO3Ne39IImLn8+faKfLnAAI848+DbgBwnEYG3QBgYEYH3QBgYAoHLjH6AssCH0bJAfV9B+/89vjbAgAAnIzJTzx///+lvM71Pgw3Y30A4Oxx/x/OroIRgHDmXepMXu5Xf/T7/1n2wo0CAACO1Xg7JWkpvxc4HmlaKkW82n4tQCFZWqlWpiLiIxHx+2Lh5VZ5ur1mcuCYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAIChFpH+JWk/zT9isnhpfO/vAy8l/y7Gg7zws5s/uT3faGxOt+b/o9iuj4jGT/P572ZeCQAAAAD/BzrX6fl0etCtAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDYPHp4Z6GbTjPu374UERO94o/GWHs6FoWIOP/PJEZ3rZdExMgxxN+5GxGv746fPYnwOMuyibwVveKfO5H43f4nrY8l9sQf666XHkNsOOvutfY/13p9/9J4qz3t/f0fzdNR9d//pU/2fyN99j+vHjLGhfu/KveNfzfiwmjv/U83ftIn/sVDxv/mN5rNfnXZzyMmex5/kmdilRtrG+X6dvPKytr8cmW5sj4zM/3+7Aez781OlZdWqpX8354xfvjJXz/er//n+8SfOKD/lw7Z///ev/3wo51soVf8yxd7H39f7xM/zY99n87zrfrJbn6nk9/tjV/+7o39+r/Yp/8H/f9fPmT/377xvT8dclEA4BTUt5ur89VqZXOfzNghlpGROUom+27n7/Fo24nNkWNtWDboj6W+3eyedZ929EHulQAAgJPw9KR/0C0BAAAAAAAAAAAAAAAAAACAs+s0Hie2N+bOYLoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCv/wUAAP//WIjdwA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
utimensat(r0, 0x0, 0x0, 0x0)

2m27.950241498s ago: executing program 4 (id=575):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_script(r1, 0x0, 0xb)
write$binfmt_misc(r2, &(0x7f0000000980), 0xfdef)
splice(r0, 0x0, r2, 0x0, 0x80, 0x4)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2m27.848159486s ago: executing program 4 (id=577):
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x840)

2m27.847694396s ago: executing program 4 (id=578):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54dabaa5206d4a2a060b5ccc774b3ec4c81a1a9852327ff871d16d0d9344e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9aeb8576d329be6e4bb168f1434000000", @ANYRESHEX=0x0], 0xfd, 0x296, &(0x7f0000001080)="$eJzs3M1qE1EUwPFj0o80tU0WIiiIB92oi6GNL2CQFsSAUhtRF8LUTjRkTMrMWImI7c6tz1FcuhPUF+jGnQt30k0XCm66UCOdjzatQ6u2yYTm/4Myp3Pvydz5CmcGctfvvHpcq7hGxfQklVFJiSzLhkh+MwodC5cpPx6SdstycfT7pzO37t67XiyVpmZUp4uzlwuqOn723dPnr8998EZvvxl/Oyyr+fvr3wpfVk+unlr/NRt9esNTU+caDc+csy2dr7o1Q/WmbZmupdW6azk72it2Y2GhqWZ9fiy74Fiuq2a9qTWrqV5DPaep5kOzWlfDMHQsK/0m/c8Z5ZWZGbPYkcEgCSNxKx2naKZjG8sr3RgUAADoLUnV/4+qrlZdre9X/6eE+r9zqP+PkuNrEvsUuFn/Z8P7d8uln10cGQAAAAAAAAAAAAAAAAAAAAAAOIiNVivXarVy0TL6GxaRjIhE/yc9TnTGQc7/cPeHi0PW9sO9jIj9crG8WA6WQXuxIlWxxZKJQZEf/vUQCuLpa6WpCfXl5b29FOYvLZbT/vXh50fy8fmTQb7uzB+UbPv2C5KTE/I5Lr8Qmz8kF8635RuSk48PpCG2zPvX9Xb+i0nVqzdKu/JH/H4AAAAAABwFhm754/ndbzc0mjZkV3uwcvv9gOT2eT+w6/l6QE4PJLffAAAAAAD0E7f5rGbatuUQ7AiuiMiefZI+dCM9cqA6GKQ2z0HXt/41ujV64yAcarD2JNi1v+mc4JcSAAAAgI7YLvqTHgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1rj2nAMmEXf03U/3/mHmvbXLr7ewgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0jt8BAAD//ysQG/U=")
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f00000003c0)='./bus\x00', 0x14927e, 0xbb)
fallocate(r0, 0x11, 0x0, 0x8800000)

2m27.748078524s ago: executing program 4 (id=580):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x7, 0xfe, 0x1, 0xe}]})

2m27.55574273s ago: executing program 4 (id=587):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x20000}, 0x10}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x891)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0))
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x6)

2m27.536319161s ago: executing program 34 (id=587):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x20000}, 0x10}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x891)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0))
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x6)

4.339128134s ago: executing program 6 (id=2605):
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@noblock_validity}, {}, {@dioread_lock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@jqfmt_vfsv1}, {@dax}, {@noacl}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r0, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0x2d, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0xb7, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x1, 0x9, 0x8, 0x4, 0x5, 0x6})
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x8000000)
setitimer(0x0, 0x0, 0x0)
r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r4, r5, 0x3, 0x0)
ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)

4.248131321s ago: executing program 6 (id=2606):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r2, 0x0, r1, 0x0, 0x6, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
dup3(r2, r1, 0x0)

3.552065307s ago: executing program 0 (id=2623):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
uname(0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x1f, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000008f000400000000000b00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000086000000bf090000000000005509010000000000950000000000000018180000", @ANYRES32=r5, @ANYBLOB="000000000000000025000100fcffffffb7080000000000007b9af8ff00000000b7080000fcffff7f7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b702000003000000850000002a000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x1000, &(0x7f0000000cc0)=""/4096, 0x41100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r7}, 0x10)
r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000300)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r8, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r8, 0x47f6, 0x0, 0x0, 0x0, 0x0)

3.38879772s ago: executing program 0 (id=2624):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

3.345860563s ago: executing program 0 (id=2625):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r2, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0, 0x1200)

3.345316153s ago: executing program 0 (id=2626):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TCFLSH(r1, 0x5410, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000040), &(0x7f0000000600)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRES32=r2, @ANYBLOB="00000000000200000295"], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
lsm_get_self_attr(0x64, &(0x7f0000002200)={0x0, 0x0, 0x1020, 0x1000, ""/4096}, &(0x7f0000000080)=0x1020, 0x0)

3.327116485s ago: executing program 5 (id=2627):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="00ffff000500"/18, @ANYRES32=0x0, @ANYRES32], 0x48)
openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0xc044)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0)
statx(r2, &(0x7f00000001c0)='./cgroup/../file0\x00', 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x7, 0x10005, 0x8, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r6, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfffd, 0x13, 0x0, 0x0})
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

3.325857335s ago: executing program 0 (id=2628):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
dup(r2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
connect$inet(0xffffffffffffffff, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)

2.75353236s ago: executing program 2 (id=2632):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x20000}, 0x10}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x891)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000200)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0, @ANYRES16=r5, @ANYBLOB="961f9815b5504f4ca7bdfc101528a080b0e7c0f676989af24d6aa377e6bc68dc543e2be449d500eb55539eb33ae83c74c328fc7d0d1a656fd2a8bc42899002426fa4564f675ff3edb9f94fc34bd393401f32da8ffb07abc4dec4f374cf2643944fa3279a2589b2a2f7166fb73d6515eeaf251f2ef0943ad2b6b25a300dd7d0ae873929c866141b2ce61548bad2523adabf7062608278eea5f493856c6bac202630edb9d555599b68a73f8760ef78563615031baf942d258a20a305e2", @ANYRESOCT, @ANYRESHEX=r6, @ANYRESOCT, @ANYRES64=r1, @ANYRESHEX=r1], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0))
r7 = fsmount(r5, 0x0, 0x0)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)

2.333959584s ago: executing program 0 (id=2634):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r2, 0x0, r1, 0x0, 0x6, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x18)
readahead(0xffffffffffffffff, 0xfffffffffffffff7, 0x9)
fcntl$setstatus(r1, 0x4, 0x7c00)
epoll_create1(0x80000)

2.061094626s ago: executing program 7 (id=2638):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000a40)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000440)=0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
stat(0x0, 0x0)
write(r4, &(0x7f00000009c0)="3bf58d7d45d32c", 0x7)
r5 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, [@exit]}, &(0x7f00000000c0)='GPL\x00', 0xb, 0x65, &(0x7f00000001c0)=""/101, 0x41000, 0x23, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xe, 0x7, 0x80000001}, 0x10, 0x0, r3, 0x6, 0x0, &(0x7f00000002c0)=[{0x2, 0x2, 0x4, 0xa}, {0x3, 0x1, 0x3, 0xa}, {0x4, 0x3, 0x6, 0x8}, {0x1, 0x3, 0x2, 0x4}, {0x0, 0x1, 0x8, 0x7}, {0x5, 0x4, 0xa, 0xc}], 0x10, 0xffff34f0}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000040)={0xa0000004})
sendfile(r4, r3, 0x0, 0x3ffff)
sendfile(r4, r3, 0x0, 0x7fffeffd)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000a00)={0x0, 0xfffffffffffffe7f, &(0x7f00000009c0)={&(0x7f0000000640)={0x2c, r2, 0x1, 0x0, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x141}, 0x0)

1.896689389s ago: executing program 5 (id=2639):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket(0x10, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c094, 0x2, @perf_config_ext={0x9, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000980)={0xa, 0x2, 0x400, @loopback, 0xfffffffd}, 0x71)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000000)=0x1, 0x4)
shutdown(r3, 0x2)
sendto$inet6(r3, &(0x7f0000000740)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000015850000001700000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000008850000000700000095"], &(0x7f00000002c0)='GPL\x00', 0x1e, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000b00)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES8=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6, 0x0, 0x400007}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000c00)=ANY=[@ANYBLOB="58000000100039042abd7000eaffffff000003e4", @ANYRES32=0x0, @ANYBLOB="03000000c31006003800128008000100736974002c00028006000e000010000008000300ac1414bb08000200ac14142d08004b2882f34cac67661400010001003c86610e01ce26e850d7521d3c2128ac0f98f4062bdfe9934af4b4991f73bd67e0692aec0f22827a20dd6625b5927dda67c2fe1f4307502ed5bfa8b40972d0c5a9b383dcb347e3a820bc61851d184770b312fd4f7aba062f5a8ca48d4ad266fab690298b4ffbee076cd827bcae5e1fde7eb67f1df6eede181bad94708b8e3a00821542fa516bd84eef80a08224cf9180084115ccbcfee23997f28e972025d78f3ce7db2b85763d5c1ea151b0f974b5b186a5dd3c52d1e51e746b35198e1f6907c9f25b410876c574148d1d2357286ab8cf47c797b5d146b8437a31e3a309165589ac0829"], 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120800110000000401a8001600050001", 0x37}, {&(0x7f0000000540)="0e5176a165b9dc815ca7d4c1a144dfd792335270df51c0356dbfadb633f46e07d078557969e7492dbee89248f923a23a3181c78a458079a26bd30f0734289b88506cfc7637761308225f0d51e508fb2cb0d51c9fc3f67ea10de974e1e10b31134a713cd18b63eb66bf9aee60f8903575ba4f30c1e983a2845a0955e052", 0x7d}], 0x2}, 0x200000e4)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a11800150006001400000000120800030043000040a8002b", 0x33}], 0x1}, 0xc001)
write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0xfe33)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000180)='./file0\x00', 0x0, 0x4008, r7}, 0x18)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.671050157s ago: executing program 5 (id=2640):
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
syz_open_dev$evdev(0x0, 0x3, 0x210080)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
r4 = dup(r3)
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000000080)={0x23, 0x3, 0x17, 0x2000, 0x0, 0x0, 0x0})
renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x4)

