last executing test programs:

19m29.56735224s ago: executing program 32 (id=13):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd5cd7000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
tkill(r1, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000180)='./file1\x00', 0x8010, &(0x7f0000000400)=ANY=[@ANYRES64=0x0], 0x1, 0x14fe, &(0x7f0000001580)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==")
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x101042, 0x40)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f00000004c0)='./bus\x00', 0x1008085, 0x0, 0x1, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@index_on}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000240)='./bus\x00', 0x322020, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file7\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file1\x00', 0x0)

15m35.199893281s ago: executing program 33 (id=797):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000003, 0x13, r1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/27], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x2}, 0x18)
prctl$PR_SET_NAME(0xf, 0x0)
r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)

13m18.334021718s ago: executing program 34 (id=1289):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb8500000043"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)

12m24.929071565s ago: executing program 8 (id=1566):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0xfffffffffffff001}, 0x18)
close(r0)

12m24.614540631s ago: executing program 8 (id=1570):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f00000001c0)={{0x2e, @rand_addr=0x64010102, 0x4e21, 0x2, 'nq\x00', 0xa, 0x0, 0x70}, {@loopback, 0x4e24, 0x2000, 0x4, 0x2, 0x9}}, 0x44)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range(r2, r0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
ppoll(&(0x7f0000000280)=[{r5, 0x6200}], 0x1, 0x0, 0x0, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x7f, 0x4000006, 0x1, "42341f9b1000007e4f00"})
syz_open_pts(r5, 0x103100)
splice(r5, 0x0, r4, 0x0, 0x7ffff000, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r6}, 0x18)
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000008}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000077a3", @ANYRES64, @ANYBLOB="000427bd7000fedbdf255c00000008000300", @ANYRES16, @ANYRESDEC=r3], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x808)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x0, 0x8, 0x77}, {@remote, 0x4e20, 0x1, 0xcd}}, 0x44)
r7 = socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
sendmsg$sock(r7, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

12m23.519563121s ago: executing program 8 (id=1580):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @random="fad1e0480100", @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x1, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp_addr={0x44, 0x4, 0xcf, 0x1, 0x8}]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003680)=""/43, 0x2b}}], 0x1, 0x2, 0x0)

12m23.190359774s ago: executing program 8 (id=1584):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001040)=@newtfilter={0x24, 0x11, 0xd27, 0x2000, 0x0, {0x0, 0x0, 0x74, 0x0, {}, {0xafabc05531515610, 0xfff3}, {0xf, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x1c005}, 0x4008054)

12m22.55812907s ago: executing program 8 (id=1589):
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
socket$unix(0x1, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9ce}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0xb7, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x1e)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "2d432d74c04f228a", "d71d9a1e03558545115509e1c34caab9", "59f7766d", "5e33931677e0f2d7"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000080)=@gcm_128={{0x303}, "ba28597967d1b54c", "9712b0d86846b5ecc522bc6f13a6e30c", "ea0292da", "9e87dc79f4c04982"}, 0x28)
sendto$inet6(r2, &(0x7f0000000280)='S', 0x1, 0x8000, 0x0, 0x0)
close(r2)

12m21.565991003s ago: executing program 8 (id=1591):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x8, &(0x7f00000004c0)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000f000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000002000000000000000000"], 0x50)

12m5.543958915s ago: executing program 35 (id=1591):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x8, &(0x7f00000004c0)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000f000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000002000000000000000000"], 0x50)

7m47.838426394s ago: executing program 5 (id=2850):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94)
poll(0x0, 0x0, 0x9)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$TIOCGSID(r3, 0x5429, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
preadv(r6, 0x0, 0x0, 0x0, 0x0)

7m46.282216618s ago: executing program 5 (id=2854):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x3}, {0x0, 0xfff1}, {0x2, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0xdb, 0x7ff, 0x2, 0x9, 0x6, 0x2, 0xfffffffb, 0xc00000}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000)
close(r0)

7m44.710457499s ago: executing program 5 (id=2858):
socket$kcm(0x11, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3ce, &(0x7f00000004c0)="$eJzs3M9rHFUcAPDvTH7UpjUbQVD0EvFgpJif1lbxYE5e9KR48bQk6Q9ME2lWsCVCBc8FQdCrR/8A8dKDgtW/wKtHkUKQJN5XZndmMybZtJtuHNl8PvDIe/M2+97MY2bfPN57AZxakxHxVkQMRcRsRNTy42ke4k47ZJ/b3d5cykISzeZ7fyWRRMTO9uZS8V1J/vdc/gVTaUT6RRLPH1Luxq3bH9VXV1du5umZxo2PZzZu3X7l+o361ZWrK2sLC/Pzly/OXnrtct/O9evNdz/84fe3d765M/5Mfbl2N6vv+TyvfB79MhmTnWuy3+v9LqxiT5TiyXCFFQEA4Ehp3vcfbvX/azEUe523Wtz9udLKAQAAAH3RbBZ/AQAAgMGVePcHAACAAVfMA9jZ3lwqQoXTEfiPbS1GxES7/Yv13e2c4c6a3pF963v7aTIi/p76/uUsxAmtwwYAAAA4zX5cbG/8d3D8L41nS587GxFjxd5+fTS5L31w/Cd90OciKdlajHiztLfjbqn9cxNDeerJ1lDhSHLl+urKbESMR8RUjJzJ0nNHlDH+xh/3uuWVx/+ykJVfjAXm9XgwfObf/7Ncb9Qf55zZs/V5xHPDh7V/0hnzLe+TeRyfXfvyWre8h7c/J6n5bcRLh97/ezuXJkfvzzrTeh7MFE+Fg9bu3X+hW/nav1rZ/T92dPtPJOX9ejd6L+OD++d/65Z33Of/aPJ+q4Kj+bFP643GzbmI0eSdg8fne6/zoCquR3G9svafevHw3/+i/5fkv/3jpf2he/HTL7uXuuW5/6uVtf9yT/d/75GLv353oVv5j3b/v9qqzFR+RP/v4R61gaquJwAAAAAAAAD9kbbm9iXpdCeeptPT7Xm+T8dYurq+0bhwZf2TteX2HMCJGEmLmV610nzQufYy8k56fl96ISKeioivamdb6eml9dXlqk8eAAAATolzXd7/M38eZ7EHAAAA8P80UXUFAAAAgBPn/R8AAAAG2uPs6y8iIjKokaqfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn2z8BAAD//yly2dE=")
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x3000046, &(0x7f0000000840)={[{@delalloc}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x1}}, {@i_version}, {@nouid32}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xd2}}, {@abort}, {@nodelalloc}, {@nobh}, {@user_xattr}, {@dioread_lock}, {@dioread_nolock}]}, 0x1, 0x567, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTX/sp66DMVRECntwMpeurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfKTW+6dE3atMuaznw+cMM590fOPbn3nHxPTkIC6Fuj2UMh4uWI+CaJOBIRSb5tMPKNo6v7LT+6MZUtSaysfPpXUt8vyzeeq3HcoTzzUkT89lXEqcLGcquLS7Olcjmdz/NjtbmrY9XFpdOX50oz6Ux6ZWJy8uzbkxPvvftO1+r6xoV/vv/k3odnvz6x/N0vD47eSeJcHM63NddjZ4azh5vNa0ZjNH9NhuLcE3uPP11he07S6xNgRwbydj4UWR9wJAbyVg/8/30ZEStAn0rat/9IdvVMgN3ViAMaY/vNx8EvrqWaj32ePfxgdQC0sf6Dq5+NxP762OjgcrJuZJSNd0e6UH5Wxq9/3r2TLdGVzyEAOnPzVkScGRzc2P8lef+3c2dar97fnHmyDP0f7J57WfzzZqv4p7AW/0SL+OdQi7a7E1u3/8KDLhTTVhb/vd8y/l2btBoZyHMv1GO+oeTS5XJ6Jo+GT8bQviy/2XzO2eX7bWPl5vgvW7LyG7Fgfh4PBvetP2a6VCvVP7jrgoe3Il5pGf8ma9c/aXH9s9fjQodlHE/vvtZu29b1f7ZWfop4veX1fzyjlWw+PzlWvx/GGnfFRn/fPv57u/J7Xf/s+h/cvP4jSfN8bXX7Zfy4/9+03bZ19Y/O7//h5LN6ejhfd71Uq82PRwwnH29cP/H42Ea+sX9W/5MnNu//Wt3/ByLi8w7rf/vYz692VP8eXf/pbV3/7Sfuf/TFD+3K76z/e6ueOpmvqfd/W+j0BJ/mtQMAAAAAAIC9phARhyMpFNfShUKxuPr9jmNxsFCuVGunLlUWrkxH/beyIzFUaMx0H2n6PsR4/n3YRn7iifxkRByNiG8HDtTzxalKebrXlQcAAAAAAAAAAAAAAAAAAIA94lCb3/9n/hjo9dkBz5y//Ib+tWX778Y/PQF7kvd/6F/aP/Qv7R/6l/YP/Uv7h/61rv2b9Ie+4v0f+pf2DwAAAAAAAAAAAAAAAAAAAAAAAAAAAF114fz5bFlZfnRjKstPX1tcmK1cOz2dVmeLcwtTxanK/NXiTKUyU06LU5W5rZ6vXKlcHZ+IhetjtbRaG6suLl2cqyxcqV28PFeaSS+mQ7tSKwAAAAAAAAAAAAAAAAAAAHi+VBeXZkvlcjovIbGjxODeOA2JLid63TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGP/BQAA///oaTpO")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x10, 0xeffb, 0x9)

7m43.345349411s ago: executing program 5 (id=2862):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r3, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)

7m43.104743883s ago: executing program 5 (id=2864):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000e80)={[{@noblock_validity}, {}, {@sysvgroups}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
sendto(0xffffffffffffffff, 0x0, 0x0, 0x24044000, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6)
ioctl$FS_IOC_RESVSP(r3, 0x40305839, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x1000001000})
r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x4a)
sendfile(r4, r4, 0x0, 0x800000009)

7m41.609958719s ago: executing program 5 (id=2871):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES64=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=@newtaction={0x894, 0x30, 0x10, 0x2, 0x25dfdbfc, {0x0, 0x0, 0xffe4}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_RATE={0x404, 0x2, [0x10001, 0x9, 0x9, 0x752, 0x80000001, 0x7, 0x0, 0xfffff000, 0x7f, 0x3, 0x0, 0x66, 0x800000, 0xffff0000, 0x4a9, 0x5, 0x52, 0x3, 0x0, 0x7fffffff, 0x3, 0x2, 0x3, 0x8, 0x9, 0xf, 0xffffffff, 0x4, 0x34c8, 0x46bf3e5b, 0x7, 0x9, 0x4, 0x3, 0x5, 0x1000, 0xffffff81, 0x9, 0xb08b, 0x2, 0x10001, 0x4, 0xa46, 0x6, 0x0, 0x6, 0x4, 0x80000000, 0x9, 0x6, 0x7, 0x6, 0x7, 0x7, 0xfffffffb, 0x7, 0xfffffff9, 0x8, 0x6388, 0x39, 0x6b, 0xc, 0x400, 0x4, 0x5, 0xa, 0x0, 0x8, 0xffff2f54, 0x98f, 0x7, 0xc, 0x400, 0x3, 0x200, 0x4, 0x80000001, 0x3, 0x9, 0x9, 0x10, 0x100, 0xd, 0x1c7, 0x6, 0x1, 0x896, 0x7, 0x8, 0x5, 0x2, 0x0, 0xffffffff, 0x6, 0x3, 0xde2c, 0x7, 0x7, 0xffffffff, 0xfffffffe, 0xf, 0x9, 0x10000, 0x3, 0x8, 0x8, 0xc, 0x1, 0x10, 0x1, 0x9, 0x4, 0x3, 0x2, 0x6, 0x3, 0x1, 0x6, 0x3c8000, 0x2, 0x8, 0x40, 0x7, 0x5, 0x8, 0x40, 0x6c686e22, 0x10, 0x7, 0x7b9, 0x5, 0xa62, 0x0, 0x2, 0xff, 0x4, 0x6, 0x3, 0x4, 0x8, 0xfffff001, 0xff, 0x2, 0x5, 0x6, 0xb20f, 0x6, 0x20000, 0x9, 0x873, 0x3, 0x3ff, 0x49, 0x101, 0xd8, 0x5, 0x7, 0x5, 0x8, 0x100, 0x1, 0x7, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x9, 0x34d597e2, 0x2, 0xc, 0x0, 0x3, 0x4, 0x6, 0x4, 0x4, 0x1b2289a5, 0x6, 0xf, 0x3, 0x3, 0x7, 0x6, 0x80, 0xd, 0x0, 0x3, 0x3, 0xbb09, 0x0, 0x1, 0x8fd, 0xf, 0x3, 0x79b, 0x8, 0xe, 0x8000, 0x9, 0x3, 0x1, 0x6, 0x5, 0x6, 0x0, 0x9, 0x7, 0x6, 0x5, 0x80000001, 0x2, 0x6, 0x5, 0x8, 0xfff, 0x0, 0x8, 0x1000, 0xc0000000, 0x0, 0xa, 0x2, 0x9, 0x1, 0xb, 0x3, 0x6, 0x5, 0x10000, 0x8001, 0x0, 0x2, 0x2, 0xfffffffa, 0x1, 0x5458, 0x9, 0x4, 0x82, 0xd1c4, 0xfffffff7, 0x2df2c74c, 0xd, 0x9, 0x1ff, 0x7, 0xf96a, 0x7fffffff, 0x9, 0x81, 0x1, 0x101, 0x401, 0x5]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x3, 0x6, 0x5, 0x4f96, 0x9, 0x9, 0x10000, 0x6, 0x67d, 0xf, 0x2, 0x9, 0xc, 0xff3e, 0x9, 0x10001, 0x9, 0x1, 0x6, 0xbdf5, 0x4, 0xe, 0xd, 0x0, 0x2, 0xa0, 0x800, 0xe6a, 0x1, 0x10000, 0x22, 0x389, 0x8, 0xaa, 0x4, 0xfffffff7, 0xb, 0x6, 0x800, 0x81, 0x100, 0x4, 0x5, 0x228, 0x0, 0x8, 0x8, 0x9, 0x40, 0x401, 0xe, 0x9, 0x3d096cd7, 0x6, 0x5, 0x9, 0xbb77, 0x8, 0xff, 0x5, 0xfffffffa, 0x5, 0xcbe5, 0x411, 0x2, 0x0, 0xc481, 0x80000000, 0x3, 0x8001, 0x1, 0x8, 0x4467, 0x78, 0x7, 0x4, 0x400, 0x8, 0x4, 0x0, 0x3, 0x9, 0x5, 0x4, 0x1, 0x3a0, 0x74061c33, 0x0, 0x9, 0x5, 0x9, 0x0, 0x8, 0x7fff, 0x2, 0x40, 0x9184, 0xfffff001, 0x41a, 0x1a, 0x9, 0x1, 0x80, 0x81, 0x10, 0xc, 0xe87, 0xfd9, 0x0, 0x9, 0x2, 0x0, 0x4, 0x4, 0x9, 0x6, 0x81, 0x2, 0x400, 0x80000000, 0x7, 0x0, 0x3, 0xe2f6, 0x8, 0x5, 0x9, 0xfffffffe, 0xffffffff, 0x10000, 0xf, 0x3, 0x7bad, 0x8001, 0x9f3c, 0xa367, 0x9, 0x4, 0x9, 0x4, 0x3, 0x101, 0x0, 0x7f, 0x1, 0x1, 0x3, 0x4, 0x5, 0xf8b0, 0x1000, 0x0, 0x10, 0x7, 0x7, 0x717, 0x5, 0xa, 0x4, 0x5, 0x400, 0x4, 0x80000001, 0xffff, 0x31, 0x8, 0x7, 0x100, 0x20000000, 0x3, 0x1, 0x5, 0x282c, 0x2006, 0xc00c, 0x6, 0x3, 0x1ff, 0x9, 0x7, 0x200, 0x5, 0x4, 0x4, 0x0, 0x1, 0x0, 0xff, 0x2, 0x7, 0x200, 0x101, 0x8, 0x3, 0x6, 0x1e4, 0x3, 0x8, 0x3, 0x0, 0x200, 0x7, 0x5, 0x7, 0x19c0, 0x7, 0xff, 0x4c1, 0xb, 0xb, 0x101, 0x7fffffff, 0x7, 0x7, 0x2, 0x5, 0x3, 0x0, 0x1, 0x4, 0x3, 0x5, 0x8, 0x77, 0x0, 0x80, 0x7, 0x8502, 0x0, 0x77, 0x6, 0x1, 0x5, 0xffff6018, 0x400, 0x200, 0x9, 0xabd0, 0x3, 0x5, 0x5f82, 0xbc12, 0xffff, 0xe, 0x6, 0xfff, 0x2, 0x0, 0x8b, 0x10000, 0x0, 0xe, 0x8, 0x6, 0xfc]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x1ff, 0x3, 0x4, 0x0, 0x8000, {0x8, 0x1, 0x0, 0x4, 0x3, 0x121a}, {0x6, 0x1, 0x3, 0x5e25, 0x41, 0x9}, 0x0, 0x2, 0x6}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x894}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r4 = open_tree(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x89901)
socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'})
socket(0x29, 0x803, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000001c0)={0x7f, r7, 'id1\x00'})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r4}, &(0x7f0000000180), &(0x7f0000000400)=r1}, 0x20)

