last executing test programs:

2.621997156s ago: executing program 3 (id=601):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x4c, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa000000}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1536c4426586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x35}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$lock(r5, 0x6, &(0x7f0000002000)={0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r6)
sendmsg$IEEE802154_LIST_PHY(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, r7, 0x30b, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4851}, 0x20000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, r9, 0x300, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x2}}, [""]}, 0x24}}, 0x8c0)
fcntl$lock(r5, 0x26, &(0x7f00000031c0)={0x1})
socket$kcm(0x10, 0x2, 0x0)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='c1\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000100"/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2, <r11=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x14, &(0x7f0000001740)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r11}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.914062962s ago: executing program 2 (id=606):
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x2d, 0x20040040)
bind$unix(r2, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
write(r2, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000d40), 0x40000000000038f, 0x10020, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
fadvise64(r3, 0x9, 0x3, 0x4)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e1f}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

1.800217483s ago: executing program 1 (id=607):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x18)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400df7f08000a00", @ANYRES32], 0x3c}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r7, 0x0, 0x3}, 0x18)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="f9ffffff00e41ca58a59bb90bd4aff8fe01de4ab2649d1f9e25421f754d090ec5135a81a1f6da22b4048af2942ebc27f127698043de7be5228e257588adf61b9a938494d81d5dae53f8517b5da012153e811ce8d01c22ac207687dbe75941fe250c9afbd35462df1043e4e10eef0c7d909f435bb38a191172588164523568f400d1ccab780d99b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/14], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x80000, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c580"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r10 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)

1.622531529s ago: executing program 2 (id=608):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000001000000070000000c"], 0x50)
r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
sendfile(0xffffffffffffffff, r1, 0x0, 0x8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000001000080000000000000000018120000", @ANYRES64=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x6, &(0x7f00000007c0)=ANY=[@ANYBLOB="ef0ec6f814381c73b1548b1af7c542a4cf69ac658274df7842358c607f73b5f960bf9bc9a8ca69828c7fba66aa67f5e19a4385ce99e5c6e5093ad585b66506d99984309237cc518f710bb8f63b5d7929ff9edc978063b1de2db3a1ba63a6962d1296c8b103fcd3b236b39a9490eeac0d6b9499b1f81dfdc8d3b4073cfddc08b9118bd2c32e21216a69e1676b"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r5}, 0x18)
r6 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRES16=r5], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r7, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000280)=[0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0], <r8=>0x0, 0xb0, &(0x7f0000000580)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000500), &(0x7f0000000600), 0x8, 0xc5, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0xffffffffffffffff, 0x26, 0x0, 0x0, 0x0, 0xb12e36d}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x14, 0x12, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000009000000520c0000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008520000005000000186900000d0000000000000004000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x6, 0x1c, &(0x7f0000000240)=""/28, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x4, 0x6, 0x1, 0x2}, 0x10, r8, r6, 0x5, 0x0, &(0x7f0000000500)=[{0x4, 0x3, 0x8, 0x8}, {0x0, 0x2, 0xc, 0x4}, {0x3, 0x4, 0xd, 0x2}, {0x0, 0x3, 0xb, 0x8}, {0x2, 0x5, 0x5, 0xa}], 0x10, 0x8}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb85dfc8912c96a4, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000980)='sys_enter\x00', r9}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy")
r10 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86)
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f030)
pwritev2(r10, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x14, 0x7800, 0x0, 0x3)

1.490349041s ago: executing program 0 (id=610):
r0 = socket$inet6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000940)=ANY=[@ANYBLOB="000202"], 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40008d0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd9b, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = dup3(r3, r2, 0x0)
socket$unix(0x1, 0x5, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000080)={&(0x7f00000001c0)={0x1d, 0x0, 0x3f420f00}, 0x10, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x2c004000)
sendmsg$can_bcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="05000000230800"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x2710], 0x80}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="050000002308000007000000000000", @ANYRES64=0x2710], 0x80}}, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
semget$private(0x0, 0x3, 0x220)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
acct(0x0)
mmap$perf(&(0x7f0000db8000/0x3000)=nil, 0x3000, 0x2, 0x13, r6, 0x1b)

1.441664565s ago: executing program 3 (id=611):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]})
timer_delete(0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000000000002000000e000000200e70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000200fffc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x190)
setsockopt$inet_group_source_req(r4, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108)
close_range(r3, 0xffffffffffffffff, 0x0)

1.293485149s ago: executing program 0 (id=612):
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x2d, 0x20040040)
bind$unix(r2, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
write(r2, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000d40), 0x40000000000038f, 0x10020, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
fadvise64(r3, 0x9, 0x3, 0x4)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e1f}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

1.292991809s ago: executing program 1 (id=613):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x23, &(0x7f0000000600)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffd}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @generic={0x5, 0x5, 0x7, 0x80, 0x3}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @map_fd={0x18, 0x4, 0x1, 0x0, r0}, @exit, @jmp={0x5, 0x0, 0x7, 0x6, 0x1, 0x10, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x7c, &(0x7f0000000500)=""/124, 0x41000, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x3, 0xf, 0x8, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r0, r0, r0], 0x0, 0x10, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x8, 0xb, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ae, 0x0, 0x0, 0x0, 0x749}, [@cb_func={0x18, 0x6, 0x4, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @call={0x85, 0x0, 0x0, 0xbb}, @jmp={0x5, 0x1, 0xb, 0x4, 0x2, 0x18, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x1, 0x2, 0xa, 0x1e, 0xfffffffffffffffc}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000080)='GPL\x00', 0xffffffff, 0x3b, &(0x7f00000001c0)=""/59, 0x40f00, 0x76, '\x00', 0x0, @cgroup_skb=0x1, r2, 0x8, &(0x7f0000000400)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x7, 0x1, 0xb0c}, 0x10, 0xffffffffffffffff, r3, 0x4, &(0x7f0000000880)=[r0, r0, r1], &(0x7f00000008c0)=[{0x1, 0x4, 0xe, 0x1}, {0x0, 0x5, 0x8, 0x3}, {0x5, 0x4, 0xc}, {0x1, 0x1, 0x3}]}, 0x94)
r4 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xc5c, &(0x7f00000005c0), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x100, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r6, 0x40086610, &(0x7f00000004c0)={@desc={0x1, 0x2000000, @desc4}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100)
readv(r7, &(0x7f0000000300)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1)

1.250044834s ago: executing program 3 (id=614):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_USERDATA={0x6, 0x7, 0x1, 0x0, "e55c"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x60}}, 0x8810)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x2}, 0x18)
syz_usbip_server_init(0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x88182, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r3 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r3, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0x5, 0x1, 0x5, 0x0, 0x0, {0x3}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8006}, 0x40000)

1.207368747s ago: executing program 2 (id=615):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TTY_SET(r2, 0x0, 0x4000080)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x789, &(0x7f0000000fc0)="$eJzs3c1rXFUbAPDnTpKmTfu+iSBo3RgQNFA6MTW2CgoVFyJYKOjadphMQ80kUzKT0oSALSK4EVRcCLrpyoUfdefWj63+Fy7EUjUtVlxI5E5m0kkzk07SZCaa3w9u5px77+ScZ879ODPncm8Ae9Zw+icTcTgi3ksiBmvzk4joq6Z6I06urHd7aTGfTkksL7/6W1Jd59bSYj4a3pM6WMs8HBHfvR1xJLO+3PL8wlSuWCzM1vKjlekLo+X5haPnp3OThcnCzPGx8fFjJ54+cXz7Yv3jx4VD199/6YkvT/711kPX3v0+iZNxqLasMY4te35tdjiGa59JX/oRrvHifRe2uyTdrgBbku6aPSt7eRyOweippgCA/7I3I2IZANhjEud/ANhj6r8D3FpazNen7v4i0Vk3XoiI/Svx18c3V5b01sbs9lfHQQduJWtGRpKIGNqG8ocj4pOvX/88nWK7xiEB2nD5SkScHRpef/xP1l2zsFlPbrBsX+11+K75aflGoKEzvkn7P8806/9lVvs/0aT/099k392KZvt/EnF5dcaBbShkAzc+jXiu4dq22w3x1wz11HL/q/b5+pJz54uF9Nj2/4gYib7+ND+2QRkjN/++2WpZY//v9w/e+CwtP329s0bml97+te+ZyFVy9xNzoxtXIh7pbRZ/str+SYv+7+k2y3j52Xc+brUsjT+Ntz6ti7/a/jt3Rli+GvF40/a/c0VbsuH1iaPVzWG0vlE08dVPHw20Kr+x/dMpLb/+XaAT0vYf2Dj+oaTxes3y5sv44ergt62W3Tv+5tv/vuS1arrej7iUq1RmxyL2Ja+sn3/sznsv5R6tpVbWT+Mfeaz5/r/R9p9+JzzbZvy913/9Yuvx76w0/olNtf/mE9duT/W0Kr+99h+vpkZqc9o5/rVbwfv57AAAAAAAAAAAAAAAAAAAAAAAAACgXZmIOBRJJruazmSy2ZVneD8YA5liqVw5cq40NzMR1WdlD0Vfpn6ry8GG+6GO1e6HX88fuyv/VEQ8EBEf9h9I6vdRnOhy7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQd7DF8/9TP/d3u3YAwI7Z3+0KAAAd5/wPAHuP8z8A7D3tnf97drweAEDn+P4PAHuP8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA77PSpU+m0/OfSYj7NT1ycn5sqXTw6UShPZafn8tl8afZCdrJUmiwWsvnS9L3+X7FUujAeM3OXRiuFcmW0PL9wZro0N1M5c346N1k4U+jrSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDnl+YWpXLFYmJXYQmJ5d1Sj+4me2ua0W+rT0USyO6qxzYkuH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA//8vWSHt")
socket$inet_mptcp(0x2, 0x1, 0x106)
creat(&(0x7f00000000c0)='./file0\x00', 0x81)

1.06557313s ago: executing program 0 (id=617):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, 0x0, 0x0)
r2 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000380)="d8", 0x1, r2)
keyctl$search(0xa, r2, &(0x7f0000000080)='user\x00', &(0x7f0000000180)={'syz', 0x3}, r1)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000140)={r1, 0xc0, 0x56}, &(0x7f00000002c0)={'enc=', 'oaep', ' hash=', {'sha512-avx2\x00'}}, &(0x7f00000003c0)="51023fa9472472a0fe0e7df62dd009f55b5f31837ee8f31f6d15598e9ddde7f12b607955cd4101dccef9b3819d56528e89203fd856d00299d8b8f2196c62374c2da74ef9c359b68b9bd4da93039ccec1ffacf55e206c628690fc0c324c2b21a1ab7f1686fba8f40577e6ef24e859f79e92416f25e10616ba65259363beea6e09872891dc2440e6dcf3fd73fb24a643cab785aadc27b8a6e5146e6f8df7e34d0813b4c272a3ea4a17c2eb862df09bea65acf5275d1ff1a1f9fda63ac14130d7e6", &(0x7f0000000480)="615edfd75941c03a2cc9774bd6b3e497cc61713e311ea298aa1dfbbf7d3f91339957b1b9398df3111ddb870aa51710a148485142368cb905ce2641f72efab4876b8d89a89910f143a502ef239960815a1bc4ac3e24e7")
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r4}, 0x10)
r5 = socket(0x10, 0x803, 0x0)
connect$netlink(r5, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10008, {0x0, 0x0, 0x0, r7, {0x5, 0x2}, {0x0, 0xffef}, {0xfff3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x4004000)

888.621407ms ago: executing program 0 (id=619):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x801, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x48080}, 0xc4)
vmsplice(r0, 0x0, 0x0, 0x8)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x1, r1}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
pipe2(&(0x7f00000006c0), 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0xb2}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, 0xffffffffffffffff, 0x0)

887.508637ms ago: executing program 2 (id=620):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x3fffffffffffe52, 0x10003, '\x00', [{}, {0xffffffff}]})

864.897279ms ago: executing program 0 (id=621):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x4c, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa000000}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1536c4426586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x35}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$lock(r5, 0x6, &(0x7f0000002000)={0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r6)
sendmsg$IEEE802154_LIST_PHY(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, r7, 0x30b, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4851}, 0x20000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, r9, 0x300, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x2}}, [""]}, 0x24}}, 0x8c0)
fcntl$lock(r5, 0x26, &(0x7f00000031c0)={0x1})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000006600816657bb97c9269de9aaec8488040f0000004cb9cca7480ef402000000e305000a00000200000000", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='c1\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000100"/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2, <r11=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)=r3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x14, &(0x7f0000001740)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r11}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

741.542611ms ago: executing program 2 (id=623):
r0 = socket$inet6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40008d0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd9b, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = dup3(r3, r2, 0x0)
socket$unix(0x1, 0x5, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000080)={&(0x7f00000001c0)={0x1d, 0x0, 0x3f420f00}, 0x10, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x2c004000)
sendmsg$can_bcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="05000000230800"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x2710], 0x80}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="050000002308000007000000000000", @ANYRES64=0x2710], 0x80}}, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
semget$private(0x0, 0x3, 0x220)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
acct(0x0)
mmap$perf(&(0x7f0000db8000/0x3000)=nil, 0x3000, 0x2, 0x13, r6, 0x1b)

648.497319ms ago: executing program 2 (id=625):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x4c, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa000000}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1536c4426586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x35}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$lock(r4, 0x6, &(0x7f0000002000)={0x1})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff)
fcntl$lock(r4, 0x26, &(0x7f00000031c0)={0x1})

550.851538ms ago: executing program 3 (id=626):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0x2d, 0x2, 0x0)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f00000000c0)={&(0x7f0000000280)={0x2d, 0x0, 0x1f}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000840}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r3}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000740)=ANY=[@ANYBLOB="0600000004000000be7000005c0081000000000066903274f360bff5141d5015318c884c6d7e9dee8f54b53b23fce74856c93ae5f98b15fa5a2dc15c5edb45d9f4d99c6fd4dcd533633397428168b1ed52f37414af983bb46395165f8ef82179145e9b723af91bd7908493580ab445fb8c50000a3f04a872751b9b94760b6eb5f08e6a3949d116bfe5f5673c9519f62dec858375d0a7a1f7c6ea0aa7a384df", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES16, @ANYBLOB="000000000200"/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4, 0x0, 0x1}, 0x18)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r5)
sendmsg$NLBL_MGMT_C_ADDDEF(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000007c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000400000008000700ac1414aa05000800e000000106000b00020000000800020005"], 0x34}}, 0x0)

520.887961ms ago: executing program 3 (id=627):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x2d, 0x20040040)
bind$unix(r3, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
write(r3, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000d40), 0x40000000000038f, 0x10020, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
fadvise64(r4, 0x9, 0x3, 0x4)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e1f}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

497.007703ms ago: executing program 4 (id=628):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x300, 0xec, 0x2, 0x0, 0x0})