1.579357144s ago: executing program 5 (id=2641):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000380)=ANY=[], 0x0, 0x27, 0x0, 0x1, 0x2}, 0x28)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
syz_open_dev$loop(0x0, 0x7, 0x180862)
r6 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
syz_open_dev$sg(&(0x7f0000000340), 0x8, 0x24102)
mount_setattr(r6, 0x0, 0x0, &(0x7f0000001dc0)={0x0, 0x0, 0x80000}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300), 0x20100, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.494824691s ago: executing program 2 (id=2642):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x64)
setsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f0000000000)=0x1, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(0x0, r2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
syz_mount_image$msdos(&(0x7f0000000380), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000000800)=ANY=[@ANYBLOB='dots,fmask=00000000000000001000400,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uid=', @ANYRESHEX=0xee00, @ANYRESDEC=r4], 0x1, 0x1f5, &(0x7f0000000600)="$eJzs3cFqE1EUANCbmCYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadmKYxBDKj7Tmb3pn7Xt+7M2SSTW5SFL7f/RpZ1or2fuzHpBW70Y6ZswAArpNJSvEjFZreCwBQjzXe/3/WvCUAYMvevnv/+vlgcHCY51nE+dl4OB4Wf4v8y1eDgyf5b7vVrPPxeHjrIv80X/zsMM3vxO0y/6yYn1+kuxEx7Mbjh0V+mnvxZpD/Ob8XH7dcOwAAAAAAAAAAAAAAAAAAAAAANOV+5DNL+/vs7S3m+2W+OJrrD7TQv6cT9zrlYdUeKJ3WURQAAAAAAAAAAAAAAAAAAAD8Z45Pvnz+MBp9OqqCXkTMn+ksGXN10Cr/8VqDmw/asdn0flnmBou2yku03QL7y2/uOkF0/pW7s2mQ17BWf+XlTWkaLH8VzNpiXDm9GxGrV390uOnmJyml0bcHR8cnkVYOrp4RvVqfSAAAAAAAAAAAAAAAAAAAcHPNfev7kqyJDQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAA6rf/58Gl8+sDE4j4k78dfBsrZ3IGq0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6+tXAAAA//85ziI4")
r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)=0x14, 0x100000)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000300)={0x8, &(0x7f0000000280)=[{0x1, 0x83, 0x9, 0xfffffff3}, {0x4, 0x94, 0x2, 0x8}, {0x8000, 0x7, 0x8, 0x8}, {0x7, 0xf, 0x53, 0x2}, {0x1a, 0x14, 0x8, 0x10}, {0xb, 0xfb, 0x0, 0xd}, {0xa, 0x9, 0x1, 0xd0}, {0x2, 0x5, 0x1}]}, 0x10)
utime(&(0x7f0000000080)='./file0\x00', 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)={0x28, r3, 0xc4fc9e906872338b, 0x20, 0x2000000, {{0x15}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc}}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf2a2700000008000300", @ANYRES32=0x0, @ANYBLOB="0e0034006185d0574cdd43fc782d00000600360008000000060036000200000004005f000a00060008021100000000000a0034000101010101010000"], 0x58}, 0x1, 0x0, 0x0, 0x4044085}, 0x40)
r6 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
mount$9p_fd(0x0, &(0x7f00000015c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000017c0)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r7}}], [{@permit_directio}, {@smackfshat={'smackfshat', 0x3d, '@[]['}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'orlov'}}, {@smackfshat={'smackfshat', 0x3d, 'nomblk_io_submit'}}], 0x6b}})
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x8}, 0x1c)
r9 = fcntl$dupfd(r8, 0x0, r8)
stat(&(0x7f0000000cc0)='./file0\x00', &(0x7f0000001c80)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
getegid()
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r11=>0x0}, 0x100)
newfstatat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0}, 0x800)
setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f0000000500)=@broute={'broute\x00', 0x20, 0x6, 0xa2c, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000002a80], 0x0, &(0x7f0000000180), &(0x7f0000002a80)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff02000000110000000100000068706e6963766630000000000000000000006272696467655f736c6176655f31000064766d7270310000000000000000000067656e65766530000000000000000000ffffffffffffffffffffff00aaaaaaaaaaaa00ffff00ff00e60100002e0200007602000068656c706572000000000000000000000000000000000000000000000000000028000000000000000100000073797a300000000000000000000000000000000000000000000000000000000000000000636f6d6d656e740000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000ac7274d3678f2607929519de57d8737e4512bd253c81134356df67ef732300004552524f520000000000000000000000000000000000000000000000000000002000000000000000e5d658ca7403b6a57b79e55bf6e4321c4a481ed19319fee1f938f7549f5a0000110000001400000080f376657468315f766972745f776966690076657468305f766972745f776966690076657468315f766972745f776966690076657468315f746f5f62617461647600aaaaaaaa746c3280ffffffff0180c2000003ffff0000ff00ae0000002e0100005e0100006f776e65720000000000000000000000000000000000000000000000000000001800000000000000", @ANYRES32=r10, @ANYRES32=r11, @ANYRES32, @ANYRES32=r12, @ANYBLOB="06010000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a3100000000000000000000000000000000000000000000000104000000ffffff7f00000000434c41535349465900000000000000000000000000000000000000000000000008000000000000005f0000000000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff020000000500000002000000000376657468305f746f5f687372000000006970766c616e3000000000000000000064766d72703000000000000000000000766c616e310000000000000000000000aaaaaaaaaabb00000000000068f57b0d4a2effffffff00ff0601000006010000360100006970000000000000000000000000000000000000000000000000000000000000200000000000000000000000e0000002ffffff0000fffffe090600324e204e204e214e240000000069707673000000000000000000000000000000000000000000000000000000002800000000000000fc0100000000000000000000000000000000000000000000ff000000ff0000004e225e004e24041d415544495400000000000000000000000000000000000000000000000000000008000000000000000100000000000000090000004400000000056e696376663000000000000000000000626f6e64300000000000000000000000627269646765300000000000000000007465616d300000000000000000000000aaaaaaaaaabbffffff000000aaaaaaaaaa1500ffff00ff00ae000000fe000000760100006d61726b5f6d000000000000000000000000000000000000000000000000000018000000000000008b060000000000005a0000000000000000000000000000006c6f67000000000000000000000000000000000000000000000000000000000028000000000000000d6dce1e0aa0775b817cda288d64d094aa5b92caaba647923efa3fce1944ad0002000000000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000060000000700000800000000b530b36aafea252d98d42eac7e1133e7b94cc889eae1980490a3568c29500b855f0e4a453c3589ae80d55d6a9c92790eb3bb443804df80f7123d2b4c69b4f7d50000000000000000000000000000000000000000000000000000000000000000000000000000000004000000fcffffff020000001100000065000000000676657468305f6d6163767461700000006e657464657673696d3000000000000076657468315f746f5f626f6e6400000076657468315f746f5f7465616d000000aaaaaaaaaabbffea00ff00ff00000000000000ffff00fffffe0000005e010000d60100006d61726b5f6d0000000000000000000000000000000000000000000000000000180000000000000009000000000000000500000000000000000000000000000068656c706572000000000000000000000000000000000000000000000000000028000000000000000100000073797a3100000000000000000000000000000000000000000000000000000000000000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000004e465155455545000000000000000000000000000000000000000000000000000800000000000000ff0f0000000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000030000000002080000000000711ac34a79dddbde46375b12964ba0e444d9ed8af0e2cd7b6c25afc579067a614f20ef0706011d3415cbe0a291ecc2be05d04a5564588b4281df593560446104000000000500000043000000487e6970365f76746930000000000000000070696d367265673000000000000000006c6f0000000000000000000000000000766c616e310000000000000000000000ffffffffffffff00ffffffffaaaaaaaaaa3cffffff00ffffb6000000e60000001601000069700000000000000000000000000000000000000000000000000000000000002000000000000000ac14141c64010101000000ff000000ff07ff3d204e224e244e244e2000000000434c4153534946590000000000000000000000000000000000000000000000000800000000000000090000000000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fdffffff00"]}, 0xaa1)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000400)=@nat={'nat\x00', 0x19, 0x4, 0xdd8, [0x200000000640, 0x0, 0x0, 0x2000000008b6, 0x2000000008e6], 0x0, &(0x7f0000000080), &(0x7f0000000640)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff010000001100000032000000900070696d3672656731000000000000000065727370616e3000000000000000000076657468315f746f5f626f6e6400000076657468315f746f5f626f6e64000000aaaaaaaaaaaa00ff00ffffffbbbbbbbbbbbbffffffffff00de0000001601000046020000766c616e0000000000000000000000000000000000000000000000000000000008000000000000000200040088e505026f776e65720000000000000000000000000000000000000000000000000000001800000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="06000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000010000000900000073797374656d5f753a6f626a6563745f723a6c6f67726f746174655f7661725f6c69625f743a733000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff02000000050000000200000002006970365f7674693000000000000000007663616e300000000000000000000000627269646765300000000000000000006970766c616e31000000000000000000aaaaaaaaaa250000ff000000aaaaaaaaaaaa00ffff00ff0056080000be080000f60800007533320000000000000000000000000000000000000000000000000000000000c0070000000000000500000001000000050000000100000002000000000000000500000003000000d90700000000000009000000010000000b0000000100000009000000000000001ff80000030000000a000000020000005f19286300000000060000000500000001000080ff0000000500000000000000050000004aabffff0c00000000000080060000000400000001000000ff0300004000000004000000ff070000bb0400000800000000000000001000000080020004050000800000000300000001000000000000000700000001000000ffff000001000000d60600000100000000000100030000000100000003000000a90300000300000000800000030000000900000002000000060000000300000004000000050000000700000002000000050000000e00000009000000040000000900000009000000050000000900000005000000070000000300000000000000060000000200000005000000e8000000ffffffff0000000009020000470a0000010000000c00000002000000f20c0000030000000c0000000000000062000000000000007300000001000000090000000300000050000000010000000900000001000000040000000100000008000000ee36d109f77b0200000001000000000000000000e01903000000b30e00000000000708000000ffffff7f0001000002000000400000001b420000010000007f00000003000000040000000500000007000000000000007f00000082000000d200000003090000f7ffffff0300000007000000030000004200000003000000ffffff7f020000000300000000000000b2ad0000010000002b3d00000100000003000000000000000900000000000000820d000003000000001000000000000002000000edd0f27b0200000003000000ff010000090000000c00000009000000d0000000810000000400000000000000ffffff7fffffffff01000000ff01000023310000cd69000020001000020000000300000001000000070400000400000000000000ff0f000003000000050000000300000007000000010000000100000000000000020000000000000006000000010000000300000000000000a90000000000000002000000000000000200000000000000080000000600000001000000070000000080000004000000060000000300000050f600000000004000000000faffffff08000000040000000000000008000000080000000900000004000000030000000700000001000100000800000900000000000000306e0000030000000101000003000000d0d100000200000007000000020000000300000001000000050000000300000001080000030000000800000003000000826a0000000000000500000000000000010000000f0000000800000010000000ffff0000ffffff7fff0e0000fe0f0000060000000000000006000000080000000800000000f8ffff2e0000000b000000090000000500000005000000090000008f00000003000000070a000083b1747b0200000081000000000000000ff4ffff000000009cbf000001000000010000000100000000000100030000000200000002000000050000000200000005000000000000004000000000000000ff0f00000200000000020000ffffff7f0f00000073000000545300000300000081000000ff0f000001000080050000000900000005000000020000000700000004000000080000000200000000000000ff070000f1fffffff8ffffff03000000040000004000000001000000010000800000000006000000010000000000000002000000010000000100000002000000010000000200000003000000080000000200000081000000010000002ba40000020000000600000001000000040000000100000000040000bc0900000600000001000000d88f00000300000092e10000100000000300000008000000040000000900000000000000b4ffffffc1030000080000000c000000f9ffffff268700000700000001070000010000000000000002000000000000000a00000001000000ff01000000000000800000000100000009000000030000000200000003000000090000000000000009000000030000000e00000002000000760000000200000007000000060000000300000003000000050000001000000009000000ffffffff09000000040000000c0400000800000000002000f6ffffff02000000ff0100000100000009000000190a000002000000dcf000004d0000000705000048060000000000000700000003000000a1000000010000000100000001000000050000000100000008000000020000000200000002000000c2e8df6101000000ff030000020000000300000001000000e3b52e7d00000000fe00000002000000050000000900000003000000040000000e000000080000000200000002000000020000000700000000000000f124ff000800000005000000f7ffffff06000000060000000900000005000000030000000a040000ff07000002000000000000000300000007000000010000000000000003000000fdffffff0200000008000000010000001a0d0000020000000200000000000000ffffffff0100000006000000030000000100010002000000b68d77770400000001000000010000000000000007000000070000009d0400007db3000005000000080000007000000006000000040000000500000002000000f8ffffff01000000030000000c00000005000000400200000a0000000301000000000000000000000000000000000000000000000000000000000000000000000800000000000000fbffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000fcffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000100000000000000009000000000000000015626174616476300000000000000000006970766c616e300000000000000000006c6f000000000000000000000000000076657468305f766972745f7769666900aaaaaaaaaabbff00000000ff8d05ecdde724ffffff00ff00fe000000fe00000036010000697076730000000000000000000000000000000000000000000000000000000028000000000000006401010100000000000000000000000000000000ffffffffffffffffff0000004e2008024e2221026f776e65720000000000000000000000000000000000000000000000000000001800", @ANYRES32, @ANYRES32, @ANYRES32=r7, @ANYRES32=r12, @ANYBLOB="01040000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000fcffffff010000000900000020000000001864766d727030000000000000000000007465616d5f736c6176655f300000000076657468305f746f5f7465616d0000007465616d5f736c6176655f3000000000aaaaaaaaaa1e0000ff0000ff000000000000ffffff00ff006e0000006e000000a6000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000030000ffffffff00000000"]}, 0xe4c)

1.396951558s ago: executing program 2 (id=2643):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x3000)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0, @ANYRES32, @ANYRES32=r1, @ANYRESDEC, @ANYRESHEX=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xfff2}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
r8 = pidfd_getfd(r7, r7, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$rxrpc(0x21, 0x2, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r9, 0x0, 0x5}, 0x18)
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0xa0006a21)
setns(r8, 0x66020000)
syz_clone(0x50a60080, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000656000/0x3000)=nil, 0x3000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="1400000076031f03000000000000000004002c80b8c257b87e54f5b6938e54c5ed9f896ebf7ac75ca25d6584f3ffb74bbc10fa2d33f56277ffac4072f69a381f"], 0x14}], 0x1}, 0x0)

1.24849241s ago: executing program 5 (id=2644):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018010000202073a60000000000202014061af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b38510007e0100"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000580)={'ip_vti0\x00', <r0=>0x0, 0x8000, 0x40, 0x9, 0x80000000, {{0x1b, 0x4, 0x0, 0x9, 0x6c, 0x67, 0x0, 0x41, 0x2f, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x44}, {[@cipso={0x86, 0x6, 0x1}, @rr={0x7, 0x1f, 0xc8, [@dev={0xac, 0x14, 0x14, 0xf}, @local, @empty, @dev={0xac, 0x14, 0x14, 0x2b}, @broadcast, @dev={0xac, 0x14, 0x14, 0x1c}, @broadcast]}, @rr={0x7, 0x23, 0xfc, [@loopback, @loopback, @private=0xa010102, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}, @multicast1, @multicast1]}, @rr={0x7, 0xb, 0x57, [@rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @noop, @noop]}}}}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000005000000085000000d000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0xfffffffffffffe60, 0x0, 0x40f00, 0x0, '\x00', r0, 0x2}, 0xfffffffffffffedb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0xe)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000000)=0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r5)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r7=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r7}}], 0x20, 0x2400e044}, 0x0)

1.179932946s ago: executing program 6 (id=2645):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000002440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', &(0x7f0000000140)=""/246, 0xf6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r2], 0x50}, 0x1, 0xba01}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'bind', '=static', @void}}}]})

1.178329416s ago: executing program 7 (id=2646):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f000000040000000800"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.103921032s ago: executing program 6 (id=2647):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c200000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc1"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)

1.103551162s ago: executing program 7 (id=2648):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r2, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0, 0x1200)

1.088845173s ago: executing program 6 (id=2649):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x891)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0))
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x6)

1.073885024s ago: executing program 7 (id=2650):
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0xbb, 0x1, 0x0, 0x0, 0x0, 0xe4b8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x2980, 0x2, 0x0, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r0 = socket(0x1, 0x803, 0x0)
flock(0xffffffffffffffff, 0x8)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf250000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r3], 0x50}}, 0x2)

1.017768149s ago: executing program 2 (id=2651):
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
syz_open_dev$evdev(0x0, 0x3, 0x210080)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
r4 = dup(r3)
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000000080)={0x23, 0x3, 0x17, 0x2000, 0x0, 0x0, 0x0})
renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x4)

949.397904ms ago: executing program 2 (id=2652):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x20000}, 0x10}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x891)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000200)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0, @ANYRES16=r5, @ANYBLOB="961f9815b5504f4ca7bdfc101528a080b0e7c0f676989af24d6aa377e6bc68dc543e2be449d500eb55539eb33ae83c74c328fc7d0d1a656fd2a8bc42899002426fa4564f675ff3edb9f94fc34bd393401f32da8ffb07abc4dec4f374cf2643944fa3279a2589b2a2f7166fb73d6515eeaf251f2ef0943ad2b6b25a300dd7d0ae873929c866141b2ce61548bad2523adabf7062608278eea5f493856c6bac202630edb9d555599b68a73f8760ef78563615031baf942d258a20a305e2", @ANYRESOCT, @ANYRESHEX=r6, @ANYRESOCT, @ANYRES64=r1, @ANYRESHEX=r1], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0))
r7 = fsmount(r5, 0x0, 0x0)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)

338.287043ms ago: executing program 7 (id=2653):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa1000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)

315.758545ms ago: executing program 7 (id=2654):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a617574685f63616368655f742095a167c867d8f91b"], 0x27)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0xc044)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0)
statx(r3, &(0x7f00000001c0)='./cgroup/../file0\x00', 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x7, 0x10005, 0x8, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r7, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfffd, 0x13, 0x0, 0x0})
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

315.218935ms ago: executing program 5 (id=2655):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r2, 0x0, r1, 0x0, 0x6, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
dup3(r2, r1, 0x0)

139.949389ms ago: executing program 6 (id=2656):
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x48000)
recvmmsg$unix(r4, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

0s ago: executing program 2 (id=2657):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000a40)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f00000009c0)="3bf58d7d45d32c", 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, [@exit]}, &(0x7f00000000c0)='GPL\x00', 0xb, 0x65, &(0x7f00000001c0)=""/101, 0x41000, 0x23, '\x00', r2, @fallback=0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xe, 0x7, 0x80000001}, 0x10, 0x0, r0, 0x6, 0x0, &(0x7f00000002c0)=[{0x2, 0x2, 0x4, 0xa}, {0x3, 0x1, 0x3, 0xa}, {0x4, 0x3, 0x6, 0x8}, {0x1, 0x3, 0x2, 0x4}, {0x0, 0x1, 0x8, 0x7}, {0x5, 0x4, 0xa, 0xc}], 0x10, 0xffff34f0}, 0x94)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7fffeffd)

kernel console output (not intermixed with test programs):