7m26.499059535s ago: executing program 36 (id=2871):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES64=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=@newtaction={0x894, 0x30, 0x10, 0x2, 0x25dfdbfc, {0x0, 0x0, 0xffe4}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_RATE={0x404, 0x2, [0x10001, 0x9, 0x9, 0x752, 0x80000001, 0x7, 0x0, 0xfffff000, 0x7f, 0x3, 0x0, 0x66, 0x800000, 0xffff0000, 0x4a9, 0x5, 0x52, 0x3, 0x0, 0x7fffffff, 0x3, 0x2, 0x3, 0x8, 0x9, 0xf, 0xffffffff, 0x4, 0x34c8, 0x46bf3e5b, 0x7, 0x9, 0x4, 0x3, 0x5, 0x1000, 0xffffff81, 0x9, 0xb08b, 0x2, 0x10001, 0x4, 0xa46, 0x6, 0x0, 0x6, 0x4, 0x80000000, 0x9, 0x6, 0x7, 0x6, 0x7, 0x7, 0xfffffffb, 0x7, 0xfffffff9, 0x8, 0x6388, 0x39, 0x6b, 0xc, 0x400, 0x4, 0x5, 0xa, 0x0, 0x8, 0xffff2f54, 0x98f, 0x7, 0xc, 0x400, 0x3, 0x200, 0x4, 0x80000001, 0x3, 0x9, 0x9, 0x10, 0x100, 0xd, 0x1c7, 0x6, 0x1, 0x896, 0x7, 0x8, 0x5, 0x2, 0x0, 0xffffffff, 0x6, 0x3, 0xde2c, 0x7, 0x7, 0xffffffff, 0xfffffffe, 0xf, 0x9, 0x10000, 0x3, 0x8, 0x8, 0xc, 0x1, 0x10, 0x1, 0x9, 0x4, 0x3, 0x2, 0x6, 0x3, 0x1, 0x6, 0x3c8000, 0x2, 0x8, 0x40, 0x7, 0x5, 0x8, 0x40, 0x6c686e22, 0x10, 0x7, 0x7b9, 0x5, 0xa62, 0x0, 0x2, 0xff, 0x4, 0x6, 0x3, 0x4, 0x8, 0xfffff001, 0xff, 0x2, 0x5, 0x6, 0xb20f, 0x6, 0x20000, 0x9, 0x873, 0x3, 0x3ff, 0x49, 0x101, 0xd8, 0x5, 0x7, 0x5, 0x8, 0x100, 0x1, 0x7, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x9, 0x34d597e2, 0x2, 0xc, 0x0, 0x3, 0x4, 0x6, 0x4, 0x4, 0x1b2289a5, 0x6, 0xf, 0x3, 0x3, 0x7, 0x6, 0x80, 0xd, 0x0, 0x3, 0x3, 0xbb09, 0x0, 0x1, 0x8fd, 0xf, 0x3, 0x79b, 0x8, 0xe, 0x8000, 0x9, 0x3, 0x1, 0x6, 0x5, 0x6, 0x0, 0x9, 0x7, 0x6, 0x5, 0x80000001, 0x2, 0x6, 0x5, 0x8, 0xfff, 0x0, 0x8, 0x1000, 0xc0000000, 0x0, 0xa, 0x2, 0x9, 0x1, 0xb, 0x3, 0x6, 0x5, 0x10000, 0x8001, 0x0, 0x2, 0x2, 0xfffffffa, 0x1, 0x5458, 0x9, 0x4, 0x82, 0xd1c4, 0xfffffff7, 0x2df2c74c, 0xd, 0x9, 0x1ff, 0x7, 0xf96a, 0x7fffffff, 0x9, 0x81, 0x1, 0x101, 0x401, 0x5]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x3, 0x6, 0x5, 0x4f96, 0x9, 0x9, 0x10000, 0x6, 0x67d, 0xf, 0x2, 0x9, 0xc, 0xff3e, 0x9, 0x10001, 0x9, 0x1, 0x6, 0xbdf5, 0x4, 0xe, 0xd, 0x0, 0x2, 0xa0, 0x800, 0xe6a, 0x1, 0x10000, 0x22, 0x389, 0x8, 0xaa, 0x4, 0xfffffff7, 0xb, 0x6, 0x800, 0x81, 0x100, 0x4, 0x5, 0x228, 0x0, 0x8, 0x8, 0x9, 0x40, 0x401, 0xe, 0x9, 0x3d096cd7, 0x6, 0x5, 0x9, 0xbb77, 0x8, 0xff, 0x5, 0xfffffffa, 0x5, 0xcbe5, 0x411, 0x2, 0x0, 0xc481, 0x80000000, 0x3, 0x8001, 0x1, 0x8, 0x4467, 0x78, 0x7, 0x4, 0x400, 0x8, 0x4, 0x0, 0x3, 0x9, 0x5, 0x4, 0x1, 0x3a0, 0x74061c33, 0x0, 0x9, 0x5, 0x9, 0x0, 0x8, 0x7fff, 0x2, 0x40, 0x9184, 0xfffff001, 0x41a, 0x1a, 0x9, 0x1, 0x80, 0x81, 0x10, 0xc, 0xe87, 0xfd9, 0x0, 0x9, 0x2, 0x0, 0x4, 0x4, 0x9, 0x6, 0x81, 0x2, 0x400, 0x80000000, 0x7, 0x0, 0x3, 0xe2f6, 0x8, 0x5, 0x9, 0xfffffffe, 0xffffffff, 0x10000, 0xf, 0x3, 0x7bad, 0x8001, 0x9f3c, 0xa367, 0x9, 0x4, 0x9, 0x4, 0x3, 0x101, 0x0, 0x7f, 0x1, 0x1, 0x3, 0x4, 0x5, 0xf8b0, 0x1000, 0x0, 0x10, 0x7, 0x7, 0x717, 0x5, 0xa, 0x4, 0x5, 0x400, 0x4, 0x80000001, 0xffff, 0x31, 0x8, 0x7, 0x100, 0x20000000, 0x3, 0x1, 0x5, 0x282c, 0x2006, 0xc00c, 0x6, 0x3, 0x1ff, 0x9, 0x7, 0x200, 0x5, 0x4, 0x4, 0x0, 0x1, 0x0, 0xff, 0x2, 0x7, 0x200, 0x101, 0x8, 0x3, 0x6, 0x1e4, 0x3, 0x8, 0x3, 0x0, 0x200, 0x7, 0x5, 0x7, 0x19c0, 0x7, 0xff, 0x4c1, 0xb, 0xb, 0x101, 0x7fffffff, 0x7, 0x7, 0x2, 0x5, 0x3, 0x0, 0x1, 0x4, 0x3, 0x5, 0x8, 0x77, 0x0, 0x80, 0x7, 0x8502, 0x0, 0x77, 0x6, 0x1, 0x5, 0xffff6018, 0x400, 0x200, 0x9, 0xabd0, 0x3, 0x5, 0x5f82, 0xbc12, 0xffff, 0xe, 0x6, 0xfff, 0x2, 0x0, 0x8b, 0x10000, 0x0, 0xe, 0x8, 0x6, 0xfc]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x1ff, 0x3, 0x4, 0x0, 0x8000, {0x8, 0x1, 0x0, 0x4, 0x3, 0x121a}, {0x6, 0x1, 0x3, 0x5e25, 0x41, 0x9}, 0x0, 0x2, 0x6}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x894}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r4 = open_tree(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x89901)
socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'})
socket(0x29, 0x803, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000001c0)={0x7f, r7, 'id1\x00'})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r4}, &(0x7f0000000180), &(0x7f0000000400)=r1}, 0x20)

6m29.899293832s ago: executing program 3 (id=3220):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x24000081)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="0002000000000000000600000000000010000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r5}, 0x18)
dup(r3)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r8, 0x0, 0xffffffffffffffff}, 0x18)
mount$9p_tcp(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000006c0), 0x0, &(0x7f00000007c0)=ANY=[@ANYRESHEX, @ANYBLOB="cb06ac7443a8385c4d22617bbc6938af96a6427117c8ddc94036e10183c39c9a76b79ed83372da21d338295e99616880b80ea34f04a47624866994747a600832a749f072a6a74f2ca332e6ea535c05b83b484024a0e6bf6b0ed32c9328a2d4fec35b80e00a5380fe078b7af15d3543c2d5b446c8189ec3f222454095155b96c5263ed3aff078ec7d3f5a2c4f16c33f511c2b"])
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a00000006"], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
accept(r6, &(0x7f0000000580)=@isdn, &(0x7f0000000200)=0x80)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r9, 0x5607, 0x4)
ioctl$VT_ACTIVATE(r9, 0x5606, 0x4)

6m29.518908107s ago: executing program 3 (id=3225):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

6m28.739188543s ago: executing program 3 (id=3227):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000780), 0x4)

6m28.34610167s ago: executing program 3 (id=3233):
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2000844, &(0x7f0000000300)={[{@fat=@time_offset={'time_offset', 0x3d, 0x4f7}}, {@fat=@nocase}, {@nodots}, {@dots}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x7ffd}}, {@nodots}, {}, {@dots}, {@fat=@quiet}, {@fat=@fmask={'fmask', 0x3d, 0x1fe}}, {@fat=@nfs_stale_rw}, {@fat=@usefree}, {@dots}, {@fat=@sys_immutable}, {@fat=@errors_remount}, {@fat=@nocase}]}, 0x21, 0x23d, &(0x7f0000000a40)="$eJzs3cFqE0EcBvB/27Td9mLP4mHBi6eivkGQCOKCENmDnlyoXloR0svqKY/hM/hIPkZPva3YXZq6UQ+yySbu7wdhP/IxMHPJ5DCTvHvw8fzs0+WH6vvXSJI0RhHzuI44id3Yi9pO89y9yQdx1zwAgG0znRbjvudAh3aW3jmKiGI/Ig6XqvzbmmYFAAAAAAAAAABAx5z/B4Dhcf7//zebjYvj5vvbr5z/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPpzXVX3qr+8+p4fANA9+z8ADI/9HwCGx/4PAMPz+s3bl+Msm0zTNIm4mpd5mdfPun/+Ips8Tm+cLEZdlWW+3+Rs8qTu03Z/3Ix/+tv+IB49rPuf3bNXWas/jLNVLx4AAAAAAAAAAAAAAAAAAAA2xGl6q3W/f6/uT//U1+nO7wO07u+P4v5obcsAAAAAAAAAAAAAAAAAAACArXb5+ct5cXHxfiYIt+Eo/mFUEpsxeaGT0PcnEwAAAAAAAAAAAAAAAAAADM/i0m/fMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/iz+/391oe81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMPwIwAA//++jJCI")
creat(&(0x7f0000000100)='./bus\x00', 0x32)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
preadv2(r0, &(0x7f0000000240)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x3400, 0x2, 0x8)

6m28.013247587s ago: executing program 3 (id=3234):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f5c4e59f8500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x14)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r0, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000500)={@private, @multicast1, <r5=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000780)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000000580)={0xd0, 0x0, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

6m26.322525443s ago: executing program 3 (id=3241):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x18)
inotify_rm_watch(0xffffffffffffffff, 0x0)

6m25.921250186s ago: executing program 37 (id=3241):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x18)
inotify_rm_watch(0xffffffffffffffff, 0x0)

6m11.280253827s ago: executing program 1 (id=3349):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x24000081)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32=<r2=>0xffffffffffffffff, @ANYBLOB="0002000000000000000600000000000010000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r6}, 0x18)
dup(r4)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r9, 0x0, 0xffffffffffffffff}, 0x18)
mount$9p_tcp(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000006c0), 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB, @ANYRES16=r2])
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a00000006"], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
accept(r7, &(0x7f0000000580)=@isdn, &(0x7f0000000200)=0x80)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r10, 0x5607, 0x4)
ioctl$VT_ACTIVATE(r10, 0x5606, 0x4)

6m11.016463358s ago: executing program 1 (id=3350):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x9}}}, 0x24}}, 0x0)

6m7.598873148s ago: executing program 1 (id=3357):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001300)=""/238, 0xee}], 0x1)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0xd)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)=<r2=>0x0)
timer_settime(r2, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

6m4.40710973s ago: executing program 1 (id=3386):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3fa, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nyUt2nfxFq/2qrTBjGgJk2iQsBNRUVBcKE7FxKaaSlOmtKM2BYXKoKr4saVrlzpH+DGhSDuXQmudC+FIMW1jNyZe5txMhMzyYyjvb8fTHLO3DOc88yZZ+bcc2cCKK1K9ieJOBIRP0fEdKv61waV1r/fb793Prsl0Wi8/lvSbJfVi6bF46byylwakX6UxMku/W5ev/H2aq1WvZrXF+rrVxY2r9946tL66sXqxerl5ZVnzi4trzy7sjywWG/ePvXTxuev/fHJmV+mnr/51gvZeI/kx9rjGJRKVKKR6zz22KA7G7GjbeVkfIQDoS9jEZFN10Qz/6djLLYnbzpe/HCkgwOGKvtsOtT78PsN4C6WxKhHAIxG8UFfnNsP4zz432zrXOsEaGf845HmbSY6zm8HKTvbuvbmx99mtxjSPgQAQLvvsvXPk93WP2nc39bu//m1oZmIuCcijkXEvRFxPCLui2i2fSAiHuyz/0pHfef6J721r8D2KFv/Pdd1/Vus/mJmLK8dbcY/kVy4VKuezZ+TuZg4lNUXd+njx1e++rLXsUrb+i+7Zf0Xa8F8HLfGOzbo1lbrqweJud3WBxEnuq5/kztXApKIeCgiTuyzj2/ONT7rdezv4x+uxhcRj3ed/+2roMnu1ycXmq+HheJVsdOpd6+s9ep/1PFn83949/hnkvbrtZv99/H1zOmtXsf2+/qfTN5olifz+66t1utXFyMmk1d33r+0/diiXrTP4p+b7Z7/x2L7mTiZzWNEPBwRj0TEo/nYT0fEmYiY3SX+l2Zfru4//uHK4l/ra/77L6wvff9Dr/73Nv9PN0tz+T17ef/b6wAP8twBAADAf0Xa/A58ks7fKafp/HzrO/zH43Ba29isP3Fh453La63vys/ERFrsdE237Ycu5nvDRX2po76c7xt/Ova/Zn3+/Eat56YY8I+Y6pH/mV/HRj06YOj8XgvKS/5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kMpHeR3/QoKCndrYdTvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPxZwAAAP//jYTnFQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
pipe2$9p(&(0x7f0000000540), 0x0)

6m4.003155491s ago: executing program 1 (id=3390):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x24, 0x4, 0x8, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@CTA_TIMEOUT_L4PROTO={0x5}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88be}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40)

6m2.742698728s ago: executing program 1 (id=3394):
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
inotify_init()
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000009060106000000ffff000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x3d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x194c}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f0000000100)=0x439, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000780)={0x0, 0x1, 0x0, [0x806f, 0x0, 0x2d5, 0x2, 0x6], [0x2, 0x2, 0x1, 0x3, 0x8002, 0x0, 0x5, 0x2, 0x0, 0x802, 0x9, 0x100, 0x3, 0xfffffffffffffff4, 0x4a, 0x5, 0x100, 0xd, 0xdd, 0x5, 0x1, 0x2a9, 0x3, 0xc39, 0x3, 0x8, 0x100000000, 0x2, 0xa51, 0x8, 0x401, 0x3, 0x7, 0xfffffffffffffffa, 0x81, 0x100, 0x5, 0x931, 0x101, 0x3, 0x8001, 0x8000000000000000, 0x7, 0x1, 0x8, 0x8, 0x6aa, 0x100, 0xffffffffffffffff, 0x83, 0x538a, 0x9, 0xda, 0x4, 0x0, 0x4, 0x5, 0x7, 0x8000, 0x8000000000000000, 0x4, 0x0, 0x14, 0x5bc, 0x1, 0x7fffffff, 0x4, 0x8000, 0xc9, 0x7, 0x6, 0xa, 0x82c, 0x7ff, 0xe000000000000, 0xe4, 0x6, 0x0, 0x9, 0x22, 0xffffffffffffffff, 0x7, 0x1, 0x8000000000000000, 0x2000000009, 0x8, 0x0, 0x6, 0x6, 0x9, 0x100000001, 0x4, 0x4, 0x7, 0x7, 0x7, 0x9, 0x1, 0x16d, 0x6, 0x68d, 0xffffffffffff43b0, 0x8, 0x50000000000000, 0xe, 0x0, 0x0, 0x3, 0x4, 0x7, 0x402, 0x3, 0x8, 0x5, 0x0, 0x3, 0x40, 0x7fffffff, 0x7, 0x12, 0x1]})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x7, @mcast2, 0x7}, 0x1c, &(0x7f0000000700)=[{&(0x7f00000003c0)="0c5bcc2267b97c4fcea6f23309eb29cf9e33a9333fbe980b28f66ee149beaff5a351912ca7dd1496dec0514ab72a5e8c83baac1fe7e607dc674de0ebc50e9daee5b59f55e9", 0x45}, {&(0x7f00000001c0)="ac5e793bb6d481add4116a81f21c2c9447249324763f5ba13b5b8c39d8251f3f", 0x20}, {&(0x7f0000000540)="101e9e152fe230a79b927cb51b0653799b8d34c017386122370d9cfab3c449c103fc030a6a47306d8f5229be8436596856cb708411da299ec3bca1d3187065f29aafae56817a0b30d278798e9cd7e801363a68f4b0b71416c48480021a66c9d67967131c736a4fb8d1eedea9371ebcb5875393c12a8aff236a4b10f5a0c76c1bbb8a2080958c0d8f491ef87d4b932804150b5c16f5cbe8b0538ddf6e4496a4bc", 0xa0}, {&(0x7f00000006c0)="0988b60b3fac43cd8dcbe6acb2", 0xd}], 0x4}}], 0x1, 0x4080)

5m47.259200638s ago: executing program 38 (id=3394):
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
inotify_init()
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000009060106000000ffff000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x3d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x194c}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f0000000100)=0x439, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000780)={0x0, 0x1, 0x0, [0x806f, 0x0, 0x2d5, 0x2, 0x6], [0x2, 0x2, 0x1, 0x3, 0x8002, 0x0, 0x5, 0x2, 0x0, 0x802, 0x9, 0x100, 0x3, 0xfffffffffffffff4, 0x4a, 0x5, 0x100, 0xd, 0xdd, 0x5, 0x1, 0x2a9, 0x3, 0xc39, 0x3, 0x8, 0x100000000, 0x2, 0xa51, 0x8, 0x401, 0x3, 0x7, 0xfffffffffffffffa, 0x81, 0x100, 0x5, 0x931, 0x101, 0x3, 0x8001, 0x8000000000000000, 0x7, 0x1, 0x8, 0x8, 0x6aa, 0x100, 0xffffffffffffffff, 0x83, 0x538a, 0x9, 0xda, 0x4, 0x0, 0x4, 0x5, 0x7, 0x8000, 0x8000000000000000, 0x4, 0x0, 0x14, 0x5bc, 0x1, 0x7fffffff, 0x4, 0x8000, 0xc9, 0x7, 0x6, 0xa, 0x82c, 0x7ff, 0xe000000000000, 0xe4, 0x6, 0x0, 0x9, 0x22, 0xffffffffffffffff, 0x7, 0x1, 0x8000000000000000, 0x2000000009, 0x8, 0x0, 0x6, 0x6, 0x9, 0x100000001, 0x4, 0x4, 0x7, 0x7, 0x7, 0x9, 0x1, 0x16d, 0x6, 0x68d, 0xffffffffffff43b0, 0x8, 0x50000000000000, 0xe, 0x0, 0x0, 0x3, 0x4, 0x7, 0x402, 0x3, 0x8, 0x5, 0x0, 0x3, 0x40, 0x7fffffff, 0x7, 0x12, 0x1]})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x7, @mcast2, 0x7}, 0x1c, &(0x7f0000000700)=[{&(0x7f00000003c0)="0c5bcc2267b97c4fcea6f23309eb29cf9e33a9333fbe980b28f66ee149beaff5a351912ca7dd1496dec0514ab72a5e8c83baac1fe7e607dc674de0ebc50e9daee5b59f55e9", 0x45}, {&(0x7f00000001c0)="ac5e793bb6d481add4116a81f21c2c9447249324763f5ba13b5b8c39d8251f3f", 0x20}, {&(0x7f0000000540)="101e9e152fe230a79b927cb51b0653799b8d34c017386122370d9cfab3c449c103fc030a6a47306d8f5229be8436596856cb708411da299ec3bca1d3187065f29aafae56817a0b30d278798e9cd7e801363a68f4b0b71416c48480021a66c9d67967131c736a4fb8d1eedea9371ebcb5875393c12a8aff236a4b10f5a0c76c1bbb8a2080958c0d8f491ef87d4b932804150b5c16f5cbe8b0538ddf6e4496a4bc", 0xa0}, {&(0x7f00000006c0)="0988b60b3fac43cd8dcbe6acb2", 0xd}], 0x4}}], 0x1, 0x4080)

8.039424522s ago: executing program 7 (id=5541):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$sg(0x0, 0x6f5e, 0x443)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000540)=ANY=[])

7.797267792s ago: executing program 6 (id=5545):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d61"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)

7.706648639s ago: executing program 7 (id=5546):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x0)

7.577379783s ago: executing program 7 (id=5547):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendfile(r1, r1, 0x0, 0xe3aa6ea)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r6, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{0x0}], 0x1}, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x1c3)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
accept4(r4, 0x0, 0x0, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
unshare(0x64000600)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x100, 0x100000002})

6.051829464s ago: executing program 9 (id=5557):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{&(0x7f0000000000)={0xa, 0x4e1f, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1c, &(0x7f0000001780)=[{&(0x7f0000000040)="a4", 0x1}], 0x1}}, {{&(0x7f00000004c0)={0xa, 0x4e21, 0x3, @remote, 0x1}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000500)='l', 0x1}], 0x1}}], 0x2, 0x8890)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x7, 0x30, 0x5, 0x5}, &(0x7f00000000c0)=0x18)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000100), &(0x7f0000000180)=0x40)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140)={r3, 0x5}, 0x8)

5.915654702s ago: executing program 7 (id=5559):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$sg(0x0, 0x6f5e, 0x443)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000540)=ANY=[])

