last executing test programs:

2m54.827324873s ago: executing program 32 (id=348):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001ec0)="1400000017001963d2", 0x9}], 0x1}, 0x20000000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='rxrpc_call\x00', r0}, 0x18)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000440)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

2m28.756273691s ago: executing program 33 (id=1045):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
unlink(&(0x7f0000000080)='./cgroup/cgroup.procs\x00')
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0xfe, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

2m22.779102831s ago: executing program 34 (id=1201):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x40000)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
close(r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x200]}})
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000000))

2m21.609990292s ago: executing program 35 (id=1217):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = mq_open(&(0x7f0000001600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\aXg\xbb\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x8a=\x0f\n*\x8a\x99\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbbV\x1a\x8a\x03#T\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8', 0x40, 0xb, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
mq_open(&(0x7f0000000780)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x2, 0x136, 0x0)

2m18.69352767s ago: executing program 6 (id=1267):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1000, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x50004, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x4, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)

2m18.029963834s ago: executing program 6 (id=1271):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
write$tun(r2, &(0x7f0000000600)={@val={0xa}, @void, @eth={@multicast, @empty, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x8, 0x11, 0xff, @empty, @mcast2, {[], {0x4e23, 0x4e20, 0x8}}}}}}}, 0x42)

2m17.928361693s ago: executing program 6 (id=1285):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x98, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0xfba, 0x10000000, 0x0, 0x8}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

2m17.892935387s ago: executing program 6 (id=1276):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0x605, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r1, {0x1, 0xc}, {}, {0x5, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xffeb, 0x9}}]}}]}, 0x3c}}, 0x20004084)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m17.85915817s ago: executing program 6 (id=1278):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x200000, &(0x7f0000000ac0)=ANY=[@ANYBLOB="666c7573682c757466383d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c73686f72746e616d653d77696e6e742c71756965742c0094f8a04f0973c43c7bcea227ba87b349831c01bc3220ec43c16881ca5a7eb4c441b475069a19ed5992542160cfb3116e6b98cb32f0c11a1425599a6e9e6112e8ccec10c22c03ee6158bae8a13f6c3b4c6a28b970ccddefe85485144c95ae43328f492ad74f0d68df2d1fb7eed626acbfd66c627c439a6358168da3754739b94ec5550af56d20754c3be005251ae53ba42f", @ANYRES16, @ANYRESHEX, @ANYRES32, @ANYRES64, @ANYBLOB="ee2d66b3adc3f0d619dcb40ba0fa25cb6005f9343ad774b303f420d72494f26deca7a84b464222b6593d55594e20b5e073b2f051eeee03f4ec68d545ed676a61622ca4c73196cd6465ac08e71f827e4cd0e6de2fabb972eee82759d34ea133442cb29783da48d5f9ae06db4996ebc9a8a9402998bf641174cfd818c7542281c85125db3c78ac3b4c6f0fd6149ce1a710bee1382804e20205d39cfe1148db0fa5aa0f52deeb29bb54f52b59d4823be96fb41190ac11ae07468b21e00864678975852838051d942128c393e59f5252d9fdd3e24acdd929a5d134803d72adc3a35c93c85ae43270379f337756295fe96ddc11c9a7368fb7998af5d0946ad94270fcf6e18f0285d0cee76a3442ceacf22fa323394068c35ca08635ef77812df55a580ef692f4c98400"/305, @ANYBLOB="2229e4daa91ec6fa6fd7ca657a9d9f0446f4bbdff89e6765851a5d70b519b302033dd5cbb4d27206c473f94fae84697ab284df33b0630899a5df9e5ce7324342fc20de8fb31fb199caf1595de9aa6509e782ac930a0d5c829089bd4da31bc036392c3206cf9cc114d440114fc43209674f8b4364791569a55b9974f251f78edc4a6b911bde5ace78f844e62ce270ec0a8149fae1d7d9485b87d35518691b74d1ca2256b2827dd43da0b0b69c8b3dc3caf243fb571c3a2f82ad6c3a570eb32d8862a3e399", @ANYBLOB="261fb61f7fa8df3110a5f5c53ddf67660b95dbe2472304e2600fa2d6d38759bcd4adaf188f447131ef2ae4263d98018a2c9f2a0836f14ea40e6648d4bce2126080bf4d4c5b45349e571b194c576f0db70d9b3e0425fb17e2c629fe29efbec3f3a7bfeb6d616b59eff7b9ecc54b0bb5d30cb3ac2c057047b150f136cb18768f635a51fe722baf217d296dfe54b41b4f5d025f3f5796e0392cb908c463f461f45e1712c7ea1ac353262114a1283f57a0711bbe4adb71661ab755623d4b93d8f65da63171ff38f1ffd18c149ff0", @ANYRES64, @ANYRES8], 0x4, 0x301, &(0x7f0000000080)="$eJzs3c9rE00YwPEnSdMk7du3Pby8iCgMFUSRLm3AmweLtCAGlLYRrCBs7VZDtklJQiEitoLg1bOHHjyKIII3LyJee/EvUOutl97soTiy2R/NjzWmlbRVv59D8jQzz850Z9LSaXZ288KTxfxCUkQiElDOQ1Ri3percvb92qeT0+/+8YrV5PjMWFqpqIjcvP9i+G2l//rrf98kZH3o1uZW+sv6iRmRbzN3JapyZVXQWplqrlisOE2o+Vw5byh1zbbMsqVyhbJVqnjl5pxtqQW7uLRUVWZhfqBvqWSVy8osVFXeqqpKUVVKVWXeMXMFZRiGGugTiMhQEEVbyiLtErPPt7WWLa21TqyK1jqk9qofxL3nxK91FkdJ0/i3rdsyOWLd7BkOwrbu6Xj88edx3/+fn3Y2/nrlgLqFAzJ9Y/bKeCYzMaVUUmTx8XJ2Oes+u+Uf+yUntliyNnVudkecOeKRiPM4eTkzMapqhuT04oqXv7KcdX85jC/U8jf8pLp88fPH3HzVmB+Xvt18S9IyKP9JaH7az5doXX6vnDlVl2/IoHy4LUWxZd6ZyXX5D8aUunQ109R+qlavzsNDGB4AAAAAAAAAAPbFUIHd9ftI8K/elGEkap/4CMpTzstOPbdCsL4+KoOyE74+Pxq6vt8jx3sO8RsHAAAAAOAvUq7ey5u2bZW6E8Sepdo0ETdEnEDk0bDTmbYH/N/rcWet94pIa1GsfRMNQeq8297LKa9j0s0T5QfJPfQwJPAv1sibO6/8opSEVY7uaQKM9Iae+WQpIl2dPw2BdFJZkvub2ImOp1ZzEAvaOhZaR0d+fhxt2nH3FQlGsH3WxT29HX4YJJtP1MiGe1y7zQ+Nr8ESHwAAAIDfSN0fTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JAE1/9HvDv9d7J5mL9vf2OReLeIb92Srfk+8ez7DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAI+h4AAP//0fmz5A==")
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000000)='//sys\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/46}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)

2m17.795014986s ago: executing program 6 (id=1280):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x25c, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x10, 0x80003, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r1, 0x0, 0x80000001}, 0x18)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x4000000)
close_range(r0, 0xffffffffffffffff, 0x1000000000000000)

2m2.359262608s ago: executing program 36 (id=1280):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x25c, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x10, 0x80003, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r1, 0x0, 0x80000001}, 0x18)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x4000000)
close_range(r0, 0xffffffffffffffff, 0x1000000000000000)

1m40.351209988s ago: executing program 3 (id=2089):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)=r1}, 0x20)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
close(r2)

1m40.309622612s ago: executing program 3 (id=2092):
unshare(0x2a020400)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x9)
r2 = fsmount(r0, 0x0, 0x8)
r3 = openat$cgroup_type(r2, &(0x7f0000000080), 0x2, 0x0)
sendfile(r1, r3, 0x0, 0xffff)

1m40.276109165s ago: executing program 3 (id=2093):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1000, 0x8}, &(0x7f0000010080), &(0x7f0000000300))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000b40)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)

1m40.137414958s ago: executing program 7 (id=2097):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
r3 = openat$selinux_policy(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0x190da)

1m40.075782534s ago: executing program 3 (id=2099):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b1098, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)

1m40.024616979s ago: executing program 3 (id=2100):
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000240)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x10007ffffffff}, 0x18)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0xc, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r0, 0x351e, 0x483, 0x0, 0x0, 0x0)

1m39.815238629s ago: executing program 3 (id=2102):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101}, @time_exceeded={0x3, 0x1, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @loopback}}}}}}, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x48)

1m39.814583649s ago: executing program 7 (id=2103):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000600)=0x14)
unshare(0x62040200)
close(r2)

1m39.7972298s ago: executing program 37 (id=2102):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101}, @time_exceeded={0x3, 0x1, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @loopback}}}}}}, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x48)

1m39.390041049s ago: executing program 7 (id=2109):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a01010000000f000000000a0000060900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELSETELEM={0x5c, 0xe, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x30, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x1c, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x84}, 0x1, 0x0, 0x0, 0x8080}, 0x400c040)

1m39.38931898s ago: executing program 7 (id=2111):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b1098, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)

1m39.326025195s ago: executing program 7 (id=2113):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', r1, 0x0, 0x7fff}, 0x18)
r2 = socket(0x10, 0x3, 0x9)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000b00000000000700000a14"], 0x28}}, 0x0)

1m38.798068476s ago: executing program 7 (id=2116):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x3, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

1m38.782315767s ago: executing program 38 (id=2116):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x3, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

1m25.619603303s ago: executing program 1 (id=2453):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9ce}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = dup(r2)
pipe(0x0)
fsetxattr$security_selinux(r3, &(0x7f0000000000), &(0x7f0000000240)='system_u:object_r:dhcpc_state_t:s0\x00', 0x23, 0x0)

1m25.54480156s ago: executing program 1 (id=2454):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x1ff, 0x801, 0x1}, 0x1c)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
bind$tipc(r1, 0x0, 0x0)
recvmmsg$unix(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}], 0x1, 0x0, 0x0)

1m24.652584365s ago: executing program 1 (id=2465):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet6(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r3}, 0x10)
sendto$inet6(r2, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

1m24.5989764s ago: executing program 1 (id=2466):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)

1m24.539677606s ago: executing program 1 (id=2468):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x1, 0x4}, 0xc)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0xa, 0x4)

1m24.240925134s ago: executing program 1 (id=2471):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond0\x00', <r4=>0x0})
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e000000100000000000000000000000020010000000000000000000000000001000400004e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f010100000000000001000000000000000000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r4], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

1m24.229794326s ago: executing program 39 (id=2471):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond0\x00', <r4=>0x0})
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e000000100000000000000000000000020010000000000000000000000000001000400004e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f010100000000000001000000000000000000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r4], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

34.515119528s ago: executing program 5 (id=3740):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106)
recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100)

34.110708656s ago: executing program 5 (id=3743):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xffffff81, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x80000}, 0x18)
pipe2(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/73, 0xfffffd8d}], 0x1)
writev(r3, &(0x7f0000000200)=[{&(0x7f0000000100)="19", 0x3a4e1e905c56cdb7}], 0x1)

33.246357699s ago: executing program 5 (id=3775):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x80000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0xe000001a})
finit_module(r2, 0x0, 0x3)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000000))

33.155808527s ago: executing program 5 (id=3777):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000380)='./file0\x00', 0x1)

33.136981539s ago: executing program 5 (id=3778):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000100)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x4e23, 0x7, 0x4e21, 0x10, 0xa, 0x80, 0x20, 0x3b}, {0x4, 0x2, 0x9, 0x3, 0x6, 0x5c8, 0x9, 0x7ffffffe}, {0x1, 0x2, 0x3, 0x5}, 0x5, 0x0, 0x1, 0x1, 0x0, 0x2}, {{@in=@broadcast, 0x4d5, 0x33}, 0xa, @in6=@mcast2, 0x0, 0x2, 0x2, 0x5, 0x7ae8, 0xe46, 0xfffff800}}, 0xe8)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @rand_addr=0x640100fd}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd70100400000005000000080009000200000008000c00a80a000008000b00000000000600010007"], 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20)

32.884595243s ago: executing program 5 (id=3780):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001bc0)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r3}, &(0x7f0000000a00), &(0x7f0000000a40)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r3}, &(0x7f0000000880), &(0x7f00000008c0)=r2}, 0x20)

32.864238245s ago: executing program 40 (id=3780):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001bc0)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r3}, &(0x7f0000000a00), &(0x7f0000000a40)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r3}, &(0x7f0000000880), &(0x7f00000008c0)=r2}, 0x20)

7.366166197s ago: executing program 0 (id=4555):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x1e, &(0x7f0000002c00)=[{&(0x7f0000001500)="b25b365c0254a7c6fc7ea6155a71b613b02d1645aab67271075189c3540c4dd19ebfb3c4acf87f2eeb258e62cc6ae96db360d874500cb86b4185ee533bf708", 0x3f}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)="08e0ac8fb1d99df61d7b518d0a62071e7ec69f658d5a52d7eb7ea31db43f8cf570f335a80860ac4cc240dc149d8468493db8aad089f590d62e0bcb9d1dcee636ee311ee51839b7201745baef82209b2ab741dc5ea481ae9dcebe39b1101a42a8c82de46107541c240ad0d9ee4a9340cffd72aaea692a60993637c81d23a0d0ebbae66f1eb2771df2482c043d8715ae788b56cc91eaa4d6bbdec82d8f91eb822d0b5f3ebd86", 0x1}, {&(0x7f0000000180)="8a", 0x1}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce90bfdbcfb8a86a74f6799f98c36e23e210f053830ac8e978a0785884001a7099c4b9016f1a65a57390caf78c272cbf9711f94505dd525af1ff7d013438df5b844226f41b81e58eb73366", 0x4b}, {&(0x7f0000000540)="f2e659a0b00d26c2ee15", 0xa}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}, {&(0x7f0000001600)="f2964dd16e01d56b414499264923beda58d7da0313c1ccafe53965750f25bdaa6b56a87307ec23d48b6f35ce49a813a2bc3cb23fdf42826bdc16788ff466919594de5bf8a1fa5d825947271ade4a95efeb170c", 0xfffffd57}, {&(0x7f0000001340)="b8", 0x1}, {&(0x7f0000000500)="01", 0x1}, {&(0x7f0000000280)="87", 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000140), 0x1}, {&(0x7f0000000340)="e4", 0xfffffec2}], 0x2, 0x0, 0xffffff84}}], 0x5f, 0x4000000)