01bebe9
[  182.595196][T10240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.595214][T10240] RSP: 002b:00007f4cfec1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.595236][T10240] RAX: ffffffffffffffda RBX: 00007f4d003e5fa0 RCX: 00007f4d001bebe9
[  182.595252][T10240] RDX: 0000000000000000 RSI: 0000200000000a00 RDI: 0000000000000006
[  182.595270][T10240] RBP: 00007f4cfec1f090 R08: 0000000000000000 R09: 0000000000000000
[  182.595285][T10240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.595301][T10240] R13: 00007f4d003e6038 R14: 00007f4d003e5fa0 R15: 00007ffcf6cdc878
[  182.595322][T10240]  </TASK>
[  182.926457][T10243] loop9: detected capacity change from 0 to 7
[  182.933162][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  182.941259][T10243] Buffer I/O error on dev loop9, logical block 0, async page read
[  182.949212][T10243]  loop9: unable to read partition table
[  182.957487][T10243] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  182.957487][T10243] 
) failed (rc=-5)
[  183.023309][T10245] FAULT_INJECTION: forcing a failure.
[  183.023309][T10245] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.036585][T10245] CPU: 0 UID: 0 PID: 10245 Comm: syz.7.2097 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  183.036687][T10245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  183.036699][T10245] Call Trace:
[  183.036706][T10245]  <TASK>
[  183.036712][T10245]  __dump_stack+0x1d/0x30
[  183.036733][T10245]  dump_stack_lvl+0xe8/0x140
[  183.036752][T10245]  dump_stack+0x15/0x1b
[  183.036773][T10245]  should_fail_ex+0x265/0x280
[  183.036819][T10245]  should_fail+0xb/0x20
[  183.036848][T10245]  should_fail_usercopy+0x1a/0x20
[  183.036870][T10245]  _copy_from_user+0x1c/0xb0
[  183.036902][T10245]  lo_ioctl+0x383/0x1240
[  183.036978][T10245]  ? avc_has_extended_perms+0x73d/0x940
[  183.037072][T10245]  ? blkdev_common_ioctl+0xad6/0x1ad0
[  183.037103][T10245]  ? do_vfs_ioctl+0x866/0xe10
[  183.037155][T10245]  ? selinux_file_ioctl+0x308/0x3a0
[  183.037180][T10245]  ? __pfx_lo_ioctl+0x10/0x10
[  183.037210][T10245]  ? __pfx_blkdev_ioctl+0x10/0x10
[  183.037231][T10245]  blkdev_ioctl+0x34f/0x440
[  183.037258][T10245]  __se_sys_ioctl+0xce/0x140
[  183.037281][T10245]  __x64_sys_ioctl+0x43/0x50
[  183.037454][T10245]  x64_sys_call+0x1816/0x2ff0
[  183.037474][T10245]  do_syscall_64+0xd2/0x200
[  183.037506][T10245]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  183.037536][T10245]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  183.037672][T10245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.037729][T10245] RIP: 0033:0x7f4d001bebe9
[  183.037744][T10245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.037817][T10245] RSP: 002b:00007f4cfec1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  183.037836][T10245] RAX: ffffffffffffffda RBX: 00007f4d003e5fa0 RCX: 00007f4d001bebe9
[  183.037848][T10245] RDX: 0000200000000140 RSI: 0000000000004c0a RDI: 0000000000000007
[  183.037860][T10245] RBP: 00007f4cfec1f090 R08: 0000000000000000 R09: 0000000000000000
[  183.037937][T10245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.037953][T10245] R13: 00007f4d003e6038 R14: 00007f4d003e5fa0 R15: 00007ffcf6cdc878
[  183.037978][T10245]  </TASK>
[  183.358616][T10251] loop2: detected capacity change from 0 to 1024
[  183.404865][T10251] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.452083][T10266] syzkaller0: entered promiscuous mode
[  183.457772][T10266] syzkaller0: entered allmulticast mode
[  183.476177][T10251] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  183.559753][ T3443] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  183.572098][ T3443] EXT4-fs (loop2): This should not happen!! Data will be lost
[  183.572098][ T3443] 
[  183.582075][ T3443] EXT4-fs (loop2): Total free blocks count 0
[  183.588139][ T3443] EXT4-fs (loop2): Free/Dirty block details
[  183.594050][ T3443] EXT4-fs (loop2): free_blocks=20480
[  183.599867][ T3443] EXT4-fs (loop2): dirty_blocks=64
[  183.605070][ T3443] EXT4-fs (loop2): Block reservation details
[  183.611058][ T3443] EXT4-fs (loop2): i_reserved_data_blocks=4
[  183.621861][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.672290][T10280] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2107'.
[  183.696407][T10269] loop7: detected capacity change from 0 to 512
[  183.704441][T10269] EXT4-fs (loop7): unsupported inode size: 0
[  183.710545][T10269] EXT4-fs (loop7): blocksize: 1024
[  183.781904][T10281] loop2: detected capacity change from 0 to 512
[  183.798519][T10281] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  183.816299][T10281] EXT4-fs (loop2): orphan cleanup on readonly fs
[  183.836721][T10281] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.2109: corrupted inode contents
[  183.850133][T10281] EXT4-fs (loop2): Remounting filesystem read-only
[  183.856899][T10281] EXT4-fs (loop2): 1 truncate cleaned up
[  183.863139][  T267] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  183.873906][  T267] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  183.937919][  T267] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  183.972335][T10281] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  184.006909][T10281] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.018665][T10300] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2117'.
[  184.069203][T10300] netlink: 'syz.7.2117': attribute type 1 has an invalid length.
[  184.078190][T10300] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  184.099415][T10300] can0: slcan on ttyS3.
[  184.100518][T10303] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  184.111629][T10303] syzkaller0: entered promiscuous mode
[  184.117137][T10303] syzkaller0: entered allmulticast mode
[  184.131484][T10303] tipc: Resetting bearer <eth:syzkaller0>
[  184.137973][T10302] tipc: Resetting bearer <eth:syzkaller0>
[  184.144561][T10302] tipc: Disabling bearer <eth:syzkaller0>
[  184.154454][T10300] can0 (unregistered): slcan off ttyS3.
[  184.162998][T10304] can0: slcan on ttyS3.
[  184.170695][T10300] netlink: 'syz.7.2117': attribute type 1 has an invalid length.
[  184.178482][T10300] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2117'.
[  184.234471][T10299] can0 (unregistered): slcan off ttyS3.
[  184.281901][T10310] loop7: detected capacity change from 0 to 512
[  184.294886][T10310] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2121: iget: bad extended attribute block 1
[  184.308973][T10310] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2121: couldn't read orphan inode 15 (err -117)
[  184.313503][T10315] FAULT_INJECTION: forcing a failure.
[  184.313503][T10315] name failslab, interval 1, probability 0, space 0, times 0
[  184.323774][T10310] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.333631][T10315] CPU: 0 UID: 0 PID: 10315 Comm: syz.5.2123 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  184.333664][T10315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  184.333681][T10315] Call Trace:
[  184.333689][T10315]  <TASK>
[  184.333699][T10315]  __dump_stack+0x1d/0x30
[  184.333727][T10315]  dump_stack_lvl+0xe8/0x140
[  184.333755][T10315]  dump_stack+0x15/0x1b
[  184.333779][T10315]  should_fail_ex+0x265/0x280
[  184.333808][T10315]  should_failslab+0x8c/0xb0
[  184.333840][T10315]  __kvmalloc_node_noprof+0x123/0x4e0
[  184.333881][T10315]  ? io_register_clone_buffers+0x3a5/0x780
[  184.333941][T10315]  ? fget+0x36/0x40
[  184.333984][T10315]  io_register_clone_buffers+0x3a5/0x780
[  184.334027][T10315]  ? __fget_files+0x184/0x1c0
[  184.334100][T10315]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  184.334143][T10315]  __se_sys_io_uring_register+0x733/0xeb0
[  184.334192][T10315]  ? fput+0x8f/0xc0
[  184.334240][T10315]  ? ksys_write+0x192/0x1a0
[  184.334271][T10315]  __x64_sys_io_uring_register+0x55/0x70
[  184.334309][T10315]  x64_sys_call+0x18a3/0x2ff0
[  184.334378][T10315]  do_syscall_64+0xd2/0x200
[  184.334416][T10315]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  184.334470][T10315]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  184.334558][T10315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.334594][T10315] RIP: 0033:0x7f6c8fe6ebe9
[  184.334614][T10315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.334638][T10315] RSP: 002b:00007f6c8e8cf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  184.334664][T10315] RAX: ffffffffffffffda RBX: 00007f6c90095fa0 RCX: 00007f6c8fe6ebe9
[  184.334715][T10315] RDX: 0000200000000000 RSI: 000000000000001e RDI: 0000000000000005
[  184.334730][T10315] RBP: 00007f6c8e8cf090 R08: 0000000000000000 R09: 0000000000000000
[  184.334747][T10315] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  184.334764][T10315] R13: 00007f6c90096038 R14: 00007f6c90095fa0 R15: 00007ffcd15ba928
[  184.334819][T10315]  </TASK>
[  184.387957][T10314] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  184.529212][T10324] loop2: detected capacity change from 0 to 512
[  184.535062][T10324] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.2127: iget: bad extended attribute block 1
[  184.537890][T10320] syzkaller0: entered promiscuous mode
[  184.576959][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.579041][T10320] syzkaller0: entered allmulticast mode
[  184.596470][T10324] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.2127: couldn't read orphan inode 15 (err -117)
[  184.622460][T10314] tipc: Resetting bearer <eth:syzkaller0>
[  184.627657][T10324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.642391][T10312] tipc: Resetting bearer <eth:syzkaller0>
[  184.642782][T10329] FAULT_INJECTION: forcing a failure.
[  184.642782][T10329] name failslab, interval 1, probability 0, space 0, times 0
[  184.660759][T10329] CPU: 0 UID: 0 PID: 10329 Comm: syz.5.2128 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  184.660789][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  184.660803][T10329] Call Trace:
[  184.660808][T10329]  <TASK>
[  184.660814][T10329]  __dump_stack+0x1d/0x30
[  184.660910][T10329]  dump_stack_lvl+0xe8/0x140
[  184.660926][T10329]  dump_stack+0x15/0x1b
[  184.660940][T10329]  should_fail_ex+0x265/0x280
[  184.660960][T10329]  should_failslab+0x8c/0xb0
[  184.660987][T10329]  kmem_cache_alloc_node_noprof+0x57/0x320
[  184.661024][T10329]  ? __alloc_skb+0x101/0x320
[  184.661046][T10329]  __alloc_skb+0x101/0x320
[  184.661067][T10329]  pfkey_sendmsg+0xd7/0x900
[  184.661093][T10329]  ? avc_has_perm+0xf7/0x180
[  184.661191][T10329]  ? selinux_socket_sendmsg+0x175/0x1b0
[  184.661303][T10329]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  184.661382][T10329]  __sock_sendmsg+0x145/0x180
[  184.661409][T10329]  ____sys_sendmsg+0x31e/0x4e0
[  184.661430][T10329]  ___sys_sendmsg+0x17b/0x1d0
[  184.661475][T10329]  __x64_sys_sendmsg+0xd4/0x160
[  184.661508][T10329]  x64_sys_call+0x191e/0x2ff0
[  184.661527][T10329]  do_syscall_64+0xd2/0x200
[  184.661562][T10329]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  184.661587][T10329]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  184.661679][T10329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.661696][T10329] RIP: 0033:0x7f6c8fe6ebe9
[  184.661781][T10329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.661799][T10329] RSP: 002b:00007f6c8e8cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.661814][T10329] RAX: ffffffffffffffda RBX: 00007f6c90095fa0 RCX: 00007f6c8fe6ebe9
[  184.661854][T10329] RDX: 0000000000040000 RSI: 00002000000001c0 RDI: 0000000000000005
[  184.661864][T10329] RBP: 00007f6c8e8cf090 R08: 0000000000000000 R09: 0000000000000000
[  184.661874][T10329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.661884][T10329] R13: 00007f6c90096038 R14: 00007f6c90095fa0 R15: 00007ffcd15ba928
[  184.661952][T10329]  </TASK>
[  184.868750][T10312] tipc: Disabling bearer <eth:syzkaller0>
[  184.888018][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.901436][T10332] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  184.908113][   T29] kauditd_printk_skb: 128 callbacks suppressed
[  184.908141][   T29] audit: type=1326 audit(1756466537.936:5334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c8fe6ebe9 code=0x7ffc0000
[  184.938116][   T29] audit: type=1326 audit(1756466537.936:5335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c8fe6ebe9 code=0x7ffc0000
[  184.944620][T10336] loop5: detected capacity change from 0 to 8192
[  184.961619][   T29] audit: type=1326 audit(1756466537.936:5336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6c8fe6ebe9 code=0x7ffc0000
[  184.991511][   T29] audit: type=1326 audit(1756466537.936:5337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6c8fe6ec23 code=0x7ffc0000
[  185.015113][T10331] syzkaller0: entered promiscuous mode
[  185.020642][T10331] syzkaller0: entered allmulticast mode
[  185.033564][T10339] loop2: detected capacity change from 0 to 1024
[  185.040773][   T29] audit: type=1326 audit(1756466537.956:5338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6c8fe6d69f code=0x7ffc0000
[  185.064405][   T29] audit: type=1326 audit(1756466537.976:5339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f6c8fe6ec77 code=0x7ffc0000
[  185.069924][T10331] tipc: Resetting bearer <eth:syzkaller0>
[  185.087858][   T29] audit: type=1326 audit(1756466537.976:5340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6c8fe6d550 code=0x7ffc0000
[  185.087892][   T29] audit: type=1326 audit(1756466537.976:5341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6c8fe6e7eb code=0x7ffc0000
[  185.096107][T10336]  loop5: p1 p2[DM] p4
[  185.118465][   T29] audit: type=1326 audit(1756466538.006:5342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6c8fe6d84a code=0x7ffc0000
[  185.146305][T10336] loop5: p1 size 196608 extends beyond EOD, 
[  185.169756][   T29] audit: type=1326 audit(1756466538.006:5343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10335 comm="syz.5.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6c8fe6e7eb code=0x7ffc0000
[  185.199178][T10336] truncated
[  185.206735][T10330] tipc: Resetting bearer <eth:syzkaller0>
[  185.214652][T10339] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.229059][T10330] tipc: Disabling bearer <eth:syzkaller0>
[  185.235560][T10336] loop5: p2 start 4292936063 is beyond EOD, truncated
[  185.242411][T10336] loop5: p4 size 50331648 extends beyond EOD, truncated
[  185.245666][T10339] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  185.305578][T10345] FAULT_INJECTION: forcing a failure.
[  185.305578][T10345] name failslab, interval 1, probability 0, space 0, times 0
[  185.318360][T10345] CPU: 0 UID: 0 PID: 10345 Comm: syz.0.2135 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  185.318393][T10345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  185.318408][T10345] Call Trace:
[  185.318414][T10345]  <TASK>
[  185.318420][T10345]  __dump_stack+0x1d/0x30
[  185.318489][T10345]  dump_stack_lvl+0xe8/0x140
[  185.318511][T10345]  dump_stack+0x15/0x1b
[  185.318531][T10345]  should_fail_ex+0x265/0x280
[  185.318556][T10345]  should_failslab+0x8c/0xb0
[  185.318586][T10345]  kmem_cache_alloc_noprof+0x50/0x310
[  185.318659][T10345]  ? alloc_vfsmnt+0x2d/0x300
[  185.318696][T10345]  alloc_vfsmnt+0x2d/0x300
[  185.318748][T10345]  clone_mnt+0x46/0x630
[  185.318857][T10345]  copy_tree+0x2cd/0x8c0
[  185.318960][T10345]  copy_mnt_ns+0x120/0x5c0
[  185.318986][T10345]  ? kmem_cache_alloc_noprof+0x220/0x310
[  185.319087][T10345]  ? create_new_namespaces+0x3c/0x3d0
[  185.319118][T10345]  create_new_namespaces+0x83/0x3d0
[  185.319159][T10345]  unshare_nsproxy_namespaces+0xe8/0x120
[  185.319249][T10345]  ksys_unshare+0x3d0/0x6d0
[  185.319276][T10345]  ? ksys_write+0x15f/0x1a0
[  185.319299][T10345]  __x64_sys_unshare+0x1f/0x30
[  185.319424][T10345]  x64_sys_call+0x2911/0x2ff0
[  185.319452][T10345]  do_syscall_64+0xd2/0x200
[  185.319478][T10345]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  185.319514][T10345]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  185.319546][T10345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.319573][T10345] RIP: 0033:0x7fdb0080ebe9
[  185.319587][T10345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.319630][T10345] RSP: 002b:00007fdaff277038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  185.319648][T10345] RAX: ffffffffffffffda RBX: 00007fdb00a35fa0 RCX: 00007fdb0080ebe9
[  185.319686][T10345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002a020480
[  185.319702][T10345] RBP: 00007fdaff277090 R08: 0000000000000000 R09: 0000000000000000
[  185.319716][T10345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.319731][T10345] R13: 00007fdb00a36038 R14: 00007fdb00a35fa0 R15: 00007ffc63b07c48
[  185.319753][T10345]  </TASK>
[  185.320460][ T3443] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  185.378058][T10347] netlink: 'syz.5.2134': attribute type 10 has an invalid length.
[  185.379430][ T3443] EXT4-fs (loop2): This should not happen!! Data will be lost
[  185.379430][ T3443] 
[  185.379449][ T3443] EXT4-fs (loop2): Total free blocks count 0
[  185.388929][T10347] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2134'.
[  185.392364][ T3443] EXT4-fs (loop2): Free/Dirty block details
[  185.392381][ T3443] EXT4-fs (loop2): free_blocks=20480
[  185.399786][T10347] tmpfs: Bad value for 'mpol'
[  185.402531][ T3443] EXT4-fs (loop2): dirty_blocks=64
[  185.402553][ T3443] EXT4-fs (loop2): Block reservation details
[  185.548061][T10357] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2137'.
[  185.555869][ T3443] EXT4-fs (loop2): i_reserved_data_blocks=4
[  185.558436][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.631791][T10355] loop5: detected capacity change from 0 to 1024
[  185.638892][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2137'.
[  185.658013][T10360] loop6: detected capacity change from 0 to 512
[  185.664488][T10363] loop2: detected capacity change from 0 to 512
[  185.672476][T10363] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.2136: iget: bad extended attribute block 1
[  185.685310][T10363] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.2136: couldn't read orphan inode 15 (err -117)
[  185.698541][T10363] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.699148][T10355] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.713154][T10360] EXT4-fs warning (device loop6): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  185.748693][T10360] EXT4-fs (loop6): mount failed