5.814543806s ago: executing program 6 (id=5560):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x0)

5.414507094s ago: executing program 6 (id=5563):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000240)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100040000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400"/90], 0x124}}, 0x0)

5.368599599s ago: executing program 2 (id=5565):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0xf00)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x40000)

5.266426394s ago: executing program 7 (id=5566):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000001600)=ANY=[@ANYRESHEX=r0, @ANYBLOB="be244b9b715bf68602ce2112160e4f769a39dac147a768e1dc3202b649393e4e1ae687009e54e51badb4c851d517a1197eeaf9463cb1f9a536efd6477ebb74957e552df50d85f768bf9e476449206d68be0a0543c6b383d500"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000014c0)={0x0, @sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, @sco={0x1f, @none}, @generic={0x27, "115a5d6ee142a1110dfb14fbe261"}, 0x600, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000000)='vxcan1\x00', 0x9, 0x1, 0x6})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r4, &(0x7f0000004200)='t', 0x1)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000800000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
sendfile(r4, r3, 0x0, 0x7ffff000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket(0x8000000010, 0x2, 0x0)
write(r7, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r9}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r10, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})

4.486844969s ago: executing program 6 (id=5567):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYBLOB="110000000000fbdbdf252d0000000e0001006e657464657673696d0000000f0002"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

3.992497275s ago: executing program 9 (id=5569):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r0}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3.907900039s ago: executing program 4 (id=5571):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x320, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xfffe, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x9, 0x1, 0x8, 0x2, 0x1}]}}}}}}}, 0x0)

3.839781583s ago: executing program 6 (id=5572):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendfile(r1, r1, 0x0, 0xe3aa6ea)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r6, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{0x0}], 0x1}, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x1c3)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
accept4(r4, 0x0, 0x0, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
unshare(0x64000600)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x100, 0x100000002})

3.702206828s ago: executing program 2 (id=5573):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$netlink(0x10, 0x3, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000b80)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r6}, &(0x7f0000000240), &(0x7f00000003c0)=r8}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r4, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0xad, &(0x7f0000000300)=ANY=[], 0x0)

3.664956596s ago: executing program 0 (id=5574):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44880}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0xe4ff, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r2, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x4, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)

3.567971163s ago: executing program 9 (id=5575):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r0, 0x0, 0x20008800)

3.557357535s ago: executing program 4 (id=5576):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f6080000000118000008"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r0, 0x7, 0x104, 0x7ff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.38551987s ago: executing program 2 (id=5577):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r1}, 0x10)
r2 = io_uring_setup(0x6e1e, &(0x7f0000000100)={0x0, 0x23d4, 0x800, 0xfffffffc, 0x87})
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0xf, &(0x7f0000001580)={0x1, 0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000280)=""/4094, 0xffe}], 0x0}, 0x20)

3.158510519s ago: executing program 7 (id=5578):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280))
syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd144, 0x0, 0x3, 0x288}, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x10101, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x200000000}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

3.037577226s ago: executing program 9 (id=5579):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff0000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2480, 0x0)

3.033813237s ago: executing program 2 (id=5580):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000240)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100040000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400"/90], 0x124}}, 0x0)

3.01131636s ago: executing program 0 (id=5581):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180400000000000000000000000004", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={0x14, 0x9, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0xffff}}, 0x14}}, 0x4000080)

2.58355257s ago: executing program 4 (id=5582):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000580)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00', r2}, 0x10)
semctl$IPC_INFO(0x0, 0x4, 0x3, 0x0)

2.304101081s ago: executing program 2 (id=5583):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b705"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x1c0)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7f, 0x1002, 0x5c8, 0x80000003, 0x6})
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)

2.264598531s ago: executing program 0 (id=5584):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYBLOB="110000000000fbdbdf252d0000000e0001006e657464657673696d0000000f0002"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

2.072674313s ago: executing program 4 (id=5585):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0xf00)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x40000)

1.408402988s ago: executing program 0 (id=5586):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0)

609.723771ms ago: executing program 4 (id=5587):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r0}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

533.784649ms ago: executing program 6 (id=5588):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000080), 0x1, 0x451, &(0x7f0000000b00)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x20000, 0x42)
getdents(r0, 0x0, 0x0)

483.484779ms ago: executing program 0 (id=5589):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$netlink(0x10, 0x3, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000b80)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r6}, &(0x7f0000000240), &(0x7f00000003c0)=r8}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r4, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0xad, &(0x7f0000000300)=ANY=[], 0x0)

424.81398ms ago: executing program 9 (id=5590):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r2, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r3)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
r5 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
io_uring_enter(0xffffffffffffffff, 0x66a8, 0x4000, 0xf, 0x0, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xb}]})

313.149037ms ago: executing program 4 (id=5591):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r0, 0x0, 0x20008800)

77.493913ms ago: executing program 2 (id=5592):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800718, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==")

64.136955ms ago: executing program 0 (id=5593):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44880}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0xe4ff, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r2, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x4, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)

0s ago: executing program 9 (id=5594):
r0 = socket(0x18, 0x4, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x2, @multicast, 'vcan0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000640)="52d742aa2c99133b2231e7ff01000000000000835edd8e0ce70ab632b536cd2fe89db804cdb0e44eb13512d48a7a97fec89692aabdf1f240ab02db4d08c443aee325608ce98743b8c309979343b424533fa63be47414e9082741bf19692a6194107ec7e0e041812fedd957a8f38c8d482d2914e79fa7cb508e21a2ce3137a7c9ad44ab1447be9cfa989b04505942b8286c1da3da16c2570198a830dbc0fc821aead524a66e2cbb7ab8c5f7c10eb6c67e33ead29e310ef94ef44ee533616d", 0xbe}, {0x0}], 0x2}}], 0x1, 0x4000)

kernel console output (not intermixed with test programs):

batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1207.654720][T21467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1207.654768][T21467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1207.740994][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1207.741063][ T5824] Bluetooth: hci1: command 0x0405 tx timeout
[ 1207.741114][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1207.741163][ T5824] Bluetooth: hci2: command 0x041b tx timeout
[ 1207.883553][T21496] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1207.935231][T21467] hsr_slave_0: entered promiscuous mode
[ 1207.959792][T21496] ext4 filesystem being mounted at /321/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1207.965656][T21467] hsr_slave_1: entered promiscuous mode
[ 1208.190165][ T5829] Bluetooth: hci6: command tx timeout
[ 1208.649941][T21467] debugfs: 'hsr0' already exists in 'hsr'
[ 1208.689353][T21467] Cannot create hsr debugfs directory
[ 1208.982144][T21520] loop7: detected capacity change from 0 to 2048
[ 1209.035675][T21520] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1209.172078][T21467] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1209.287120][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1209.384562][T21467] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1209.765875][T21518] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1209.814730][T21533] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1209.830348][T21533] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 96 with error 28
[ 1209.842853][T21533] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1209.842853][T21533] 
[ 1209.852600][T21533] EXT4-fs (loop7): Total free blocks count 0
[ 1209.858655][T21533] EXT4-fs (loop7): Free/Dirty block details
[ 1209.864645][T21533] EXT4-fs (loop7): free_blocks=2415919504
[ 1209.870480][T21533] EXT4-fs (loop7): dirty_blocks=112
[ 1209.875752][T21533] EXT4-fs (loop7): Block reservation details
[ 1209.882137][T21533] EXT4-fs (loop7): i_reserved_data_blocks=7
[ 1210.101971][T21518] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1210.108107][T21518] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1210.124062][T21467] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.178610][T21518] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1210.196495][T21518] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1210.210557][ T5824] Bluetooth: hci6: command tx timeout
[ 1210.247852][T21532] lo speed is unknown, defaulting to 1000
[ 1210.402668][T21518] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1210.453212][T21467] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.470957][T21518] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1210.492806][T21518] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1210.581394][T21540] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5001'.
[ 1212.131382][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1212.137452][ T5824] Bluetooth: hci2: command 0x041b tx timeout
[ 1212.261437][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1212.268751][ T5824] Bluetooth: hci1: command 0x0405 tx timeout
[ 1212.299260][T17982] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[ 1212.382642][T21552] netlink: 'syz.0.5005': attribute type 4 has an invalid length.
[ 1212.394627][T21467] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1212.450568][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1212.505719][T21467] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1212.559940][T21467] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1212.640287][T21467] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1212.697133][T21565] loop4: detected capacity change from 0 to 512
[ 1212.711538][T21565] EXT4-fs: Ignoring removed bh option
[ 1212.755909][T21565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1212.804215][T21565] ext4 filesystem being mounted at /324/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1212.842979][T21467] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1212.871679][T21467] 8021q: adding VLAN 0 to HW filter on device team0
[ 1212.888085][T17995] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1212.895280][T17995] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1212.961334][T17995] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1212.968552][T17995] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1212.997436][T21576] loop2: detected capacity change from 0 to 2048
[ 1213.025856][T21576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1213.031546][T21579] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5012'.
[ 1213.060466][   T30] kauditd_printk_skb: 10 callbacks suppressed
[ 1213.060490][   T30] audit: type=1800 audit(1760491390.933:1922): pid=21576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5011" name="file1" dev="loop2" ino=15 res=0 errno=0
[ 1213.331920][T21588] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5014'.
[ 1213.782619][T21576] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm syz.2.5011: bg 0: block 234: padding at end of block bitmap is not set
[ 1213.842696][T21576] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117
[ 1213.894114][T21576] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 1213.894114][T21576] 
[ 1213.912685][T21597] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5017'.
[ 1213.953627][T21597] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5017'.
[ 1213.978103][T21585] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1213.984770][T21585] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1214.010789][T21585] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1214.018054][T21585] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1214.026927][T21585] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1214.041406][T21585] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1214.048946][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1214.074429][T21599] loop0: detected capacity change from 0 to 2048
[ 1214.125952][T21599] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1214.171485][T21467] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1214.285123][T21608] netlink: 'syz.7.5021': attribute type 4 has an invalid length.
[ 1214.602391][T17982] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 998 with error 28
[ 1215.661495][T21614] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1215.679263][T21614] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28
[ 1215.691783][T21614] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 1215.691783][T21614] 
[ 1215.701913][T21614] EXT4-fs (loop0): Total free blocks count 0
[ 1215.707983][T21614] EXT4-fs (loop0): Free/Dirty block details
[ 1215.714125][T21614] EXT4-fs (loop0): free_blocks=2415919504
[ 1215.719932][T21614] EXT4-fs (loop0): dirty_blocks=48
[ 1215.725163][T21614] EXT4-fs (loop0): Block reservation details
[ 1215.731608][T21614] EXT4-fs (loop0): i_reserved_data_blocks=3
[ 1216.050628][ T5824] Bluetooth: hci1: command 0x0405 tx timeout
[ 1216.059909][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1216.066249][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1216.072489][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1216.078517][ T5829] Bluetooth: hci2: command 0x041b tx timeout
[ 1216.093073][T21623] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5025'.
[ 1216.361064][T17982] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 1216.361064][T17982] 
[ 1216.366520][T21613] lo speed is unknown, defaulting to 1000
[ 1216.373218][T17982] EXT4-fs (loop2): Total free blocks count 0
[ 1216.382546][T17982] EXT4-fs (loop2): Free/Dirty block details
[ 1216.388453][T17982] EXT4-fs (loop2): free_blocks=0
[ 1217.219935][T17982] EXT4-fs (loop2): dirty_blocks=1008
[ 1217.225487][T17982] EXT4-fs (loop2): Block reservation details
[ 1217.875257][T21633] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5027'.
[ 1218.130541][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1218.427553][T17979] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[ 1218.459428][T21640] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5029'.
[ 1218.678290][T21643] loop2: detected capacity change from 0 to 1024
[ 1218.699834][T21646] loop0: detected capacity change from 0 to 512
[ 1218.707956][T21646] EXT4-fs: Ignoring removed bh option
[ 1218.801619][T21651] loop6: detected capacity change from 0 to 128
[ 1218.835792][T21643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1218.866861][T21646] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1218.882934][T21467] veth0_vlan: entered promiscuous mode
[ 1218.916177][T21646] ext4 filesystem being mounted at /209/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1218.946540][T21467] veth1_vlan: entered promiscuous mode
[ 1218.989845][T21467] veth0_macvtap: entered promiscuous mode
[ 1218.999233][T21651] syz.6.5032: attempt to access beyond end of device
[ 1218.999233][T21651] loop6: rw=2049, sector=145, nr_sectors = 24 limit=128
[ 1219.001398][T21467] veth1_macvtap: entered promiscuous mode
[ 1219.050772][T21467] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1219.058697][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.058697][T21651] loop6: rw=2049, sector=177, nr_sectors = 8 limit=128
[ 1219.103862][T21467] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1219.138834][T19450] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.150627][T18657] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.154280][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.154280][T21651] loop6: rw=2049, sector=193, nr_sectors = 8 limit=128
[ 1219.179715][T18657] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.201466][T18657] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.216600][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.216600][T21651] loop6: rw=2049, sector=209, nr_sectors = 8 limit=128
[ 1219.282331][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.282331][T21651] loop6: rw=2049, sector=225, nr_sectors = 8 limit=128
[ 1219.290854][T21658] syz.6.5032: attempt to access beyond end of device
[ 1219.290854][T21658] loop6: rw=2049, sector=281, nr_sectors = 24 limit=128
[ 1219.401238][T21658] syz.6.5032: attempt to access beyond end of device
[ 1219.401238][T21658] loop6: rw=2049, sector=321, nr_sectors = 8 limit=128
[ 1219.456938][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.456938][T21651] loop6: rw=2049, sector=241, nr_sectors = 8 limit=128
[ 1219.496244][T21660] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5033'.
[ 1219.560721][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.560721][T21651] loop6: rw=2049, sector=257, nr_sectors = 8 limit=128
[ 1219.608412][T21660] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5033'.
[ 1219.629312][T21651] syz.6.5032: attempt to access beyond end of device
[ 1219.629312][T21651] loop6: rw=2049, sector=273, nr_sectors = 8 limit=128
[ 1219.792356][T18657] buffer_io_error: 5 callbacks suppressed
[ 1219.792383][T18657] Buffer I/O error on dev loop6, logical block 281, lost async page write
[ 1219.885971][T17988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1219.914278][T17988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1219.968629][T16790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1220.004613][T17991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1220.040535][T17991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1220.109516][T21669] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5038'.
[ 1220.120181][T21667] loop9: detected capacity change from 0 to 8
[ 1220.134749][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1220.134772][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.151086][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.159136][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.169398][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.183790][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.194069][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.219587][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1220.231285][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.231340][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.233423][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.233473][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.234013][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.234071][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.234864][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.234912][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.236122][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.236171][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.236273][T21667] ldm_validate_partition_table(): Disk read failed.
[ 1220.236436][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.236484][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1220.236681][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.237206][T21667] Dev loop9: unable to read RDB block 0
[ 1220.237906][T21667]  loop9: unable to read partition table
[ 1220.238146][T21667] loop9: partition table beyond EOD, truncated
[ 1220.238175][T21667] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1220.238175][T21667] 
) failed (rc=-5)
[ 1220.489163][T21678] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4970'.
[ 1220.522684][T17474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1220.945299][T21686] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5045'.
[ 1222.000181][T21702] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5048'.
[ 1222.106715][T21705] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5048'.
[ 1222.201839][T21707] loop9: detected capacity change from 0 to 512
[ 1222.231492][T21707] EXT4-fs: Ignoring removed bh option
[ 1222.336670][T21707] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1222.396106][T21707] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1222.564205][T21700] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1222.572620][T21700] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1222.593576][T21700] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1222.627778][T21700] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1222.640833][T21700] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1222.647086][T21700] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1222.813773][T21718] loop2: detected capacity change from 0 to 1024
[ 1223.054961][T21718] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1223.110498][   T30] audit: type=1326 audit(1760491400.983:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21719 comm="syz.4.5053" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a0538eec9 code=0x0
[ 1223.407505][T21467] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1223.562496][T21734] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5056'.
[ 1223.782149][T21736] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1223.826338][T21736] loop9: detected capacity change from 0 to 8
[ 1223.862857][T21736] ldm_validate_partition_table(): Disk read failed.
[ 1223.909968][T21736] Dev loop9: unable to read RDB block 0
[ 1223.952090][T21736]  loop9: unable to read partition table
[ 1223.952344][T21736] loop9: partition table beyond EOD, truncated
[ 1223.952374][T21736] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1223.952374][T21736] 
) failed (rc=-5)
[ 1224.011996][   T30] audit: type=1800 audit(1760491401.873:1924): pid=21741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5052" name="bus" dev="loop2" ino=18 res=0 errno=0
[ 1224.506542][T17474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1224.613912][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1224.620026][ T5824] Bluetooth: hci2: command 0x041b tx timeout
[ 1224.690890][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1224.697134][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1224.709574][T20497] Bluetooth: hci1: command 0x0405 tx timeout
[ 1225.006605][T21764] loop7: detected capacity change from 0 to 512
[ 1225.022354][T21764] EXT4-fs: Ignoring removed bh option
[ 1225.050151][T21768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5070'.
[ 1225.073648][T21764] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1225.162408][T21764] ext4 filesystem being mounted at /232/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1225.697636][T21762] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1225.740833][T21762] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1225.759258][T21762] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1225.795161][T21762] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1225.846320][T21762] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1225.892663][T21762] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1226.384670][T16894] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1226.404325][T21790] loop6: detected capacity change from 0 to 1024
[ 1226.473117][T21790] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1226.883302][T21801] loop4: detected capacity change from 0 to 2048
[ 1227.019062][T21801] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1227.055590][   T30] audit: type=1800 audit(1760491404.933:1925): pid=21801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5080" name="file1" dev="loop4" ino=15 res=0 errno=0
[ 1227.165713][T21791] Can't find ip_set type hash
[ 1227.533455][   T30] audit: type=1800 audit(1760491405.403:1926): pid=21806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.5076" name="bus" dev="loop6" ino=18 res=0 errno=0
[ 1227.668307][T21801] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.5080: bg 0: block 234: padding at end of block bitmap is not set
[ 1227.724042][T21801] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117
[ 1227.758979][T21801] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1227.758979][T21801] 
[ 1227.810590][ T5829] Bluetooth: hci1: command 0x0405 tx timeout
[ 1227.816679][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1227.823167][T20497] Bluetooth: hci2: command 0x041b tx timeout
[ 1227.919862][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1227.974706][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1227.999870][T17939] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1228.191410][  T151] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 300 with error 28
[ 1228.257298][  T151] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1228.257298][  T151] 
[ 1228.271458][  T151] EXT4-fs (loop4): Total free blocks count 0
[ 1228.277651][  T151] EXT4-fs (loop4): Free/Dirty block details
[ 1228.283841][  T151] EXT4-fs (loop4): free_blocks=0
[ 1228.289002][  T151] EXT4-fs (loop4): dirty_blocks=304
[ 1228.294434][  T151] EXT4-fs (loop4): Block reservation details
[ 1228.765122][T21819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5087'.
[ 1229.123695][T21823] loop4: detected capacity change from 0 to 512
[ 1229.148798][T21823] EXT4-fs: Ignoring removed bh option
[ 1229.308657][T21823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1229.408160][T21823] ext4 filesystem being mounted at /339/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1229.613882][T21821] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1229.630496][T21821] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1229.636639][T21821] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1229.655447][T21821] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1229.671124][T21821] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1229.708739][T21821] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1229.845548][T21846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5096'.
[ 1229.854977][T21846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5096'.
[ 1229.963692][   T30] audit: type=1326 audit(1760491407.833:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21842 comm="syz.0.5096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7bc78eec9 code=0x0
[ 1230.044050][T21851] loop2: detected capacity change from 0 to 2048
[ 1230.116671][T21851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1230.212300][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1230.742517][T21867] lo speed is unknown, defaulting to 1000
[ 1231.052491][T21868] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1231.067750][T21868] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28
[ 1231.080211][T21868] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 1231.080211][T21868] 
[ 1231.089962][T21868] EXT4-fs (loop2): Total free blocks count 0
[ 1231.096559][T21868] EXT4-fs (loop2): Free/Dirty block details
[ 1231.102544][T21868] EXT4-fs (loop2): free_blocks=2415919504
[ 1231.108345][T21868] EXT4-fs (loop2): dirty_blocks=48
[ 1231.114988][T21868] EXT4-fs (loop2): Block reservation details
[ 1231.122425][T21868] EXT4-fs (loop2): i_reserved_data_blocks=3
[ 1231.651297][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1231.657367][ T5829] Bluetooth: hci2: command 0x041b tx timeout
[ 1231.731301][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1231.737367][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1231.743481][ T5824] Bluetooth: hci1: command 0x0405 tx timeout
[ 1232.030240][T21875] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5104'.
[ 1232.308851][T21877] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1232.336107][T21877] loop9: detected capacity change from 0 to 8
[ 1232.425054][    C0] blk_print_req_error: 20 callbacks suppressed
[ 1232.425083][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.425131][    C0] buffer_io_error: 21 callbacks suppressed
[ 1232.425151][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.432968][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.433050][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.452584][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.452638][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.452911][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.452958][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.453191][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.453239][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.453478][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.453524][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.453759][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.453805][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.454411][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.454459][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.454573][T21877] ldm_validate_partition_table(): Disk read failed.
[ 1232.454726][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.454773][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.454999][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1232.455053][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1232.456839][T21877] Dev loop9: unable to read RDB block 0
[ 1232.460472][T21877]  loop9: unable to read partition table
[ 1232.460799][T21877] loop9: partition table beyond EOD, truncated
[ 1232.460829][T21877] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1232.460829][T21877] 
) failed (rc=-5)
[ 1232.864597][T21864] syz.9.5101: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1232.864802][T21864] CPU: 0 UID: 0 PID: 21864 Comm: syz.9.5101 Not tainted syzkaller #0 PREEMPT(full) 
[ 1232.864846][T21864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1232.864868][T21864] Call Trace:
[ 1232.864880][T21864]  <TASK>
[ 1232.864894][T21864]  dump_stack_lvl+0x16c/0x1f0
[ 1232.864956][T21864]  warn_alloc+0x248/0x3a0
[ 1232.865021][T21864]  ? __pfx_warn_alloc+0x10/0x10
[ 1232.865111][T21864]  ? xskq_create+0xfb/0x1d0
[ 1232.865156][T21864]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1232.865201][T21864]  ? __vmalloc_node_noprof+0xad/0xf0
[ 1232.865263][T21864]  __vmalloc_node_range_noprof+0xfe2/0x1480
[ 1232.865333][T21864]  ? xskq_create+0xfb/0x1d0
[ 1232.865401][T21864]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1232.865472][T21864]  ? xskq_create+0xfb/0x1d0
[ 1232.865519][T21864]  vmalloc_user_noprof+0x9e/0xe0
[ 1232.865572][T21864]  ? xskq_create+0xfb/0x1d0
[ 1232.865621][T21864]  xskq_create+0xfb/0x1d0
[ 1232.865672][T21864]  xsk_setsockopt+0x792/0x9a0
[ 1232.865720][T21864]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1232.865762][T21864]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1232.865806][T21864]  ? find_held_lock+0x2b/0x80
[ 1232.865871][T21864]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1232.865915][T21864]  ? aa_sock_opt_perm+0xfd/0x1c0
[ 1232.865979][T21864]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1232.866027][T21864]  do_sock_setsockopt+0xf3/0x1d0
[ 1232.866079][T21864]  __sys_setsockopt+0x1a0/0x230
[ 1232.866143][T21864]  __x64_sys_setsockopt+0xbd/0x160
[ 1232.866196][T21864]  ? do_syscall_64+0x91/0xfa0
[ 1232.866250][T21864]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1232.866294][T21864]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1232.866351][T21864]  do_syscall_64+0xcd/0xfa0
[ 1232.866412][T21864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.866449][T21864] RIP: 0033:0x7f26d4b8eec9
[ 1232.866478][T21864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1232.866514][T21864] RSP: 002b:00007f26d2df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1232.866548][T21864] RAX: ffffffffffffffda RBX: 00007f26d4de6090 RCX: 00007f26d4b8eec9
[ 1232.866574][T21864] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007
[ 1232.866597][T21864] RBP: 00007f26d4c11f91 R08: 0000000000000004 R09: 0000000000000000
[ 1232.866621][T21864] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000
[ 1232.866645][T21864] R13: 00007f26d4de6128 R14: 00007f26d4de6090 R15: 00007fff99d0c748
[ 1232.866698][T21864]  </TASK>
[ 1232.867516][T21883] netlink: 'syz.4.5106': attribute type 4 has an invalid length.
[ 1232.906448][T21864] Mem-Info:
[ 1232.906471][T21864] active_anon:8920 inactive_anon:0 isolated_anon:0
[ 1232.906471][T21864]  active_file:16934 inactive_file:42857 isolated_file:0
[ 1232.906471][T21864]  unevictable:768 dirty:34 writeback:0
[ 1232.906471][T21864]  slab_reclaimable:12262 slab_unreclaimable:107880
[ 1232.906471][T21864]  mapped:39800 shmem:4577 pagetables:1697