7.326880161s ago: executing program 0 (id=4558):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000480)="00d0954942b108d5185389ebdd8a5036c2fa43f51c5afb9821984d", 0x0, 0x0, 0x0, 0x8}, 0x31)

7.263378587s ago: executing program 0 (id=4559):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
setresgid(0xee00, 0xee01, 0x0)
unshare(0x400)
listen(r0, 0x0)
setresgid(0x0, 0x0, 0xee01)
listen(r0, 0x2)

7.262998867s ago: executing program 0 (id=4560):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0519, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4005, 0xb, 0x3, 0x2, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x50)

7.096868483s ago: executing program 0 (id=4563):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000000)='//sys\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x92ync_\x93\x96\xff\x92\xaf\x00\x04\x00\xf44.\x00'/46}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)

7.090009264s ago: executing program 0 (id=4565):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0xb, &(0x7f0000001200)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f00000002c0)='sched_switch\x00', r0}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0)
close(r3)
write(r1, 0x0, 0x0)

1.791072229s ago: executing program 4 (id=4682):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
sendmmsg$inet(r2, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r2, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)

1.727958655s ago: executing program 4 (id=4684):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
sync_file_range(r0, 0x6, 0x9fd, 0x3)

1.57096102s ago: executing program 4 (id=4689):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd26, 0x8000003, {0x0, 0x0, 0x0, r3, {0x0, 0xfff4}, {}, {0x1, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0x38, 0x2, [@TCA_BASIC_EMATCHES={0x34, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7f, 0x1, 0x8001}, {0x8, 0x6a6, 0xffff, 0x5, 0x3, 0x2}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0xffff, 0x0, 0x7540}}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24008004}, 0x0)

1.408583446s ago: executing program 4 (id=4705):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dc470d00281f324, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2, 0x0, 0x20000000}, 0x18)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0)

1.213171034s ago: executing program 8 (id=4696):
r0 = gettid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

1.082867547s ago: executing program 8 (id=4699):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001400000000114000000020a090100000000000000"], 0xd4}}, 0x8818)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

781.700956ms ago: executing program 9 (id=4702):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000c000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x44051}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}}, 0x40)
close_range(r1, 0xffffffffffffffff, 0x0)

721.419371ms ago: executing program 9 (id=4704):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
mmap(&(0x7f0000007000/0x3000)=nil, 0x3000, 0x1000001, 0x11, r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb146000)
eventfd2(0x802, 0x800)

707.588072ms ago: executing program 2 (id=4706):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000})
socket(0x2, 0x800, 0x0)
setrlimit(0x40000000000008, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000400)=0x5, 0x4)

632.751909ms ago: executing program 9 (id=4707):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0x20000002})

624.21437ms ago: executing program 9 (id=4708):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000043c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)={0x2c, r3, 0xcd3a991b146a25f, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008804}, 0x40000a4)

575.614355ms ago: executing program 2 (id=4709):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002e40)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b332ebd700000000000150000000c009900040000003a00000004001d"], 0x38}}, 0x40000)

563.812226ms ago: executing program 9 (id=4710):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2b}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x58}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050)
chdir(&(0x7f0000000140)='./bus\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@gettfilter={0x24, 0x2e, 0x800, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xa, 0xa}, {0xd, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

465.865676ms ago: executing program 2 (id=4711):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bind$packet(r0, &(0x7f0000000040)={0x11, 0x1, r1, 0x1, 0x9}, 0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
recvfrom(r0, &(0x7f0000000280)=""/5, 0x5, 0x0, &(0x7f00000002c0)=@phonet={0x23, 0x5, 0x40, 0x6}, 0x80)

408.558701ms ago: executing program 9 (id=4712):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
sendmsg$IPSET_CMD_GET_BYNAME(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, 0xe, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x20000840)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)
ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000000)={0x5, 0x9, 0x3, 0x3})

344.645828ms ago: executing program 4 (id=4713):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy")
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
lseek(r2, 0x5, 0x4)

185.667682ms ago: executing program 8 (id=4714):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
link(0x0, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

171.487314ms ago: executing program 2 (id=4715):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n\x00'], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x1)

170.766284ms ago: executing program 8 (id=4716):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952b, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)

164.568804ms ago: executing program 4 (id=4717):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f00000001c0)="f1", 0x1)
sendfile(r2, r0, 0x0, 0x40001)
sendfile(r2, r1, 0x0, 0x7ffff000)

90.366121ms ago: executing program 8 (id=4718):
r0 = socket$kcm(0x2d, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)="d8001c00180081064e81f7050044fd56170d12a0b9b54570", 0x18}], 0x1}, 0x20004)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r3, r2})

89.402931ms ago: executing program 2 (id=4719):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x5}, 0x18)
r2 = mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x120, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x6, 0x0)
mq_timedreceive(r2, &(0x7f000001a600)=""/102385, 0x18ff1, 0x0, 0x0)

689.83µs ago: executing program 8 (id=4720):
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x2040c4, &(0x7f0000000180)=ANY=[], 0xfd, 0x652, &(0x7f0000000340)="$eJzs3ctu2+j5x/EfZdlW/Mc/KNpiEASZ5J2kAzhoqkjyxIGRLspSlM2pJAokXdhAgUE6sQdB5EybpEDjzcCbHoDpDXRTzKaLXkSBrrvvBXRZYNDuCnSjgidbso5OZLvtfD+CQ4p8yPd5SYcPaImkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALKdeqVQtNb329o4Zz6kHfmvC/HRti7qbjtyd2q5kxT8qlXQtnXTtmyez34n/ua0b6bsbKsWDkg7/752vPfpGsZAvPyGhN6GzrvDl68Nnj7vdvRdzTuSCPdZwz1WYYcFNt+2FvteyN13jhb7ZWF+v3N9qhKbhNd1wN4zclnECtxD5gVl17prqxsaaccu7/nZ7s2433Xziw+/UKpV18+Fytvvvf1gOnS2v2fTam0lMPDuOeWg+/1Ea4totY/afdvfWpiUZB1VnCapNC6pVarVqtVarrj/YeLCgSnFgwsNKpVg5RUMRc/+lxX+Z+R28gbdUiOv/Xy2pqZLa2taOzMiXo7oC+WrlU4qD8zN5/X//vjux3f76n1f5ayezryup/zfTdzfH1f8xuRqZZIFRc6wx09/s9VKvdahneqyuutrTi/ms99b8MjzHV0HalIqSp1C+PLVka1OuTDbFaEPrWldFH2lLDYUyashTU65C7SpUJFetZJ8EcmUrkq9ARqtydFdGVW1oQ2syclXWrnxtq61N1WXrn71eb19Pk+2+NiFP5UHVWYJqE4KGink24cefpb+n1P+vsBvqq+2TAud27AbeVi87/z+jW+eTDQAAAAAAOA9W8td3K/ns/l1JPTW8plu57LQAAAAAAMAcJZ/834gHi/HYu7LGnP/3Lj43AAAAAAAwH1ZyjZ0laWUxm5RfCTXLlwAWzjk9AAAAAAAwB8nn/zeXpF5y77VbsvrO/xcvOzsAAAAAADAPv+q7x34xv8duL/9YvyAp7Cxbf/z7soJF66iz8y3rwI7n2AdZzNA3AKLGdetqdqPeZLAkKXnnuIvWyYMBrOSnlL75cn/avf6t4FQCSwv5ny+mJbBezN7pc72XxryXtfvksKBkTtrKSsNrumXHbz6qyravFiJ3J/rZ86c/l4Ljfu4/7e6VP/60+yTJ5SiedHQQ5/HZQDqFabm8Su63kFxzMarHV9TIm/x1u7ViJe1W8v4vyD4o9Dc0W/9/odtpzO2VdLhymO+BpP+luP/VcrLLTnqf3B3COsmierrno3bEmCxKSRZ30pg7q3fSQZ5flsW3F6RaeXgfBP1Z1PqzmL4trH8MbYspWcTbYi3O4k/xisZksXa2LIb2CABclv2TKpTcxHz4Hvun6+6bHOWmV/fvDbby6re99ILDBamYfTYxsZWS4iP6ahqzpOTAWrw+4oheyepKSWOO6JWB6vaXJI1Zq1vc1h9OnoGUpT2Uxb96vd6jatLub05V1S/iBb4YW1XDZm0h3oT3Xx38JLkBfuyTvU/2ntdqa+uVDyqVBzUtJt3IBtQeAMAI05+xMzXC+uD4rPrJ395PxwYq3tePv1JQ1sf6VF090b38EQK3Rq91pe9rCPeGz1rj2CvSqdjfLere2LO6pJb2rbd2HJt/zeH0GeBJ7No57wUAAC7W7Sl1eJb6fy8/7169PvK8e7CWn35C8IjY/4+nVy92QwAA8BXiBl9aK9EvrSDwOh9VNzaqdrTlmsB3fmACr77pGq8duYGzZbc3XdMJ/Mh3/KbpBFr26m5owu1Oxw8i0/AD0/FDbyd58rvJHv0eui27HXlO2Gm6dugax29HthOZuhc6prP9/aYXbrlBsnDYcR2v4Tl25PltE/rbgeOWjQldty/Qq7vtyGt48WjbdAKvZQe75od+c7vlmrobOoHXifx0hXlbXrvhB61ktWX1zvygQwAA/he9fH347HG3u/diwsiRpsdkI0ujVnjZfQQAAIOo0gAAAAAAAAAAAAAAAAAAAAAA/Oeb5fq/M40sjrpYUDqe8tOrM63H0rwTO8tI4c0X//OEmCvHU/LN3x9zNN9eFDVDcBZTnP82vKLC7JeNzmHku/vpFh0bE88cOWv5eF8U5//fIR55/vsxs3q9Xm/y4suD23BpUgcHR4qSXiy9xS64nOMRgIvz7wAAAP//b4FDwg==")
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070080000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_free\x00', r0, 0x0, 0x10000000ca38}, 0x18)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file1\x00', 0x0, 0x0)

0s ago: executing program 2 (id=4721):
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0xa4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x74, 0x2, [@TCA_FLOWER_ACT={0x70, 0x3, [@m_connmark={0x6c, 0x1, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x15, 0x1, {{0x1, 0x1, 0x7, 0xfc, 0x3}, 0xb}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8001, 0x80000001, 0x8, 0xf7a, 0x2a7}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0xa4}}, 0x24000000)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

kernel console output (not intermixed with test programs):