[  185.754163][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.763963][T10353] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  185.807778][T10374] syzkaller0: entered promiscuous mode
[  185.813389][T10374] syzkaller0: entered allmulticast mode
[  185.843445][  T267] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  185.855901][  T267] EXT4-fs (loop5): This should not happen!! Data will be lost
[  185.855901][  T267] 
[  185.865660][  T267] EXT4-fs (loop5): Total free blocks count 0
[  185.871870][  T267] EXT4-fs (loop5): Free/Dirty block details
[  185.877893][  T267] EXT4-fs (loop5): free_blocks=20480
[  185.883433][  T267] EXT4-fs (loop5): dirty_blocks=64
[  185.888602][  T267] EXT4-fs (loop5): Block reservation details
[  185.894689][  T267] EXT4-fs (loop5): i_reserved_data_blocks=4
[  185.901874][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.917995][T10377] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2144'.
[  185.930399][T10378] loop7: detected capacity change from 0 to 512
[  185.946279][T10378] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  185.956509][T10378] EXT4-fs (loop7): orphan cleanup on readonly fs
[  185.965022][T10378] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #16: comm syz.7.2142: corrupted inode contents
[  185.979365][T10380] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10380 comm=syz.5.2143
[  185.980648][T10384] netlink: 'syz.6.2144': attribute type 1 has an invalid length.
[  186.002980][T10378] EXT4-fs (loop7): Remounting filesystem read-only
[  186.009918][T10378] EXT4-fs (loop7): 1 truncate cleaned up
[  186.011686][T10384] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  186.031007][ T3443] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  186.040997][T10387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2146'.
[  186.041670][ T3443] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  186.054059][T10377] can0: slcan on ttyS3.
[  186.072793][ T3443] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started
[  186.085131][T10378] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  186.097817][T10385] loop2: detected capacity change from 0 to 8192
[  186.099940][T10378] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.109010][T10387] netlink: 'syz.5.2146': attribute type 1 has an invalid length.
[  186.121982][T10387] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  186.144693][T10377] can0 (unregistered): slcan off ttyS3.
[  186.144719][T10385]  loop2: p1 p2[DM] p4
[  186.144836][T10385] loop2: p1 size 196608 extends beyond EOD, 
[  186.153377][T10384] can0: slcan on ttyS3.
[  186.154462][T10385] truncated
[  186.164932][T10385] loop2: p2 start 4292936063 is beyond EOD, truncated
[  186.174849][T10385] loop2: p4 size 50331648 extends beyond EOD, truncated
[  186.175840][T10377] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2144'.
[  186.191196][T10387] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2146'.
[  186.231381][T10392] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  186.238393][T10392] syzkaller0: entered promiscuous mode
[  186.243869][T10392] syzkaller0: entered allmulticast mode
[  186.252294][T10391] tipc: Resetting bearer <eth:syzkaller0>
[  186.264533][T10391] tipc: Disabling bearer <eth:syzkaller0>
[  186.270355][T10386] can0 (unregistered): slcan off ttyS3.
[  186.342940][T10404] loop5: detected capacity change from 0 to 256
[  186.349866][T10404] msdos: Bad value for 'uid'
[  186.354504][T10404] msdos: Bad value for 'uid'
[  186.362766][T10404] 9pnet_fd: Insufficient options for proto=fd
[  186.373369][T10404] loop5: detected capacity change from 0 to 512
[  186.380253][T10404] EXT4-fs: Ignoring removed orlov option
[  186.388412][T10404] EXT4-fs: Ignoring removed nomblk_io_submit option
[  186.395548][T10404] ext4: Unknown parameter 'fsname'
[  186.452019][T10407] syzkaller0: entered promiscuous mode
[  186.457683][T10407] syzkaller0: entered allmulticast mode
[  186.727449][T10414] loop6: detected capacity change from 0 to 1024
[  187.143592][T10417] loop5: detected capacity change from 0 to 8192
[  187.305096][T10417]  loop5: p1 p2[DM] p4
[  187.315602][T10417] loop5: p1 size 196608 extends beyond EOD, truncated
[  187.323005][T10417] loop5: p2 start 4292936063 is beyond EOD, truncated
[  187.329934][T10417] loop5: p4 size 50331648 extends beyond EOD, truncated
[  187.350063][T10427] validate_nla: 2 callbacks suppressed
[  187.350078][T10427] netlink: 'syz.7.2161': attribute type 1 has an invalid length.
[  187.365089][T10425] netlink: 'syz.2.2160': attribute type 10 has an invalid length.
[  187.374080][T10427] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  187.392373][T10425] tmpfs: Bad value for 'mpol'
[  187.410674][T10427] can0: slcan on ttyS3.
[  187.431524][T10434] loop2: detected capacity change from 0 to 256
[  187.438615][T10434] msdos: Bad value for 'uid'
[  187.443236][T10434] msdos: Bad value for 'uid'
[  187.452638][T10434] 9pnet_fd: Insufficient options for proto=fd
[  187.474537][T10427] can0 (unregistered): slcan off ttyS3.
[  187.486561][T10437] netlink: 'syz.7.2161': attribute type 1 has an invalid length.
[  187.513819][T10440] loop9: detected capacity change from 0 to 7
[  187.520477][T10440] Buffer I/O error on dev loop9, logical block 0, async page read
[  187.530227][T10440] Buffer I/O error on dev loop9, logical block 0, async page read
[  187.538194][T10440]  loop9: unable to read partition table
[  187.544005][T10440] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  187.544005][T10440] 
) failed (rc=-5)
[  187.628687][T10442] netlink: 'syz.2.2165': attribute type 1 has an invalid length.
[  187.637394][T10442] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  187.655201][T10442] netlink: 'syz.2.2165': attribute type 1 has an invalid length.
[  187.703114][T10451] syzkaller0: entered promiscuous mode
[  187.708789][T10451] syzkaller0: entered allmulticast mode
[  187.760176][T10456] loop6: detected capacity change from 0 to 512
[  187.795388][T10456] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.812934][T10459] netlink: 'syz.2.2173': attribute type 10 has an invalid length.
[  187.848182][T10459] tmpfs: Bad value for 'mpol'
[  187.852988][T10456] ext4 filesystem being mounted at /370/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  187.993116][T10473] loop2: detected capacity change from 0 to 256
[  188.009573][T10473] msdos: Bad value for 'uid'
[  188.014309][T10473] msdos: Bad value for 'uid'
[  188.025712][T10470] netlink: 'syz.7.2175': attribute type 1 has an invalid length.
[  188.029310][T10473] 9pnet_fd: Insufficient options for proto=fd
[  188.044075][T10470] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  188.080212][T10470] can0: slcan on ttyS3.
[  188.085234][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.144428][T10470] can0 (unregistered): slcan off ttyS3.
[  188.170070][T10479] can0: slcan on ttyS3.
[  188.175342][T10480] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=10480 comm=syz.0.2172
[  188.188334][T10478] 9pnet_fd: Insufficient options for proto=fd
[  188.208504][T10470] netlink: 'syz.7.2175': attribute type 1 has an invalid length.
[  188.284426][T10469] can0 (unregistered): slcan off ttyS3.
[  188.348451][T10495] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  188.357834][T10495] syzkaller0: entered promiscuous mode
[  188.363354][T10495] syzkaller0: entered allmulticast mode
[  188.374210][T10494] tipc: Resetting bearer <eth:syzkaller0>
[  188.402848][T10494] tipc: Disabling bearer <eth:syzkaller0>
[  188.539559][T10503] loop7: detected capacity change from 0 to 256
[  188.552764][T10503] msdos: Bad value for 'uid'
[  188.557595][T10503] msdos: Bad value for 'uid'
[  188.613275][T10503] 9pnet_fd: Insufficient options for proto=fd
[  188.638551][T10503] loop7: detected capacity change from 0 to 512
[  188.643736][T10505] netlink: 'syz.6.2186': attribute type 10 has an invalid length.
[  188.655181][T10503] EXT4-fs: Ignoring removed orlov option
[  188.661162][T10503] EXT4-fs: Ignoring removed nomblk_io_submit option
[  188.669132][T10503] ext4: Unknown parameter 'fsname'
[  188.675194][T10505] __nla_validate_parse: 14 callbacks suppressed
[  188.675207][T10505] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2186'.
[  188.703050][T10505] tmpfs: Bad value for 'mpol'
[  188.793359][T10513] loop7: detected capacity change from 0 to 512
[  188.820604][T10513] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  188.830509][T10513] EXT4-fs (loop7): couldn't mount as ext3 due to feature incompatibilities
[  189.003610][T10521] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2191'.
[  189.012663][T10521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2191'.
[  189.028040][T10519] loop7: detected capacity change from 0 to 8192
[  189.054533][T10519]  loop7: p1 p2[DM] p4
[  189.058675][T10519] loop7: p1 size 196608 extends beyond EOD, truncated
[  189.063491][T10523] loop6: detected capacity change from 0 to 1024
[  189.076498][T10519] loop7: p2 start 4292936063 is beyond EOD, truncated
[  189.083291][T10519] loop7: p4 size 50331648 extends beyond EOD, truncated
[  189.102792][T10525] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.110696][T10525] syzkaller0: entered promiscuous mode
[  189.111113][T10523] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.116201][T10525] syzkaller0: entered allmulticast mode
[  189.148998][T10524] tipc: Resetting bearer <eth:syzkaller0>
[  189.191470][T10524] tipc: Disabling bearer <eth:syzkaller0>
[  189.217777][T10529] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.260549][T10523] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  189.276973][T10532] syzkaller0: entered promiscuous mode
[  189.282496][T10532] syzkaller0: entered allmulticast mode
[  189.318085][T10528] tipc: Resetting bearer <eth:syzkaller0>
[  189.336197][T10528] tipc: Disabling bearer <eth:syzkaller0>
[  189.389634][   T51] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  189.402031][   T51] EXT4-fs (loop6): This should not happen!! Data will be lost
[  189.402031][   T51] 
[  189.411728][   T51] EXT4-fs (loop6): Total free blocks count 0
[  189.417746][   T51] EXT4-fs (loop6): Free/Dirty block details
[  189.423734][   T51] EXT4-fs (loop6): free_blocks=20480
[  189.429048][   T51] EXT4-fs (loop6): dirty_blocks=64
[  189.434328][   T51] EXT4-fs (loop6): Block reservation details
[  189.440380][   T51] EXT4-fs (loop6): i_reserved_data_blocks=4
[  189.448141][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.505033][T10543] loop6: detected capacity change from 0 to 512
[  189.523593][T10545] loop7: detected capacity change from 0 to 1024
[  189.530729][T10543] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  189.543012][T10543] EXT4-fs (loop6): 1 truncate cleaned up
[  189.549240][T10543] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.566874][T10545] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.594095][T10545] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  189.622915][T10547] netlink: 'syz.2.2202': attribute type 10 has an invalid length.
[  189.691352][T10561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=10561 comm=syz.5.2198
[  189.761914][ T1862] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  189.774260][ T1862] EXT4-fs (loop7): This should not happen!! Data will be lost
[  189.774260][ T1862] 
[  189.783905][ T1862] EXT4-fs (loop7): Total free blocks count 0
[  189.790041][ T1862] EXT4-fs (loop7): Free/Dirty block details
[  189.795968][ T1862] EXT4-fs (loop7): free_blocks=20480
[  189.801250][ T1862] EXT4-fs (loop7): dirty_blocks=64
[  189.806390][ T1862] EXT4-fs (loop7): Block reservation details
[  189.812380][ T1862] EXT4-fs (loop7): i_reserved_data_blocks=4
[  189.824337][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.858225][T10570] loop7: detected capacity change from 0 to 512
[  189.896788][T10570] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.944337][T10570] ext4 filesystem being mounted at /273/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  189.974637][T10576] SELinux:  Context @ is not valid (left unmapped).
[  189.981546][   T29] kauditd_printk_skb: 533 callbacks suppressed
[  189.981562][   T29] audit: type=1400 audit(1756466543.016:5870): avc:  denied  { relabelto } for  pid=10575 comm="syz.2.2207" name="blkio.bfq.io_queued" dev="tmpfs" ino=2305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="@"
[  190.012853][   T29] audit: type=1400 audit(1756466543.016:5871): avc:  denied  { associate } for  pid=10575 comm="syz.2.2207" name="blkio.bfq.io_queued" dev="tmpfs" ino=2305 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="@"
[  190.079316][   T29] audit: type=1400 audit(1756466543.076:5872): avc:  denied  { write } for  pid=10575 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  190.082898][T10581] loop2: detected capacity change from 0 to 1024
[  190.099037][   T29] audit: type=1400 audit(1756466543.106:5873): avc:  denied  { unlink } for  pid=3309 comm="syz-executor" name="blkio.bfq.io_queued" dev="tmpfs" ino=2305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="@"
[  190.164927][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.198861][T10581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.223317][T10583] loop7: detected capacity change from 0 to 1024
[  190.238990][T10581] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  190.266493][T10583] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.307554][   T37] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  190.319946][   T37] EXT4-fs (loop2): This should not happen!! Data will be lost
[  190.319946][   T37] 
[  190.329681][   T37] EXT4-fs (loop2): Total free blocks count 0
[  190.335684][   T37] EXT4-fs (loop2): Free/Dirty block details
[  190.341579][   T37] EXT4-fs (loop2): free_blocks=20480
[  190.346885][   T37] EXT4-fs (loop2): dirty_blocks=64
[  190.352002][   T37] EXT4-fs (loop2): Block reservation details
[  190.358049][   T37] EXT4-fs (loop2): i_reserved_data_blocks=4
[  190.389949][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.400422][T10583] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  190.452249][T10590] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.475161][T10590] syzkaller0: entered promiscuous mode
[  190.480691][T10590] syzkaller0: entered allmulticast mode
[  190.520401][   T29] audit: type=1326 audit(1756466543.556:5874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10591 comm="syz.2.2210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  190.544004][   T29] audit: type=1326 audit(1756466543.556:5875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10591 comm="syz.2.2210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  190.567441][   T29] audit: type=1326 audit(1756466543.556:5876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10591 comm="syz.2.2210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  190.592589][T10589] tipc: Resetting bearer <eth:syzkaller0>
[  190.594550][   T29] audit: type=1326 audit(1756466543.586:5877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10591 comm="syz.2.2210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  190.621874][   T29] audit: type=1326 audit(1756466543.586:5878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10591 comm="syz.2.2210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  190.645680][   T29] audit: type=1326 audit(1756466543.586:5879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10591 comm="syz.2.2210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  190.654652][ T1862] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  190.681561][ T1862] EXT4-fs (loop7): This should not happen!! Data will be lost
[  190.681561][ T1862] 
[  190.691299][ T1862] EXT4-fs (loop7): Total free blocks count 0
[  190.697659][ T1862] EXT4-fs (loop7): Free/Dirty block details
[  190.703571][ T1862] EXT4-fs (loop7): free_blocks=20480
[  190.708887][ T1862] EXT4-fs (loop7): dirty_blocks=64
[  190.714015][ T1862] EXT4-fs (loop7): Block reservation details
[  190.720125][ T1862] EXT4-fs (loop7): i_reserved_data_blocks=4
[  190.726552][T10589] tipc: Disabling bearer <eth:syzkaller0>
[  190.746395][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.756662][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.785195][T10595] loop2: detected capacity change from 0 to 1024
[  190.793386][T10595] EXT4-fs: Ignoring removed orlov option
[  190.799224][T10595] EXT4-fs: dax option not supported
[  190.818626][T10597] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.840035][T10597] syzkaller0: entered promiscuous mode
[  190.845612][T10597] syzkaller0: entered allmulticast mode
[  190.852368][T10601] syz.0.2215 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  190.867095][T10596] tipc: Resetting bearer <eth:syzkaller0>
[  190.886008][T10596] tipc: Disabling bearer <eth:syzkaller0>
[  190.949684][T10617] loop5: detected capacity change from 0 to 1024
[  190.958094][T10620] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  190.958094][T10620] The task syz.0.2217 (10620) triggered the difference, watch for misbehavior.
[  190.976356][T10619] loop7: detected capacity change from 0 to 1024
[  190.987485][T10617] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.000013][T10619] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.022782][T10617] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  191.038483][T10619] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  191.088177][T10631] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10631 comm=syz.2.2223
[  191.108827][ T1862] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  191.121268][ T1862] EXT4-fs (loop5): This should not happen!! Data will be lost
[  191.121268][ T1862] 
[  191.131030][ T1862] EXT4-fs (loop5): Total free blocks count 0
[  191.137079][ T1862] EXT4-fs (loop5): Free/Dirty block details
[  191.143060][ T1862] EXT4-fs (loop5): free_blocks=20480
[  191.148473][ T1862] EXT4-fs (loop5): dirty_blocks=64
[  191.153600][ T1862] EXT4-fs (loop5): Block reservation details
[  191.159612][ T1862] EXT4-fs (loop5): i_reserved_data_blocks=4
[  191.165902][   T37] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  191.167238][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.178286][   T37] EXT4-fs (loop7): This should not happen!! Data will be lost
[  191.178286][   T37] 
[  191.178303][   T37] EXT4-fs (loop7): Total free blocks count 0
[  191.202893][   T37] EXT4-fs (loop7): Free/Dirty block details