475.498595ms ago: executing program 4 (id=629):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x14000, 0x0)
utime(0x0, 0xfffffffffffffffe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="0000000000000000000000000000000000a9760000ed171200"/36, @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r3, 0x0, 0x4804}, 0x18)
r4 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$selinux_access(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='system_u:object_r:boot_t:s0 /sbin/dhclient 000000000000\x00\x00000000\x00'], 0x40)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYRESDEC=r5, @ANYBLOB="09f2c437ccf44d3e7fa5017108b648892e94482755de0eefa5df71d8e416e9ac98130a6b1293033094d2b9f34531a6742c7aa66c3eeaa921389df978c50bb508053b8486e5d775a4522de0769b48775ea8ac0c4b715d7b09d52bbd6733c4a67aba3d2ef19cf44936e48163b4e14a95e0e02774ab10263a714f9abf4df8ef0529a8d697545f1bc58ae79f66e4a3ed3c613ad05e699cf08e7fee243f5c1db7f6c8e885523cc4dc3913dec194492cce302c27e19f2e9ea9f5b12409b8a3697e2fd3daa7ae20389875", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)=r6}, 0x20)
r7 = socket(0x10, 0xa, 0x1ff)
write(r7, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24)
recvmmsg(r7, &(0x7f0000005180), 0x400000000000166, 0x1a000, 0x0)
ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000000c0))
r8 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000200), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r10 = creat(&(0x7f00000000c0)='./bus\x00', 0x1a2)
fallocate(r10, 0x0, 0xbf5, 0x2000402)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
fsetxattr(r11, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000002000010300003218298a000002000000000000001a0000000500130009000000"], 0x24}, 0x1, 0x0, 0x0, 0x4050}, 0x4000050)
sched_getscheduler(0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})

394.208952ms ago: executing program 3 (id=630):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r3 = mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x120, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f0000000c00)={'syztnl2\x00', <r4=>0x0, 0x29, 0x6, 0x0, 0x1e5, 0x0, @loopback, @empty, 0x80, 0x80, 0x7, 0x28}})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000c80)={0x0, r1}, 0x8)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', r4, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x18, 0x7ffc1fff}]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r6}, 0x0, &(0x7f0000000840)=r7}, 0x20)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r5, 0x0, 0x29, 0x0, @void}, 0x10)
mq_timedreceive(r3, &(0x7f000001a600)=""/102385, 0x18ff1, 0x0, 0x0)

391.053773ms ago: executing program 1 (id=631):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x801, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x48080}, 0xc4)
vmsplice(r0, 0x0, 0x0, 0x8)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x1, r1}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0xb2}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, 0xffffffffffffffff, 0x0)

358.014146ms ago: executing program 4 (id=632):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="09000000040000000800000010"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0)
umount2(&(0x7f0000000300)='./file0/../file0\x00', 0x3)

306.244101ms ago: executing program 4 (id=633):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]})
timer_create(0x2, 0x0, &(0x7f0000000000))
timer_delete(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000000000002000000e000000200e70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000200fffc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x190)
setsockopt$inet_group_source_req(r3, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108)
close_range(r2, 0xffffffffffffffff, 0x0)

284.922693ms ago: executing program 1 (id=634):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x3fffffffffffe52, 0x10003, '\x00', [{}, {0xffffffff}]})

280.653263ms ago: executing program 4 (id=635):
r0 = socket$inet6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40008d0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd9b, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = dup3(r3, r2, 0x0)
socket$unix(0x1, 0x5, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000080)={&(0x7f00000001c0)={0x1d, 0x0, 0x3f420f00}, 0x10, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x2c004000)
sendmsg$can_bcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="05000000230800"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x2710], 0x80}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="050000002308000007000000000000", @ANYRES64=0x2710], 0x80}}, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
semget$private(0x0, 0x3, 0x220)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
acct(0x0)
mmap$perf(&(0x7f0000db8000/0x3000)=nil, 0x3000, 0x2, 0x13, r6, 0x1b)

201.21133ms ago: executing program 4 (id=636):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_USERDATA={0x6, 0x7, 0x1, 0x0, "e55c"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x60}}, 0x8810)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x2}, 0x18)
syz_usbip_server_init(0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x88182, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r3 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r3, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0x5, 0x1, 0x5, 0x0, 0x0, {0x3}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8006}, 0x40000)

134.390917ms ago: executing program 1 (id=637):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a0000200600010011"], 0x1c}}, 0x0)

102.45013ms ago: executing program 1 (id=638):
r0 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x25, &(0x7f0000000340)=[@mss={0x2, 0x3cc366a}, @mss={0x2, 0x1}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x18, r2, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000885}, 0x0)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, r3, 0x0, 0x0, 0xfffffffffffffca2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r5=>r0, {0x8}}, './file0\x00'})
clock_gettime(0x0, &(0x7f0000000480)={<r6=>0x0, <r7=>0x0})
write$evdev(r5, &(0x7f00000004c0)=[{{0x77359400}, 0x5, 0x5, 0x1}, {{}, 0x4, 0x9, 0xf}, {{r6, r7/1000+10000}, 0x17, 0xb, 0x89}, {{}, 0x11, 0x7f, 0xf64}, {{0x77359400}, 0x5, 0xc}, {{0x0, 0x2710}, 0x4, 0x7, 0xb}, {{0x0, 0x2710}, 0x0, 0xfe3, 0x4}], 0xa8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x18)
select(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="180000000000c62e58904c809edf11bea92b14e36713ab1f966dd723d6efc0f9d60cbeaf54ae79f5effee81735e09ad5aa8ac69bfcc4d3a44abc7a654eb45a0c9c94d4d12a3c9bf79a52a0479c0ec752ddc90f9fa26f8d26d8ac38cb5c68298d03ba8185ea8d7c6d11b1256a6ffff9170fcdf52f23c954ef55f83ba65eeedc8d29585e5a49d86ae024e70f08d297e1e17700f8fea1177d962aee6c1a12abfb03506177e1ac460977efadd359902bc1dc7a1c5168777db624b6ce0cbf7a79c40b1b17e5f0520536978cb3d3ef584ce218b657ea05990e", @ANYRES64=r0], 0x18}, 0x1, 0x0, 0x0, 0x60042800}, 0x40084c0)

0s ago: executing program 0 (id=639):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x300, 0xec, 0x2, 0x0, 0x0})

kernel console output (not intermixed with test programs):