766410961.011:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10355 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaef76f749 code=0x7ffc0000
[  148.331004][T10360] syzkaller0: entered promiscuous mode
[  148.336808][T10360] syzkaller0: entered allmulticast mode
[  148.463445][T10369] pim6reg: entered allmulticast mode
[  148.471182][T10369] pim6reg: left allmulticast mode
[  148.664902][   T29] audit: type=1326 audit(1766410961.441:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.5.2636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  148.698213][   T29] audit: type=1326 audit(1766410961.441:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.5.2636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  148.721849][   T29] audit: type=1326 audit(1766410961.441:2850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.5.2636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  148.745573][   T29] audit: type=1326 audit(1766410961.441:2851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.5.2636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  148.769196][   T29] audit: type=1326 audit(1766410961.441:2852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.5.2636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  148.774072][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  148.792763][   T29] audit: type=1326 audit(1766410961.441:2853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.5.2636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  148.804718][ T3542] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  148.828924][T10280] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  148.872417][T10274] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  148.888214][T10274] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  148.898925][T10274] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  148.912652][T10274] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  148.965563][T10274] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.977810][T10274] 8021q: adding VLAN 0 to HW filter on device team0
[  148.988474][ T4558] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.995639][ T4558] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.016355][ T4547] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.023475][ T4547] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.056748][T10274] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  149.149041][T10274] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.411019][T10482] loop5: detected capacity change from 0 to 512
[  149.424150][T10482] EXT4-fs: Ignoring removed i_version option
[  149.513002][T10482] EXT4-fs (loop5): orphan cleanup on readonly fs
[  149.532693][T10274] veth0_vlan: entered promiscuous mode
[  149.539164][T10482] EXT4-fs warning (device loop5): ext4_xattr_inode_get:560: inode #11: comm syz.5.2647: EA inode hash validation failed
[  149.555945][T10274] veth1_vlan: entered promiscuous mode
[  149.581706][T10512] loop8: detected capacity change from 0 to 512
[  149.592893][ T4554] Bluetooth: hci0: Frame reassembly failed (-84)
[  149.607453][T10274] veth0_macvtap: entered promiscuous mode
[  149.616677][T10482] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  149.632392][T10274] veth1_macvtap: entered promiscuous mode
[  149.656250][T10274] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.669653][T10482] EXT4-fs error (device loop5): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.5.2647: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  149.708267][T10482] EXT4-fs (loop5): Remounting filesystem read-only
[  149.714956][T10482] EXT4-fs warning (device loop5): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.5.2647: ea_inode dec ref err=-117
[  149.730084][T10274] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.751574][ T4538] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.782603][ T4538] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.795193][T10482] EXT4-fs warning (device loop5): ext4_evict_inode:273: xattr delete (err -30)
[  149.824075][ T4538] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.835148][T10482] EXT4-fs (loop5): 1 orphan inode deleted
[  149.841512][T10482] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  149.853051][ T4538] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.910875][T10542] loop2: detected capacity change from 0 to 128
[  149.921552][ T8965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.931600][T10543] xt_hashlimit: size too large, truncated to 1048576
[  150.212929][T10571] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.2669'.
[  150.222623][T10571] netlink: zone id is out of range
[  150.227801][T10571] netlink: zone id is out of range
[  150.237102][T10571] netlink: zone id is out of range
[  150.242298][T10571] netlink: zone id is out of range
[  150.268592][T10571] netlink: set zone limit has 8 unknown bytes
[  150.335721][T10581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2674'.
[  150.372778][T10581] bond2: entered promiscuous mode
[  150.380652][T10581] 8021q: adding VLAN 0 to HW filter on device bond2
[  150.393702][T10581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2674'.
[  150.402894][T10581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2674'.
[  150.814764][T10619] netlink: 'syz.5.2689': attribute type 4 has an invalid length.
[  150.880999][T10626] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  150.933834][ T4554] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  150.961712][ T4554] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  150.972408][ T4554] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  150.981807][ T4554] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  151.120393][T10646] loop9: detected capacity change from 0 to 1024
[  151.127108][T10646] EXT4-fs: Ignoring removed orlov option
[  151.136400][T10646] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.278974][T10643] loop5: detected capacity change from 0 to 32768
[  151.335103][T10643]  loop5: p1 p2 p3 < p5 p6 p7 >
[  151.350397][T10643] loop5: p2 size 16775168 extends beyond EOD, truncated
[  151.383228][T10643] loop5: p5 start 4294970168 is beyond EOD, truncated
[  151.523692][T10660] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2718'.
[  151.540280][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.573140][T10666] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2712'.
[  151.634411][ T3542] Bluetooth: hci0: command 0x1003 tx timeout
[  151.640493][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  151.689373][T10687] loop2: detected capacity change from 0 to 512
[  151.707358][T10687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  151.720231][T10687] ext4 filesystem being mounted at /412/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.724358][T10691] xt_hashlimit: size too large, truncated to 1048576
[  151.825017][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  151.840144][T10695] netlink: 68 bytes leftover after parsing attributes in process `syz.8.2726'.
[  151.882316][T10700] netlink: 'syz.8.2728': attribute type 4 has an invalid length.
[  151.939601][T10705] geneve2: entered promiscuous mode
[  151.945082][T10705] geneve2: entered allmulticast mode
[  151.976605][T10707] loop8: detected capacity change from 0 to 512
[  152.003532][T10709] loop9: detected capacity change from 0 to 512
[  152.006643][T10707] EXT4-fs: Ignoring removed orlov option
[  152.015611][T10707] EXT4-fs: Ignoring removed mblk_io_submit option
[  152.026501][T10707] EXT4-fs error (device loop8): ext4_iget_extra_inode:5073: inode #15: comm syz.8.2730: corrupted in-inode xattr: e_value size too large
[  152.041057][T10707] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.2730: couldn't read orphan inode 15 (err -117)
[  152.042726][ T4554] Bluetooth: hci0: Frame reassembly failed (-84)
[  152.060619][T10707] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.103527][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.159714][T10718] loop2: detected capacity change from 0 to 512
[  152.196586][T10718] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.217848][T10718] ext4 filesystem being mounted at /416/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.249185][T10718] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.2735: corrupted xattr block 6: invalid header
[  152.275352][T10718] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  152.287569][T10732] loop8: detected capacity change from 0 to 2048
[  152.305712][T10718] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.2735: corrupted xattr block 6: invalid header
[  152.307538][T10732] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.331541][T10718] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  152.344205][T10718] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.2735: corrupted xattr block 6: invalid header
[  152.373521][T10718] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  152.425314][T10718] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.2735: corrupted xattr block 6: invalid header
[  152.473833][T10718] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  152.503175][T10718] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.2735: corrupted xattr block 6: invalid header
[  152.530728][T10741] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  152.534671][T10718] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  152.565701][T10718] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.2735: corrupted xattr block 6: invalid header
[  152.584420][T10743] veth1_macvtap: left promiscuous mode
[  152.594372][T10743] macsec0: entered promiscuous mode
[  152.635496][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.695297][T10747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2742'.
[  152.730373][T10751] FAT-fs (loop5): Directory bread(block 64) failed
[  152.746775][T10751] FAT-fs (loop5): Directory bread(block 65) failed
[  152.753420][T10751] FAT-fs (loop5): Directory bread(block 66) failed
[  152.760865][T10751] FAT-fs (loop5): Directory bread(block 67) failed
[  152.767946][T10751] FAT-fs (loop5): Directory bread(block 68) failed
[  152.777803][T10751] FAT-fs (loop5): Directory bread(block 69) failed
[  152.784562][T10751] FAT-fs (loop5): Directory bread(block 70) failed
[  152.791984][T10751] FAT-fs (loop5): Directory bread(block 71) failed
[  152.798883][T10751] FAT-fs (loop5): Directory bread(block 72) failed
[  152.812279][T10751] FAT-fs (loop5): Directory bread(block 73) failed
[  152.839833][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.868230][T10751] syz.5.2744: attempt to access beyond end of device
[  152.868230][T10751] loop5: rw=8390659, sector=1224, nr_sectors = 32 limit=256
[  152.883147][T10751] syz.5.2744: attempt to access beyond end of device
[  152.883147][T10751] loop5: rw=8390659, sector=1288, nr_sectors = 32 limit=256
[  152.898222][T10751] syz.5.2744: attempt to access beyond end of device
[  152.898222][T10751] loop5: rw=8390659, sector=1352, nr_sectors = 32 limit=256
[  152.912875][T10751] syz.5.2744: attempt to access beyond end of device
[  152.912875][T10751] loop5: rw=8390659, sector=1416, nr_sectors = 32 limit=256
[  152.929090][T10751] syz.5.2744: attempt to access beyond end of device
[  152.929090][T10751] loop5: rw=8390659, sector=1448, nr_sectors = 32 limit=256
[  152.953385][T10760] syz.5.2744: attempt to access beyond end of device
[  152.953385][T10760] loop5: rw=2049, sector=1256, nr_sectors = 32 limit=256
[  152.988258][T10760] syz.5.2744: attempt to access beyond end of device
[  152.988258][T10760] loop5: rw=2049, sector=1320, nr_sectors = 32 limit=256
[  153.014156][T10760] syz.5.2744: attempt to access beyond end of device
[  153.014156][T10760] loop5: rw=2049, sector=1384, nr_sectors = 32 limit=256
[  153.028686][T10768] netlink: 27 bytes leftover after parsing attributes in process `syz.8.2752'.
[  153.044410][T10751] syz.5.2744: attempt to access beyond end of device
[  153.044410][T10751] loop5: rw=8390659, sector=1256, nr_sectors = 32 limit=256
[  153.059321][T10751] syz.5.2744: attempt to access beyond end of device
[  153.059321][T10751] loop5: rw=8390659, sector=1320, nr_sectors = 32 limit=256
[  153.111406][T10778] geneve2: entered promiscuous mode
[  153.116803][T10778] geneve2: entered allmulticast mode
[  153.145834][T10780] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.149912][T10783] EXT4-fs: Ignoring removed orlov option
[  153.163637][T10783] EXT4-fs: Ignoring removed mblk_io_submit option
[  153.174688][T10783] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #15: comm syz.2.2760: corrupted in-inode xattr: e_value size too large
[  153.189641][T10783] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2760: couldn't read orphan inode 15 (err -117)
[  153.214522][T10783] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.275941][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.399543][ T8965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.445682][T10800] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.490162][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  153.490180][   T29] audit: type=1400 audit(1766410966.261:2887): avc:  denied  { append } for  pid=10799 comm="syz.5.2766" path="/142/file0/hugetlb.2MB.usage_in_bytes" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  153.528412][T10800] netlink: 'syz.5.2766': attribute type 10 has an invalid length.
[  153.536432][T10800] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2766'.
[  153.536477][   T29] audit: type=1400 audit(1766410966.301:2888): avc:  denied  { ioctl } for  pid=10799 comm="syz.5.2766" path="/142/file0/hugetlb.2MB.usage_in_bytes" dev="loop5" ino=18 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  153.578695][T10800] batman_adv: batadv0: Adding interface: veth1_vlan
[  153.585655][T10800] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  153.612574][T10800] batman_adv: batadv0: Interface activated: veth1_vlan
[  153.649149][ T8965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.908871][T10819] geneve4: entered promiscuous mode
[  153.914248][T10819] geneve4: entered allmulticast mode
[  154.113933][ T3542] Bluetooth: hci0: command 0x1003 tx timeout
[  154.119988][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  154.301896][   T29] audit: type=1400 audit(1766410967.071:2889): avc:  denied  { ioctl } for  pid=10850 comm="syz.9.2788" path="socket:[34238]" dev="sockfs" ino=34238 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  154.332962][T10855] program syz.2.2789 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  154.354714][   T29] audit: type=1326 audit(1766410967.131:2890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.415660][   T29] audit: type=1326 audit(1766410967.151:2891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.439372][   T29] audit: type=1326 audit(1766410967.151:2892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.463202][   T29] audit: type=1326 audit(1766410967.151:2893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.486843][   T29] audit: type=1326 audit(1766410967.151:2894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.510635][   T29] audit: type=1326 audit(1766410967.151:2895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.534383][   T29] audit: type=1326 audit(1766410967.151:2896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10858 comm="syz.9.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  154.607737][T10871] netlink: 'syz.0.2799': attribute type 10 has an invalid length.
[  154.635492][T10871] batman_adv: batadv0: Adding interface: veth1_vlan
[  154.642196][T10871] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  154.671296][T10871] batman_adv: batadv0: Interface activated: veth1_vlan
[  154.714254][T10887] set_capacity_and_notify: 5 callbacks suppressed
[  154.714273][T10887] loop8: detected capacity change from 0 to 512
[  154.756694][T10887] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.793569][T10887] ext4 filesystem being mounted at /327/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.846653][T10887] EXT4-fs error (device loop8): ext4_xattr_block_get:597: inode #12: comm syz.8.2806: corrupted xattr block 6: invalid header
[  154.864637][T10887] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=12
[  154.873993][T10887] EXT4-fs error (device loop8): ext4_xattr_block_get:597: inode #12: comm syz.8.2806: corrupted xattr block 6: invalid header
[  154.894701][T10887] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=12
[  154.904064][T10887] EXT4-fs error (device loop8): ext4_xattr_block_get:597: inode #12: comm syz.8.2806: corrupted xattr block 6: invalid header
[  154.930432][T10887] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=12
[  154.950556][T10887] EXT4-fs error (device loop8): ext4_xattr_block_get:597: inode #12: comm syz.8.2806: corrupted xattr block 6: invalid header
[  154.964798][T10887] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=12
[  154.984378][T10887] EXT4-fs error (device loop8): ext4_xattr_block_get:597: inode #12: comm syz.8.2806: corrupted xattr block 6: invalid header
[  155.014141][T10887] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=12
[  155.029917][T10920] loop2: detected capacity change from 0 to 2048
[  155.035370][T10887] EXT4-fs error (device loop8): ext4_xattr_block_get:597: inode #12: comm syz.8.2806: corrupted xattr block 6: invalid header
[  155.063977][T10920] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.088367][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.106765][T10920] netlink: 'syz.2.2821': attribute type 10 has an invalid length.
[  155.116327][T10920] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check.