[ 1232.906471][T21864]  sec_pagetables:0 bounce:0
[ 1232.906471][T21864]  kernel_misc_reclaimable:0
[ 1232.906471][T21864]  free:1260658 free_pcp:21113 free_cma:0
[ 1232.906572][T21864] Node 0 active_anon:35680kB inactive_anon:0kB active_file:67736kB inactive_file:171224kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:159200kB dirty:136kB writeback:0kB shmem:16772kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14180kB pagetables:6632kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1232.906699][T21864] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1232.906793][T21864] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1232.906907][T21864] lowmem_reserve[]: 0 2483 2485 2485 2485
[ 1232.906983][T21864] Node 0 DMA32 free:1131112kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35680kB inactive_anon:0kB active_file:67736kB inactive_file:171224kB unevictable:1536kB writepending:136kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:65164kB local_pcp:25924kB free_cma:0kB
[ 1232.907103][T21864] lowmem_reserve[]: 0 0 1 1 1
[ 1232.907176][T21864] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1232.907286][T21864] lowmem_reserve[]: 0 0 0 0 0
[ 1232.907359][T21864] Node 1 Normal free:3896160kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19284kB local_pcp:8816kB free_cma:0kB
[ 1232.907473][T21864] lowmem_reserve[]: 0 0 0 0 0
[ 1232.907545][T21864] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1232.907782][T21864] Node 0 DMA32: 2870*4kB (UME) 198*8kB (UME) 66*16kB (UME) 906*32kB (UME) 610*64kB (UME) 1129*128kB (UME) 661*256kB (UME) 232*512kB (UM) 46*1024kB (UME) 10*2048kB (U) 134*4096kB (UM) = 1131112kB
[ 1232.908190][T21864] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1232.908394][T21864] Node 1 Normal: 130*4kB (UME) 45*8kB (UME) 45*16kB (UME) 177*32kB (UME) 50*64kB (UME) 13*128kB (UE) 2*256kB (M) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3896160kB
[ 1232.908726][T21864] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1232.908759][T21864] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1232.908790][T21864] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1232.908822][T21864] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1232.908853][T21864] 64363 total pagecache pages
[ 1232.908869][T21864] 0 pages in swap cache
[ 1232.908884][T21864] Free swap  = 124996kB
[ 1232.908899][T21864] Total swap = 124996kB
[ 1232.908915][T21864] 2097051 pages RAM
[ 1232.908929][T21864] 0 pages HighMem/MovableOnly
[ 1232.908944][T21864] 429080 pages reserved
[ 1232.908959][T21864] 0 pages cma reserved
[ 1233.324901][ T6023] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[ 1233.651849][T21890] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5110'.
[ 1233.675131][T21890] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5110'.
[ 1234.840265][T21898] loop4: detected capacity change from 0 to 512
[ 1234.881888][T21898] EXT4-fs: Ignoring removed bh option
[ 1234.928471][T21898] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1234.980840][T21898] ext4 filesystem being mounted at /344/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1235.399556][T21894] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1235.406225][T21894] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1235.422137][T21894] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1235.457711][T21894] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1235.483832][T21894] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1235.522936][T21894] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1235.597819][T21912] netlink: 'syz.9.5120': attribute type 4 has an invalid length.
[ 1236.468869][T21937] lo speed is unknown, defaulting to 1000
[ 1237.339711][T21949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5129'.
[ 1237.378676][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1237.410628][T20497] Bluetooth: hci2: command 0x041b tx timeout
[ 1237.490775][T20497] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1237.494065][ T5829] Bluetooth: hci1: command 0x0405 tx timeout
[ 1237.496959][T20497] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1237.570495][T20497] Bluetooth: hci6: command 0x0419 tx timeout
[ 1237.660503][T21959] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5130'.
[ 1237.682064][T21959] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5130'.
[ 1238.631385][T21974] netlink: 'syz.6.5137': attribute type 4 has an invalid length.
[ 1238.663031][T21976] loop9: detected capacity change from 0 to 128
[ 1238.797326][T21976] bio_check_eod: 3 callbacks suppressed
[ 1238.797353][T21976] syz.9.5139: attempt to access beyond end of device
[ 1238.797353][T21976] loop9: rw=2049, sector=145, nr_sectors = 24 limit=128
[ 1238.909878][T21976] syz.9.5139: attempt to access beyond end of device
[ 1238.909878][T21976] loop9: rw=2049, sector=177, nr_sectors = 8 limit=128
[ 1238.925537][T21976] syz.9.5139: attempt to access beyond end of device
[ 1238.925537][T21976] loop9: rw=2049, sector=193, nr_sectors = 8 limit=128
[ 1238.946146][T21976] syz.9.5139: attempt to access beyond end of device
[ 1238.946146][T21976] loop9: rw=2049, sector=209, nr_sectors = 8 limit=128
[ 1238.968695][T21976] syz.9.5139: attempt to access beyond end of device
[ 1238.968695][T21976] loop9: rw=2049, sector=225, nr_sectors = 8 limit=128
[ 1239.050812][T21976] syz.9.5139: attempt to access beyond end of device
[ 1239.050812][T21976] loop9: rw=2049, sector=241, nr_sectors = 8 limit=128
[ 1239.124453][T21976] syz.9.5139: attempt to access beyond end of device
[ 1239.124453][T21976] loop9: rw=2049, sector=257, nr_sectors = 8 limit=128
[ 1239.180043][T21969] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1239.190914][T21976] syz.9.5139: attempt to access beyond end of device
[ 1239.190914][T21976] loop9: rw=2049, sector=273, nr_sectors = 8 limit=128
[ 1239.206160][T21969] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1239.231223][T21969] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1239.237372][T21969] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1239.260818][T21976] syz.9.5139: attempt to access beyond end of device
[ 1239.260818][T21976] loop9: rw=2049, sector=289, nr_sectors = 9 limit=128
[ 1239.281184][T21969] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1239.287325][T21969] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1239.471902][T17997] kworker/u8:39: attempt to access beyond end of device
[ 1239.471902][T17997] loop9: rw=1, sector=313, nr_sectors = 1 limit=128
[ 1239.524347][T17997] buffer_io_error: 5 callbacks suppressed
[ 1239.524371][T17997] Buffer I/O error on dev loop9, logical block 313, lost async page write
[ 1239.542680][T21994] loop2: detected capacity change from 0 to 512
[ 1239.563586][T21994] EXT4-fs: Ignoring removed bh option
[ 1239.639892][T21994] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1239.766000][T21994] ext4 filesystem being mounted at /229/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1239.815648][T22001] program syz.9.5144 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1240.036749][T22008] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5148'.
[ 1241.175865][T22019] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5151'.
[ 1241.250231][T17474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1241.259630][T20497] Bluetooth: hci1: command 0x0405 tx timeout
[ 1241.259655][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1241.265991][T20497] Bluetooth: hci2: command 0x041b tx timeout
[ 1241.304113][T22021] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5151'.
[ 1241.330882][T20497] Bluetooth: hci6: command 0x0419 tx timeout
[ 1241.330907][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1241.595758][T22023] netlink: 'syz.2.5152': attribute type 4 has an invalid length.
[ 1242.065604][T22034] loop0: detected capacity change from 0 to 128
[ 1242.305559][T22033] Buffer I/O error on dev loop0, logical block 305, async page read
[ 1242.325895][T22033] Buffer I/O error on dev loop0, logical block 306, async page read
[ 1242.360726][T22033] Buffer I/O error on dev loop0, logical block 307, async page read
[ 1242.385576][T22033] Buffer I/O error on dev loop0, logical block 308, async page read
[ 1242.410521][T22033] Buffer I/O error on dev loop0, logical block 309, async page read
[ 1242.418633][T22033] Buffer I/O error on dev loop0, logical block 310, async page read
[ 1242.450720][T22033] Buffer I/O error on dev loop0, logical block 311, async page read
[ 1242.458830][T22033] Buffer I/O error on dev loop0, logical block 312, async page read
[ 1242.481373][T22033] Buffer I/O error on dev loop0, logical block 305, async page read
[ 1242.719152][T22030] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1242.726439][T22030] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1242.730808][T22059] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5162'.
[ 1242.737742][T22030] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1242.759076][T22030] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1242.770918][T22030] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1242.782067][T22030] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1242.874652][T22062] loop9: detected capacity change from 0 to 1024
[ 1242.950176][T22062] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1242.987145][T22066] netlink: 'syz.6.5166': attribute type 4 has an invalid length.
[ 1243.195922][T22070] loop4: detected capacity change from 0 to 512
[ 1243.403672][T22070] EXT4-fs: Ignoring removed bh option
[ 1243.646304][T22070] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1243.730844][T22070] ext4 filesystem being mounted at /353/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1244.208408][   T30] audit: type=1800 audit(1760491422.083:1928): pid=22089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5163" name="bus" dev="loop9" ino=18 res=0 errno=0
[ 1244.615574][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1244.770590][T20497] Bluetooth: hci1: command 0x0405 tx timeout
[ 1244.770610][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1244.770659][ T5829] Bluetooth: hci2: command 0x041b tx timeout
[ 1244.822862][T22076] warn_alloc: 1 callbacks suppressed
[ 1244.822885][T22076] syz.6.5168: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 1244.850711][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1244.870542][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1244.887562][T22076] ,cpuset=/,mems_allowed=0-1
[ 1244.893169][T22076] CPU: 1 UID: 0 PID: 22076 Comm: syz.6.5168 Not tainted syzkaller #0 PREEMPT(full) 
[ 1244.893215][T22076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1244.893239][T22076] Call Trace:
[ 1244.893252][T22076]  <TASK>
[ 1244.893265][T22076]  dump_stack_lvl+0x16c/0x1f0
[ 1244.893334][T22076]  warn_alloc+0x248/0x3a0
[ 1244.893400][T22076]  ? __pfx_warn_alloc+0x10/0x10
[ 1244.893483][T22076]  ? xskq_create+0xfb/0x1d0
[ 1244.893528][T22076]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1244.893574][T22076]  ? __vmalloc_node_noprof+0xad/0xf0
[ 1244.893637][T22076]  __vmalloc_node_range_noprof+0xfe2/0x1480
[ 1244.893709][T22076]  ? xskq_create+0xfb/0x1d0
[ 1244.893769][T22076]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1244.893842][T22076]  ? xskq_create+0xfb/0x1d0
[ 1244.893889][T22076]  vmalloc_user_noprof+0x9e/0xe0
[ 1244.893942][T22076]  ? xskq_create+0xfb/0x1d0
[ 1244.893991][T22076]  xskq_create+0xfb/0x1d0
[ 1244.894042][T22076]  xsk_setsockopt+0x792/0x9a0
[ 1244.894093][T22076]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1244.894136][T22076]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1244.894181][T22076]  ? find_held_lock+0x2b/0x80
[ 1244.894248][T22076]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1244.894299][T22076]  ? aa_sock_opt_perm+0xfd/0x1c0
[ 1244.894363][T22076]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1244.894412][T22076]  do_sock_setsockopt+0xf3/0x1d0
[ 1244.894458][T22076]  __sys_setsockopt+0x1a0/0x230
[ 1244.894522][T22076]  __x64_sys_setsockopt+0xbd/0x160
[ 1244.894574][T22076]  ? do_syscall_64+0x91/0xfa0
[ 1244.894629][T22076]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1244.894676][T22076]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1244.894734][T22076]  do_syscall_64+0xcd/0xfa0
[ 1244.894795][T22076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.894833][T22076] RIP: 0033:0x7ff3c578eec9
[ 1244.894862][T22076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1244.894899][T22076] RSP: 002b:00007ff3c6679038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1244.894934][T22076] RAX: ffffffffffffffda RBX: 00007ff3c59e5fa0 RCX: 00007ff3c578eec9
[ 1244.894960][T22076] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000009
[ 1244.894984][T22076] RBP: 00007ff3c5811f91 R08: 0000000000000004 R09: 0000000000000000
[ 1244.895008][T22076] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000
[ 1244.895032][T22076] R13: 00007ff3c59e6038 R14: 00007ff3c59e5fa0 R15: 00007fffc0478aa8
[ 1244.895085][T22076]  </TASK>
[ 1244.895098][T22076] Mem-Info:
[ 1245.028353][T21467] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1245.165333][T22076] active_anon:4965 inactive_anon:0 isolated_anon:0
[ 1245.165333][T22076]  active_file:16934 inactive_file:42836 isolated_file:0
[ 1245.165333][T22076]  unevictable:768 dirty:99 writeback:0
[ 1245.165333][T22076]  slab_reclaimable:12134 slab_unreclaimable:108877
[ 1245.165333][T22076]  mapped:34857 shmem:1613 pagetables:1666
[ 1245.165333][T22076]  sec_pagetables:0 bounce:0
[ 1245.165333][T22076]  kernel_misc_reclaimable:0
[ 1245.165333][T22076]  free:1255642 free_pcp:29319 free_cma:0
[ 1245.211945][T22076] Node 0 active_anon:19860kB inactive_anon:0kB active_file:67736kB inactive_file:171140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139428kB dirty:396kB writeback:0kB shmem:4916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14012kB pagetables:6508kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1245.245855][T22076] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1245.281245][T22076] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1245.311248][T22076] lowmem_reserve[]: 0 2483 2485 2485 2485
[ 1245.317061][T22076] Node 0 DMA32 free:1110992kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19808kB inactive_anon:0kB active_file:67736kB inactive_file:171100kB unevictable:1536kB writepending:400kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:98660kB local_pcp:28608kB free_cma:0kB
[ 1245.408268][T22104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5177'.
[ 1245.484342][T22076] lowmem_reserve[]: 0 0 1 1 1
[ 1245.489156][T22076] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1245.611849][T22110] loop9: detected capacity change from 0 to 128
[ 1245.618606][T22076] lowmem_reserve[]: 0 0 0 0 0
[ 1245.632270][T22076] Node 1 Normal free:3896160kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19284kB local_pcp:8816kB free_cma:0kB
[ 1245.750600][T22076] lowmem_reserve[]: 0 0 0 0 0
[ 1245.788494][T22110] bio_check_eod: 769 callbacks suppressed
[ 1245.788519][T22110] syz.9.5175: attempt to access beyond end of device
[ 1245.788519][T22110] loop9: rw=2049, sector=145, nr_sectors = 24 limit=128
[ 1245.811149][T22076] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1245.915578][T22076] Node 0 DMA32: 31*4kB (ME) 5*8kB (E) 13*16kB (UE) 1087*32kB (UME) 430*64kB (UME) 1123*128kB (UME) 664*256kB (UME) 232*512kB (UM) 45*1024kB (UME) 10*2048kB (U) 134*4096kB (UM) = 1110612kB
[ 1245.942998][T22110] syz.9.5175: attempt to access beyond end of device
[ 1245.942998][T22110] loop9: rw=2049, sector=177, nr_sectors = 8 limit=128
[ 1245.967309][T22116] syz.9.5175: attempt to access beyond end of device
[ 1245.967309][T22116] loop9: rw=2049, sector=257, nr_sectors = 56 limit=128
[ 1245.981262][T22076] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1245.992968][T22110] syz.9.5175: attempt to access beyond end of device
[ 1245.992968][T22110] loop9: rw=2049, sector=193, nr_sectors = 8 limit=128
[ 1246.030708][T22110] syz.9.5175: attempt to access beyond end of device
[ 1246.030708][T22110] loop9: rw=2049, sector=209, nr_sectors = 8 limit=128
[ 1246.050588][T22076] Node 1 Normal: 130*4kB (UME) 45*8kB (UME) 45*16kB (UME) 177*32kB (UME) 50*64kB (UME) 13*128kB (UE) 2*256kB (M) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3896160kB
[ 1246.069893][T22116] syz.9.5175: attempt to access beyond end of device
[ 1246.069893][T22116] loop9: rw=2049, sector=321, nr_sectors = 8 limit=128
[ 1246.070080][T22116] syz.9.5175: attempt to access beyond end of device
[ 1246.070080][T22116] loop9: rw=2049, sector=337, nr_sectors = 8 limit=128
[ 1246.070293][T22116] syz.9.5175: attempt to access beyond end of device
[ 1246.070293][T22116] loop9: rw=2049, sector=353, nr_sectors = 8 limit=128
[ 1246.070573][T22116] syz.9.5175: attempt to access beyond end of device
[ 1246.070573][T22116] loop9: rw=2049, sector=401, nr_sectors = 8 limit=128
[ 1246.070842][T22116] syz.9.5175: attempt to access beyond end of device
[ 1246.070842][T22116] loop9: rw=2049, sector=417, nr_sectors = 8 limit=128
[ 1246.146007][T22076] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1246.253072][T18523] buffer_io_error: 727 callbacks suppressed
[ 1246.253098][T18523] Buffer I/O error on dev loop9, logical block 257, lost async page write
[ 1246.322926][T22076] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1246.344114][T22076] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1246.383991][T22076] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1246.427149][T22076] 64081 total pagecache pages
[ 1246.441290][T22123] netlink: 'syz.9.5180': attribute type 4 has an invalid length.
[ 1246.477715][T22076] 0 pages in swap cache
[ 1246.496346][T22076] Free swap  = 124996kB
[ 1246.518025][T22076] Total swap = 124996kB
[ 1246.540512][T22076] 2097051 pages RAM
[ 1246.551451][T22076] 0 pages HighMem/MovableOnly
[ 1246.570488][T22076] 429080 pages reserved
[ 1246.601078][T22117] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1246.602671][T22076] 0 pages cma reserved
[ 1246.615498][T22117] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1246.650745][T22117] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1246.667095][T22117] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1246.680820][T22117] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1246.686943][T22117] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1247.098079][T22133] loop4: detected capacity change from 0 to 2048
[ 1247.168822][T22137] loop7: detected capacity change from 0 to 2048
[ 1247.202626][T22133] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1247.263502][T22146] loop0: detected capacity change from 0 to 512
[ 1247.270960][T22146] EXT4-fs: Ignoring removed bh option
[ 1247.282677][T22137] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1247.314780][   T30] audit: type=1800 audit(1760491425.193:1929): pid=22133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5183" name="file1" dev="loop4" ino=15 res=0 errno=0
[ 1247.369098][T22146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1247.552688][T22146] ext4 filesystem being mounted at /236/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1248.190024][T22153] lo speed is unknown, defaulting to 1000
[ 1248.777902][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1248.784126][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1248.790157][ T5829] Bluetooth: hci1: command 0x0405 tx timeout
[ 1248.796213][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1248.796239][T20497] Bluetooth: hci2: command 0x041b tx timeout
[ 1248.808758][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1248.815311][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1248.865714][T22154] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1248.880828][T22154] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 128 with error 28
[ 1248.893247][T22154] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1248.893247][T22154] 
[ 1248.902960][T22154] EXT4-fs (loop7): Total free blocks count 0
[ 1248.909126][T22154] EXT4-fs (loop7): Free/Dirty block details
[ 1248.915083][T22154] EXT4-fs (loop7): free_blocks=2415919504
[ 1248.920854][T22154] EXT4-fs (loop7): dirty_blocks=144
[ 1248.926063][T22154] EXT4-fs (loop7): Block reservation details
[ 1248.933942][T22154] EXT4-fs (loop7): i_reserved_data_blocks=9
[ 1248.962047][T22133] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.5183: bg 0: block 234: padding at end of block bitmap is not set
[ 1249.057537][T22133] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1952 with error 117
[ 1249.119706][T18523] bridge_slave_1: left allmulticast mode
[ 1249.135048][T22133] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1249.135048][T22133] 
[ 1249.153403][T18523] bridge_slave_1: left promiscuous mode
[ 1249.185827][T18523] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1249.245560][T18523] bridge_slave_0: left allmulticast mode
[ 1249.273111][T18523] bridge_slave_0: left promiscuous mode
[ 1249.301134][T18523] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1249.611013][T16790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1249.962615][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1250.271891][T22166] loop2: detected capacity change from 0 to 128
[ 1250.303445][T22170] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5191'.
[ 1250.334595][T22169] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1250.366045][T22169] loop9: detected capacity change from 0 to 8
[ 1250.372932][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1250.372956][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.389284][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1250.400507][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.410776][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1250.421839][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.432078][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1250.439193][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.456911][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1250.466494][T22164] Buffer I/O error on dev loop2, logical block 305, async page read
[ 1250.482972][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.490321][T22177] netlink: 'syz.4.5194': attribute type 4 has an invalid length.
[ 1250.493222][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1250.493481][T22164] Buffer I/O error on dev loop2, logical block 306, async page read
[ 1250.493593][T22164] Buffer I/O error on dev loop2, logical block 307, async page read
[ 1250.509371][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.518062][T22164] Buffer I/O error on dev loop2, logical block 308, async page read
[ 1250.525778][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.553950][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.564290][T22169] ldm_validate_partition_table(): Disk read failed.
[ 1250.575223][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.585823][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1250.605660][T22169] Dev loop9: unable to read RDB block 0
[ 1250.612041][T22169]  loop9: unable to read partition table
[ 1250.618034][T22169] loop9: partition table beyond EOD, truncated
[ 1250.624580][T22169] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1250.624580][T22169] 
) failed (rc=-5)
[ 1250.775258][T18523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1250.789589][T18523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1250.801888][T18523] bond0 (unregistering): Released all slaves
[ 1250.815205][T22186] program syz.2.5196 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1251.354088][T22200] loop6: detected capacity change from 0 to 512
[ 1251.354484][T18504] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[ 1251.361508][T22200] EXT4-fs: Ignoring removed bh option
[ 1251.430227][T22200] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1251.484228][T22200] ext4 filesystem being mounted at /217/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1251.581817][T22183] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1251.588302][T22183] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1251.606715][T22183] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1251.628037][T22183] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1251.636187][T18523] hsr_slave_0: left promiscuous mode
[ 1251.646032][T22183] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1251.654488][T18523] hsr_slave_1: left promiscuous mode
[ 1251.667914][T22183] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1251.670978][T18523] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1251.690473][T18523] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1251.712925][T18523] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1251.732036][T18523] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1251.783834][T18523] veth1_macvtap: left promiscuous mode
[ 1251.798586][T18523] veth0_macvtap: left promiscuous mode
[ 1251.809959][T18523] veth1_vlan: left promiscuous mode
[ 1251.816544][T18523] veth0_vlan: left promiscuous mode
[ 1252.285462][T22221] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1252.321508][T22221] loop9: detected capacity change from 0 to 8
[ 1252.341849][    C1] buffer_io_error: 742 callbacks suppressed
[ 1252.341874][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.357003][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.373814][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.390426][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.409052][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.439651][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.449214][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.449449][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.449553][T22221] ldm_validate_partition_table(): Disk read failed.
[ 1252.449795][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.467877][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1252.469183][T22221] Dev loop9: unable to read RDB block 0
[ 1252.469816][T22221]  loop9: unable to read partition table
[ 1252.470053][T22221] loop9: partition table beyond EOD, truncated