[  191.208817][   T37] EXT4-fs (loop7): free_blocks=20480
[  191.214111][   T37] EXT4-fs (loop7): dirty_blocks=64
[  191.219260][   T37] EXT4-fs (loop7): Block reservation details
[  191.225293][   T37] EXT4-fs (loop7): i_reserved_data_blocks=4
[  191.236716][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.256974][T10640] loop5: detected capacity change from 0 to 8192
[  191.295008][T10640]  loop5: p1 p2[DM] p4
[  191.299129][T10640] loop5: p1 size 196608 extends beyond EOD, truncated
[  191.306805][T10640] loop5: p2 start 4292936063 is beyond EOD, truncated
[  191.313707][T10640] loop5: p4 size 50331648 extends beyond EOD, truncated
[  191.363062][T10652] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2233'.
[  191.372299][T10652] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2233'.
[  191.438190][T10655] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2230'.
[  191.471726][T10657] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  191.475134][T10648] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2232'.
[  191.479007][T10657] syzkaller0: entered promiscuous mode
[  191.492898][T10657] syzkaller0: entered allmulticast mode
[  191.502500][T10656] tipc: Resetting bearer <eth:syzkaller0>
[  191.511998][T10656] tipc: Disabling bearer <eth:syzkaller0>
[  191.565135][T10663] loop6: detected capacity change from 0 to 256
[  191.573350][T10663] msdos: Bad value for 'uid'
[  191.578021][T10663] msdos: Bad value for 'uid'
[  191.586728][T10663] 9pnet_fd: Insufficient options for proto=fd
[  191.619143][T10665] loop6: detected capacity change from 0 to 1024
[  191.626248][T10665] ext4: Bad value for 'min_batch_time'
[  191.686117][T10676] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  191.694401][T10676] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  191.762430][T10680] SELinux: syz.5.2241 (10680) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  191.879917][T10685] loop2: detected capacity change from 0 to 256
[  191.890959][T10687] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2246'.
[  191.900003][T10687] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2246'.
[  191.902350][T10685] msdos: Bad value for 'uid'
[  191.913662][T10685] msdos: Bad value for 'uid'
[  191.931191][T10685] 9pnet_fd: Insufficient options for proto=fd
[  191.966704][T10685] loop2: detected capacity change from 0 to 512
[  191.990385][T10685] EXT4-fs: Ignoring removed orlov option
[  191.991606][T10693] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  192.004535][T10693] tipc: Resetting bearer <eth:syzkaller0>
[  192.009729][T10685] EXT4-fs: Ignoring removed nomblk_io_submit option
[  192.017125][T10685] ext4: Unknown parameter 'fsname'
[  192.017274][T10692] tipc: Disabling bearer <eth:syzkaller0>
[  192.058491][T10695] FAULT_INJECTION: forcing a failure.
[  192.058491][T10695] name failslab, interval 1, probability 0, space 0, times 0
[  192.071271][T10695] CPU: 1 UID: 0 PID: 10695 Comm: syz.2.2250 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  192.071293][T10695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  192.071303][T10695] Call Trace:
[  192.071309][T10695]  <TASK>
[  192.071317][T10695]  __dump_stack+0x1d/0x30
[  192.071340][T10695]  dump_stack_lvl+0xe8/0x140
[  192.071367][T10695]  dump_stack+0x15/0x1b
[  192.071384][T10695]  should_fail_ex+0x265/0x280
[  192.071402][T10695]  should_failslab+0x8c/0xb0
[  192.071445][T10695]  kmem_cache_alloc_noprof+0x50/0x310
[  192.071493][T10695]  ? alloc_empty_file+0x76/0x200
[  192.071541][T10695]  alloc_empty_file+0x76/0x200
[  192.071574][T10695]  alloc_file_pseudo+0xc6/0x160
[  192.071692][T10695]  __shmem_file_setup+0x1de/0x210
[  192.071722][T10695]  shmem_file_setup+0x3b/0x50
[  192.071756][T10695]  __se_sys_memfd_create+0x2c3/0x590
[  192.071796][T10695]  __x64_sys_memfd_create+0x31/0x40
[  192.071818][T10695]  x64_sys_call+0x2abe/0x2ff0
[  192.071845][T10695]  do_syscall_64+0xd2/0x200
[  192.071872][T10695]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  192.071976][T10695]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  192.072003][T10695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.072066][T10695] RIP: 0033:0x7f17f637ebe9
[  192.072087][T10695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.072102][T10695] RSP: 002b:00007f17f4de6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  192.072136][T10695] RAX: ffffffffffffffda RBX: 00000000000004eb RCX: 00007f17f637ebe9
[  192.072219][T10695] RDX: 00007f17f4de6ef0 RSI: 0000000000000000 RDI: 00007f17f64027e8
[  192.072230][T10695] RBP: 0000200000000540 R08: 00007f17f4de6bb7 R09: 00007f17f4de6e40
[  192.072241][T10695] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000500
[  192.072251][T10695] R13: 00007f17f4de6ef0 R14: 00007f17f4de6eb0 R15: 0000200000000100
[  192.072323][T10695]  </TASK>
[  192.306216][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2251'.
[  192.383956][T10704] loop2: detected capacity change from 0 to 1024
[  192.390880][T10704] EXT4-fs: Ignoring removed orlov option
[  192.396770][T10704] EXT4-fs: dax option not supported
[  192.423363][T10706] loop2: detected capacity change from 0 to 512
[  192.435887][T10706] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.448551][T10706] ext4 filesystem being mounted at /442/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  192.490710][T10711] netlink: 'syz.6.2256': attribute type 10 has an invalid length.
[  192.501767][T10711] tmpfs: Bad value for 'mpol'
[  192.548748][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.768735][T10722] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5133 sclass=netlink_route_socket pid=10722 comm=syz.6.2260
[  193.384188][T10741] loop6: detected capacity change from 0 to 8192
[  193.439700][T10741]  loop6: p1 p2[DM] p4
[  193.443840][T10741] loop6: p1 size 196608 extends beyond EOD, truncated
[  193.452726][T10741] loop6: p2 start 4292936063 is beyond EOD, truncated
[  193.459660][T10741] loop6: p4 size 50331648 extends beyond EOD, truncated
[  193.531113][T10749] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10749 comm=syz.6.2267
[  193.661817][T10755] loop6: detected capacity change from 0 to 512
[  193.669609][T10755] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  193.683810][T10755] EXT4-fs (loop6): 1 truncate cleaned up
[  193.690524][T10755] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.794881][T10763] netlink: 'syz.2.2268': attribute type 10 has an invalid length.
[  194.056855][T10768] __nla_validate_parse: 4 callbacks suppressed
[  194.056869][T10768] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2271'.
[  194.140521][T10772] netlink: 'syz.2.2273': attribute type 10 has an invalid length.
[  194.153633][T10772] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2273'.
[  194.167441][T10772] tmpfs: Bad value for 'mpol'
[  194.173513][T10776] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  194.182876][T10776] tipc: Resetting bearer <eth:syzkaller0>
[  194.189779][T10775] tipc: Disabling bearer <eth:syzkaller0>
[  194.289525][T10784] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2278'.
[  194.342428][T10786] netlink: 'syz.7.2278': attribute type 1 has an invalid length.
[  194.351712][T10786] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  194.373486][T10786] can0: slcan on ttyS3.
[  194.410871][T10788] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10788 comm=syz.0.2279
[  194.424291][T10786] can0 (unregistered): slcan off ttyS3.
[  194.439001][T10784] netlink: 'syz.7.2278': attribute type 1 has an invalid length.
[  194.446969][T10784] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2278'.
[  194.527064][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.625168][T10796] loop6: detected capacity change from 0 to 8192
[  194.668772][T10792] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2281'.
[  194.678677][T10796]  loop6: p1 p2[DM] p4
[  194.682797][T10796] loop6: p1 size 196608 extends beyond EOD, truncated
[  194.690784][T10796] loop6: p2 start 4292936063 is beyond EOD, truncated
[  194.697575][T10796] loop6: p4 size 50331648 extends beyond EOD, truncated
[  194.892440][T10805] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2283'.
[  194.961955][T10808] netlink: 'syz.6.2285': attribute type 10 has an invalid length.
[  195.310184][T10808] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2285'.
[  195.319654][T10808] tmpfs: Bad value for 'mpol'
[  195.345098][T10813] loop6: detected capacity change from 0 to 1024
[  195.352645][T10813] EXT4-fs: Ignoring removed orlov option
[  195.358419][T10813] EXT4-fs: dax option not supported
[  195.383398][T10817] loop6: detected capacity change from 0 to 512
[  195.390105][T10817] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  195.401012][T10817] EXT4-fs (loop6): 1 truncate cleaned up
[  195.403674][T10819] FAULT_INJECTION: forcing a failure.
[  195.403674][T10819] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.407271][T10817] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.419879][T10819] CPU: 1 UID: 0 PID: 10819 Comm: syz.0.2289 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  195.419910][T10819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  195.419928][T10819] Call Trace:
[  195.419936][T10819]  <TASK>
[  195.420015][T10819]  __dump_stack+0x1d/0x30
[  195.420042][T10819]  dump_stack_lvl+0xe8/0x140
[  195.420066][T10819]  dump_stack+0x15/0x1b
[  195.420174][T10819]  should_fail_ex+0x265/0x280
[  195.420200][T10819]  should_fail+0xb/0x20
[  195.420222][T10819]  should_fail_usercopy+0x1a/0x20
[  195.420241][T10819]  _copy_from_user+0x1c/0xb0
[  195.420305][T10819]  ___sys_sendmsg+0xc1/0x1d0
[  195.420350][T10819]  __x64_sys_sendmsg+0xd4/0x160
[  195.420381][T10819]  x64_sys_call+0x191e/0x2ff0
[  195.420484][T10819]  do_syscall_64+0xd2/0x200
[  195.420516][T10819]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  195.420571][T10819]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  195.420619][T10819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.420644][T10819] RIP: 0033:0x7fdb0080ebe9
[  195.420661][T10819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.420682][T10819] RSP: 002b:00007fdaff277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  195.420704][T10819] RAX: ffffffffffffffda RBX: 00007fdb00a35fa0 RCX: 00007fdb0080ebe9
[  195.420761][T10819] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[  195.420774][T10819] RBP: 00007fdaff277090 R08: 0000000000000000 R09: 0000000000000000
[  195.420789][T10819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.420803][T10819] R13: 00007fdb00a36038 R14: 00007fdb00a35fa0 R15: 00007ffc63b07c48
[  195.420826][T10819]  </TASK>
[  195.508492][T10825] process 'syz.2.2292' launched '/dev/fd/4' with NULL argv: empty string added
[  195.527842][T10826] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  195.536208][   T29] kauditd_printk_skb: 523 callbacks suppressed
[  195.536226][   T29] audit: type=1400 audit(1756466548.576:6403): avc:  denied  { execute_no_trans } for  pid=10823 comm="syz.2.2292" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1464 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  195.554258][T10826] syzkaller0: entered promiscuous mode
[  195.609966][   T29] audit: type=1400 audit(1756466548.596:6404): avc:  denied  { create } for  pid=10823 comm="syz.2.2292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  195.611822][T10826] syzkaller0: entered allmulticast mode
[  195.620516][   T29] audit: type=1400 audit(1756466548.596:6405): avc:  denied  { ioctl } for  pid=10823 comm="syz.2.2292" path="socket:[28841]" dev="sockfs" ino=28841 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  195.786157][T10831] loop7: detected capacity change from 0 to 1024
[  195.818403][T10831] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  195.876944][T10837] netlink: 'syz.0.2296': attribute type 10 has an invalid length.
[  195.913449][T10837] bridge0: entered promiscuous mode
[  195.921982][   T37] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  195.934493][   T37] EXT4-fs (loop7): This should not happen!! Data will be lost
[  195.934493][   T37] 
[  195.944129][   T37] EXT4-fs (loop7): Total free blocks count 0
[  195.950421][   T37] EXT4-fs (loop7): Free/Dirty block details
[  195.956612][   T37] EXT4-fs (loop7): free_blocks=20480
[  195.961998][   T37] EXT4-fs (loop7): dirty_blocks=64
[  195.967151][   T37] EXT4-fs (loop7): Block reservation details
[  195.973137][   T37] EXT4-fs (loop7): i_reserved_data_blocks=4
[  195.982612][T10837] $Hÿ: (slave bridge0): Enslaving as an active interface with an up link
[  196.066708][T10847] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10847 comm=syz.7.2298
[  196.122966][T10853] loop7: detected capacity change from 0 to 512
[  196.136920][T10853] ext4 filesystem being mounted at /291/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  196.178370][   T29] audit: type=1326 audit(1756466549.216:6406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.202095][   T29] audit: type=1326 audit(1756466549.216:6407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.256218][   T29] audit: type=1326 audit(1756466549.266:6408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.279759][   T29] audit: type=1326 audit(1756466549.266:6409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.303326][   T29] audit: type=1326 audit(1756466549.266:6410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.326925][   T29] audit: type=1326 audit(1756466549.276:6411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.350541][   T29] audit: type=1326 audit(1756466549.276:6412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.0.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0080ebe9 code=0x7ffc0000
[  196.454723][T10866] loop7: detected capacity change from 0 to 1024
[  196.469254][T10866] EXT4-fs: Ignoring removed orlov option
[  196.481532][T10866] EXT4-fs: dax option not supported
[  196.511746][T10872] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2311'.
[  196.537604][T10872] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2311'.
[  196.600360][T10879] syzkaller0: entered promiscuous mode
[  196.606069][T10879] syzkaller0: entered allmulticast mode
[  196.812637][T10890] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2317'.
[  196.838398][T10887] loop2: detected capacity change from 0 to 512
[  196.869105][T10890] netlink: 'syz.5.2317': attribute type 1 has an invalid length.
[  196.878159][T10890] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  196.895621][T10887] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  196.904042][T10887] EXT4-fs (loop2): orphan cleanup on readonly fs
[  196.915820][T10890] can0: slcan on ttyS3.
[  196.926056][T10887] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.2316: corrupted inode contents
[  196.940848][T10887] EXT4-fs (loop2): Remounting filesystem read-only
[  196.948571][T10887] EXT4-fs (loop2): 1 truncate cleaned up
[  196.957209][   T37] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  196.967814][   T37] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  196.978940][   T37] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  196.984410][T10890] can0 (unregistered): slcan off ttyS3.
[  197.006282][T10892] can0: slcan on ttyS3.
[  197.013884][T10890] netlink: 'syz.5.2317': attribute type 1 has an invalid length.
[  197.044455][T10889] can0 (unregistered): slcan off ttyS3.
[  197.046972][T10885] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=10885 comm=syz.6.2315
[  197.163848][T10903] loop7: detected capacity change from 0 to 1024
[  197.171000][T10903] EXT4-fs: Ignoring removed orlov option
[  197.177224][T10903] EXT4-fs: dax option not supported
[  197.367069][T10914] loop7: detected capacity change from 0 to 512
[  197.386195][T10914] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  197.394552][T10914] EXT4-fs (loop7): orphan cleanup on readonly fs
[  197.408088][T10914] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #16: comm syz.7.2326: corrupted inode contents
[  197.420297][T10914] EXT4-fs (loop7): Remounting filesystem read-only
[  197.427039][T10914] EXT4-fs (loop7): 1 truncate cleaned up
[  197.432938][   T37] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  197.443507][   T37] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  197.454281][   T37] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started
[  197.465872][T10921] SELinux: syz.0.2327 (10921) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  197.976463][T10937] random: crng reseeded on system resumption
[  198.030947][T10939] netlink: 'syz.6.2330': attribute type 1 has an invalid length.
[  198.047702][T10939] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  198.065403][T10939] can0: slcan on ttyS3.
[  198.094579][T10939] can0 (unregistered): slcan off ttyS3.
[  198.117707][T10935] can0: slcan on ttyS3.
[  198.149837][T10946] loop2: detected capacity change from 0 to 1024
[  198.158460][T10935] netlink: 'syz.6.2330': attribute type 1 has an invalid length.
[  198.197415][T10946] EXT4-fs: Ignoring removed orlov option
[  198.215467][T10946] EXT4-fs: dax option not supported
[  198.229747][T10953] syzkaller0: entered promiscuous mode
[  198.234529][T10934] can0 (unregistered): slcan off ttyS3.
[  198.235501][T10953] syzkaller0: entered allmulticast mode
[  198.333405][T10951] loop5: detected capacity change from 0 to 512
[  198.346616][T10951] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  198.354974][T10951] EXT4-fs (loop5): orphan cleanup on readonly fs
[  198.362470][T10951] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.2337: corrupted inode contents
[  198.376440][T10951] EXT4-fs (loop5): Remounting filesystem read-only
[  198.384349][T10951] EXT4-fs (loop5): 1 truncate cleaned up
[  198.419768][   T51] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  198.430377][   T51] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  198.441926][   T51] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  198.569252][T10965] random: crng reseeded on system resumption
[  198.701501][T10970] syzkaller0: entered promiscuous mode
[  198.707103][T10970] syzkaller0: entered allmulticast mode
[  199.133671][T10985] loop6: detected capacity change from 0 to 1024
[  199.157709][T10979] loop5: detected capacity change from 0 to 512
[  199.186665][T10979] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  199.194893][T10979] EXT4-fs (loop5): orphan cleanup on readonly fs