[  155.136989][T10925] loop8: detected capacity change from 0 to 1024
[  155.156742][T10925] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.172290][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.208364][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.218047][T10931] loop2: detected capacity change from 0 to 256
[  155.231730][T10931] FAT-fs (loop2): Directory bread(block 64) failed
[  155.238661][T10931] FAT-fs (loop2): Directory bread(block 65) failed
[  155.245447][T10931] FAT-fs (loop2): Directory bread(block 66) failed
[  155.252145][T10931] FAT-fs (loop2): Directory bread(block 67) failed
[  155.259122][T10931] FAT-fs (loop2): Directory bread(block 68) failed
[  155.265989][T10931] FAT-fs (loop2): Directory bread(block 69) failed
[  155.272800][T10931] FAT-fs (loop2): Directory bread(block 70) failed
[  155.279752][T10931] FAT-fs (loop2): Directory bread(block 71) failed
[  155.286393][T10931] FAT-fs (loop2): Directory bread(block 72) failed
[  155.292965][T10931] FAT-fs (loop2): Directory bread(block 73) failed
[  155.373134][T10943] __nla_validate_parse: 2 callbacks suppressed
[  155.373171][T10943] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2829'.
[  155.449250][T10947] loop8: detected capacity change from 0 to 128
[  155.464674][T10949] netlink: 'syz.2.2840': attribute type 3 has an invalid length.
[  155.560890][T10954] SELinux: failed to load policy
[  155.656253][T10959] infiniband !yz!: set active
[  155.661024][T10959] infiniband !yz!: added team_slave_0
[  155.687103][T10959] RDS/IB: !yz!: added
[  155.692332][T10959] smc: adding ib device !yz! with port count 1
[  155.707500][T10959] smc:    ib device !yz! port 1 has no pnetid
[  155.829857][T10973] loop8: detected capacity change from 0 to 2048
[  155.887121][T10973] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.913757][T10973] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.994087][T10984] loop9: detected capacity change from 0 to 128
[  156.159133][ T4578] buffer_io_error: 21 callbacks suppressed
[  156.159149][ T4578] Buffer I/O error on dev loop9, logical block 584, lost async page write
[  156.227337][T10999] bond1: entered promiscuous mode
[  156.232426][T10999] bond1: entered allmulticast mode
[  156.238477][T10999] 8021q: adding VLAN 0 to HW filter on device bond1
[  156.256430][T10999] bond1 (unregistering): Released all slaves
[  156.290983][T11005] bridge0: port 4(batadv0) entered blocking state
[  156.297644][T11005] bridge0: port 4(batadv0) entered disabled state
[  156.310089][T11005] batadv0: entered allmulticast mode
[  156.317402][T11005] batadv0: entered promiscuous mode
[  156.346859][T11010] netlink: 'syz.5.2856': attribute type 29 has an invalid length.
[  156.441083][T11025] netlink: 64 bytes leftover after parsing attributes in process `syz.9.2862'.
[  156.477817][T11023] hub 2-0:1.0: USB hub found
[  156.482545][T11023] hub 2-0:1.0: 8 ports detected
[  156.535393][T11034] bond2: entered promiscuous mode
[  156.540500][T11034] bond2: entered allmulticast mode
[  156.546776][T11034] 8021q: adding VLAN 0 to HW filter on device bond2
[  156.557541][T11034] bond2 (unregistering): Released all slaves
[  156.648437][T11044] loop2: detected capacity change from 0 to 1024
[  156.667644][T11044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.668671][T11048] loop5: detected capacity change from 0 to 512
[  156.724860][ T4582] Bluetooth: hci0: Frame reassembly failed (-84)
[  156.753792][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.794200][ T4554] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  156.803482][ T4554] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  157.467644][T11084] loop9: detected capacity change from 0 to 1024
[  157.485724][T11084] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.522717][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.549596][T11090] bridge0: port 3(batadv1) entered blocking state
[  157.556331][T11090] bridge0: port 3(batadv1) entered disabled state
[  157.563014][T11090] batadv1: entered allmulticast mode
[  157.569545][T11090] batadv1: entered promiscuous mode
[  157.693235][T11100] netlink: 'syz.8.2893': attribute type 10 has an invalid length.
[  157.705312][T11100] netlink: 'syz.8.2893': attribute type 10 has an invalid length.
[  157.713800][T11100] team0: Port device dummy0 removed
[  157.721764][T11100] .`: (slave dummy0): Enslaving as an active interface with an up link
[  157.781239][T11111] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  157.923681][T11131] netlink: 'syz.0.2908': attribute type 10 has an invalid length.
[  157.939406][T11131] team0: Port device dummy0 added
[  157.948302][T11131] netlink: 'syz.0.2908': attribute type 10 has an invalid length.
[  157.960071][T11131] team0: Port device dummy0 removed
[  157.968076][T11131] dummy0: entered promiscuous mode
[  157.974348][T11131] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  158.053933][ T4575] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  158.063212][ T4575] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  158.674409][   T29] kauditd_printk_skb: 152 callbacks suppressed
[  158.674455][   T29] audit: type=1326 audit(1766410971.451:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.720588][   T29] audit: type=1326 audit(1766410971.481:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.744839][   T29] audit: type=1326 audit(1766410971.481:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.768480][   T29] audit: type=1326 audit(1766410971.481:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.792022][   T29] audit: type=1326 audit(1766410971.481:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.797999][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  158.815672][   T29] audit: type=1326 audit(1766410971.481:3054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.822550][ T3542] Bluetooth: hci0: command 0x1003 tx timeout
[  158.845306][   T29] audit: type=1326 audit(1766410971.481:3055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.874741][   T29] audit: type=1326 audit(1766410971.481:3056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.898303][   T29] audit: type=1326 audit(1766410971.481:3057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  158.921855][   T29] audit: type=1326 audit(1766410971.481:3058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11119 comm="syz.9.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  159.004558][T11154] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  159.248642][T11172] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  159.592539][T11205] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2942'.
[  159.640384][T11212] vlan2: entered allmulticast mode
[  159.650165][T11215] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2947'.
[  159.788201][T11232] loop2: detected capacity change from 0 to 764
[  159.808304][T11232] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2955'.
[  159.916536][T11247] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2962'.
[  159.925761][T11247] netem: change failed
[  159.950248][T11250] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2964'.
[  160.116869][T11266] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2969'.
[  160.184238][T11271] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  160.195436][T11269] IPVS: stopping master sync thread 11271 ...
[  160.291690][T11283] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11283 comm=syz.5.2978
[  160.304430][T11283] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11283 comm=syz.5.2978
[  160.390222][T11292] loop5: detected capacity change from 0 to 2048
[  160.477355][T11308] netlink: 'syz.9.2984': attribute type 9 has an invalid length.
[  160.485351][T11308] netlink: 16166 bytes leftover after parsing attributes in process `syz.9.2984'.
[  160.578850][T11322] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  160.657106][T11328] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2989'.
[  160.685092][T11328] netem: change failed
[  160.848169][T11343] hub 9-0:1.0: USB hub found
[  160.852971][T11343] hub 9-0:1.0: 8 ports detected
[  161.453104][T11391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3008'.
[  161.506234][T11396] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  161.517900][T11393] IPVS: stopping master sync thread 11396 ...
[  161.559084][T11402] xt_HMARK: spi-set and port-set can't be combined
[  161.570783][T11403] sg_write: data in/out 49276/1 bytes for SCSI command 0x6-- guessing data in;
[  161.570783][T11403]    program syz.9.3016 not setting count and/or reply_len properly
[  161.659837][T11411] loop9: detected capacity change from 0 to 512
[  161.667262][T11411] EXT4-fs: Ignoring removed oldalloc option
[  161.673295][T11411] EXT4-fs: Ignoring removed nomblk_io_submit option
[  161.683709][T11411] EXT4-fs error (device loop9): ext4_xattr_inode_iget:446: comm syz.9.3020: error while reading EA inode 32 err=-116
[  161.698162][T11411] EXT4-fs (loop9): Remounting filesystem read-only
[  161.705725][T11411] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  161.719001][T11411] EXT4-fs warning (device loop9): ext4_evict_inode:256: couldn't mark inode dirty (err -30)
[  161.729415][T11411] EXT4-fs (loop9): 1 orphan inode deleted
[  161.764718][T10274] EXT4-fs unmount: 3 callbacks suppressed
[  161.764734][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.696035][    C1] vcan0: j1939_tp_rxtimer: 0xffff88814b3c8a00: rx timeout, send abort
[  163.204308][    C1] vcan0: j1939_tp_rxtimer: 0xffff88814b3c8a00: abort rx timeout. Force session deactivation
[  163.771529][T11430] loop5: detected capacity change from 0 to 512
[  163.803083][T11430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.3036: error while reading EA inode 32 err=-116
[  163.816121][T11430] EXT4-fs (loop5): Remounting filesystem read-only
[  163.822662][T11430] EXT4-fs warning (device loop5): ext4_evict_inode:256: couldn't mark inode dirty (err -30)
[  163.844025][T11436] loop9: detected capacity change from 0 to 2048
[  163.854647][T11430] EXT4-fs (loop5): 1 orphan inode deleted
[  163.871422][T11430] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.964527][T11430] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.975465][T11436] Alternate GPT is invalid, using primary GPT.
[  163.981961][T11436]  loop9: p2 p3 p7
[  164.073015][   T29] kauditd_printk_skb: 114 callbacks suppressed
[  164.073030][   T29] audit: type=1326 audit(1766410976.841:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.084448][T11443] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3031'.
[  164.154700][T11445] loop9: detected capacity change from 0 to 512
[  164.162501][T11445] EXT4-fs: Ignoring removed i_version option
[  164.176147][T11445] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  164.194219][   T29] audit: type=1326 audit(1766410976.851:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.217795][   T29] audit: type=1326 audit(1766410976.851:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.241548][   T29] audit: type=1326 audit(1766410976.881:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.265308][   T29] audit: type=1326 audit(1766410976.881:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.288875][   T29] audit: type=1326 audit(1766410976.881:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.312433][   T29] audit: type=1326 audit(1766410976.881:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.335979][   T29] audit: type=1326 audit(1766410976.881:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.359711][   T29] audit: type=1326 audit(1766410976.901:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.383311][   T29] audit: type=1326 audit(1766410976.901:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.9.3032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  164.414783][T11445] EXT4-fs (loop9): 1 truncate cleaned up
[  164.448396][T11445] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.495675][T11465] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3042'.
[  164.527988][T11473] netem: incorrect gi model size
[  164.533005][T11473] netem: change failed
[  164.538701][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.588354][T11479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3050'.
[  164.607286][T11481] loop2: detected capacity change from 0 to 128
[  164.616831][ T4558] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  164.636444][ T4558] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  164.657761][ T4558] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  164.691637][ T4558] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  164.791368][T11499] SELinux: failed to load policy
[  164.901054][T11512] SELinux: failed to load policy
[  164.909348][T11513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.932749][T11513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.958675][T11515] vlan1: entered allmulticast mode
[  164.963880][T11515] bridge_slave_0: entered allmulticast mode
[  164.983803][T11517] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  165.395137][T11546] Falling back ldisc for ttyS3.
[  165.449807][T11550] netlink: 'syz.0.3083': attribute type 3 has an invalid length.
[  165.627231][T11568] netlink: 'syz.9.3090': attribute type 1 has an invalid length.
[  165.641801][T11570] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3091'.
[  165.656311][T11570] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3091'.
[  165.670543][T11568] 8021q: adding VLAN 0 to HW filter on device bond1
[  165.686182][T11568] bond1: option tlb_dynamic_lb: unable to set because the bond device is up
[  165.726136][T11579] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  165.790605][T11582] loop9: detected capacity change from 0 to 1024
[  165.798047][T11582] EXT4-fs (loop9): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  165.809035][T11582] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  165.819700][T11582] JBD2: no valid journal superblock found
[  165.825621][T11582] EXT4-fs (loop9): Could not load journal inode
[  165.837029][T11582] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  166.155154][T11630] loop9: detected capacity change from 0 to 1024
[  166.161927][T11630] EXT4-fs: Ignoring removed nobh option
[  166.176382][T11630] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.196114][T11630] EXT4-fs (loop9): pa ffff888106104380: logic 1, phys. 129, len 4
[  166.204040][T11630] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:5466: group 0, free 2, pa_free 3
[  166.214267][T11630] EXT4-fs (loop9): Remounting filesystem read-only
[  166.221030][T11630] EXT4-fs warning (device loop9): ext4_xattr_inode_lookup_create:1606: inode #19: comm syz.9.3117: cleanup dec ref error -30
[  166.247326][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.271753][T11639] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3119'.
[  166.280801][T11639] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3119'.
[  166.289834][T11639] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3119'.
[  166.298772][T11639] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3119'.
[  166.390744][T11647] vlan2: entered allmulticast mode
[  166.504836][T11654] loop8: detected capacity change from 0 to 512
[  166.511893][T11654] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  166.526393][T11654] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  166.535493][T11654] System zones: 1-12
[  166.540176][T11654] EXT4-fs (loop8): 1 truncate cleaned up
[  166.546886][T11654] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.571188][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.589085][T11657] netlink: 'syz.8.3127': attribute type 1 has an invalid length.
[  166.602751][T11657] 8021q: adding VLAN 0 to HW filter on device bond1
[  166.615901][T11657] bond1: option tlb_dynamic_lb: unable to set because the bond device is up
[  166.828056][T11674] vlan2: entered allmulticast mode
[  167.014323][T11697] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  167.069152][T11703] loop5: detected capacity change from 0 to 2048
[  167.097421][T11703] Alternate GPT is invalid, using primary GPT.
[  167.103983][T11703]  loop5: p2 p3 p7
[  168.020128][T11747] serio: Serial port ptm1
[  168.132835][T11762] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3175'.
[  168.380248][T11799] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3191'.
[  168.477729][T11807] usb usb7: usbfs: process 11807 (syz.0.3196) did not claim interface 0 before use
[  168.605523][T11814] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  168.720735][T11822] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3204'.
[  168.745753][T11822] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  168.864160][T11835] loop5: detected capacity change from 0 to 512
[  168.874814][T11835] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  168.915008][T11835] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  168.924925][T11835] System zones: 1-12
[  168.947485][T11835] EXT4-fs (loop5): 1 truncate cleaned up
[  168.954092][T11835] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.004307][ T3542] Bluetooth: hci0: command 0x1003 tx timeout
[  169.010387][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  169.059040][ T8965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.077095][T11846] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  169.147746][   T29] kauditd_printk_skb: 271 callbacks suppressed