[ 1252.480799][T22221] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1252.480799][T22221] 
) failed (rc=-5)
[ 1252.547057][T22226] program syz.4.5210 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1252.711485][T22233] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5212'.
[ 1252.749045][T17939] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1252.937153][T22242] netlink: 'syz.6.5213': attribute type 4 has an invalid length.
[ 1253.310332][T18523] team0 (unregistering): Port device team_slave_1 removed
[ 1253.660788][T18702] Bluetooth: hci1: command 0x0405 tx timeout
[ 1253.667111][T18702] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1253.673324][T20497] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1253.681533][T18702] Bluetooth: hci2: command 0x041b tx timeout
[ 1253.742139][ T5829] Bluetooth: hci6: command 0x0419 tx timeout
[ 1253.997319][T18523] team0 (unregistering): Port device team_slave_0 removed
[ 1254.862210][T22271] loop7: detected capacity change from 0 to 1024
[ 1254.896170][T22271] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1254.955789][T22273] loop0: detected capacity change from 0 to 512
[ 1255.006263][T18523] IPVS: stop unused estimator thread 0...
[ 1255.011838][T22273] EXT4-fs: Ignoring removed bh option
[ 1255.109606][T22273] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1255.181631][T22273] ext4 filesystem being mounted at /245/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1255.809948][   T30] audit: type=1800 audit(1760491433.683:1930): pid=22291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.5224" name="bus" dev="loop7" ino=18 res=0 errno=0
[ 1256.171533][T16790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1256.285310][T16894] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1256.621454][T22304] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5235'.
[ 1256.825638][T22310] netlink: 'syz.0.5236': attribute type 4 has an invalid length.
[ 1256.884173][T22310] netlink: 'syz.0.5236': attribute type 4 has an invalid length.
[ 1257.228690][T22321] loop0: detected capacity change from 0 to 2048
[ 1257.357356][T22321] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1257.380703][   T30] audit: type=1800 audit(1760491435.253:1931): pid=22321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5242" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 1257.972360][T22334] loop2: detected capacity change from 0 to 1024
[ 1258.044951][T22321] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.5242: bg 0: block 234: padding at end of block bitmap is not set
[ 1258.070928][T22334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1258.121572][T22321] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117
[ 1258.200696][T22321] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 1258.200696][T22321] 
[ 1258.594538][T18512] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 104 with error 28
[ 1258.639653][T18512] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 1258.639653][T18512] 
[ 1258.680063][T18512] EXT4-fs (loop0): Total free blocks count 0
[ 1258.700184][T18512] EXT4-fs (loop0): Free/Dirty block details
[ 1258.730426][T18512] EXT4-fs (loop0): free_blocks=0
[ 1258.751718][T18512] EXT4-fs (loop0): dirty_blocks=112
[ 1258.774783][T18512] EXT4-fs (loop0): Block reservation details
[ 1258.971476][T22346] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5250'.
[ 1259.079222][   T30] audit: type=1800 audit(1760491436.953:1932): pid=22352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5246" name="bus" dev="loop2" ino=18 res=0 errno=0
[ 1259.329253][T22356] program syz.6.5253 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1259.487011][T22358] netlink: 'syz.0.5254': attribute type 4 has an invalid length.
[ 1259.564183][T22358] netlink: 'syz.0.5254': attribute type 4 has an invalid length.
[ 1259.723073][T17474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1259.765850][T22365] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1259.811801][T22365] loop9: detected capacity change from 0 to 8
[ 1259.821347][    C1] blk_print_req_error: 20 callbacks suppressed
[ 1259.821372][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1259.837754][    C1] buffer_io_error: 5 callbacks suppressed
[ 1259.837776][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1259.866097][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1259.876353][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1259.891327][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1259.901576][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1259.911128][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1259.911176][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1259.920573][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1259.920623][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1259.960974][T22370] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5259'.
[ 1259.962765][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1260.017622][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1260.028121][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1260.038375][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1260.046985][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1260.057269][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1260.065255][T22365] ldm_validate_partition_table(): Disk read failed.
[ 1260.087892][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1260.098156][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1260.115608][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1260.125863][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1260.152943][T22365] Dev loop9: unable to read RDB block 0
[ 1260.159385][T22365]  loop9: unable to read partition table
[ 1260.165519][T22365] loop9: partition table beyond EOD, truncated
[ 1260.172084][T22365] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1260.172084][T22365] 
) failed (rc=-5)
[ 1260.462498][T22381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5264'.
[ 1260.508989][T22377] loop9: detected capacity change from 0 to 2048
[ 1260.642626][T22377] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1260.669496][   T30] audit: type=1800 audit(1760491438.543:1933): pid=22377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5263" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1261.122782][T22401] loop2: detected capacity change from 0 to 1024
[ 1261.134892][T22403] netlink: 'syz.4.5271': attribute type 4 has an invalid length.
[ 1261.151735][T22403] netlink: 'syz.4.5271': attribute type 4 has an invalid length.
[ 1261.222420][T22401] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1261.281380][T22377] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.5263: bg 0: block 234: padding at end of block bitmap is not set
[ 1261.365608][T22377] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1832 with error 117
[ 1261.395681][T22377] EXT4-fs (loop9): This should not happen!! Data will be lost
[ 1261.395681][T22377] 
[ 1261.426416][T22409] program syz.4.5274 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1261.678347][T22411] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5275'.
[ 1261.766664][T21467] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1261.788147][T22415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5276'.
[ 1261.810806][T22415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5276'.
[ 1261.926177][   T30] audit: type=1326 audit(1760491439.793:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22412 comm="syz.4.5276" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a0538eec9 code=0x0
[ 1262.126417][   T30] audit: type=1800 audit(1760491440.003:1935): pid=22422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5272" name="bus" dev="loop2" ino=18 res=0 errno=0
[ 1262.389707][T22425] loop9: detected capacity change from 0 to 8
[ 1262.441356][T22425] ldm_validate_partition_table(): Disk read failed.
[ 1262.453079][T22425] Dev loop9: unable to read RDB block 0
[ 1262.483399][T22425]  loop9: unable to read partition table
[ 1262.483665][T22425] loop9: partition table beyond EOD, truncated
[ 1262.483695][T22425] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1262.483695][T22425] 
) failed (rc=-5)
[ 1262.518522][T17474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1262.925827][T22446] program syz.7.5289 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1263.325474][T22464] loop9: detected capacity change from 0 to 1024
[ 1263.362748][T22464] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1263.569201][T22475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5300'.
[ 1263.630199][T22475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5300'.
[ 1263.767476][   T30] audit: type=1326 audit(1760491441.643:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22473 comm="syz.0.5300" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7bc78eec9 code=0x0
[ 1264.548993][   T30] audit: type=1800 audit(1760491442.423:1937): pid=22496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5296" name="bus" dev="loop9" ino=18 res=0 errno=0
[ 1264.625215][T22498] program syz.6.5308 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1265.199707][T21467] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1265.796916][T22523] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1265.809710][T22523] loop9: detected capacity change from 0 to 8
[ 1265.849021][    C0] blk_print_req_error: 20 callbacks suppressed
[ 1265.849048][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1265.865517][    C0] buffer_io_error: 20 callbacks suppressed
[ 1265.865540][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1265.923028][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1265.933368][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1265.942561][T22526] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5317'.
[ 1265.944160][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1265.953896][T22526] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5317'.
[ 1265.961623][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1265.979967][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1265.990314][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1265.998382][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1266.008632][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1266.031537][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1266.041771][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1266.052945][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1266.063184][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1266.071560][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1266.081786][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1266.089850][T22523] ldm_validate_partition_table(): Disk read failed.
[ 1266.100407][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1266.110637][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1266.120425][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1266.130652][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1266.142398][T22523] Dev loop9: unable to read RDB block 0
[ 1266.148573][T22523]  loop9: unable to read partition table
[ 1266.160655][T22523] loop9: partition table beyond EOD, truncated
[ 1266.180452][T22523] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1266.180452][T22523] 
) failed (rc=-5)
[ 1266.192659][   T30] audit: type=1326 audit(1760491443.963:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22520 comm="syz.7.5317" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79ffb8eec9 code=0x0
[ 1266.858049][T22543] program syz.0.5325 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1267.743135][T22562] loop7: detected capacity change from 0 to 256
[ 1268.007087][   T30] audit: type=1804 audit(1760491445.873:1939): pid=22562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.5332" name="/newroot/279/file0/bus" dev="loop7" ino=1048743 res=1 errno=0
[ 1268.507889][T22571] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1268.554685][T22571] loop9: detected capacity change from 0 to 8
[ 1268.638911][T22571] ldm_validate_partition_table(): Disk read failed.
[ 1268.669258][T22571] Dev loop9: unable to read RDB block 0
[ 1268.679365][T22571]  loop9: unable to read partition table
[ 1268.679605][T22571] loop9: partition table beyond EOD, truncated
[ 1268.679635][T22571] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1268.679635][T22571] 
) failed (rc=-5)
[ 1269.517600][T22598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5342'.
[ 1269.530512][T22598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5342'.
[ 1269.586322][   T30] audit: type=1326 audit(1760491447.463:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22592 comm="syz.2.5342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x0
[ 1269.707505][T22596] loop4: detected capacity change from 0 to 2048
[ 1269.794637][T22596] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1269.906830][T22605] loop6: detected capacity change from 0 to 2048
[ 1269.917028][   T30] audit: type=1800 audit(1760491447.793:1941): pid=22596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5344" name="file1" dev="loop4" ino=15 res=0 errno=0
[ 1270.027334][T22605] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1270.383339][T22596] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.5344: bg 0: block 234: padding at end of block bitmap is not set
[ 1270.417205][T22596] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117
[ 1270.441976][T22596] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1270.441976][T22596] 
[ 1271.792778][T22625] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1271.812291][T22625] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[ 1271.828882][T22625] EXT4-fs (loop6): This should not happen!! Data will be lost
[ 1271.828882][T22625] 
[ 1271.839240][T22625] EXT4-fs (loop6): Total free blocks count 0
[ 1271.898179][T22625] EXT4-fs (loop6): Free/Dirty block details
[ 1271.904282][T22625] EXT4-fs (loop6): free_blocks=2415919504
[ 1271.910043][T22625] EXT4-fs (loop6): dirty_blocks=80
[ 1271.915242][T22625] EXT4-fs (loop6): Block reservation details
[ 1271.921511][T22625] EXT4-fs (loop6): i_reserved_data_blocks=5
[ 1272.300828][ T6023] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1582 with error 28
[ 1272.400622][ T6023] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1272.400622][ T6023] 
[ 1272.461157][ T6023] EXT4-fs (loop4): Total free blocks count 0
[ 1272.505412][ T6023] EXT4-fs (loop4): Free/Dirty block details
[ 1272.556738][ T6023] EXT4-fs (loop4): free_blocks=0
[ 1272.584813][ T6023] EXT4-fs (loop4): dirty_blocks=1584
[ 1272.590116][ T6023] EXT4-fs (loop4): Block reservation details
[ 1273.241508][T18518] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[ 1273.404347][T22634] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5353'.
[ 1274.160439][T22652] program syz.0.5361 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1274.249779][T22657] loop9: detected capacity change from 0 to 8
[ 1274.275411][    C0] blk_print_req_error: 20 callbacks suppressed
[ 1274.275439][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.291879][    C0] buffer_io_error: 20 callbacks suppressed
[ 1274.291905][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.320828][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.320882][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.323579][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.323629][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.325531][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.325582][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.326479][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.326529][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.341086][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.341136][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.341682][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.341731][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.341968][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.342016][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.342113][T22657] ldm_validate_partition_table(): Disk read failed.
[ 1274.342632][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.342682][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.354329][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1274.354379][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1274.407849][T22657] Dev loop9: unable to read RDB block 0
[ 1274.408498][T22657]  loop9: unable to read partition table
[ 1274.408748][T22657] loop9: partition table beyond EOD, truncated
[ 1274.408778][T22657] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1274.408778][T22657] 
) failed (rc=-5)
[ 1274.882367][T22669] loop7: detected capacity change from 0 to 2048
[ 1275.000141][T22679] loop2: detected capacity change from 0 to 128
[ 1275.019246][T22669] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1275.053268][T22684] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5371'.
[ 1275.129543][T22679] bio_check_eod: 759 callbacks suppressed
[ 1275.129570][T22679] syz.2.5372: attempt to access beyond end of device
[ 1275.129570][T22679] loop2: rw=2049, sector=145, nr_sectors = 24 limit=128
[ 1275.229950][T22679] syz.2.5372: attempt to access beyond end of device
[ 1275.229950][T22679] loop2: rw=2049, sector=177, nr_sectors = 8 limit=128
[ 1275.276838][T22693] syz.2.5372: attempt to access beyond end of device
[ 1275.276838][T22693] loop2: rw=2049, sector=305, nr_sectors = 80 limit=128
[ 1275.377146][T22679] syz.2.5372: attempt to access beyond end of device
[ 1275.377146][T22679] loop2: rw=2049, sector=193, nr_sectors = 8 limit=128
[ 1275.442119][T22693] syz.2.5372: attempt to access beyond end of device
[ 1275.442119][T22693] loop2: rw=2049, sector=393, nr_sectors = 8 limit=128
[ 1275.457775][T22693] syz.2.5372: attempt to access beyond end of device
[ 1275.457775][T22693] loop2: rw=2049, sector=409, nr_sectors = 8 limit=128
[ 1275.473544][T22693] syz.2.5372: attempt to access beyond end of device
[ 1275.473544][T22693] loop2: rw=2049, sector=425, nr_sectors = 8 limit=128
[ 1275.487214][T22693] syz.2.5372: attempt to access beyond end of device
[ 1275.487214][T22693] loop2: rw=2049, sector=441, nr_sectors = 8 limit=128
[ 1275.500825][T22679] syz.2.5372: attempt to access beyond end of device
[ 1275.500825][T22679] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128
[ 1276.590452][T22698] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1276.605370][T22698] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 54 with error 28
[ 1276.617772][T22698] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1276.617772][T22698] 
[ 1276.627482][T22698] EXT4-fs (loop7): Total free blocks count 0
[ 1276.633502][T22698] EXT4-fs (loop7): Free/Dirty block details
[ 1276.639404][T22698] EXT4-fs (loop7): free_blocks=2415919504
[ 1276.645168][T22698] EXT4-fs (loop7): dirty_blocks=80
[ 1276.650285][T22698] EXT4-fs (loop7): Block reservation details
[ 1276.656327][T22698] EXT4-fs (loop7): i_reserved_data_blocks=5
[ 1276.735909][T22679] syz.2.5372: attempt to access beyond end of device
[ 1276.735909][T22679] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128
[ 1277.242155][T22709] loop0: detected capacity change from 0 to 1024
[ 1277.311031][T22709] EXT4-fs: inline encryption not supported
[ 1277.316974][T22709] EXT4-fs: Ignoring removed nobh option
[ 1277.393360][T22709] EXT4-fs: Ignoring removed bh option
[ 1277.451818][T22709] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1277.719284][T16790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1277.944823][T18512] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[ 1278.560201][T22703] syz.9.5373: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1278.739042][T22703] CPU: 1 UID: 0 PID: 22703 Comm: syz.9.5373 Not tainted syzkaller #0 PREEMPT(full) 
[ 1278.739093][T22703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1278.739116][T22703] Call Trace:
[ 1278.739130][T22703]  <TASK>
[ 1278.739145][T22703]  dump_stack_lvl+0x16c/0x1f0
[ 1278.739213][T22703]  warn_alloc+0x248/0x3a0
[ 1278.739280][T22703]  ? __pfx_warn_alloc+0x10/0x10
[ 1278.739370][T22703]  ? xskq_create+0xfb/0x1d0
[ 1278.739416][T22703]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1278.739462][T22703]  ? __vmalloc_node_noprof+0xad/0xf0
[ 1278.739525][T22703]  __vmalloc_node_range_noprof+0xfe2/0x1480
[ 1278.739597][T22703]  ? xskq_create+0xfb/0x1d0
[ 1278.739657][T22703]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1278.739729][T22703]  ? xskq_create+0xfb/0x1d0
[ 1278.739777][T22703]  vmalloc_user_noprof+0x9e/0xe0
[ 1278.739830][T22703]  ? xskq_create+0xfb/0x1d0
[ 1278.739879][T22703]  xskq_create+0xfb/0x1d0
[ 1278.739931][T22703]  xsk_setsockopt+0x792/0x9a0
[ 1278.739979][T22703]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1278.740023][T22703]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1278.740068][T22703]  ? find_held_lock+0x2b/0x80
[ 1278.740133][T22703]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1278.740179][T22703]  ? aa_sock_opt_perm+0xfd/0x1c0
[ 1278.740244][T22703]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1278.740293][T22703]  do_sock_setsockopt+0xf3/0x1d0
[ 1278.740343][T22703]  __sys_setsockopt+0x1a0/0x230
[ 1278.740409][T22703]  __x64_sys_setsockopt+0xbd/0x160
[ 1278.740463][T22703]  ? do_syscall_64+0x91/0xfa0
[ 1278.740518][T22703]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1278.740561][T22703]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1278.740616][T22703]  do_syscall_64+0xcd/0xfa0
[ 1278.740676][T22703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.740712][T22703] RIP: 0033:0x7f26d4b8eec9
[ 1278.740740][T22703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1278.740776][T22703] RSP: 002b:00007f26d2df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1278.740809][T22703] RAX: ffffffffffffffda RBX: 00007f26d4de6090 RCX: 00007f26d4b8eec9
[ 1278.740833][T22703] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000008
[ 1278.740856][T22703] RBP: 00007f26d4c11f91 R08: 0000000000000004 R09: 0000000000000000
[ 1278.740878][T22703] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000
[ 1278.740900][T22703] R13: 00007f26d4de6128 R14: 00007f26d4de6090 R15: 00007fff99d0c748
[ 1278.740952][T22703]  </TASK>
[ 1279.133255][T22733] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1279.170697][T22703] Mem-Info:
[ 1279.186854][T22703] active_anon:7517 inactive_anon:0 isolated_anon:0
[ 1279.186854][T22703]  active_file:16934 inactive_file:42848 isolated_file:0
[ 1279.186854][T22703]  unevictable:768 dirty:172 writeback:0
[ 1279.186854][T22703]  slab_reclaimable:12530 slab_unreclaimable:106925
[ 1279.186854][T22703]  mapped:34852 shmem:4120 pagetables:1729
[ 1279.186854][T22703]  sec_pagetables:0 bounce:0
[ 1279.186854][T22703]  kernel_misc_reclaimable:0
[ 1279.186854][T22703]  free:1256456 free_pcp:26589 free_cma:0
[ 1279.330907][T22733] loop9: detected capacity change from 0 to 8
[ 1279.337924][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1279.337951][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.354303][    C1] buffer_io_error: 6 callbacks suppressed
[ 1279.354327][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.391398][T22703] Node 0 active_anon:26332kB inactive_anon:0kB active_file:67736kB inactive_file:171124kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139320kB dirty:676kB writeback:0kB shmem:11280kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13700kB pagetables:6464kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1279.436051][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.446370][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.460462][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.460513][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.493017][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.493070][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.550896][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.586713][T22703] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1279.589242][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.671201][T22744] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5391'.
[ 1279.684062][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.694324][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.720423][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.730702][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.731434][T22742] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[ 1279.738763][T22744] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5391'.
[ 1279.759518][T22703] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1279.791857][T22733] ldm_validate_partition_table(): Disk read failed.
[ 1279.810760][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.821002][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.829053][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.839390][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.849575][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1279.859839][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1279.871614][T22733] Dev loop9: unable to read RDB block 0
[ 1279.883978][T22703] lowmem_reserve[]: 0 2483 2485 2485 2485
[ 1279.889799][T22703] Node 0 DMA32 free:1117280kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19532kB inactive_anon:0kB active_file:67736kB inactive_file:171124kB unevictable:1536kB writepending:676kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:97348kB local_pcp:39264kB free_cma:0kB
[ 1279.943376][T22733]  loop9: unable to read partition table
[ 1279.949271][T22733] loop9: partition table beyond EOD, truncated
[ 1279.994575][T22733] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1279.994575][T22733] 
) failed (rc=-5)
[ 1280.018005][T22703] lowmem_reserve[]: 0 0 1 1 1
[ 1280.042053][T22703] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1280.129957][T22703] lowmem_reserve[]: 0 0 0 0 0
[ 1280.154879][T22703] Node 1 Normal free:3896160kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19316kB local_pcp:10468kB free_cma:0kB
[ 1280.340666][T22703] lowmem_reserve[]: 0 0 0 0 0