[  199.200221][T10985] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  199.203432][T10979] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.2348: corrupted inode contents
[  199.229054][T10979] EXT4-fs (loop5): Remounting filesystem read-only
[  199.242604][   T31] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  199.254905][   T31] EXT4-fs (loop6): This should not happen!! Data will be lost
[  199.254905][   T31] 
[  199.264569][   T31] EXT4-fs (loop6): Total free blocks count 0
[  199.270562][   T31] EXT4-fs (loop6): Free/Dirty block details
[  199.276486][   T31] EXT4-fs (loop6): free_blocks=20480
[  199.281829][   T31] EXT4-fs (loop6): dirty_blocks=64
[  199.286963][   T31] EXT4-fs (loop6): Block reservation details
[  199.292979][   T31] EXT4-fs (loop6): i_reserved_data_blocks=4
[  199.299382][T10979] EXT4-fs (loop5): 1 truncate cleaned up
[  199.306060][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  199.316687][   T31] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  199.325721][T10987] __nla_validate_parse: 18 callbacks suppressed
[  199.325738][T10987] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2351'.
[  199.327447][   T31] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  199.399352][T10996] loop6: detected capacity change from 0 to 8192
[  199.434454][T10996]  loop6: p1 p2[DM] p4
[  199.438792][T10996] loop6: p1 size 196608 extends beyond EOD, truncated
[  199.447903][T10996] loop6: p2 start 4292936063 is beyond EOD, truncated
[  199.454815][T10996] loop6: p4 size 50331648 extends beyond EOD, truncated
[  199.602257][T11001] loop6: detected capacity change from 0 to 512
[  199.615866][T11001] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  199.624869][T11001] EXT4-fs (loop6): orphan cleanup on readonly fs
[  199.633189][T11001] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.2354: corrupted inode contents
[  199.648403][T11001] EXT4-fs (loop6): Remounting filesystem read-only
[  199.655168][T11001] EXT4-fs (loop6): 1 truncate cleaned up
[  199.660963][   T31] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  199.671553][   T31] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  199.683811][   T31] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  199.734025][T11008] loop7: detected capacity change from 0 to 512
[  199.746211][T11008] ext4 filesystem being mounted at /309/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  199.937902][T10998] random: crng reseeded on system resumption
[  200.001368][T11015] loop2: detected capacity change from 0 to 1024
[  200.005608][T11018] loop5: detected capacity change from 0 to 512
[  200.028704][T11015] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  200.043995][T11018] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  200.052762][T11018] EXT4-fs (loop5): orphan cleanup on readonly fs
[  200.056064][T11018] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.2358: corrupted inode contents
[  200.056380][T11018] EXT4-fs (loop5): Remounting filesystem read-only
[  200.056519][T11018] EXT4-fs (loop5): 1 truncate cleaned up
[  200.078830][   T37] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  200.078855][   T37] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  200.078941][   T37] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  200.107689][ T3443] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  200.140343][ T3443] EXT4-fs (loop2): This should not happen!! Data will be lost
[  200.140343][ T3443] 
[  200.150130][ T3443] EXT4-fs (loop2): Total free blocks count 0
[  200.156216][ T3443] EXT4-fs (loop2): Free/Dirty block details
[  200.162140][ T3443] EXT4-fs (loop2): free_blocks=20480
[  200.167609][ T3443] EXT4-fs (loop2): dirty_blocks=64
[  200.172725][ T3443] EXT4-fs (loop2): Block reservation details
[  200.178718][ T3443] EXT4-fs (loop2): i_reserved_data_blocks=4
[  200.211344][T11029] loop7: detected capacity change from 0 to 1024
[  200.215080][T11031] loop2: detected capacity change from 0 to 1024
[  200.225459][T11031] EXT4-fs: Ignoring removed orlov option
[  200.231134][T11031] EXT4-fs: dax option not supported
[  200.237338][T11029] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  200.274192][   T31] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  200.286629][   T31] EXT4-fs (loop7): This should not happen!! Data will be lost
[  200.286629][   T31] 
[  200.296541][   T31] EXT4-fs (loop7): Total free blocks count 0
[  200.301337][T11037] loop2: detected capacity change from 0 to 512
[  200.302701][   T31] EXT4-fs (loop7): Free/Dirty block details
[  200.311584][T11037] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  200.314714][   T31] EXT4-fs (loop7): free_blocks=20480
[  200.314730][   T31] EXT4-fs (loop7): dirty_blocks=64
[  200.314773][   T31] EXT4-fs (loop7): Block reservation details
[  200.314784][   T31] EXT4-fs (loop7): i_reserved_data_blocks=4
[  200.355175][T11037] EXT4-fs (loop2): 1 truncate cleaned up
[  200.373036][T11040] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2365'.
[  200.386705][T11042] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2367'.
[  200.425972][T11047] netlink: 'syz.7.2365': attribute type 1 has an invalid length.
[  200.434947][T11047] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  200.450152][T11048] netlink: 'syz.6.2367': attribute type 1 has an invalid length.
[  200.459109][T11048] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  200.476076][T11040] can0: slcan on ttyS3.
[  200.524410][T11048] can0 (unregistered): slcan off ttyS3.
[  200.534031][T11047] netlink: 'syz.7.2365': attribute type 1 has an invalid length.
[  200.534104][T11040] can0: slcan on ttyS3.
[  200.541866][T11047] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2365'.
[  200.563677][T11042] netlink: 'syz.6.2367': attribute type 1 has an invalid length.
[  200.571478][T11042] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2367'.
[  200.571772][T11052] loop2: detected capacity change from 0 to 8192
[  200.580648][   T29] kauditd_printk_skb: 209 callbacks suppressed
[  200.580664][   T29] audit: type=1326 audit(1756466553.606:6586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f17f637ec77 code=0x7ffc0000
[  200.616513][   T29] audit: type=1326 audit(1756466553.606:6587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17f637d550 code=0x7ffc0000
[  200.640080][   T29] audit: type=1326 audit(1756466553.606:6588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17f637e7eb code=0x7ffc0000
[  200.667632][   T29] audit: type=1326 audit(1756466553.626:6589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f17f637d84a code=0x7ffc0000
[  200.691010][   T29] audit: type=1326 audit(1756466553.626:6590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17f637e7eb code=0x7ffc0000
[  200.714408][   T29] audit: type=1326 audit(1756466553.626:6591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17f637e7eb code=0x7ffc0000
[  200.764777][T11052]  loop2: p1 p2[DM] p4
[  200.768939][T11052] loop2: p1 size 196608 extends beyond EOD, truncated
[  200.775842][T11041] can0 (unregistered): slcan off ttyS3.
[  200.784733][T11052] loop2: p2 start 4292936063 is beyond EOD, truncated
[  200.791541][T11052] loop2: p4 size 50331648 extends beyond EOD, truncated
[  200.801278][   T29] audit: type=1326 audit(1756466553.836:6592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f17f637d3fa code=0x7ffc0000
[  200.824933][   T29] audit: type=1326 audit(1756466553.836:6593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f17f637e167 code=0x7ffc0000
[  200.848507][   T29] audit: type=1326 audit(1756466553.836:6594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f17f637d3fa code=0x7ffc0000
[  200.872022][   T29] audit: type=1326 audit(1756466553.836:6595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11051 comm="syz.2.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f17f637d3fa code=0x7ffc0000
[  200.957092][T11061] loop6: detected capacity change from 0 to 1024
[  200.973682][T11064] loop2: detected capacity change from 0 to 1024
[  200.982487][T11064] EXT4-fs: Ignoring removed orlov option
[  200.988270][T11064] EXT4-fs: dax option not supported
[  200.991456][T11061] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  201.030175][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2377'.
[  201.092882][T11072] netlink: 'syz.2.2377': attribute type 1 has an invalid length.
[  201.108517][T11072] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  201.125321][ T3443] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  201.137703][ T3443] EXT4-fs (loop6): This should not happen!! Data will be lost
[  201.137703][ T3443] 
[  201.147362][ T3443] EXT4-fs (loop6): Total free blocks count 0
[  201.153448][ T3443] EXT4-fs (loop6): Free/Dirty block details
[  201.159361][ T3443] EXT4-fs (loop6): free_blocks=20480
[  201.164713][ T3443] EXT4-fs (loop6): dirty_blocks=64
[  201.169834][ T3443] EXT4-fs (loop6): Block reservation details
[  201.175835][ T3443] EXT4-fs (loop6): i_reserved_data_blocks=4
[  201.186042][T11069] can0: slcan on ttyS3.
[  201.243888][T11072] netlink: 'syz.2.2377': attribute type 1 has an invalid length.
[  201.251672][T11072] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2377'.
[  201.274534][T11069] can0 (unregistered): slcan off ttyS3.
[  201.323366][T11076] loop6: detected capacity change from 0 to 512
[  201.349079][T11076] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  201.369691][T11076] EXT4-fs (loop6): orphan cleanup on readonly fs
[  201.389372][T11076] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.2378: corrupted inode contents
[  201.413275][T11076] EXT4-fs (loop6): Remounting filesystem read-only
[  201.424674][T11076] EXT4-fs (loop6): 1 truncate cleaned up
[  201.430591][ T3443] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  201.441145][ T3443] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  201.484035][T11082] FAULT_INJECTION: forcing a failure.
[  201.484035][T11082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  201.497137][T11082] CPU: 0 UID: 0 PID: 11082 Comm: syz.2.2380 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  201.497163][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  201.497174][T11082] Call Trace:
[  201.497180][T11082]  <TASK>
[  201.497187][T11082]  __dump_stack+0x1d/0x30
[  201.497253][T11082]  dump_stack_lvl+0xe8/0x140
[  201.497276][T11082]  dump_stack+0x15/0x1b
[  201.497302][T11082]  should_fail_ex+0x265/0x280
[  201.497400][T11082]  should_fail+0xb/0x20
[  201.497421][T11082]  should_fail_usercopy+0x1a/0x20
[  201.497447][T11082]  _copy_from_iter+0xd2/0xe80
[  201.497478][T11082]  ? __build_skb_around+0x1a0/0x200
[  201.497520][T11082]  ? __alloc_skb+0x223/0x320
[  201.497551][T11082]  netlink_sendmsg+0x471/0x6b0
[  201.497597][T11082]  ? __pfx_netlink_sendmsg+0x10/0x10
[  201.497621][T11082]  __sock_sendmsg+0x145/0x180
[  201.497654][T11082]  ____sys_sendmsg+0x31e/0x4e0
[  201.497686][T11082]  ___sys_sendmsg+0x17b/0x1d0
[  201.497728][T11082]  __x64_sys_sendmsg+0xd4/0x160
[  201.497760][T11082]  x64_sys_call+0x191e/0x2ff0
[  201.497803][T11082]  do_syscall_64+0xd2/0x200
[  201.497833][T11082]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  201.497861][T11082]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  201.497893][T11082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.497966][T11082] RIP: 0033:0x7f17f637ebe9
[  201.497994][T11082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.498012][T11082] RSP: 002b:00007f17f4de7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  201.498029][T11082] RAX: ffffffffffffffda RBX: 00007f17f65a5fa0 RCX: 00007f17f637ebe9
[  201.498117][T11082] RDX: 00000000000440d4 RSI: 0000200000004bc0 RDI: 0000000000000007
[  201.498133][T11082] RBP: 00007f17f4de7090 R08: 0000000000000000 R09: 0000000000000000
[  201.498148][T11082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.498162][T11082] R13: 00007f17f65a6038 R14: 00007f17f65a5fa0 R15: 00007ffc68d11588
[  201.498185][T11082]  </TASK>
[  201.520350][ T3443] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  201.864800][T11076] EXT4-fs mount: 29 callbacks suppressed
[  201.864835][T11076] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  201.895022][T11076] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.004548][T11088] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2383'.
[  202.112596][T11096] netlink: 'syz.2.2385': attribute type 10 has an invalid length.
[  202.122988][T11092] netlink: 'syz.6.2384': attribute type 10 has an invalid length.
[  202.132215][T11096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'.
[  202.143476][T11092] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2384'.
[  202.151992][T11096] tmpfs: Bad value for 'mpol'
[  202.166788][T11092] tmpfs: Bad value for 'mpol'
[  202.200604][T11102] loop7: detected capacity change from 0 to 256
[  202.208237][T11104] loop6: detected capacity change from 0 to 1024
[  202.219150][T11102] msdos: Bad value for 'uid'
[  202.223779][T11102] msdos: Bad value for 'uid'
[  202.224803][T11104] EXT4-fs: Ignoring removed orlov option
[  202.232159][T11102] 9pnet_fd: Insufficient options for proto=fd
[  202.242402][T11104] EXT4-fs: dax option not supported
[  202.245197][T11102] loop7: detected capacity change from 0 to 512
[  202.254591][T11102] EXT4-fs: Ignoring removed orlov option
[  202.260702][T11102] EXT4-fs: Ignoring removed nomblk_io_submit option
[  202.267419][T11102] ext4: Unknown parameter 'fsname'
[  202.276710][T11106] loop2: detected capacity change from 0 to 512
[  202.284065][T11106] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  202.307881][T11106] EXT4-fs (loop2): 1 truncate cleaned up
[  202.314081][T11106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.349282][T11114] loop5: detected capacity change from 0 to 1024
[  202.373532][T11114] EXT4-fs: Ignoring removed orlov option
[  202.382340][T11114] EXT4-fs: dax option not supported
[  202.433685][T11117] loop5: detected capacity change from 0 to 1024
[  202.440496][T11117] EXT4-fs: Ignoring removed orlov option
[  202.446379][T11117] EXT4-fs: dax option not supported
[  202.603810][T11113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=11113 comm=syz.6.2391
[  202.718620][T11128] tmpfs: Bad value for 'mpol'
[  202.838774][T11137] loop6: detected capacity change from 0 to 256
[  202.861067][T11137] msdos: Bad value for 'uid'
[  202.865747][T11137] msdos: Bad value for 'uid'
[  202.907510][T11137] 9pnet_fd: Insufficient options for proto=fd
[  202.929216][T11137] loop6: detected capacity change from 0 to 512
[  202.940816][T11137] EXT4-fs: Ignoring removed orlov option
[  202.964334][T11137] EXT4-fs: Ignoring removed nomblk_io_submit option
[  202.971074][T11137] ext4: Unknown parameter 'fsname'
[  203.067940][T11144] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  203.077371][T11144] tipc: Resetting bearer <eth:syzkaller0>
[  203.085455][T11143] tipc: Disabling bearer <eth:syzkaller0>
[  203.123459][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.300717][T11160] SELinux: syz.6.2407 (11160) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  203.328548][T11148] loop7: detected capacity change from 0 to 512
[  203.372022][T11166] validate_nla: 2 callbacks suppressed
[  203.372098][T11166] netlink: 'syz.2.2409': attribute type 1 has an invalid length.
[  203.391008][T11148] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  203.400854][T11148] EXT4-fs (loop7): orphan cleanup on readonly fs
[  203.409995][T11166] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  203.432543][T11162] can0: slcan on ttyS3.
[  203.432547][T11170] loop5: detected capacity change from 0 to 512
[  203.442781][T11148] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #16: comm syz.7.2406: corrupted inode contents
[  203.443520][T11170] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  203.470161][T11170] EXT4-fs (loop5): 1 truncate cleaned up
[  203.478476][T11170] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.491595][T11148] EXT4-fs (loop7): Remounting filesystem read-only
[  203.501367][T11148] EXT4-fs (loop7): 1 truncate cleaned up
[  203.507224][T11162] can0 (unregistered): slcan off ttyS3.
[  203.516601][T11162] can0: slcan on ttyS3.
[  203.523720][ T1862] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  203.525042][T11162] netlink: 'syz.2.2409': attribute type 1 has an invalid length.
[  203.534320][ T1862] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  203.564426][ T1862] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started
[  203.575424][T11148] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  203.588472][T11148] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.634399][T11161] can0 (unregistered): slcan off ttyS3.
[  203.706705][T11174] loop2: detected capacity change from 0 to 256
[  203.751839][T11174] msdos: Bad value for 'uid'
[  203.756503][T11174] msdos: Bad value for 'uid'
[  203.786421][T11174] 9pnet_fd: Insufficient options for proto=fd
[  203.827650][T11174] loop2: detected capacity change from 0 to 512
[  203.855174][T11174] EXT4-fs: Ignoring removed orlov option
[  203.874412][T11174] EXT4-fs: Ignoring removed nomblk_io_submit option
[  203.888947][T11174] ext4: Unknown parameter 'fsname'
[  204.486514][T11186] __nla_validate_parse: 4 callbacks suppressed
[  204.486532][T11186] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2417'.
[  204.501981][T11186] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  204.582318][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.708427][T11197] loop5: detected capacity change from 0 to 1024
[  204.723099][T11199] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2422'.
[  204.735889][T11197] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.759510][T11197] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  204.785868][T11202] netlink: 'syz.0.2422': attribute type 1 has an invalid length.
[  204.793736][T11202] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  204.809293][   T37] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  204.821629][   T37] EXT4-fs (loop5): This should not happen!! Data will be lost
[  204.821629][   T37] 
[  204.831469][   T37] EXT4-fs (loop5): Total free blocks count 0
[  204.837535][   T37] EXT4-fs (loop5): Free/Dirty block details
[  204.843430][   T37] EXT4-fs (loop5): free_blocks=20480
[  204.848751][   T37] EXT4-fs (loop5): dirty_blocks=64
[  204.853866][   T37] EXT4-fs (loop5): Block reservation details