[  169.147764][   T29] audit: type=1326 audit(1766410981.921:3454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.228533][   T29] audit: type=1326 audit(1766410981.951:3455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.252138][   T29] audit: type=1326 audit(1766410981.951:3456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.275940][   T29] audit: type=1326 audit(1766410981.951:3457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.299502][   T29] audit: type=1326 audit(1766410981.961:3458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.323094][   T29] audit: type=1326 audit(1766410981.961:3459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.346728][   T29] audit: type=1326 audit(1766410981.961:3460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.370263][   T29] audit: type=1326 audit(1766410981.971:3461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.393797][   T29] audit: type=1326 audit(1766410981.971:3462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.417405][   T29] audit: type=1326 audit(1766410981.971:3463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11849 comm="syz.9.3216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  169.628215][ T4593] Bluetooth: hci0: Frame reassembly failed (-84)
[  170.093639][T11912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3243'.
[  170.646700][T11941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3255'.
[  171.335442][T11969] loop2: detected capacity change from 0 to 512
[  171.406451][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3270'.
[  171.415990][T11974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3270'.
[  171.444404][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3270'.
[  171.453327][T11974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3270'.
[  171.589733][T11989] syzkaller1: entered promiscuous mode
[  171.595363][T11989] syzkaller1: entered allmulticast mode
[  171.715752][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  172.033991][T12003] bond2: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  172.045693][T12003] bond2 (unregistering): Released all slaves
[  172.299520][T12014] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3287'.
[  172.742875][T12042] netlink: 64 bytes leftover after parsing attributes in process `syz.8.3300'.
[  172.834980][T12055] serio: Serial port ptm0
[  172.881588][T12060] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3308'.
[  172.913878][T12063] program syz.5.3319 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  172.970802][T12071] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  172.996532][T12071] bond3 (unregistering): Released all slaves
[  173.146618][T12086] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3317'.
[  173.850756][T12115] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  173.935456][ T4565] Bluetooth: hci0: Frame reassembly failed (-84)
[  173.960102][T12121] veth0: entered promiscuous mode
[  174.025729][T12120] veth0: left promiscuous mode
[  175.148807][T12157] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  175.413592][   T29] kauditd_printk_skb: 63 callbacks suppressed
[  175.413609][   T29] audit: type=1326 audit(1766410988.181:3527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.8.3355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.476203][   T29] audit: type=1326 audit(1766410988.221:3528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.8.3355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.499825][   T29] audit: type=1326 audit(1766410988.221:3529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.8.3355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.523388][   T29] audit: type=1326 audit(1766410988.221:3530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.8.3355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.546931][   T29] audit: type=1326 audit(1766410988.221:3531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.8.3355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.817424][T12196] netlink: 'syz.2.3365': attribute type 29 has an invalid length.
[  175.826468][T12196] netlink: 'syz.2.3365': attribute type 29 has an invalid length.
[  175.835285][T12196] netlink: 500 bytes leftover after parsing attributes in process `syz.2.3365'.
[  175.844438][T12196] unsupported nla_type 58
[  175.887113][   T29] audit: type=1326 audit(1766410988.661:3532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12204 comm="syz.8.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.912015][   T29] audit: type=1326 audit(1766410988.681:3533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12204 comm="syz.8.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.935718][   T29] audit: type=1326 audit(1766410988.681:3534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12204 comm="syz.8.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.960615][   T29] audit: type=1326 audit(1766410988.731:3535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12204 comm="syz.8.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  175.964106][ T3542] Bluetooth: hci0: command 0x1003 tx timeout
[  175.987153][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  176.010497][   T29] audit: type=1326 audit(1766410988.781:3536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12204 comm="syz.8.3369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  176.039905][T12205] loop8: detected capacity change from 0 to 512
[  176.066159][T12205] ------------[ cut here ]------------
[  176.071707][T12205] EA inode 11 i_nlink=2
[  176.071737][T12205] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x2e6/0x320, CPU#0: syz.8.3369/12205
[  176.086903][T12205] Modules linked in:
[  176.090839][T12205] CPU: 0 UID: 0 PID: 12205 Comm: syz.8.3369 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  176.100705][T12205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  176.111072][T12205] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320
[  176.117741][T12205] Code: 81 e2 9c ff 4c 8d 2d 3a f1 20 05 49 8d 7e 40 e8 81 6b b8 ff 49 8b 6e 40 4c 89 e7 e8 95 66 b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 8c ad ba 03 66 66 66 2e 0f 1f 84
[  176.137439][T12205] RSP: 0018:ffffc9000dc9b5a0 EFLAGS: 00010246
[  176.143580][T12205] RAX: ffff888133304c90 RBX: ffff88811a07ca78 RCX: ffffffff81bb1c6b
[  176.151758][T12205] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0d90
[  176.159829][T12205] RBP: 000000000000000b R08: 000188811a07ca2b R09: 0000000000000000
[  176.167870][T12205] R10: ffffc9000dc9b4d0 R11: 0001c9000dc9b4d0 R12: ffff88811a07ca28
[  176.175913][T12205] R13: ffffffff86dc0d90 R14: ffff88811a07c9e0 R15: 0000000000000001
[  176.183954][T12205] FS:  00007f5dc2b2f6c0(0000) GS:ffff8882aedc5000(0000) knlGS:0000000000000000
[  176.192933][T12205] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  176.199610][T12205] CR2: 00007f5dc40b2a60 CR3: 00000001307c6000 CR4: 00000000003506f0
[  176.207672][T12205] DR0: fffffffffffffffe DR1: 0000000000000000 DR2: 0000000000000000
[  176.215719][T12205] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  176.223711][T12205] Call Trace:
[  176.227061][T12205]  <TASK>
[  176.230023][T12205]  ext4_xattr_set_entry+0x77f/0x1020
[  176.235466][T12205]  ext4_xattr_ibody_set+0x184/0x3c0
[  176.240711][T12205]  ext4_expand_extra_isize_ea+0xcbb/0x11f0
[  176.246948][T12205]  __ext4_expand_extra_isize+0x246/0x280
[  176.252625][T12205]  __ext4_mark_inode_dirty+0x29d/0x3f0
[  176.258163][T12205]  ext4_evict_inode+0x7c4/0xd40
[  176.263093][T12205]  ? __pfx_ext4_evict_inode+0x10/0x10
[  176.268542][T12205]  evict+0x2af/0x510
[  176.272479][T12205]  ? __dquot_initialize+0x146/0x7c0
[  176.277821][T12205]  iput+0x4bd/0x650
[  176.281744][T12205]  ext4_process_orphan+0x1a9/0x1c0
[  176.286953][T12205]  ext4_orphan_cleanup+0x6a8/0xa00
[  176.292172][T12205]  ext4_fill_super+0x3411/0x37a0
[  176.297212][T12205]  ? set_blocksize+0x1a8/0x310
[  176.302035][T12205]  ? sb_set_blocksize+0xfc/0x170
[  176.307085][T12205]  ? setup_bdev_super+0x30e/0x370
[  176.312150][T12205]  ? __pfx_ext4_fill_super+0x10/0x10
[  176.317509][T12205]  get_tree_bdev_flags+0x291/0x300
[  176.322718][T12205]  ? __pfx_ext4_fill_super+0x10/0x10
[  176.328064][T12205]  get_tree_bdev+0x1f/0x30
[  176.332512][T12205]  ext4_get_tree+0x1c/0x30
[  176.337020][T12205]  vfs_get_tree+0x57/0x1d0
[  176.341629][T12205]  do_new_mount+0x24d/0x6a0
[  176.346218][T12205]  path_mount+0x4ab/0xb80
[  176.350596][T12205]  ? user_path_at+0xbf/0x130
[  176.355384][T12205]  __se_sys_mount+0x28c/0x2e0
[  176.360098][T12205]  __x64_sys_mount+0x67/0x80
[  176.364816][T12205]  x64_sys_call+0x2cca/0x3000
[  176.369537][T12205]  do_syscall_64+0xca/0x2b0
[  176.374172][T12205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.380305][T12205] RIP: 0033:0x7f5dc40d0eea
[  176.384839][T12205] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.404500][T12205] RSP: 002b:00007f5dc2b2ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  176.413057][T12205] RAX: ffffffffffffffda RBX: 00007f5dc2b2eef0 RCX: 00007f5dc40d0eea
[  176.421161][T12205] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f5dc2b2eeb0
[  176.429186][T12205] RBP: 0000200000000180 R08: 00007f5dc2b2eef0 R09: 0000000000800718
[  176.437807][T12205] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0
[  176.445884][T12205] R13: 00007f5dc2b2eeb0 R14: 000000000000046f R15: 0000200000000200
[  176.453990][T12205]  </TASK>
[  176.457069][T12205] ---[ end trace 0000000000000000 ]---
[  176.463170][T12205] EXT4-fs (loop8): 1 orphan inode deleted
[  176.469396][T12205] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.486891][T12224] xt_hashlimit: max too large, truncated to 1048576
[  176.502117][T12224] xt_CT: You must specify a L4 protocol and not use inversions on it
[  176.522248][T12205] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.632750][T12230] netlink: 68 bytes leftover after parsing attributes in process `syz.8.3380'.
[  176.896844][ T4565] Bluetooth: hci0: Frame reassembly failed (-84)
[  177.198879][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3399'.
[  177.207861][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3399'.
[  177.262228][T12283] vlan2: entered allmulticast mode
[  177.289295][T12286] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3403'.
[  177.893996][T12319] netlink: 'syz.0.3416': attribute type 29 has an invalid length.
[  177.916210][T12321] vlan2: entered allmulticast mode
[  177.986383][T12329] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3422'.
[  178.191616][T12344] sctp: [Deprecated]: syz.8.3429 (pid 12344) Use of struct sctp_assoc_value in delayed_ack socket option.
[  178.191616][T12344] Use struct sctp_sack_info instead
[  178.418801][T12370] vlan1: entered allmulticast mode
[  178.546339][T12376] SELinux: ebitmap: truncated map
[  178.553190][T12376] SELinux: failed to load policy
[  178.639334][T12383] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3448'.
[  178.750240][T12399] loop8: detected capacity change from 0 to 2048
[  178.766297][T12399] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.786834][T12399] EXT4-fs error (device loop8): ext4_find_extent:939: inode #2: comm syz.8.3455: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  178.803646][T12399] EXT4-fs (loop8): Remounting filesystem read-only
[  178.821962][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.847720][T12405] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3457'.
[  178.913988][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  179.075263][T12430] loop9: detected capacity change from 0 to 512
[  179.081881][T12430] EXT4-fs: Ignoring removed i_version option
[  179.088104][T12430] EXT4-fs: Ignoring removed bh option
[  179.107822][T12430] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.120693][T12430] ext4 filesystem being mounted at /167/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  179.150255][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.647568][T12453] loop2: detected capacity change from 0 to 512
[  179.657518][T12453] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  179.677421][T12453] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.690140][T12453] ext4 filesystem being mounted at /550/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  179.714395][T12461] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3481'.
[  179.864497][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.891437][T12475] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  179.956475][T12485] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3492'.
[  180.055094][T12499] netem: change failed
[  180.152162][T12510] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  180.281454][T12514] loop2: detected capacity change from 0 to 2048
[  180.319734][T12516] loop8: detected capacity change from 0 to 512
[  180.339112][T12514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.361835][T12516] EXT4-fs: Ignoring removed i_version option
[  180.367946][T12516] EXT4-fs: Ignoring removed bh option
[  180.403540][T12514] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.3506: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  180.424038][T12514] EXT4-fs (loop2): Remounting filesystem read-only
[  180.461754][T12516] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.480316][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.490200][T12516] ext4 filesystem being mounted at /466/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  180.513754][   T29] kauditd_printk_skb: 117 callbacks suppressed
[  180.513769][   T29] audit: type=1400 audit(1766410993.281:3654): avc:  denied  { name_connect } for  pid=12524 comm="syz.9.3510" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  180.578771][T12527] atomic_op ffff8881643b8928 conn xmit_atomic 0000000000000000
[  180.617019][T12488] Set syz1 is full, maxelem 65536 reached
[  180.622967][   T29] audit: type=1400 audit(1766410993.351:3655): avc:  denied  { create } for  pid=12526 comm="syz.2.3509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  180.642564][   T29] audit: type=1400 audit(1766410993.351:3656): avc:  denied  { bind } for  pid=12526 comm="syz.2.3509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  180.661920][   T29] audit: type=1400 audit(1766410993.351:3657): avc:  denied  { write } for  pid=12526 comm="syz.2.3509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  180.684739][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.727121][   T29] audit: type=1326 audit(1766410993.501:3658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12533 comm="syz.5.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  180.798173][   T29] audit: type=1326 audit(1766410993.521:3659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12533 comm="syz.5.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  180.821908][   T29] audit: type=1326 audit(1766410993.521:3660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12533 comm="syz.5.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  180.845483][   T29] audit: type=1326 audit(1766410993.521:3661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12533 comm="syz.5.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  180.869086][   T29] audit: type=1400 audit(1766410993.521:3662): avc:  denied  { watch } for  pid=12533 comm="syz.5.3515" path="/287" dev="tmpfs" ino=1503 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  180.891347][   T29] audit: type=1326 audit(1766410993.521:3663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12533 comm="syz.5.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac7d5f749 code=0x7ffc0000
[  180.938067][T12552] netlink: 'syz.5.3522': attribute type 12 has an invalid length.
[  180.965394][T12539] loop8: detected capacity change from 0 to 8192
[  181.024303][T12539]  loop8: p1 p2 p3 p4
[  181.029942][T12539] loop8: p3 start 331777 is beyond EOD, truncated
[  181.036491][T12539] loop8: p4 size 262144 extends beyond EOD, truncated
[  181.175749][T12566] __nla_validate_parse: 2 callbacks suppressed
[  181.175767][T12566] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3527'.
[  181.220081][T12566] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3527'.
[  181.299203][T12575] loop2: detected capacity change from 0 to 512
[  181.317695][T12578] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  181.326829][T12575] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  181.344303][T12575] EXT4-fs (loop2): mount failed
[  181.392097][T12583] loop5: detected capacity change from 0 to 128
[  181.414939][T12583] bio_check_eod: 353 callbacks suppressed
[  181.414960][T12583] syz.5.3534: attempt to access beyond end of device
[  181.414960][T12583] loop5: rw=2049, sector=154, nr_sectors = 6 limit=128
[  181.443645][T12583] syz.5.3534: attempt to access beyond end of device
[  181.443645][T12583] loop5: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  181.457467][T12583] Buffer I/O error on dev loop5, logical block 79, lost async page write
[  181.466653][T12583] syz.5.3534: attempt to access beyond end of device
[  181.466653][T12583] loop5: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  181.480395][T12583] Buffer I/O error on dev loop5, logical block 80, lost async page write
[  181.490162][T12583] syz.5.3534: attempt to access beyond end of device
[  181.490162][T12583] loop5: rw=2049, sector=162, nr_sectors = 6 limit=128
[  181.504276][T12583] syz.5.3534: attempt to access beyond end of device
[  181.504276][T12583] loop5: rw=8390657, sector=166, nr_sectors = 2 limit=128
[  181.518021][T12583] Buffer I/O error on dev loop5, logical block 83, lost async page write
[  181.526965][T12583] syz.5.3534: attempt to access beyond end of device
[  181.526965][T12583] loop5: rw=8390657, sector=168, nr_sectors = 2 limit=128
[  181.540711][T12583] Buffer I/O error on dev loop5, logical block 84, lost async page write