2127][ T4048] EXT4-fs (loop0): 1 truncate cleaned up
[   55.268997][ T4048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.285487][ T4048] SELinux:  Context system_u:object_r:devicekit_var_lib_t:s0 is not valid (left unmapped).
[   55.309365][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.332365][ T4052] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   55.345014][ T4052] EXT4-fs (loop0): 1 truncate cleaned up
[   55.351712][ T4052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.366226][ T4052] FAULT_INJECTION: forcing a failure.
[   55.366226][ T4052] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   55.379420][ T4052] CPU: 1 UID: 0 PID: 4052 Comm: syz.0.152 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   55.379456][ T4052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   55.379516][ T4052] Call Trace:
[   55.379526][ T4052]  <TASK>
[   55.379535][ T4052]  __dump_stack+0x1d/0x30
[   55.379566][ T4052]  dump_stack_lvl+0x95/0xd0
[   55.379595][ T4052]  dump_stack+0x15/0x1b
[   55.379619][ T4052]  should_fail_ex+0x265/0x280
[   55.379647][ T4052]  should_fail+0xb/0x20
[   55.379784][ T4052]  should_fail_usercopy+0x1a/0x20
[   55.379818][ T4052]  strncpy_from_user+0x27/0x260
[   55.379863][ T4052]  path_setxattrat+0xeb/0x310
[   55.380002][ T4052]  __x64_sys_lsetxattr+0x71/0x90
[   55.380036][ T4052]  x64_sys_call+0x2ef0/0x3000
[   55.380075][ T4052]  do_syscall_64+0xca/0x2b0
[   55.380116][ T4052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.380211][ T4052] RIP: 0033:0x7fe083cff749
[   55.380230][ T4052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.380253][ T4052] RSP: 002b:00007fe08275f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   55.380278][ T4052] RAX: ffffffffffffffda RBX: 00007fe083f55fa0 RCX: 00007fe083cff749
[   55.380369][ T4052] RDX: 0000200000000340 RSI: 0000200000000300 RDI: 00002000000002c0
[   55.380385][ T4052] RBP: 00007fe08275f090 R08: 0000000000000000 R09: 0000000000000000
[   55.380401][ T4052] R10: 0000000000000029 R11: 0000000000000246 R12: 0000000000000001
[   55.380417][ T4052] R13: 00007fe083f56038 R14: 00007fe083f55fa0 R15: 00007ffcfbd92bf8
[   55.380436][ T4052]  </TASK>
[   55.551223][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.598573][ T4055] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[   55.633716][ T4062] ext3: Bad value for 'max_batch_time'
[   55.639666][ T4058] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.651205][ T4062] netlink: 'syz.2.156': attribute type 10 has an invalid length.
[   55.660290][ T4062] dummy0: left promiscuous mode
[   55.663796][ T4055] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.688673][ T4058] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.718602][ T4055] netlink: 'syz.0.153': attribute type 4 has an invalid length.
[   55.763235][ T4058] FAULT_INJECTION: forcing a failure.
[   55.763235][ T4058] name failslab, interval 1, probability 0, space 0, times 0
[   55.776019][ T4058] CPU: 1 UID: 0 PID: 4058 Comm: syz.4.154 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   55.776099][ T4058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   55.776113][ T4058] Call Trace:
[   55.776120][ T4058]  <TASK>
[   55.776128][ T4058]  __dump_stack+0x1d/0x30
[   55.776155][ T4058]  dump_stack_lvl+0x95/0xd0
[   55.776178][ T4058]  dump_stack+0x15/0x1b
[   55.776199][ T4058]  should_fail_ex+0x265/0x280
[   55.776301][ T4058]  should_failslab+0x8c/0xb0
[   55.776326][ T4058]  __kmalloc_noprof+0xb9/0x5a0
[   55.776350][ T4058]  ? qtree_write_dquot+0x70/0x300
[   55.776370][ T4058]  ? percpu_counter_add_batch+0xb6/0x130
[   55.776469][ T4058]  qtree_write_dquot+0x70/0x300
[   55.776489][ T4058]  ? __pfx_ext4_quota_write+0x10/0x10
[   55.776517][ T4058]  ? kick_pool+0x267/0x2d0
[   55.776547][ T4058]  ? spurious_kernel_fault+0xf7/0x490
[   55.776579][ T4058]  v2_write_dquot+0xda/0x140
[   55.776663][ T4058]  dquot_commit+0x21c/0x260
[   55.776693][ T4058]  ext4_write_dquot+0x126/0x1d0
[   55.776722][ T4058]  ext4_mark_dquot_dirty+0x95/0xd0
[   55.776788][ T4058]  __dquot_alloc_space+0x7d0/0x8a0
[   55.776844][ T4058]  ext4_mb_new_blocks+0x91b/0x2080
[   55.776972][ T4058]  ? ext4_ext_search_right+0x30b/0x4f0
[   55.776999][ T4058]  ? ext4_inode_to_goal_block+0x1be/0x1e0
[   55.777099][ T4058]  ext4_ext_map_blocks+0xff5/0x38a0
[   55.777142][ T4058]  ext4_map_blocks+0x626/0xd20
[   55.777231][ T4058]  ? __account_obj_stock+0x211/0x350
[   55.777259][ T4058]  _ext4_get_block+0x10a/0x350
[   55.777364][ T4058]  ext4_get_block_unwritten+0x2a/0xb0
[   55.777397][ T4058]  ext4_block_write_begin+0x650/0xcf0
[   55.777472][ T4058]  ? __pfx_ext4_get_block_unwritten+0x10/0x10
[   55.777507][ T4058]  ? folio_mapping+0xb9/0xe0
[   55.777530][ T4058]  ext4_write_begin+0x636/0xe90
[   55.777564][ T4058]  ext4_da_write_begin+0x1f0/0x6b0
[   55.777625][ T4058]  ? inode_to_bdi+0x47/0xa0
[   55.777644][ T4058]  ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0
[   55.777763][ T4058]  generic_perform_write+0x184/0x490
[   55.777905][ T4058]  ext4_buffered_write_iter+0x1ee/0x3c0
[   55.777984][ T4058]  ? ext4_file_write_iter+0xfe/0xf60
[   55.778020][ T4058]  ext4_file_write_iter+0x387/0xf60
[   55.778112][ T4058]  ? kstrtouint+0x76/0xc0
[   55.778132][ T4058]  ? kstrtouint_from_user+0x9f/0xf0
[   55.778202][ T4058]  ? avc_policy_seqno+0x15/0x30
[   55.778258][ T4058]  ? selinux_file_permission+0x1e2/0x320
[   55.778294][ T4058]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   55.778331][ T4058]  vfs_write+0x52a/0x960
[   55.778391][ T4058]  ksys_write+0xda/0x1a0
[   55.778413][ T4058]  __x64_sys_write+0x40/0x50
[   55.778433][ T4058]  x64_sys_call+0x2847/0x3000
[   55.778538][ T4058]  do_syscall_64+0xca/0x2b0
[   55.778575][ T4058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.778599][ T4058] RIP: 0033:0x7fb8aed4f749
[   55.778615][ T4058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.778710][ T4058] RSP: 002b:00007fb8ad7af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   55.778730][ T4058] RAX: ffffffffffffffda RBX: 00007fb8aefa5fa0 RCX: 00007fb8aed4f749
[   55.778743][ T4058] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000004
[   55.778757][ T4058] RBP: 00007fb8ad7af090 R08: 0000000000000000 R09: 0000000000000000
[   55.778843][ T4058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.778856][ T4058] R13: 00007fb8aefa6038 R14: 00007fb8aefa5fa0 R15: 00007ffc85c01038
[   55.778876][ T4058]  </TASK>
[   55.778907][ T4058] EXT4-fs error (device loop4): ext4_write_dquot:6966: comm syz.4.154: Failed to commit dquot type 1
[   56.064830][ T4068] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.087721][ T4058] syz.4.154 (4058) used greatest stack depth: 10088 bytes left
[   56.151882][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   56.183339][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.184645][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.314698][ T4082] lo speed is unknown, defaulting to 1000
[   56.387678][ T4092] iso9660: Unknown parameter ''
[   56.622110][ T4090] lo speed is unknown, defaulting to 1000
[   57.532511][ T4106] set_capacity_and_notify: 10 callbacks suppressed
[   57.532528][ T4106] loop3: detected capacity change from 0 to 512
[   57.548967][ T4108] loop0: detected capacity change from 0 to 2048
[   57.557000][ T4106] EXT4-fs: Ignoring removed i_version option
[   57.569407][ T4110] loop2: detected capacity change from 0 to 2048
[   57.587138][ T4106] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   57.604985][ T4108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.628411][ T4110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.650257][ T4106] EXT4-fs (loop3): 1 truncate cleaned up
[   57.657316][ T4106] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.812896][ T4124] netlink: 'syz.1.179': attribute type 1 has an invalid length.
[   57.850791][ T4124] 8021q: adding VLAN 0 to HW filter on device bond1
[   57.867550][ T4124] vlan2: entered allmulticast mode
[   57.872897][ T4124] bond1: entered allmulticast mode
[   57.884566][ T4124] __nla_validate_parse: 3 callbacks suppressed
[   57.884652][ T4124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.179'.
[   57.894697][ T4132] netlink: 'syz.2.178': attribute type 1 has an invalid length.
[   57.900056][ T4124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.179'.
[   57.917453][ T4124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.179'.
[   57.968259][ T4138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'.
[   57.978746][ T4137] xt_l2tp: v2 tid > 0xffff: 37482740
[   57.986271][ T4132] 8021q: adding VLAN 0 to HW filter on device bond1
[   58.011808][ T4137] netlink: 36 bytes leftover after parsing attributes in process `syz.1.181'.
[   58.042202][ T4147] FAULT_INJECTION: forcing a failure.
[   58.042202][ T4147] name failslab, interval 1, probability 0, space 0, times 0
[   58.056005][ T4147] CPU: 0 UID: 0 PID: 4147 Comm: syz.3.184 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   58.056037][ T4147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   58.056050][ T4147] Call Trace:
[   58.056056][ T4147]  <TASK>
[   58.056064][ T4147]  __dump_stack+0x1d/0x30
[   58.056089][ T4147]  dump_stack_lvl+0x95/0xd0
[   58.056119][ T4147]  dump_stack+0x15/0x1b
[   58.056145][ T4147]  should_fail_ex+0x265/0x280
[   58.056174][ T4147]  should_failslab+0x8c/0xb0
[   58.056197][ T4147]  kmem_cache_alloc_noprof+0x69/0x4b0
[   58.056248][ T4147]  ? skb_clone+0x151/0x1f0
[   58.056288][ T4147]  skb_clone+0x151/0x1f0
[   58.056474][ T4147]  nfnetlink_rcv+0x2fc/0x16c0
[   58.056563][ T4147]  ? kmem_cache_free+0xe3/0x3a0
[   58.056595][ T4147]  ? __kfree_skb+0x109/0x150
[   58.056629][ T4147]  ? consume_skb+0x49/0x150
[   58.056705][ T4147]  ? nlmon_xmit+0x4f/0x60
[   58.056725][ T4147]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   58.056757][ T4147]  ? __dev_queue_xmit+0x138d/0x1ec0
[   58.056815][ T4147]  ? __dev_queue_xmit+0x148/0x1ec0
[   58.056888][ T4147]  ? ref_tracker_free+0x37d/0x3e0
[   58.056951][ T4147]  netlink_unicast+0x5c0/0x690
[   58.057097][ T4147]  netlink_sendmsg+0x58b/0x6b0
[   58.057133][ T4147]  ? __pfx_netlink_sendmsg+0x10/0x10
[   58.057167][ T4147]  __sock_sendmsg+0x145/0x180
[   58.057187][ T4147]  ____sys_sendmsg+0x31e/0x4a0
[   58.057261][ T4147]  ___sys_sendmsg+0x17b/0x1d0
[   58.057385][ T4147]  __x64_sys_sendmsg+0xd4/0x160
[   58.057421][ T4147]  x64_sys_call+0x17ba/0x3000
[   58.057446][ T4147]  do_syscall_64+0xca/0x2b0
[   58.057486][ T4147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.057558][ T4147] RIP: 0033:0x7f76b392f749
[   58.057574][ T4147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.057627][ T4147] RSP: 002b:00007f76b238f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.057659][ T4147] RAX: ffffffffffffffda RBX: 00007f76b3b85fa0 RCX: 00007f76b392f749
[   58.057671][ T4147] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   58.057691][ T4147] RBP: 00007f76b238f090 R08: 0000000000000000 R09: 0000000000000000
[   58.057707][ T4147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.057722][ T4147] R13: 00007f76b3b86038 R14: 00007f76b3b85fa0 R15: 00007ffd2a836f28
[   58.057790][ T4147]  </TASK>
[   58.311760][ T4154] netlink: 'syz.2.185': attribute type 1 has an invalid length.
[   58.320354][ T4154] netlink: 'syz.2.185': attribute type 4 has an invalid length.
[   58.328105][ T4154] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.185'.
[   58.361545][ T4154] netlink: 'syz.2.185': attribute type 1 has an invalid length.
[   58.369356][ T4154] netlink: 'syz.2.185': attribute type 4 has an invalid length.
[   58.377950][ T4154] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.185'.
[   58.387379][ T4157] loop3: detected capacity change from 0 to 512
[   58.405357][ T4157] EXT4-fs: Ignoring removed i_version option
[   58.431492][ T4157] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   58.444053][ T4157] EXT4-fs (loop3): 1 truncate cleaned up
[   58.486893][ T4163] loop3: detected capacity change from 0 to 512
[   58.499549][ T4163] ext3: Bad value for 'max_batch_time'
[   58.510949][ T4163] netlink: 'syz.3.188': attribute type 10 has an invalid length.
[   58.533417][ T4163] team0: Port device dummy0 added
[   58.943226][ T4187] loop0: detected capacity change from 0 to 2048
[   59.021577][ T4189] netlink: 'syz.3.197': attribute type 1 has an invalid length.
[   59.029396][ T4189] netlink: 'syz.3.197': attribute type 4 has an invalid length.
[   59.037809][ T4189] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.197'.
[   59.066787][ T4193] loop2: detected capacity change from 0 to 512
[   59.077844][ T4194] netlink: 'syz.3.197': attribute type 1 has an invalid length.
[   59.085598][ T4194] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.197'.
[   59.095810][ T4193] EXT4-fs: Ignoring removed i_version option
[   59.111825][ T4193] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   59.147072][ T3482] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   59.173665][ T4193] EXT4-fs (loop2): 1 truncate cleaned up
[   59.179097][ T3482] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   59.198300][ T4199] vfat: Unknown parameter '[*{$'
[   59.217679][ T4203] FAULT_INJECTION: forcing a failure.
[   59.217679][ T4203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.230808][ T4203] CPU: 1 UID: 0 PID: 4203 Comm: syz.0.201 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   59.230834][ T4203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   59.230850][ T4203] Call Trace:
[   59.230859][ T4203]  <TASK>
[   59.230869][ T4203]  __dump_stack+0x1d/0x30
[   59.230968][ T4203]  dump_stack_lvl+0x95/0xd0
[   59.230999][ T4203]  dump_stack+0x15/0x1b
[   59.231027][ T4203]  should_fail_ex+0x265/0x280
[   59.231058][ T4203]  should_fail+0xb/0x20
[   59.231099][ T4203]  should_fail_usercopy+0x1a/0x20
[   59.231193][ T4203]  _copy_from_iter+0xcf/0xe70
[   59.231270][ T4203]  ? __alloc_skb+0x396/0x4b0
[   59.231301][ T4203]  ? __alloc_skb+0x228/0x4b0
[   59.231335][ T4203]  netlink_sendmsg+0x471/0x6b0
[   59.231397][ T4203]  ? __pfx_netlink_sendmsg+0x10/0x10
[   59.231448][ T4203]  __sock_sendmsg+0x145/0x180
[   59.231513][ T4203]  ____sys_sendmsg+0x31e/0x4a0
[   59.231556][ T4203]  ___sys_sendmsg+0x17b/0x1d0
[   59.231613][ T4203]  __x64_sys_sendmsg+0xd4/0x160
[   59.231733][ T4203]  x64_sys_call+0x17ba/0x3000
[   59.231849][ T4203]  do_syscall_64+0xca/0x2b0
[   59.231897][ T4203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.231926][ T4203] RIP: 0033:0x7fe083cff749
[   59.231995][ T4203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.232063][ T4203] RSP: 002b:00007fe08275f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.232083][ T4203] RAX: ffffffffffffffda RBX: 00007fe083f55fa0 RCX: 00007fe083cff749
[   59.232096][ T4203] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[   59.232108][ T4203] RBP: 00007fe08275f090 R08: 0000000000000000 R09: 0000000000000000
[   59.232122][ T4203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.232138][ T4203] R13: 00007fe083f56038 R14: 00007fe083f55fa0 R15: 00007ffcfbd92bf8
[   59.232163][ T4203]  </TASK>
[   59.247497][ T4204] fido_id[4204]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   59.562369][ T4218] loop2: detected capacity change from 0 to 2048
[   59.575326][ T3482] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   59.607833][ T4219] loop4: detected capacity change from 0 to 7
[   59.615371][   T29] kauditd_printk_skb: 153 callbacks suppressed
[   59.615388][   T29] audit: type=1400 audit(1767028629.296:1694): avc:  denied  { ioctl } for  pid=4205 comm="syz.4.195" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c0a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   59.655358][ T4221] 8021q: adding VLAN 0 to HW filter on device bond1
[   59.662492][ T4219] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.679698][ T3482] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   59.722703][ T4219] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.730716][ T4219]  loop4: unable to read partition table
[   59.746076][ T4225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'.
[   59.771707][ T4218] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #12: comm syz.2.207: corrupted in-inode xattr: e_name out of bounds
[   59.794045][   T29] audit: type=1400 audit(1767028629.346:1695): avc:  denied  { read } for  pid=4213 comm="syz.1.206" dev="nsfs" ino=4026532671 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   59.815311][   T29] audit: type=1400 audit(1767028629.346:1696): avc:  denied  { open } for  pid=4213 comm="syz.1.206" path="net:[4026532671]" dev="nsfs" ino=4026532671 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   59.838675][   T29] audit: type=1400 audit(1767028629.346:1697): avc:  denied  { create } for  pid=4213 comm="syz.1.206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   59.859296][   T29] audit: type=1400 audit(1767028629.366:1698): avc:  denied  { prog_load } for  pid=4213 comm="syz.1.206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   59.878444][   T29] audit: type=1400 audit(1767028629.366:1699): avc:  denied  { bpf } for  pid=4213 comm="syz.1.206" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   59.878480][   T29] audit: type=1400 audit(1767028629.366:1700): avc:  denied  { perfmon } for  pid=4213 comm="syz.1.206" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   59.878513][   T29] audit: type=1400 audit(1767028629.366:1701): avc:  denied  { prog_run } for  pid=4213 comm="syz.1.206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   59.878543][   T29] audit: type=1400 audit(1767028629.366:1702): avc:  denied  { mounton } for  pid=4217 comm="syz.2.207" path="/45/file1" dev="tmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   59.878578][   T29] audit: type=1400 audit(1767028629.386:1703): avc:  denied  { create } for  pid=4213 comm="syz.1.206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   59.899682][ T4233] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #12: comm syz.2.207: corrupted in-inode xattr: e_name out of bounds