[  204.859854][   T37] EXT4-fs (loop5): i_reserved_data_blocks=4
[  204.875807][T11199] can0: slcan on ttyS3.
[  204.881053][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.908684][T11206] loop5: detected capacity change from 0 to 1024
[  204.924465][T11199] can0 (unregistered): slcan off ttyS3.
[  204.932475][T11199] can0: slcan on ttyS3.
[  204.938179][T11206] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.938689][T11199] netlink: 'syz.0.2422': attribute type 1 has an invalid length.
[  204.958052][T11199] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2422'.
[  204.985706][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.004854][T11213] loop5: detected capacity change from 0 to 1024
[  205.011448][T11213] EXT4-fs: Ignoring removed orlov option
[  205.017257][T11213] EXT4-fs: dax option not supported
[  205.022625][T11198] can0 (unregistered): slcan off ttyS3.
[  205.032080][T11214] loop2: detected capacity change from 0 to 512
[  205.046656][T11214] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  205.054993][T11214] EXT4-fs (loop2): orphan cleanup on readonly fs
[  205.062623][T11214] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.2425: corrupted inode contents
[  205.074731][T11214] EXT4-fs (loop2): Remounting filesystem read-only
[  205.081406][T11214] EXT4-fs (loop2): 1 truncate cleaned up
[  205.087459][   T37] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  205.098062][   T37] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  205.111783][   T37] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  205.112488][T11220] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11220 comm=syz.0.2428
[  205.122397][T11214] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  205.149284][T11214] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.541965][T11234] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2433'.
[  205.698374][T11240] loop7: detected capacity change from 0 to 512
[  205.728250][T11240] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.753584][T11240] ext4 filesystem being mounted at /326/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  205.866504][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.916381][T11246] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2438'.
[  205.976596][T11248] netlink: 'syz.7.2438': attribute type 1 has an invalid length.
[  206.037534][T11248] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  206.075015][T11250] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=11250 comm=syz.2.2437
[  206.096615][T11246] can0: slcan on ttyS3.
[  206.104850][T11251] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11251 comm=syz.0.2439
[  206.144436][T11248] can0 (unregistered): slcan off ttyS3.
[  206.154891][T11246] can0: slcan on ttyS3.
[  206.169103][T11246] netlink: 'syz.7.2438': attribute type 1 has an invalid length.
[  206.176880][T11246] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2438'.
[  206.244589][T11245] can0 (unregistered): slcan off ttyS3.
[  206.280701][T11256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2441'.
[  206.289749][T11260] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  206.307878][T11260] tipc: Resetting bearer <eth:syzkaller0>
[  206.314756][T11264] loop2: detected capacity change from 0 to 512
[  206.321867][T11264] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  206.351457][T11264] EXT4-fs (loop2): 1 truncate cleaned up
[  206.360168][T11256] netlink: 'syz.0.2441': attribute type 1 has an invalid length.
[  206.367980][T11256] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  206.370445][T11264] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.390915][T11265] can0: slcan on ttyS3.
[  206.416713][T11259] tipc: Disabling bearer <eth:syzkaller0>
[  206.465309][T11265] can0 (unregistered): slcan off ttyS3.
[  206.473336][T11256] can0: slcan on ttyS3.
[  206.506263][T11265] netlink: 'syz.0.2441': attribute type 1 has an invalid length.
[  206.514082][T11265] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2441'.
[  206.634456][T11255] can0 (unregistered): slcan off ttyS3.
[  206.780565][T11282] loop7: detected capacity change from 0 to 512
[  206.797171][T11282] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  206.817012][T11282] EXT4-fs (loop7): 1 truncate cleaned up
[  206.823260][T11282] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.359170][T11268] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=11268 comm=syz.5.2446
[  207.476991][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.503293][   T29] kauditd_printk_skb: 489 callbacks suppressed
[  207.503310][   T29] audit: type=1326 audit(1756466560.536:7067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c8fe6ebe9 code=0x7ffc0000
[  207.567509][   T29] audit: type=1326 audit(1756466560.576:7068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6c8fe6ebe9 code=0x7ffc0000
[  207.591085][   T29] audit: type=1326 audit(1756466560.576:7069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6c8fe6ec23 code=0x7ffc0000
[  207.614668][   T29] audit: type=1326 audit(1756466560.596:7070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6c8fe6d69f code=0x7ffc0000
[  207.652713][T11289] loop5: detected capacity change from 0 to 8192
[  207.667703][   T29] audit: type=1326 audit(1756466560.686:7071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f6c8fe6ec77 code=0x7ffc0000
[  207.691225][   T29] audit: type=1326 audit(1756466560.686:7072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6c8fe6d550 code=0x7ffc0000
[  207.714742][   T29] audit: type=1326 audit(1756466560.686:7073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6c8fe6e7eb code=0x7ffc0000
[  207.738215][   T29] audit: type=1326 audit(1756466560.696:7074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6c8fe6d84a code=0x7ffc0000
[  207.761661][   T29] audit: type=1326 audit(1756466560.696:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6c8fe6e7eb code=0x7ffc0000
[  207.785252][   T29] audit: type=1326 audit(1756466560.696:7076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.5.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6c8fe6e7eb code=0x7ffc0000
[  207.810160][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.819753][T11289]  loop5: p1 p2[DM] p4
[  207.823879][T11289] loop5: p1 size 196608 extends beyond EOD, truncated
[  207.831211][T11289] loop5: p2 start 4292936063 is beyond EOD, truncated
[  207.838029][T11289] loop5: p4 size 50331648 extends beyond EOD, truncated
[  207.859396][T11302] loop7: detected capacity change from 0 to 512
[  207.867589][T11302] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  207.878522][T11302] EXT4-fs (loop7): 1 truncate cleaned up
[  207.884872][T11302] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.939687][T11310] loop5: detected capacity change from 0 to 256
[  207.947203][T11310] msdos: Bad value for 'uid'
[  207.951830][T11310] msdos: Bad value for 'uid'
[  207.961939][T11310] 9pnet_fd: Insufficient options for proto=fd
[  207.993891][T11313] loop5: detected capacity change from 0 to 1024
[  208.006832][T11313] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  208.028381][T11313] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  208.063202][   T31] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  208.075518][   T31] EXT4-fs (loop5): This should not happen!! Data will be lost
[  208.075518][   T31] 
[  208.085215][   T31] EXT4-fs (loop5): Total free blocks count 0
[  208.091282][   T31] EXT4-fs (loop5): Free/Dirty block details
[  208.097198][   T31] EXT4-fs (loop5): free_blocks=20480
[  208.102548][   T31] EXT4-fs (loop5): dirty_blocks=64
[  208.107681][   T31] EXT4-fs (loop5): Block reservation details
[  208.113749][   T31] EXT4-fs (loop5): i_reserved_data_blocks=4
[  208.120942][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.353309][T11319] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2464'.
[  208.512604][T11327] loop5: detected capacity change from 0 to 8192
[  208.557680][T11331] netlink: 'syz.6.2469': attribute type 10 has an invalid length.
[  208.566188][T11327]  loop5: p1 p2[DM] p4
[  208.570445][T11327] loop5: p1 size 196608 extends beyond EOD, truncated
[  208.579155][T11331] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2469'.
[  208.588729][T11331] tmpfs: Bad value for 'mpol'
[  208.594200][T11327] loop5: p2 start 4292936063 is beyond EOD, truncated
[  208.601023][T11327] loop5: p4 size 50331648 extends beyond EOD, truncated
[  208.759002][T11345] syz.5.2473 uses obsolete (PF_INET,SOCK_PACKET)
[  209.360603][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.417240][T11358] loop7: detected capacity change from 0 to 1024
[  209.449401][T11358] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.459746][T11360] netlink: 'syz.6.2481': attribute type 10 has an invalid length.
[  209.471369][T11360] tmpfs: Bad value for 'mpol'
[  209.531158][T11358] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  209.531608][T11368] loop6: detected capacity change from 0 to 8192
[  209.585029][T11368]  loop6: p1 p2[DM] p4
[  209.589185][T11368] loop6: p1 size 196608 extends beyond EOD, truncated
[  209.612563][T11374] FAULT_INJECTION: forcing a failure.
[  209.612563][T11374] name failslab, interval 1, probability 0, space 0, times 0
[  209.625357][T11374] CPU: 1 UID: 0 PID: 11374 Comm: syz.0.2486 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  209.625424][T11374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  209.625436][T11374] Call Trace:
[  209.625442][T11374]  <TASK>
[  209.625449][T11374]  __dump_stack+0x1d/0x30
[  209.625470][T11374]  dump_stack_lvl+0xe8/0x140
[  209.625566][T11374]  dump_stack+0x15/0x1b
[  209.625587][T11374]  should_fail_ex+0x265/0x280
[  209.625611][T11374]  should_failslab+0x8c/0xb0
[  209.625634][T11374]  kmem_cache_alloc_node_noprof+0x57/0x320
[  209.625662][T11374]  ? __alloc_skb+0x101/0x320
[  209.625720][T11374]  __alloc_skb+0x101/0x320
[  209.625743][T11374]  netlink_alloc_large_skb+0xba/0xf0
[  209.625839][T11374]  netlink_sendmsg+0x3cf/0x6b0
[  209.625863][T11374]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.625889][T11374]  __sock_sendmsg+0x145/0x180
[  209.625941][T11374]  ____sys_sendmsg+0x31e/0x4e0
[  209.625973][T11374]  ___sys_sendmsg+0x17b/0x1d0
[  209.626009][T11374]  __x64_sys_sendmsg+0xd4/0x160
[  209.626035][T11374]  x64_sys_call+0x191e/0x2ff0
[  209.626124][T11374]  do_syscall_64+0xd2/0x200
[  209.626155][T11374]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  209.626186][T11374]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  209.626263][T11374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.626289][T11374] RIP: 0033:0x7fdb0080ebe9
[  209.626307][T11374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.626390][T11374] RSP: 002b:00007fdaff277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.626409][T11374] RAX: ffffffffffffffda RBX: 00007fdb00a35fa0 RCX: 00007fdb0080ebe9
[  209.626422][T11374] RDX: 0000000004000000 RSI: 0000200000000100 RDI: 0000000000000006
[  209.626437][T11374] RBP: 00007fdaff277090 R08: 0000000000000000 R09: 0000000000000000
[  209.626451][T11374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.626466][T11374] R13: 00007fdb00a36038 R14: 00007fdb00a35fa0 R15: 00007ffc63b07c48
[  209.626490][T11374]  </TASK>
[  209.695730][T11368] loop6: p2 start 4292936063 is beyond EOD, 
[  209.772775][ T1862] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  209.783271][T11368] truncated
[  209.783301][T11368] loop6: p4 size 50331648 extends beyond EOD, 
[  209.791750][ T1862] EXT4-fs (loop7): This should not happen!! Data will be lost
[  209.791750][ T1862] 
[  209.799742][T11368] truncated
[  209.807755][ T1862] EXT4-fs (loop7): Total free blocks count 0
[  209.845242][T11378] loop2: detected capacity change from 0 to 1024
[  209.853304][ T1862] EXT4-fs (loop7): Free/Dirty block details
[  209.893716][ T1862] EXT4-fs (loop7): free_blocks=20480
[  209.899030][ T1862] EXT4-fs (loop7): dirty_blocks=64
[  209.904160][ T1862] EXT4-fs (loop7): Block reservation details
[  209.910669][ T1862] EXT4-fs (loop7): i_reserved_data_blocks=4
[  209.937397][T11378] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.939083][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.970696][T11378] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  210.003626][T11389] netlink: 'syz.6.2493': attribute type 10 has an invalid length.
[  210.013676][T11394] netlink: 'syz.7.2488': attribute type 1 has an invalid length.
[  210.014354][T11389] __nla_validate_parse: 5 callbacks suppressed
[  210.014372][T11389] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2493'.
[  210.038126][T11389] tmpfs: Bad value for 'mpol'
[  210.056883][ T3443] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  210.069214][ T3443] EXT4-fs (loop2): This should not happen!! Data will be lost
[  210.069214][ T3443] 
[  210.078877][ T3443] EXT4-fs (loop2): Total free blocks count 0
[  210.084883][ T3443] EXT4-fs (loop2): Free/Dirty block details
[  210.090889][ T3443] EXT4-fs (loop2): free_blocks=20480
[  210.096250][ T3443] EXT4-fs (loop2): dirty_blocks=64
[  210.101366][ T3443] EXT4-fs (loop2): Block reservation details
[  210.107441][ T3443] EXT4-fs (loop2): i_reserved_data_blocks=4
[  210.122589][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.123024][T11399] ipvlan2: entered promiscuous mode
[  210.143471][T11401] loop5: detected capacity change from 0 to 512
[  210.157845][T11394] loop7: detected capacity change from 0 to 1024
[  210.166563][T11394] ext2: Unknown parameter 'uid<00000000000000000000'
[  210.176459][T11401] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  210.191282][T11394] loop7: detected capacity change from 0 to 512
[  210.193483][T11401] EXT4-fs (loop5): 1 truncate cleaned up
[  210.198605][T11394] ext4: Unknown parameter 'fowner'
[  210.219284][T11401] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.999784][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.024629][T11425] loop5: detected capacity change from 0 to 512
[  211.033831][T11425] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  211.048265][T11425] EXT4-fs (loop5): 1 truncate cleaned up
[  211.055998][T11425] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.135868][T11423] netlink: 'syz.6.2501': attribute type 10 has an invalid length.
[  211.168716][T11433] loop2: detected capacity change from 0 to 8192
[  211.224834][T11433]  loop2: p1 p2[DM] p4
[  211.229364][T11433] loop2: p1 size 196608 extends beyond EOD, truncated
[  211.241933][T11433] loop2: p2 start 4292936063 is beyond EOD, truncated
[  211.248770][T11433] loop2: p4 size 50331648 extends beyond EOD, truncated
[  211.321122][T11440] loop2: detected capacity change from 0 to 512
[  211.328442][T11440] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  211.349126][T11440] EXT4-fs (loop2): 1 truncate cleaned up
[  211.361265][T11440] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.437593][T11443] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2505'.
[  211.488373][T11443] netlink: 'syz.6.2505': attribute type 1 has an invalid length.
[  211.498186][T11443] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  211.522152][T11443] can0: slcan on ttyS3.
[  211.579640][T11445] netlink: 'syz.6.2505': attribute type 1 has an invalid length.
[  211.584496][T11443] can0 (unregistered): slcan off ttyS3.
[  211.587483][T11445] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2505'.
[  211.724573][T11453] loop6: detected capacity change from 0 to 512
[  211.737809][T11453] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.751185][T11453] ext4 filesystem being mounted at /440/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  211.861227][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.881167][T11447] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2506'.
[  211.918730][T11463] loop6: detected capacity change from 0 to 512
[  211.941735][T11463] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  211.967445][T11463] EXT4-fs (loop6): 1 truncate cleaned up
[  211.973516][T11463] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  212.008635][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.039634][T11470] syzkaller0: entered promiscuous mode
[  212.045351][T11470] syzkaller0: entered allmulticast mode
[  212.076100][T11473] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2512'.
[  212.222803][T11482] loop5: detected capacity change from 0 to 512
[  212.229620][T11484] loop7: detected capacity change from 0 to 256
[  212.256381][T11482] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  212.256794][T11484] msdos: Bad value for 'uid'
[  212.269254][T11484] msdos: Bad value for 'uid'
[  212.281441][T11482] EXT4-fs (loop5): orphan cleanup on readonly fs
[  212.297858][T11482] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.2516: corrupted inode contents
[  212.301713][T11484] 9pnet_fd: Insufficient options for proto=fd
[  212.337475][T11482] EXT4-fs (loop5): Remounting filesystem read-only
[  212.358620][T11482] EXT4-fs (loop5): 1 truncate cleaned up
[  212.365088][ T3443] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  212.375696][ T3443] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  212.399205][ T3443] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  212.413495][T11482] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  212.416199][T11492] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2520'.
[  212.439274][T11482] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.497365][T11497] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2520'.
[  212.513458][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.576132][   T29] kauditd_printk_skb: 721 callbacks suppressed
[  212.576149][   T29] audit: type=1326 audit(1756466565.616:7792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.636985][   T29] audit: type=1326 audit(1756466565.646:7793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.660473][   T29] audit: type=1326 audit(1756466565.646:7794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.684006][   T29] audit: type=1326 audit(1756466565.646:7795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.707559][   T29] audit: type=1326 audit(1756466565.646:7796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.731111][   T29] audit: type=1326 audit(1756466565.646:7797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.754772][   T29] audit: type=1326 audit(1756466565.646:7798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.778267][   T29] audit: type=1326 audit(1756466565.646:7799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.801843][   T29] audit: type=1326 audit(1756466565.646:7800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.825335][   T29] audit: type=1326 audit(1756466565.656:7801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11504 comm="syz.2.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17f637ebe9 code=0x7ffc0000