[  181.550161][T12583] syz.5.3534: attempt to access beyond end of device
[  181.550161][T12583] loop5: rw=2049, sector=186, nr_sectors = 6 limit=128
[  181.564492][T12583] syz.5.3534: attempt to access beyond end of device
[  181.564492][T12583] loop5: rw=8390657, sector=190, nr_sectors = 2 limit=128
[  181.578493][T12583] Buffer I/O error on dev loop5, logical block 95, lost async page write
[  181.604749][T12583] syz.5.3534: attempt to access beyond end of device
[  181.604749][T12583] loop5: rw=8390657, sector=192, nr_sectors = 2 limit=128
[  181.618527][T12583] Buffer I/O error on dev loop5, logical block 96, lost async page write
[  181.627567][T12583] syz.5.3534: attempt to access beyond end of device
[  181.627567][T12583] loop5: rw=2049, sector=194, nr_sectors = 6 limit=128
[  181.647358][T12583] Buffer I/O error on dev loop5, logical block 99, lost async page write
[  181.657984][T12583] Buffer I/O error on dev loop5, logical block 100, lost async page write
[  181.667947][T12583] Buffer I/O error on dev loop5, logical block 111, lost async page write
[  181.689710][T12583] Buffer I/O error on dev loop5, logical block 112, lost async page write
[  181.817348][T12611] netlink: 'syz.2.3546': attribute type 12 has an invalid length.
[  181.961826][ T7046] IPVS: starting estimator thread 0...
[  182.070149][T12623] IPVS: using max 2256 ests per chain, 112800 per kthread
[  182.085476][T12637] loop8: detected capacity change from 0 to 128
[  182.169708][T12646] netlink: 'syz.9.3562': attribute type 12 has an invalid length.
[  182.302973][T12650] loop5: detected capacity change from 0 to 2048
[  182.356039][ T3403] IPVS: starting estimator thread 0...
[  182.384880][T12650]  loop5: p2 p3 < > p4 < p5 >
[  182.389629][T12650] loop5: partition table partially beyond EOD, truncated
[  182.426652][T12650] loop5: p3 start 4284289 is beyond EOD, truncated
[  182.444242][T12660] IPVS: using max 2208 ests per chain, 110400 per kthread
[  182.724816][T12693] netlink: 'syz.8.3580': attribute type 12 has an invalid length.
[  182.798753][T12698] atomic_op ffff888141413d28 conn xmit_atomic 0000000000000000
[  182.824506][ T4538] Bluetooth: hci0: Frame reassembly failed (-84)
[  183.104159][T12707]  loop9: p2 p3 < > p4 < p5 >
[  183.108916][T12707] loop9: partition table partially beyond EOD, truncated
[  183.134601][T12707] loop9: p3 start 4284289 is beyond EOD, truncated
[  183.321585][T12719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3591'.
[  183.338599][T12721] netlink: 'syz.5.3593': attribute type 1 has an invalid length.
[  183.468139][T12727] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3596'.
[  183.565998][T12733] rtc_cmos 00:00: Alarms can be up to one day in the future
[  183.711899][T12743] sd 0:0:1:0: device reset
[  183.879541][T12748] set_capacity_and_notify: 2 callbacks suppressed
[  183.879559][T12748] loop5: detected capacity change from 0 to 128
[  183.900694][T12754] netlink: 180 bytes leftover after parsing attributes in process `syz.0.3608'.
[  183.911205][T12754] xt_time: unknown flags 0xf4
[  183.938924][T12748] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  184.052243][T12748] ext4 filesystem being mounted at /309/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  184.142475][ T8965] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  184.152454][T12771] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3616'.
[  184.169493][ T3410] rtc_cmos 00:00: Alarms can be up to one day in the future
[  184.177398][ T3410] rtc_cmos 00:00: Alarms can be up to one day in the future
[  184.185173][ T3410] rtc_cmos 00:00: Alarms can be up to one day in the future
[  184.192974][ T3410] rtc_cmos 00:00: Alarms can be up to one day in the future
[  184.200410][ T3410] rtc rtc0: __rtc_set_alarm: err=-22
[  184.260520][T12780] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3620'.
[  184.269643][T12780] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3620'.
[  184.330034][T12780] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3620'.
[  184.339242][T12780] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3620'.
[  184.833982][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  184.836457][ T3542] Bluetooth: hci0: command 0x1003 tx timeout
[  185.453256][T12851] loop2: detected capacity change from 0 to 764
[  185.463780][T12851] Symlink component flag not implemented
[  185.469576][T12851] Symlink component flag not implemented
[  185.476214][T12851] Symlink component flag not implemented (129)
[  185.482617][T12851] Symlink component flag not implemented (6)
[  185.490085][T12851] rock: directory entry would overflow storage
[  185.496296][T12851] rock: sig=0x4f50, size=4, remaining=3
[  185.502011][T12851] iso9660: Corrupted directory entry in block 6 of inode 1792
[  185.544028][   T29] kauditd_printk_skb: 309 callbacks suppressed
[  185.544043][   T29] audit: type=1400 audit(1766410998.311:3972): avc:  denied  { unmount } for  pid=5404 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  185.593824][   T29] audit: type=1400 audit(1766410998.361:3973): avc:  denied  { bind } for  pid=12862 comm="syz.8.3657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  185.614734][   T29] audit: type=1400 audit(1766410998.361:3974): avc:  denied  { setopt } for  pid=12862 comm="syz.8.3657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  185.658504][T12863] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.668934][T12863] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.739485][   T29] audit: type=1400 audit(1766410998.371:3975): avc:  denied  { read write } for  pid=12860 comm="syz.9.3667" name="event1" dev="devtmpfs" ino=243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  185.763531][   T29] audit: type=1400 audit(1766410998.371:3976): avc:  denied  { open } for  pid=12860 comm="syz.9.3667" path="/dev/input/event1" dev="devtmpfs" ino=243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  185.787788][   T29] audit: type=1326 audit(1766410998.501:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12872 comm="syz.2.3661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  185.811375][   T29] audit: type=1326 audit(1766410998.501:3978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12872 comm="syz.2.3661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  185.834967][   T29] audit: type=1326 audit(1766410998.501:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12872 comm="syz.2.3661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  185.858619][   T29] audit: type=1326 audit(1766410998.501:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12872 comm="syz.2.3661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  185.882262][   T29] audit: type=1326 audit(1766410998.501:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12872 comm="syz.2.3661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  185.908867][T12863] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.919325][T12863] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.978908][T12863] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.989295][T12863] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.028653][T12863] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  186.039055][T12863] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.114451][T12890] loop9: detected capacity change from 0 to 764
[  186.133625][T12890] Symlink component flag not implemented
[  186.139438][T12890] Symlink component flag not implemented
[  186.145416][ T4539] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  186.153639][ T4539] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.164050][T12890] Symlink component flag not implemented (129)
[  186.170255][T12890] Symlink component flag not implemented (6)
[  186.185918][T12890] rock: directory entry would overflow storage
[  186.192138][T12890] rock: sig=0x4f50, size=4, remaining=3
[  186.197806][T12890] iso9660: Corrupted directory entry in block 6 of inode 1792
[  186.207891][ T4565] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  186.216155][ T4565] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.226953][ T4565] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  186.235252][ T4565] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.270182][ T4565] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  186.278506][ T4565] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.929891][T12929] loop8: detected capacity change from 0 to 764
[  186.956890][T12929] Symlink component flag not implemented
[  186.962640][T12929] Symlink component flag not implemented
[  186.991996][T12929] Symlink component flag not implemented (129)
[  186.998379][T12929] Symlink component flag not implemented (6)
[  187.030186][T12929] rock: directory entry would overflow storage
[  187.036510][T12929] rock: sig=0x4f50, size=4, remaining=3
[  187.042088][T12929] iso9660: Corrupted directory entry in block 6 of inode 1792
[  187.265777][T12943] batman_adv: batadv0: Interface deactivated: veth1_vlan
[  187.273082][T12943] batman_adv: batadv0: Removing interface: veth1_vlan
[  187.483003][T12950] __nla_validate_parse: 3 callbacks suppressed
[  187.483025][T12950] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3695'.
[  187.649829][T12964] loop2: detected capacity change from 0 to 128
[  187.660544][T12966] random: crng reseeded on system resumption
[  190.270961][ T4593] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  190.281386][ T4593] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.358238][ T4593] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  190.368659][ T4593] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.440470][ T4593] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  190.450974][ T4593] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.497700][ T4593] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  190.508227][ T4593] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.675682][ T4593] bond0 (unregistering): Released all slaves
[  190.684384][ T4593] bond1 (unregistering): Released all slaves
[  190.728330][T13155] chnl_net:caif_netlink_parms(): no params data found
[  190.758989][ T4593] hsr_slave_0: left promiscuous mode
[  190.765035][ T4593] hsr_slave_1: left promiscuous mode
[  190.770773][ T4593] batman_adv: batadv0: Interface deactivated: veth1_vlan
[  190.777881][ T4593] batman_adv: batadv0: Removing interface: veth1_vlan
[  190.788214][ T4593] veth0_macvtap: left promiscuous mode
[  190.793805][ T4593] veth1_vlan: left promiscuous mode
[  190.799162][ T4593] veth0_vlan: left promiscuous mode
[  190.966227][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3791'.
[  190.986277][T13189] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[  191.043310][T13155] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.050514][T13155] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.065005][T13155] bridge_slave_0: entered allmulticast mode
[  191.071704][T13155] bridge_slave_0: entered promiscuous mode
[  191.079792][T13155] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.087013][T13155] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.094318][T13155] bridge_slave_1: entered allmulticast mode
[  191.100782][T13155] bridge_slave_1: entered promiscuous mode
[  191.136834][T13155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.147608][T13155] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.177335][T13155] team0: Port device team_slave_0 added
[  191.184524][T13155] team0: Port device team_slave_1 added
[  191.239819][T13155] batman_adv: batadv0: Adding interface: batadv_slave_0
[  191.247049][T13155] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  191.273107][T13155] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.284688][T13155] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.291773][T13155] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  191.317874][T13155] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  191.348593][T13155] hsr_slave_0: entered promiscuous mode
[  191.354713][T13155] hsr_slave_1: entered promiscuous mode
[  191.360677][T13155] debugfs: 'hsr0' already exists in 'hsr'
[  191.366475][T13155] Cannot create hsr debugfs directory
[  191.601141][T13155] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  191.609872][T13155] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  191.618600][T13155] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  191.627827][T13155] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  191.666612][T13155] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.680900][T13155] 8021q: adding VLAN 0 to HW filter on device team0
[  191.690916][ T4565] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.698061][ T4565] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.711474][ T4578] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.718600][ T4578] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.802517][T13155] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.966073][T13155] veth0_vlan: entered promiscuous mode
[  191.974535][T13155] veth1_vlan: entered promiscuous mode
[  191.999964][T13155] veth0_macvtap: entered promiscuous mode
[  192.014437][T13155] veth1_macvtap: entered promiscuous mode
[  192.026959][T13155] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.036313][T13155] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.055701][ T4558] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.077706][   T29] kauditd_printk_skb: 71 callbacks suppressed
[  192.077723][   T29] audit: type=1400 audit(1766411004.851:4053): avc:  denied  { mounton } for  pid=13155 comm="syz-executor" path="/root/syzkaller.3U7rbQ/syz-tmp" dev="sda1" ino=2069 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  192.117741][ T4558] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.140218][ T4558] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.159667][ T4558] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.199351][   T29] audit: type=1400 audit(1766411004.901:4054): avc:  denied  { mount } for  pid=13155 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  192.221769][   T29] audit: type=1400 audit(1766411004.901:4055): avc:  denied  { mount } for  pid=13155 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  192.244055][   T29] audit: type=1400 audit(1766411004.901:4056): avc:  denied  { mounton } for  pid=13155 comm="syz-executor" path="/root/syzkaller.3U7rbQ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  192.270926][   T29] audit: type=1400 audit(1766411004.901:4057): avc:  denied  { mounton } for  pid=13155 comm="syz-executor" path="/root/syzkaller.3U7rbQ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=42742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  192.298858][   T29] audit: type=1400 audit(1766411004.911:4058): avc:  denied  { mounton } for  pid=13155 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  192.322090][   T29] audit: type=1400 audit(1766411004.911:4059): avc:  denied  { mount } for  pid=13155 comm="syz-executor" name="/" dev="gadgetfs" ino=4935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  192.377310][   T29] audit: type=1326 audit(1766411005.141:4060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13256 comm="syz.4.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  192.400976][   T29] audit: type=1326 audit(1766411005.141:4061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13256 comm="syz.4.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f34a687de97 code=0x7ffc0000
[  192.425068][   T29] audit: type=1326 audit(1766411005.141:4062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13256 comm="syz.4.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  192.880499][T13284] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  192.959825][T13292] netlink: 'syz.8.3823': attribute type 3 has an invalid length.
[  192.984831][T13294] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[  192.993398][T13294] netem: change failed
[  193.197923][T13303] netlink: 'syz.8.3829': attribute type 7 has an invalid length.
[  193.252971][T13309] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3831'.
[  193.413944][T13326] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3837'.
[  193.604759][T13338] IPv6: NLM_F_CREATE should be specified when creating new route
[  193.841310][T13345] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3847'.
[  194.234263][T13374] gtp0: entered promiscuous mode
[  194.418457][T13389] netlink: 76 bytes leftover after parsing attributes in process `syz.9.3866'.
[  194.738088][T13423] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3882'.
[  194.790514][T13429] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3885'.
[  194.954713][T13453] netlink: 'syz.9.3895': attribute type 2 has an invalid length.
[  195.403926][T13468] netlink: 68 bytes leftover after parsing attributes in process `syz.8.3899'.
[  195.650739][T13483] Invalid argument reading file caps for ./file0
[  195.881981][T13499] SELinux: failed to load policy
[  195.972948][T13511] Invalid argument reading file caps for ./file0
[  195.990962][T13513] netlink: 'syz.8.3922': attribute type 2 has an invalid length.
[  196.042242][T13521] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3926'.
[  196.069863][T13523] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3928'.
[  196.184941][T13539] random: crng reseeded on system resumption
[  196.422498][T13562] random: crng reseeded on system resumption
[  196.475567][T13568] kernel profiling enabled (shift: 9)
[  196.853257][T13610] loop4: detected capacity change from 0 to 136
[  197.096327][   T29] kauditd_printk_skb: 85 callbacks suppressed