[ 1280.345475][T22703] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1280.359187][T22756] loop6: detected capacity change from 0 to 1024
[ 1280.379900][T22756] EXT4-fs: inline encryption not supported
[ 1280.391347][T22756] EXT4-fs: Ignoring removed nobh option
[ 1280.408016][T22756] EXT4-fs: Ignoring removed bh option
[ 1280.418530][T22760] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5397'.
[ 1280.427912][T22703] Node 0 DMA32: 85*4kB (UME) 1146*8kB (UME) 1002*16kB (UME) 1094*32kB (UE) 250*64kB (UM) 1078*128kB (UME) 666*256kB (UM) 236*512kB (UME) 45*1024kB (UME) 10*2048kB (U) 134*4096kB (UM) = 1121284kB
[ 1280.448130][T22703] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1280.462312][T22703] Node 1 Normal: 130*4kB (UME) 45*8kB (UME) 45*16kB (UME) 177*32kB (UME) 50*64kB (UME) 13*128kB (UE) 2*256kB (M) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3896160kB
[ 1280.540133][T22756] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1280.575107][T22703] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1280.655991][T22703] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1280.730951][T22703] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1280.755779][T17939] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1280.782223][T22703] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1280.791928][T22703] 61338 total pagecache pages
[ 1280.796783][T22703] 0 pages in swap cache
[ 1280.801057][T22703] Free swap  = 124996kB
[ 1280.805321][T22703] Total swap = 124996kB
[ 1280.809673][T22703] 2097051 pages RAM
[ 1280.813723][T22703] 0 pages HighMem/MovableOnly
[ 1280.818491][T22703] 429080 pages reserved
[ 1280.822941][T22703] 0 pages cma reserved
[ 1281.112247][T22754] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1281.124071][T22754] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1281.143680][T22754] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1281.162711][T22754] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1281.171295][T22754] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1281.177624][T22754] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1281.974376][T22795] loop9: detected capacity change from 0 to 8
[ 1282.014410][T22795] ldm_validate_partition_table(): Disk read failed.
[ 1282.049958][T22795] Dev loop9: unable to read RDB block 0
[ 1282.110946][T22795]  loop9: unable to read partition table
[ 1282.111190][T22795] loop9: partition table beyond EOD, truncated
[ 1282.111219][T22795] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1282.111219][T22795] 
) failed (rc=-5)
[ 1282.112531][T22798] program syz.9.5410 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1282.469469][T22805] loop2: detected capacity change from 0 to 1024
[ 1282.477027][T22805] EXT4-fs: inline encryption not supported
[ 1282.490545][T22805] EXT4-fs: Ignoring removed nobh option
[ 1282.500469][T22805] EXT4-fs: Ignoring removed bh option
[ 1282.569687][T22805] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1282.738748][T22814] loop9: detected capacity change from 0 to 2048
[ 1282.796127][T22814] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1282.836157][T17474] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1282.853526][   T30] audit: type=1800 audit(1760491460.703:1942): pid=22814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5414" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1283.170601][ T5829] Bluetooth: hci1: command 0x0405 tx timeout
[ 1283.171627][T18702] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1283.176657][ T5829] Bluetooth: hci2: command 0x041b tx timeout
[ 1283.206461][T22830] loop7: detected capacity change from 0 to 128
[ 1283.258116][T18702] Bluetooth: hci6: command 0x0419 tx timeout
[ 1283.264395][T20497] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1283.343251][T22833] bio_check_eod: 12 callbacks suppressed
[ 1283.343275][T22833] syz.7.5421: attempt to access beyond end of device
[ 1283.343275][T22833] loop7: rw=2049, sector=153, nr_sectors = 8 limit=128
[ 1283.407666][T22833] syz.7.5421: attempt to access beyond end of device
[ 1283.407666][T22833] loop7: rw=2049, sector=169, nr_sectors = 8 limit=128
[ 1283.553228][T22814] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.5414: bg 0: block 234: padding at end of block bitmap is not set
[ 1283.604552][T22814] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1990 with error 117
[ 1283.625082][T22814] EXT4-fs (loop9): This should not happen!! Data will be lost
[ 1283.625082][T22814] 
[ 1283.767263][T22844] program syz.0.5426 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1284.170010][T21467] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1284.375154][T22856] loop4: detected capacity change from 0 to 512
[ 1284.408251][T22856] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1284.473503][T22856] EXT4-fs (loop4): 1 truncate cleaned up
[ 1284.477517][T22858] netlink: 'syz.6.5434': attribute type 5 has an invalid length.
[ 1284.494115][T22856] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1284.516292][T22858] loop6: detected capacity change from 0 to 512
[ 1284.597177][T22856] EXT4-fs (loop4): shut down requested (2)
[ 1284.649333][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1284.700324][T22858] EXT4-fs error (device loop6): ext4_orphan_get:1418: comm syz.6.5434: bad orphan inode 11862016
[ 1284.748448][T22858] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1284.786035][T22858] ext4 filesystem being mounted at /261/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1286.222998][T22887] loop9: detected capacity change from 0 to 128
[ 1286.375457][T22892] syz.9.5440: attempt to access beyond end of device
[ 1286.375457][T22892] loop9: rw=2049, sector=153, nr_sectors = 8 limit=128
[ 1286.449965][T22894] program syz.0.5443 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1286.475431][T22892] syz.9.5440: attempt to access beyond end of device
[ 1286.475431][T22892] loop9: rw=2049, sector=169, nr_sectors = 8 limit=128
[ 1286.721091][T22898] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1286.746953][T22898] loop9: detected capacity change from 0 to 8
[ 1286.758072][T22899] loop2: detected capacity change from 0 to 2048
[ 1286.765856][    C1] blk_print_req_error: 20 callbacks suppressed
[ 1286.765911][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.782320][    C1] buffer_io_error: 20 callbacks suppressed
[ 1286.782350][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.814506][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.814555][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.820958][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.821008][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.825900][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.825948][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.828296][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.828344][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.832034][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.832087][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.847325][T22899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1286.862226][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.862275][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.863739][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.863788][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.863894][   T30] audit: type=1800 audit(1760491464.733:1943): pid=22899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5444" name="file1" dev="loop2" ino=15 res=0 errno=0
[ 1286.870734][T22898] ldm_validate_partition_table(): Disk read failed.
[ 1286.872286][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.872334][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.901056][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1286.901113][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1286.960700][T22898] Dev loop9: unable to read RDB block 0
[ 1286.999592][T22898]  loop9: unable to read partition table
[ 1286.999838][T22898] loop9: partition table beyond EOD, truncated
[ 1286.999878][T22898] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1286.999878][T22898] 
) failed (rc=-5)
[ 1287.571000][T22763] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set
[ 1287.596382][T19926] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28
[ 1287.803455][T19926] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 1287.803455][T19926] 
[ 1287.825613][T19926] EXT4-fs (loop2): Total free blocks count 0
[ 1287.838217][T19926] EXT4-fs (loop2): Free/Dirty block details
[ 1287.865253][T19926] EXT4-fs (loop2): free_blocks=0
[ 1287.888171][T19926] EXT4-fs (loop2): dirty_blocks=2816
[ 1287.902262][T19926] EXT4-fs (loop2): Block reservation details
[ 1287.921903][T19926] EXT4-fs (loop2): i_reserved_data_blocks=176
[ 1288.117970][T22899] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 760 with error 28
[ 1288.137677][T17939] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 1288.280643][T22923] netlink: 44 bytes leftover after parsing attributes in process `syz.7.5453'.
[ 1288.536775][T22935] program syz.0.5457 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1288.644106][T22940] loop6: detected capacity change from 0 to 128
[ 1288.756803][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.756803][T22945] loop6: rw=2049, sector=153, nr_sectors = 8 limit=128
[ 1288.792176][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.792176][T22945] loop6: rw=2049, sector=169, nr_sectors = 8 limit=128
[ 1288.806098][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.806098][T22945] loop6: rw=2049, sector=185, nr_sectors = 8 limit=128
[ 1288.826721][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.826721][T22945] loop6: rw=2049, sector=201, nr_sectors = 8 limit=128
[ 1288.871839][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.871839][T22945] loop6: rw=2049, sector=217, nr_sectors = 8 limit=128
[ 1288.923792][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.923792][T22945] loop6: rw=2049, sector=233, nr_sectors = 8 limit=128
[ 1288.953441][T22945] syz.6.5459: attempt to access beyond end of device
[ 1288.953441][T22945] loop6: rw=2049, sector=249, nr_sectors = 8 limit=128
[ 1288.979042][T22949] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1288.992858][T22955] netlink: 'syz.4.5464': attribute type 5 has an invalid length.
[ 1289.018666][T22949] loop9: detected capacity change from 0 to 8
[ 1289.038996][T22949] ldm_validate_partition_table(): Disk read failed.
[ 1289.056169][T22949] Dev loop9: unable to read RDB block 0
[ 1289.068897][T22945] syz.6.5459: attempt to access beyond end of device
[ 1289.068897][T22945] loop6: rw=2049, sector=265, nr_sectors = 8 limit=128
[ 1289.112322][T22954] loop4: detected capacity change from 0 to 512
[ 1289.157248][T22949]  loop9: unable to read partition table
[ 1289.157543][T22949] loop9: partition table beyond EOD, truncated
[ 1289.157573][T22949] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[ 1289.157573][T22949] 
) failed (rc=-5)
[ 1290.013128][T22954] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.5464: bad orphan inode 11862016
[ 1290.102724][T22954] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1290.139625][T22954] ext4 filesystem being mounted at /398/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1291.473812][T22976] loop6: detected capacity change from 0 to 1024
[ 1291.511605][T22976] EXT4-fs: inline encryption not supported
[ 1291.517520][T22976] EXT4-fs: Ignoring removed nobh option
[ 1291.543704][T22976] EXT4-fs: Ignoring removed bh option
[ 1291.612712][T22976] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1291.642246][T22984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5469'.
[ 1291.716557][T22984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5469'.
[ 1291.800503][   T30] audit: type=1326 audit(1760491469.673:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.5469" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x0
[ 1291.874600][T17939] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1291.920790][T22988] netlink: 44 bytes leftover after parsing attributes in process `syz.7.5471'.
[ 1292.389800][T16266] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 1292.664135][T23015] loop0: detected capacity change from 0 to 2048
[ 1292.796090][T23015] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1292.839304][   T30] audit: type=1800 audit(1760491470.713:1945): pid=23015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5483" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 1292.861875][T23019] loop7: detected capacity change from 0 to 2048
[ 1292.899056][T23019] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1293.024001][T23032] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5487'.
[ 1293.357182][T23013] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1293.468229][T23013] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1293.483996][T23035] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1293.499210][T23035] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 160 with error 28
[ 1293.511613][T23035] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1293.511613][T23035] 
[ 1293.521394][T23035] EXT4-fs (loop7): Total free blocks count 0
[ 1293.527415][T23035] EXT4-fs (loop7): Free/Dirty block details
[ 1293.534181][T23035] EXT4-fs (loop7): free_blocks=2415919504
[ 1293.539913][T23035] EXT4-fs (loop7): dirty_blocks=176
[ 1293.545190][T23035] EXT4-fs (loop7): Block reservation details
[ 1293.549867][T23013] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1293.551215][T23035] EXT4-fs (loop7): i_reserved_data_blocks=11
[ 1293.574575][T23015] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.5483: bg 0: block 234: padding at end of block bitmap is not set
[ 1293.592348][T23015] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1734 with error 117
[ 1293.593784][T23038] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5488'.
[ 1293.636254][T23013] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1293.646125][T23015] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 1293.646125][T23015] 
[ 1293.670306][T23013] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1293.730732][T23013] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1293.776579][T23044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5489'.
[ 1293.841243][T23044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5489'.
[ 1293.934006][   T30] audit: type=1326 audit(1760491471.803:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23040 comm="syz.4.5489" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a0538eec9 code=0x0
[ 1294.140325][ T6022] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 160 with max blocks 320 with error 28
[ 1294.183485][T16790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1294.457964][T23070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5512'.
[ 1294.489863][T23068] loop7: detected capacity change from 0 to 512
[ 1294.507283][T23070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5512'.
[ 1294.548701][T23068] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[ 1294.578149][   T30] audit: type=1326 audit(1760491472.453:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23061 comm="syz.2.5512" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x0
[ 1294.604265][T23068] EXT4-fs (loop7): 1 truncate cleaned up
[ 1294.635986][T23068] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1294.753442][T23068] EXT4-fs (loop7): shut down requested (2)
[ 1294.769193][T23083] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5503'.
[ 1294.810194][T23085] EXT4-fs error (device loop7): ext4_read_inline_dir:1475: inode #12: block 7: comm syz.7.5497: path /309/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0
[ 1294.875709][T23084] netlink: 44 bytes leftover after parsing attributes in process `syz.9.5504'.
[ 1295.001453][T16894] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1295.304042][T23097] loop4: detected capacity change from 0 to 2048
[ 1295.305020][T23096] loop9: detected capacity change from 0 to 2048
[ 1295.352522][T23097] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1295.376743][T23096] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1295.432110][   T30] audit: type=1800 audit(1760491473.313:1948): pid=23096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5508" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1295.604514][T20497] Bluetooth: hci2: command 0x041b tx timeout
[ 1295.610635][T20497] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1295.651667][T18702] Bluetooth: hci1: command 0x0405 tx timeout
[ 1295.669521][T23107] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[ 1295.741577][T18702] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1295.810504][T18702] Bluetooth: hci6: command 0x0419 tx timeout
[ 1295.893744][T23114] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1295.908687][T23114] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 96 with error 28
[ 1295.921016][T23114] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1295.921016][T23114] 
[ 1295.932562][T23114] EXT4-fs (loop4): Total free blocks count 0
[ 1295.938556][T23114] EXT4-fs (loop4): Free/Dirty block details
[ 1295.944733][T23114] EXT4-fs (loop4): free_blocks=2415919504
[ 1295.950568][T23114] EXT4-fs (loop4): dirty_blocks=112
[ 1295.955778][T23114] EXT4-fs (loop4): Block reservation details
[ 1295.961289][T23093] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1295.961815][T23114] EXT4-fs (loop4): i_reserved_data_blocks=7
[ 1295.997525][T23093] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1296.028808][T23093] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1296.063767][T23093] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1296.100194][T23093] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1296.120711][T23093] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1296.150475][T23096] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.5508: bg 0: block 234: padding at end of block bitmap is not set
[ 1296.204102][T23096] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117
[ 1296.219837][T23096] EXT4-fs (loop9): This should not happen!! Data will be lost
[ 1296.219837][T23096] 
[ 1296.527975][ T6022] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 96 with max blocks 448 with error 28
[ 1296.551038][T23131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5520'.
[ 1296.563507][T18007] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1206 with error 28
[ 1296.593236][T23131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5520'.
[ 1296.610455][T18007] EXT4-fs (loop9): This should not happen!! Data will be lost
[ 1296.610455][T18007] 
[ 1296.649104][T18007] EXT4-fs (loop9): Total free blocks count 0
[ 1296.653854][   T30] audit: type=1326 audit(1760491474.523:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23128 comm="syz.2.5520" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x0
[ 1296.689171][T18007] EXT4-fs (loop9): Free/Dirty block details
[ 1296.695259][T18007] EXT4-fs (loop9): free_blocks=0
[ 1296.705782][T18007] EXT4-fs (loop9): dirty_blocks=1216
[ 1296.740510][T18007] EXT4-fs (loop9): Block reservation details
[ 1296.803398][T23136] loop4: detected capacity change from 0 to 2048
[ 1296.831890][T23136] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1296.832835][T23139] 9pnet_fd: Insufficient options for proto=fd
[ 1297.349518][T23150] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1297.366884][T23150] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 128 with error 28
[ 1297.379306][T23150] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1297.379306][T23150] 
[ 1297.388989][T23150] EXT4-fs (loop4): Total free blocks count 0
[ 1297.395023][T23150] EXT4-fs (loop4): Free/Dirty block details
[ 1297.400974][T23150] EXT4-fs (loop4): free_blocks=2415919504
[ 1297.406707][T23150] EXT4-fs (loop4): dirty_blocks=144
[ 1297.411946][T23150] EXT4-fs (loop4): Block reservation details
[ 1297.417934][T23150] EXT4-fs (loop4): i_reserved_data_blocks=9
[ 1297.421156][T23148] netlink: 44 bytes leftover after parsing attributes in process `syz.6.5524'.
[ 1297.813162][T23161] loop9: detected capacity change from 0 to 512
[ 1297.853279][T23161] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[ 1297.897627][T23161] EXT4-fs (loop9): 1 truncate cleaned up
[ 1297.919667][T23161] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1298.047244][T23161] EXT4-fs (loop9): shut down requested (2)
[ 1298.050815][T18702] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1298.059864][T20497] Bluetooth: hci2: command 0x041b tx timeout
[ 1298.135384][T20497] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1298.141984][ T5829] Bluetooth: hci1: command 0x0405 tx timeout
[ 1298.148572][T18702] Bluetooth: hci6: command 0x0419 tx timeout
[ 1298.262533][T21467] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1298.281671][T18007] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 128 with max blocks 576 with error 28
[ 1298.751608][T23183] loop4: detected capacity change from 0 to 2048
[ 1298.788375][T23188] __nla_validate_parse: 1 callbacks suppressed
[ 1298.788398][T23188] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5538'.
[ 1298.835712][T23188] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5538'.
[ 1298.841514][T23183] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1298.885081][   T30] audit: type=1800 audit(1760491476.763:1950): pid=23183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5534" name="file1" dev="loop4" ino=15 res=0 errno=0
[ 1298.912585][T23194] 9pnet_fd: Insufficient options for proto=fd
[ 1298.980483][   T30] audit: type=1326 audit(1760491476.793:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23187 comm="syz.6.5538" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff3c578eec9 code=0x0
[ 1299.277360][T23204] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5544'.
[ 1299.321370][T23204] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5544'.
[ 1299.587524][T23183] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.5534: bg 0: block 234: padding at end of block bitmap is not set
[ 1299.636960][T23183] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 117
[ 1299.670481][T23183] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1299.670481][T23183] 
[ 1299.805329][T23219] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5545'.
[ 1299.818658][T23211] loop7: detected capacity change from 0 to 2048
[ 1299.898648][T23211] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1300.276750][T17392] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 498 with error 28
[ 1300.337587][T17392] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1300.337587][T17392] 
[ 1300.415835][T17392] EXT4-fs (loop4): Total free blocks count 0
[ 1300.429004][T23229] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1300.451457][T17392] EXT4-fs (loop4): Free/Dirty block details
[ 1300.463753][T17392] EXT4-fs (loop4): free_blocks=0
[ 1300.474820][T17392] EXT4-fs (loop4): dirty_blocks=512
[ 1300.480046][T23229] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 160 with error 28
[ 1300.493777][T23229] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1300.493777][T23229] 
[ 1300.503546][T23229] EXT4-fs (loop7): Total free blocks count 0
[ 1300.509537][T23229] EXT4-fs (loop7): Free/Dirty block details
[ 1300.515553][T23229] EXT4-fs (loop7): free_blocks=2415919504
[ 1300.521856][T23229] EXT4-fs (loop7): dirty_blocks=176
[ 1300.527064][T23229] EXT4-fs (loop7): Block reservation details
[ 1300.533160][T23229] EXT4-fs (loop7): i_reserved_data_blocks=11
[ 1300.578891][T17392] EXT4-fs (loop4): Block reservation details
[ 1300.886346][T23235] 9pnet_fd: Insufficient options for proto=fd
[ 1301.147520][T23243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5556'.
[ 1301.167060][T23209] Can't find ip_set type hash:ma
[ 1301.190506][T23243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5556'.
[ 1301.211388][T17978] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 160 with max blocks 256 with error 28
[ 1301.260458][   T30] audit: type=1326 audit(1760491479.123:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23240 comm="syz.0.5556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7bc78eec9 code=0x0
[ 1301.799606][T23263] netlink: 44 bytes leftover after parsing attributes in process `syz.6.5563'.
[ 1303.142524][T23275] loop7: detected capacity change from 0 to 1024
[ 1303.209692][T23275] EXT4-fs: Ignoring removed orlov option
[ 1303.298246][T23275] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1303.439713][   T30] audit: type=1800 audit(1760491481.313:1953): pid=23275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.5566" name="bus" dev="loop7" ino=18 res=0 errno=0
[ 1303.482711][   T30] audit: type=1804 audit(1760491481.313:1954): pid=23275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.5566" name="/newroot/319/bus/bus" dev="loop7" ino=18 res=1 errno=0
[ 1303.522717][T23286] loop6: detected capacity change from 0 to 2048
[ 1303.534057][T23287] netlink: 'syz.7.5566': attribute type 12 has an invalid length.
[ 1303.570229][   T30] audit: type=1326 audit(1760491481.423:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23273 comm="syz.7.5566" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f79ffb8eec9 code=0x0
[ 1303.665937][T23296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5576'.
[ 1303.696539][T23286] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1304.008097][T16894] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1304.377455][T23308] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1304.393532][T23308] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[ 1304.405876][T23308] EXT4-fs (loop6): This should not happen!! Data will be lost
[ 1304.405876][T23308] 
[ 1304.415575][T23308] EXT4-fs (loop6): Total free blocks count 0
[ 1304.421589][T23308] EXT4-fs (loop6): Free/Dirty block details
[ 1304.429260][T23308] EXT4-fs (loop6): free_blocks=2415919504
[ 1304.435066][T23308] EXT4-fs (loop6): dirty_blocks=80
[ 1304.440191][T23308] EXT4-fs (loop6): Block reservation details
[ 1304.446245][T23308] EXT4-fs (loop6): i_reserved_data_blocks=5