[  212.865640][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.897933][T11516] loop2: detected capacity change from 0 to 256
[  212.905269][T11516] msdos: Bad value for 'uid'
[  212.909868][T11516] msdos: Bad value for 'uid'
[  212.917959][T11516] 9pnet_fd: Insufficient options for proto=fd
[  212.958056][T11522] loop5: detected capacity change from 0 to 256
[  212.965723][T11522] msdos: Bad value for 'uid'
[  212.970331][T11522] msdos: Bad value for 'uid'
[  212.979455][T11522] 9pnet_fd: Insufficient options for proto=fd
[  212.991373][T11522] loop5: detected capacity change from 0 to 512
[  212.999856][T11522] EXT4-fs: Ignoring removed orlov option
[  213.006577][T11522] EXT4-fs: Ignoring removed nomblk_io_submit option
[  213.013304][T11522] ext4: Unknown parameter 'fsname'
[  213.042618][T11527] loop5: detected capacity change from 0 to 512
[  213.052856][T11528] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2529'.
[  213.087276][T11527] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.106959][T11527] ext4 filesystem being mounted at /393/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  213.155061][T11539] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2538'.
[  213.202908][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.206158][T11539] netlink: 'syz.6.2538': attribute type 1 has an invalid length.
[  213.235435][T11539] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  213.264988][T11539] can0: slcan on ttyS3.
[  213.310514][T11548] loop7: detected capacity change from 0 to 512
[  213.318924][T11548] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  213.321109][T11549] netlink: 'syz.6.2538': attribute type 1 has an invalid length.
[  213.336566][T11549] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2538'.
[  213.351472][T11551] loop5: detected capacity change from 0 to 256
[  213.354976][T11539] can0 (unregistered): slcan off ttyS3.
[  213.364707][T11551] msdos: Bad value for 'uid'
[  213.369335][T11551] msdos: Bad value for 'uid'
[  213.371708][T11548] EXT4-fs (loop7): 1 truncate cleaned up
[  213.378426][T11551] 9pnet_fd: Insufficient options for proto=fd
[  213.384924][T11548] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.439417][T11556] loop5: detected capacity change from 0 to 256
[  213.455234][T11556] msdos: Bad value for 'uid'
[  213.459952][T11556] msdos: Bad value for 'uid'
[  213.468084][T11556] 9pnet_fd: Insufficient options for proto=fd
[  213.480623][T11556] loop5: detected capacity change from 0 to 512
[  213.487723][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.497313][T11556] EXT4-fs: Ignoring removed orlov option
[  213.503230][T11556] EXT4-fs: Ignoring removed nomblk_io_submit option
[  213.528514][T11556] ext4: Unknown parameter 'fsname'
[  213.591459][T11568] loop6: detected capacity change from 0 to 512
[  213.611979][T11571] loop2: detected capacity change from 0 to 512
[  213.717400][T11574] loop7: detected capacity change from 0 to 256
[  213.727750][T11574] msdos: Bad value for 'uid'
[  213.732394][T11574] msdos: Bad value for 'uid'
[  213.743773][T11571] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.763755][T11568] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.792405][T11574] 9pnet_fd: Insufficient options for proto=fd
[  213.799139][T11571] ext4 filesystem being mounted at /514/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  213.809498][T11568] ext4 filesystem being mounted at /447/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  213.888594][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.902264][ T4584] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.961042][T11586] netlink: 'syz.2.2557': attribute type 10 has an invalid length.
[  213.974812][T11586] tmpfs: Bad value for 'mpol'
[  214.002030][T11602] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  214.200803][T11614] loop2: detected capacity change from 0 to 512
[  214.216030][T11614] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  214.224626][T11614] EXT4-fs (loop2): orphan cleanup on readonly fs
[  214.232601][T11614] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.2566: corrupted inode contents
[  214.244871][T11614] EXT4-fs (loop2): Remounting filesystem read-only
[  214.251562][T11614] EXT4-fs (loop2): 1 truncate cleaned up
[  214.257376][ T3443] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  214.268046][ T3443] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  214.282092][ T3443] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  214.294050][T11614] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  214.309460][T11614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.774164][T11629] netlink: 'syz.7.2570': attribute type 10 has an invalid length.
[  214.890495][T11635] netlink: 'syz.7.2572': attribute type 1 has an invalid length.
[  214.907606][T11635] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  214.943513][T11635] can0: slcan on ttyS3.
[  214.988422][T11641] netlink: 'syz.2.2575': attribute type 10 has an invalid length.
[  215.008344][T11641] tmpfs: Bad value for 'mpol'
[  215.014441][T11635] can0 (unregistered): slcan off ttyS3.
[  215.040652][T11646] can0: slcan on ttyS3.
[  215.079359][T11635] netlink: 'syz.7.2572': attribute type 1 has an invalid length.
[  215.087192][T11635] __nla_validate_parse: 4 callbacks suppressed
[  215.087209][T11635] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2572'.
[  215.151187][T11652] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  215.204434][T11634] can0 (unregistered): slcan off ttyS3.
[  215.295897][T11664] netlink: 'syz.2.2582': attribute type 10 has an invalid length.
[  215.331107][T11677] loop2: detected capacity change from 0 to 512
[  215.341598][T11677] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  215.356472][T11677] EXT4-fs (loop2): 1 truncate cleaned up
[  215.367758][T11677] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.395029][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.480967][T11684] netlink: 'syz.2.2587': attribute type 10 has an invalid length.
[  215.491146][T11684] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2587'.
[  215.504725][T11684] tmpfs: Bad value for 'mpol'
[  215.593910][T11697] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  215.675352][T11691] loop5: detected capacity change from 0 to 8192
[  215.724540][T11691]  loop5: p1 p2[DM] p4
[  215.729026][T11691] loop5: p1 size 196608 extends beyond EOD, truncated
[  215.766527][T11691] loop5: p2 start 4292936063 is beyond EOD, truncated
[  215.773449][T11691] loop5: p4 size 50331648 extends beyond EOD, truncated
[  215.842516][T11708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2594'.
[  215.863354][T11709] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=11709 comm=syz.7.2590
[  215.946362][T11708] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2594'.
[  216.069677][T11723] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2598'.
[  216.108693][T11719] netlink: 'syz.5.2597': attribute type 10 has an invalid length.
[  216.118020][T11723] netlink: 'syz.7.2598': attribute type 1 has an invalid length.
[  216.130521][T11723] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  216.170017][T11723] can0: slcan on ttyS3.
[  216.190747][T11735] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  216.214504][T11723] can0 (unregistered): slcan off ttyS3.
[  216.232086][T11723] can0: slcan on ttyS3.
[  216.238876][T11733] netlink: 'syz.5.2602': attribute type 10 has an invalid length.
[  216.240244][T11742] loop6: detected capacity change from 0 to 1024
[  216.253608][T11742] EXT4-fs: Ignoring removed orlov option
[  216.257000][T11733] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2602'.
[  216.268124][T11742] EXT4-fs: dax option not supported
[  216.277992][T11723] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2598'.
[  216.289305][T11733] tmpfs: Bad value for 'mpol'
[  216.370582][T11760] loop5: detected capacity change from 0 to 512
[  216.374620][T11722] can0 (unregistered): slcan off ttyS3.
[  216.382969][T11760] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  216.395878][T11760] EXT4-fs (loop5): 1 truncate cleaned up
[  216.402026][T11760] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.577183][T11753] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=11753 comm=syz.0.2608
[  216.703853][T11781] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  216.730007][T11783] loop2: detected capacity change from 0 to 1024
[  216.748765][T11781] tipc: Resetting bearer <eth:syzkaller0>
[  216.755304][T11783] EXT4-fs: Ignoring removed orlov option
[  216.761439][T11783] EXT4-fs: dax option not supported
[  216.769953][T11780] tipc: Disabling bearer <eth:syzkaller0>
[  216.851549][T11785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2618'.
[  216.861217][T11785] tmpfs: Bad value for 'mpol'
[  216.878022][T11789] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  217.228200][ T4576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.454506][T11821] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  217.466482][T11821] tipc: Resetting bearer <eth:syzkaller0>
[  217.475273][T11820] tipc: Disabling bearer <eth:syzkaller0>
[  217.596884][T11824] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  217.885238][   T29] kauditd_printk_skb: 759 callbacks suppressed
[  217.885326][   T29] audit: type=1326 audit(1756466570.926:8555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  217.964261][   T29] audit: type=1326 audit(1756466570.926:8556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  217.987991][   T29] audit: type=1326 audit(1756466570.956:8557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.011666][   T29] audit: type=1326 audit(1756466570.956:8558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.035230][   T29] audit: type=1326 audit(1756466570.956:8559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.058781][   T29] audit: type=1326 audit(1756466570.956:8560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.082327][   T29] audit: type=1326 audit(1756466570.956:8561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.105839][   T29] audit: type=1326 audit(1756466570.956:8562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.129533][   T29] audit: type=1326 audit(1756466570.956:8563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.153290][   T29] audit: type=1326 audit(1756466570.956:8564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11834 comm="syz.7.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d001bebe9 code=0x7ffc0000
[  218.515779][T11853] loop7: detected capacity change from 0 to 512
[  218.533517][T11853] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  218.559263][T11853] EXT4-fs (loop7): 1 truncate cleaned up
[  218.572414][T11853] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.706280][T11858] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2639'.
[  218.760920][T11860] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  218.779428][T11860] can0: slcan on ttyS3.
[  218.825265][T11860] can0 (unregistered): slcan off ttyS3.
[  218.837215][T11858] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2639'.
[  219.083635][T11867] loop2: detected capacity change from 0 to 256
[  219.097089][T11867] msdos: Bad value for 'uid'
[  219.101722][T11867] msdos: Bad value for 'uid'
[  219.118210][T11867] 9pnet_fd: Insufficient options for proto=fd
[  219.373757][T11856] syz.7.2638 (11856) used greatest stack depth: 9680 bytes left
[  219.385779][ T5193] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.403236][T11875] validate_nla: 5 callbacks suppressed
[  219.403248][T11875] netlink: 'syz.6.2645': attribute type 10 has an invalid length.
[  219.424908][T11881] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=886 sclass=netlink_route_socket pid=11881 comm=syz.2.2643
[  219.437442][T11875] tmpfs: Bad value for 'mpol'
[  219.630142][T11893] random: crng reseeded on system resumption
[  220.377619][T11906] SELinux: syz.7.2654 (11906) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  220.593207][T11913] loop2: detected capacity change from 0 to 512
[  220.602552][T11913] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  220.615295][T11913] EXT4-fs (loop2): 1 truncate cleaned up
[  220.623204][T11913] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.903572][T11913] ==================================================================
[  220.911704][T11913] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark
[  220.918851][T11913] 
[  220.921175][T11913] write to 0xffff88811a5d29a4 of 4 bytes by task 11915 on cpu 1:
[  220.928891][T11913]  xas_set_mark+0x12b/0x140
[  220.933414][T11913]  __folio_start_writeback+0x1dd/0x440
[  220.938892][T11913]  ext4_bio_write_folio+0x5ad/0x9f0
[  220.944103][T11913]  mpage_process_page_bufs+0x4a1/0x620
[  220.949570][T11913]  mpage_prepare_extent_to_map+0x786/0xc00
[  220.955385][T11913]  ext4_do_writepages+0xa05/0x2750
[  220.960528][T11913]  ext4_writepages+0x176/0x300
[  220.965319][T11913]  do_writepages+0x1c3/0x310
[  220.969937][T11913]  filemap_write_and_wait_range+0x144/0x340
[  220.975880][T11913]  ext4_file_write_iter+0xe04/0xf00
[  220.981108][T11913]  iter_file_splice_write+0x663/0xa60
[  220.986491][T11913]  direct_splice_actor+0x153/0x2a0
[  220.991617][T11913]  splice_direct_to_actor+0x30f/0x680
[  220.996999][T11913]  do_splice_direct+0xda/0x150
[  221.001778][T11913]  do_sendfile+0x380/0x650
[  221.006226][T11913]  __x64_sys_sendfile64+0x105/0x150
[  221.011452][T11913]  x64_sys_call+0x2bb0/0x2ff0
[  221.016167][T11913]  do_syscall_64+0xd2/0x200
[  221.020705][T11913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.026621][T11913] 
[  221.028949][T11913] read to 0xffff88811a5d29a4 of 4 bytes by task 11913 on cpu 0:
[  221.036584][T11913]  xas_find_marked+0x5dc/0x620
[  221.041396][T11913]  find_get_entry+0x5d/0x380
[  221.046463][T11913]  filemap_get_folios_tag+0x92/0x210
[  221.051851][T11913]  mpage_prepare_extent_to_map+0x320/0xc00
[  221.057669][T11913]  ext4_do_writepages+0xa05/0x2750
[  221.062804][T11913]  ext4_writepages+0x176/0x300
[  221.067590][T11913]  do_writepages+0x1c3/0x310
[  221.072207][T11913]  file_write_and_wait_range+0x156/0x2c0
[  221.077877][T11913]  generic_buffers_fsync_noflush+0x45/0x120
[  221.083797][T11913]  ext4_sync_file+0x1ab/0x690
[  221.088505][T11913]  vfs_fsync_range+0x10d/0x130
[  221.093299][T11913]  ext4_buffered_write_iter+0x34f/0x3c0
[  221.098889][T11913]  ext4_file_write_iter+0xdbf/0xf00
[  221.104118][T11913]  iter_file_splice_write+0x663/0xa60
[  221.109609][T11913]  direct_splice_actor+0x153/0x2a0
[  221.114747][T11913]  splice_direct_to_actor+0x30f/0x680
[  221.120136][T11913]  do_splice_direct+0xda/0x150
[  221.124910][T11913]  do_sendfile+0x380/0x650
[  221.129364][T11913]  __x64_sys_sendfile64+0x105/0x150
[  221.134590][T11913]  x64_sys_call+0x2bb0/0x2ff0
[  221.139277][T11913]  do_syscall_64+0xd2/0x200
[  221.143812][T11913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.149730][T11913] 
[  221.152058][T11913] value changed: 0x0a000021 -> 0x04000021
[  221.157789][T11913] 
[  221.160117][T11913] Reported by Kernel Concurrency Sanitizer on:
[  221.166270][T11913] CPU: 0 UID: 0 PID: 11913 Comm: syz.2.2657 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  221.176076][T11913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  221.186130][T11913] ==================================================================
[  221.249228][T11913] ==================================================================
[  221.257387][T11913] BUG: KCSAN: data-race in __filemap_add_folio / filemap_write_and_wait_range
[  221.266626][T11913] 
[  221.268944][T11913] read-write to 0xffff88811a5d29f0 of 8 bytes by task 11915 on cpu 1:
[  221.277090][T11913]  __filemap_add_folio+0x5b9/0x7d0
[  221.282229][T11913]  filemap_add_folio+0x98/0x1b0
[  221.287091][T11913]  __filemap_get_folio+0x31e/0x6b0
[  221.292293][T11913]  ext4_write_begin+0x2fe/0xeb0
[  221.297154][T11913]  generic_perform_write+0x184/0x490
[  221.302448][T11913]  ext4_buffered_write_iter+0x1ee/0x3c0
[  221.308003][T11913]  ext4_file_write_iter+0xdbf/0xf00
[  221.313222][T11913]  iter_file_splice_write+0x663/0xa60
[  221.318598][T11913]  direct_splice_actor+0x153/0x2a0
[  221.323711][T11913]  splice_direct_to_actor+0x30f/0x680
[  221.329081][T11913]  do_splice_direct+0xda/0x150
[  221.333854][T11913]  do_sendfile+0x380/0x650
[  221.338282][T11913]  __x64_sys_sendfile64+0x105/0x150
[  221.343486][T11913]  x64_sys_call+0x2bb0/0x2ff0
[  221.348164][T11913]  do_syscall_64+0xd2/0x200
[  221.352671][T11913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.358566][T11913] 
[  221.360885][T11913] read to 0xffff88811a5d29f0 of 8 bytes by task 11913 on cpu 0:
[  221.368510][T11913]  filemap_write_and_wait_range+0x59/0x340
[  221.374342][T11913]  ext4_file_write_iter+0xe04/0xf00
[  221.379558][T11913]  iter_file_splice_write+0x663/0xa60
[  221.384931][T11913]  direct_splice_actor+0x153/0x2a0
[  221.390048][T11913]  splice_direct_to_actor+0x30f/0x680
[  221.395422][T11913]  do_splice_direct+0xda/0x150
[  221.400189][T11913]  do_sendfile+0x380/0x650
[  221.404610][T11913]  __x64_sys_sendfile64+0x105/0x150
[  221.409819][T11913]  x64_sys_call+0x2bb0/0x2ff0
[  221.414496][T11913]  do_syscall_64+0xd2/0x200
[  221.419014][T11913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.424905][T11913] 
[  221.427225][T11913] value changed: 0x0000000000000000 -> 0x0000000000000001
[  221.434332][T11913] 
[  221.436651][T11913] Reported by Kernel Concurrency Sanitizer on:
[  221.442796][T11913] CPU: 0 UID: 0 PID: 11913 Comm: syz.2.2657 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  221.452598][T11913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  221.462653][T11913] ==================================================================
[  221.537483][T11913] syz.2.2657 (11913) used greatest stack depth: 9080 bytes left
[  221.556026][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.