[   59.904272][ T4218] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #12: comm syz.2.207: corrupted in-inode xattr: e_name out of bounds
[   59.952909][ T4219] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü�¾SêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[   59.954417][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.954583][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.954730][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.954822][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.954914][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.955053][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.955183][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   59.955252][ T3504] Buffer I/O error on dev loop4, logical block 0, async page read
[   60.144641][ T4239] loop2: detected capacity change from 0 to 512
[   60.146168][ T4236] FAULT_INJECTION: forcing a failure.
[   60.146168][ T4236] name failslab, interval 1, probability 0, space 0, times 0
[   60.146290][ T4236] CPU: 1 UID: 0 PID: 4236 Comm: syz.0.209 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   60.146314][ T4236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   60.146335][ T4236] Call Trace:
[   60.146343][ T4236]  <TASK>
[   60.146351][ T4236]  __dump_stack+0x1d/0x30
[   60.146445][ T4236]  dump_stack_lvl+0x95/0xd0
[   60.146474][ T4236]  dump_stack+0x15/0x1b
[   60.146500][ T4236]  should_fail_ex+0x265/0x280
[   60.146530][ T4236]  should_failslab+0x8c/0xb0
[   60.146555][ T4236]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[   60.146604][ T4236]  ? __alloc_skb+0x2ff/0x4b0
[   60.146653][ T4236]  __alloc_skb+0x2ff/0x4b0
[   60.146687][ T4236]  tcp_stream_alloc_skb+0x2d/0x1d0
[   60.146739][ T4236]  tcp_connect+0x16c5/0x23a0
[   60.146770][ T4236]  tcp_sendmsg_fastopen+0x209/0x520
[   60.146846][ T4236]  tcp_sendmsg_locked+0x26e1/0x2c00
[   60.146887][ T4236]  ? next_uptodate_folio+0x815/0x890
[   60.146921][ T4236]  ? __rcu_read_unlock+0x4f/0x70
[   60.146992][ T4236]  ? avc_has_perm_noaudit+0xab/0x130
[   60.147021][ T4236]  ? avc_has_perm+0xf7/0x180
[   60.147046][ T4236]  ? _raw_spin_lock_bh+0x56/0xb0
[   60.147075][ T4236]  ? _raw_spin_unlock_bh+0x36/0x40
[   60.147099][ T4236]  ? __pfx_tcp_sendmsg+0x10/0x10
[   60.147184][ T4236]  tcp_sendmsg+0x2f/0x50
[   60.147210][ T4236]  inet6_sendmsg+0x76/0xd0
[   60.147280][ T4236]  __sock_sendmsg+0x8b/0x180
[   60.147300][ T4236]  sock_write_iter+0x1a7/0x1f0
[   60.147336][ T4236]  aio_write+0x2e5/0x410
[   60.147378][ T4236]  io_submit_one+0xb1f/0x1210
[   60.147472][ T4236]  __se_sys_io_submit+0xfb/0x280
[   60.147562][ T4236]  __x64_sys_io_submit+0x43/0x50
[   60.147591][ T4236]  x64_sys_call+0x2e40/0x3000
[   60.147625][ T4236]  do_syscall_64+0xca/0x2b0
[   60.147672][ T4236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.147753][ T4236] RIP: 0033:0x7fe083cff749
[   60.147787][ T4236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.147805][ T4236] RSP: 002b:00007fe08275f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[   60.147829][ T4236] RAX: ffffffffffffffda RBX: 00007fe083f55fa0 RCX: 00007fe083cff749
[   60.147841][ T4236] RDX: 0000200000000040 RSI: 0000000000000001 RDI: 00007fe083f2f000
[   60.147854][ T4236] RBP: 00007fe08275f090 R08: 0000000000000000 R09: 0000000000000000
[   60.147867][ T4236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.147918][ T4236] R13: 00007fe083f56038 R14: 00007fe083f55fa0 R15: 00007ffcfbd92bf8
[   60.147943][ T4236]  </TASK>
[   60.152971][ T4239] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   60.161061][ T4239] EXT4-fs (loop2): 1 truncate cleaned up
[   60.162051][ T4239] EXT4-fs (loop2): Online resizing not supported with sparse_super2
[   60.210156][ T4206] syz.4.195 (4206) used greatest stack depth: 7272 bytes left
[   60.308977][ T4246] FAULT_INJECTION: forcing a failure.
[   60.308977][ T4246] name failslab, interval 1, probability 0, space 0, times 0
[   60.309004][ T4246] CPU: 1 UID: 0 PID: 4246 Comm: syz.1.212 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   60.309094][ T4246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   60.309110][ T4246] Call Trace:
[   60.309118][ T4246]  <TASK>
[   60.309127][ T4246]  __dump_stack+0x1d/0x30
[   60.309158][ T4246]  dump_stack_lvl+0x95/0xd0
[   60.309184][ T4246]  dump_stack+0x15/0x1b
[   60.309256][ T4246]  should_fail_ex+0x265/0x280
[   60.309278][ T4246]  should_failslab+0x8c/0xb0
[   60.309305][ T4246]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[   60.309395][ T4246]  ? sidtab_sid2str_get+0xa0/0x130
[   60.309434][ T4246]  ? skb_put+0xa9/0xf0
[   60.309498][ T4246]  kmemdup_noprof+0x2b/0x70
[   60.309520][ T4246]  sidtab_sid2str_get+0xa0/0x130
[   60.309626][ T4246]  security_sid_to_context_core+0x1eb/0x2e0
[   60.309669][ T4246]  security_sid_to_context+0x27/0x40
[   60.309708][ T4246]  avc_audit_post_callback+0x9d/0x520
[   60.309793][ T4246]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   60.309839][ T4246]  common_lsm_audit+0x1bb/0x230
[   60.309865][ T4246]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   60.309963][ T4246]  ? avc_perm_nonode+0x82/0xe0
[   60.309983][ T4246]  slow_avc_audit+0x104/0x140
[   60.310069][ T4246]  avc_has_perm+0x13a/0x180
[   60.310126][ T4246]  sel_write_avc_cache_threshold+0xae/0x1c0
[   60.310162][ T4246]  ? __pfx_sel_write_avc_cache_threshold+0x10/0x10
[   60.310200][ T4246]  vfs_write+0x269/0x960
[   60.310220][ T4246]  ? __rcu_read_unlock+0x4f/0x70
[   60.310281][ T4246]  ? __fget_files+0x184/0x1c0
[   60.310311][ T4246]  ? mutex_lock+0x58/0x90
[   60.310341][ T4246]  ksys_write+0xda/0x1a0
[   60.310368][ T4246]  __x64_sys_write+0x40/0x50
[   60.310393][ T4246]  x64_sys_call+0x2847/0x3000
[   60.310506][ T4246]  do_syscall_64+0xca/0x2b0
[   60.310547][ T4246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.310575][ T4246] RIP: 0033:0x7f2798fbf749
[   60.310593][ T4246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.310615][ T4246] RSP: 002b:00007f2797a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   60.310732][ T4246] RAX: ffffffffffffffda RBX: 00007f2799215fa0 RCX: 00007f2798fbf749
[   60.310813][ T4246] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005
[   60.310825][ T4246] RBP: 00007f2797a27090 R08: 0000000000000000 R09: 0000000000000000
[   60.310837][ T4246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.310852][ T4246] R13: 00007f2799216038 R14: 00007f2799215fa0 R15: 00007ffe43e35938
[   60.310883][ T4246]  </TASK>
[   60.347291][ T1039] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   60.351733][ T1039] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   60.365781][ T4249] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.214: corrupted in-inode xattr: e_name out of bounds
[   60.366947][ T4249] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.214: corrupted in-inode xattr: e_name out of bounds
[   60.367679][ T4249] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.214: corrupted in-inode xattr: e_name out of bounds
[   60.397195][ T4251] fido_id[4251]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   60.612039][ T4262] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[   60.612141][ T4262] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   60.612257][ T4262] vhci_hcd vhci_hcd.0: Device attached
[   60.679363][ T4263] vhci_hcd: connection closed
[   60.679566][ T3664] vhci_hcd vhci_hcd.0: stop threads
[   60.679590][ T3664] vhci_hcd vhci_hcd.0: release socket
[   60.679631][ T3664] vhci_hcd vhci_hcd.0: disconnect device
[   60.973247][ T4271] ext4 filesystem being mounted at /31/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   61.052452][ T4274] FAULT_INJECTION: forcing a failure.
[   61.052452][ T4274] name failslab, interval 1, probability 0, space 0, times 0
[   61.052552][ T4274] CPU: 0 UID: 0 PID: 4274 Comm: syz.2.222 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   61.052577][ T4274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   61.052592][ T4274] Call Trace:
[   61.052609][ T4274]  <TASK>
[   61.052618][ T4274]  __dump_stack+0x1d/0x30
[   61.052731][ T4274]  dump_stack_lvl+0x95/0xd0
[   61.052783][ T4274]  dump_stack+0x15/0x1b
[   61.052819][ T4274]  should_fail_ex+0x265/0x280
[   61.052851][ T4274]  should_failslab+0x8c/0xb0
[   61.052874][ T4274]  __kmalloc_cache_noprof+0x65/0x4c0
[   61.052946][ T4274]  ? find_get_context+0x8f/0x530
[   61.052991][ T4274]  find_get_context+0x8f/0x530
[   61.053093][ T4274]  __se_sys_perf_event_open+0x8cc/0x1210
[   61.053185][ T4274]  __x64_sys_perf_event_open+0x67/0x80
[   61.053231][ T4274]  x64_sys_call+0x78c/0x3000
[   61.053265][ T4274]  do_syscall_64+0xca/0x2b0
[   61.053356][ T4274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.053403][ T4274] RIP: 0033:0x7f7291ccf749
[   61.053422][ T4274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.053445][ T4274] RSP: 002b:00007f729072f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[   61.053535][ T4274] RAX: ffffffffffffffda RBX: 00007f7291f25fa0 RCX: 00007f7291ccf749
[   61.053552][ T4274] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000100
[   61.053569][ T4274] RBP: 00007f729072f090 R08: 0000000000000000 R09: 0000000000000000
[   61.053584][ T4274] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[   61.053601][ T4274] R13: 00007f7291f26038 R14: 00007f7291f25fa0 R15: 00007fffa8171dc8
[   61.053671][ T4274]  </TASK>
[   61.229962][ T3482] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[   61.230433][ T3482] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   61.269785][ T4284] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.226: corrupted in-inode xattr: e_name out of bounds
[   61.270826][ T4284] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.226: corrupted in-inode xattr: e_name out of bounds
[   61.276910][ T4284] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #12: comm syz.0.226: corrupted in-inode xattr: e_name out of bounds
[   61.334281][ T4289] fido_id[4289]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   61.388140][ T4293] EXT4-fs (loop2): 1 orphan inode deleted
[   61.388974][ T4293] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.404783][  T289] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:6: Failed to release dquot type 1
[   61.525520][ T4305] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   61.539723][ T4305] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.811261][ T4320] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[   62.086404][ T4320] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   62.087567][ T4320] vhci_hcd vhci_hcd.0: Device attached
[   62.108969][ T4322] vhci_hcd: connection closed
[   62.109259][   T12] vhci_hcd vhci_hcd.0: stop threads
[   62.120043][   T12] vhci_hcd vhci_hcd.0: release socket
[   62.125489][   T12] vhci_hcd vhci_hcd.0: disconnect device
[   62.138703][ T4305] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.223902][ T4305] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.296069][ T4305] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.333084][ T3787] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   62.343431][ T4334] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   62.359357][ T3787] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   62.380967][ T4334] EXT4-fs (loop3): mount failed
[   62.407950][ T4332] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #12: comm syz.4.240: corrupted in-inode xattr: e_name out of bounds
[   62.431027][ T4305] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.453228][ T4332] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #12: comm syz.4.240: corrupted in-inode xattr: e_name out of bounds
[   62.468499][ T4332] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #12: comm syz.4.240: corrupted in-inode xattr: e_name out of bounds
[   62.529380][  T815] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.543902][  T815] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.566135][  T815] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.597711][  T289] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.839856][ T4361] validate_nla: 6 callbacks suppressed
[   62.839875][ T4361] netlink: 'syz.1.250': attribute type 10 has an invalid length.
[   62.931934][ T4361] team0: Port device dummy0 added
[   63.354358][ T4379] set_capacity_and_notify: 9 callbacks suppressed
[   63.354377][ T4379] loop4: detected capacity change from 0 to 512
[   63.370722][ T4379] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   63.382960][ T4379] EXT4-fs (loop4): 1 truncate cleaned up
[   63.391030][ T4379] FAULT_INJECTION: forcing a failure.
[   63.391030][ T4379] name failslab, interval 1, probability 0, space 0, times 0
[   63.403748][ T4379] CPU: 1 UID: 0 PID: 4379 Comm: syz.4.254 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.403824][ T4379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   63.403841][ T4379] Call Trace:
[   63.403850][ T4379]  <TASK>
[   63.403861][ T4379]  __dump_stack+0x1d/0x30
[   63.403893][ T4379]  dump_stack_lvl+0x95/0xd0
[   63.403923][ T4379]  dump_stack+0x15/0x1b
[   63.403978][ T4379]  should_fail_ex+0x265/0x280
[   63.404002][ T4379]  should_failslab+0x8c/0xb0
[   63.404029][ T4379]  kmem_cache_alloc_noprof+0x69/0x4b0
[   63.404052][ T4379]  ? ioctx_alloc+0xe4/0x4c0
[   63.404119][ T4379]  ? __fget_files+0x184/0x1c0
[   63.404144][ T4379]  ioctx_alloc+0xe4/0x4c0
[   63.404250][ T4379]  ? fput+0x8f/0xc0
[   63.404297][ T4379]  __se_sys_io_setup+0x6b/0x1b0
[   63.404352][ T4379]  __x64_sys_io_setup+0x31/0x40
[   63.404450][ T4379]  x64_sys_call+0x2a8e/0x3000
[   63.404483][ T4379]  do_syscall_64+0xca/0x2b0
[   63.404528][ T4379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.404595][ T4379] RIP: 0033:0x7fb8aed4f749
[   63.404614][ T4379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.404638][ T4379] RSP: 002b:00007fb8ad76d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[   63.404660][ T4379] RAX: ffffffffffffffda RBX: 00007fb8aefa6180 RCX: 00007fb8aed4f749
[   63.404673][ T4379] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 00000000000004fe
[   63.404690][ T4379] RBP: 00007fb8ad76d090 R08: 0000000000000000 R09: 0000000000000000
[   63.404706][ T4379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.404723][ T4379] R13: 00007fb8aefa6218 R14: 00007fb8aefa6180 R15: 00007ffc85c01038
[   63.404744][ T4379]  </TASK>
[   63.755607][ T4386] loop2: detected capacity change from 0 to 128
[   63.769247][ T4104] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   63.805645][ T4387] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[   63.812281][ T4387] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   63.819963][ T4387] vhci_hcd vhci_hcd.0: Device attached
[   63.841646][ T4104] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   63.876397][ T4386] ext4 filesystem being mounted at /55/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   63.903666][ T4375] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.930345][ T4382] vfat: Unknown parameter '[*{$'
[   63.938753][ T4388] vhci_hcd: connection closed
[   63.939032][  T815] vhci_hcd vhci_hcd.3: stop threads
[   63.949143][  T815] vhci_hcd vhci_hcd.3: release socket
[   63.954616][  T815] vhci_hcd vhci_hcd.3: disconnect device
[   63.995776][ T4375] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.006421][ T4104] vhci_hcd vhci_hcd.3: vhci_device speed not set
[   64.076649][ T4375] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.147601][ T4401] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   64.208910][ T4375] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.420764][  T815] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.438138][  T815] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.462982][ T4405] netlink: 'syz.2.261': attribute type 1 has an invalid length.
[   64.470817][ T4405] netlink: 'syz.2.261': attribute type 4 has an invalid length.
[   64.478597][ T4405] __nla_validate_parse: 6 callbacks suppressed
[   64.478609][ T4405] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.261'.
[   64.502041][  T815] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.540643][  T815] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.589670][ T4411] netlink: 'syz.3.264': attribute type 4 has an invalid length.
[   64.602579][ T4412] netlink: 'syz.2.261': attribute type 1 has an invalid length.
[   64.610644][ T4412] netlink: 'syz.2.261': attribute type 4 has an invalid length.
[   64.619213][ T4412] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.261'.
[   64.637121][ T4413] bridge0: entered promiscuous mode
[   64.665743][ T4413] bridge0: port 3(macvtap1) entered blocking state
[   64.672437][ T4413] bridge0: port 3(macvtap1) entered disabled state
[   64.693327][   T29] kauditd_printk_skb: 327 callbacks suppressed
[   64.693346][   T29] audit: type=1326 audit(1767028634.386:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.729388][ T4413] macvtap1: entered allmulticast mode
[   64.734935][ T4413] bridge0: entered allmulticast mode
[   64.746013][ T4420] loop3: detected capacity change from 0 to 512
[   64.754755][ T4413] macvtap1: left allmulticast mode
[   64.759920][ T4413] bridge0: left allmulticast mode