[  197.096342][   T29] audit: type=1400 audit(1766411009.871:4148): avc:  denied  { append } for  pid=13636 comm="syz.4.3982" name="loop6" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  197.158090][   T29] audit: type=1400 audit(1766411009.931:4149): avc:  denied  { lock } for  pid=13641 comm="syz.8.3984" path="socket:[43624]" dev="sockfs" ino=43624 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  197.387336][T13657] veth0: entered promiscuous mode
[  197.459363][T13666] loop2: detected capacity change from 0 to 512
[  197.466665][T13666] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  197.484584][T13656] veth0: left promiscuous mode
[  197.494700][T13666] EXT4-fs (loop2): 1 truncate cleaned up
[  197.503539][T13666] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.523629][   T29] audit: type=1400 audit(1766411010.291:4150): avc:  denied  { read append } for  pid=13665 comm="syz.2.3993" path="/pids.events" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  197.750968][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.841793][T13703] serio: Serial port ptm0
[  197.862964][   T29] audit: type=1326 audit(1766411010.631:4151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13630 comm="syz.9.3979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7fc00000
[  197.889147][T13706] vlan3: entered allmulticast mode
[  197.894720][T13706] dummy0: entered allmulticast mode
[  197.996334][T13703] serio: Serial port ptm0
[  198.026683][   T29] audit: type=1400 audit(1766411010.801:4152): avc:  denied  { firmware_load } for  pid=13712 comm="syz.0.4015" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  198.099902][T13719] tipc: Started in network mode
[  198.104885][T13719] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  198.114896][T13719] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  198.123207][T13719] tipc: Enabled bearer <udp:syz0>, priority 10
[  198.177687][   T29] audit: type=1400 audit(1766411010.951:4153): avc:  denied  { name_bind } for  pid=13726 comm="syz.9.4022" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  198.617259][T13744] loop8: detected capacity change from 0 to 2048
[  198.707520][T13744] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.757943][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.968344][T13762] loop2: detected capacity change from 0 to 2048
[  198.982541][T13764] serio: Serial port ptm0
[  199.022059][T13762] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.036627][T13762] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.4036: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  199.073611][T13778] loop9: detected capacity change from 0 to 2048
[  199.085914][T13762] EXT4-fs (loop2): Remounting filesystem read-only
[  199.110362][T13778] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.259972][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.270651][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.273505][ T3485] tipc: Node number set to 1
[  199.280367][T13764] serio: Serial port ptm0
[  199.767877][T13809] veth0: entered promiscuous mode
[  200.079192][T13808] veth0: left promiscuous mode
[  200.371831][T13825] loop2: detected capacity change from 0 to 2048
[  200.386785][T13825] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.414786][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.566553][T13842] __nla_validate_parse: 7 callbacks suppressed
[  200.566571][T13842] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4066'.
[  200.830404][   T29] audit: type=1400 audit(1766411013.601:4154): avc:  denied  { ioctl } for  pid=13857 comm="syz.2.4073" path="/dev/mISDNtimer" dev="devtmpfs" ino=250 ioctlcmd=0x4940 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  201.014800][   T29] audit: type=1326 audit(1766411013.791:4155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13863 comm="syz.9.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  201.062944][   T29] audit: type=1326 audit(1766411013.791:4156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13863 comm="syz.9.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  201.086741][   T29] audit: type=1326 audit(1766411013.791:4157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13863 comm="syz.9.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072e1ff749 code=0x7ffc0000
[  201.456734][T13908] xt_hashlimit: max too large, truncated to 1048576
[  201.507712][T13912] loop9: detected capacity change from 0 to 2048
[  201.525607][T13912] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.575302][T10274] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  201.590513][T10274] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  201.604625][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.675644][T13929] loop4: detected capacity change from 0 to 1024
[  201.684360][T13929] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  201.696898][T13929] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.805001][T13155] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.306862][T14006] xt_hashlimit: max too large, truncated to 1048576
[  202.400280][T14017] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4136'.
[  202.410435][T14017] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4136'.
[  202.444299][T14019] netem: incorrect gi model size
[  202.828897][   T29] kauditd_printk_skb: 41 callbacks suppressed
[  202.828917][   T29] audit: type=1326 audit(1766411015.601:4199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13977 comm="syz.2.4121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7fc00000
[  202.932783][   T29] audit: type=1326 audit(1766411015.601:4200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13977 comm="syz.2.4121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb696ddf749 code=0x7fc00000
[  202.956299][   T29] audit: type=1400 audit(1766411015.661:4201): avc:  denied  { bind } for  pid=14030 comm="syz.2.4143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  202.976907][   T29] audit: type=1400 audit(1766411015.661:4202): avc:  denied  { setopt } for  pid=14030 comm="syz.2.4143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  203.035719][T14036] xt_hashlimit: max too large, truncated to 1048576
[  203.110738][   T29] audit: type=1326 audit(1766411015.881:4203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14044 comm="syz.4.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  203.157145][   T29] audit: type=1326 audit(1766411015.911:4204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14044 comm="syz.4.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  203.180858][   T29] audit: type=1326 audit(1766411015.911:4205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14044 comm="syz.4.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  203.204537][   T29] audit: type=1326 audit(1766411015.911:4206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14044 comm="syz.4.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  203.228081][   T29] audit: type=1326 audit(1766411015.911:4207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14044 comm="syz.4.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  203.251671][   T29] audit: type=1326 audit(1766411015.911:4208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14044 comm="syz.4.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34a687f749 code=0x7ffc0000
[  203.528435][T14079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4162'.
[  203.556746][ T4533] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  203.565812][T14079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4162'.
[  203.590248][ T4533] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  203.602869][ T4533] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  203.643959][ T4533] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  203.689544][T14090] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  204.069389][T14114] macvtap0: refused to change device tx_queue_len
[  204.143474][T14120] syzkaller0: entered allmulticast mode
[  204.152615][T14120] syzkaller0 (unregistering): left allmulticast mode
[  204.418667][T14145] SELinux:  Context @ is not valid (left unmapped).
[  204.704720][T14171] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4207'.
[  204.715231][T14171] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.722699][T14171] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.752531][T14171] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.760075][T14171] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.893444][T14185] loop8: detected capacity change from 0 to 512
[  204.926568][T14185] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.973096][T14189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4212'.
[  204.982183][T14189] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4212'.
[  204.999957][T14185] ext4 filesystem being mounted at /589/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.020148][T14193] loop2: detected capacity change from 0 to 512
[  205.078360][T14193] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  205.110184][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.117615][T14193] EXT4-fs (loop2): 1 truncate cleaned up
[  205.125456][T14193] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.226178][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.405195][T14236] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4233'.
[  205.486640][T14251] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  205.619835][T14269] netlink: 'syz.9.4250': attribute type 3 has an invalid length.
[  205.627767][T14269] netlink: 'syz.9.4250': attribute type 1 has an invalid length.
[  205.635574][T14269] netlink: 181400 bytes leftover after parsing attributes in process `syz.9.4250'.
[  206.014052][T14288] netlink: 'syz.0.4258': attribute type 29 has an invalid length.
[  206.206298][T14305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4266'.
[  206.471209][T14333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4280'.
[  206.481102][T14333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4280'.
[  206.610133][T14350] netlink: 'syz.4.4287': attribute type 3 has an invalid length.
[  206.632735][T14352] SELinux:  Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped).
[  206.858538][T14374] loop9: detected capacity change from 0 to 512
[  206.898835][T14374] EXT4-fs warning (device loop9): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  206.928767][T14381] netlink: 'syz.2.4302': attribute type 7 has an invalid length.
[  206.960684][T14374] EXT4-fs (loop9): mount failed
[  207.079479][T14397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4308'.
[  207.096219][T14397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4308'.
[  207.222421][T14416] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4316'.
[  207.247480][T14416] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14416 comm=syz.0.4316
[  207.281474][T14416] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4316'.
[  207.294782][T14424] veth0: entered promiscuous mode
[  207.309015][T14424] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4320'.
[  207.389686][T14439] openvswitch: netlink: Missing key (keys=40, expected=80)
[  207.456052][T14449] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4332'.
[  207.479785][T14451] loop4: detected capacity change from 0 to 1024
[  207.488135][T14451] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  207.499208][T14451] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  207.515161][T14451] JBD2: no valid journal superblock found
[  207.521027][T14451] EXT4-fs (loop4): Could not load journal inode
[  207.558417][T14451] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  207.602688][T14465] loop4: detected capacity change from 0 to 512
[  207.609902][T14465] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  207.621327][T14465] EXT4-fs (loop4): 1 truncate cleaned up
[  207.627477][T14465] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.655598][T13155] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.766978][T14483] tipc: Started in network mode
[  207.772016][T14483] tipc: Node identity ac14140f, cluster identity 4711
[  207.780029][T14483] tipc: New replicast peer: 255.255.255.255
[  207.786319][T14483] tipc: Enabled bearer <udp:syz2>, priority 10
[  207.796152][T14483] tipc: Disabling bearer <udp:syz2>
[  208.066100][T14507] openvswitch: netlink: Missing key (keys=40, expected=80)
[  208.147311][T14513] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  208.212725][T14522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.221975][T14522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.310483][   T29] kauditd_printk_skb: 166 callbacks suppressed
[  208.310502][   T29] audit: type=1326 audit(1766411021.081:4374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14530 comm="syz.8.4368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  208.359976][   T29] audit: type=1326 audit(1766411021.081:4375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14530 comm="syz.8.4368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  208.383653][   T29] audit: type=1326 audit(1766411021.081:4376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14530 comm="syz.8.4368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  208.407137][   T29] audit: type=1326 audit(1766411021.081:4377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14530 comm="syz.8.4368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  208.413439][ T3403] kernel read not supported for file /sg0 (pid: 3403 comm: kworker/1:3)
[  208.430655][   T29] audit: type=1326 audit(1766411021.091:4378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14530 comm="syz.8.4368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dc40cf749 code=0x7ffc0000
[  208.465181][   T29] audit: type=1400 audit(1766411021.181:4379): avc:  denied  { write } for  pid=14532 comm="syz.8.4369" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  208.545089][T14537] loop8: detected capacity change from 0 to 2048
[  208.579244][T14542] atomic_op ffff88814b1b4928 conn xmit_atomic 0000000000000000
[  208.587847][T14537] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  208.625803][ T6732] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  208.655833][ T6732] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  208.688176][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.725113][T14551] tipc: Started in network mode
[  208.730114][T14551] tipc: Node identity ac14140f, cluster identity 4711
[  208.737193][T14551] tipc: New replicast peer: 255.255.255.255
[  208.743374][T14551] tipc: Enabled bearer <udp:syz2>, priority 10
[  208.769641][T14551] tipc: Disabling bearer <udp:syz2>
[  208.876914][   T29] audit: type=1400 audit(1766411021.651:4380): avc:  denied  { read } for  pid=14562 comm="syz.8.4383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  208.917214][T14565] loop8: detected capacity change from 0 to 128
[  208.926661][T14565] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  208.972418][T14565] ext4 filesystem being mounted at /622/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.003963][   T29] audit: type=1400 audit(1766411021.771:4381): avc:  denied  { setattr } for  pid=14564 comm="syz.8.4384" path="/622/file1/file1" dev="loop8" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  209.027192][   T29] audit: type=1400 audit(1766411021.771:4382): avc:  denied  { ioctl } for  pid=14564 comm="syz.8.4384" path="/622/file1/file1" dev="loop8" ino=12 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  209.068343][ T6732] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  209.228301][   T29] audit: type=1400 audit(1766411022.001:4383): avc:  denied  { name_bind } for  pid=14577 comm="syz.0.4391" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  209.273484][T14584] loop2: detected capacity change from 0 to 2048
[  209.295579][T14584] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.342830][T14595] loop8: detected capacity change from 0 to 512
[  209.356533][T14595] EXT4-fs (loop8): too many log groups per flexible block group
[  209.365228][T14595] EXT4-fs (loop8): failed to initialize mballoc (-12)
[  209.372125][T14595] EXT4-fs (loop8): mount failed
[  209.509615][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.528237][T14607] netdevsim netdevsim8 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.538078][T14607] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.577970][T14607] netdevsim netdevsim8 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.588053][T14607] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.637220][T14607] netdevsim netdevsim8 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.647191][T14607] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.658666][T14619] tipc: Started in network mode
[  209.663585][T14619] tipc: Node identity ac14140f, cluster identity 4711
[  209.670803][T14619] tipc: New replicast peer: 255.255.255.255
[  209.677002][T14619] tipc: Enabled bearer <udp:syz2>, priority 10
[  209.684052][T14619] tipc: Disabling bearer <udp:syz2>
[  209.695939][T14607] netdevsim netdevsim8 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  209.705816][T14607] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.780122][ T4593] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  209.788464][ T4593] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.801243][ T4593] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  209.809564][ T4593] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.827572][ T4593] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  209.835989][ T4593] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.856814][ T4593] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  209.865096][ T4593] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.921156][T14632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.929919][T14632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.269451][T14661] loop9: detected capacity change from 0 to 164