[ 1304.549686][T23312] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5580'.
[ 1305.373217][T23313] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1305.379397][T23313] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1305.673131][T23313] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1305.702048][T23313] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1306.271998][T23313] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1306.278954][T23313] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1306.541551][T19926] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 64 with max blocks 224 with error 28
[ 1306.777754][T23336] loop6: detected capacity change from 0 to 512
[ 1306.836505][T23336] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1306.907043][T23340] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5590'.
[ 1306.916211][T23340] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5590'.
[ 1306.948694][T23336] EXT4-fs (loop6): 1 truncate cleaned up
[ 1306.968183][T23336] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1307.001088][   T30] audit: type=1326 audit(1760491484.863:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23337 comm="syz.9.5590" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26d4b8eec9 code=0x0
[ 1307.105016][T23336] EXT4-fs error (device loop6): ext4_read_inline_dir:1475: inode #12: block 7: comm syz.6.5588: path /285/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0
[ 1307.112683][T23344] loop2: detected capacity change from 0 to 512
[ 1307.130794][   T30] audit: type=1326 audit(1760491484.953:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.186260][   T30] audit: type=1326 audit(1760491484.953:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.237428][T23344] 
[ 1307.239544][   T30] audit: type=1326 audit(1760491484.953:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.239761][T23344] ======================================================
[ 1307.269121][T23344] WARNING: possible circular locking dependency detected
[ 1307.276134][T23344] syzkaller #0 Not tainted
[ 1307.280546][T23344] ------------------------------------------------------
[ 1307.286755][   T30] audit: type=1326 audit(1760491484.953:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.287554][T23344] syz.2.5592/23344 is trying to acquire lock:
[ 1307.315960][T23344] ffff88802fc44b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600
[ 1307.316514][   T30] audit: type=1326 audit(1760491484.953:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.325852][T23344] 
[ 1307.325852][T23344] but task is already holding lock:
[ 1307.325865][T23344] ffff888055f3a708 (&ei->xattr_sem){++++}-{4:4}
[ 1307.348412][   T30] audit: type=1326 audit(1760491484.963:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.355586][T23344] , at: __ext4_mark_inode_dirty+0x4ba/0x870
[ 1307.362104][   T30] audit: type=1326 audit(1760491484.963:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.384198][T23344] 
[ 1307.384198][T23344] which lock already depends on the new lock.
[ 1307.384198][T23344] 
[ 1307.384212][T23344] 
[ 1307.384212][T23344] the existing dependency chain (in reverse order) is:
[ 1307.384226][T23344] 
[ 1307.384226][T23344] -> #1 (&ei->xattr_sem){++++}-{4:4}:
[ 1307.384280][T23344]        down_write+0x92/0x200
[ 1307.390212][   T30] audit: type=1326 audit(1760491484.963:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.412487][T23344]        ext4_destroy_inline_data+0x2d/0xe0
[ 1307.412532][T23344]        ext4_do_writepages+0x1154/0x3cf0
[ 1307.412590][T23344]        ext4_writepages+0x37a/0x7d0
[ 1307.412646][T23344]        do_writepages+0x27a/0x600
[ 1307.412692][T23344]        __writeback_single_inode+0x160/0xfb0
[ 1307.412751][T23344]        writeback_sb_inodes+0x60d/0xfa0
[ 1307.412807][T23344]        wb_writeback+0x419/0xb70
[ 1307.412860][T23344]        wb_workfn+0x14d/0xbe0
[ 1307.412890][T23344]        process_one_work+0x9cf/0x1b70
[ 1307.412959][T23344]        worker_thread+0x6c8/0xf10
[ 1307.413009][T23344]        kthread+0x3c5/0x780
[ 1307.413055][T23344]        ret_from_fork+0x675/0x7d0
[ 1307.413098][T23344]        ret_from_fork_asm+0x1a/0x30
[ 1307.413136][T23344] 
[ 1307.413136][T23344] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}:
[ 1307.544110][T23344]        __lock_acquire+0x126f/0x1c90
[ 1307.549493][T23344]        lock_acquire+0x179/0x350
[ 1307.554525][T23344]        ext4_writepages+0x224/0x7d0
[ 1307.559839][T23344]        do_writepages+0x27a/0x600
[ 1307.564970][T23344]        __writeback_single_inode+0x160/0xfb0
[ 1307.571083][T23344]        writeback_single_inode+0x2bc/0x550
[ 1307.577001][T23344]        write_inode_now+0x170/0x1e0
[ 1307.582284][T23344]        iput.part.0+0x487/0xb00
[ 1307.587242][T23344]        iput+0x35/0x40
[ 1307.591409][T23344]        ext4_xattr_block_set+0x67c/0x3650
[ 1307.597226][T23344]        ext4_expand_extra_isize_ea+0x1442/0x1ab0
[ 1307.603654][T23344]        __ext4_expand_extra_isize+0x346/0x480
[ 1307.609816][T23344]        __ext4_mark_inode_dirty+0x544/0x870
[ 1307.615817][T23344]        ext4_evict_inode+0x74e/0x18e0
[ 1307.621274][T23344]        evict+0x3e6/0x920
[ 1307.625706][T23344]        iput.part.0+0x6a9/0xb00
[ 1307.630656][T23344]        iput+0x35/0x40
[ 1307.634827][T23344]        ext4_orphan_cleanup+0x731/0x11e0
[ 1307.640577][T23344]        ext4_fill_super+0x8db7/0xaf70
[ 1307.646043][T23344]        get_tree_bdev_flags+0x38c/0x620
[ 1307.651679][T23344]        vfs_get_tree+0x8e/0x340
[ 1307.656637][T23344]        path_mount+0x7b9/0x23a0
[ 1307.661603][T23344]        __x64_sys_mount+0x293/0x310
[ 1307.666896][T23344]        do_syscall_64+0xcd/0xfa0
[ 1307.671943][T23344]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1307.678361][T23344] 
[ 1307.678361][T23344] other info that might help us debug this:
[ 1307.678361][T23344] 
[ 1307.688573][T23344]  Possible unsafe locking scenario:
[ 1307.688573][T23344] 
[ 1307.696008][T23344]        CPU0                    CPU1
[ 1307.701361][T23344]        ----                    ----
[ 1307.706715][T23344]   lock(&ei->xattr_sem);
[ 1307.711049][T23344]                                lock(&sbi->s_writepages_rwsem);
[ 1307.718771][T23344]                                lock(&ei->xattr_sem);
[ 1307.725624][T23344]   rlock(&sbi->s_writepages_rwsem);
[ 1307.730912][T23344] 
[ 1307.730912][T23344]  *** DEADLOCK ***
[ 1307.730912][T23344] 
[ 1307.739041][T23344] 3 locks held by syz.2.5592/23344:
[ 1307.744226][T23344]  #0: ffff88806b8420e0 (&type->s_umount_key#27/1){+.+.}-{4:4}, at: alloc_super+0x1e3/0xb60
[ 1307.754384][T23344]  #1: ffff88806b842610 (sb_internal){.+.+}-{0:0}, at: evict+0x3e6/0x920
[ 1307.762871][T23344]  #2: ffff888055f3a708 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x4ba/0x870
[ 1307.773198][T23344] 
[ 1307.773198][T23344] stack backtrace:
[ 1307.779084][T23344] CPU: 1 UID: 0 PID: 23344 Comm: syz.2.5592 Not tainted syzkaller #0 PREEMPT(full) 
[ 1307.779126][T23344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1307.779146][T23344] Call Trace:
[ 1307.779157][T23344]  <TASK>
[ 1307.779170][T23344]  dump_stack_lvl+0x116/0x1f0
[ 1307.779225][T23344]  print_circular_bug+0x275/0x350
[ 1307.779268][T23344]  check_noncircular+0x14c/0x170
[ 1307.779314][T23344]  __lock_acquire+0x126f/0x1c90
[ 1307.779363][T23344]  ? __lock_acquire+0x622/0x1c90
[ 1307.779406][T23344]  lock_acquire+0x179/0x350
[ 1307.779446][T23344]  ? do_writepages+0x27a/0x600
[ 1307.779493][T23344]  ? __pfx___might_resched+0x10/0x10
[ 1307.779557][T23344]  ext4_writepages+0x224/0x7d0
[ 1307.779610][T23344]  ? do_writepages+0x27a/0x600
[ 1307.779653][T23344]  ? __pfx_ext4_writepages+0x10/0x10
[ 1307.779704][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.779745][T23344]  ? __lock_acquire+0xb8a/0x1c90
[ 1307.779793][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.779835][T23344]  ? __pfx_ext4_writepages+0x10/0x10
[ 1307.779890][T23344]  do_writepages+0x27a/0x600
[ 1307.779936][T23344]  ? __pfx_do_writepages+0x10/0x10
[ 1307.779986][T23344]  __writeback_single_inode+0x160/0xfb0
[ 1307.780042][T23344]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1307.780095][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.780134][T23344]  ? do_raw_spin_unlock+0x172/0x230
[ 1307.780184][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.780227][T23344]  writeback_single_inode+0x2bc/0x550
[ 1307.780285][T23344]  write_inode_now+0x170/0x1e0
[ 1307.780315][T23344]  ? __pfx_write_inode_now+0x10/0x10
[ 1307.780376][T23344]  ? find_held_lock+0x2b/0x80
[ 1307.780436][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.780478][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.780522][T23344]  iput.part.0+0x487/0xb00
[ 1307.780572][T23344]  iput+0x35/0x40
[ 1307.780616][T23344]  ext4_xattr_block_set+0x67c/0x3650
[ 1307.780670][T23344]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 1307.780716][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.780757][T23344]  ? xattr_find_entry+0x289/0x330
[ 1307.780798][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.780838][T23344]  ? ext4_xattr_block_find+0x59/0x430
[ 1307.780882][T23344]  ext4_expand_extra_isize_ea+0x1442/0x1ab0
[ 1307.780944][T23344]  ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10
[ 1307.780999][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.781038][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.781078][T23344]  ? dquot_initialize_needed+0x183/0x2a0
[ 1307.781128][T23344]  __ext4_expand_extra_isize+0x346/0x480
[ 1307.781174][T23344]  __ext4_mark_inode_dirty+0x544/0x870
[ 1307.781231][T23344]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[ 1307.781287][T23344]  ? __pfx___might_resched+0x10/0x10
[ 1307.781350][T23344]  ? ext4_journal_check_start+0x22b/0x340
[ 1307.781402][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.781442][T23344]  ? __ext4_journal_start_sb+0x19e/0x690
[ 1307.781490][T23344]  ? ext4_evict_inode+0x5cf/0x18e0
[ 1307.781524][T23344]  ext4_evict_inode+0x74e/0x18e0
[ 1307.781558][T23344]  ? __pfx_ext4_evict_inode+0x10/0x10
[ 1307.781589][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.781633][T23344]  ? __pfx_ext4_evict_inode+0x10/0x10
[ 1307.781663][T23344]  evict+0x3e6/0x920
[ 1307.781710][T23344]  ? __pfx_evict+0x10/0x10
[ 1307.781753][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.781799][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.781844][T23344]  iput.part.0+0x6a9/0xb00
[ 1307.781889][T23344]  ? __pfx_ext4_drop_inode+0x10/0x10
[ 1307.781936][T23344]  iput+0x35/0x40
[ 1307.781980][T23344]  ext4_orphan_cleanup+0x731/0x11e0
[ 1307.782041][T23344]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[ 1307.782099][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.782139][T23344]  ? ext4_register_li_request+0xec/0x9b0
[ 1307.782178][T23344]  ext4_fill_super+0x8db7/0xaf70
[ 1307.782230][T23344]  ? __pfx_ext4_fill_super+0x10/0x10
[ 1307.782264][T23344]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1307.782311][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.782356][T23344]  ? find_held_lock+0x2b/0x80
[ 1307.782412][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.782452][T23344]  ? sb_set_blocksize+0x176/0x1d0
[ 1307.782492][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.782531][T23344]  ? setup_bdev_super+0x369/0x730
[ 1307.782564][T23344]  get_tree_bdev_flags+0x38c/0x620
[ 1307.782600][T23344]  ? __pfx_ext4_fill_super+0x10/0x10
[ 1307.782636][T23344]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 1307.782673][T23344]  ? apparmor_capable+0x114/0x1d0
[ 1307.782709][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.782749][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.782788][T23344]  ? security_capable+0x7e/0x260
[ 1307.782843][T23344]  vfs_get_tree+0x8e/0x340
[ 1307.782895][T23344]  path_mount+0x7b9/0x23a0
[ 1307.782942][T23344]  ? __pfx_path_mount+0x10/0x10
[ 1307.782987][T23344]  ? putname+0x154/0x1a0
[ 1307.783034][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.783074][T23344]  ? putname+0x154/0x1a0
[ 1307.783121][T23344]  ? __x64_sys_mount+0x293/0x310
[ 1307.783162][T23344]  __x64_sys_mount+0x293/0x310
[ 1307.783206][T23344]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1307.783251][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1307.783291][T23344]  ? __secure_computing+0x28e/0x3b0
[ 1307.783339][T23344]  do_syscall_64+0xcd/0xfa0
[ 1307.783397][T23344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1307.783431][T23344] RIP: 0033:0x7f9ce0d9066a
[ 1307.783455][T23344] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1307.783489][T23344] RSP: 002b:00007f9ce1cd4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1307.783520][T23344] RAX: ffffffffffffffda RBX: 00007f9ce1cd4ef0 RCX: 00007f9ce0d9066a
[ 1307.783542][T23344] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9ce1cd4eb0
[ 1307.783565][T23344] RBP: 0000200000000180 R08: 00007f9ce1cd4ef0 R09: 0000000000800718
[ 1307.783586][T23344] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0
[ 1307.783608][T23344] R13: 00007f9ce1cd4eb0 R14: 0000000000000473 R15: 0000200000000680
[ 1307.783642][T23344]  </TASK>
[ 1307.828793][   T30] audit: type=1326 audit(1760491484.963:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23343 comm="syz.2.5592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ce0d8eec9 code=0x7ffc0000
[ 1307.872395][T18702] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1307.979998][T20497] Bluetooth: hci1: command 0x0405 tx timeout
[ 1308.025974][T18702] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1308.026015][T18702] Bluetooth: hci2: command 0x041b tx timeout
[ 1308.092973][T17939] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1308.112992][T23344] ------------[ cut here ]------------
[ 1308.375313][T20497] Bluetooth: hci6: command 0x0419 tx timeout
[ 1308.378294][T23344] EA inode 11 i_nlink=2
[ 1308.379419][T23344] WARNING: CPU: 0 PID: 23344 at fs/ext4/xattr.c:1056 ext4_xattr_inode_update_ref+0x4ec/0x610
[ 1308.460907][T23344] Modules linked in:
[ 1308.464817][T23344] CPU: 0 UID: 0 PID: 23344 Comm: syz.2.5592 Not tainted syzkaller #0 PREEMPT(full) 
[ 1308.474248][T23344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1308.484494][T23344] RIP: 0010:ext4_xattr_inode_update_ref+0x4ec/0x610
[ 1308.491158][T23344] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 23 01 00 00 48 8b 73 40 44 89 e2 48 c7 c7 c0 5d a8 8b e8 35 00 ed fe 90 <0f> 0b 90 90 e9 d9 fe ff ff e8 36 cb 2e ff 44 0f b6 2d 22 8b dd 0d
[ 1308.510849][T23344] RSP: 0018:ffffc9000dc1f178 EFLAGS: 00010282
[ 1308.516936][T23344] RAX: 0000000000000000 RBX: ffff8880535c8298 RCX: ffffc90014769000
[ 1308.525610][T23344] RDX: 0000000000080000 RSI: ffffffff817b5ef5 RDI: 0000000000000001
[ 1308.534447][T23344] RBP: ffffc9000dc1f240 R08: 0000000000000001 R09: 0000000000000000
[ 1308.542505][T23344] R10: 0000000000000001 R11: 3030303030302052 R12: 0000000000000002
[ 1308.550540][T23344] R13: 0000000000000000 R14: 1ffff92001b83e32 R15: ffff8880535c8488
[ 1308.558524][T23344] FS:  00007f9ce1cd56c0(0000) GS:ffff8881249da000(0000) knlGS:0000000000000000
[ 1308.567511][T23344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1308.574162][T23344] CR2: 00007f3a055b12f8 CR3: 0000000045d96000 CR4: 0000000000350ef0
[ 1308.582189][T23344] Call Trace:
[ 1308.585474][T23344]  <TASK>
[ 1308.588418][T23344]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[ 1308.594816][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.600517][T23344]  ? ext4_xattr_inode_iget+0x1ee/0x400
[ 1308.606059][T23344]  ext4_xattr_set_entry+0x158f/0x1f00
[ 1308.611508][T23344]  ? __pfx_ext4_xattr_set_entry+0x10/0x10
[ 1308.617247][T23344]  ? xattr_find_entry+0x289/0x330
[ 1308.622309][T23344]  ext4_xattr_ibody_set+0x3d6/0x5d0
[ 1308.628021][T23344]  ext4_expand_extra_isize_ea+0x148c/0x1ab0
[ 1308.634544][T23344]  ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10
[ 1308.640856][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.646495][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.652154][T23344]  ? dquot_initialize_needed+0x183/0x2a0
[ 1308.657801][T23344]  __ext4_expand_extra_isize+0x346/0x480
[ 1308.663484][T23344]  __ext4_mark_inode_dirty+0x544/0x870
[ 1308.668962][T23344]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[ 1308.674991][T23344]  ? __pfx___might_resched+0x10/0x10
[ 1308.680297][T23344]  ? ext4_journal_check_start+0x22b/0x340
[ 1308.686068][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.691744][T23344]  ? __ext4_journal_start_sb+0x19e/0x690
[ 1308.697406][T23344]  ? ext4_evict_inode+0x5cf/0x18e0
[ 1308.702559][T23344]  ext4_evict_inode+0x74e/0x18e0
[ 1308.707496][T23344]  ? __pfx_ext4_evict_inode+0x10/0x10
[ 1308.712885][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.718539][T23344]  ? __pfx_ext4_evict_inode+0x10/0x10
[ 1308.723935][T23344]  evict+0x3e6/0x920
[ 1308.727872][T23344]  ? __pfx_evict+0x10/0x10
[ 1308.733052][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.739328][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.745025][T23344]  iput.part.0+0x6a9/0xb00
[ 1308.749453][T23344]  ? __pfx_ext4_drop_inode+0x10/0x10
[ 1308.754770][T23344]  iput+0x35/0x40
[ 1308.758413][T23344]  ext4_orphan_cleanup+0x731/0x11e0
[ 1308.763649][T23344]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[ 1308.769301][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.775064][T23344]  ? ext4_register_li_request+0xec/0x9b0
[ 1308.780751][T23344]  ext4_fill_super+0x8db7/0xaf70
[ 1308.785701][T23344]  ? __pfx_ext4_fill_super+0x10/0x10
[ 1308.791016][T23344]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1308.796057][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.801732][T23344]  ? find_held_lock+0x2b/0x80
[ 1308.806429][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.812087][T23344]  ? sb_set_blocksize+0x176/0x1d0
[ 1308.817120][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.822783][T23344]  ? setup_bdev_super+0x369/0x730
[ 1308.827807][T23344]  get_tree_bdev_flags+0x38c/0x620
[ 1308.833488][T23344]  ? __pfx_ext4_fill_super+0x10/0x10
[ 1308.838777][T23344]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 1308.845003][T23344]  ? apparmor_capable+0x114/0x1d0
[ 1308.850050][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.856064][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.861770][T23344]  ? security_capable+0x7e/0x260
[ 1308.866754][T23344]  vfs_get_tree+0x8e/0x340
[ 1308.871246][T23344]  path_mount+0x7b9/0x23a0
[ 1308.875692][T23344]  ? __pfx_path_mount+0x10/0x10
[ 1308.880571][T23344]  ? putname+0x154/0x1a0
[ 1308.884825][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.890485][T23344]  ? putname+0x154/0x1a0
[ 1308.894738][T23344]  ? __x64_sys_mount+0x293/0x310
[ 1308.899678][T23344]  __x64_sys_mount+0x293/0x310
[ 1308.904486][T23344]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1308.909778][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1308.915444][T23344]  ? __secure_computing+0x28e/0x3b0
[ 1308.920693][T23344]  do_syscall_64+0xcd/0xfa0
[ 1308.925221][T23344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1308.931216][T23344] RIP: 0033:0x7f9ce0d9066a
[ 1308.936128][T23344] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1308.956370][T23344] RSP: 002b:00007f9ce1cd4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1308.964844][T23344] RAX: ffffffffffffffda RBX: 00007f9ce1cd4ef0 RCX: 00007f9ce0d9066a
[ 1308.972832][T23344] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9ce1cd4eb0
[ 1308.980824][T23344] RBP: 0000200000000180 R08: 00007f9ce1cd4ef0 R09: 0000000000800718
[ 1308.988795][T23344] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0
[ 1308.996819][T23344] R13: 00007f9ce1cd4eb0 R14: 0000000000000473 R15: 0000200000000680
[ 1309.004852][T23344]  </TASK>
[ 1309.007882][T23344] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1309.015149][T23344] CPU: 0 UID: 0 PID: 23344 Comm: syz.2.5592 Not tainted syzkaller #0 PREEMPT(full) 
[ 1309.024516][T23344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1309.034562][T23344] Call Trace:
[ 1309.037830][T23344]  <TASK>
[ 1309.040757][T23344]  dump_stack_lvl+0x3d/0x1f0
[ 1309.045380][T23344]  vpanic+0x640/0x6f0
[ 1309.049386][T23344]  ? ext4_xattr_inode_update_ref+0x4ec/0x610
[ 1309.055377][T23344]  panic+0xca/0xd0
[ 1309.059109][T23344]  ? __pfx_panic+0x10/0x10
[ 1309.063544][T23344]  check_panic_on_warn+0xab/0xb0
[ 1309.068586][T23344]  __warn+0xf6/0x3c0
[ 1309.072490][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.078133][T23344]  ? ext4_xattr_inode_update_ref+0x4ec/0x610
[ 1309.084125][T23344]  report_bug+0x3c3/0x580
[ 1309.088564][T23344]  ? ext4_xattr_inode_update_ref+0x4ec/0x610
[ 1309.094558][T23344]  handle_bug+0x184/0x210
[ 1309.098891][T23344]  exc_invalid_op+0x17/0x50
[ 1309.103399][T23344]  asm_exc_invalid_op+0x1a/0x20
[ 1309.108252][T23344] RIP: 0010:ext4_xattr_inode_update_ref+0x4ec/0x610
[ 1309.114857][T23344] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 23 01 00 00 48 8b 73 40 44 89 e2 48 c7 c7 c0 5d a8 8b e8 35 00 ed fe 90 <0f> 0b 90 90 e9 d9 fe ff ff e8 36 cb 2e ff 44 0f b6 2d 22 8b dd 0d
[ 1309.134470][T23344] RSP: 0018:ffffc9000dc1f178 EFLAGS: 00010282
[ 1309.140543][T23344] RAX: 0000000000000000 RBX: ffff8880535c8298 RCX: ffffc90014769000
[ 1309.148525][T23344] RDX: 0000000000080000 RSI: ffffffff817b5ef5 RDI: 0000000000000001
[ 1309.156500][T23344] RBP: ffffc9000dc1f240 R08: 0000000000000001 R09: 0000000000000000
[ 1309.164467][T23344] R10: 0000000000000001 R11: 3030303030302052 R12: 0000000000000002
[ 1309.172434][T23344] R13: 0000000000000000 R14: 1ffff92001b83e32 R15: ffff8880535c8488
[ 1309.180411][T23344]  ? __warn_printk+0x1a5/0x350
[ 1309.185189][T23344]  ? ext4_xattr_inode_update_ref+0x4eb/0x610
[ 1309.191186][T23344]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[ 1309.197533][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.203176][T23344]  ? ext4_xattr_inode_iget+0x1ee/0x400
[ 1309.208652][T23344]  ext4_xattr_set_entry+0x158f/0x1f00
[ 1309.214045][T23344]  ? __pfx_ext4_xattr_set_entry+0x10/0x10
[ 1309.219779][T23344]  ? xattr_find_entry+0x289/0x330
[ 1309.224816][T23344]  ext4_xattr_ibody_set+0x3d6/0x5d0
[ 1309.230034][T23344]  ext4_expand_extra_isize_ea+0x148c/0x1ab0
[ 1309.235962][T23344]  ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10
[ 1309.242233][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.247878][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.253519][T23344]  ? dquot_initialize_needed+0x183/0x2a0
[ 1309.259174][T23344]  __ext4_expand_extra_isize+0x346/0x480
[ 1309.264821][T23344]  __ext4_mark_inode_dirty+0x544/0x870
[ 1309.270311][T23344]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[ 1309.276324][T23344]  ? __pfx___might_resched+0x10/0x10
[ 1309.281647][T23344]  ? ext4_journal_check_start+0x22b/0x340
[ 1309.287387][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.293029][T23344]  ? __ext4_journal_start_sb+0x19e/0x690
[ 1309.298681][T23344]  ? ext4_evict_inode+0x5cf/0x18e0
[ 1309.303796][T23344]  ext4_evict_inode+0x74e/0x18e0
[ 1309.308737][T23344]  ? __pfx_ext4_evict_inode+0x10/0x10
[ 1309.314113][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.319765][T23344]  ? __pfx_ext4_evict_inode+0x10/0x10
[ 1309.325142][T23344]  evict+0x3e6/0x920
[ 1309.329058][T23344]  ? __pfx_evict+0x10/0x10
[ 1309.333489][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.339141][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.344789][T23344]  iput.part.0+0x6a9/0xb00
[ 1309.349224][T23344]  ? __pfx_ext4_drop_inode+0x10/0x10
[ 1309.354529][T23344]  iput+0x35/0x40
[ 1309.358182][T23344]  ext4_orphan_cleanup+0x731/0x11e0
[ 1309.363415][T23344]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[ 1309.369076][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.374716][T23344]  ? ext4_register_li_request+0xec/0x9b0
[ 1309.380362][T23344]  ext4_fill_super+0x8db7/0xaf70
[ 1309.385325][T23344]  ? __pfx_ext4_fill_super+0x10/0x10
[ 1309.390621][T23344]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1309.395663][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.401304][T23344]  ? find_held_lock+0x2b/0x80
[ 1309.406015][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.411656][T23344]  ? sb_set_blocksize+0x176/0x1d0
[ 1309.416692][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.422338][T23344]  ? setup_bdev_super+0x369/0x730
[ 1309.427373][T23344]  get_tree_bdev_flags+0x38c/0x620
[ 1309.432490][T23344]  ? __pfx_ext4_fill_super+0x10/0x10
[ 1309.437783][T23344]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 1309.443427][T23344]  ? apparmor_capable+0x114/0x1d0
[ 1309.448458][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.454102][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.459745][T23344]  ? security_capable+0x7e/0x260
[ 1309.464716][T23344]  vfs_get_tree+0x8e/0x340
[ 1309.469157][T23344]  path_mount+0x7b9/0x23a0
[ 1309.473590][T23344]  ? __pfx_path_mount+0x10/0x10
[ 1309.478460][T23344]  ? putname+0x154/0x1a0
[ 1309.482720][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.488367][T23344]  ? putname+0x154/0x1a0
[ 1309.492626][T23344]  ? __x64_sys_mount+0x293/0x310
[ 1309.497576][T23344]  __x64_sys_mount+0x293/0x310
[ 1309.502358][T23344]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1309.507661][T23344]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1309.513302][T23344]  ? __secure_computing+0x28e/0x3b0
[ 1309.518525][T23344]  do_syscall_64+0xcd/0xfa0
[ 1309.523056][T23344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.528953][T23344] RIP: 0033:0x7f9ce0d9066a
[ 1309.533395][T23344] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1309.553009][T23344] RSP: 002b:00007f9ce1cd4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1309.561429][T23344] RAX: ffffffffffffffda RBX: 00007f9ce1cd4ef0 RCX: 00007f9ce0d9066a
[ 1309.569398][T23344] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9ce1cd4eb0
[ 1309.577366][T23344] RBP: 0000200000000180 R08: 00007f9ce1cd4ef0 R09: 0000000000800718
[ 1309.585334][T23344] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0
[ 1309.593307][T23344] R13: 00007f9ce1cd4eb0 R14: 0000000000000473 R15: 0000200000000680
[ 1309.601294][T23344]  </TASK>
[ 1309.604525][T23344] Kernel Offset: disabled
[ 1309.608845][T23344] Rebooting in 86400 seconds..