[   64.806955][ T4420] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.267: bg 0: block 248: padding at end of block bitmap is not set
[   64.821967][   T29] audit: type=1326 audit(1767028634.386:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.845412][   T29] audit: type=1326 audit(1767028634.386:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.868906][   T29] audit: type=1326 audit(1767028634.456:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.892318][   T29] audit: type=1326 audit(1767028634.456:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.915711][   T29] audit: type=1326 audit(1767028634.456:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.939099][   T29] audit: type=1326 audit(1767028634.456:2035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.962521][   T29] audit: type=1326 audit(1767028634.456:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   64.985861][   T29] audit: type=1326 audit(1767028634.456:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   65.009309][   T29] audit: type=1326 audit(1767028634.456:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4417 comm="syz.2.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   65.046717][ T4420] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.267: Failed to acquire dquot type 1
[   65.072203][ T4418] loop2: detected capacity change from 0 to 8192
[   65.079364][ T4413] bridge0: left promiscuous mode
[   65.095733][ T4421] lo speed is unknown, defaulting to 1000
[   65.102280][ T4420] EXT4-fs (loop3): 1 truncate cleaned up
[   65.108939][ T4420] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.119793][ T4421] lo speed is unknown, defaulting to 1000
[   65.128482][ T4421] lo speed is unknown, defaulting to 1000
[   65.136507][ T4421] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   65.147742][ T4421] lo speed is unknown, defaulting to 1000
[   65.155504][ T4421] lo speed is unknown, defaulting to 1000
[   65.162196][ T4421] lo speed is unknown, defaulting to 1000
[   65.168915][ T4421] lo speed is unknown, defaulting to 1000
[   65.181992][ T4421] lo speed is unknown, defaulting to 1000
[   65.278027][ T4104] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[   65.288283][ T4104] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   65.330823][ T4429] vfat: Unknown parameter '[*{$'
[   65.478336][ T4437] rtc_cmos 00:00: Alarms can be up to one day in the future
[   65.617205][ T4447] netlink: 'syz.2.276': attribute type 1 has an invalid length.
[   65.624979][ T4447] netlink: 'syz.2.276': attribute type 4 has an invalid length.
[   65.632673][ T4447] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.276'.
[   65.647266][ T4445] loop0: detected capacity change from 0 to 2048
[   65.664240][ T4449] loop4: detected capacity change from 0 to 512
[   65.674855][ T4449] EXT4-fs (loop4): 1 orphan inode deleted
[   65.689975][ T4450] netlink: 'syz.2.276': attribute type 1 has an invalid length.
[   65.697734][ T4450] netlink: 'syz.2.276': attribute type 4 has an invalid length.
[   65.706195][ T4450] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.276'.
[   65.717718][ T4449] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.734649][ T3656] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:15: Failed to release dquot type 1
[   65.815495][ T4459] x_tables: duplicate underflow at hook 2
[   65.835593][ T4462] FAULT_INJECTION: forcing a failure.
[   65.835593][ T4462] name failslab, interval 1, probability 0, space 0, times 0
[   65.848421][ T4462] CPU: 1 UID: 0 PID: 4462 Comm: syz.0.282 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   65.848456][ T4462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   65.848469][ T4462] Call Trace:
[   65.848503][ T4462]  <TASK>
[   65.848513][ T4462]  __dump_stack+0x1d/0x30
[   65.848568][ T4462]  dump_stack_lvl+0x95/0xd0
[   65.848599][ T4462]  dump_stack+0x15/0x1b
[   65.848626][ T4462]  should_fail_ex+0x265/0x280
[   65.848659][ T4462]  should_failslab+0x8c/0xb0
[   65.848758][ T4462]  __kmalloc_cache_noprof+0x65/0x4c0
[   65.848789][ T4462]  ? rtnl_newlink+0x5c/0x1360
[   65.848815][ T4462]  ? __pfx_rtnl_newlink+0x10/0x10
[   65.848841][ T4462]  rtnl_newlink+0x5c/0x1360
[   65.848883][ T4462]  ? css_rstat_updated+0xbb/0x280
[   65.848911][ T4462]  ? css_rstat_updated+0xbb/0x280
[   65.848937][ T4462]  ? refill_stock+0x32f/0x390
[   65.848961][ T4462]  ? x86_call_depth_emit_accounting+0x128/0x2e0
[   65.848994][ T4462]  ? __rcu_read_unlock+0x4f/0x70
[   65.849069][ T4462]  ? css_rstat_updated+0xbb/0x280
[   65.849098][ T4462]  ? __memcg_slab_free_hook+0x135/0x230
[   65.849232][ T4462]  ? __rcu_read_unlock+0x4f/0x70
[   65.849260][ T4462]  ? avc_has_perm_noaudit+0xab/0x130
[   65.849316][ T4462]  ? cred_has_capability+0x210/0x280
[   65.849441][ T4462]  ? selinux_capable+0x31/0x40
[   65.849471][ T4462]  ? security_capable+0x83/0x90
[   65.849516][ T4462]  ? ns_capable+0x7d/0xb0
[   65.849555][ T4462]  ? __pfx_rtnl_newlink+0x10/0x10
[   65.849617][ T4462]  rtnetlink_rcv_msg+0x5fe/0x6d0
[   65.849669][ T4462]  netlink_rcv_skb+0x123/0x220
[   65.849760][ T4462]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   65.849814][ T4462]  rtnetlink_rcv+0x1c/0x30
[   65.849873][ T4462]  netlink_unicast+0x5c0/0x690
[   65.849928][ T4462]  netlink_sendmsg+0x58b/0x6b0
[   65.849975][ T4462]  ? __pfx_netlink_sendmsg+0x10/0x10
[   65.850079][ T4462]  __sock_sendmsg+0x145/0x180
[   65.850105][ T4462]  ____sys_sendmsg+0x31e/0x4a0
[   65.850148][ T4462]  ___sys_sendmsg+0x17b/0x1d0
[   65.850212][ T4462]  __x64_sys_sendmsg+0xd4/0x160
[   65.850265][ T4462]  x64_sys_call+0x17ba/0x3000
[   65.850340][ T4462]  do_syscall_64+0xca/0x2b0
[   65.850387][ T4462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.850423][ T4462] RIP: 0033:0x7fe083cff749
[   65.850442][ T4462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.850465][ T4462] RSP: 002b:00007fe08275f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   65.850491][ T4462] RAX: ffffffffffffffda RBX: 00007fe083f55fa0 RCX: 00007fe083cff749
[   65.850576][ T4462] RDX: 0000000000002054 RSI: 0000200000000000 RDI: 0000000000000006
[   65.850590][ T4462] RBP: 00007fe08275f090 R08: 0000000000000000 R09: 0000000000000000
[   65.850606][ T4462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.850622][ T4462] R13: 00007fe083f56038 R14: 00007fe083f55fa0 R15: 00007ffcfbd92bf8
[   65.850647][ T4462]  </TASK>
[   66.208488][ T4470] loop0: detected capacity change from 0 to 512
[   66.223509][ T4470] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   66.231701][ T4470] EXT4-fs (loop0): orphan cleanup on readonly fs
[   66.238788][ T4470] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.285: Failed to acquire dquot type 1
[   66.249239][ T4464] loop2: detected capacity change from 0 to 512
[   66.260926][ T4470] EXT4-fs (loop0): Remounting filesystem read-only
[   66.267663][ T4470] EXT4-fs (loop0): 1 truncate cleaned up
[   66.274816][ T3650] rtc_cmos 00:00: Alarms can be up to one day in the future
[   66.282676][ T3650] rtc_cmos 00:00: Alarms can be up to one day in the future
[   66.290563][ T3650] rtc_cmos 00:00: Alarms can be up to one day in the future
[   66.298443][ T3650] rtc_cmos 00:00: Alarms can be up to one day in the future
[   66.306709][ T3650] rtc rtc0: __rtc_set_alarm: err=-22
[   66.325052][ T4104] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   66.342132][ T4467] loop4: detected capacity change from 0 to 2048
[   66.350711][ T4104] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   66.428620][ T4464] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.484399][ T4467] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #12: comm syz.4.283: corrupted in-inode xattr: e_name out of bounds
[   66.506574][ T4460] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.280: Failed to acquire dquot type 0
[   66.522126][ T4467] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #12: comm syz.4.283: corrupted in-inode xattr: e_name out of bounds
[   66.526115][ T4467] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #12: comm syz.4.283: corrupted in-inode xattr: e_name out of bounds
[   66.567408][ T4488] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.290'.
[   66.683434][ T4489] lo speed is unknown, defaulting to 1000
[   66.841746][ T4492] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.290'.
[   67.224356][ T4496] loop3: detected capacity change from 0 to 128
[   67.283599][ T4496] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   67.358903][ T4508] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   67.394537][ T4509] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4509 comm=syz.0.296
[   67.425528][ T4508] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   67.461819][ T4517] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   67.488326][ T4517] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.298: corrupted in-inode xattr: bad e_name length
[   67.514844][ T4517] EXT4-fs (loop3): Remounting filesystem read-only
[   67.607573][ T4523] EXT4-fs: Ignoring removed orlov option
[   67.627206][ T4531] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.303'.
[   67.637552][ T4523] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   67.639579][ T4524] capability: warning: `syz.0.302' uses deprecated v2 capabilities in a way that may be insecure
[   67.659727][ T4531] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.303'.
[   67.731860][ T4539] dvmrp8: entered allmulticast mode
[   67.750125][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[   67.804378][ T4545] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   67.845423][ T4550] EXT4-fs (loop4): 1 orphan inode deleted
[   67.866519][ T3656] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:15: Failed to release dquot type 1
[   67.887194][ T4550] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.967403][ T4557] EXT4-fs (loop3): 1 orphan inode deleted
[   67.978847][ T4557] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.989706][ T3685] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:40: Failed to release dquot type 1
[   68.865693][ T4588] set_capacity_and_notify: 6 callbacks suppressed
[   68.865712][ T4588] loop2: detected capacity change from 0 to 512
[   69.134889][ T4588] EXT4-fs (loop2): 1 orphan inode deleted
[   69.149660][ T4588] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.162531][   T37] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:2: Failed to release dquot type 1
[   69.188311][ T4572] lo speed is unknown, defaulting to 1000
[   69.341002][ T4599] ip6erspan0: entered allmulticast mode
[   69.456442][ T4603] validate_nla: 8 callbacks suppressed
[   69.456456][ T4603] netlink: 'syz.2.328': attribute type 1 has an invalid length.
[   69.469756][ T4603] netlink: 'syz.2.328': attribute type 4 has an invalid length.
[   69.477865][ T4603] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.328'.
[   69.488340][ T4603] netlink: 'syz.2.328': attribute type 1 has an invalid length.
[   69.496123][ T4603] netlink: 'syz.2.328': attribute type 4 has an invalid length.
[   69.503844][ T4603] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.328'.
[   69.584685][ T4611] netlink: 'syz.3.331': attribute type 1 has an invalid length.
[   69.619838][ T4611] 8021q: adding VLAN 0 to HW filter on device bond1
[   69.686341][ T4611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.331'.
[   69.743034][   T29] kauditd_printk_skb: 462 callbacks suppressed
[   69.743053][   T29] audit: type=1326 audit(1767028639.416:2491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.772744][   T29] audit: type=1326 audit(1767028639.416:2492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.782608][ T3566] Bluetooth: hci0: command 0x1003 tx timeout
[   69.796653][   T29] audit: type=1326 audit(1767028639.416:2493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.812786][ T4625] loop3: detected capacity change from 0 to 512
[   69.825926][   T29] audit: type=1326 audit(1767028639.416:2494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.844928][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   69.855774][   T29] audit: type=1326 audit(1767028639.416:2495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.884989][   T29] audit: type=1326 audit(1767028639.416:2496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.908337][   T29] audit: type=1326 audit(1767028639.426:2497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.931849][   T29] audit: type=1326 audit(1767028639.426:2498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.955196][   T29] audit: type=1326 audit(1767028639.426:2499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   69.978589][   T29] audit: type=1326 audit(1767028639.426:2500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[   70.084718][ T4625] EXT4-fs (loop3): 1 orphan inode deleted
[   70.104132][   T12] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:0: Failed to release dquot type 1
[   70.133913][ T4625] EXT4-fs mount: 61 callbacks suppressed
[   70.133936][ T4625] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.210813][ T4625] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.277390][ T4635] netlink: 'syz.2.340': attribute type 1 has an invalid length.
[   70.285287][ T4635] netlink: 'syz.2.340': attribute type 4 has an invalid length.
[   70.293119][ T4635] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.340'.
[   70.322969][ T4639] loop4: detected capacity change from 0 to 128
[   70.330690][ T4635] netlink: 'syz.2.340': attribute type 1 has an invalid length.
[   70.338467][ T4635] netlink: 'syz.2.340': attribute type 4 has an invalid length.
[   70.346221][ T4635] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.340'.
[   70.357947][ T4639] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.370854][ T4639] ext4 filesystem being mounted at /52/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   70.396568][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.428312][ T4642] FAULT_INJECTION: forcing a failure.
[   70.428312][ T4642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.436171][ T4645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.343'.
[   70.443543][ T4642] CPU: 0 UID: 0 PID: 4642 Comm: syz.1.342 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.443631][ T4642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   70.443673][ T4642] Call Trace:
[   70.443694][ T4642]  <TASK>
[   70.443717][ T4642]  __dump_stack+0x1d/0x30
[   70.443828][ T4642]  dump_stack_lvl+0x95/0xd0
[   70.443904][ T4642]  dump_stack+0x15/0x1b
[   70.443974][ T4642]  should_fail_ex+0x265/0x280
[   70.444055][ T4642]  should_fail+0xb/0x20
[   70.444119][ T4642]  should_fail_usercopy+0x1a/0x20
[   70.444204][ T4642]  _copy_to_user+0x20/0xa0
[   70.444292][ T4642]  simple_read_from_buffer+0xb5/0x130
[   70.444419][ T4642]  proc_fail_nth_read+0x10e/0x150
[   70.444535][ T4642]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   70.444683][ T4642]  vfs_read+0x1a8/0x770
[   70.444786][ T4642]  ? __rcu_read_unlock+0x4f/0x70
[   70.444845][ T4642]  ? __fget_files+0x184/0x1c0
[   70.444920][ T4642]  ? mutex_lock+0x58/0x90
[   70.445015][ T4642]  ksys_read+0xda/0x1a0
[   70.445080][ T4642]  __x64_sys_read+0x40/0x50
[   70.445234][ T4642]  x64_sys_call+0x2889/0x3000
[   70.445317][ T4642]  do_syscall_64+0xca/0x2b0
[   70.445434][ T4642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.445507][ T4642] RIP: 0033:0x7f2798fbe15c
[   70.445558][ T4642] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   70.445673][ T4642] RSP: 002b:00007f2797a27030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   70.445736][ T4642] RAX: ffffffffffffffda RBX: 00007f2799215fa0 RCX: 00007f2798fbe15c
[   70.445778][ T4642] RDX: 000000000000000f RSI: 00007f2797a270a0 RDI: 0000000000000004
[   70.445821][ T4642] RBP: 00007f2797a27090 R08: 0000000000000000 R09: 0000000000000000
[   70.445875][ T4642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   70.445923][ T4642] R13: 00007f2799216038 R14: 00007f2799215fa0 R15: 00007ffe43e35938
[   70.446065][ T4642]  </TASK>
[   70.648476][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   70.700923][ T4651] loop3: detected capacity change from 0 to 512
[   70.730168][ T4651] ext3: Bad value for 'max_batch_time'
[   70.790100][ T4651] netlink: 'syz.3.346': attribute type 10 has an invalid length.
[   70.810195][ T4658] siw: device registration error -23
[   70.895095][ T4660] loop3: detected capacity change from 0 to 512
[   70.914359][ T4660] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   70.945289][ T4660] EXT4-fs (loop3): 1 truncate cleaned up
[   70.959010][ T4660] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.991821][ T4660] EXT4-fs (loop3): Online resizing not supported with sparse_super2
[   71.016782][ T4666] loop0: detected capacity change from 0 to 8192
[   71.095732][ T4676] loop4: detected capacity change from 0 to 8192
[   71.221527][ T4687] loop0: detected capacity change from 0 to 2048
[   71.237347][ T4687] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.251621][ T4691] siw: device registration error -23
[   71.268209][ T4692] siw: device registration error -23
[   71.275590][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.383406][ T4701] loop4: detected capacity change from 0 to 2048
[   71.405768][ T4701] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.420458][ T4694] FAULT_INJECTION: forcing a failure.
[   71.420458][ T4694] name failslab, interval 1, probability 0, space 0, times 0
[   71.433991][ T4694] CPU: 0 UID: 0 PID: 4694 Comm: syz.0.363 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   71.434021][ T4694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   71.434034][ T4694] Call Trace:
[   71.434040][ T4694]  <TASK>
[   71.434048][ T4694]  __dump_stack+0x1d/0x30
[   71.434079][ T4694]  dump_stack_lvl+0x95/0xd0
[   71.434107][ T4694]  dump_stack+0x15/0x1b
[   71.434172][ T4694]  should_fail_ex+0x265/0x280
[   71.434264][ T4694]  should_failslab+0x8c/0xb0
[   71.434403][ T4694]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[   71.434439][ T4694]  ? sidtab_sid2str_get+0xa0/0x130
[   71.434473][ T4694]  kmemdup_noprof+0x2b/0x70
[   71.434492][ T4694]  sidtab_sid2str_get+0xa0/0x130
[   71.434545][ T4694]  security_sid_to_context_core+0x1eb/0x2e0
[   71.434578][ T4694]  security_sid_to_context+0x27/0x40
[   71.434620][ T4694]  selinux_lsmprop_to_secctx+0x67/0xf0
[   71.434721][ T4694]  security_lsmprop_to_secctx+0x1a3/0x1c0
[   71.434761][ T4694]  audit_log_subj_ctx+0xa4/0x3e0
[   71.434854][ T4694]  ? skb_put+0xa9/0xf0
[   71.434921][ T4694]  audit_log_task_context+0x48/0x70
[   71.434946][ T4694]  audit_log_task+0xf4/0x250
[   71.434999][ T4694]  audit_seccomp+0x61/0x100
[   71.435100][ T4694]  ? __seccomp_filter+0x832/0x1260
[   71.435203][ T4694]  __seccomp_filter+0x843/0x1260
[   71.435236][ T4694]  ? __schedule+0x85f/0xcd0
[   71.435266][ T4694]  __secure_computing+0x82/0x150
[   71.435326][ T4694]  syscall_trace_enter+0xcf/0x1e0
[   71.435352][ T4694]  do_syscall_64+0xa4/0x2b0
[   71.435390][ T4694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.435434][ T4694] RIP: 0033:0x7fe083cfe15c
[   71.435450][ T4694] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   71.435469][ T4694] RSP: 002b:00007fe08275f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   71.435564][ T4694] RAX: ffffffffffffffda RBX: 00007fe083f55fa0 RCX: 00007fe083cfe15c
[   71.435578][ T4694] RDX: 000000000000000f RSI: 00007fe08275f0a0 RDI: 0000000000000004
[   71.435590][ T4694] RBP: 00007fe08275f090 R08: 0000000000000000 R09: 0000000000000000
[   71.435603][ T4694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   71.435616][ T4694] R13: 00007fe083f56038 R14: 00007fe083f55fa0 R15: 00007ffcfbd92bf8
[   71.435637][ T4694]  </TASK>
[   71.436604][ T4704] siw: device registration error -23
[   71.684203][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.710290][ T4708] netlink: 4 bytes leftover after parsing attributes in process `syz.4.367'.
[   71.719571][ T4708] netlink: 12 bytes leftover after parsing attributes in process `syz.4.367'.
[   71.741322][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.826166][ T4713] loop4: detected capacity change from 0 to 2048
[   72.015622][ T4734] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   72.031923][ T4734] EXT4-fs (loop3): 1 truncate cleaned up
[   72.050192][ T4738] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   72.075579][ T4734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.089575][ T4740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.379'.
[   72.107932][ T4738] EXT4-fs (loop2): 1 truncate cleaned up
[   72.118228][ T4738] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.149113][ T4738] EXT4-fs (loop2): Online resizing not supported with sparse_super2
[   72.240065][ T4748] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   72.259045][ T4749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.381'.
[   72.273697][ T4746] netlink: 8 bytes leftover after parsing attributes in process `syz.4.381'.
[   72.284899][ T4748] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.312326][ T4748] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.365075][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.499667][ T4776] IPv6: NLM_F_CREATE should be specified when creating new route
[   72.525432][ T4779] FAULT_INJECTION: forcing a failure.
[   72.525432][ T4779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.538694][ T4779] CPU: 1 UID: 0 PID: 4779 Comm: syz.0.394 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.538762][ T4779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   72.538779][ T4779] Call Trace:
[   72.538793][ T4779]  <TASK>
[   72.538800][ T4779]  __dump_stack+0x1d/0x30
[   72.538824][ T4779]  dump_stack_lvl+0x95/0xd0
[   72.538926][ T4779]  dump_stack+0x15/0x1b
[   72.538952][ T4779]  should_fail_ex+0x265/0x280
[   72.538982][ T4779]  ? __pfx_ppp_ioctl+0x10/0x10
[   72.539037][ T4779]  should_fail+0xb/0x20
[   72.539053][ T4779]  should_fail_usercopy+0x1a/0x20
[   72.539074][ T4779]  _copy_from_user+0x1c/0xb0
[   72.539151][ T4779]  memdup_user+0x5e/0xd0
[   72.539166][ T4779]  ppp_get_filter+0xdb/0x160
[   72.539191][ T4779]  ppp_ioctl+0xb93/0x11c0
[   72.539212][ T4779]  ? __fget_files+0x184/0x1c0
[   72.539260][ T4779]  ? __pfx_ppp_ioctl+0x10/0x10
[   72.539282][ T4779]  __se_sys_ioctl+0xce/0x140
[   72.539310][ T4779]  __x64_sys_ioctl+0x43/0x50
[   72.539401][ T4779]  x64_sys_call+0x14b0/0x3000
[   72.539423][ T4779]  do_syscall_64+0xca/0x2b0
[   72.539507][ T4779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.539525][ T4779] RIP: 0033:0x7fe083cff749
[   72.539538][ T4779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.539552][ T4779] RSP: 002b:00007fe08275f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.539594][ T4779] RAX: ffffffffffffffda RBX: 00007fe083f55fa0 RCX: 00007fe083cff749
[   72.539671][ T4779] RDX: 0000200000000240 RSI: 0000000040107446 RDI: 0000000000000003
[   72.539712][ T4779] RBP: 00007fe08275f090 R08: 0000000000000000 R09: 0000000000000000
[   72.539728][ T4779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.539744][ T4779] R13: 00007fe083f56038 R14: 00007fe083f55fa0 R15: 00007ffcfbd92bf8
[   72.539775][ T4779]  </TASK>
[   72.858483][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.890316][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.017482][ T4799] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   73.077205][ T4799] EXT4-fs (loop2): mount failed
[   73.137435][ T4803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.255239][ T4803] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.350354][ T4827] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   73.482064][ T4803] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.403: Failed to acquire dquot type 0
[   73.628449][ T4841] FAULT_INJECTION: forcing a failure.
[   73.628449][ T4841] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.641686][ T4841] CPU: 0 UID: 0 PID: 4841 Comm: syz.4.416 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.641730][ T4841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   73.641837][ T4841] Call Trace:
[   73.641845][ T4841]  <TASK>
[   73.641856][ T4841]  __dump_stack+0x1d/0x30
[   73.641894][ T4841]  dump_stack_lvl+0x95/0xd0
[   73.641924][ T4841]  dump_stack+0x15/0x1b
[   73.641951][ T4841]  should_fail_ex+0x265/0x280
[   73.642038][ T4841]  should_fail+0xb/0x20
[   73.642124][ T4841]  should_fail_usercopy+0x1a/0x20
[   73.642151][ T4841]  _copy_from_user+0x1c/0xb0
[   73.642189][ T4841]  memdup_user+0x5e/0xd0
[   73.642214][ T4841]  strndup_user+0x68/0xb0
[   73.642239][ T4841]  perf_uprobe_init+0x48/0x150
[   73.642282][ T4841]  perf_uprobe_event_init+0xc4/0x140
[   73.642323][ T4841]  perf_try_init_event+0xd9/0x540
[   73.642493][ T4841]  ? perf_event_alloc+0xb2f/0x18d0
[   73.642533][ T4841]  perf_event_alloc+0xb3a/0x18d0
[   73.642665][ T4841]  ? __fget_files+0x184/0x1c0
[   73.642698][ T4841]  __se_sys_perf_event_open+0x603/0x1210
[   73.642757][ T4841]  ? __schedule+0x85f/0xcd0
[   73.642791][ T4841]  __x64_sys_perf_event_open+0x67/0x80
[   73.642870][ T4841]  x64_sys_call+0x78c/0x3000
[   73.642924][ T4841]  do_syscall_64+0xca/0x2b0
[   73.642964][ T4841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.643070][ T4841] RIP: 0033:0x7fb8aed4f749
[   73.643085][ T4841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.643110][ T4841] RSP: 002b:00007fb8ad7af038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[   73.643135][ T4841] RAX: ffffffffffffffda RBX: 00007fb8aefa5fa0 RCX: 00007fb8aed4f749
[   73.643188][ T4841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[   73.643200][ T4841] RBP: 00007fb8ad7af090 R08: 0000000000000000 R09: 0000000000000000
[   73.643212][ T4841] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[   73.643226][ T4841] R13: 00007fb8aefa6038 R14: 00007fb8aefa5fa0 R15: 00007ffc85c01038
[   73.643245][ T4841]  </TASK>
[   73.856561][ T4827] EXT4-fs (loop0): 1 truncate cleaned up
[   73.863742][ T4827] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.913205][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.947009][ T4827] EXT4-fs (loop0): Online resizing not supported with sparse_super2
[   74.100964][ T4853] set_capacity_and_notify: 8 callbacks suppressed
[   74.100983][ T4853] loop4: detected capacity change from 0 to 128
[   74.120640][ T4853] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   74.136121][ T4853] ext4 filesystem being mounted at /74/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   74.172124][ T4859] loop3: detected capacity change from 0 to 512
[   74.177847][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.204779][ T4859] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   74.225738][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   74.263805][ T4859] EXT4-fs (loop3): mount failed
[   74.331983][ T4876] FAULT_INJECTION: forcing a failure.
[   74.331983][ T4876] name failslab, interval 1, probability 0, space 0, times 0
[   74.344864][ T4876] CPU: 0 UID: 0 PID: 4876 Comm: syz.1.428 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   74.344890][ T4876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   74.344910][ T4876] Call Trace:
[   74.344916][ T4876]  <TASK>
[   74.344924][ T4876]  __dump_stack+0x1d/0x30
[   74.344957][ T4876]  dump_stack_lvl+0x95/0xd0
[   74.345065][ T4876]  dump_stack+0x15/0x1b
[   74.345092][ T4876]  should_fail_ex+0x265/0x280
[   74.345187][ T4876]  should_failslab+0x8c/0xb0
[   74.345218][ T4876]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[   74.345308][ T4876]  ? key_alloc+0x2b8/0x9a0
[   74.345345][ T4876]  kmemdup_noprof+0x2b/0x70
[   74.345371][ T4876]  key_alloc+0x2b8/0x9a0
[   74.345479][ T4876]  keyring_alloc+0x45/0xb0
[   74.345516][ T4876]  lookup_user_key+0x2ea/0xd10
[   74.345545][ T4876]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[   74.345582][ T4876]  __se_sys_add_key+0x268/0x350
[   74.345627][ T4876]  __x64_sys_add_key+0x67/0x80
[   74.345676][ T4876]  x64_sys_call+0x2ea3/0x3000
[   74.345727][ T4876]  do_syscall_64+0xca/0x2b0
[   74.345766][ T4876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.345795][ T4876] RIP: 0033:0x7f2798fbf749
[   74.345813][ T4876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.345866][ T4876] RSP: 002b:00007f2797a27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   74.345892][ T4876] RAX: ffffffffffffffda RBX: 00007f2799215fa0 RCX: 00007f2798fbf749
[   74.345916][ T4876] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000200000000000
[   74.346013][ T4876] RBP: 00007f2797a27090 R08: ffffffffffffffff R09: 0000000000000000
[   74.346031][ T4876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.346047][ T4876] R13: 00007f2799216038 R14: 00007f2799215fa0 R15: 00007ffe43e35938
[   74.346071][ T4876]  </TASK>
[   92.059987][ T4883] loop4: detected capacity change from 0 to 512
[   92.104029][ T4892] loop3: detected capacity change from 0 to 1024
[   92.132327][ T4883] EXT4-fs (loop4): 1 orphan inode deleted
[   92.138764][ T4883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.152261][ T3656] __quota_error: 945 callbacks suppressed
[   92.152291][ T3656] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[   92.167980][ T3656] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:15: Failed to release dquot type 1
[   92.180828][ T4883] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   92.203177][ T4892] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5
[   92.212278][ T4892] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[   92.221737][ T4892] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.432: Failed to acquire dquot type 0
[   92.233330][ T4892] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   92.248025][ T4892] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #13: comm syz.3.432: corrupted inode contents
[   92.260125][ T4892] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #13: comm syz.3.432: mark_inode_dirty error
[   92.267342][   T29] audit: type=1400 audit(1767028661.956:3440): avc:  denied  { read write } for  pid=4882 comm="syz.0.429" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   92.296307][   T29] audit: type=1400 audit(1767028661.956:3441): avc:  denied  { open } for  pid=4882 comm="syz.0.429" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   92.356500][   T29] audit: type=1400 audit(1767028662.016:3442): avc:  denied  { ioctl } for  pid=4882 comm="syz.0.429" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 ioctlcmd=0x943d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   92.397826][ T4897] lo speed is unknown, defaulting to 1000
[   92.459645][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.469012][ T4892] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #13: comm syz.3.432: corrupted inode contents
[   92.482823][   T29] audit: type=1326 audit(1767028662.136:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4884 comm="syz.2.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   92.507065][   T29] audit: type=1326 audit(1767028662.136:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4884 comm="syz.2.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   92.530537][   T29] audit: type=1326 audit(1767028662.136:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4884 comm="syz.2.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   92.535044][ T4892] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.432: mark_inode_dirty error
[   92.555748][   T29] audit: type=1326 audit(1767028662.136:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4884 comm="syz.2.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7291ccf749 code=0x7ffc0000
[   92.663525][ T4900] lo speed is unknown, defaulting to 1000
[   93.099039][ T4892] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #13: comm syz.3.432: corrupted inode contents
[   93.157991][ T4892] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.432: mark_inode_dirty error
[   93.171364][ T4892] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #13: comm syz.3.432: corrupted inode contents
[   93.196652][ T4892] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[   93.208796][ T4892] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #13: comm syz.3.432: corrupted inode contents
[   93.221592][ T4909] loop0: detected capacity change from 0 to 512
[   93.228424][ T4892] EXT4-fs error (device loop3): ext4_truncate:4635: inode #13: comm syz.3.432: mark_inode_dirty error
[   93.249946][ T4892] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem
[   93.271378][ T4911] loop2: detected capacity change from 0 to 512
[   93.278527][ T4911] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   93.285179][ T4892] EXT4-fs (loop3): 1 truncate cleaned up
[   93.298825][ T4909] EXT4-fs (loop0): 1 orphan inode deleted
[   93.307886][ T4892] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.312909][ T3656] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:15: Failed to release dquot type 1
[   93.321469][ T4909] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.347253][ T4911] EXT4-fs (loop2): 1 truncate cleaned up
[   93.356842][ T4909] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.369738][ T4911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.407002][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.420002][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.549922][ T4938] __nla_validate_parse: 5 callbacks suppressed
[   93.549940][ T4938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.443'.
[   93.615867][ T4942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.445'.
[   93.630573][ T4942] netlink: 24 bytes leftover after parsing attributes in process `syz.1.445'.
[   93.883290][ T4947] loop4: detected capacity change from 0 to 512
[   93.895445][ T4947] EXT4-fs: Ignoring removed i_version option
[   93.902188][ T4947] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   93.917639][ T4947] EXT4-fs (loop4): 1 truncate cleaned up
[   93.930947][ T4944] lo speed is unknown, defaulting to 1000
[   93.931932][ T4947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.976400][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.145356][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.322191][ T4959] loop4: detected capacity change from 0 to 512
[   94.335734][ T4959] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   94.349785][ T4961] loop2: detected capacity change from 0 to 128
[   94.377960][ T4961] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   94.397347][ T4959] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.414983][ T4961] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   94.433296][ T4966] netlink: 28 bytes leftover after parsing attributes in process `syz.0.454'.
[   94.440487][ T4968] loop3: detected capacity change from 0 to 512
[   94.450139][ T4959] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.452321][ T4968] EXT4-fs: Ignoring removed i_version option
[   94.468436][ T4968] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   94.493350][ T4968] EXT4-fs (loop3): 1 truncate cleaned up
[   94.499756][ T4968] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.533613][ T3314] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   94.568229][ T4959] netlink: 68 bytes leftover after parsing attributes in process `syz.4.452'.