[  210.276985][T14661] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  210.286570][T14661] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  210.562924][ T3542] Bluetooth: hci0: sending frame failed (-49)
[  210.569170][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  210.710148][T14695] netlink: 'syz.8.4438': attribute type 1 has an invalid length.
[  211.945010][T14726] loop9: detected capacity change from 0 to 512
[  211.959140][T14726] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.972281][T14726] ext4 filesystem being mounted at /375/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  212.002816][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.423605][T14751] netlink: 'syz.9.4472': attribute type 3 has an invalid length.
[  213.017750][T14786] IPv6: Can't replace route, no match found
[  213.093785][T14791] __nla_validate_parse: 5 callbacks suppressed
[  213.100335][T14791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4481'.
[  213.168520][T14791] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  213.176333][T14791] batman_adv: batadv0: Removing interface: batadv_slave_0
[  213.186032][T14791] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  213.193470][T14791] batman_adv: batadv0: Removing interface: batadv_slave_1
[  213.330820][T14797] loop2: detected capacity change from 0 to 512
[  213.356078][T14797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.397499][T14797] ext4 filesystem being mounted at /744/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.461926][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.491885][T14808] netlink: 'syz.2.4487': attribute type 4 has an invalid length.
[  213.655444][T14824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4495'.
[  213.685889][T14824] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4495'.
[  213.758093][T14828] loop8: detected capacity change from 0 to 512
[  213.787761][T14828] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.828878][T14828] ext4 filesystem being mounted at /653/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.911641][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.138184][T14841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4503'.
[  214.147319][T14841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4503'.
[  214.276886][T14849] loop8: detected capacity change from 0 to 1024
[  214.296576][T14849] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none.
[  214.508212][   T29] kauditd_printk_skb: 62 callbacks suppressed
[  214.508231][   T29] audit: type=1400 audit(1766411027.281:4446): avc:  denied  { map } for  pid=14848 comm="syz.8.4501" path="/654/file1/memory.events.local" dev="loop8" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  214.585450][T14860] syzkaller1: entered promiscuous mode
[  214.591034][T14860] syzkaller1: entered allmulticast mode
[  214.638420][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  214.688676][   T29] audit: type=1400 audit(1766411027.461:4447): avc:  denied  { bind } for  pid=14870 comm="syz.0.4514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  214.782497][T14882] netlink: 24 bytes leftover after parsing attributes in process `syz.9.4529'.
[  214.791633][T14882] netlink: 24 bytes leftover after parsing attributes in process `syz.9.4529'.
[  214.900431][T14899] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4524'.
[  215.208775][T14913] netlink: 4 bytes leftover after parsing attributes in process `gtp'.
[  215.213111][   T29] audit: type=1400 audit(1766411027.981:4448): avc:  denied  { ioctl } for  pid=14912 comm="gtp" path="socket:[48006]" dev="sockfs" ino=48006 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  215.415062][T14922] rdma_op ffff88811944f980 conn xmit_rdma 0000000000000000
[  215.441813][T14926] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  215.470914][   T29] audit: type=1326 audit(1766411028.241:4449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.509175][   T29] audit: type=1326 audit(1766411028.241:4450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.532875][   T29] audit: type=1326 audit(1766411028.241:4451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.556500][   T29] audit: type=1326 audit(1766411028.241:4452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.579995][   T29] audit: type=1326 audit(1766411028.241:4453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.603611][   T29] audit: type=1326 audit(1766411028.241:4454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.627165][   T29] audit: type=1326 audit(1766411028.241:4455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14927 comm="syz.2.4538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  215.654215][T14931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4541'.
[  215.736980][T14949] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  215.802407][T14960] syz_tun: entered allmulticast mode
[  215.809015][T14959] syz_tun: left allmulticast mode
[  215.921344][T14968] 9pnet: p9_errstr2errno: server reported unknown error 0x00000
[  216.426293][T15012] loop4: detected capacity change from 0 to 512
[  216.446759][T15012] EXT4-fs: inline encryption not supported
[  216.481638][T15012] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.538480][T15019] loop9: detected capacity change from 0 to 512
[  216.567653][T13155] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.579412][T15019] EXT4-fs: Ignoring removed bh option
[  216.589479][T15019] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  216.616573][T15019] EXT4-fs (loop9): 1 truncate cleaned up
[  216.629393][T15019] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.694098][T10274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.331258][T15146] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=15146 comm=syz.4.4629
[  219.437430][T15153] netlink: 'syz.4.4642': attribute type 13 has an invalid length.
[  219.450948][T15157] __nla_validate_parse: 6 callbacks suppressed
[  219.450967][T15157] netlink: 83992 bytes leftover after parsing attributes in process `syz.9.4633'.
[  219.467296][T15157] netlink: zone id is out of range
[  219.472571][T15157] netlink: zone id is out of range
[  219.480366][T15157] netlink: zone id is out of range
[  219.488079][T15157] netlink: zone id is out of range
[  219.493551][T15157] netlink: zone id is out of range
[  219.523714][T15157] netlink: set zone limit has 8 unknown bytes
[  219.624197][ T1038] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  219.690880][   T29] kauditd_printk_skb: 115 callbacks suppressed
[  219.690906][   T29] audit: type=1326 audit(1766411032.461:4571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  219.774743][   T29] audit: type=1326 audit(1766411032.461:4572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  219.798416][   T29] audit: type=1326 audit(1766411032.461:4573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  219.821953][   T29] audit: type=1326 audit(1766411032.461:4574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  219.845612][   T29] audit: type=1326 audit(1766411032.461:4575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb696dd65e7 code=0x7ffc0000
[  219.869137][   T29] audit: type=1326 audit(1766411032.461:4576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb696d7b829 code=0x7ffc0000
[  219.892736][   T29] audit: type=1326 audit(1766411032.461:4577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  219.916385][   T29] audit: type=1326 audit(1766411032.471:4578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15171 comm="syz.2.4641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb696ddf749 code=0x7ffc0000
[  219.939983][   T29] audit: type=1400 audit(1766411032.501:4579): avc:  denied  { map } for  pid=15173 comm="syz.9.4640" path="socket:[48864]" dev="sockfs" ino=48864 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  220.008120][T15178] loop2: detected capacity change from 0 to 512
[  220.060391][T15178] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.089236][T15178] ext4 filesystem being mounted at /794/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  220.116025][T15178] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.4644: corrupted inode contents
[  220.128123][T15178] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #2: comm syz.2.4644: mark_inode_dirty error
[  220.200493][T15178] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.4644: corrupted inode contents
[  220.212509][ T1038] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  220.266303][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.377549][   T29] audit: type=1400 audit(1766411033.151:4580): avc:  denied  { read write } for  pid=15200 comm="syz.8.4652" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  220.619047][T15216] loop9: detected capacity change from 0 to 512
[  220.649763][T15218] loop8: detected capacity change from 0 to 512
[  220.666498][T15218] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  220.684674][T15216] EXT4-fs (loop9): too many log groups per flexible block group
[  220.687906][T15218] EXT4-fs (loop8): can't mount with data_err=abort, fs mounted w/o journal
[  220.703917][T15216] EXT4-fs (loop9): failed to initialize mballoc (-12)
[  220.725144][T15216] EXT4-fs (loop9): mount failed
[  220.733631][T15222] loop2: detected capacity change from 0 to 512
[  220.743941][T15222] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  220.752794][T15222] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  220.794700][T15222] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4215: comm syz.2.4661: Allocating blocks 41-42 which overlap fs metadata
[  220.816855][T15222] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.4661: Failed to acquire dquot type 1
[  220.829502][T15222] EXT4-fs error (device loop2): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  220.845882][T15222] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.4661: corrupted inode contents
[  220.858406][T15222] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #12: comm syz.2.4661: mark_inode_dirty error
[  220.870565][T15222] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.4661: corrupted inode contents
[  220.903396][T15222] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.4661: mark_inode_dirty error
[  220.936988][T15222] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.4661: corrupted inode contents
[  220.955196][T15222] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem
[  220.965587][T15236] hub 1-0:1.0: USB hub found
[  220.974036][T15222] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.4661: corrupted inode contents
[  220.975985][T15236] hub 1-0:1.0: 8 ports detected
[  221.016750][T15222] EXT4-fs error (device loop2): ext4_truncate:4635: inode #12: comm syz.2.4661: mark_inode_dirty error
[  221.048450][T15222] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem
[  221.074450][T15222] EXT4-fs (loop2): 1 truncate cleaned up
[  221.085940][T15222] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.160466][T15222] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  221.238022][ T5404] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.486536][ T7046] hid_parser_main: 22 callbacks suppressed
[  221.486556][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.500147][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.507616][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.515059][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.522521][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.529979][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.537434][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.544890][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.552310][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.559823][ T7046] hid-generic 0003:0004:0010.0006: unknown main item tag 0x0
[  221.576852][ T7046] hid-generic 0003:0004:0010.0006: hidraw0: USB HID v0.02 Device [syz0] on syz0
[  221.638502][T15287] loop8: detected capacity change from 0 to 1024
[  221.649190][T15287] EXT4-fs: inline encryption not supported
[  221.670560][T15287] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.726935][T15290] vhci_hcd vhci_hcd.2: invalid port number 96
[  221.733090][T15290] vhci_hcd vhci_hcd.2: default hub control req: 0300 vfffa i0060 l0
[  221.742116][ T6732] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.795590][T15299] veth0: entered promiscuous mode
[  221.814613][T15299] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4695'.
[  221.874041][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  222.638852][T15337] netlink: 'syz.2.4709': attribute type 29 has an invalid length.
[  222.652983][T15339] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4710'.
[  222.661986][T15339] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4710'.
[  222.704682][ T8196] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  222.734283][ T8196] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  222.764008][T15341] veth0: entered promiscuous mode
[  222.773169][ T8196] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  222.789386][T15341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4711'.
[  222.804823][ T8196] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  222.921695][T15347] loop4: detected capacity change from 0 to 4096
[  222.921964][T15347] EXT4-fs: Ignoring removed nomblk_io_submit option
[  222.939755][T15347] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.030749][T13155] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.112029][T15357] loop4: detected capacity change from 0 to 1024
[  223.112385][T15357] EXT4-fs: Ignoring removed oldalloc option
[  223.112484][T15357] EXT4-fs: Ignoring removed bh option
[  223.136793][T15357] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.186675][T15365] loop8: detected capacity change from 0 to 164
[  223.209111][T15365] iso9660: Corrupted directory entry in block 4 of inode 1792
[  223.217846][T15357] ==================================================================
[  223.217896][T15357] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark
[  223.217958][T15357] 
[  223.217966][T15357] write to 0xffff88811a2b6e9c of 4 bytes by task 15366 on cpu 1:
[  223.217988][T15357]  xas_set_mark+0x12b/0x140
[  223.218019][T15357]  __folio_start_writeback+0x155/0x340
[  223.218052][T15357]  ext4_bio_write_folio+0x5ad/0x9f0
[  223.218091][T15357]  mpage_process_page_bufs+0x4a1/0x620
[  223.218122][T15357]  mpage_prepare_extent_to_map+0x7a3/0xc20
[  223.218150][T15357]  ext4_do_writepages+0x9f6/0x27e0
[  223.218190][T15357]  ext4_writepages+0x179/0x300
[  223.218213][T15357]  do_writepages+0x1c6/0x310
[  223.218244][T15357]  file_write_and_wait_range+0x156/0x2c0
[  223.218271][T15357]  generic_buffers_fsync_noflush+0x45/0x130
[  223.218303][T15357]  ext4_sync_file+0x1ab/0x690
[  223.218327][T15357]  vfs_fsync_range+0x10d/0x130
[  223.218356][T15357]  ext4_buffered_write_iter+0x34f/0x3c0
[  223.218396][T15357]  ext4_file_write_iter+0x387/0xf60
[  223.218439][T15357]  iter_file_splice_write+0x66b/0xa20
[  223.218464][T15357]  direct_splice_actor+0x156/0x2a0
[  223.218489][T15357]  splice_direct_to_actor+0x312/0x680
[  223.218515][T15357]  do_splice_direct+0xda/0x150
[  223.218539][T15357]  do_sendfile+0x380/0x650
[  223.218564][T15357]  __x64_sys_sendfile64+0x105/0x150
[  223.218592][T15357]  x64_sys_call+0x2db1/0x3000
[  223.218626][T15357]  do_syscall_64+0xca/0x2b0
[  223.218672][T15357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.218694][T15357] 
[  223.218699][T15357] read to 0xffff88811a2b6e9c of 4 bytes by task 15357 on cpu 0:
[  223.218715][T15357]  xas_find_marked+0x5dc/0x620
[  223.218762][T15357]  find_get_entry+0x5d/0x380
[  223.218789][T15357]  filemap_get_folios_tag+0x92/0x210
[  223.218816][T15357]  mpage_prepare_extent_to_map+0x308/0xc20
[  223.218837][T15357]  ext4_do_writepages+0x6fe/0x27e0
[  223.218871][T15357]  ext4_writepages+0x179/0x300
[  223.218898][T15357]  do_writepages+0x1c6/0x310
[  223.218932][T15357]  file_write_and_wait_range+0x156/0x2c0
[  223.218954][T15357]  generic_buffers_fsync_noflush+0x45/0x130
[  223.218977][T15357]  ext4_sync_file+0x1ab/0x690
[  223.218999][T15357]  vfs_fsync_range+0x10d/0x130
[  223.219028][T15357]  ext4_buffered_write_iter+0x34f/0x3c0
[  223.219069][T15357]  ext4_file_write_iter+0x387/0xf60
[  223.219106][T15357]  iter_file_splice_write+0x66b/0xa20
[  223.219131][T15357]  direct_splice_actor+0x156/0x2a0
[  223.219156][T15357]  splice_direct_to_actor+0x312/0x680
[  223.219182][T15357]  do_splice_direct+0xda/0x150
[  223.219199][T15357]  do_sendfile+0x380/0x650
[  223.219222][T15357]  __x64_sys_sendfile64+0x105/0x150
[  223.219251][T15357]  x64_sys_call+0x2db1/0x3000
[  223.219284][T15357]  do_syscall_64+0xca/0x2b0
[  223.219325][T15357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.219352][T15357] 
[  223.219358][T15357] value changed: 0x0a000021 -> 0x04000021
[  223.219371][T15357] 
[  223.219376][T15357] Reported by Kernel Concurrency Sanitizer on:
[  223.219409][T15357] CPU: 0 UID: 0 PID: 15357 Comm: syz.4.4717 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  223.219449][T15357] Tainted: [W]=WARN
[  223.219459][T15357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  223.219476][T15357] ==================================================================
[  224.157918][T13155] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.