[   94.616838][ T4959] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.631262][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.688139][ T4959] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.727663][ T4980] loop3: detected capacity change from 0 to 512
[   94.757277][ T4980] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   94.774034][ T4959] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.787760][ T4980] EXT4-fs (loop3): mount failed
[   94.799501][ T4980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.460'.
[   94.820499][ T4959] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.865179][ T4998] netlink: 28 bytes leftover after parsing attributes in process `syz.3.466'.
[   94.881995][ T3656] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.896540][ T3656] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.915006][ T3656] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.928786][ T3656] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.954453][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.052836][ T5010] FAULT_INJECTION: forcing a failure.
[   95.052836][ T5010] name failslab, interval 1, probability 0, space 0, times 0
[   95.065528][ T5010] CPU: 0 UID: 0 PID: 5010 Comm: syz.1.472 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   95.065555][ T5010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   95.065570][ T5010] Call Trace:
[   95.065580][ T5010]  <TASK>
[   95.065590][ T5010]  __dump_stack+0x1d/0x30
[   95.065681][ T5010]  dump_stack_lvl+0x95/0xd0
[   95.065727][ T5010]  dump_stack+0x15/0x1b
[   95.065752][ T5010]  should_fail_ex+0x265/0x280
[   95.065783][ T5010]  should_failslab+0x8c/0xb0
[   95.065812][ T5010]  kmem_cache_alloc_noprof+0x69/0x4b0
[   95.065837][ T5010]  ? skb_clone+0x151/0x1f0
[   95.065876][ T5010]  skb_clone+0x151/0x1f0
[   95.065912][ T5010]  dev_queue_xmit_nit+0x13e/0x520
[   95.066002][ T5010]  dev_hard_start_xmit+0xd3/0x3e0
[   95.066042][ T5010]  sch_direct_xmit+0x192/0x550
[   95.066128][ T5010]  __dev_queue_xmit+0xcb2/0x1ec0
[   95.066193][ T5010]  ? __dev_queue_xmit+0x148/0x1ec0
[   95.066224][ T5010]  ? _raw_spin_unlock_bh+0x36/0x40
[   95.066253][ T5010]  ? ___neigh_create+0x10ad/0x1290
[   95.066455][ T5010]  neigh_resolve_output+0x3f3/0x460
[   95.066499][ T5010]  ip_finish_output2+0x7bf/0x8b0
[   95.066554][ T5010]  ? __rcu_read_unlock+0x34/0x70
[   95.066623][ T5010]  ip_finish_output+0x114/0x2a0
[   95.066677][ T5010]  ip_output+0xbd/0x190
[   95.066702][ T5010]  ? __pfx_ip_finish_output+0x10/0x10
[   95.066736][ T5010]  ip_send_skb+0x12c/0x160
[   95.066761][ T5010]  udp_send_skb+0x6e3/0xa40
[   95.066793][ T5010]  udp_sendmsg+0x1050/0x13c0
[   95.066823][ T5010]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   95.066882][ T5010]  ? __pfx_udp_sendmsg+0x10/0x10
[   95.066906][ T5010]  inet_sendmsg+0xac/0xd0
[   95.066928][ T5010]  __sock_sendmsg+0x102/0x180
[   95.066997][ T5010]  ____sys_sendmsg+0x345/0x4a0
[   95.067034][ T5010]  ___sys_sendmsg+0x17b/0x1d0
[   95.067086][ T5010]  __sys_sendmmsg+0x178/0x300
[   95.067159][ T5010]  __x64_sys_sendmmsg+0x57/0x70
[   95.067191][ T5010]  x64_sys_call+0x1e28/0x3000
[   95.067216][ T5010]  do_syscall_64+0xca/0x2b0
[   95.067341][ T5010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.067442][ T5010] RIP: 0033:0x7f2798fbf749
[   95.067483][ T5010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.067506][ T5010] RSP: 002b:00007f2797a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   95.067527][ T5010] RAX: ffffffffffffffda RBX: 00007f2799215fa0 RCX: 00007f2798fbf749
[   95.067539][ T5010] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000004
[   95.067631][ T5010] RBP: 00007f2797a27090 R08: 0000000000000000 R09: 0000000000000000
[   95.067697][ T5010] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000001
[   95.067709][ T5010] R13: 00007f2799216038 R14: 00007f2799215fa0 R15: 00007ffe43e35938
[   95.067732][ T5010]  </TASK>
[   95.428751][ T5018] loop4: detected capacity change from 0 to 2048
[   95.460932][ T5018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.489706][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.510839][ T5023] netlink: 28 bytes leftover after parsing attributes in process `syz.4.477'.
[   95.602009][ T5030] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   95.614494][ T5030] ext4 filesystem being mounted at /102/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   95.643817][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   95.667934][ T5035] EXT4-fs: Ignoring removed i_version option
[   95.674459][ T5035] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   95.695554][ T5035] EXT4-fs (loop0): 1 truncate cleaned up
[   95.701622][ T5035] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.837021][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.865844][ T5048] netlink: 20 bytes leftover after parsing attributes in process `syz.3.489'.
[   95.937987][ T5056] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   96.135434][ T5056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.181287][ T5056] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.276609][ T5067] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   96.382110][ T5056] netlink: 68 bytes leftover after parsing attributes in process `syz.0.488'.
[   96.396229][ T5067] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.432326][ T5056] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.443634][ T5067] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.513008][ T5071] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.515362][ T5067] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.529832][ T5071] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.559201][ T5056] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.565152][ T5071] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.494: Failed to acquire dquot type 0
[   96.600838][ T5075] FAULT_INJECTION: forcing a failure.
[   96.600838][ T5075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.600874][ T5075] CPU: 1 UID: 0 PID: 5075 Comm: syz.1.495 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.600903][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   96.600972][ T5075] Call Trace:
[   96.600980][ T5075]  <TASK>
[   96.600988][ T5075]  __dump_stack+0x1d/0x30
[   96.601020][ T5075]  dump_stack_lvl+0x95/0xd0
[   96.601050][ T5075]  dump_stack+0x15/0x1b
[   96.601078][ T5075]  should_fail_ex+0x265/0x280
[   96.601131][ T5075]  should_fail+0xb/0x20
[   96.601227][ T5075]  should_fail_usercopy+0x1a/0x20
[   96.601261][ T5075]  _copy_from_iter+0xcf/0xe70
[   96.601297][ T5075]  ? __alloc_skb+0x396/0x4b0
[   96.601329][ T5075]  ? __alloc_skb+0x228/0x4b0
[   96.601401][ T5075]  netlink_sendmsg+0x471/0x6b0
[   96.601478][ T5075]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.601592][ T5075]  __sock_sendmsg+0x145/0x180
[   96.601619][ T5075]  ____sys_sendmsg+0x31e/0x4a0
[   96.601661][ T5075]  ___sys_sendmsg+0x17b/0x1d0
[   96.601776][ T5075]  __x64_sys_sendmsg+0xd4/0x160
[   96.601827][ T5075]  x64_sys_call+0x17ba/0x3000
[   96.601994][ T5075]  do_syscall_64+0xca/0x2b0
[   96.602041][ T5075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.602077][ T5075] RIP: 0033:0x7f2798fbf749
[   96.602156][ T5075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.602179][ T5075] RSP: 002b:00007f2797a27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   96.602204][ T5075] RAX: ffffffffffffffda RBX: 00007f2799215fa0 RCX: 00007f2798fbf749
[   96.602222][ T5075] RDX: 0000000004004800 RSI: 0000200000000240 RDI: 0000000000000003
[   96.602239][ T5075] RBP: 00007f2797a27090 R08: 0000000000000000 R09: 0000000000000000
[   96.602255][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.602282][ T5075] R13: 00007f2799216038 R14: 00007f2799215fa0 R15: 00007ffe43e35938
[   96.602313][ T5075]  </TASK>
[   97.064788][ T5067] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.114265][ T5056] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.126545][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.155585][ T5067] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.183779][ T5092] FAULT_INJECTION: forcing a failure.
[   97.183779][ T5092] name failslab, interval 1, probability 0, space 0, times 0
[   97.196621][ T5092] CPU: 1 UID: 0 PID: 5092 Comm: syz.3.502 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   97.196679][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   97.196695][ T5092] Call Trace:
[   97.196715][ T5092]  <TASK>
[   97.196724][ T5092]  __dump_stack+0x1d/0x30
[   97.196750][ T5092]  dump_stack_lvl+0x95/0xd0
[   97.196771][ T5092]  dump_stack+0x15/0x1b
[   97.196794][ T5092]  should_fail_ex+0x265/0x280
[   97.196829][ T5092]  should_failslab+0x8c/0xb0
[   97.196859][ T5092]  __kmalloc_noprof+0xb9/0x5a0
[   97.196926][ T5092]  ? sock_kmalloc+0x85/0xc0
[   97.196966][ T5092]  sock_kmalloc+0x85/0xc0
[   97.197021][ T5092]  ____sys_sendmsg+0xf8/0x4a0
[   97.197062][ T5092]  __sys_sendmsg_sock+0x28/0x40
[   97.197097][ T5092]  io_sendmsg+0x163/0x490
[   97.197129][ T5092]  __io_issue_sqe+0xfe/0x2e0
[   97.197166][ T5092]  ? io_assign_file+0x1a9/0x200
[   97.197277][ T5092]  io_issue_sqe+0x56/0xa80
[   97.197320][ T5092]  ? io_sendmsg_prep+0x380/0x3c0
[   97.197348][ T5092]  io_submit_sqes+0x78b/0x11b0
[   97.197443][ T5092]  __se_sys_io_uring_enter+0x1bd/0x1a30
[   97.197497][ T5092]  ? 0xffffffff81000000
[   97.197509][ T5092]  ? __rcu_read_unlock+0x4f/0x70
[   97.197592][ T5092]  ? proc_fail_nth_write+0x13b/0x160
[   97.197629][ T5092]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   97.197744][ T5092]  ? vfs_write+0x7e8/0x960
[   97.197768][ T5092]  ? __rcu_read_unlock+0x4f/0x70
[   97.197790][ T5092]  ? __fget_files+0x184/0x1c0
[   97.197818][ T5092]  ? mutex_unlock+0x4f/0x90
[   97.197901][ T5092]  ? fput+0x8f/0xc0
[   97.197935][ T5092]  __x64_sys_io_uring_enter+0x78/0x90
[   97.197979][ T5092]  x64_sys_call+0x27e4/0x3000
[   97.198009][ T5092]  do_syscall_64+0xca/0x2b0
[   97.198108][ T5092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.198130][ T5092] RIP: 0033:0x7f76b392f749
[   97.198149][ T5092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.198198][ T5092] RSP: 002b:00007f76b238f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   97.198221][ T5092] RAX: ffffffffffffffda RBX: 00007f76b3b85fa0 RCX: 00007f76b392f749
[   97.198236][ T5092] RDX: 000000000000ddd6 RSI: 0000000000003516 RDI: 0000000000000005
[   97.198252][ T5092] RBP: 00007f76b238f090 R08: 0000000000000000 R09: 0000000000000000
[   97.198267][ T5092] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[   97.198279][ T5092] R13: 00007f76b3b86038 R14: 00007f76b3b85fa0 R15: 00007ffd2a836f28
[   97.198296][ T5092]  </TASK>
[   97.223385][ T5056] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.484884][ T5067] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.503616][  T365] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.533666][  T365] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.545913][  T365] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.562097][  T365] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.571627][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.622125][   T29] kauditd_printk_skb: 535 callbacks suppressed
[   97.622143][   T29] audit: type=1400 audit(1767028667.306:3978): avc:  denied  { connect } for  pid=5106 comm="syz.0.507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   97.711394][ T5113] set_capacity_and_notify: 5 callbacks suppressed
[   97.711414][ T5113] loop3: detected capacity change from 0 to 512
[   97.735146][ T5115] netlink: 'syz.0.511': attribute type 1 has an invalid length.
[   97.759390][ T5115] 8021q: adding VLAN 0 to HW filter on device bond2
[   97.769995][ T5120] loop2: detected capacity change from 0 to 512
[   97.778939][ T5113] EXT4-fs: Ignoring removed i_version option
[   97.786617][ T5120] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   97.808115][ T5122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.816413][ T5122] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.828492][ T5113] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   97.839813][ T5120] EXT4-fs (loop2): 1 truncate cleaned up
[   97.846833][ T5122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.854314][ T5122] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.861983][ T5120] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.880385][ T5113] EXT4-fs (loop3): 1 truncate cleaned up
[   97.886330][ T5120] EXT4-fs (loop2): Online resizing not supported with sparse_super2
[   97.888436][ T5113] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.908733][ T5121] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.933883][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.988572][ T5121] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.045408][ T5121] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.068847][ T5129] loop3: detected capacity change from 0 to 2048
[   98.095443][ T5129] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.108082][ T5121] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.135979][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.176725][ T5133] loop3: detected capacity change from 0 to 256
[   98.186702][   T29] audit: type=1400 audit(1767028667.876:3979): avc:  denied  { read write } for  pid=5132 comm="syz.3.516" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   98.211544][   T29] audit: type=1400 audit(1767028667.876:3980): avc:  denied  { open } for  pid=5132 comm="syz.3.516" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   98.276899][   T37] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.291632][ T3685] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.311612][   T37] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.323938][  T815] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.595794][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.668480][   T29] audit: type=1326 audit(1767028668.356:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   98.693370][   T29] audit: type=1326 audit(1767028668.356:3982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   98.716838][   T29] audit: type=1326 audit(1767028668.356:3983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   98.740232][   T29] audit: type=1326 audit(1767028668.356:3984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   98.763618][   T29] audit: type=1326 audit(1767028668.356:3985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   98.786968][   T29] audit: type=1326 audit(1767028668.356:3986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   98.810341][   T29] audit: type=1326 audit(1767028668.356:3987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5143 comm="syz.1.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[   99.140270][ T5148] lo speed is unknown, defaulting to 1000
[   99.572136][ T5152] loop3: detected capacity change from 0 to 2048
[   99.613431][ T5152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.644649][ T5156] loop2: detected capacity change from 0 to 512
[   99.657058][ T5156] EXT4-fs: Ignoring removed i_version option
[   99.676407][ T5156] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   99.688076][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.701499][ T5156] EXT4-fs (loop2): 1 truncate cleaned up
[   99.702320][ T5158] __nla_validate_parse: 5 callbacks suppressed
[   99.702363][ T5158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.525'.
[   99.728705][ T5156] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.751078][  T815] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.774730][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.784156][  T815] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.806227][  T815] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.822547][  T815] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.844826][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.880637][ T5163] loop3: detected capacity change from 0 to 8192
[   99.940560][ T5169] netlink: 'syz.4.529': attribute type 1 has an invalid length.
[   99.948522][ T5169] netlink: 'syz.4.529': attribute type 4 has an invalid length.
[   99.956299][ T5169] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.529'.
[   99.974505][ T5169] netlink: 'syz.4.529': attribute type 1 has an invalid length.
[   99.982232][ T5169] netlink: 'syz.4.529': attribute type 4 has an invalid length.
[   99.990012][ T5169] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.529'.
[  100.106674][ T5182] loop4: detected capacity change from 0 to 512
[  100.156238][ T5182] EXT4-fs (loop4): 1 orphan inode deleted
[  100.173262][ T3685] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:40: Failed to release dquot type 1
[  100.192689][ T5182] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.223230][ T5182] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.272105][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.371760][ T5180] hub 1-0:1.0: USB hub found
[  100.376606][ T5180] hub 1-0:1.0: 8 ports detected
[  100.441139][ T5189] loop3: detected capacity change from 0 to 256
[  100.495434][ T5191] loop3: detected capacity change from 0 to 512
[  100.503190][ T5191] EXT4-fs: Ignoring removed i_version option
[  100.510666][ T5191] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  100.529708][ T5191] EXT4-fs (loop3): 1 truncate cleaned up
[  100.536553][ T5191] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.573513][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.607098][ T5194] EXT4-fs (loop3): 1 orphan inode deleted
[  100.638392][ T5194] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.651455][ T3685] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:40: Failed to release dquot type 1
[  100.663756][ T5194] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.695071][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.765432][ T5202] EXT4-fs: Ignoring removed bh option
[  100.788639][ T5202] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.806652][ T5204] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.834529][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.846813][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.169313][ T5219] netlink: 'syz.4.544': attribute type 1 has an invalid length.
[  101.177024][ T5219] netlink: 'syz.4.544': attribute type 4 has an invalid length.
[  101.184723][ T5219] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.544'.
[  101.194582][ T5219] netlink: 'syz.4.544': attribute type 1 has an invalid length.
[  101.202289][ T5219] netlink: 'syz.4.544': attribute type 4 has an invalid length.
[  101.210068][ T5219] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.544'.
[  101.275159][ T5223] EXT4-fs (loop4): 1 orphan inode deleted
[  101.281545][ T5223] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.295126][ T3685] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:40: Failed to release dquot type 1
[  101.295546][ T5223] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.331654][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.412143][ T5232] EXT4-fs: Ignoring removed i_version option
[  101.418709][ T5232] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  101.431693][ T5232] EXT4-fs (loop4): 1 truncate cleaned up
[  101.438338][ T5232] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.469340][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.509284][ T5235] EXT4-fs (loop4): 1 orphan inode deleted
[  101.516054][ T5235] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.528817][ T3685] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:40: Failed to release dquot type 1
[  101.531342][ T5235] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.569545][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.775288][ T5244] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.823539][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.895511][ T5250] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  101.903701][ T5250] EXT4-fs (loop2): orphan cleanup on readonly fs
[  101.910876][ T5250] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.554: Failed to acquire dquot type 1
[  101.922315][ T5250] EXT4-fs (loop2): Remounting filesystem read-only
[  101.929161][ T5250] EXT4-fs (loop2): 1 truncate cleaned up
[  101.935330][ T5250] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  101.948381][ T5250] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.254067][ T5255] lo speed is unknown, defaulting to 1000
[  102.619750][ T5259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.555'.
[  102.644215][   T29] kauditd_printk_skb: 1093 callbacks suppressed
[  102.644242][   T29] audit: type=1326 audit(1767028672.326:5075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.674885][   T29] audit: type=1326 audit(1767028672.326:5076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.698313][   T29] audit: type=1326 audit(1767028672.326:5077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.722545][   T29] audit: type=1326 audit(1767028672.336:5078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.745949][   T29] audit: type=1326 audit(1767028672.336:5079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.770224][   T29] audit: type=1326 audit(1767028672.336:5080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.794600][   T29] audit: type=1326 audit(1767028672.336:5081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.818068][   T29] audit: type=1326 audit(1767028672.336:5082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.842723][   T29] audit: type=1326 audit(1767028672.336:5083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.866304][   T29] audit: type=1326 audit(1767028672.336:5084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5260 comm="syz.1.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f2798fbf749 code=0x7ffc0000
[  102.944356][ T5265] set_capacity_and_notify: 9 callbacks suppressed
[  102.944371][ T5265] loop4: detected capacity change from 0 to 128
[  103.008597][ T5275] loop0: detected capacity change from 0 to 512
[  103.015381][ T5275] EXT4-fs: Ignoring removed i_version option
[  103.034562][ T5275] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  103.072982][ T5265] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  103.112799][ T5265] ext4 filesystem being mounted at /104/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  103.136407][ T5275] EXT4-fs (loop0): 1 truncate cleaned up
[  103.146017][ T5275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.288460][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.308619][ T5282] netlink: 'syz.1.563': attribute type 10 has an invalid length.
[  103.349401][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  103.921535][ T5296] loop3: detected capacity change from 0 to 128
[  103.947123][ T5296] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  103.964036][ T5296] ext4 filesystem being mounted at /96/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  104.005193][ T3312] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  104.044639][ T5302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.570'.
[  104.086802][ T5304] loop3: detected capacity change from 0 to 512
[  104.106543][ T5304] EXT4-fs (loop3): 1 orphan inode deleted
[  104.120637][ T5304] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.139468][  T815] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 1
[  104.162287][ T5308] loop2: detected capacity change from 0 to 512
[  104.168340][ T5304] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.180818][ T5308] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  104.200820][ T5308] EXT4-fs (loop2): 1 truncate cleaned up
[  104.213317][ T5308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.228160][ T5308] EXT4-fs (loop2): Online resizing not supported with sparse_super2
[  104.240567][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.359946][ T5317] netlink: 4 bytes leftover after parsing attributes in process `syz.1.576'.
[  104.552929][ T5331] loop3: detected capacity change from 0 to 8192
[  104.674285][ T5336] loop3: detected capacity change from 0 to 512
[  104.724942][ T5336] EXT4-fs (loop3): 1 orphan inode deleted
[  104.731325][ T5336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.745419][ T3677] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:35: Failed to release dquot type 1
[  104.777201][ T5336] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.805604][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.946172][ T5344] netlink: 124 bytes leftover after parsing attributes in process `syz.0.585'.
[  105.041150][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.147401][ T5347] loop2: detected capacity change from 0 to 512
[  105.177599][ T5347] EXT4-fs: Ignoring removed i_version option
[  105.210417][ T5347] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  105.256365][ T5347] EXT4-fs (loop2): 1 truncate cleaned up
[  105.286928][ T5347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.350801][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.448798][ T5350] loop2: detected capacity change from 0 to 512
[  105.487422][ T5350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.511789][ T5350] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.524245][ T5350] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.587: Failed to acquire dquot type 0
[  105.550032][ T5354] loop4: detected capacity change from 0 to 512
[  105.551391][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.643956][ T5354] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  105.730008][ T5354] EXT4-fs (loop4): mount failed
[  105.790984][ T5354] netlink: 4 bytes leftover after parsing attributes in process `syz.4.588'.
[  105.973103][ T5369] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  106.013620][ T5369] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.069379][ T5369] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.082322][ T5373] netlink: 'syz.2.594': attribute type 1 has an invalid length.
[  106.112050][ T5373] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  106.125592][ T5375] netlink: 479 bytes leftover after parsing attributes in process `syz.4.595'.
[  106.180381][ T5369] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.217465][ T5369] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.230052][ T5379] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  106.236636][ T5379] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  106.244291][ T5379] vhci_hcd vhci_hcd.0: Device attached
[  106.295491][ T5369] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.313394][ T5381] vhci_hcd: connection closed
[  106.315270][  T815] vhci_hcd vhci_hcd.4: stop threads
[  106.325225][  T815] vhci_hcd vhci_hcd.4: release socket
[  106.330635][  T815] vhci_hcd vhci_hcd.4: disconnect device
[  106.366540][ T5369] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.424076][  T815] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.445215][  T815] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.467858][  T815] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.486120][  T815] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.507412][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.568377][ T5388] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.594376][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.846770][ T5401] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  106.888166][ T5401] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.901007][ T5401] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.981750][ T5401] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.177939][ T5407] lo speed is unknown, defaulting to 1000
[  107.536928][ T5401] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.613766][ T5415] siw: device registration error -23
[  107.653232][   T29] kauditd_printk_skb: 978 callbacks suppressed
[  107.653251][   T29] audit: type=1326 audit(1767028677.346:6058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f76b39265e7 code=0x7ffc0000
[  107.685026][   T29] audit: type=1326 audit(1767028677.376:6059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f76b38cb829 code=0x7ffc0000
[  107.708503][   T29] audit: type=1326 audit(1767028677.376:6060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f76b39265e7 code=0x7ffc0000
[  107.731871][   T29] audit: type=1326 audit(1767028677.376:6061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f76b38cb829 code=0x7ffc0000
[  107.755253][   T29] audit: type=1326 audit(1767028677.376:6062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[  107.789664][ T5401] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.803933][   T29] audit: type=1326 audit(1767028677.376:6063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f76b39265e7 code=0x7ffc0000
[  107.827436][   T29] audit: type=1326 audit(1767028677.376:6064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f76b38cb829 code=0x7ffc0000
[  107.850747][   T29] audit: type=1326 audit(1767028677.376:6065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76b392f749 code=0x7ffc0000
[  107.874128][   T29] audit: type=1326 audit(1767028677.376:6066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f76b39265e7 code=0x7ffc0000
[  107.897528][   T29] audit: type=1326 audit(1767028677.376:6067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.3.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f76b38cb829 code=0x7ffc0000
[  107.950789][ T5417] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.985111][ T5401] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.003395][ T5428] set_capacity_and_notify: 5 callbacks suppressed
[  108.003412][ T5428] loop1: detected capacity change from 0 to 512
[  108.033663][ T5428] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  108.068386][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.069945][ T3685] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.095020][ T3664] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.104040][ T5428] EXT4-fs (loop1): 1 truncate cleaned up
[  108.123146][ T5432] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  108.129818][ T5432] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  108.131326][ T5428] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.137527][ T5432] vhci_hcd vhci_hcd.0: Device attached
[  108.137703][ T3685] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.158410][ T5428] EXT4-fs (loop1): Online resizing not supported with sparse_super2
[  108.187725][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.196950][ T3685] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.206751][ T5433] vhci_hcd: connection closed
[  108.208021][  T289] vhci_hcd vhci_hcd.3: stop threads
[  108.218184][  T289] vhci_hcd vhci_hcd.3: release socket
[  108.223622][  T289] vhci_hcd vhci_hcd.3: disconnect device
[  108.250196][ T5437] netlink: 'syz.0.617': attribute type 1 has an invalid length.
[  108.267442][ T5437] 8021q: adding VLAN 0 to HW filter on device bond3
[  108.283633][ T5443] netlink: 'syz.4.618': attribute type 1 has an invalid length.
[  108.291361][ T5443] netlink: 'syz.4.618': attribute type 4 has an invalid length.
[  108.299092][ T5443] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.618'.
[  108.311286][ T5438] loop2: detected capacity change from 0 to 2048
[  108.324306][ T5438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.338945][ T5443] netlink: 'syz.4.618': attribute type 1 has an invalid length.
[  108.346759][ T5443] netlink: 'syz.4.618': attribute type 4 has an invalid length.
[  108.354506][ T5443] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.618'.
[  108.392239][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.430460][ T5455] loop2: detected capacity change from 0 to 512
[  108.466545][ T5455] EXT4-fs (loop2): 1 orphan inode deleted
[  108.472791][ T5455] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.485622][  T815] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 1
[  108.486210][ T5455] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.528728][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.817238][ T5478] loop4: detected capacity change from 0 to 512
[  108.847915][ T5478] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.863970][ T5478] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.887890][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.911603][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.010161][ T5493] loop1: detected capacity change from 0 to 512
[  109.035469][ T5495] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  109.042034][ T5495] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  109.049698][ T5495] vhci_hcd vhci_hcd.0: Device attached
[  109.057405][ T5496] vhci_hcd: connection closed
[  109.057665][  T815] vhci_hcd vhci_hcd.4: stop threads
[  109.067978][  T815] vhci_hcd vhci_hcd.4: release socket
[  109.073461][  T815] vhci_hcd vhci_hcd.4: disconnect device
[  109.078915][ T5493] EXT4-fs (loop1): 1 orphan inode deleted
[  109.086216][ T5493] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.099170][  T815] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 1
[  109.100016][ T5493] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.136190][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.171612][ T5503] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5503 comm=syz.1.638
[  109.236763][ T5504] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5504 comm=syz.1.638
[  109.322650][ T5506] ==================================================================
[  109.330788][ T5506] BUG: KCSAN: data-race in __pm_runtime_resume / pm_runtime_work
[  109.338553][ T5506] 
[  109.340898][ T5506] write to 0xffff888101d9f268 of 2 bytes by task 3663 on cpu 1:
[  109.348555][ T5506]  pm_runtime_work+0x90/0x130
[  109.353307][ T5506]  process_scheduled_works+0x4ce/0x9d0
[  109.358813][ T5506]  worker_thread+0x582/0x770
[  109.363532][ T5506]  kthread+0x489/0x510
[  109.367639][ T5506]  ret_from_fork+0x149/0x290
[  109.372282][ T5506]  ret_from_fork_asm+0x1a/0x30
[  109.377093][ T5506] 
[  109.379475][ T5506] read to 0xffff888101d9f268 of 2 bytes by task 5506 on cpu 0:
[  109.387568][ T5506]  __pm_runtime_resume+0x35/0x100
[  109.392640][ T5506]  usb_autoresume_device+0x23/0xc0
[  109.397800][ T5506]  usbdev_open+0x121/0x450
[  109.402259][ T5506]  chrdev_open+0x2eb/0x3a0
[  109.406715][ T5506]  do_dentry_open+0x54b/0xa60
[  109.411431][ T5506]  vfs_open+0x37/0x1e0
[  109.415527][ T5506]  path_openat+0x1ddd/0x23b0
[  109.420181][ T5506]  do_filp_open+0x109/0x230
[  109.424727][ T5506]  do_sys_openat2+0xa6/0x150
[  109.429363][ T5506]  __x64_sys_openat+0xf2/0x120
[  109.434256][ T5506]  x64_sys_call+0x2b07/0x3000
[  109.438964][ T5506]  do_syscall_64+0xca/0x2b0
[  109.443596][ T5506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.449622][ T5506] 
[  109.451963][ T5506] value changed: 0x0890 -> 0x0888
[  109.457015][ T5506] 
[  109.459351][ T5506] Reported by Kernel Concurrency Sanitizer on:
[  109.465610][ T5506] CPU: 0 UID: 0 PID: 5506 Comm: syz.0.639 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  109.475275][ T5506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  109.485344][ T5506] ==================================================================